public Stream ToBeSigned(Document document, SignatureParameters parameters) { if (document is null) { throw new ArgumentNullException(nameof(document)); } if (parameters is null) { throw new ArgumentNullException(nameof(parameters)); } if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED) { throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging); } byte[] toBeSigned = Streams.ReadAll(document.OpenStream()); CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned); bool includeContent = true; if (parameters.SignaturePackaging == SignaturePackaging.DETACHED) { includeContent = false; } CmsSignedData signed = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), false, null).Generate(content, includeContent); var e = signed.GetSignerInfos().GetSigners().GetEnumerator(); e.MoveNext(); var si = e.Current as SignerInformation; return(new MemoryStream(si.GetEncodedSignedAttributes())); }
private CAdESSignatureExtension GetExtensionProfile(SignatureParameters parameters) { SignatureProfile signFormat = parameters.SignatureProfile; if (signFormat == SignatureProfile.BES || signFormat == SignatureProfile.EPES) { return(null); } else if (signFormat == SignatureProfile.T) { CAdESProfileT extensionT = new CAdESProfileT { SignatureTsa = tspSource }; return(extensionT); } else if (signFormat == SignatureProfile.C) { CAdESProfileC extensionC = new CAdESProfileC { SignatureTsa = tspSource, CertificateVerifier = verifier }; return(extensionC); } else if (signFormat == SignatureProfile.XType1 || signFormat == SignatureProfile.XType2) { CAdESProfileX extensionX = new CAdESProfileX { SignatureTsa = tspSource }; extensionX.SetExtendedValidationType(signFormat == SignatureProfile.XType1 ? 1 : 2); extensionX.CertificateVerifier = verifier; return(extensionX); } else if (signFormat == SignatureProfile.XL || signFormat == SignatureProfile.XLType1 || signFormat == SignatureProfile.XLType2) { CAdESProfileXL extensionXL = new CAdESProfileXL { SignatureTsa = tspSource }; extensionXL.SetExtendedValidationType(signFormat == SignatureProfile.XL ? 1 : signFormat == SignatureProfile.XLType1 ? 1 : 2); extensionXL.CertificateVerifier = verifier; return(extensionXL); } else if (signFormat == SignatureProfile.A) { CAdESProfileA extensionA = new CAdESProfileA { SignatureTsa = tspSource, CertificateVerifier = verifier }; extensionA.SetExtendedValidationType(1); return(extensionA); } throw new ArgumentException("Unsupported signature format " + parameters.SignatureProfile); }
/// <summary> /// Because some information are stored in the profile, a profile is not Thread-safe. /// </summary> /// <remarks> /// Because some information are stored in the profile, a profile is not Thread-safe. The software must create one /// for each request. /// </remarks> /// <returns>A new instance of signatureProfile corresponding to the parameters.</returns> private CAdESProfileBES GetSigningProfile(SignatureParameters parameters) { var signFormat = parameters.SignatureProfile; if (signFormat.Equals(SignatureProfile.BES)) { return(new CAdESProfileBES()); } return(new CAdESProfileEPES()); }
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes = true, CmsSignedData originalSignedData = null, byte[] signature = null) { CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); X509Certificate signerCertificate = parameters.SigningCertificate; CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator(new AttributeTable(cadesProfile.GetSignedAttributes(parameters) as System.Collections.IDictionary)); CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator(includeUnsignedAttributes ? new AttributeTable(cadesProfile.GetUnsignedAttributes(parameters) as System.Collections.IDictionary) : null); var builder = new SignerInfoGeneratorBuilder().WithSignedAttributeGenerator(signedAttrGen).WithUnsignedAttributeGenerator(unsignedAttrGen); generator.AddSignerInfoGenerator(builder.Build(new ReadySignatureFactory(new PreComputedSigner(signature), parameters.DigestWithEncriptionOID), signerCertificate)); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } var certs = new List <X509Certificate> { parameters.SigningCertificate }; if (parameters.CertificateChain != null) { foreach (X509Certificate c in parameters.CertificateChain) { if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { certs.Add(c); } } } IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return(generator); }
public Document GetSignedDocument(Document document, SignatureParameters parameters, byte[] signatureValue) { if (document is null) { throw new ArgumentNullException(nameof(document)); } if (parameters is null) { throw new ArgumentNullException(nameof(parameters)); } if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED) { throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging); } CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), true, null, signatureValue); byte[] toBeSigned = Streams.ReadAll(document.OpenStream()); CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned); bool includeContent = true; if (parameters.SignaturePackaging == SignaturePackaging.DETACHED) { includeContent = false; } CmsSignedData data = generator.Generate(content, includeContent); CAdESSignatureExtension extension = GetExtensionProfile(parameters); Document signedDocument = new CMSSignedDocument(data); if (extension != null) { signedDocument = extension.ExtendSignatures(signedDocument, document, parameters); } return(signedDocument); }
public virtual Document ExtendDocument(Document document, Document originalDocument, SignatureParameters parameters) { if (parameters is null) { throw new ArgumentNullException(nameof(parameters)); } CAdESSignatureExtension extension = GetExtensionProfile(parameters); if (extension != null) { return(extension.ExtendSignatures(document, originalDocument, parameters)); } else { throw new ArgumentException("No extension for " + parameters.SignatureProfile); } }