private void SignManigestFile(PassGeneratorRequest request) { X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } try { Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(request); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); } catch (Exception exp) { throw new ManifestSigningException("Failed to sign manifest", exp); } }
/// <summary> /// Get a signature block that java will load a JAR with /// </summary> /// <param name="sfFileData">The data to sign</param> /// <returns>The signature block (including certificate) for the data passed in</returns> private byte[] SignIt(byte[] sfFileData) { AsymmetricKeyParameter privateKey = null; var cert = LoadCert(_pemData, out privateKey); //create things needed to make the CmsSignedDataGenerator work var certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(new List <X509Certificate>() { cert })); CmsSignedDataGenerator dataGen = new CmsSignedDataGenerator(); dataGen.AddCertificates(certStore); dataGen.AddSigner(privateKey, cert, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha256); //content is detached- i.e. not included in the signature block itself CmsProcessableByteArray detachedContent = new CmsProcessableByteArray(sfFileData); var signedContent = dataGen.Generate(detachedContent, false); //do lots of stuff to get things in the proper ASN.1 structure for java to parse it properly. much trial and error. var signerInfos = signedContent.GetSignerInfos(); var signer = signerInfos.GetSigners().Cast <SignerInformation>().First(); SignerInfo signerInfo = signer.ToSignerInfo(); Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier("2.16.840.1.101.3.4.2.1"), DerNull.Instance)); ContentInfo encapContentInfo = new ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.1"), null); Asn1EncodableVector asnVector = new Asn1EncodableVector(); asnVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); Asn1EncodableVector signersVector = new Asn1EncodableVector(); signersVector.Add(signerInfo.ToAsn1Object()); SignedData signedData = new SignedData(new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(asnVector), null, new DerSet(signersVector)); ContentInfo contentInfo = new ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.2"), signedData); return(contentInfo.GetDerEncoded()); }
protected void SignDetached(Stream signed, Stream unsigned, BC::Crypto.AsymmetricCipherKeyPair bcKeyPair, byte[] keyId) { #if NETFRAMEWORK trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", Convert.ToBase64String(keyId)); #else logger.LogInformation("Signing the message in name of {0}", Convert.ToBase64String(keyId)); #endif SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm; var sigFactory = new Asn1SignatureFactory(signAlgo.Algorithm.FriendlyName, bcKeyPair.Private); SignerInfoGenerator sigInfoGen = new SignerInfoGeneratorBuilder() .Build(sigFactory, keyId); CmsSignedDataGenerator cmsSignedDataGen = new CmsSignedDataGenerator(); cmsSignedDataGen.AddSignerInfoGenerator(sigInfoGen); CmsSignedData detachedSignature = cmsSignedDataGen.Generate(new CmsProcessableProxy(unsigned), false); byte[] detachedSignatureBytes = detachedSignature.GetEncoded(); signed.Write(detachedSignatureBytes, 0, detachedSignatureBytes.Length); }
/// <summary> /// Generates the signed cms data. /// </summary> /// <returns>The signed cms data.</returns> /// <param name="signingData">Signing data.</param> /// <param name="signerCert">Signer certificate/</param> /// <param name="privateKey">Signer private key.</param> private static byte[] GenerateSignedCmsData(DerSet signingData, X509Certificate signerCert, AsymmetricKeyParameter privateKey) { CmsSignedDataGenerator cmsDataGenerator = new CmsSignedDataGenerator(); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(new X509Certificate[] { signerCert })); cmsDataGenerator.AddCertificates(x509Certs); Org.BouncyCastle.Asn1.Cms.AttributeTable attTable = new Org.BouncyCastle.Asn1.Cms.AttributeTable(signingData); cmsDataGenerator.AddSigner( privateKey, signerCert, SignerUtilities.GetObjectIdentifier(Sha256WithRsa).Id, Sha256Oid, new SimpleAttributeTableGenerator(attTable), null); CmsSignedData detachedSignedData = cmsDataGenerator.Generate(null, false); return(detachedSignedData.GetEncoded()); }
