| public static GetAllowedDigests ( String name ) : String | ||
| name | String | |
| Résultat | String | |
/**
* Get RFC 3161 timeStampToken.
* Method may return null indicating that timestamp should be skipped.
* @param imprint data imprint to be time-stamped
* @return encoded, TSA signed data of the timeStampToken
*/
public virtual byte[] GetTimeStampToken(byte[] imprint)
{
byte[] respBytes = null;
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
if (!string.IsNullOrEmpty(tsaReqPolicy))
{
tsqGenerator.SetReqPolicy(tsaReqPolicy);
}
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks + Environment.TickCount);
TimeStampRequest request = tsqGenerator.Generate(DigestAlgorithms.GetAllowedDigests(digestAlgorithm), imprint, nonce);
byte[] requestBytes = request.GetEncoded();
// Call the communications layer
respBytes = GetTSAResponse(requestBytes);
// Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.Validate(request);
PkiFailureInfo failure = response.GetFailInfo();
int value = (failure == null) ? 0 : failure.IntValue;
if (value != 0)
{
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new IOException(MessageLocalization.GetComposedMessage("invalid.tsa.1.response.code.2", tsaURL, value));
}
// @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp).
// extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.TimeStampToken;
if (tsToken == null)
{
throw new IOException(MessageLocalization.GetComposedMessage("tsa.1.failed.to.return.time.stamp.token.2", tsaURL, response.GetStatusString()));
}
TimeStampTokenInfo tsTokenInfo = tsToken.TimeStampInfo; // to view details
byte[] encoded = tsToken.GetEncoded();
LOGGER.Info("Timestamp generated: " + tsTokenInfo.GenTime);
if (tsaInfo != null)
{
tsaInfo.InspectTimeStampTokenInfo(tsTokenInfo);
}
// Update our token size estimate for the next call (padded to be safe)
this.tokenSizeEstimate = encoded.Length + 32;
return(encoded);
}
// Constructors for creating new signatures
/**
* Assembles all the elements needed to create a signature, except for the data.
* @param privKey the private key
* @param certChain the certificate chain
* @param crlList the certificate revocation list
* @param hashAlgorithm the hash algorithm
* @param provider the provider or <code>null</code> for the default provider
* @param hasRSAdata <CODE>true</CODE> if the sub-filter is adbe.pkcs7.sha1
* @throws InvalidKeyException on error
* @throws NoSuchProviderException on error
* @throws NoSuchAlgorithmException on error
*/
public PdfPKCS7(ICipherParameters privKey, ICollection <X509Certificate> certChain,
String hashAlgorithm, bool hasRSAdata)
{
digestAlgorithmOid = DigestAlgorithms.GetAllowedDigests(hashAlgorithm);
if (digestAlgorithmOid == null)
{
throw new ArgumentException(MessageLocalization.GetComposedMessage("unknown.hash.algorithm.1", hashAlgorithm));
}
version = signerversion = 1;
certs = new List <X509Certificate>(certChain);
crls = new List <X509Crl>();
digestalgos = new Dictionary <string, object>();
digestalgos[digestAlgorithmOid] = null;
//
// Copy in the certificates and crls used to sign the private key.
//
signCert = certs[0];
if (privKey != null)
{
//
// Now we have private key, find out what the digestEncryptionAlgorithm is.
//
if (privKey is RsaKeyParameters)
{
digestEncryptionAlgorithmOid = SecurityIDs.ID_RSA;
}
else if (privKey is DsaKeyParameters)
{
digestEncryptionAlgorithmOid = SecurityIDs.ID_DSA;
}
else
{
throw new ArgumentException(MessageLocalization.GetComposedMessage("unknown.key.algorithm.1", privKey.ToString()));
}
}
if (hasRSAdata)
{
RSAdata = new byte[0];
messageDigest = GetHashClass();
}
if (privKey != null)
{
sig = SignerUtilities.GetSigner(GetDigestAlgorithm());
sig.Init(true, privKey);
}
}
/**
* Creates an ExternalSignature instance
* @param pk a PrivateKey object
* @param hashAlgorithm the hash algorithm (e.g. "SHA-1", "SHA-256",...)
* @param provider the security provider (e.g. "BC")
*/
public PrivateKeySignature(ICipherParameters pk, String hashAlgorithm)
{
this.pk = pk;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm));
if (pk is RsaKeyParameters)
{
encryptionAlgorithm = "RSA";
}
else if (pk is DsaKeyParameters)
{
encryptionAlgorithm = "DSA";
}
else
{
throw new ArgumentException(MessageLocalization.GetComposedMessage("unknown.key.algorithm.1", pk.ToString()));
}
}
private AsymmetricAlgorithmSignature(AsymmetricAlgorithm algorithm, String hashAlgorithm)
{
this.algorithm = algorithm;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm));
if (algorithm is RSACryptoServiceProvider)
{
encryptionAlgorithm = "RSA";
}
else if (algorithm is DSACryptoServiceProvider)
{
encryptionAlgorithm = "DSA";
}
else
{
throw new ArgumentException("Not supported encryption algorithm " + algorithm);
}
}
/// <summary>
/// Creates a signature using a X509Certificate2. It supports smartcards without
/// exportable private keys.
/// </summary>
/// <param name="certificate">The certificate with the private key</param>
/// <param name="hashAlgorithm">The hash algorithm for the signature. As the Windows CAPI is used
/// to do the signature the only hash guaranteed to exist is SHA-1</param>
public X509Certificate2Signature(X509Certificate2 certificate, String hashAlgorithm)
{
if (!certificate.HasPrivateKey)
{
throw new ArgumentException("No private key.");
}
this.certificate = certificate;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm));
if (certificate.PrivateKey is RSACryptoServiceProvider)
{
encryptionAlgorithm = "RSA";
}
else if (certificate.PrivateKey is DSACryptoServiceProvider)
{
encryptionAlgorithm = "DSA";
}
else
{
throw new ArgumentException("Unknown encryption algorithm " + certificate.PrivateKey);
}
}
protected internal SignaturePolicyIdentifier ToSignaturePolicyIdentifier()
{
string algId = DigestAlgorithms.GetAllowedDigests(this.PolicyDigestAlgorithm);
if (string.IsNullOrEmpty(algId))
{
throw new ArgumentException("Invalid policy hash algorithm");
}
SignaturePolicyIdentifier signaturePolicyIdentifier = null;
SigPolicyQualifierInfo spqi = null;
if (!string.IsNullOrEmpty(this.PolicyUri))
{
spqi = new SigPolicyQualifierInfo(PkcsObjectIdentifiers.IdSpqEtsUri, new DerIA5String(this.PolicyUri));
}
signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(
DerObjectIdentifier.GetInstance(new DerObjectIdentifier(this.PolicyIdentifier.Replace("urn:oid:", ""))),
new OtherHashAlgAndValue(new AlgorithmIdentifier(algId), new DerOctetString(this.PolicyHash)), spqi));
return(signaturePolicyIdentifier);
}
