/** * Replace the signerinformation store associated with this * CmsSignedData object with the new one passed in. You would * probably only want to do this if you wanted to change the unsigned * attributes associated with a signer, or perhaps delete one. * * @param signedData the signed data object to be used as a base. * @param signerInformationStore the new signer information store to use. * @return a new signed data object. */ public static CmsSignedData ReplaceSigners( CmsSignedData signedData, SignerInformationStore signerInformationStore) { // // copy // CmsSignedData cms = new CmsSignedData(signedData); // // replace the store // cms.signerInfoStore = signerInformationStore; // // replace the signers in the SignedData object // Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector vec = new Asn1EncodableVector(); foreach (SignerInformation signer in signerInformationStore.GetSigners()) { digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); vec.Add(signer.ToSignerInfo()); } Asn1Set digests = new DerSet(digestAlgs); Asn1Set signers = new DerSet(vec); Asn1Sequence sD = (Asn1Sequence)signedData.signedData.ToAsn1Object(); // // signers are the last item in the sequence. // vec = new Asn1EncodableVector( sD[0], // version digests); for (int i = 2; i != sD.Count - 1; i++) { vec.Add(sD[i]); } vec.Add(signers); cms.signedData = SignedData.GetInstance(new BerSequence(vec)); // // replace the contentInfo with the new one // cms.contentInfo = new ContentInfo(cms.contentInfo.ContentType, cms.signedData); return(cms); }
List <EsitoVerifica> controllaCrlFileP7m(CmsSignedData sd) { List <EsitoVerifica> verificheLst = new List <EsitoVerifica>(); SignedData da = SignedData.GetInstance(sd.ContentInfo.Content.ToAsn1Object()); foreach (DerSequence cer in da.Certificates) { X509CertificateParser cp = new X509CertificateParser(); X509Certificate cert = cp.ReadCertificate(cer.GetEncoded()); verificheLst.Add(controllaCrlCert(cert, null, false)); } return(verificheLst); }
public CmsSignedData( ContentInfo sigData) { this.contentInfo = sigData; this.signedData = SignedData.GetInstance(contentInfo.Content); // // this can happen if the signed message is sent simply to send a // certificate chain. // if (signedData.EncapContentInfo.Content != null) { var content = signedData.EncapContentInfo.Content; this.signedContent = new CmsProcessableByteArray( content.GetEncoded()); } }
private X509Crl ReadDerCrl( Asn1InputStream dIn) { Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject(); if (seq.Count > 1 && seq[0] is DerObjectIdentifier) { if (seq[0].Equals(PkcsObjectIdentifiers.SignedData)) { sCrlData = SignedData.GetInstance( Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Crls; return(GetCrl()); } } return(CreateX509Crl(CertificateList.GetInstance(seq))); }
private X509Certificate ReadDerCertificate( Asn1InputStream dIn) { Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject(); if (seq.Count > 1 && seq[0] is DerObjectIdentifier) { if (seq[0].Equals(PkcsObjectIdentifiers.SignedData)) { sData = SignedData.GetInstance( Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Certificates; return(GetCertificate()); } } return(new X509Certificate(X509CertificateStructure.GetInstance(seq))); }
private IX509AttributeCertificate ReadDerCertificate( Asn1InputStream dIn) { Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject(); if (seq.Count > 1 && seq[0] is DerObjectIdentifier) { if (seq[0].Equals(PkcsObjectIdentifiers.SignedData)) { sData = SignedData.GetInstance( Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Certificates; return(GetCertificate()); } } // return new X509V2AttributeCertificate(seq.getEncoded()); return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq))); }
