public byte[] UnWrapCMS(byte[] cipher, out byte[] sessionKey, out byte[] IV)
{
//These method calls must remain in this order.
//Content Info
A.Asn1StreamParser strmParser = new A.Asn1StreamParser(cipher);
A.Cms.ContentInfoParser cInfoParser = new A.Cms.ContentInfoParser((A.Asn1SequenceParser)strmParser.ReadObject());
A.Asn1SequenceParser seqParser = (A.Asn1SequenceParser)cInfoParser.GetContent(A.Asn1Tags.Sequence);
//Enveloped Data
A.Cms.EnvelopedDataParser envDataParser = new A.Cms.EnvelopedDataParser(seqParser);
//Recipent Info
//GetOriginatorInfo() This method gets called from GetRecipientInfos
A.DerSetParser rec = (A.DerSetParser)envDataParser.GetRecipientInfos();
A.Asn1Object recInfoData = rec.ReadObject().ToAsn1Object();
A.Cms.RecipientInfo recipInfo = new A.Cms.RecipientInfo(recInfoData);
//Symmetric session key
A.Cms.KeyTransRecipientInfo trans = (A.Cms.KeyTransRecipientInfo)recipInfo.Info;
byte[] cipherSessionKey = trans.EncryptedKey.GetOctets();
X509Certificate2 cert = this.Certificate;
RSACryptoServiceProvider rsaCrypto = (RSACryptoServiceProvider)cert.PrivateKey;
sessionKey = rsaCrypto.Decrypt(cipherSessionKey, false);
//Encrypted Content Info
A.Cms.EncryptedContentInfoParser encrContentInfoParser = envDataParser.GetEncryptedContentInfo();
//Symmetric Initialization Vector
A.X509.AlgorithmIdentifier aes = encrContentInfoParser.ContentEncryptionAlgorithm;
A.DerOctetString initVector = (A.DerOctetString)aes.Parameters;
IV = initVector.GetOctets();
//Card data
List<byte> cipherBytes = new List<byte>();
A.DerOctetStringParser cipherContent = (A.DerOctetStringParser)encrContentInfoParser.GetEncryptedContent(A.Asn1Tags.OctetString);
using (System.IO.Stream cipherStrm = cipherContent.GetOctetStream())
{
int b = cipherStrm.ReadByte();
while (b > -1)
{
cipherBytes.Add((byte)b);
b = cipherStrm.ReadByte();
}
}
return cipherBytes.ToArray();
}
protected CmsContentInfoParser(
Stream data)
{
if (data == null)
throw new ArgumentNullException("data");
this.data = data;
try
{
Asn1StreamParser inStream = new Asn1StreamParser(data);
this.contentInfo = new ContentInfoParser((Asn1SequenceParser)inStream.ReadObject());
}
catch (IOException e)
{
throw new CmsException("IOException reading content.", e);
}
catch (InvalidCastException e)
{
throw new CmsException("Unexpected object reading content.", e);
}
}
private static String FormatX509Name(X500DistinguishedName name)
{
Asn1StreamParser parser = new Asn1StreamParser(name.RawData);
X509Name _name = X509Name.GetInstance(parser.ReadObject().ToAsn1Object());
return _name.ToString(true, X509Name.RFC1779Symbols);
}
private Asn1EncodableVector loadVector(
Stream inStream)
{
Asn1StreamParser aIn = new Asn1StreamParser(inStream);
Asn1EncodableVector v = new Asn1EncodableVector();
IAsn1Convertible obj;
while ((obj = aIn.ReadObject()) != null)
{
v.Add(obj.ToAsn1Object());
}
return v;
}
/**
* Replace the signerinformation store associated with the passed
* in message contained in the stream original with the new one passed in.
* You would probably only want to do this if you wanted to change the unsigned
* attributes associated with a signer, or perhaps delete one.
* <p>
* The output stream is returned unclosed.
* </p>
* @param original the signed data stream to be used as a base.
* @param signerInformationStore the new signer information store to use.
* @param out the stream to Write the new signed data object to.
* @return out.
