public virtual bool IsSignedBy(X509Certificate potentialIssuer) { try { GetCertificate().Verify(potentialIssuer.GetPublicKey()); return true; } catch (InvalidKeyException) { return false; } catch (CertificateException) { return false; } catch (NoSuchAlgorithmException) { return false; } /*catch (NoSuchProviderException e) { throw new RuntimeException(e); }*/ catch (SignatureException) { return false; } }
internal SecureMimeDigitalCertificate(X509Certificate certificate) { Certificate = certificate; var pubkey = certificate.GetPublicKey (); if (pubkey is DsaKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.Dsa; else if (pubkey is RsaKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.RsaGeneral; else if (pubkey is ElGamalKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.ElGamalGeneral; else if (pubkey is ECKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.EllipticCurve; else if (pubkey is DHKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.DiffieHellman; var encoded = certificate.GetEncoded (); var fingerprint = new StringBuilder (); var sha1 = new Sha1Digest (); var data = new byte[20]; sha1.BlockUpdate (encoded, 0, encoded.Length); sha1.DoFinal (data, 0); for (int i = 0; i < data.Length; i++) fingerprint.Append (data[i].ToString ("X2")); Fingerprint = fingerprint.ToString (); }
public virtual bool IsSignedBy(X509Certificate potentialIssuer) { try { //return ocspResp.Verify(potentialIssuer.GetPublicKey(), "BC"); return ocspResp.Verify(potentialIssuer.GetPublicKey()); } /*catch (NoSuchProviderException e) { throw new RuntimeException(e); }*/ catch (OcspException) { return false; } }
internal SecureMimeDigitalCertificate (X509Certificate certificate) { Certificate = certificate; var pubkey = certificate.GetPublicKey (); if (pubkey is DsaKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.Dsa; else if (pubkey is RsaKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.RsaGeneral; else if (pubkey is ElGamalKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.ElGamalGeneral; else if (pubkey is ECKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.EllipticCurve; else if (pubkey is DHKeyParameters) PublicKeyAlgorithm = PublicKeyAlgorithm.DiffieHellman; Fingerprint = certificate.GetFingerprint (); }
public static bool IsSignedBy(this X509Certificate thisCertificate, X509Certificate signerCertificate) { X509Certificate2 c = new X509Certificate2(thisCertificate.GetTbsCertificate()); X509Certificate2 i = new X509Certificate2(signerCertificate.GetTbsCertificate()); X509Certificate2 c2 = new X509Certificate2(@"c:\temp\der.cer"); X509Certificate2 i2 = new X509Certificate2(@"c:\temp\cader.cer"); /*byte[] pvSubject = thisCertificate.GetTbsCertificate(); byte[] pvIssuer = signerCertificate.GetTbsCertificate(); */ System.Text.Encoding.ASCII.GetString(c.RawData); IntPtr pvSubject = c.Handle; IntPtr pvIssuer = i.Handle; int res = SspiProvider.CryptVerifyCertificateSignatureEx(IntPtr.Zero, X509_ASN_ENCODING, CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, pvSubject, CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, pvIssuer, 0, IntPtr.Zero); Marshal.GetLastWin32Error(); CmsSigner signer = new CmsSigner(i); SignedCms signedMessage = new SignedCms(); // deserialize PKCS #7 byte array signedMessage.Decode(thisCertificate.GetTbsCertificate()); Log.Write("Veryfy old"); Log.Write("EndVeryfy old"); Log.Write("Get signer's public key"); var publicKey = signerCertificate.GetPublicKey(); Log.Write("Got signer's public key"); try { Log.Write("Veryfy signature"); //TODO: log errors thisCertificate.Verify(publicKey); Log.Write("Verified"); } catch (CertificateException) { return false; } catch (InvalidKeyException) { return false; } return true; }
public static bool IsSignedBy(this X509Crl thisCertificate, X509Certificate signerCertificate) { Log.Write("Get signer's public key"); var publicKey = signerCertificate.GetPublicKey(); Log.Write("Got signer's public key"); try { Log.Write("Veryfy signature"); thisCertificate.Verify(publicKey); Log.Write("Veryfied"); } catch (CrlException) { return false; } catch(SignatureException) { return false; } return true; }
