/**
* Replace the signerinformation store associated with this
* CmsSignedData object with the new one passed in. You would
* probably only want to do this if you wanted to change the unsigned
* attributes associated with a signer, or perhaps delete one.
*
* @param signedData the signed data object to be used as a base.
* @param signerInformationStore the new signer information store to use.
* @return a new signed data object.
*/
public static CmsSignedData ReplaceSigners(
CmsSignedData signedData,
SignerInformationStore signerInformationStore)
{
//
// copy
//
CmsSignedData cms = new CmsSignedData(signedData);
//
// replace the store
//
cms.signerInfoStore = signerInformationStore;
//
// replace the signers in the SignedData object
//
Asn1EncodableVector digestAlgs = new Asn1EncodableVector();
Asn1EncodableVector vec = new Asn1EncodableVector();
foreach (SignerInformation signer in signerInformationStore.GetSigners())
{
digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID));
vec.Add(signer.ToSignerInfo());
}
Asn1Set digests = new DerSet(digestAlgs);
Asn1Set signers = new DerSet(vec);
Asn1Sequence sD = (Asn1Sequence)signedData.signedData.ToAsn1Object();
//
// signers are the last item in the sequence.
//
vec = new Asn1EncodableVector(
sD[0], // version
digests);
for (int i = 2; i != sD.Count - 1; i++)
{
vec.Add(sD[i]);
}
vec.Add(signers);
cms.signedData = SignedData.GetInstance(new BerSequence(vec));
//
// replace the contentInfo with the new one
//
cms.contentInfo = new ContentInfo(cms.contentInfo.ContentType, cms.signedData);
return(cms);
}
List <EsitoVerifica> controllaCrlFileP7m(CmsSignedData sd)
{
List <EsitoVerifica> verificheLst = new List <EsitoVerifica>();
SignedData da = SignedData.GetInstance(sd.ContentInfo.Content.ToAsn1Object());
foreach (DerSequence cer in da.Certificates)
{
X509CertificateParser cp = new X509CertificateParser();
X509Certificate cert = cp.ReadCertificate(cer.GetEncoded());
verificheLst.Add(controllaCrlCert(cert, null, false));
}
return(verificheLst);
}
public CmsSignedData(
ContentInfo sigData)
{
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
//
// this can happen if the signed message is sent simply to send a
// certificate chain.
//
if (signedData.EncapContentInfo.Content != null)
{
var content = signedData.EncapContentInfo.Content;
this.signedContent = new CmsProcessableByteArray(
content.GetEncoded());
}
}
private X509Crl ReadDerCrl(
Asn1InputStream dIn)
{
Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
if (seq.Count > 1 && seq[0] is DerObjectIdentifier)
{
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData))
{
sCrlData = SignedData.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Crls;
return(GetCrl());
}
}
return(CreateX509Crl(CertificateList.GetInstance(seq)));
}
private X509Certificate ReadDerCertificate(
Asn1InputStream dIn)
{
Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
if (seq.Count > 1 && seq[0] is DerObjectIdentifier)
{
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData))
{
sData = SignedData.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Certificates;
return(GetCertificate());
}
}
return(new X509Certificate(X509CertificateStructure.GetInstance(seq)));
}
private IX509AttributeCertificate ReadDerCertificate(
Asn1InputStream dIn)
{
Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
if (seq.Count > 1 && seq[0] is DerObjectIdentifier)
{
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData))
{
sData = SignedData.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Certificates;
return(GetCertificate());
}
}
// return new X509V2AttributeCertificate(seq.getEncoded());
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq)));
}
public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore)
{
CmsSignedData cmsSignedData = new CmsSignedData(signedData);
cmsSignedData.signerInfoStore = signerInformationStore;
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]);
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (SignerInformation signerInformation in signerInformationStore.GetSigners())
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
CmsSignedData.Helper.FixAlgID(signerInformation.DigestAlgorithmID)
});
asn1EncodableVector2.Add(new Asn1Encodable[]
{
signerInformation.ToSignerInfo()
});
}
Asn1Set asn1Set = new DerSet(asn1EncodableVector);
Asn1Set asn1Set2 = new DerSet(asn1EncodableVector2);
Asn1Sequence asn1Sequence = (Asn1Sequence)signedData.signedData.ToAsn1Object();
asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[]
{
asn1Sequence[0],
asn1Set
});
for (int num = 2; num != asn1Sequence.Count - 1; num++)
{
asn1EncodableVector2.Add(new Asn1Encodable[]
{
asn1Sequence[num]
});
}
asn1EncodableVector2.Add(new Asn1Encodable[]
{
asn1Set2
});
cmsSignedData.signedData = SignedData.GetInstance(new BerSequence(asn1EncodableVector2));
cmsSignedData.contentInfo = new ContentInfo(cmsSignedData.contentInfo.ContentType, cmsSignedData.signedData);
return(cmsSignedData);
}
public CmsSignedData(
ContentInfo sigData)
{
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
//
// this can happen if the signed message is sent simply to send a
// certificate chain.