public byte[] GetSignedCms(Stream rangedStream) { rangedStream.Position = 0; CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator(); var cert = DotNetUtilities.FromX509Certificate(Certificate); var key = DotNetUtilities.GetKeyPair(Certificate.PrivateKey); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(new[] { cert })); signedDataGenerator.AddSigner(key.Private, cert, CmsSignedDataGenerator.DigestSha1); signedDataGenerator.AddCertificates(x509Certs); CmsProcessableInputStream msg = new CmsProcessableInputStream(rangedStream); CmsSignedData signedData = signedDataGenerator.Generate(msg, false); return(signedData.GetEncoded()); }
// https://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/cms/CMSSignedDataGenerator.html private void SignInternal( System.Security.Cryptography.X509Certificates.X509Certificate2 certificate , byte[] data) { // https://stackoverflow.com/questions/3240222/get-private-key-from-bouncycastle-x509-certificate-c-sharp // Org.BouncyCastle.X509.X509Certificate c = FromX509Certificate(certificate); //var algorithm = LumiSoft.Net.X509.DigestAlgorithms.GetDigest(c.SigAlgOid); //var signature = new LumiSoft.Net.X509.X509Certificate2Signature(this.m_certificate, algorithm); //signature.Sign(data); CmsProcessable msg = new Org.BouncyCastle.Cms.CmsProcessableByteArray(data); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(); Org.BouncyCastle.X509.X509Certificate c = FromX509Certificate(certificate); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair issuerKeys = GetKeyPair(certificate.PrivateKey); string signatureAlgo = certificate.PrivateKey is RSA ? "SHA1withRSA" : certificate.PrivateKey is DSA ? "SHA1withDSA" : null; // var sha1Signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA1withRSA"); // https://stackoverflow.com/questions/3240222/get-private-key-from-bouncycastle-x509-certificate-c-sharp // https://stackoverflow.com/questions/36712679/bouncy-castles-x509v3certificategenerator-setsignaturealgorithm-marked-obsolete Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory (signatureAlgo, issuerKeys.Private, random); // gen.AddCertificates(certs); gen.AddSignerInfoGenerator(new SignerInfoGeneratorBuilder() .Build(signatureFactory, c) ); this.m_signedData = gen.Generate(msg, false); }
public static byte[] SignCHUIDByRandomKeyPair(IEnumerable <byte> value) { var keyPair = new RSAKeyPairGeneratorBC(1024).Generate(); var certificateGenerator = new X509CertificateGeneratorBC(); certificateGenerator.SetIssuerDN("CN=ONVIF TT, C=US"); certificateGenerator.SetSubjectDN("CN=ONVIF TT, C=US"); certificateGenerator.SetNotValidBefore(DateTime.UtcNow.AddYears(-1)); certificateGenerator.SetNotValidAfter(DateTime.UtcNow.AddYears(1)); certificateGenerator.SetSerialNumber(); certificateGenerator.SetSignatureAlgorithm("SHA1WithRSAEncryption"); certificateGenerator.SetPublicKey(keyPair.PublicKey); var generator = new CmsSignedDataGenerator(); generator.AddSigner(PrivateKeyFactory.CreateKey(keyPair.PrivateKey), certificateGenerator.Generate(keyPair.PrivateKey).GetEncoded(), CmsSignedDataGenerator.DigestSha1); return(generator.Generate(new CmsProcessableByteArray(value.ToArray())).GetEncoded()); }
/// <summary> /// Returns a new PKCS#7 instance containing certificates and (optionally CRLs) /// </summary> /// <param name="CertificateList">The certificate list.</param> /// <param name="CrlList">The CRL list.</param> /// <returns> /// PKCS#7 instance /// </returns> /// <exception cref="System.ArgumentException">No input</exception> public static CmsSignedData Create(ArrayList CertificateList, ArrayList CrlList) { if ((CertificateList == null) && (CrlList == null)) { throw new ArgumentException("No input"); } CmsSignedDataGenerator p7Gen = new CmsSignedDataGenerator(); IX509Store certs = X509StoreFactory.Create("CERTIFICATE/COLLECTION", new X509CollectionStoreParameters(CertificateList)); p7Gen.AddCertificates(certs); // If CRL is required if (CrlList != null) { IX509Store crls = X509StoreFactory.Create("CRL/COLLECTION", new X509CollectionStoreParameters(CrlList)); p7Gen.AddCrls(crls); } return(p7Gen.Generate(null)); }
