private void CoSign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
try
{
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 6U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
}
}
finally
{
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_safeCryptMsgHandle, this.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
internal static unsafe X509Certificate2Collection GetCertificates(SafeCryptMsgHandle safeCryptMsgHandle)
{
uint num1 = 0U;
uint num2 = (uint)Marshal.SizeOf(typeof(uint));
X509Certificate2Collection certificate2Collection = new X509Certificate2Collection();
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, 11U, 0U, new IntPtr((void *)&num1), new IntPtr((void *)&num2)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
for (uint index = 0U; index < num1; ++index)
{
uint cbData = 0U;
SafeLocalAllocHandle pvData = SafeLocalAllocHandle.InvalidHandle;
PkcsUtils.GetParam(safeCryptMsgHandle, 12U, index, out pvData, out cbData);
if (cbData > 0U)
{
System.Security.Cryptography.SafeCertContextHandle certificateContext = CAPI.CAPISafe.CertCreateCertificateContext(65537U, pvData, cbData);
if (certificateContext == null || certificateContext.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
certificate2Collection.Add(new X509Certificate2(certificateContext.DangerousGetHandle()));
certificateContext.Dispose();
}
}
return(certificate2Collection);
}
private static SafeCryptMsgHandle OpenToDecode(byte[] encodedMessage, ContentInfo contentInfo, bool detached)
{
SafeCryptMsgHandle safeCryptMsgHandle = CAPI.CAPISafe.CryptMsgOpenToDecode(65537U, detached ? 4U : 0U, 0U, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, encodedMessage, (uint)encodedMessage.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (2 != (int)PkcsUtils.GetMessageType(safeCryptMsgHandle))
{
throw new CryptographicException(-2146889724);
}
if (detached)
{
byte[] content = contentInfo.Content;
if (content != null && content.Length > 0 && !CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, content, (uint)content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
return(safeCryptMsgHandle);
}
private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
internal static unsafe int GetSignerIndex(SafeCryptMsgHandle safeCrytpMsgHandle, SignerInfo signerInfo, int startIndex)
{
uint num1 = 0U;
uint num2 = (uint)Marshal.SizeOf(typeof(uint));
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCrytpMsgHandle, 5U, 0U, new IntPtr((void *)&num1), new IntPtr((void *)&num2)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
for (int index = startIndex; index < (int)num1; ++index)
{
uint num3 = 0U;
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCrytpMsgHandle, 6U, (uint)index, IntPtr.Zero, new IntPtr((void *)&num3)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
if (num3 > 0U)
{
SafeLocalAllocHandle pvData = CAPI.LocalAlloc(0U, new IntPtr((long)num3));
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCrytpMsgHandle, 6U, (uint)index, pvData, new IntPtr((void *)&num3)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
CAPI.CMSG_SIGNER_INFO cmsgSignerInfo1 = signerInfo.GetCmsgSignerInfo();
CAPI.CMSG_SIGNER_INFO cmsgSignerInfo2 = (CAPI.CMSG_SIGNER_INFO)Marshal.PtrToStructure(pvData.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_INFO));
if (X509Utils.MemEqual((byte *)(void *)cmsgSignerInfo1.Issuer.pbData, cmsgSignerInfo1.Issuer.cbData, (byte *)(void *)cmsgSignerInfo2.Issuer.pbData, cmsgSignerInfo2.Issuer.cbData) && X509Utils.MemEqual((byte *)(void *)cmsgSignerInfo1.SerialNumber.pbData, cmsgSignerInfo1.SerialNumber.cbData, (byte *)(void *)cmsgSignerInfo2.SerialNumber.pbData, cmsgSignerInfo2.SerialNumber.cbData))