//
if (signedData.EncapContentInfo.Content != null)
{
this.signedContent = new CmsProcessableByteArray(
((Asn1OctetString)(signedData.EncapContentInfo.Content)).GetOctets());
}
// else
// {
// this.signedContent = null;
// }
}
public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore)
{
CmsSignedData cmsSignedData = new CmsSignedData(signedData);
cmsSignedData.signerInfoStore = signerInformationStore;
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector();
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector();
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signerInformationStore.GetSigners()).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
SignerInformation signerInformation = (SignerInformation)enumerator.get_Current();
asn1EncodableVector.Add(Helper.FixAlgID(signerInformation.DigestAlgorithmID));
asn1EncodableVector2.Add(signerInformation.ToSignerInfo());
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
Asn1Set asn1Set = new DerSet(asn1EncodableVector);
Asn1Set asn1Set2 = new DerSet(asn1EncodableVector2);
Asn1Sequence asn1Sequence = (Asn1Sequence)signedData.signedData.ToAsn1Object();
asn1EncodableVector2 = new Asn1EncodableVector(asn1Sequence[0], asn1Set);
for (int i = 2; i != asn1Sequence.Count - 1; i++)
{
asn1EncodableVector2.Add(asn1Sequence[i]);
}
asn1EncodableVector2.Add(asn1Set2);
cmsSignedData.signedData = SignedData.GetInstance(new BerSequence(asn1EncodableVector2));
cmsSignedData.contentInfo = new ContentInfo(cmsSignedData.contentInfo.ContentType, cmsSignedData.signedData);
return(cmsSignedData);
}
private ITestResult SignedTest()
{
try
{
ContentInfo info = ContentInfo.GetInstance(
Asn1Object.FromByteArray(signedData));
SignedData sData = SignedData.GetInstance(info.Content);
sData = new SignedData(sData.DigestAlgorithms, sData.EncapContentInfo, sData.Certificates, sData.CRLs, sData.SignerInfos);
info = new ContentInfo(CmsObjectIdentifiers.SignedData, sData);
if (!Arrays.AreEqual(info.GetEncoded(), signedData))
{
return(new SimpleTestResult(false, Name + ": CMS signed failed to re-encode"));
}
return(new SimpleTestResult(true, Name + ": Okay"));
}
catch (Exception e)
{
return(new SimpleTestResult(false, Name + ": CMS signed failed - " + e.ToString(), e));
}
}
public CmsSignedData(IDictionary hashes, ContentInfo sigData)
{
this.hashes = hashes;
contentInfo = sigData;
signedData = SignedData.GetInstance(contentInfo.Content);
}
public CmsSignedData(CmsProcessable signedContent, ContentInfo sigData)
{
this.signedContent = signedContent;
contentInfo = sigData;
signedData = SignedData.GetInstance(contentInfo.Content);
}
/// <summary>
/// Verifiy of CRL
/// </summary>
/// <param name="fileContents">byte Array file contents</param>
/// <param name="endPoint">not used </param>
/// <param name="args">1) Datetime? data verifica / string cachePath / string (bool) nocache</param>
/// <returns></returns>
public EsitoVerifica VerificaByteEV(byte[] fileContents, string endPoint, Object[] args)
{
//string ID = String.Format("{0}-{1}", Environment.GetEnvironmentVariable("APP_POOL_ID").Replace(" ", ""), AppDomain.CurrentDomain.BaseDirectory);
bool forceDownload = false;
//end point lo usiamo per forzare il download
string p7mSignAlgorithm = null;
//string p7mSignHash = null;
DocsPaVO.documento.Internal.SignerInfo[] certSignersInfo;
EsitoVerifica ev = new EsitoVerifica();
DateTime?dataverificaDT = null;
