/// <summary>
/// metodo que realiza el sello reciviendo el archivo key como matriaz de bytes
/// </summary>
/// <param name="CadenaOriginal"></param>
/// <param name="ArchivoClavePrivada"></param>
/// <param name="lPassword"></param>
/// <returns></returns>
public string Sign(string CadenaOriginal, byte[] ArchivoClavePrivada, string lPassword)
{
byte[] ClavePrivada = ArchivoClavePrivada;
byte[] bytesFirmados = null;
SecureString lSecStr = new SecureString();
SHA256Managed sham = new SHA256Managed();
lSecStr.Clear();
foreach (char c in lPassword)
{
lSecStr.AppendChar(c);
}
RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(ClavePrivada, lSecStr);
try
{
bytesFirmados = lrsa.SignData(Encoding.UTF8.GetBytes(CadenaOriginal), sham);
}
catch (NullReferenceException ex)
{
throw new DigitalSignException(109, "109", "Clave privada incorrecta.", ex);
}
string sellodigital = Convert.ToBase64String(bytesFirmados);
return(sellodigital);
}
public System.Security.Cryptography.Xml.Signature ApplySignature(
byte[] privateKey,
string password,
string xml)
{
try
{
SecureString lSecStr = new SecureString();
lSecStr.Clear();
foreach (char c in password)
{
lSecStr.AppendChar(c);
}
RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(privateKey, lSecStr);
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.PreserveWhitespace = false;
xmlDoc.LoadXml(xml);
return(this.SignXml(xmlDoc, (RSA)lrsa));
}
catch (Exception ex)
{
throw new DigitalSignException(109, "109", "La contraseña del certificado no es válida.", ex);
}
}
public string SellarMD5(string CadenaOriginal, string ArchivoClavePrivada, string lPassword)
{
byte[] ClavePrivada = File.ReadAllBytes(ArchivoClavePrivada);
byte[] bytesFirmados = null;
byte[] bCadenaOriginal = null;
SecureString lSecStr = new SecureString();
lSecStr.Clear();
foreach (char c in lPassword)
{
lSecStr.AppendChar(c);
}
RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(ClavePrivada, lSecStr);
MD5CryptoServiceProvider hasher = new MD5CryptoServiceProvider();
bCadenaOriginal = Encoding.UTF8.GetBytes(CadenaOriginal);
hasher.ComputeHash(bCadenaOriginal);
bytesFirmados = lrsa.SignData(bCadenaOriginal, hasher);
string sellodigital = Convert.ToBase64String(bytesFirmados);
return(sellodigital);
}
public bool validateCerKEYContent(byte[] cer, byte[] key, string password, string rfc)
{
try
{
if (String.IsNullOrEmpty(password))
{
throw new DigitalSignException(5050, "5051", "Es necesario especificar la contraseña del certificado.", null);
}
SecureString secureString = new SecureString();
secureString.Clear();
foreach (char c in password)
{
secureString.AppendChar(c);
}
RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(key, secureString);
if (lrsa == null)
{
throw new DigitalSignException(5052, "5052", "La constraseña de los certificados proporcionada no es correcta.", null);
}
//validate Subject
X509Certificate2 x509Certificate2 = new X509Certificate2(cer);
if (!x509Certificate2.Subject.ToLower().Contains(rfc.ToLower()))
{
throw new DigitalSignException(5053, "5053", "El certificado no corresponde con el RFC proporcionado.", null);
}
//matches cer and key
char[] arrayOfChars = password.ToCharArray();
AsymmetricKeyParameter privateKey = PrivateKeyFactory.DecryptKey(arrayOfChars, key);
Org.BouncyCastle.X509.X509Certificate bouncyCastleCert = new Org.BouncyCastle.X509.X509Certificate(
new X509CertificateParser().ReadCertificate(x509Certificate2.GetRawCertData()).CertificateStructure);
RsaKeyParameters publicKey = (RsaKeyParameters)bouncyCastleCert.GetPublicKey();
byte[] numArray = new byte[256];
new SecureRandom().NextBytes(numArray);
var signer = new Signer();
byte[] signature = signer.Sign(privateKey, numArray);
var isMatched = signer.VerifySignature(publicKey, numArray, signature);
if (!isMatched)
{
throw new DigitalSignException(5054, "5054", "El .CER no corresponde con el .KEY proporcionado.", null);
}
//validación de CSD / FIEL
if (!
(KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.DigitalSignature) &&
KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.NonRepudiation) &&
!KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.DataEncipherment) &&
!KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.KeyAgreement)
))
{
throw new DigitalSignException(5055, "5055", "El certificado proporcionado debe de ser un CSD válido (No debe de ser FIEL).", null);
}
return(true);
}
catch (DigitalSignException)
{
throw;
}
catch (Exception ex)
{
throw new DigitalSignException(109, "109", "El certificado proporcionado no es correcto.", ex);
}
}