{
return(index);
}
pvData.Dispose();
}
}
throw new CryptographicException(-2146889714);
}
private void Reset(SubjectIdentifierType recipientIdentifierType, X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
switch (recipientIdentifierType)
{
case SubjectIdentifierType.Unknown:
recipientIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber;
goto case 1;
case SubjectIdentifierType.IssuerAndSerialNumber:
this.m_recipientIdentifierType = recipientIdentifierType;
this.m_certificate = certificate;
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
if (!PkcsUtils.CmsSupported())
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported"));
}
else
{
goto case 1;
}
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), ((object)recipientIdentifierType).ToString());
}
}
internal static byte[] GetMessage(SafeCryptMsgHandle safeCryptMsgHandle)
{
uint cbData = 0U;
byte[] pvData = new byte[0];
PkcsUtils.GetParam(safeCryptMsgHandle, 29U, 0U, out pvData, out cbData);
return(pvData);
}
public void RemoveSignature(SignerInfo signerInfo)
{
if (signerInfo == null)
{
throw new ArgumentNullException("signerInfo");
}
this.RemoveSignature(PkcsUtils.GetSignerIndex(this.m_safeCryptMsgHandle, signerInfo, 0));
}
public void RemoveCounterSignature(int index)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), index);
}
internal void ReopenToDecode()
{
byte[] message = PkcsUtils.GetMessage(this.m_safeCryptMsgHandle);
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = SignedCms.OpenToDecode(message, this.ContentInfo, this.Detached);
}
public byte[] Encode()
{
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_MessageNotSigned"));
}
else
{
return(PkcsUtils.GetMessage(this.m_safeCryptMsgHandle));
}
}
private static byte[] Encode(string documentName)
{
if (string.IsNullOrEmpty(documentName))
{
throw new ArgumentNullException("documentName");
}
else
{
return(PkcsUtils.EncodeOctetString(documentName));
}
}
internal static unsafe uint GetVersion(SafeCryptMsgHandle safeCryptMsgHandle)
{
uint num1 = 0U;
uint num2 = (uint)Marshal.SizeOf(typeof(uint));
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, 30U, 0U, new IntPtr((void *)&num1), new IntPtr((void *)&num2)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
return(num1);
}
public unsafe void CheckHash()
{
if (!CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0U, 19U, new IntPtr((void *)&new CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA)))
{
dwSignerType = 4U,
dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0)
})))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
private unsafe void Sign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNED_ENCODE_INFO signedEncodeInfo = new CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNED_ENCODE_INFO)));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
byte[] encodedMessage = (byte[])null;
try
{
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
X509Certificate2Collection bagOfCertificates = PkcsUtils.CreateBagOfCertificates(signer);
SafeLocalAllocHandle encodedCertBlob = PkcsUtils.CreateEncodedCertBlob(bagOfCertificates);
signedEncodeInfo.cSigners = 1U;
signedEncodeInfo.rgSigners = localAllocHandle.DangerousGetHandle();
signedEncodeInfo.cCertEncoded = (uint)bagOfCertificates.Count;
if (bagOfCertificates.Count > 0)
{
signedEncodeInfo.rgCertEncoded = encodedCertBlob.DangerousGetHandle();
}
SafeCryptMsgHandle safeCryptMsgHandle = string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) != 0 ? CAPI.CryptMsgOpenToEncode(65537U, this.Detached ? 4U : 0U, 2U, new IntPtr((void *)&signedEncodeInfo), this.ContentInfo.ContentType.Value, IntPtr.Zero) : CAPI.CryptMsgOpenToEncode(65537U, this.Detached ? 4U : 0U, 2U, new IntPtr((void *)&signedEncodeInfo), IntPtr.Zero, IntPtr.Zero);
