public byte[] Encode()
{
if (!_hasData)
{
throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotSigned);
}
return(PkcsHelpers.EncodeContentInfo(_signedData, Oids.Pkcs7Signed));
}
public byte[] Encode()
{
if (!_hasData)
{
throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotSigned);
}
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
_signedData.Encode(writer);
return(PkcsHelpers.EncodeContentInfo(writer.Encode(), Oids.Pkcs7Signed));
}
}
public byte[] Encode()
{
if (!_hasData)
{
throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotSigned);
}
try
{
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
_signedData.Encode(writer);
return(PkcsHelpers.EncodeContentInfo(writer.Encode(), Oids.Pkcs7Signed));
}
}
catch (CryptographicException) when(!Detached)
{
// If we can't write the contents back out then the most likely culprit is an
// indefinite length encoding in the content field. To preserve as much input data
// as possible while still maintaining our expectations of sorting any SET OF values,
// do the following:
// * Write the DER normalized version of the SignedData in detached mode.
// * BER-decode that structure
// * Copy the content field over
// * BER-write the modified structure.
SignedDataAsn copy = _signedData;
copy.EncapContentInfo.Content = null;
Debug.Assert(_signedData.EncapContentInfo.Content != null);
using (AsnWriter detachedWriter = new AsnWriter(AsnEncodingRules.DER))
{
copy.Encode(detachedWriter);
copy = SignedDataAsn.Decode(detachedWriter.Encode(), AsnEncodingRules.BER);
}
copy.EncapContentInfo.Content = _signedData.EncapContentInfo.Content;
using (AsnWriter attachedWriter = new AsnWriter(AsnEncodingRules.BER))
{
copy.Encode(attachedWriter);
return(PkcsHelpers.EncodeContentInfo(attachedWriter.Encode(), Oids.Pkcs7Signed));
}
}
}
private byte[] Encrypt(
CmsRecipientCollection recipients,
ContentInfo contentInfo,
AlgorithmIdentifier contentEncryptionAlgorithm,
X509Certificate2Collection originatorCerts,
CryptographicAttributeObjectCollection unprotectedAttributes,
byte[] encryptedContent,
byte[] cek,
byte[] parameterBytes)
{
EnvelopedDataAsn envelopedData = new EnvelopedDataAsn
{
EncryptedContentInfo =
{
ContentType = contentInfo.ContentType.Value,
ContentEncryptionAlgorithm =
{
Algorithm = contentEncryptionAlgorithm.Oid,
Parameters = parameterBytes,
},
EncryptedContent = encryptedContent,
},
};
if (unprotectedAttributes != null && unprotectedAttributes.Count > 0)
{
List <AttributeAsn> attrList = CmsSigner.BuildAttributes(unprotectedAttributes);
envelopedData.UnprotectedAttributes = PkcsHelpers.NormalizeSet(attrList.ToArray());
}
if (originatorCerts != null && originatorCerts.Count > 0)
{
CertificateChoiceAsn[] certs = new CertificateChoiceAsn[originatorCerts.Count];
for (int i = 0; i < originatorCerts.Count; i++)
{
certs[i].Certificate = originatorCerts[i].RawData;
}
envelopedData.OriginatorInfo = new OriginatorInfoAsn
{
CertificateSet = certs,
};
}
envelopedData.RecipientInfos = new RecipientInfoAsn[recipients.Count];
bool allRecipientsVersion0 = true;
for (var i = 0; i < recipients.Count; i++)
{
CmsRecipient recipient = recipients[i];
bool v0Recipient;
switch (recipient.Certificate.GetKeyAlgorithm())
{
case Oids.Rsa:
envelopedData.RecipientInfos[i].Ktri = MakeKtri(cek, recipient, out v0Recipient);
break;
default:
throw new CryptographicException(
SR.Cryptography_Cms_UnknownAlgorithm,
recipient.Certificate.GetKeyAlgorithm());
}
allRecipientsVersion0 = allRecipientsVersion0 && v0Recipient;
}
// https://tools.ietf.org/html/rfc5652#section-6.1
//
// v4 (RFC 3852):
// * OriginatorInfo contains certificates with type other (not supported)
// * OriginatorInfo contains crls with type other (not supported)
// v3 (RFC 3369):
// * OriginatorInfo contains v2 attribute certificates (not supported)
// * Any PWRI (password) recipients are present (not supported)
// * Any ORI (other) recipients are present (not supported)
// v2 (RFC 2630):
// * OriginatorInfo is present
// * Any RecipientInfo has a non-zero version number
// * UnprotectedAttrs is present
// v1 (not defined for EnvelopedData)
// v0 (RFC 2315):
// * Anything not already matched
if (envelopedData.OriginatorInfo != null ||
!allRecipientsVersion0 ||
envelopedData.UnprotectedAttributes != null)
{
envelopedData.Version = 2;
}
return(PkcsHelpers.EncodeContentInfo(envelopedData, Oids.Pkcs7Enveloped));
}
