public void TestSha1WithRsaEncapsulatedBuffered() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); // // find unbuffered length // CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); Stream sigOut = gen.Open(bOut, true); for (int i = 0; i != 2000; i++) { sigOut.WriteByte((byte)(i & 0xff)); } sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); int unbufferedLength = bOut.ToArray().Length; // // find buffered length - buffer size less than default // bOut.SetLength(0); gen = new CmsSignedDataStreamGenerator(); gen.SetBufferSize(300); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); sigOut = gen.Open(bOut, true); for (int i = 0; i != 2000; i++) { sigOut.WriteByte((byte)(i & 0xff)); } sigOut.Close(); VerifyEncodedData(bOut); Assert.IsTrue(unbufferedLength < bOut.ToArray().Length); }
public void TestSha1WithRsaEncapsulatedSubjectKeyID() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, CmsTestUtil.CreateSubjectKeyId(OrigCert.GetPublicKey()).GetKeyIdentifier(), CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); byte[] contentDigest = (byte[])gen.GetGeneratedDigests()[CmsSignedGenerator.DigestSha1]; ArrayList signers = new ArrayList(sp.GetSignerInfos().GetSigners()); AttributeTable table = ((SignerInformation) signers[0]).SignedAttributes; Asn1.Cms.Attribute hash = table[CmsAttributes.MessageDigest]; Assert.IsTrue(Arrays.AreEqual(contentDigest, ((Asn1OctetString)hash.AttrValues[0]).GetOctets())); // // try using existing signer // gen = new CmsSignedDataStreamGenerator(); gen.AddSigners(sp.GetSignerInfos()); // gen.AddCertificatesAndCRLs(sp.GetCertificatesAndCrls("Collection", "BC")); gen.AddCertificates(sp.GetCertificates("Collection")); bOut.SetLength(0); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedData sd = new CmsSignedData(new CmsProcessableByteArray(testBytes), bOut.ToArray()); Assert.AreEqual(1, sd.GetSignerInfos().GetSigners().Count); VerifyEncodedData(bOut); }
public void TestSha1AndMD5WithRsa() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddDigests(CmsSignedDataStreamGenerator.DigestSha1, CmsSignedDataStreamGenerator.DigestMD5); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut); sigOut.Write(testBytes, 0, testBytes.Length); gen.AddCertificates(x509Certs); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestMD5); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); }
public void TestSha1WithRsaEncapsulatedBufferedStream() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); // // find unbuffered length // CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); Stream sigOut = gen.Open(bOut, true); for (int i = 0; i != 2000; i++) { sigOut.WriteByte((byte)(i & 0xff)); } sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); int unbufferedLength = bOut.ToArray().Length; // // find buffered length with buffered stream - should be equal // bOut.SetLength(0); gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); sigOut = gen.Open(bOut, true); byte[] data = new byte[2000]; for (int i = 0; i != 2000; i++) { data[i] = (byte)(i & 0xff); } Streams.PipeAll(new MemoryStream(data, false), sigOut); sigOut.Close(); VerifyEncodedData(bOut); Assert.AreEqual(unbufferedLength, bOut.ToArray().Length); }
public void TestCertOrdering2() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(SignCert, OrigCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); x509Certs = sp.GetCertificates("Collection"); ArrayList a = new ArrayList(x509Certs.GetMatches(null)); Assert.AreEqual(2, a.Count); Assert.AreEqual(SignCert, a[0]); Assert.AreEqual(OrigCert, a[1]); }
public void TestSha1WithRsa() { IList certList = new ArrayList(); IList crlList = new ArrayList(); MemoryStream bOut = new MemoryStream(); certList.Add(OrigCert); certList.Add(SignCert); crlList.Add(SignCrl); crlList.Add(OrigCrl); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); IX509Store x509Crls = X509StoreFactory.Create( "CRL/Collection", new X509CollectionStoreParameters(crlList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); Stream sigOut = gen.Open(bOut); CmsCompressedDataStreamGenerator cGen = new CmsCompressedDataStreamGenerator(); Stream cOut = cGen.Open(sigOut, CmsCompressedDataStreamGenerator.ZLib); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); cOut.Write(testBytes, 0, testBytes.Length); cOut.Close(); sigOut.Close(); CheckSigParseable(bOut.ToArray()); // generate compressed stream MemoryStream cDataOut = new MemoryStream(); cOut = cGen.Open(cDataOut, CmsCompressedDataStreamGenerator.ZLib); cOut.Write(testBytes, 0, testBytes.Length); cOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(cDataOut.ToArray(), false)), bOut.ToArray()); sp.GetSignedContent().Drain(); // // compute expected content digest // IDigest md = DigestUtilities.GetDigest("SHA1"); byte[] cDataOutBytes = cDataOut.ToArray(); md.BlockUpdate(cDataOutBytes, 0, cDataOutBytes.Length); byte[] hash = DigestUtilities.DoFinal(md); VerifySignatures(sp, hash); }