/// <summary> /// 我也不晓得这个叫什么 /// </summary> /// <param name="orgData"></param> /// <returns></returns> public static string SignEnvelop(string orgData) { Pkcs12StoreBuilder pkcs12StoreBuilder = new Pkcs12StoreBuilder(); var pkcs12Store = pkcs12StoreBuilder.Build(); pkcs12Store.Load(File.OpenRead(PfxPath), pfxPwd.ToCharArray()); IEnumerable aliases = pkcs12Store.Aliases; var enumerator = aliases.GetEnumerator(); enumerator.MoveNext(); var alias = enumerator.Current.ToString(); var privKey = pkcs12Store.GetKey(alias); var x509Cert = pkcs12Store.GetCertificate(alias).Certificate; var sha1Signer = SignerUtilities.GetSigner("SHA1withRSA"); sha1Signer.Init(true, privKey.Key); var bs = Encoding.UTF8.GetBytes(orgData); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); gen.AddSignerInfoGenerator( new SignerInfoGeneratorBuilder().Build(new Asn1SignatureFactory("SHA1withRSA", privKey.Key), x509Cert)); IList certList = new ArrayList(); certList.Add(x509Cert); gen.AddCertificates(X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList))); var msg = new CmsProcessableByteArray(bs); var sigData = gen.Generate(msg, true); var signData = sigData.GetEncoded(); var certificate = DotNetUtilities.FromX509Certificate(new SystemX509.X509Certificate(CertPath)); var rst = Convert.ToBase64String(EncryptEnvelop(certificate, signData)); return(rst); }
private byte[] SignWithCertificate(byte[] bytesToSign) { var generator = new CmsSignedDataGenerator(); var privKey = _gatewayKeyProvider.SigningPrivateKey; var certificate = _gatewayKeyProvider.SigningCertificate; var certificates = new List <Org.BouncyCastle.X509.X509Certificate>(); certificates.Add(certificate); var storeParameters = new X509CollectionStoreParameters(certificates); IX509Store store = X509StoreFactory.Create("Certificate/Collection", storeParameters); generator.AddSigner(privKey, certificate, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256); generator.AddCertificates(store); var message = new CmsProcessableByteArray(bytesToSign); CmsSignedData signedData = generator.Generate(message, false); return(signedData.GetEncoded()); }
public byte[] Sign(Stream data) { CmsProcessable msg = new CmsProcessableInputStream(data); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); SignerInfoGenerator signerInfoGenerator = new SignerInfoGeneratorBuilder() .WithSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator()) .Build(signatureFactory, x509Certificate); gen.AddSignerInfoGenerator(signerInfoGenerator); X509CollectionStoreParameters collectionStoreParameters = new X509CollectionStoreParameters(new List <X509Certificate> { x509Certificate }); IX509Store collectionStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", collectionStoreParameters); gen.AddCertificates(collectionStore); CmsSignedData sigData = gen.Generate(msg, false); return(sigData.GetEncoded()); }
public static byte[] SignBC(string text, X509Certificate2 cert) { Org.BouncyCastle.X509.X509Certificate cert2 = DotNetUtilities.FromX509Certificate(cert); Org.BouncyCastle.Crypto.AsymmetricKeyParameter K = DotNetUtilities.GetKeyPair(cert.PrivateKey).Private; CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(K, cert2, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha256); List <Org.BouncyCastle.X509.X509Certificate> certList = new List <Org.BouncyCastle.X509.X509Certificate>(); certList.Add(cert2); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); generator.AddCertificates(st1); byte[] data = Encoding.UTF8.GetBytes(text); CmsSignedData signedData = generator.Generate(new CmsProcessableByteArray(data), true); return(signedData.GetEncoded()); }
public Document GetSignedDocument(Document document, SignatureParameters parameters, byte[] signatureValue) { if (document is null) { throw new ArgumentNullException(nameof(document)); } if (parameters is null) { throw new ArgumentNullException(nameof(parameters)); } if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED) { throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging); } CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), true, null, signatureValue); byte[] toBeSigned = Streams.ReadAll(document.OpenStream()); CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned); bool includeContent = true; if (parameters.SignaturePackaging == SignaturePackaging.DETACHED) { includeContent = false; } CmsSignedData data = generator.Generate(content, includeContent); CAdESSignatureExtension extension = GetExtensionProfile(parameters); Document signedDocument = new CMSSignedDocument(data); if (extension != null) { signedDocument = extension.ExtendSignatures(signedDocument, document, parameters); } return(signedDocument); }