public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore) { CmsSignedData cmsSignedData = new CmsSignedData(signedData); cmsSignedData.signerInfoStore = signerInformationStore; Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]); Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (SignerInformation signerInformation in signerInformationStore.GetSigners()) { asn1EncodableVector.Add(new Asn1Encodable[] { CmsSignedData.Helper.FixAlgID(signerInformation.DigestAlgorithmID) }); asn1EncodableVector2.Add(new Asn1Encodable[] { signerInformation.ToSignerInfo() }); } Asn1Set asn1Set = new DerSet(asn1EncodableVector); Asn1Set asn1Set2 = new DerSet(asn1EncodableVector2); Asn1Sequence asn1Sequence = (Asn1Sequence)signedData.signedData.ToAsn1Object(); asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[] { asn1Sequence[0], asn1Set }); for (int num = 2; num != asn1Sequence.Count - 1; num++) { asn1EncodableVector2.Add(new Asn1Encodable[] { asn1Sequence[num] }); } asn1EncodableVector2.Add(new Asn1Encodable[] { asn1Set2 }); cmsSignedData.signedData = SignedData.GetInstance(new BerSequence(asn1EncodableVector2)); cmsSignedData.contentInfo = new ContentInfo(cmsSignedData.contentInfo.ContentType, cmsSignedData.signedData); return(cmsSignedData); }
public CmsSignedData( ContentInfo sigData) { this.contentInfo = sigData; this.signedData = SignedData.GetInstance(contentInfo.Content); // // this can happen if the signed message is sent simply to send a // certificate chain. // if (signedData.EncapContentInfo.Content != null) { this.signedContent = new CmsProcessableByteArray( ((Asn1OctetString)(signedData.EncapContentInfo.Content)).GetOctets()); } // else // { // this.signedContent = null; // } }
public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore) { CmsSignedData cmsSignedData = new CmsSignedData(signedData); cmsSignedData.signerInfoStore = signerInformationStore; Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(); Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(); global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signerInformationStore.GetSigners()).GetEnumerator(); try { while (enumerator.MoveNext()) { SignerInformation signerInformation = (SignerInformation)enumerator.get_Current(); asn1EncodableVector.Add(Helper.FixAlgID(signerInformation.DigestAlgorithmID)); asn1EncodableVector2.Add(signerInformation.ToSignerInfo()); } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } Asn1Set asn1Set = new DerSet(asn1EncodableVector); Asn1Set asn1Set2 = new DerSet(asn1EncodableVector2); Asn1Sequence asn1Sequence = (Asn1Sequence)signedData.signedData.ToAsn1Object(); asn1EncodableVector2 = new Asn1EncodableVector(asn1Sequence[0], asn1Set); for (int i = 2; i != asn1Sequence.Count - 1; i++) { asn1EncodableVector2.Add(asn1Sequence[i]); } asn1EncodableVector2.Add(asn1Set2); cmsSignedData.signedData = SignedData.GetInstance(new BerSequence(asn1EncodableVector2)); cmsSignedData.contentInfo = new ContentInfo(cmsSignedData.contentInfo.ContentType, cmsSignedData.signedData); return(cmsSignedData); }
private ITestResult SignedTest() { try { ContentInfo info = ContentInfo.GetInstance( Asn1Object.FromByteArray(signedData)); SignedData sData = SignedData.GetInstance(info.Content); sData = new SignedData(sData.DigestAlgorithms, sData.EncapContentInfo, sData.Certificates, sData.CRLs, sData.SignerInfos); info = new ContentInfo(CmsObjectIdentifiers.SignedData, sData); if (!Arrays.AreEqual(info.GetEncoded(), signedData)) { return(new SimpleTestResult(false, Name + ": CMS signed failed to re-encode")); } return(new SimpleTestResult(true, Name + ": Okay")); } catch (Exception e) { return(new SimpleTestResult(false, Name + ": CMS signed failed - " + e.ToString(), e)); } }