public void TestEarlyInvalidKeyException() { try { CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, "DSA", // DOESN'T MATCH KEY ALG CmsSignedDataStreamGenerator.DigestSha1); Assert.Fail("Expected InvalidKeyException in AddSigner"); } catch (InvalidKeyException) { // Ignore } }
public void TestEncapsulatedSignerStoreReplacement() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); // // create new Signer // MemoryStream original = new MemoryStream(bOut.ToArray(), false); bOut.SetLength(0); gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha224); gen.AddCertificates(x509Certs); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedData sd = new CmsSignedData(bOut.ToArray()); // // replace signer // MemoryStream newOut = new MemoryStream(); CmsSignedDataParser.ReplaceSigners(original, sd.GetSignerInfos(), newOut); sd = new CmsSignedData(newOut.ToArray()); IEnumerator signerEnum = sd.GetSignerInfos().GetSigners().GetEnumerator(); signerEnum.MoveNext(); SignerInformation signer = (SignerInformation) signerEnum.Current; Assert.AreEqual(signer.DigestAlgOid, CmsSignedDataStreamGenerator.DigestSha224); CmsSignedDataParser sp = new CmsSignedDataParser(newOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); }
public void TestSha1AndMD5WithRsa() { IList certList = new ArrayList(); MemoryStream bOut = new MemoryStream(); certList.Add(OrigCert); certList.Add(SignCert); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddDigests(CmsSignedDataStreamGenerator.DigestSha1, CmsSignedDataStreamGenerator.DigestMD5); Stream sigOut = gen.Open(bOut); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); gen.AddCertificates(x509Certs); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestMD5); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); }
public void TestSignerStoreReplacement() { IList certList = new ArrayList(); MemoryStream bOut = new MemoryStream(); byte[] data = Encoding.ASCII.GetBytes(TestMessage); certList.Add(OrigCert); certList.Add(SignCert); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); Stream sigOut = gen.Open(bOut, false); sigOut.Write(data, 0, data.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); // // create new Signer // MemoryStream original = new MemoryStream(bOut.ToArray(), false); bOut.SetLength(0); gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha224); gen.AddCertificates(x509Certs); sigOut = gen.Open(bOut); sigOut.Write(data, 0, data.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedData sd = new CmsSignedData(bOut.ToArray()); // // replace signer // MemoryStream newOut = new MemoryStream(); CmsSignedDataParser.ReplaceSigners(original, sd.GetSignerInfos(), newOut); sd = new CmsSignedData(new CmsProcessableByteArray(data), newOut.ToArray()); IEnumerator signerEnum = sd.GetSignerInfos().GetSigners().GetEnumerator(); signerEnum.MoveNext(); SignerInformation signer = (SignerInformation) signerEnum.Current; Assert.AreEqual(signer.DigestAlgOid, CmsSignedDataStreamGenerator.DigestSha224); CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream( new MemoryStream(data, false)), newOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); }
public void TestSha1WithRsaNonData() { IList certList = new ArrayList(); IList crlList = new ArrayList(); MemoryStream bOut = new MemoryStream(); certList.Add(OrigCert); certList.Add(SignCert); crlList.Add(SignCrl); crlList.Add(OrigCrl); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); IX509Store x509Crls = X509StoreFactory.Create( "CRL/Collection", new X509CollectionStoreParameters(crlList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); Stream sigOut = gen.Open(bOut, "1.2.3.4", true); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); CmsTypedStream stream = sp.GetSignedContent(); Assert.AreEqual("1.2.3.4", stream.ContentType); stream.Drain(); // // compute expected content digest // IDigest md = DigestUtilities.GetDigest("SHA1"); md.BlockUpdate(testBytes, 0, testBytes.Length); byte[] hash = DigestUtilities.DoFinal(md); VerifySignatures(sp, hash); }
