// constructors public CmsSigner () { _signer = SubjectIdentifierType.IssuerAndSerialNumber; _digest = new Oid ("1.3.14.3.2.26"); _options = X509IncludeOption.ExcludeRoot; _signed = new CryptographicAttributeObjectCollection (); _unsigned = new CryptographicAttributeObjectCollection (); _coll = new X509Certificate2Collection (); }
public KeyInfoX509Data(X509Certificate cert, X509IncludeOption includeOption) { if (cert == null) { throw new ArgumentNullException("cert"); } X509Certificate2 certificate = new X509Certificate2(cert); X509ChainElementCollection chainElements = null; X509Chain chain = null; switch (includeOption) { case X509IncludeOption.ExcludeRoot: chain = new X509Chain(); chain.Build(certificate); if ((chain.ChainStatus.Length > 0) && ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) { throw new CryptographicException(-2146762486); } chainElements = chain.ChainElements; for (int i = 0; i < (System.Security.Cryptography.X509Certificates.X509Utils.IsSelfSigned(chain) ? 1 : (chainElements.Count - 1)); i++) { this.AddCertificate(chainElements[i].Certificate); } return; case X509IncludeOption.EndCertOnly: this.AddCertificate(certificate); return; case X509IncludeOption.WholeChain: { chain = new X509Chain(); chain.Build(certificate); if ((chain.ChainStatus.Length > 0) && ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) { throw new CryptographicException(-2146762486); } X509ChainElementEnumerator enumerator = chain.ChainElements.GetEnumerator(); while (enumerator.MoveNext()) { X509ChainElement current = enumerator.Current; this.AddCertificate(current.Certificate); } return; } } }
public KeyInfoX509Data (X509Certificate cert, X509IncludeOption includeOption) { if (cert == null) throw new ArgumentNullException ("cert"); switch (includeOption) { case X509IncludeOption.None: case X509IncludeOption.EndCertOnly: AddCertificate (cert); break; case X509IncludeOption.ExcludeRoot: AddCertificatesChainFrom (cert, false); break; case X509IncludeOption.WholeChain: AddCertificatesChainFrom (cert, true); break; } }
public void ComputeSignature(X509Certificate2 certificate, X509IncludeOption includeOption, string id) { SigningKey = (RSACryptoServiceProvider)certificate.PrivateKey; SignedInfo.CanonicalizationMethod = Saml2SignedXml.XmlDsigExcC14NTransformUrl; //SignedInfo.SignatureMethod = SecurityAlgorithms.RsaSha256Signature; var reference = new Reference("#" + id); // reference.DigestMethod = SecurityAlgorithms.Sha1Digest; reference.AddTransform(new XmlDsigEnvelopedSignatureTransform()); reference.AddTransform(new XmlDsigExcC14NTransform()); AddReference(reference); ComputeSignature(); KeyInfo = new KeyInfo(); KeyInfo.AddClause(new KeyInfoX509Data(certificate, includeOption)); }
public static void Test(X509IncludeOption include) { cert = EndCert ; X509Chain chain = new X509Chain() ; chain.Build( cert ) ; X509ChainElementCollection lmnts = chain.ChainElements ; KeyInfoX509Data data = new KeyInfoX509Data( cert, include ) ; ArrayList al = data.Certificates ; if( al == null ) return ; for( int i = 0 ; i < al.Count ; i++ ) { rv = lmnts[i].Certificate.ToString(true) == ((X509Certificate) al[i]).ToString(true) ; if( !rv ) Console.WriteLine( "i = " + i.ToString() + " and include=" + include.ToString() ) ; } Console.WriteLine( "*************************************************************" ) ; }
internal CmiManifestSigner(AsymmetricAlgorithm strongNameKey, X509Certificate2 certificate) { if (strongNameKey == null) throw new ArgumentNullException("strongNameKey"); RSA rsa = strongNameKey as RSA; if (rsa == null) throw new ArgumentNullException("strongNameKey"); _strongNameKey = strongNameKey; _certificate = certificate; _certificates = new X509Certificate2Collection(); _includeOption = X509IncludeOption.ExcludeRoot; _signerFlag = CmiManifestSignerFlag.None; }