if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (this.ContentInfo.Content.Length > 0 && !CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
encodedMessage = PkcsUtils.GetContent(safeCryptMsgHandle);
safeCryptMsgHandle.Dispose();
encodedCertBlob.Dispose();
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
}
}
finally
{
signerEncodeInfo.Dispose();
}
SafeCryptMsgHandle safeCryptMsgHandle1 = SignedCms.OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = safeCryptMsgHandle1;
GC.KeepAlive((object)signer);
}
internal static unsafe IntPtr CreateCryptAttributes(CryptographicAttributeObjectCollection attributes)
{
if (attributes.Count == 0)
{
return(IntPtr.Zero);
}
uint num1 = 0U;
uint num2 = PkcsUtils.AlignedLength((uint)Marshal.SizeOf(typeof(PkcsUtils.I_CRYPT_ATTRIBUTE)));
uint num3 = PkcsUtils.AlignedLength((uint)Marshal.SizeOf(typeof(CAPI.CRYPTOAPI_BLOB)));
foreach (CryptographicAttributeObject cryptographicAttributeObject in attributes)
{
num1 = num1 + num2 + PkcsUtils.AlignedLength((uint)(cryptographicAttributeObject.Oid.Value.Length + 1));
foreach (AsnEncodedData asnEncodedData in cryptographicAttributeObject.Values)
{
num1 = num1 + num3 + PkcsUtils.AlignedLength((uint)asnEncodedData.RawData.Length);
}
}
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr((long)num1));
PkcsUtils.I_CRYPT_ATTRIBUTE *iCryptAttributePtr = (PkcsUtils.I_CRYPT_ATTRIBUTE *)(void *) localAllocHandle.DangerousGetHandle();
IntPtr num4 = new IntPtr((long)localAllocHandle.DangerousGetHandle() + (long)num2 * (long)attributes.Count);
foreach (CryptographicAttributeObject cryptographicAttributeObject in attributes)
{
byte * numPtr = (byte *)(void *)num4;
byte[] numArray = new byte[cryptographicAttributeObject.Oid.Value.Length + 1];
CAPI.CRYPTOAPI_BLOB *cryptoapiBlobPtr = (CAPI.CRYPTOAPI_BLOB *)(numPtr + (int)PkcsUtils.AlignedLength((uint)numArray.Length));
iCryptAttributePtr->pszObjId = (IntPtr)((void *)numPtr);
iCryptAttributePtr->cValue = (uint)cryptographicAttributeObject.Values.Count;
iCryptAttributePtr->rgValue = (IntPtr)((void *)cryptoapiBlobPtr);
Encoding.ASCII.GetBytes(cryptographicAttributeObject.Oid.Value, 0, cryptographicAttributeObject.Oid.Value.Length, numArray, 0);
Marshal.Copy(numArray, 0, iCryptAttributePtr->pszObjId, numArray.Length);
IntPtr destination = new IntPtr((long)cryptoapiBlobPtr + (long)cryptographicAttributeObject.Values.Count * (long)num3);
foreach (AsnEncodedData asnEncodedData in cryptographicAttributeObject.Values)
{
byte[] rawData = asnEncodedData.RawData;
if (rawData.Length > 0)
{
cryptoapiBlobPtr->cbData = (uint)rawData.Length;
cryptoapiBlobPtr->pbData = destination;
Marshal.Copy(rawData, 0, destination, rawData.Length);
destination = new IntPtr((long)destination + (long)PkcsUtils.AlignedLength((uint)rawData.Length));
}
++cryptoapiBlobPtr;
}
++iCryptAttributePtr;
num4 = destination;
}
GC.SuppressFinalize((object)localAllocHandle);
return(localAllocHandle.DangerousGetHandle());
}
private void Decode()
{
if (this.RawData.Length < 2 || (int)this.RawData[1] != this.RawData.Length - 2)
{
throw new CryptographicException(-2146885630);
}
if ((int)this.RawData[0] != 6)
{
throw new CryptographicException(-2146881269);
}
this.m_contentType = new Oid(PkcsUtils.DecodeObjectIdentifier(this.RawData, 2));
this.m_decoded = true;
}
internal void Reset(SubjectIdentifierOrKeyType type, object value)
{
switch (type)
{
case SubjectIdentifierOrKeyType.Unknown:
this.m_type = type;
this.m_value = value;
break;
case SubjectIdentifierOrKeyType.IssuerAndSerialNumber:
