/// <exception cref="System.IO.IOException"></exception>
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData
, SignerInformation si, SignatureParameters parameters, Document originalData)
{
if (this.signatureTsa == null)
{
throw new ConfigurationException(ConfigurationException.MSG.CONFIGURE_TSP_SERVER);
}
LOG.Info("Extend signature with id " + si.SignerID);
BcCms.AttributeTable unsigned = si.UnsignedAttributes;
//IDictionary<DerObjectIdentifier, Attribute> unsignedAttrHash = null;
IDictionary unsignedAttrHash = null;
if (unsigned == null)
{
unsignedAttrHash = new Dictionary<DerObjectIdentifier, Attribute>();
}
else
{
unsignedAttrHash = si.UnsignedAttributes.ToDictionary();
}
//TODO jbonilla - ¿Qué ocurre si ya es CAdES-T? No se debería volver a extender.
Attribute signatureTimeStamp = GetTimeStampAttribute(PkcsObjectIdentifiers.IdAASignatureTimeStampToken
, this.signatureTsa, digestAlgorithm, si.GetSignature());
//unsignedAttrHash.Put(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp);
unsignedAttrHash.Add(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp);
SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable
(unsignedAttrHash));
return newsi;
}
//internal override IDictionary<DerObjectIdentifier, Asn1Encodable> GetSignedAttributes
internal override IDictionary GetSignedAttributes
(SignatureParameters parameters)
{
try
{
//IDictionary<DerObjectIdentifier, Asn1Encodable> signedAttrs = base.GetSignedAttributes(parameters);
IDictionary signedAttrs = base.GetSignedAttributes(parameters);
Attribute policy = null;
SignaturePolicyIdentifier sigPolicy = null;
switch (parameters.SignaturePolicy)
{
case SignaturePolicy.EXPLICIT:
{
sigPolicy = new SignaturePolicyIdentifier(new SignaturePolicyId(new DerObjectIdentifier
(parameters.SignaturePolicyID), new OtherHashAlgAndValue(new AlgorithmIdentifier
(DigestAlgorithm.GetByName(parameters.SignaturePolicyHashAlgo).GetOid()), new
DerOctetString(parameters.SignaturePolicyHashValue))));
policy = new Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy
));
signedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, policy);
break;
}
case SignaturePolicy.IMPLICIT:
{
sigPolicy = new SignaturePolicyIdentifier();
//sigPolicy.IsSignaturePolicyImplied(); TODO jbonilla - validar
policy = new Attribute(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(sigPolicy
));
signedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsSigPolicyID, policy);
break;
}
case SignaturePolicy.NO_POLICY:
{
break;
}
}
return signedAttrs;
}
catch (NoSuchAlgorithmException ex)
{
throw new ProfileException(ex.Message);
}
}
/// <exception cref="System.IO.IOException"></exception>
public virtual Document ExtendSignatures(Document document, Document originalData
, SignatureParameters parameters)
{
try
{
CmsSignedData signedData = new CmsSignedData(document.OpenStream());
SignerInformationStore signerStore = signedData.GetSignerInfos();
AList<SignerInformation> siArray = new AList<SignerInformation>();
foreach (SignerInformation si in signerStore.GetSigners())
{
try
{
//jbonilla - Hack para evitar errores cuando una firma ya ha sido extendida.
//Se asume que sólo se extiende las firmas desde BES.
//TODO jbonilla - Se debería validar hasta qué punto se extendió (BES, T, C, X, XL).
if(si.UnsignedAttributes.Count == 0)
{
siArray.AddItem(ExtendCMSSignature(signedData, si, parameters, originalData));
}
else
{
LOG.Error("Already extended?");
siArray.AddItem(si);
}
}
catch (IOException)
{
LOG.Error("Exception when extending signature");
siArray.AddItem(si);
}
}
SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
CmsSignedData extended = CmsSignedData.ReplaceSigners(signedData, newSignerStore);
return new InMemoryDocument(extended.GetEncoded());
}
catch (CmsException)
{
throw new IOException("Cannot parse CMS data");
}
}
/// <exception cref="System.IO.IOException"></exception>
public virtual Document ExtendSignatures(Document document, Document originalData
, SignatureParameters parameters)
{
InputStream input = document.OpenStream();
if (this.tspSource == null)
{
throw new ConfigurationException(ConfigurationException.MSG.CONFIGURE_TSP_SERVER);
}
try
{
throw new NotImplementedException();
}
finally
{
if (input != null)
{
input.Close();
}
}
}
/// <exception cref="System.IO.IOException"></exception>
public virtual Document ExtendSignature(object signatureId, Document document, Document
originalData, SignatureParameters parameters)
{
if (this.tspSource == null)
{
throw new ConfigurationException(ConfigurationException.MSG.CONFIGURE_TSP_SERVER);
}
XmlDocument envelopedSignatureXmlDocument;
XmlDocument xadesDocument;
XmlElement signature;
XadesSignedXml xadesSignedXml;
xadesDocument = XmlUtils.ToXmlDocument(document);
xadesDocument.PreserveWhitespace = true;
xadesDocument.Load(document.OpenStream());
xadesSignedXml = new XadesSignedXml(xadesDocument.DocumentElement); //Needed if it is a enveloped signature document
signature = xadesSignedXml.GetIdElement(xadesDocument, (string)signatureId);
xadesSignedXml.LoadXml(signature);
ExtendSignatureTag(xadesSignedXml);
envelopedSignatureXmlDocument = XmlUtils.ToXmlDocument(originalData);
return XmlUtils.ToDocument(envelopedSignatureXmlDocument, xadesSignedXml);
}
/// <exception cref="System.IO.IOException"></exception>
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData
, SignerInformation si, SignatureParameters parameters, Document originalData)
{
