public EssCertID[] GetCerts()
{
EssCertID[] array = new EssCertID[certs.Count];
for (int i = 0; i != certs.Count; i++)
{
array[i] = EssCertID.GetInstance(certs[i]);
}
return(array);
}
public EssCertID[] GetCerts()
{
EssCertID[] array = new EssCertID[this.certs.Count];
for (int num = 0; num != this.certs.Count; num++)
{
array[num] = EssCertID.GetInstance(this.certs[num]);
}
return(array);
}
public EssCertID[] GetCerts()
{
EssCertID[] cs = new EssCertID[certs.Count];
for (int i = 0; i != certs.Count; i++)
{
cs[i] = EssCertID.GetInstance(certs[i]);
}
return(cs);
}
public EssCertID[] GetCerts()
{
EssCertID[] cs = new EssCertID[certs.Count];
for (int i = 0; i != certs.Count; i++)
{
cs[i] = EssCertID.GetInstance(certs[i]);
}
return cs;
}
public TimeStampToken(
CmsSignedData signedData)
{
this.tsToken = signedData;
if (!this.tsToken.SignedContentTypeOid.Equals(PkcsObjectIdentifiers.IdCTTstInfo.Id))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by "
+ signers.Count
+ " signers, but it must contain just the TSA signature.");
}
IEnumerator signerEnum = signers.GetEnumerator();
signerEnum.MoveNext();
tsaSignerInfo = (SignerInformation) signerEnum.Current;
try
{
CmsProcessable content = tsToken.SignedContent;
MemoryStream bOut = new MemoryStream();
content.Write(bOut);
this.tstInfo = new TimeStampTokenInfo(
TstInfo.GetInstance(
Asn1Object.FromByteArray(bOut.ToArray())));
Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
PkcsObjectIdentifiers.IdAASigningCertificate];
if (attr == null)
{
throw new TspValidationException(
"no signing certificate attribute found, time stamp invalid.");
}
SigningCertificate signCert = SigningCertificate.GetInstance(
attr.AttrValues[0]);
this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);
}
catch (CmsException e)
{
throw new TspException(e.Message, e.InnerException);
}
}
/**
* create with a signer with extra signed/unsigned attributes.
*/
public TimeStampTokenGenerator(
AsymmetricKeyParameter key,
X509Certificate cert,
string digestOID,
string tsaPolicyOID,
Asn1.Cms.AttributeTable signedAttr,
Asn1.Cms.AttributeTable unsignedAttr)
{
this.key = key;
this.cert = cert;
this.digestOID = digestOID;
this.tsaPolicyOID = tsaPolicyOID;
this.unsignedAttr = unsignedAttr;
TspUtil.ValidateCertificate(cert);
//
// Add the ESSCertID attribute
//
IDictionary signedAttrs;
if (signedAttr != null)
{
signedAttrs = signedAttr.ToDictionary();
}
else
{
signedAttrs = Platform.CreateHashtable();
}
try
{
byte[] hash = DigestUtilities.CalculateDigest("SHA-1", cert.GetEncoded());
EssCertID essCertid = new EssCertID(hash);
Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute(
PkcsObjectIdentifiers.IdAASigningCertificate,
new DerSet(new SigningCertificate(essCertid)));
signedAttrs[attr.AttrType] = attr;
}
catch (CertificateEncodingException e)
{
throw new TspException("Exception processing certificate.", e);
}
catch (SecurityUtilityException e)
{
throw new TspException("Can't find a SHA-1 implementation.", e);
}
this.signedAttr = new Asn1.Cms.AttributeTable(signedAttrs);
}
public SigningCertificate(EssCertID essCertID)
{
this.certs = new DerSequence(essCertID);
}
public SigningCertificate(
EssCertID essCertID)
{
certs = new DerSequence(essCertID);
}
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert,
String digestAlgorithmName,
byte[] datos,
AdESPolicy policy,
bool signingCertificateV2,
byte[] messageDigest,
DateTime signDate,
bool padesMode,
String contentType,
String contentDescription)
{
// ALGORITMO DE HUELLA DIGITAL
AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName));
// // ATRIBUTOS
// authenticatedAttributes
Asn1EncodableVector contexExpecific = InitContexExpecific(
digestAlgorithmName,
datos,
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id,
messageDigest,
signDate,
padesMode
);
// Serial Number
// comentar lo de abajo para version del rfc 3852
if (signingCertificateV2)
{
// INICIO SINGING CERTIFICATE-V2
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer));
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier
* DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial
* IssuerSerial OPTIONAL }
* Hash ::= OCTET STRING */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) };
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificateV2 scv2;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica
}
else
{
scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica
}
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)));
// FIN SINGING CERTIFICATE-V2
}
else
{
// INICIO SINGNING CERTIFICATE
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber } */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralName gn = new GeneralName(tbs.Issuer);
GeneralNames gns = new GeneralNames(gn);
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial
* OPTIONAL }
* Hash ::= OCTET STRING -- SHA1 hash of entire certificate */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertID essCertID = new EssCertID(certHash, isuerSerial);
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificate scv;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
/*
* HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY
* CASTLE NO TIENE DICHO CONSTRUCTOR.