if (value.GetType() != typeof(X509IssuerSerial))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString());
}
else
{
goto case 0;
}
case SubjectIdentifierOrKeyType.SubjectKeyIdentifier:
if (!PkcsUtils.CmsSupported())
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported"));
}
if (value.GetType() != typeof(string))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString());
}
else
{
goto case 0;
}
case SubjectIdentifierOrKeyType.PublicKeyInfo:
if (!PkcsUtils.CmsSupported())
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported"));
}
if (value.GetType() != typeof(PublicKeyInfo))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString());
}
else
{
goto case 0;
}
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), ((object)type).ToString());
}
}
public void ComputeSignature(CmsSigner signer, bool silent)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (this.ContentInfo.Content.Length == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content"));
}
if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType)
{
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer"));
}
this.Sign(signer, silent);
}
else
{
if (signer.Certificate == null)
{
if (silent)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound"));
}
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
{
throw new CryptographicException(-2146893811);
}
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(SignedCms.SafeGetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
if (this.m_safeCryptMsgHandle == null || this.m_safeCryptMsgHandle.IsInvalid)
{
this.Sign(signer, silent);
}
else
{
this.CoSign(signer, silent);
}
}
}
public static Oid GetContentType(byte[] encodedMessage)
{
if (encodedMessage == null)
{
throw new ArgumentNullException("encodedMessage");
}
SafeCryptMsgHandle safeCryptMsgHandle = CAPI.CAPISafe.CryptMsgOpenToDecode(65537U, 0U, 0U, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, encodedMessage, (uint)encodedMessage.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
Oid oid;
switch (PkcsUtils.GetMessageType(safeCryptMsgHandle))
{
case 1U:
oid = new Oid("1.2.840.113549.1.7.1");
break;
case 2U:
oid = new Oid("1.2.840.113549.1.7.2");
break;
case 3U:
oid = new Oid("1.2.840.113549.1.7.3");
break;
case 4U:
oid = new Oid("1.2.840.113549.1.7.4");
break;
case 5U:
oid = new Oid("1.2.840.113549.1.7.5");
break;
case 6U:
oid = new Oid("1.2.840.113549.1.7.6");
break;
default:
throw new CryptographicException(-2146889724);
}
safeCryptMsgHandle.Dispose();
return(oid);
}
internal static Oid GetContentType(SafeCryptMsgHandle safeCryptMsgHandle)
{
uint cbData = 0U;
byte[] pvData = new byte[0];
PkcsUtils.GetParam(safeCryptMsgHandle, 4U, 0U, out pvData, out cbData);
if (pvData.Length > 0 && (int)pvData[pvData.Length - 1] == 0)
{
byte[] numArray = new byte[pvData.Length - 1];
Array.Copy((Array)pvData, 0, (Array)numArray, 0, numArray.Length);
pvData = numArray;
}
return(new Oid(Encoding.ASCII.GetString(pvData)));
}
public void Decode(byte[] encodedMessage)
{
if (encodedMessage == null)
{
throw new ArgumentNullException("encodedMessage");
}
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = SignedCms.OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if (this.Detached)
{
return;
}
this.m_contentInfo = new ContentInfo(PkcsUtils.GetContentType(this.m_safeCryptMsgHandle), PkcsUtils.GetContent(this.m_safeCryptMsgHandle));
}
/// <summary>
/// The <see cref="M:System.Security.Cryptography.Pkcs.SignerInfo.CheckSignature(System.Security.Cryptography.X509Certificates.X509Certificate2Collection,System.Boolean)"/> method verifies the digital signature of the message by using the specified collection of certificates and, optionally, validates the certificate.