private static string Cms(string data) { var requestBytes = Encoding.UTF8.GetBytes(data); var typedData = new CmsProcessableByteArray(requestBytes); var gen = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); var attrs = GetSigningParameters(); var parameters = new DefaultSignedAttributeTableGenerator(attrs); signerInfoGeneratorBuilder.WithSignedAttributeGenerator(parameters); var factory = new Asn1SignatureFactory(SingingAlgorithm, GetKey()); var bcCertificate = GetBankCertificate(); gen.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(factory, bcCertificate)); gen.AddCertificates(MakeCertStore(bcCertificate)); var signed = gen.Generate(typedData, false); var signedBytes = signed.GetEncoded(); return(Convert.ToBase64String(signedBytes)); }
private CmsSignedData GenerateTimestamp( TimeStampRequest request, BigInteger serialNumber, DateTime generalizedTime) { var messageImprint = new MessageImprint( new AlgorithmIdentifier( new DerObjectIdentifier(request.MessageImprintAlgOid)), request.GetMessageImprintDigest()); DerInteger nonce = request.Nonce == null ? null : new DerInteger(request.Nonce); var tstInfo = new TstInfo( new DerObjectIdentifier(_options.Policy.Value), messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(generalizedTime), _options.Accuracy, DerBoolean.False, nonce, tsa: null, extensions: null); var content = new CmsProcessableByteArray(tstInfo.GetEncoded()); var signedAttributes = new Asn1EncodableVector(); var certificateBytes = new Lazy <byte[]>(() => Certificate.GetEncoded()); if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V1)) { byte[] hash = _options.SigningCertificateV1Hash ?? DigestUtilities.CalculateDigest("SHA-1", certificateBytes.Value); var signingCertificate = new SigningCertificate(new EssCertID(hash)); var attributeValue = new DerSet(signingCertificate); var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificate, attributeValue); signedAttributes.Add(attribute); } if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V2)) { byte[] hash = DigestUtilities.CalculateDigest("SHA-256", certificateBytes.Value); var signingCertificateV2 = new SigningCertificateV2(new EssCertIDv2(hash)); var attributeValue = new DerSet(signingCertificateV2); var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, attributeValue); signedAttributes.Add(attribute); } var generator = new CmsSignedDataGenerator(); if (_options.ReturnSigningCertificate) { var certificates = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(new[] { Certificate })); generator.AddCertificates(certificates); } generator.AddSigner( _keyPair.Private, Certificate, _options.SignatureHashAlgorithm.Value, new BcAttributeTable(signedAttributes), new BcAttributeTable(DerSet.Empty)); CmsSignedData signedCms = generator.Generate( PkcsObjectIdentifiers.IdCTTstInfo.Id, content, encapsulate: true); return(signedCms); }
public TimeStampToken Generate( TimeStampRequest request, BigInteger serialNumber, DateTime genTime, X509Extensions additionalExtensions) { DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid); AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DerNull.Instance); MessageImprint messageImprint = new MessageImprint(algID, request.GetMessageImprintDigest()); Accuracy accuracy = null; if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) { DerInteger seconds = null; if (accuracySeconds > 0) { seconds = new DerInteger(accuracySeconds); } DerInteger millis = null; if (accuracyMillis > 0) { millis = new DerInteger(accuracyMillis); } DerInteger micros = null; if (accuracyMicros > 0) { micros = new DerInteger(accuracyMicros); } accuracy = new Accuracy(seconds, millis, micros); } DerBoolean derOrdering = null; if (ordering) { derOrdering = DerBoolean.GetInstance(ordering); } DerInteger nonce = null; if (request.Nonce != null) { nonce = new DerInteger(request.Nonce); } DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID); if (request.ReqPolicy != null) { tsaPolicy = new DerObjectIdentifier(request.ReqPolicy); } X509Extensions respExtensions = request.Extensions; if (additionalExtensions != null) { X509ExtensionsGenerator extGen = new X509ExtensionsGenerator(); if (respExtensions != null) { foreach (object oid in respExtensions.ExtensionOids) { DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid); extGen.AddExtension(id, respExtensions.GetExtension(DerObjectIdentifier.GetInstance(id))); } } foreach (object oid in additionalExtensions.ExtensionOids) { DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid); extGen.AddExtension(id, additionalExtensions.GetExtension(DerObjectIdentifier.GetInstance(id))); } respExtensions = extGen.Generate(); } DerGeneralizedTime generalizedTime; if (resolution != Resolution.R_SECONDS) { generalizedTime = new DerGeneralizedTime(createGeneralizedTime(genTime)); } else { generalizedTime = new DerGeneralizedTime(genTime); } TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint, new DerInteger(serialNumber), generalizedTime, accuracy, derOrdering, nonce, tsa, respExtensions); try { CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator(); byte[] derEncodedTstInfo = tstInfo.GetDerEncoded(); if (request.CertReq) { signedDataGenerator.AddCertificates(x509Certs); } signedDataGenerator.AddCrls(x509Crls); signedDataGenerator.AddSignerInfoGenerator(signerInfoGenerator); CmsSignedData signedData = signedDataGenerator.Generate( PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncodedTstInfo), true); return(new TimeStampToken(signedData)); } catch (CmsException cmsEx) { throw new TspException("Error generating time-stamp token", cmsEx); } catch (IOException e) { throw new TspException("Exception encoding info", e); } catch (X509StoreException e) { throw new TspException("Exception handling CertStore", e); } // catch (InvalidAlgorithmParameterException e) // { // throw new TspException("Exception handling CertStore CRLs", e); // } }
public TimeStampToken Generate(TimeStampRequest request, BigInteger serialNumber, DateTime genTime) { DerObjectIdentifier objectID = new DerObjectIdentifier(request.MessageImprintAlgOid); AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(objectID, DerNull.Instance); MessageImprint messageImprint = new MessageImprint(hashAlgorithm, request.GetMessageImprintDigest()); Accuracy accuracy = null; if (this.accuracySeconds > 0 || this.accuracyMillis > 0 || this.accuracyMicros > 0) { DerInteger seconds = null; if (this.accuracySeconds > 0) { seconds = new DerInteger(this.accuracySeconds); } DerInteger millis = null; if (this.accuracyMillis > 0) { millis = new DerInteger(this.accuracyMillis); } DerInteger micros = null; if (this.accuracyMicros > 0) { micros = new DerInteger(this.accuracyMicros); } accuracy = new Accuracy(seconds, millis, micros); } DerBoolean derBoolean = null; if (this.ordering) { derBoolean = DerBoolean.GetInstance(this.ordering); } DerInteger nonce = null; if (request.Nonce != null) { nonce = new DerInteger(request.Nonce); } DerObjectIdentifier tsaPolicyId = new DerObjectIdentifier(this.tsaPolicyOID); if (request.ReqPolicy != null) { tsaPolicyId = new DerObjectIdentifier(request.ReqPolicy); } TstInfo tstInfo = new TstInfo(tsaPolicyId, messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy, derBoolean, nonce, this.tsa, request.Extensions); TimeStampToken result; try { CmsSignedDataGenerator cmsSignedDataGenerator = new CmsSignedDataGenerator(); byte[] derEncoded = tstInfo.GetDerEncoded(); if (request.CertReq) { cmsSignedDataGenerator.AddCertificates(this.x509Certs); } cmsSignedDataGenerator.AddCrls(this.x509Crls); cmsSignedDataGenerator.AddSigner(this.key, this.cert, this.digestOID, this.signedAttr, this.unsignedAttr); CmsSignedData signedData = cmsSignedDataGenerator.Generate(PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncoded), true); result = new TimeStampToken(signedData); } catch (CmsException e) { throw new TspException("Error generating time-stamp token", e); } catch (IOException e2) { throw new TspException("Exception encoding info", e2); } catch (X509StoreException e3) { throw new TspException("Exception handling CertStore", e3); } return(result); }