public KeyInfoX509Data (X509Certificate cert, X509IncludeOption includeOption) { if (cert == null) throw new ArgumentNullException("cert"); X509Certificate2 certificate = new X509Certificate2(cert); X509ChainElementCollection elements = null; X509Chain chain = null; switch (includeOption) { case X509IncludeOption.ExcludeRoot: // Build the certificate chain chain = new X509Chain(); chain.Build(certificate); // Can't honor the option if we only have a partial chain. if ((chain.ChainStatus.Length > 0) && ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) throw new CryptographicException(CAPI.CERT_E_CHAINING); elements = (X509ChainElementCollection) chain.ChainElements; for (int index = 0; index < (X509Utils.IsSelfSigned(chain) ? 1 : elements.Count - 1); index++) { AddCertificate(elements[index].Certificate); } break; case X509IncludeOption.EndCertOnly: AddCertificate(certificate); break; case X509IncludeOption.WholeChain: // Build the certificate chain chain = new X509Chain(); chain.Build(certificate); // Can't honor the option if we only have a partial chain. if ((chain.ChainStatus.Length > 0) && ((chain.ChainStatus[0].Status & X509ChainStatusFlags.PartialChain) == X509ChainStatusFlags.PartialChain)) throw new CryptographicException(CAPI.CERT_E_CHAINING); elements = (X509ChainElementCollection) chain.ChainElements; foreach (X509ChainElement element in elements) { AddCertificate(element.Certificate); } break; } }
/// <summary> /// Initializes a new instance of the <see cref="X509ChainWrap"/> class. /// </summary> private void Initialize(IX509Certificate certificate, X509IncludeOption option) { this.KeyInfoX509DataInstance = new KeyInfoX509Data(certificate.GetCertificate(), option); }
/// <summary> /// Initializes a new instance of the <see cref="X509ChainWrap"/> class. /// </summary> public KeyInfoX509DataWrap(IX509Certificate certificate, X509IncludeOption option) { this.Initialize(certificate, option); }
internal CmiManifestSigner2(AsymmetricAlgorithm strongNameKey, X509Certificate2 certificate, bool useSha256) { if (strongNameKey == null) throw new ArgumentNullException("strongNameKey"); #if (true) // RSA rsa = strongNameKey as RSA; if (rsa == null) throw new ArgumentNullException("strongNameKey"); #endif m_strongNameKey = strongNameKey; m_certificate = certificate; m_certificates = new X509Certificate2Collection(); m_includeOption = X509IncludeOption.ExcludeRoot; m_signerFlag = CmiManifestSignerFlag.None; m_useSha256 = useSha256; }
private static void CustomBuild_CertMismatch( CertLoader loader, DateTimeOffset referenceTime, SigningCertificateOption v1Option, SigningCertificateOption v2Option, HashAlgorithmName v2AlgorithmName = default, X509IncludeOption includeOption = default, SubjectIdentifierType identifierType = SubjectIdentifierType.IssuerAndSerialNumber) { byte[] tokenBytes = BuildCustomToken( loader, referenceTime, v1Option, v2Option, v2AlgorithmName, includeOption, identifierType); Rfc3161TimestampToken token; bool willParse = includeOption == X509IncludeOption.None; if (willParse && identifierType == SubjectIdentifierType.IssuerAndSerialNumber) { // Because IASN matches against the ESSCertId(V2) directly it will reject the token. switch (v1Option) { case SigningCertificateOption.ValidHashWithInvalidName: case SigningCertificateOption.ValidHashWithInvalidSerial: case SigningCertificateOption.InvalidHashWithInvalidName: case SigningCertificateOption.InvalidHashWithInvalidSerial: willParse = false; break; } switch (v2Option) { case SigningCertificateOption.ValidHashWithInvalidName: case SigningCertificateOption.ValidHashWithInvalidSerial: case SigningCertificateOption.InvalidHashWithInvalidName: case SigningCertificateOption.InvalidHashWithInvalidSerial: willParse = false; break; } } if (willParse) { Assert.True(Rfc3161TimestampToken.TryDecode(tokenBytes, out token, out int bytesRead)); Assert.NotNull(token); Assert.Equal(tokenBytes.Length, bytesRead); using (X509Certificate2 cert = loader.GetCertificate()) { Assert.False( token.VerifySignatureForHash( token.TokenInfo.GetMessageHash().Span, token.TokenInfo.HashAlgorithmId, out X509Certificate2 signer, new X509Certificate2Collection(cert))); Assert.Null(signer); } } else { Assert.False(Rfc3161TimestampToken.TryDecode(tokenBytes, out token, out int bytesRead)); Assert.Null(token); Assert.Equal(0, bytesRead); } }