public CmsSignedData(IDictionary hashes, ContentInfo sigData) { this.hashes = hashes; contentInfo = sigData; signedData = SignedData.GetInstance(contentInfo.Content); }
public CmsSignedData(CmsProcessable signedContent, ContentInfo sigData) { this.signedContent = signedContent; contentInfo = sigData; signedData = SignedData.GetInstance(contentInfo.Content); }
/// <summary> /// Verifiy of CRL /// </summary> /// <param name="fileContents">byte Array file contents</param> /// <param name="endPoint">not used </param> /// <param name="args">1) Datetime? data verifica / string cachePath / string (bool) nocache</param> /// <returns></returns> public EsitoVerifica VerificaByteEV(byte[] fileContents, string endPoint, Object[] args) { //string ID = String.Format("{0}-{1}", Environment.GetEnvironmentVariable("APP_POOL_ID").Replace(" ", ""), AppDomain.CurrentDomain.BaseDirectory); bool forceDownload = false; //end point lo usiamo per forzare il download string p7mSignAlgorithm = null; //string p7mSignHash = null; DocsPaVO.documento.Internal.SignerInfo[] certSignersInfo; EsitoVerifica ev = new EsitoVerifica(); DateTime?dataverificaDT = null; string cachePath = string.Empty; if (args == null) { logger.Debug("Args (Date) is null, settign current"); dataverificaDT = DateTime.Now; } if (args.Length > 0) { dataverificaDT = args[0] as DateTime?; if (dataverificaDT == null) { logger.Debug("Date is null, settign current"); dataverificaDT = DateTime.Now; } cachePath = args[1] as string; string fdl = args[2] as string; if (!String.IsNullOrEmpty(fdl)) { Boolean.TryParse(endPoint, out forceDownload); } } int posi = IndexOfInArray(fileContents, System.Text.ASCIIEncoding.ASCII.GetBytes("Mime-Version:")); if (posi == 0) //E' un mime m7m { using (MemoryStream ms = new MemoryStream(fileContents)) { anmar.SharpMimeTools.SharpMessage sm = new anmar.SharpMimeTools.SharpMessage(ms); if (sm.Attachments.Count > 0) { foreach (anmar.SharpMimeTools.SharpAttachment att in sm.Attachments) { if (System.IO.Path.GetExtension(att.Name).ToLower().Contains("p7m")) { att.Stream.Position = 0; BinaryReader sr = new BinaryReader(att.Stream); fileContents = sr.ReadBytes((int)att.Size); } } } } } // Ce provo.... posi = -1; posi = IndexOfInArray(fileContents, System.Text.ASCIIEncoding.ASCII.GetBytes("%PDF")); if (posi == 0) //E' un pdf { PdfReader pdfReader = isPdf(fileContents); try { AcroFields af = pdfReader.AcroFields; List <string> signNames = af.GetSignatureNames(); if (signNames.Count == 0) //Firma non è presente { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Il file PDF da verificare non contiene nessuna firma"; ev.errorCode = "1458"; return(ev); } List <DocsPaVO.documento.Internal.SignerInfo> siList = new List <DocsPaVO.documento.Internal.SignerInfo>(); foreach (string name in signNames) { PdfPKCS7 pk = af.VerifySignature(name); p7mSignAlgorithm = pk.GetHashAlgorithm(); Org.BouncyCastle.X509.X509Certificate[] certs = pk.Certificates; foreach (X509Certificate cert in certs) { DocsPaVO.documento.Internal.SignerInfo si = GetCertSignersInfo(cert); VerificaValiditaTemporaleCertificato(ev, dataverificaDT, cert, p7mSignAlgorithm); si = ControlloCRL(forceDownload, ev, cachePath, cert, si); siList.Add(si); } bool result = pk.Verify(); if (!result) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "La verifica della firma è fallita (File is Tampered)"; ev.errorCode = "1450"; } } /* * if ( * (pdfReader.PdfVersion.ToString() != "4")|| * (pdfReader.PdfVersion.ToString() != "7")) * { * ev.status = EsitoVerificaStatus.ErroreGenerico; * ev.message = "Il file da verificare non è conforme allo standard PDF 1.4 o pdf 1.7"; * ev.errorCode = "1457"; * } */ List <DocsPaVO.documento.Internal.PKCS7Document> p7docsLst = new List <DocsPaVO.documento.Internal.PKCS7Document>(); DocsPaVO.documento.Internal.PKCS7Document p7doc = new DocsPaVO.documento.Internal.PKCS7Document { SignersInfo = siList.ToArray(), DocumentFileName = null, Level = 0 }; p7docsLst.Add(p7doc); ev.VerifySignatureResult = ConvertToVerifySignatureResult(ev.status, p7docsLst.ToArray()); ev.content = fileContents; } catch (Exception e) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Error verifying pdf message :" + e.Message; ev.errorCode = "1402"; return(ev); } } else //PKCS7 { try { int doclevel = 0; List <DocsPaVO.documento.Internal.PKCS7Document> p7docsLst = new List <DocsPaVO.documento.Internal.PKCS7Document>(); do { //questa Estrazione serve solo per capire se uscire dal ciclo ricorsivo e ritornare il content try { ev.content = extractSignedContent(fileContents); } catch { break; } //Ciclo per file firmato Asn1Sequence sequenza = Asn1Sequence.GetInstance(fileContents); DerObjectIdentifier tsdOIDFile = sequenza[0] as DerObjectIdentifier; if (tsdOIDFile != null) { if (tsdOIDFile.Id == CmsObjectIdentifiers.timestampedData.Id) //TSD { logger.Debug("Found TSD file"); DerTaggedObject taggedObject = sequenza[1] as DerTaggedObject; if (taggedObject != null) { Asn1Sequence asn1seq = Asn1Sequence.GetInstance(taggedObject, true); TimeStampedData tsd = TimeStampedData.GetInstance(asn1seq); fileContents = tsd.Content.GetOctets(); } } if (tsdOIDFile.Id == CmsObjectIdentifiers.SignedData.Id) //p7m { logger.Debug("Found P7M file"); } } CmsSignedData cms = new CmsSignedData(fileContents); //controllaCrlFileP7m(cms); IX509Store store = cms.GetCertificates("Collection"); SignerInformationStore signers = cms.GetSignerInfos(); SignedData da = SignedData.GetInstance(cms.ContentInfo.Content.ToAsn1Object()); Asn1Sequence DigAlgAsn1 = null; if (da.DigestAlgorithms.Count > 0) { DigAlgAsn1 = da.DigestAlgorithms[0].ToAsn1Object() as Asn1Sequence; } if (DigAlgAsn1 != null) { p7mSignAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID); } certSignersInfo = new DocsPaVO.documento.Internal.SignerInfo[signers.GetSigners().Count]; int i = 0; foreach (SignerInformation signer in signers.GetSigners()) { bool fileOK = false; Org.BouncyCastle.X509.X509Certificate cert1 = GetCertificate(signer, store); certSignersInfo[i] = GetCertSignersInfo(cert1); VerificaValiditaTemporaleCertificato(ev, dataverificaDT, cert1, p7mSignAlgorithm); fileOK = VerificaNonRepudiation(ev, fileOK, cert1); if (!fileOK) { certSignersInfo[i].CertificateInfo.messages = ev.errorCode + " " + ev.message; } try { fileOK = VerificaCertificato(ev, signer, fileOK, cert1); } catch (Exception e) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Error verifying 2, message :" + e.Message; ev.errorCode = "1450"; } if (fileOK) { certSignersInfo[i] = ControlloCRL(forceDownload, ev, cachePath, cert1, certSignersInfo[i]); } //p7mSignHash = BitConverter.ToString(Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID), (byte[])cms.SignedContent.GetContent())).Replace("-", ""); } /* * if (cms.SignedContent != null) * { * //CmsProcessable signedContent = cms.SignedContent; * //ev.content = (byte[])signedContent.GetContent(); * * ev.content = extractMatrioskaFile(fileContents); * * * * } */ DocsPaVO.documento.Internal.PKCS7Document p7doc = new DocsPaVO.documento.Internal.PKCS7Document { SignersInfo = certSignersInfo, DocumentFileName = null, Level = doclevel++ }; p7docsLst.Add(p7doc); try { fileContents = extractSignedContent(fileContents); } catch { break; } } while (true); ev.VerifySignatureResult = ConvertToVerifySignatureResult(ev.status, p7docsLst.ToArray());; } catch (Exception e) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Error verifying 1, message :" + e.Message; ev.errorCode = "1402"; return(ev); } } return(ev); }