/// <exception cref="System.IO.IOException"></exception> //private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ContentSigner contentSigner // , DigestCalculatorProvider digestCalculatorProvider, SignatureParameters parameters // , CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData // ) private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISigner signer , SignatureParameters parameters, CAdESProfileBES cadesProfile , bool includeUnsignedAttributes, CmsSignedData originalSignedData ) { try { CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); X509Certificate signerCertificate = parameters.SigningCertificate; //X509CertificateHolder certHolder = new X509CertificateHolder(signerCertificate.GetEncoded()); ArrayList certList = new ArrayList(); certList.Add(signerCertificate); IX509Store certHolder = X509StoreFactory.Create("CERTIFICATE/COLLECTION", new X509CollectionStoreParameters(certList)); //jbonilla - El provider siempre es BC C# //SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder // (digestCalculatorProvider); CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator (new AttributeTable(cadesProfile.GetSignedAttributes(parameters))); CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator ((includeUnsignedAttributes) ? new AttributeTable(cadesProfile.GetUnsignedAttributes (parameters)) : null); //jbonilla - No existe ContentSigner en BC C# //SignerInfoGenerator sigInfoGen = sigInfoGeneratorBuilder.Build(contentSigner, certHolder); //generator.AddSignerInfoGenerator(sigInfoGen); generator.SignerProvider = signer; generator.AddSigner(new NullPrivateKey(), signerCertificate, parameters.SignatureAlgorithm.GetOid() , parameters.DigestAlgorithm.GetOid(), signedAttrGen, unsignedAttrGen); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } //ICollection<X509Certificate> certs = new AList<X509Certificate>(); IList certs = new ArrayList(); //certs.AddItem(parameters.SigningCertificate); certs.Add(parameters.SigningCertificate); if (parameters.CertificateChain != null) { foreach (X509Certificate c in parameters.CertificateChain) { if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { //certs.AddItem(c); certs.Add(c); } } } //JcaCertStore certStore = new JcaCertStore(certs); IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return(generator); } catch (CmsException e) { throw new IOException("CmsException", e); } catch (CertificateEncodingException e) { throw new IOException("CertificateEncodingException", e); } /*catch (OperatorCreationException e) * { * throw new IOException(e); * }*/ }
static void Main(string[] args) { byte[] entradaArray = File.ReadAllBytes(@"certificado/arquivoTeste.txt"); AsymmetricKeyParameter chavePrivada; X509Certificate certificadoX509 = getCertificadoX509(@"certificado/certificado.p12", "123!@#", out chavePrivada); SHA512Managed hashSHA512 = new SHA512Managed(); SHA256Managed hashSHA256 = new SHA256Managed(); byte[] certificadoX509Hash = hashSHA256.ComputeHash(certificadoX509.GetEncoded()); byte[] EntradaHash = hashSHA512.ComputeHash(entradaArray); CmsSignedDataGenerator geradorCms = new CmsSignedDataGenerator(); // //atributos // Asn1EncodableVector atributosAssinados = new Asn1EncodableVector(); //1.2.840.113549.1.9.3 -> ContentType //1.2.840.113549.1.7.1 -> RSA Security Data Inc atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.ContentType, new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1")))); //1.2.840.113549.1.9.5 -> Signing Time atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new DerUtcTime(DateTime.Now)))); //1.2.840.113549.1.9.4 -> messageDigest atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.MessageDigest, new DerSet(new DerOctetString(EntradaHash)))); //2.16.840.1.101.3.4.2.3 -> SHA-512 //2.16.840.1.101.3.4.2.1 -> SHA-256 //1.2.840.113549.1.9.16.5.1 -> sigPolicyQualifier-spuri DerObjectIdentifier identificadorPolicyID = new DerObjectIdentifier("1.2.840.113549.1.9.16.2.15"); byte[] policyHASH = System.Text.Encoding.ASCII.GetBytes("0F6FA2C6281981716C95C79899039844523B1C61C2C962289CDAC7811FEEE29E"); List <SigPolicyQualifierInfo> sigPolicyQualifierInfos = new List <SigPolicyQualifierInfo>(); Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algoritmoIdentificador = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.3"); SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(new DerObjectIdentifier("1.2.840.113549.1.9.16.5.1"), new DerIA5String("http://politicas.icpbrasil.gov.br/PA_AD_RB_v2_2.der")); sigPolicyQualifierInfos.Add(bcSigPolicyQualifierInfo); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(DerObjectIdentifier.GetInstance(new DerObjectIdentifier("2.16.76.1.7.1.6.2.2")), new OtherHashAlgAndValue(algoritmoIdentificador, new DerOctetString(policyHASH)), sigPolicyQualifierInfos); atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(identificadorPolicyID, new DerSet(signaturePolicyId))); //1.2.840.113549.1.9.16.2.47 -> id-aa-signingCertificateV2 Org.BouncyCastle.Asn1.Ess.EssCertIDv2 essCertIDv2; essCertIDv2 = new Org.BouncyCastle.Asn1.Ess.EssCertIDv2(certificadoX509Hash); atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47"), new DerSet(essCertIDv2))); AttributeTable atributosAssinadosTabela = new AttributeTable(atributosAssinados); //geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha256, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null); geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha512, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null); List <X509Certificate> certificadoX509Lista = new List <X509Certificate>(); certificadoX509Lista.Add(certificadoX509); //storeCerts.AddRange(chain); X509CollectionStoreParameters parametrosArmazem = new X509CollectionStoreParameters(certificadoX509Lista); IX509Store armazemCertificado = X509StoreFactory.Create("CERTIFICATE/COLLECTION", parametrosArmazem); geradorCms.AddCertificates(armazemCertificado); var dadosAssinado = geradorCms.Generate(new CmsProcessableByteArray(entradaArray), true); // encapsulate = false for detached signature Console.WriteLine("Codificado => " + Convert.ToBase64String(dadosAssinado.GetEncoded())); }
//------------------------------------------------------------------------------ public TimeStampToken Generate( TimeStampRequest request, IBigInteger serialNumber, DateTime genTime) { DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid); AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DerNull.Instance); MessageImprint messageImprint = new MessageImprint(algID, request.GetMessageImprintDigest()); Accuracy accuracy = null; if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) { DerInteger seconds = null; if (accuracySeconds > 0) { seconds = new DerInteger(accuracySeconds); } DerInteger millis = null; if (accuracyMillis > 0) { millis = new DerInteger(accuracyMillis); } DerInteger micros = null; if (accuracyMicros > 0) { micros = new DerInteger(accuracyMicros); } accuracy = new Accuracy(seconds, millis, micros); } DerBoolean derOrdering = null; if (ordering) { derOrdering = DerBoolean.GetInstance(ordering); } DerInteger nonce = null; if (request.Nonce != null) { nonce = new DerInteger(request.Nonce); } DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID); if (request.ReqPolicy != null) { tsaPolicy = new DerObjectIdentifier(request.ReqPolicy); } TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy, derOrdering, nonce, tsa, request.Extensions); try { CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator(); byte[] derEncodedTstInfo = tstInfo.GetDerEncoded(); if (request.CertReq) { signedDataGenerator.AddCertificates(x509Certs); } signedDataGenerator.AddCrls(x509Crls); signedDataGenerator.AddSigner(key, cert, digestOID, signedAttr, unsignedAttr); CmsSignedData signedData = signedDataGenerator.Generate( PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncodedTstInfo), true); return(new TimeStampToken(signedData)); } catch (CmsException cmsEx) { throw new TspException("Error generating time-stamp token", cmsEx); } catch (IOException e) { throw new TspException("Exception encoding info", e); } catch (X509StoreException e) { throw new TspException("Exception handling CertStore", e); } // catch (InvalidAlgorithmParameterException e) // { // throw new TspException("Exception handling CertStore CRLs", e); // } }