string cachePath = string.Empty;
if (args == null)
{
logger.Debug("Args (Date) is null, settign current");
dataverificaDT = DateTime.Now;
}
if (args.Length > 0)
{
dataverificaDT = args[0] as DateTime?;
if (dataverificaDT == null)
{
logger.Debug("Date is null, settign current");
dataverificaDT = DateTime.Now;
}
cachePath = args[1] as string;
string fdl = args[2] as string;
if (!String.IsNullOrEmpty(fdl))
{
Boolean.TryParse(endPoint, out forceDownload);
}
}
int posi = IndexOfInArray(fileContents, System.Text.ASCIIEncoding.ASCII.GetBytes("Mime-Version:"));
if (posi == 0) //E' un mime m7m
{
using (MemoryStream ms = new MemoryStream(fileContents))
{
anmar.SharpMimeTools.SharpMessage sm = new anmar.SharpMimeTools.SharpMessage(ms);
if (sm.Attachments.Count > 0)
{
foreach (anmar.SharpMimeTools.SharpAttachment att in sm.Attachments)
{
if (System.IO.Path.GetExtension(att.Name).ToLower().Contains("p7m"))
{
att.Stream.Position = 0;
BinaryReader sr = new BinaryReader(att.Stream);
fileContents = sr.ReadBytes((int)att.Size);
}
}
}
}
}
// Ce provo....
posi = -1;
posi = IndexOfInArray(fileContents, System.Text.ASCIIEncoding.ASCII.GetBytes("%PDF"));
if (posi == 0) //E' un pdf
{
PdfReader pdfReader = isPdf(fileContents);
try
{
AcroFields af = pdfReader.AcroFields;
List <string> signNames = af.GetSignatureNames();
if (signNames.Count == 0) //Firma non è presente
{
ev.status = EsitoVerificaStatus.ErroreGenerico;
ev.message = "Il file PDF da verificare non contiene nessuna firma";
ev.errorCode = "1458";
return(ev);
}
List <DocsPaVO.documento.Internal.SignerInfo> siList = new List <DocsPaVO.documento.Internal.SignerInfo>();
foreach (string name in signNames)
{
PdfPKCS7 pk = af.VerifySignature(name);
p7mSignAlgorithm = pk.GetHashAlgorithm();
Org.BouncyCastle.X509.X509Certificate[] certs = pk.Certificates;
foreach (X509Certificate cert in certs)
{
DocsPaVO.documento.Internal.SignerInfo si = GetCertSignersInfo(cert);
VerificaValiditaTemporaleCertificato(ev, dataverificaDT, cert, p7mSignAlgorithm);
si = ControlloCRL(forceDownload, ev, cachePath, cert, si);
siList.Add(si);
}
bool result = pk.Verify();
if (!result)
{
ev.status = EsitoVerificaStatus.ErroreGenerico;
ev.message = "La verifica della firma è fallita (File is Tampered)";
ev.errorCode = "1450";
}
}
/*
* if (
* (pdfReader.PdfVersion.ToString() != "4")||
* (pdfReader.PdfVersion.ToString() != "7"))
* {
* ev.status = EsitoVerificaStatus.ErroreGenerico;
* ev.message = "Il file da verificare non è conforme allo standard PDF 1.4 o pdf 1.7";
* ev.errorCode = "1457";
* }
*/
List <DocsPaVO.documento.Internal.PKCS7Document> p7docsLst = new List <DocsPaVO.documento.Internal.PKCS7Document>();
DocsPaVO.documento.Internal.PKCS7Document p7doc = new DocsPaVO.documento.Internal.PKCS7Document
{
SignersInfo = siList.ToArray(),
DocumentFileName = null,
Level = 0
};
p7docsLst.Add(p7doc);
ev.VerifySignatureResult = ConvertToVerifySignatureResult(ev.status, p7docsLst.ToArray());
ev.content = fileContents;
}
catch (Exception e)
{
ev.status = EsitoVerificaStatus.ErroreGenerico;
ev.message = "Error verifying pdf message :" + e.Message;
ev.errorCode = "1402";
return(ev);
}
}
else //PKCS7
{
try
{
int doclevel = 0;
List <DocsPaVO.documento.Internal.PKCS7Document> p7docsLst = new List <DocsPaVO.documento.Internal.PKCS7Document>();
do
{
//questa Estrazione serve solo per capire se uscire dal ciclo ricorsivo e ritornare il content