/// <summary> /// Verify PKCS7 signature /// </summary> /// <returns>CAPICOM/CryptoAPI return code or an ApplicationException in file hash doesn't match</returns> public bool Verify(ref List <string> ErrorMessageLst) { bool rc = true; //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - INIT"); try { // Decodifica un messaggio SignedCms codificato. // Al completamento della decodifica, è possibile recuperare le // informazioni decodificate dalle proprietà dell'oggetto SignedCms. CmsSignedData cms = new CmsSignedData(this.GetSignedContent(this._buf)); IX509Store store = cms.GetCertificates("Collection"); SignerInformationStore signers = cms.GetSignerInfos(); SignedData da = SignedData.GetInstance(cms.ContentInfo.Content.ToAsn1Object()); Asn1Sequence DigAlgAsn1 = null; if (da.DigestAlgorithms.Count > 0) { DigAlgAsn1 = da.DigestAlgorithms[0].ToAsn1Object() as Asn1Sequence; } if (DigAlgAsn1 != null) { this._SignAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID); } //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - Decode signed message"); // Verify signature. Do not validate signer // certificate for the purposes of this example. // Note that in a production environment, validating // the signer certificate chain will probably // be necessary. /* * verifica le firme digitali nel messaggio CMS/PKCS #7 firmato e, * facoltativamente, convalida i certificati del firmatario. * * * Se verifySignatureOnly è true, vengono verificate solo le firme digitali. * Se è false, vengono verificate le firme digitali e vengono convalidati * i certificati dei firmatari e gli scopi dei certificati. * Gli scopi di un certificato sono considerati validi se il certificato * non prevede l'utilizzo della chiave o se l'utilizzo della chiave supporta * le firme digitali o il non-rifiuto. * */ //_signersInfo = new DocsPaVO.documento.SignerInfo[signers.GetSigners().Count]; //int i = 0; List <DocsPaVO.documento.SignerInfo> signInfoLst = new List <DocsPaVO.documento.SignerInfo>(); foreach (SignerInformation signer in signers.GetSigners()) { DocsPaVO.documento.SignerInfo thisSinger = ExtractSignerInfo(ErrorMessageLst, store, signer); signInfoLst.Add(thisSinger); } _signersInfo = signInfoLst.ToArray(); //DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - CheckSignature OK, signers count: {0}", signers.GetSigners().Count)); CmsProcessable signedContent = cms.SignedContent; this._content = (byte[])signedContent.GetContent(); if ((this._SignAlgorithm != null) && this._content != null) { try { this._SignHash = BitConverter.ToString(Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(this._SignAlgorithm, this._content)).Replace("-", ""); } catch (Exception e) { ErrorMessageLst.Add(e.Message); } } //DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - Extact content, lenght: {0}", this._content.Length)); this._documentFileName = GetDocumentFileName(); this._SignType = "CADES"; //DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - DocumentFileName: '{0}'", this._documentFileName)); } catch (Exception ex) { rc = false; //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - Si è verificato un errore nella verifica della firma", ex); //throw new ApplicationException(ex.Message); ErrorMessageLst.Add(ex.Message); } finally { //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - END"); } return(rc); }