/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="sSignature"></param>
/// <param name="isNotHasSource"></param>
/// <returns></returns>
public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource)
{
SecuInter.X509Certificate oCertSign = null;
SignedData signedData = new SignedData();
Utilities util = new Utilities();
if (isNotHasSource == true)
{//不含原文情况,将原文设入签名数据中
signedData.Content = sSource;
}
if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
if (isNotHasSource == false)
{ //含原文情况,比对原文和签名信息,进行验证
if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
{
throw new Exception("发生错误,签名原文不一致!");
}
}
// '判断验证结果与签名时数据是否一致
SecuInter.Signers signers = signedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCertSign = oCert; //'验证通过,取签名的证书
break;
}
if (oCertSign == null)
{
throw new Exception("签名信息中无证书!");
}
signedData = null;
util = null;
return(oCertSign);
}
/// <summary>5.3.5 带原文PKCS7签名,验证并获取原文 2011-12-19
/// 含原文签名情况下使用
/// </summary>
/// <param name="sSignature"></param>
/// <returns></returns>
public static String getSourceFromPKCS7SignData(string sSignature)
{
String sSource = "";
SignedData oSignedData = new SignedData();
Utilities oUtilities = new Utilities();
if (!oSignedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
SecuInter.Signers signers = oSignedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCert.Display();
}
sSource = oUtilities.ByteArraytoString(oSignedData.Content);
oSignedData = null;
oUtilities = null;
return(sSource);
}
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19
///
/// </summary>
/// <param name="sSource"></param>
/// <param name="sSignature"></param>
/// <param name="isNotHasSource"></param>
/// <returns></returns>
public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource, ref String signTime)
{
SecuInter.X509Certificate oCertSign = null;
SignedData signedData = new SignedData();
Utilities util = new Utilities();
if (isNotHasSource == true)
{//不含原文情况,将原文设入签名数据中
signedData.Content = sSource;
}
if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY))
{
throw new Exception("签名验证不正确");
}
if (isNotHasSource == false)
{ //含原文情况,比对原文和签名信息,进行验证
if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) //
{
throw new Exception("发生错误,签名原文不一致!");
}
}
int iCertCount = signedData.Signers.Count;
//获取签名时间
if (iCertCount == 1)
{
if (signedData.HasTSATimestamp(0))
{
signTime = (signedData.getTSATimeStamp(0).ToString("yyyy-MM-dd HH:mm:ss"));
}
}
else
{
for (var i = 0; i < iCertCount; i++)
{
signedData.Signers[i].Certificate.Display();
if (signedData.HasTSATimestamp(i))
{
signTime = (signedData.getTSATimeStamp(i).ToString("yyyy-MM-dd HH:mm:ss"));
}
}
}
// '判断验证结果与签名时数据是否一致
SecuInter.Signers signers = signedData.Signers;
IEnumerator enumer = signers.GetEnumerator();
while (enumer.MoveNext()) //第一张证书为客户端签名证书
{
SecuInter.Signer signer = (SecuInter.Signer)enumer.Current;
SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate;
oCertSign = oCert; //'验证通过,取签名的证书
break;
}
if (oCertSign == null)
{
throw new Exception("签名信息中无证书!");
}
signedData = null;
util = null;
return(oCertSign);
}
public Setting HashAndcheckval(object setting, string signature)
{
X509Chain chain = new X509Chain();
chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline;
Setting _setting = setting as Setting;
BOLLogs BOLlogs = new BOLLogs();
Users ValidUser = BOLUsers.GetDataByUsername(_setting.UserName);
string hashData = DoHash(_setting.Pass);
hashData = "<login><Password>" + hashData + "</Password><UserName>" + _setting.UserName + "</UserName><Captcha>" +
_setting.CaptchaText + "</Captcha></login>";
string strlogContent = "<login><UserName>" + _setting.UserName + "</UserName><Password>" + _setting.Pass + "</Password></login>";
SignedData mySD = new SignedData();
try
{
mySD.Verify(signature, false, CAPICOM_SIGNED_DATA_VERIFY_FLAG.CAPICOM_VERIFY_SIGNATURE_ONLY);
if (mySD.Content != hashData)
{
_setting.MsgText = "محتوای امضا تغییر یافته است";
_setting.MsgVisible = true;
//BOLlogs.InsertIntoLogs((int)Enums.LogTypes.enm_ErrorInVerify, ValidUser.Code, strlogContent, _setting.RawUrl, _setting.UrlHost);
return(_setting);
}
int count = mySD.Certificates.Count;
string thump;
Boolean IsValidThump = false;
for (int i = 1; i <= count; i++)
{
Certificate cr = (Certificate)mySD.Certificates[i];
thump = cr.Thumbprint;
if (!IsValidThump)
{
if (_setting.Tumbprint.ToUpper() == thump)
{
IsValidThump = true;
}
}
}
if (IsValidThump)
{
Login(setting);
}
else
{
_setting.MsgText = " با گواهی مربوطه امضا نشده است";
_setting.MsgVisible = true;
//BOLlogs.InsertIntoLogs((int)Enums.LogTypes.enm_SignedWithAnotherCertificate, ValidUser.Code, strlogContent, _setting.RawUrl, _setting.UrlHost);
}
}
catch (Exception e)
{
//_setting.MsgText = "امضا نامعتبر است";
//_setting.MsgVisible = true;
//BOLlogs.InsertIntoLogs((int)Enums.LogTypes.enm_InvalidSign, ValidUser.Code, strlogContent, _setting.RawUrl, _setting.UrlHost);
}
SetCaptcha(_setting);
return(_setting);
}