try
{
ev.content = extractSignedContent(fileContents);
}
catch
{
break;
}
//Ciclo per file firmato
Asn1Sequence sequenza = Asn1Sequence.GetInstance(fileContents);
DerObjectIdentifier tsdOIDFile = sequenza[0] as DerObjectIdentifier;
if (tsdOIDFile != null)
{
if (tsdOIDFile.Id == CmsObjectIdentifiers.timestampedData.Id) //TSD
{
logger.Debug("Found TSD file");
DerTaggedObject taggedObject = sequenza[1] as DerTaggedObject;
if (taggedObject != null)
{
Asn1Sequence asn1seq = Asn1Sequence.GetInstance(taggedObject, true);
TimeStampedData tsd = TimeStampedData.GetInstance(asn1seq);
fileContents = tsd.Content.GetOctets();
}
}
if (tsdOIDFile.Id == CmsObjectIdentifiers.SignedData.Id) //p7m
{
logger.Debug("Found P7M file");
}
}
CmsSignedData cms = new CmsSignedData(fileContents);
//controllaCrlFileP7m(cms);
IX509Store store = cms.GetCertificates("Collection");
SignerInformationStore signers = cms.GetSignerInfos();
SignedData da = SignedData.GetInstance(cms.ContentInfo.Content.ToAsn1Object());
Asn1Sequence DigAlgAsn1 = null;
if (da.DigestAlgorithms.Count > 0)
{
DigAlgAsn1 = da.DigestAlgorithms[0].ToAsn1Object() as Asn1Sequence;
}
if (DigAlgAsn1 != null)
{
p7mSignAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID);
}
certSignersInfo = new DocsPaVO.documento.Internal.SignerInfo[signers.GetSigners().Count];
int i = 0;
foreach (SignerInformation signer in signers.GetSigners())
{
bool fileOK = false;
Org.BouncyCastle.X509.X509Certificate cert1 = GetCertificate(signer, store);
certSignersInfo[i] = GetCertSignersInfo(cert1);
VerificaValiditaTemporaleCertificato(ev, dataverificaDT, cert1, p7mSignAlgorithm);
fileOK = VerificaNonRepudiation(ev, fileOK, cert1);
if (!fileOK)
{
certSignersInfo[i].CertificateInfo.messages = ev.errorCode + " " + ev.message;
}
try
{
fileOK = VerificaCertificato(ev, signer, fileOK, cert1);
}
catch (Exception e)
{
ev.status = EsitoVerificaStatus.ErroreGenerico;
ev.message = "Error verifying 2, message :" + e.Message;
ev.errorCode = "1450";
}
if (fileOK)
{
certSignersInfo[i] = ControlloCRL(forceDownload, ev, cachePath, cert1, certSignersInfo[i]);
}
//p7mSignHash = BitConverter.ToString(Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID), (byte[])cms.SignedContent.GetContent())).Replace("-", "");
}
/*
* if (cms.SignedContent != null)
* {
* //CmsProcessable signedContent = cms.SignedContent;
* //ev.content = (byte[])signedContent.GetContent();
*
* ev.content = extractMatrioskaFile(fileContents);
*
*
*
* }
*/
DocsPaVO.documento.Internal.PKCS7Document p7doc = new DocsPaVO.documento.Internal.PKCS7Document
{
SignersInfo = certSignersInfo,
DocumentFileName = null,
Level = doclevel++
};
p7docsLst.Add(p7doc);
try
{
fileContents = extractSignedContent(fileContents);
}
catch
{
break;
}
} while (true);
ev.VerifySignatureResult = ConvertToVerifySignatureResult(ev.status, p7docsLst.ToArray());;
}
catch (Exception e)
{
ev.status = EsitoVerificaStatus.ErroreGenerico;
ev.message = "Error verifying 1, message :" + e.Message;
ev.errorCode = "1402";
return(ev);
}
}
return(ev);
}
/// <summary>
/// Verify PKCS7 signature
/// </summary>
/// <returns>CAPICOM/CryptoAPI return code or an ApplicationException in file hash doesn't match</returns>
public bool Verify(ref List <string> ErrorMessageLst)
{
bool rc = true;
//DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - INIT");
try
{
// Decodifica un messaggio SignedCms codificato.