*/
public static Stream ReplaceSigners(
Stream original,
SignerInformationStore signerInformationStore,
Stream outStr)
{
Asn1StreamParser inStr = new Asn1StreamParser(original, CmsUtilities.MaximumMemory);
ContentInfoParser contentInfo = new ContentInfoParser((Asn1SequenceParser)inStr.ReadObject());
SignedDataParser signedData = SignedDataParser.GetInstance(contentInfo.GetContent(Asn1Tags.Sequence));
BerSequenceGenerator sGen = new BerSequenceGenerator(outStr);
sGen.AddObject(CmsObjectIdentifiers.SignedData);
BerSequenceGenerator sigGen = new BerSequenceGenerator(sGen.GetRawOutputStream(), 0, true);
// version number
sigGen.AddObject(signedData.Version);
// digests
signedData.GetDigestAlgorithms().ToAsn1Object(); // skip old ones
Asn1EncodableVector digestAlgs = new Asn1EncodableVector();
foreach (SignerInformation signer in signerInformationStore.GetSigners())
{
digestAlgs.Add(FixAlgID(signer.DigestAlgorithmID));
}
WriteToGenerator(sigGen, new DerSet(digestAlgs));
// encap content info
ContentInfoParser encapContentInfo = signedData.GetEncapContentInfo();
BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream());
eiGen.AddObject(encapContentInfo.ContentType);
Asn1OctetStringParser octs = (Asn1OctetStringParser)encapContentInfo.GetContent(Asn1Tags.OctetString);
if (octs != null)
{
BerOctetStringGenerator octGen = new BerOctetStringGenerator(
eiGen.GetRawOutputStream(), 0, true);
byte[] inBuffer = new byte[4096];
byte[] outBuffer = new byte[4096];
Stream inOctets = octs.GetOctetStream();
Stream outOctets = octGen.GetOctetOutputStream(outBuffer);
int len;
while ((len = inOctets.Read(inBuffer, 0, inBuffer.Length)) > 0)
{
outOctets.Write(inBuffer, 0, len);
}
outOctets.Close();
}
eiGen.Close();
WriteSetToGeneratorTagged(sigGen, signedData.GetCertificates(), 0);
WriteSetToGeneratorTagged(sigGen, signedData.GetCrls(), 1);
Asn1EncodableVector signerInfos = new Asn1EncodableVector();
foreach (SignerInformation signer in signerInformationStore.GetSigners())
{
signerInfos.Add(signer.ToSignerInfo());
}
WriteToGenerator(sigGen, new DerSet(signerInfos));
sigGen.Close();
sGen.Close();
return outStr;
}
/**
* Replace the certificate and CRL information associated with this
* CMSSignedData object with the new one passed in.
* <p>
* The output stream is returned unclosed.
* </p>
* @param original the signed data stream to be used as a base.
* @param certsAndCrls the new certificates and CRLs to be used.
* @param out the stream to Write the new signed data object to.
* @return out.
* @exception CmsException if there is an error processing the CertStore
*/
public static Stream ReplaceCertificatesAndCrls(
Stream original,
IX509Store x509Certs,
IX509Store x509Crls,
IX509Store x509AttrCerts,
Stream outStr)
{
if (x509AttrCerts != null)
throw new NotImplementedException("Currently can't replace attribute certificates");
Asn1StreamParser inStr = new Asn1StreamParser(original, CmsUtilities.MaximumMemory);
ContentInfoParser contentInfo = new ContentInfoParser((Asn1SequenceParser)inStr.ReadObject());
SignedDataParser signedData = SignedDataParser.GetInstance(contentInfo.GetContent(Asn1Tags.Sequence));
BerSequenceGenerator sGen = new BerSequenceGenerator(outStr);
sGen.AddObject(CmsObjectIdentifiers.SignedData);
BerSequenceGenerator sigGen = new BerSequenceGenerator(sGen.GetRawOutputStream(), 0, true);
// version number
sigGen.AddObject(signedData.Version);
// digests
WriteToGenerator(sigGen, signedData.GetDigestAlgorithms().ToAsn1Object());
// encap content info
ContentInfoParser encapContentInfo = signedData.GetEncapContentInfo();
BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream());
eiGen.AddObject(encapContentInfo.ContentType);
Asn1OctetStringParser octs = (Asn1OctetStringParser)encapContentInfo.GetContent(Asn1Tags.OctetString);
if (octs != null)
{
BerOctetStringGenerator octGen = new BerOctetStringGenerator(eiGen.GetRawOutputStream(), 0, true);
byte[] inBuffer = new byte[4096];
byte[] outBuffer = new byte[4096];
Stream inOctets = octs.GetOctetStream();
Stream outOctets = octGen.GetOctetOutputStream(outBuffer);
int len;
while ((len = inOctets.Read(inBuffer, 0, inBuffer.Length)) > 0)
{
outOctets.Write(inBuffer, 0, len);
}
outOctets.Close();
}
eiGen.Close();
//
// skip existing certs and CRLs
//
GetAsn1Set(signedData.GetCertificates());
GetAsn1Set(signedData.GetCrls());
//
// replace the certs and crls in the SignedData object
//
Asn1Set certs;
try
{
certs = CmsUtilities.CreateDerSetFromList(
CmsUtilities.GetCertificatesFromStore(x509Certs));
}
catch (X509StoreException e)
{
throw new CmsException("error getting certs from certStore", e);
}
if (certs.Count > 0)
{
WriteToGenerator(sigGen, new DerTaggedObject(false, 0, certs));
}
Asn1Set crls;
try
{
crls = CmsUtilities.CreateDerSetFromList(
CmsUtilities.GetCrlsFromStore(x509Crls));
}
catch (X509StoreException e)
{
throw new CmsException("error getting crls from certStore", e);
}
if (crls.Count > 0)
{
WriteToGenerator(sigGen, new DerTaggedObject(false, 1, crls));
}
WriteToGenerator(sigGen, signedData.GetSignerInfos().ToAsn1Object());
sigGen.Close();
sGen.Close();
return outStr;
}
public IAsn1Convertible ReadObject()
{
return(_parser.ReadObject());
}