/// </summary>
/// <param name="extraStore">An <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2Collection"/> object that can be used to validate the chain. If no additional certificates are to be used to validate the chain, use <see cref="M:System.Security.Cryptography.Pkcs.SignerInfo.CheckSignature(System.Boolean)"/> instead of <see cref="M:System.Security.Cryptography.Pkcs.SignerInfo.CheckSignature(System.Security.Cryptography.X509Certificates.X509Certificate2Collection,System.Boolean)"/>.</param><param name="verifySignatureOnly">A bool value that specifies whether only the digital signature is verified. If <paramref name="verifySignatureOnly"/> is true, only the signature is verified. If <paramref name="verifySignatureOnly"/> is false, the digital signature is verified, the certificate chain is validated, and the purposes of the certificates are validated. The purposes of the certificate are considered valid if the certificate has no key usage or if the key usage supports digital signature or nonrepudiation.</param><exception cref="T:System.ArgumentNullException">A null reference was passed to a method that does not accept it as a valid argument.</exception><exception cref="T:System.Security.Cryptography.CryptographicException">A cryptographic operation could not be completed.</exception><exception cref="T:System.InvalidOperationException">A method call was invalid for the object's current state.</exception>
public void CheckSignature(X509Certificate2Collection extraStore, bool verifySignatureOnly)
{
if (extraStore == null)
{
throw new ArgumentNullException("extraStore");
}
X509Certificate2 certificate = this.Certificate;
if (certificate == null)
{
certificate = PkcsUtils.FindCertificate(this.SignerIdentifier, extraStore);
if (certificate == null)
{
throw new CryptographicException(-2146889714);
}
}
this.Verify(extraStore, certificate, verifySignatureOnly);
}
internal SubjectIdentifierOrKey(CAPI.CERT_ID certId)
{
switch (certId.dwIdChoice)
{
case 1U:
this.Reset(SubjectIdentifierOrKeyType.IssuerAndSerialNumber, (object)PkcsUtils.DecodeIssuerSerial(certId.Value.IssuerSerialNumber));
break;
case 2U:
byte[] numArray = new byte[(IntPtr)certId.Value.KeyId.cbData];
Marshal.Copy(certId.Value.KeyId.pbData, numArray, 0, numArray.Length);
this.Reset(SubjectIdentifierOrKeyType.SubjectKeyIdentifier, (object)X509Utils.EncodeHexString(numArray));
break;
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), certId.dwIdChoice.ToString((IFormatProvider)CultureInfo.InvariantCulture));
}
}
/// <summary>
/// The <see cref="M:System.Security.Cryptography.Pkcs.SignerInfo.ComputeCounterSignature(System.Security.Cryptography.Pkcs.CmsSigner)"/> method creates a countersignature by using the specified signer and adds the signature to the CMS/PKCS #7 message. Countersignatures are restricted to one level.
/// </summary>
/// <param name="signer">A <see cref="T:System.Security.Cryptography.Pkcs.CmsSigner"/> object that represents the counter signer.</param><exception cref="T:System.ArgumentNullException">A null reference was passed to a method that does not accept it as a valid argument. </exception><exception cref="T:System.Security.Cryptography.CryptographicException">A cryptographic operation could not be completed.</exception>
public void ComputeCounterSignature(CmsSigner signer)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (signer.Certificate == null)
{
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
{
throw new CryptographicException(-2146893811);
}
this.CounterSign(signer);
}
internal static unsafe void GetParam(SafeCryptMsgHandle safeCryptMsgHandle, uint paramType, uint index, out SafeLocalAllocHandle pvData, out uint cbData)
{
cbData = 0U;
pvData = SafeLocalAllocHandle.InvalidHandle;
fixed(uint *numPtr = &cbData)
{
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, paramType, index, pvData, new IntPtr((void *)numPtr)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
if (cbData > 0U)
{
pvData = CAPI.LocalAlloc(64U, new IntPtr((long)cbData));
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, paramType, index, pvData, new IntPtr((void *)numPtr)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