si = base.ExtendCMSSignature(signedData, si, parameters, originalData);
//IDictionary<DerObjectIdentifier, Asn1Encodable> unsignedAttrs = si.UnsignedAttributes.ToDictionary();
IDictionary unsignedAttrs = si.UnsignedAttributes.ToDictionary();
CAdESSignature signature = new CAdESSignature(signedData, si.SignerID);
DateTime signingTime = signature.GetSigningTime().Value;
if (signingTime == null)
{
signingTime = parameters.SigningDate;
}
if (signingTime == null)
{
signingTime = DateTime.Now;
}
unsignedAttrs = ExtendUnsignedAttributes(unsignedAttrs, signature.GetSigningCertificate
(), signingTime, signature.GetCertificateSource());
SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable
(unsignedAttrs));
return newsi;
}
/// <param name="signedData"></param>
/// <returns></returns>
public virtual CmsSignedData ExtendCMSSignedData(CmsSignedData signedData, Document
originalData, SignatureParameters parameters)
{
SignerInformationStore signerStore = signedData.GetSignerInfos();
AList<SignerInformation> siArray = new AList<SignerInformation>();
//Iterator<SignerInformation> infos = signerStore.GetSigners().Iterator();
IEnumerator infos = signerStore.GetSigners().GetEnumerator();
while (infos.MoveNext())
{
SignerInformation si = (SignerInformation)infos.Current;
try
{
siArray.AddItem(ExtendCMSSignature(signedData, si, parameters, originalData));
}
catch (IOException)
{
LOG.Error("Exception when extending signature");
siArray.AddItem(si);
}
}
SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
return CmsSignedData.ReplaceSigners(signedData, newSignerStore);
}
/// <exception cref="System.IO.IOException"></exception> protected internal abstract SignerInformation ExtendCMSSignature(CmsSignedData signedData , SignerInformation si, SignatureParameters parameters, Document originalData);
/// <exception cref="System.IO.IOException"></exception>
public virtual Document ExtendSignature(object signatureId, Document document, Document
originalData, SignatureParameters parameters)
{
SignerID toExtendId = (SignerID)signatureId;
try
{
CmsSignedData signedData = new CmsSignedData(document.OpenStream());
SignerInformationStore signerStore = signedData.GetSignerInfos();
AList<SignerInformation> siArray = new AList<SignerInformation>();
//Iterator<object> infos = signerStore.GetSigners().Iterator();
IEnumerator infos = signerStore.GetSigners().GetEnumerator();
while (infos.MoveNext())
{
SignerInformation si = (SignerInformation)infos.Current;
if (si.SignerID.Equals(toExtendId))
{
try
{
siArray.AddItem(ExtendCMSSignature(signedData, si, parameters, originalData));
}
catch (IOException)
{
LOG.Error("Exception when extending signature");
siArray.AddItem(si);
}
}
}
SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
CmsSignedData extended = CmsSignedData.ReplaceSigners(signedData, newSignerStore);
return new InMemoryDocument(extended.GetEncoded());
}
catch (CmsException)
{
throw new IOException("Cannot parse CMS data");
}
}
protected abstract Document SignDocumentInternal(Document document, SignatureParameters parameters, DigestSigner signer);
public Document SignDocument(Document document, SignatureParameters parameters, DigestSigner signer)
{
return(SignDocumentInternal(document, parameters, signer));
}
public Document SignDocument(Document document, SignatureParameters parameters, IDssPrivateKeyEntry privateKey)
{
return(SignDocumentInternal(document, parameters,
(bytes) => privateKey.Encrypt(bytes)));
}
/// <exception cref="System.IO.IOException"></exception>
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData
, SignerInformation si, SignatureParameters parameters, Document originalData)
{
si = base.ExtendCMSSignature(signedData, si, parameters, originalData);
DerObjectIdentifier attributeId = null;
ByteArrayOutputStream toTimestamp = new ByteArrayOutputStream();
switch (GetExtendedValidationType())
{
case 1:
{
attributeId = PkcsObjectIdentifiers.IdAAEtsEscTimeStamp;
toTimestamp.Write(si.GetSignature());
// We don't include the outer SEQUENCE, only the attrType and attrValues as stated by the TS §6.3.5,
// NOTE 2)
toTimestamp.Write(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken]
.AttrType.GetDerEncoded());
toTimestamp.Write(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken]
.AttrValues.GetDerEncoded());
break;
}
case 2:
{
attributeId = PkcsObjectIdentifiers.IdAAEtsCertCrlTimestamp;
break;
}
default:
{
throw new InvalidOperationException("CAdES-X Profile: Extended validation is set but no valid type (1 or 2)"
);
}
}
toTimestamp.Write(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertificateRefs]
.AttrType.GetDerEncoded());
toTimestamp.Write(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertificateRefs]
.AttrValues.GetDerEncoded());
toTimestamp.Write(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationRefs]
.AttrType.GetDerEncoded());
toTimestamp.Write(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationRefs]
.AttrValues.GetDerEncoded());
//IDictionary<DerObjectIdentifier, Attribute> unsignedAttrHash = si.UnsignedAttributes.ToDictionary();
IDictionary unsignedAttrHash = si.UnsignedAttributes.ToDictionary();
BcCms.Attribute extendedTimeStamp = GetTimeStampAttribute(attributeId, GetSignatureTsa(
), digestAlgorithm, toTimestamp.ToByteArray());
//unsignedAttrHash.Put(attributeId, extendedTimeStamp);
unsignedAttrHash.Add(attributeId, extendedTimeStamp);
return SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable(unsignedAttrHash
));
}