*/
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerSequence(essCertID));
v.Add(new DerSequence(GetPolicyInformation(policy)));
scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica
}
else
{
scv = new SigningCertificate(essCertID); // Sin politica
}
/** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16)
* id-aa(2) 12 } */
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv)));
}
// INICIO SIGPOLICYID ATTRIBUTE
if (policy.GetPolicyIdentifier() != null)
{
/**
* SigPolicyId ::= OBJECT IDENTIFIER Politica de firma.
*/
DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", ""));
/**
* OtherHashAlgAndValue ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashValue OCTET STRING }
*
*/
// Algoritmo para el hash
AlgorithmIdentifier hashid;
// si tenemos algoritmo de calculo de hash, lo ponemos
if (policy.GetPolicyIdentifierHashAlgorithm() != null)
{
hashid = SigUtils.MakeAlgId(
AOAlgorithmID.GetOID(
AOSignConstants.GetDigestAlgorithmName(
policy.GetPolicyIdentifierHashAlgorithm())));
}
// si no tenemos, ponemos el algoritmo de firma.
else
{
hashid = digestAlgorithmOID;
}
// hash del documento, descifrado en b64
byte[] hashed;
if (policy.GetPolicyIdentifierHash() != null)
{
hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash());
}
else
{
hashed = new byte[] { 0 };
}
DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed);
/**
* SigPolicyQualifierInfo ::= SEQUENCE {
* SigPolicyQualifierId SigPolicyQualifierId,
* SigQualifier ANY DEFINED BY policyQualifierId }
*/
AOSigPolicyQualifierInfo spqInfo = null;
if (policy.GetPolicyQualifier() != null)
{
spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString());
}
/**
* SignaturePolicyId ::= SEQUENCE {
* sigPolicyId SigPolicyId,
* sigPolicyHash SigPolicyHash,
* sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
* AOSigPolicyQualifierInfo OPTIONAL}
*
*/
Asn1EncodableVector v = new Asn1EncodableVector();
// sigPolicyId
v.Add(doiSigPolicyId);
// sigPolicyHash
v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence
// sigPolicyQualifiers
if (spqInfo != null)
{
v.Add(spqInfo.toASN1Primitive());
}
DerSequence ds = new DerSequence(v);
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object())));
// FIN SIGPOLICYID ATTRIBUTE
}
/**
* Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES.
*
* ContentHints ::= SEQUENCE {
* contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
* contentType ContentType }
*/
if (contentType != null && !padesMode)
{
ContentHints contentHints;
if (contentDescription != null)
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType),
new DerUtf8String(contentDescription));
}
else
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType));
}
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint,
new DerSet(contentHints.ToAsn1Object())));
}
return contexExpecific;
}
internal CertID(EssCertIDv2 certID)
{
this.certIDv2 = certID;
this.certID = null;
}
/**
* create with a signer with extra signed/unsigned attributes.
*/
public TimeStampTokenGenerator(
AsymmetricKeyParameter key,
X509Certificate cert,
string digestOID,
string tsaPolicyOID,
Asn1.Cms.AttributeTable signedAttr,
Asn1.Cms.AttributeTable unsignedAttr)
{
this.key = key;
this.cert = cert;
this.digestOID = digestOID;
this.tsaPolicyOID = tsaPolicyOID;
this.unsignedAttr = unsignedAttr;
TspUtil.ValidateCertificate(cert);
//
// add the essCertid
//
Hashtable signedAttrs;
if (signedAttr != null)
{
signedAttrs = signedAttr.ToHashtable();
}
else
{
signedAttrs = new Hashtable();
}
IDigest digest;
try
{
digest = DigestUtilities.GetDigest("SHA-1");
}
catch (Exception e)
{
throw new TspException("Can't find a SHA-1 implementation.", e);
}
try
{
byte[] certEncoded = cert.GetEncoded();
digest.BlockUpdate(certEncoded, 0, certEncoded.Length);
byte[] hash = DigestUtilities.DoFinal(digest);
EssCertID essCertid = new EssCertID(hash);
Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute(
PkcsObjectIdentifiers.IdAASigningCertificate,
new DerSet(new SigningCertificate(essCertid)));
signedAttrs[attr.AttrType] = attr;
}
catch (CertificateEncodingException e)
{
throw new TspException("Exception processing certificate.", e);
}
this.signedAttr = new Asn1.Cms.AttributeTable(signedAttrs);
}