public TimeStampToken Generate(TimeStampRequest request, BigInteger serialNumber, global::System.DateTime genTime) { //IL_01a0: Expected O, but got Unknown DerObjectIdentifier algorithm = new DerObjectIdentifier(request.MessageImprintAlgOid); AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(algorithm, DerNull.Instance); MessageImprint messageImprint = new MessageImprint(hashAlgorithm, request.GetMessageImprintDigest()); Accuracy accuracy = null; if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) { DerInteger seconds = null; if (accuracySeconds > 0) { seconds = new DerInteger(accuracySeconds); } DerInteger millis = null; if (accuracyMillis > 0) { millis = new DerInteger(accuracyMillis); } DerInteger micros = null; if (accuracyMicros > 0) { micros = new DerInteger(accuracyMicros); } accuracy = new Accuracy(seconds, millis, micros); } DerBoolean derBoolean = null; if (ordering) { derBoolean = DerBoolean.GetInstance(ordering); } DerInteger nonce = null; if (request.Nonce != null) { nonce = new DerInteger(request.Nonce); } DerObjectIdentifier tsaPolicyId = new DerObjectIdentifier(tsaPolicyOID); if (request.ReqPolicy != null) { tsaPolicyId = new DerObjectIdentifier(request.ReqPolicy); } TstInfo tstInfo = new TstInfo(tsaPolicyId, messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy, derBoolean, nonce, tsa, request.Extensions); try { CmsSignedDataGenerator cmsSignedDataGenerator = new CmsSignedDataGenerator(); byte[] derEncoded = tstInfo.GetDerEncoded(); if (request.CertReq) { cmsSignedDataGenerator.AddCertificates(x509Certs); } cmsSignedDataGenerator.AddCrls(x509Crls); cmsSignedDataGenerator.AddSigner(key, cert, digestOID, signedAttr, unsignedAttr); CmsSignedData signedData = cmsSignedDataGenerator.Generate(PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncoded), encapsulate: true); return(new TimeStampToken(signedData)); } catch (CmsException e) { throw new TspException("Error generating time-stamp token", e); } catch (IOException val) { IOException e2 = val; throw new TspException("Exception encoding info", (global::System.Exception)(object) e2); } catch (X509StoreException e3) { throw new TspException("Exception handling CertStore", e3); } }
private void AssinarCriptografar(EnvioRemessaCobrancaBradescoJson model) { try { //exemplo validacao var validador = new ValidarModelo(); var criticas = validador.Criticas(model); if (criticas.Any()) { return; } var data = ConverterParaJsonAspasSimples(model); var encoding = new UTF8Encoding(); var messageBytes = encoding.GetBytes(data); var impressaDigitalCertificado = ConfigurationManager.AppSettings["ImpressaoDigitalCertificado"]; // certificado precisa ser instalado na máquina local e na pasta pessoal, diferente disso alterar linha abaixo var store = new X509Store(StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var privateCert = store.Certificates.Cast <X509Certificate2>().FirstOrDefault(cert => cert.Thumbprint == impressaDigitalCertificado && cert.HasPrivateKey); if (privateCert == null) { throw new Exception("Certificado não localizado."); } if (privateCert.PrivateKey == null) { throw new Exception("chave privada não localizada no certificado."); } //convertendo certificado para objeto que o bouncycastle conhece var bouncyCastleKey = DotNetUtilities.GetKeyPair(privateCert.PrivateKey).Private; var x5091 = new X509Certificate(privateCert.RawData); var x509CertBouncyCastle = DotNetUtilities.FromX509Certificate(x5091); var generator = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); generator.AddSignerInfoGenerator( signerInfoGeneratorBuilder.Build(new Asn1SignatureFactory("SHA256WithRSA", bouncyCastleKey), x509CertBouncyCastle)); //criando certstore que o bouncycastle conhece IList certList = new ArrayList(); certList.Add(x509CertBouncyCastle); var store509BouncyCastle = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList)); generator.AddCertificates(store509BouncyCastle); var cmsdata = new CmsProcessableByteArray(messageBytes); //assina var signeddata = generator.Generate(cmsdata, true); var mensagemFinal = signeddata.GetEncoded(); //converte para base64 que eh o formato que o serviço espera var mensagemConvertidaparaBase64 = Convert.ToBase64String(mensagemFinal); //chama serviço convertendo a string na base64 em bytes CriarServicoWebEEnviar("url_servico_bradesco_consta_manual", encoding.GetBytes(mensagemConvertidaparaBase64)); } catch (Exception ex) { throw; } }