public void Read_WithOnlyCertificateHash_ReturnsEssCertIdV2() { var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach")); var bcEssCertId = new BcEssCertIdV2(hash); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value); SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); Assert.Null(essCertIdV2.IssuerSerial); }
public void Read_WithDefaultAlgorithmIdentifier_ReturnsEssCertIdV2() { var directoryName = new X509Name("CN=test"); var generalNames = new GeneralNames( new BcGeneralName(BcGeneralName.DirectoryName, directoryName)); var bcIssuerSerial = new BcIssuerSerial(generalNames, new DerInteger(BigInteger.One)); var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach")); var bcEssCertId = new BcEssCertIdV2(hash, bcIssuerSerial); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(directoryName.ToString(), essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber); }
public void Read_WithValidInput_ReturnsEssCertId() { using (var certificate = _fixture.GetDefaultCertificate()) { var bcCertificate = DotNetUtilities.FromX509Certificate(certificate); var bcGeneralNames = new GeneralNames( new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN)); var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber)); var hash = SigningTestUtility.GetHash(certificate, HashAlgorithmName.SHA384); var bcAlgorithmId = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha384)); var bcEssCertId = new BcEssCertIdV2(bcAlgorithmId, hash, bcIssuerSerial); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha384, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber); } }
static void Main(string[] args) { byte[] entradaArray = File.ReadAllBytes(@"certificado/arquivoTeste.txt"); AsymmetricKeyParameter chavePrivada; X509Certificate certificadoX509 = getCertificadoX509(@"certificado/certificado.p12", "123!@#", out chavePrivada); SHA512Managed hashSHA512 = new SHA512Managed(); SHA256Managed hashSHA256 = new SHA256Managed(); byte[] certificadoX509Hash = hashSHA256.ComputeHash(certificadoX509.GetEncoded()); byte[] EntradaHash = hashSHA512.ComputeHash(entradaArray); CmsSignedDataGenerator geradorCms = new CmsSignedDataGenerator(); // //atributos // Asn1EncodableVector atributosAssinados = new Asn1EncodableVector(); //1.2.840.113549.1.9.3 -> ContentType //1.2.840.113549.1.7.1 -> RSA Security Data Inc atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.ContentType, new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1")))); //1.2.840.113549.1.9.5 -> Signing Time atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new DerUtcTime(DateTime.Now)))); //1.2.840.113549.1.9.4 -> messageDigest atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.MessageDigest, new DerSet(new DerOctetString(EntradaHash)))); //2.16.840.1.101.3.4.2.3 -> SHA-512 //2.16.840.1.101.3.4.2.1 -> SHA-256 //1.2.840.113549.1.9.16.5.1 -> sigPolicyQualifier-spuri DerObjectIdentifier identificadorPolicyID = new DerObjectIdentifier("1.2.840.113549.1.9.16.2.15"); byte[] policyHASH = System.Text.Encoding.ASCII.GetBytes("0F6FA2C6281981716C95C79899039844523B1C61C2C962289CDAC7811FEEE29E"); List <SigPolicyQualifierInfo> sigPolicyQualifierInfos = new List <SigPolicyQualifierInfo>(); Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algoritmoIdentificador = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.3"); SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(new DerObjectIdentifier("1.2.840.113549.1.9.16.5.1"), new DerIA5String("http://politicas.icpbrasil.gov.br/PA_AD_RB_v2_2.der")); sigPolicyQualifierInfos.Add(bcSigPolicyQualifierInfo); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(DerObjectIdentifier.GetInstance(new DerObjectIdentifier("2.16.76.1.7.1.6.2.2")), new OtherHashAlgAndValue(algoritmoIdentificador, new DerOctetString(policyHASH)), sigPolicyQualifierInfos); atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(identificadorPolicyID, new DerSet(signaturePolicyId))); //1.2.840.113549.1.9.16.2.47 -> id-aa-signingCertificateV2 Org.BouncyCastle.Asn1.Ess.EssCertIDv2 essCertIDv2; essCertIDv2 = new Org.BouncyCastle.Asn1.Ess.EssCertIDv2(certificadoX509Hash); atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47"), new DerSet(essCertIDv2))); AttributeTable atributosAssinadosTabela = new AttributeTable(atributosAssinados); //geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha256, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null); geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha512, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null); List <X509Certificate> certificadoX509Lista = new List <X509Certificate>(); certificadoX509Lista.Add(certificadoX509); //storeCerts.AddRange(chain); X509CollectionStoreParameters parametrosArmazem = new X509CollectionStoreParameters(certificadoX509Lista); IX509Store armazemCertificado = X509StoreFactory.Create("CERTIFICATE/COLLECTION", parametrosArmazem); geradorCms.AddCertificates(armazemCertificado); var dadosAssinado = geradorCms.Generate(new CmsProcessableByteArray(entradaArray), true); // encapsulate = false for detached signature Console.WriteLine("Codificado => " + Convert.ToBase64String(dadosAssinado.GetEncoded())); }