public void TestSha1WithRsa() { IList certList = new ArrayList(); IList crlList = new ArrayList(); MemoryStream bOut = new MemoryStream(); certList.Add(OrigCert); certList.Add(SignCert); crlList.Add(SignCrl); crlList.Add(OrigCrl); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); IX509Store x509Crls = X509StoreFactory.Create( "CRL/Collection", new X509CollectionStoreParameters(crlList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); Stream sigOut = gen.Open(bOut); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray()); sp.GetSignedContent().Drain(); // // compute expected content digest // IDigest md = DigestUtilities.GetDigest("SHA1"); md.BlockUpdate(testBytes, 0, testBytes.Length); byte[] hash = DigestUtilities.DoFinal(md); VerifySignatures(sp, hash); // // try using existing signer // gen = new CmsSignedDataStreamGenerator(); gen.AddSigners(sp.GetSignerInfos()); gen.AddCertificates(sp.GetCertificates("Collection")); gen.AddCrls(sp.GetCrls("Collection")); bOut.SetLength(0); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); VerifyEncodedData(bOut); // // look for the CRLs // ArrayList col = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(2, col.Count); Assert.IsTrue(col.Contains(SignCrl)); Assert.IsTrue(col.Contains(OrigCrl)); }
public void TestCertStoreReplacement() { IList certList = new ArrayList(); MemoryStream bOut = new MemoryStream(); byte[] data = Encoding.ASCII.GetBytes(TestMessage); certList.Add(OrigDsaCert); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); Stream sigOut = gen.Open(bOut); sigOut.Write(data, 0, data.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); // // create new certstore with the right certificates // certList = new ArrayList(); certList.Add(OrigCert); certList.Add(SignCert); x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); // // replace certs // MemoryStream original = new MemoryStream(bOut.ToArray(), false); MemoryStream newOut = new MemoryStream(); CmsSignedDataParser.ReplaceCertificatesAndCrls(original, x509Certs, null, null, newOut); CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(new MemoryStream(data, false)), newOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); }
public void TestAttributeGenerators() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); CmsAttributeTableGenerator signedGen = new SignedGenAttributeTableGenerator(); CmsAttributeTableGenerator unsignedGen = new UnsignedGenAttributeTableGenerator(); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1, signedGen, unsignedGen); gen.AddCertificates(x509Certs); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); // // check attributes // SignerInformationStore signers = sp.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { CheckAttribute(signer.GetContentDigest(), signer.SignedAttributes[dummyOid1]); CheckAttribute(signer.GetSignature(), signer.UnsignedAttributes[dummyOid2]); } }
public void TestEarlyNoSuchAlgorithmException() { try { CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1, // BAD OID! CmsSignedDataStreamGenerator.DigestSha1); Assert.Fail("Expected NoSuchAlgorithmException in AddSigner"); } catch (SecurityUtilityException) { // Ignore } }
public void TestWithAttributeCertificate() { IX509Store x509Certs = CmsTestUtil.MakeCertStore(SignCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataGenerator.DigestSha1); gen.AddCertificates(x509Certs); IX509AttributeCertificate attrCert = CmsTestUtil.GetAttributeCertificate(); IX509Store store = CmsTestUtil.MakeAttrCertStore(attrCert); gen.AddAttributeCertificates(store); MemoryStream bOut = new MemoryStream(); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); sp.GetSignedContent().Drain(); Assert.AreEqual(4, sp.Version); store = sp.GetAttributeCertificates("Collection"); ArrayList coll = new ArrayList(store.GetMatches(null)); Assert.AreEqual(1, coll.Count); Assert.IsTrue(coll.Contains(attrCert)); }
public void TestSha1WithRsa() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl, OrigCrl); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); Stream sigOut = gen.Open(bOut); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CheckSigParseable(bOut.ToArray()); CmsSignedDataParser sp = new CmsSignedDataParser( new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray()); sp.GetSignedContent().Drain(); // compute expected content digest byte[] hash = DigestUtilities.CalculateDigest("SHA1", testBytes); VerifySignatures(sp, hash); // // try using existing signer // gen = new CmsSignedDataStreamGenerator(); gen.AddSigners(sp.GetSignerInfos()); gen.AddCertificates(sp.GetCertificates("Collection")); gen.AddCrls(sp.GetCrls("Collection")); bOut.SetLength(0); sigOut = gen.Open(bOut, true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); VerifyEncodedData(bOut); // // look for the CRLs // ArrayList col = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(2, col.Count); Assert.IsTrue(col.Contains(SignCrl)); Assert.IsTrue(col.Contains(OrigCrl)); }
