internal static SignerInfoGenerator MakeInfoGenerator(AsymmetricKeyParameter key, X509Certificate cert,
string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr)
{
TspUtil.ValidateCertificate(cert);
//
// Add the ESSCertID attribute
//
IDictionary signedAttrs;
if (signedAttr != null)
{
signedAttrs = signedAttr.ToDictionary();
}
else
{
signedAttrs = new Hashtable();
}
string digestName = TspTestUtil.GetDigestAlgName(digestOID);
string signatureName = digestName + "with" + TspTestUtil.GetEncryptionAlgName(
TspTestUtil.GetEncOid(key, digestOID));
Asn1SignatureFactory sigfact = new Asn1SignatureFactory(signatureName, key);
return(new SignerInfoGeneratorBuilder()
.WithSignedAttributeGenerator(
new DefaultSignedAttributeTableGenerator(
new Asn1.Cms.AttributeTable(signedAttrs)))
.WithUnsignedAttributeGenerator(
new SimpleAttributeTableGenerator(unsignedAttr))
.Build(sigfact, cert));
}
public void Validate(IList algorithms, IList policies, IList extensions)
{
if (!algorithms.Contains(MessageImprintAlgOid))
{
throw new TspValidationException("request contains unknown algorithm.", 128);
}
if (policies != null && ReqPolicy != null && !policies.Contains(ReqPolicy))
{
throw new TspValidationException("request contains unknown policy.", 256);
}
if (Extensions != null && extensions != null)
{
foreach (DerObjectIdentifier extensionOid in Extensions.ExtensionOids)
{
if (!extensions.Contains(extensionOid.Id))
{
throw new TspValidationException("request contains unknown extension.", 8388608);
}
}
}
int digestLength = TspUtil.GetDigestLength(MessageImprintAlgOid);
if (digestLength != GetMessageImprintDigest().Length)
{
throw new TspValidationException("imprint digest the wrong length.", 4);
}
}
public TimeStampTokenGenerator(AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID, Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttr, Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttr)
{
this.key = key;
this.cert = cert;
this.digestOID = digestOID;
this.tsaPolicyOID = tsaPolicyOID;
this.unsignedAttr = unsignedAttr;
TspUtil.ValidateCertificate(cert);
IDictionary dictionary = (signedAttr == null) ? Platform.CreateHashtable() : signedAttr.ToDictionary();
try
{
byte[] hash = DigestUtilities.CalculateDigest("SHA-1", cert.GetEncoded());
EssCertID essCertID = new EssCertID(hash);
Org.BouncyCastle.Asn1.Cms.Attribute attribute = new Org.BouncyCastle.Asn1.Cms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(new SigningCertificate(essCertID)));
dictionary[attribute.AttrType] = attribute;
}
catch (CertificateEncodingException e)
{
throw new TspException("Exception processing certificate.", e);
}
catch (SecurityUtilityException e2)
{
throw new TspException("Can't find a SHA-1 implementation.", e2);
}
this.signedAttr = new Org.BouncyCastle.Asn1.Cms.AttributeTable(dictionary);
}
public void Validate(X509Certificate cert)
{
try
{
byte[] b = DigestUtilities.CalculateDigest(certID.GetHashAlgorithmName(), cert.GetEncoded());
if (!Arrays.ConstantTimeAreEqual(certID.GetCertHash(), b))
{
throw new TspValidationException("certificate hash does not match certID hash.");
}
if (certID.IssuerSerial != null)
{
if (!certID.IssuerSerial.Serial.Value.Equals(cert.SerialNumber))
{
throw new TspValidationException("certificate serial number does not match certID for signature.");
}
GeneralName[] names = certID.IssuerSerial.Issuer.GetNames();
X509Name issuerX509Principal = PrincipalUtilities.GetIssuerX509Principal(cert);
bool flag = false;
for (int i = 0; i != names.Length; i++)
{
if (names[i].TagNo == 4 && X509Name.GetInstance(names[i].Name).Equivalent(issuerX509Principal))
{
flag = true;
break;
}
}
if (!flag)
{
throw new TspValidationException("certificate name does not match certID for signature. ");
}
}
TspUtil.ValidateCertificate(cert);
cert.CheckValidity(tstInfo.GenTime);
if (!tsaSignerInfo.Verify(cert))
{
throw new TspValidationException("signature not created by certificate.");
}
}
catch (CmsException ex)
{
if (ex.InnerException != null)
{
throw new TspException(ex.Message, ex.InnerException);
}
throw new TspException("CMS exception: " + ex, ex);
}
catch (CertificateEncodingException ex2)
{
throw new TspException("problem processing certificate: " + ex2, ex2);
}
catch (SecurityUtilityException ex3)
{
throw new TspException("cannot find algorithm: " + ex3.Message, ex3);
}
}
public virtual IList GetExtensionOids()
{
return(TspUtil.GetExtensionOids(extensions));
}