}
}
}
internal static unsafe AlgorithmIdentifier GetAlgorithmIdentifier(SafeCryptMsgHandle safeCryptMsgHandle)
{
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier();
uint num = 0U;
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, 15U, 0U, IntPtr.Zero, new IntPtr((void *)&num)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
if (num > 0U)
{
SafeLocalAllocHandle pvData = CAPI.LocalAlloc(0U, new IntPtr((long)num));
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, 15U, 0U, pvData, new IntPtr((void *)&num)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
algorithmIdentifier = new AlgorithmIdentifier((CAPI.CRYPT_ALGORITHM_IDENTIFIER)Marshal.PtrToStructure(pvData.DangerousGetHandle(), typeof(CAPI.CRYPT_ALGORITHM_IDENTIFIER)));
pvData.Dispose();
}
return(algorithmIdentifier);
}
internal static unsafe void GetParam(SafeCryptMsgHandle safeCryptMsgHandle, uint paramType, uint index, out byte[] pvData, out uint cbData)
{
cbData = 0U;
pvData = new byte[0];
fixed(uint *numPtr1 = &cbData)
{
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, paramType, index, IntPtr.Zero, new IntPtr((void *)numPtr1)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
if (cbData > 0U)
{
pvData = new byte[(IntPtr)cbData];
fixed(byte *numPtr2 = &pvData[0])
{
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, paramType, index, new IntPtr((void *)numPtr2), new IntPtr((void *)numPtr1)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
}
}
}
}
public void RemoveCounterSignature(SignerInfo counterSignerInfo)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
if (counterSignerInfo == null)
{
throw new ArgumentNullException("counterSignerInfo");
}
foreach (CryptographicAttributeObject cryptographicAttributeObject in this.UnsignedAttributes)
{
if (string.Compare(cryptographicAttributeObject.Oid.Value, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0)
{
for (int childIndex = 0; childIndex < cryptographicAttributeObject.Values.Count; ++childIndex)
{
SignerInfo signerInfo = new SignerInfo(this.m_signedCms, this.m_parentSignerInfo, cryptographicAttributeObject.Values[childIndex].RawData);
if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber)
{
X509IssuerSerial x509IssuerSerial1 = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value;
X509IssuerSerial x509IssuerSerial2 = (X509IssuerSerial)signerInfo.SignerIdentifier.Value;
if (string.Compare(x509IssuerSerial1.IssuerName, x509IssuerSerial2.IssuerName, StringComparison.OrdinalIgnoreCase) == 0 && string.Compare(x509IssuerSerial1.SerialNumber, x509IssuerSerial2.SerialNumber, StringComparison.OrdinalIgnoreCase) == 0)
{
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex);
return;
}
}
else if (counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && signerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier && string.Compare(counterSignerInfo.SignerIdentifier.Value as string, signerInfo.SignerIdentifier.Value as string, StringComparison.OrdinalIgnoreCase) == 0)
{
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), childIndex);
return;
}
}
}
}
throw new CryptographicException(-2146889714);
}
internal static unsafe CryptographicAttributeObjectCollection GetUnprotectedAttributes(SafeCryptMsgHandle safeCryptMsgHandle)
{
uint num = 0U;
CryptographicAttributeObjectCollection objectCollection = new CryptographicAttributeObjectCollection();
SafeLocalAllocHandle invalidHandle = SafeLocalAllocHandle.InvalidHandle;
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, 37U, 0U, invalidHandle, new IntPtr((void *)&num)) && Marshal.GetLastWin32Error() != -2146889713)
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
if (num > 0U)
{
SafeLocalAllocHandle localAllocHandle;
using (localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr((long)num)))
{
if (!CAPI.CAPISafe.CryptMsgGetParam(safeCryptMsgHandle, 37U, 0U, localAllocHandle, new IntPtr((void *)&num)))
{
PkcsUtils.checkErr(Marshal.GetLastWin32Error());
}
objectCollection = new CryptographicAttributeObjectCollection(localAllocHandle);
}
}
return(objectCollection);
}