public void TestEncapsulatedCertStoreReplacement() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigDsaCert); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); Stream sigOut = gen.Open(bOut, true); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); // // create new certstore with the right certificates // x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); // // replace certs // MemoryStream original = new MemoryStream(bOut.ToArray(), false); MemoryStream newOut = new MemoryStream(); CmsSignedDataParser.ReplaceCertificatesAndCrls(original, x509Certs, null, null, newOut); CmsSignedDataParser sp = new CmsSignedDataParser(newOut.ToArray()); sp.GetSignedContent().Drain(); VerifySignatures(sp); }
public void TestSha1WithRsaNonData() { MemoryStream bOut = new MemoryStream(); IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert); IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl, OrigCrl); CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator(); gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage); Stream sigOut = gen.Open(bOut, "1.2.3.4", true); sigOut.Write(testBytes, 0, testBytes.Length); sigOut.Close(); CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray()); CmsTypedStream stream = sp.GetSignedContent(); Assert.AreEqual("1.2.3.4", stream.ContentType); stream.Drain(); // compute expected content digest byte[] hash = DigestUtilities.CalculateDigest("SHA1", testBytes); VerifySignatures(sp, hash); }
Stream Sign(CmsSigner signer, Stream content, bool encapsulate) { var cms = new CmsSignedDataStreamGenerator (); cms.AddSigner (signer.PrivateKey, signer.Certificate, GetDigestOid (signer.DigestAlgorithm), signer.SignedAttributes, signer.UnsignedAttributes); var memory = new MemoryStream (); using (var stream = cms.Open (memory, encapsulate)) { content.CopyTo (stream, 4096); } memory.Position = 0; return memory; }
protected void Sign(Stream signed, Stream unsigned, X509Certificate2 selectedCert) { BC::X509.X509Certificate bcSelectedCert = DotNetUtilities.FromX509Certificate(selectedCert); trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", selectedCert.Subject); //Signing time DateTime signingTime = DateTime.UtcNow; CmsSignedDataStreamGenerator signedGenerator = new CmsSignedDataStreamGenerator(); //For compatibility we don't add it to the CMS (most implementations, including BC, don't support OCSP here) //IX509Store crlStore = X509StoreFactory.Create("CRL/COLLECTION", new X509CollectionStoreParameters(crl's)); //signedGenerator.AddCrls(crlStore); //add signed attributes to the signature (own signing time) IDictionary signedAttrDictionary = new Hashtable(); BC::Asn1.Cms.Attribute signTimeattr = new BC::Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new BC::Asn1.Cms.Time(signingTime))); signedAttrDictionary.Add(signTimeattr.AttrType, signTimeattr); BC::Asn1.Cms.AttributeTable signedAttrTable = new BC.Asn1.Cms.AttributeTable(signedAttrDictionary); //Add the signatures SignatureAlgorithm signAlgo; if (((RSACryptoServiceProvider)selectedCert.PrivateKey).CspKeyContainerInfo.Exportable) { signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm; signedGenerator.AddSigner(DotNetUtilities.GetKeyPair(selectedCert.PrivateKey).Private, bcSelectedCert, signAlgo.EncryptionAlgorithm.Value, signAlgo.DigestAlgorithm.Value, signedAttrTable, null); } else { signAlgo = EteeActiveConfig.Seal.WindowsSignatureAlgorithm; signedGenerator.AddSigner(new ProxyRsaKeyParameters((RSACryptoServiceProvider)selectedCert.PrivateKey), bcSelectedCert, signAlgo.EncryptionAlgorithm.Value, signAlgo.DigestAlgorithm.Value, signedAttrTable, null); } trace.TraceEvent(TraceEventType.Verbose, 0, "Added Signer [EncAlgo={0} ({1}), DigestAlgo={2} ({3})", signAlgo.EncryptionAlgorithm.FriendlyName, signAlgo.EncryptionAlgorithm.Value, signAlgo.DigestAlgorithm.FriendlyName, signAlgo.DigestAlgorithm.Value); Stream signingStream = signedGenerator.Open(signed, true); trace.TraceEvent(TraceEventType.Verbose, 0, "Create embedded signed message (still empty)"); try { unsigned.CopyTo(signingStream); trace.TraceEvent(TraceEventType.Verbose, 0, "Message copied and digest calculated"); } finally { signingStream.Close(); trace.TraceEvent(TraceEventType.Verbose, 0, "Signature block added"); } }