// Al completamento della decodifica, è possibile recuperare le
// informazioni decodificate dalle proprietà dell'oggetto SignedCms.
CmsSignedData cms = new CmsSignedData(this.GetSignedContent(this._buf));
IX509Store store = cms.GetCertificates("Collection");
SignerInformationStore signers = cms.GetSignerInfos();
SignedData da = SignedData.GetInstance(cms.ContentInfo.Content.ToAsn1Object());
Asn1Sequence DigAlgAsn1 = null;
if (da.DigestAlgorithms.Count > 0)
{
DigAlgAsn1 = da.DigestAlgorithms[0].ToAsn1Object() as Asn1Sequence;
}
if (DigAlgAsn1 != null)
{
this._SignAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID);
}
//DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - Decode signed message");
// Verify signature. Do not validate signer
// certificate for the purposes of this example.
// Note that in a production environment, validating
// the signer certificate chain will probably
// be necessary.
/*
* verifica le firme digitali nel messaggio CMS/PKCS #7 firmato e,
* facoltativamente, convalida i certificati del firmatario.
*
* * Se verifySignatureOnly è true, vengono verificate solo le firme digitali.
* Se è false, vengono verificate le firme digitali e vengono convalidati
* i certificati dei firmatari e gli scopi dei certificati.
* Gli scopi di un certificato sono considerati validi se il certificato
* non prevede l'utilizzo della chiave o se l'utilizzo della chiave supporta
* le firme digitali o il non-rifiuto.
*
*/
//_signersInfo = new DocsPaVO.documento.SignerInfo[signers.GetSigners().Count];
//int i = 0;
List <DocsPaVO.documento.SignerInfo> signInfoLst = new List <DocsPaVO.documento.SignerInfo>();
foreach (SignerInformation signer in signers.GetSigners())
{
DocsPaVO.documento.SignerInfo thisSinger = ExtractSignerInfo(ErrorMessageLst, store, signer);
signInfoLst.Add(thisSinger);
}
_signersInfo = signInfoLst.ToArray();
//DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - CheckSignature OK, signers count: {0}", signers.GetSigners().Count));
CmsProcessable signedContent = cms.SignedContent;
this._content = (byte[])signedContent.GetContent();
if ((this._SignAlgorithm != null) && this._content != null)
{
try
{
this._SignHash = BitConverter.ToString(Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(this._SignAlgorithm, this._content)).Replace("-", "");
}
catch (Exception e)
{
ErrorMessageLst.Add(e.Message);
}
}
//DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - Extact content, lenght: {0}", this._content.Length));
this._documentFileName = GetDocumentFileName();
this._SignType = "CADES";
//DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - DocumentFileName: '{0}'", this._documentFileName));
}
catch (Exception ex)
{
rc = false;
//DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - Si è verificato un errore nella verifica della firma", ex);
//throw new ApplicationException(ex.Message);
ErrorMessageLst.Add(ex.Message);
}
finally
{
//DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - END");
}
return(rc);
}
