public AuthenticodeFormatter () : base ()
{
certs = new X509CertificateCollection ();
crls = new ArrayList ();
authority = Authority.Maximum;
pkcs7 = new PKCS7.SignedData ();
}
public SoftwarePublisherCertificate (byte[] data) : this ()
{
if (data == null)
throw new ArgumentNullException ("data");
PKCS7.ContentInfo ci = new PKCS7.ContentInfo (data);
if (ci.ContentType != PKCS7.Oid.signedData) {
throw new ArgumentException (
Locale.GetText ("Unsupported ContentType"));
}
pkcs7 = new PKCS7.SignedData (ci.Content);
}
public void Unsorted ()
{
ASN1 dt = ASN1Convert.FromDateTime (DateTime.UtcNow);
ASN1 st = PKCS7.Attribute (PKCS7.Oid.signingTime, dt);
PKCS7.SignedData sd = new PKCS7.SignedData ();
sd.ContentInfo.ContentType = PKCS7.Oid.data;
sd.ContentInfo.Content.Add (new ASN1 (0x04, Encoding.UTF8.GetBytes ("Mono")));
sd.SignerInfo.AuthenticatedAttributes.Add (st);
sd.SignerInfo.Key = key;
// note: key and cert and unrelated - this is just for testing
sd.SignerInfo.Certificate = new X509Certificate (cert);
sd.HashName = "SHA1";
// this trigger the addition of two new AA
byte[] result = sd.GetBytes ();
Assert.AreEqual (3, sd.SignerInfo.AuthenticatedAttributes.Count, "aa-Count");
// verify that attributes are sorted (as they are stored in a SET)
Assert.AreEqual (24, (sd.SignerInfo.AuthenticatedAttributes [0] as ASN1).Length, "0");
Assert.AreEqual (28, (sd.SignerInfo.AuthenticatedAttributes [1] as ASN1).Length, "1");
Assert.AreEqual (35, (sd.SignerInfo.AuthenticatedAttributes [2] as ASN1).Length, "2");
}
// in case we just want to timestamp the file
public bool Timestamp (string fileName)
{
try {
AuthenticodeDeformatter def = new AuthenticodeDeformatter (fileName);
byte[] signature = def.Signature;
if (signature != null) {
Open (fileName);
PKCS7.ContentInfo ci = new PKCS7.ContentInfo (signature);
pkcs7 = new PKCS7.SignedData (ci.Content);
byte[] response = Timestamp (pkcs7.SignerInfo.Signature);
ASN1 ts = new ASN1 (Convert.FromBase64String (Encoding.ASCII.GetString (response)));
// insert new certificates and countersignature into the original signature
ASN1 asn = new ASN1 (signature);
ASN1 content = asn.Element (1, 0xA0);
if (content == null)
return false;
ASN1 signedData = content.Element (0, 0x30);
if (signedData == null)
return false;
// add the supplied certificates inside our signature
ASN1 certificates = signedData.Element (3, 0xA0);
if (certificates == null) {
certificates = new ASN1 (0xA0);
signedData.Add (certificates);
}
for (int i = 0; i < ts[1][0][3].Count; i++) {
certificates.Add (ts[1][0][3][i]);
}
// add an unauthentified attribute to our signature
ASN1 signerInfoSet = signedData[signedData.Count - 1];
ASN1 signerInfo = signerInfoSet[0];
ASN1 unauthenticated = signerInfo[signerInfo.Count - 1];
if (unauthenticated.Tag != 0xA1) {
unauthenticated = new ASN1 (0xA1);
signerInfo.Add (unauthenticated);
}
unauthenticated.Add (Attribute (countersignature, ts[1][0][4][0]));
return Save (fileName, asn.GetBytes ());
}
}
catch (Exception e) {
Console.WriteLine (e);
}
return false;
}
public SoftwarePublisherCertificate ()
{
pkcs7 = new PKCS7.SignedData ();
pkcs7.ContentInfo.ContentType = PKCS7.Oid.data;
}
public void Decode (byte[] encodedMessage)
{
PKCS7.ContentInfo ci = new PKCS7.ContentInfo (encodedMessage);
if (ci.ContentType != PKCS7.Oid.signedData)
throw new Exception ("");
PKCS7.SignedData sd = new PKCS7.SignedData (ci.Content);
SubjectIdentifierType type = SubjectIdentifierType.Unknown;
object o = null;
X509Certificate2 x509 = null;
if (sd.SignerInfo.Certificate != null) {
x509 = new X509Certificate2 (sd.SignerInfo.Certificate.RawData);
}
else if ((sd.SignerInfo.IssuerName != null) && (sd.SignerInfo.SerialNumber != null)) {
byte[] serial = sd.SignerInfo.SerialNumber;
Array.Reverse (serial); // ???
type = SubjectIdentifierType.IssuerAndSerialNumber;
X509IssuerSerial xis = new X509IssuerSerial ();
xis.IssuerName = sd.SignerInfo.IssuerName;
xis.SerialNumber = ToString (serial, true);
o = xis;
// TODO: move to a FindCertificate (issuer, serial, collection)
foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) {
if (x.IssuerName == sd.SignerInfo.IssuerName) {
if (ToString (x.SerialNumber, true) == xis.SerialNumber) {
x509 = new X509Certificate2 (x.RawData);
break;
}
}
}
}
else if (sd.SignerInfo.SubjectKeyIdentifier != null) {
string ski = ToString (sd.SignerInfo.SubjectKeyIdentifier, false);
type = SubjectIdentifierType.SubjectKeyIdentifier;
o = (object) ski;
// TODO: move to a FindCertificate (ski, collection)
foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) {
if (ToString (GetKeyIdentifier (x), false) == ski) {
x509 = new X509Certificate2 (x.RawData);
break;
}
}
}
SignerInfo si = new SignerInfo (sd.SignerInfo.HashName, x509, type, o, sd.SignerInfo.Version);
// si.AuthenticatedAttributes
// si.UnauthenticatedAttributes
_info.Add (si);
ASN1 content = sd.ContentInfo.Content;
Oid oid = new Oid (sd.ContentInfo.ContentType);
_content = new ContentInfo (oid, content[0].Value);
foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) {
_certs.Add (new X509Certificate2 (x.RawData));
}
_version = sd.Version;
}