/// <summary>5.3.2 使用证书进行PKCS7签名 2011-12-19 /// /// </summary> /// <param name="sSource"></param> /// <param name="isNotHasSource"></param> /// <param name="pwd"></param> /// <param name="oCert"></param> /// <returns></returns> public static String signPKCS7ByCertificate(String sSource, Boolean isNotHasSource, String pwd, SecuInter.X509Certificate oCert) { SecuInter.Signer oSigner = new SecuInter.Signer(); SecuInter.SignedData oSignedData = new SecuInter.SignedData(); SecuInter.Utilities oUtil = new SecuInter.Utilities(); if (sSource == "") { throw new Exception("原文内容为空!"); } oSigner.Certificate = oCert; oSigner.HashAlgorithm = SECUINTER_HASH_ALGORITHM.SECUINTER_SHA1_ALGORITHM; oSigner.UseSigningCertificateAttribute = false; oSigner.UseSigningTime = false; if (!String.IsNullOrEmpty(pwd)) { bool ok = oSigner.SetUserPIN(pwd); if (!ok) { throw new Exception("密码有误!"); } } oSignedData.Content = sSource; oSignedData.Detached = isNotHasSource; object arrRT = oSignedData.Sign(oSigner, SECUINTER_CMS_ENCODE_TYPE.SECUINTER_CMS_ENCODE_BASE64); oSignedData = null; oSigner = null; return(arrRT.ToString()); }
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19 /// /// </summary> /// <param name="sSource"></param> /// <param name="sSignature"></param> /// <param name="isNotHasSource"></param> /// <returns></returns> public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource) { SecuInter.X509Certificate oCertSign = null; SignedData signedData = new SignedData(); Utilities util = new Utilities(); if (isNotHasSource == true) {//不含原文情况,将原文设入签名数据中 signedData.Content = sSource; } if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY)) { throw new Exception("签名验证不正确"); } if (isNotHasSource == false) { //含原文情况,比对原文和签名信息,进行验证 if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) // { throw new Exception("发生错误,签名原文不一致!"); } } // '判断验证结果与签名时数据是否一致 SecuInter.Signers signers = signedData.Signers; IEnumerator enumer = signers.GetEnumerator(); while (enumer.MoveNext()) //第一张证书为客户端签名证书 { SecuInter.Signer signer = (SecuInter.Signer)enumer.Current; SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate; oCertSign = oCert; //'验证通过,取签名的证书 break; } if (oCertSign == null) { throw new Exception("签名信息中无证书!"); } signedData = null; util = null; return(oCertSign); }
/// <summary> /// PKCS#7时间戳签名 /// </summary> /// <param name="bContent">签名内容</param> /// <param name="tsaUrl">时间戳服务器URL</param> /// <param name="IsNotHasSource"></param> /// <returns>签名值</returns> public static String signPKCS7WithTSA(String bContent, String tsaUrl, Boolean IsNotHasSource) { if (bContent == "") { throw new Exception("原文内容为空!"); } if (tsaUrl == "") { throw new Exception("时间戳URL为空!"); } SecuInter.X509Certificate oCert = getX509Certificate(SECUINTER_CURRENT_USER_STORE, SECUINTER_MY_STORE, SECUINTER_CERTTYPE_SIGN, SECUINTER_NETCA_OTHER); if (oCert == null) { throw new Exception("未选择证书!"); } SecuInter.Signer oSigner = new SecuInter.Signer(); SecuInter.SignedData oSignedData = new SecuInter.SignedData(); SecuInter.X509Certificate oX509Certificate = new SecuInter.X509Certificate(); //oX509Certificate = oCert; oSigner.Certificate = oCert; oSigner.HashAlgorithm = SecuInter.SECUINTER_HASH_ALGORITHM.SECUINTER_SHA1_ALGORITHM; oSigner.UseSigningCertificateAttribute = false; oSigner.UseSigningTime = true; oSignedData.Content = bContent; oSignedData.Detached = IsNotHasSource; Object arrRT = oSignedData.SignWithTSATimeStamp(oSigner, tsaUrl, "", oX509Certificate, SECUINTER_CMS_ENCODE_TYPE.SECUINTER_CMS_ENCODE_BASE64); oSignedData = null; oSigner = null; oCert = null; oX509Certificate = null; return(arrRT.ToString()); }
/// <summary>5.3.5 带原文PKCS7签名,验证并获取原文 2011-12-19 /// 含原文签名情况下使用 /// </summary> /// <param name="sSignature"></param> /// <returns></returns> public static String getSourceFromPKCS7SignData(string sSignature) { String sSource = ""; SignedData oSignedData = new SignedData(); Utilities oUtilities = new Utilities(); if (!oSignedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY)) { throw new Exception("签名验证不正确"); } SecuInter.Signers signers = oSignedData.Signers; IEnumerator enumer = signers.GetEnumerator(); while (enumer.MoveNext()) //第一张证书为客户端签名证书 { SecuInter.Signer signer = (SecuInter.Signer)enumer.Current; SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate; oCert.Display(); } sSource = oUtilities.ByteArraytoString(oSignedData.Content); oSignedData = null; oUtilities = null; return(sSource); }
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19 /// /// </summary> /// <param name="sSource"></param> /// <param name="sSignature"></param> /// <param name="isNotHasSource"></param> /// <returns></returns> public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource, ref String signTime) { SecuInter.X509Certificate oCertSign = null; SignedData signedData = new SignedData(); Utilities util = new Utilities(); if (isNotHasSource == true) {//不含原文情况,将原文设入签名数据中 signedData.Content = sSource; } if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY)) { throw new Exception("签名验证不正确"); } if (isNotHasSource == false) { //含原文情况,比对原文和签名信息,进行验证 if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) // { throw new Exception("发生错误,签名原文不一致!"); } } int iCertCount = signedData.Signers.Count; //获取签名时间 if (iCertCount == 1) { if (signedData.HasTSATimestamp(0)) { signTime = (signedData.getTSATimeStamp(0).ToString("yyyy-MM-dd HH:mm:ss")); } } else { for (var i = 0; i < iCertCount; i++) { signedData.Signers[i].Certificate.Display(); if (signedData.HasTSATimestamp(i)) { signTime = (signedData.getTSATimeStamp(i).ToString("yyyy-MM-dd HH:mm:ss")); } } } // '判断验证结果与签名时数据是否一致 SecuInter.Signers signers = signedData.Signers; IEnumerator enumer = signers.GetEnumerator(); while (enumer.MoveNext()) //第一张证书为客户端签名证书 { SecuInter.Signer signer = (SecuInter.Signer)enumer.Current; SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate; oCertSign = oCert; //'验证通过,取签名的证书 break; } if (oCertSign == null) { throw new Exception("签名信息中无证书!"); } signedData = null; util = null; return(oCertSign); }