/** * create from an issuer certificate and the serial number of the * certificate it signed. * @exception OcspException if any problems occur creating the id fields. */ public CertificateID( string hashAlgorithm, X509Certificate issuerCert, BigInteger number) { try { IDigest digest = DigestUtilities.GetDigest(hashAlgorithm); AlgorithmIdentifier hashAlg = new AlgorithmIdentifier( new DerObjectIdentifier(hashAlgorithm), DerNull.Instance); X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] encodedIssuerName = issuerName.GetEncoded(); digest.BlockUpdate(encodedIssuerName, 0, encodedIssuerName.Length); byte[] hash = DigestUtilities.DoFinal(digest); Asn1OctetString issuerNameHash = new DerOctetString(hash); AsymmetricKeyParameter issuerKey = issuerCert.GetPublicKey(); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey); byte[] encodedPublicKey = info.PublicKeyData.GetBytes(); digest.BlockUpdate(encodedPublicKey, 0, encodedPublicKey.Length); hash = DigestUtilities.DoFinal(digest); Asn1OctetString issuerKeyHash = new DerOctetString(hash); DerInteger serialNumber = new DerInteger(number); this.id = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber); } catch (Exception e) { throw new OcspException("problem creating ID: " + e, e); } }
public bool VerifySignature(X509Certificate attestationCertificate, byte[] signedBytes, byte[] signature) { if (attestationCertificate == null) { throw new ArgumentNullException(nameof(attestationCertificate)); } if (signedBytes == null) { throw new ArgumentNullException(nameof(signedBytes)); } if (signature == null) { throw new ArgumentNullException(nameof(signature)); } var publicKey = attestationCertificate.GetPublicKey() as ECPublicKeyParameters; if (publicKey == null) { throw new U2FException("The certificate publickey isn't an Elliptic curve"); } return VerifySignature(publicKey, signedBytes, signature); }
private void ValidateResponse(BasicOcspResp or, X509Certificate issuerCert) { ValidateResponseSignature(or, issuerCert.GetPublicKey()); ValidateSignerAuthorization(issuerCert, or.GetCerts()[0]); }
/// <summary> /// Verify signature /// </summary> /// <returns>Boolean indicating success</returns> public bool VerifySignature(byte[] data, byte[] expectedSignature, X509Certificate cert) { /* Init alg */ ISigner signer = SignerUtilities.GetSigner("SHA256withRSA"); /* Populate key */ signer.Init(false, cert.GetPublicKey()); /* Calculate the signature and see if it matches */ signer.BlockUpdate(data, 0, data.Length); return signer.VerifySignature(expectedSignature); }
/** * Verifies if an OCSP response is genuine * @param ocspResp the OCSP response * @param issuerCert the issuer certificate * @throws GeneralSecurityException * @throws IOException */ public void IsValidResponse(BasicOcspResp ocspResp, X509Certificate issuerCert) { // by default the OCSP responder certificate is the issuer certificate X509Certificate responderCert = issuerCert; // check if there's a responder certificate X509Certificate[] certs = ocspResp.GetCerts(); if (certs.Length > 0) { responderCert = certs[0]; try { responderCert.Verify(issuerCert.GetPublicKey()); } catch (GeneralSecurityException) { if (base.Verify(responderCert, issuerCert, DateTime.MaxValue).Count == 0) throw new VerificationException(responderCert, String.Format("{0} Responder certificate couldn't be verified", responderCert)); } } // verify if the signature of the response is valid if (!VerifyResponse(ocspResp, responderCert)) throw new VerificationException(responderCert, String.Format("{0} OCSP response could not be verified", responderCert)); }
/** * verify that the given certificate successfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. */ public bool Verify( X509Certificate cert) { Asn1.Cms.Time signingTime = GetSigningTime(); if (signingTime != null) { cert.CheckValidity(signingTime.Date); } return DoVerify(cert.GetPublicKey()); }
private static CertID CreateCertID( AlgorithmIdentifier hashAlg, X509Certificate issuerCert, DerInteger serialNumber) { try { String hashAlgorithm = hashAlg.ObjectID.Id; X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] issuerNameHash = DigestUtilities.CalculateDigest( hashAlgorithm, issuerName.GetEncoded()); AsymmetricKeyParameter issuerKey = issuerCert.GetPublicKey(); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey); byte[] issuerKeyHash = DigestUtilities.CalculateDigest( hashAlgorithm, info.PublicKeyData.GetBytes()); return new CertID(hashAlg, new DerOctetString(issuerNameHash), new DerOctetString(issuerKeyHash), serialNumber); } catch (Exception e) { throw new OcspException("problem creating ID: " + e, e); } }
/** * verify that the given certificate succesfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. */ public bool Verify( X509Certificate cert) { Asn1.Cms.AttributeTable attr = this.SignedAttributes; if (attr != null) { Asn1.Cms.Attribute t = attr[CmsAttributes.SigningTime]; if (t != null) { Asn1.Cms.Time time = Asn1.Cms.Time.GetInstance( t.AttrValues[0].ToAsn1Object()); cert.CheckValidity(time.Date); } } return DoVerify(cert.GetPublicKey(), attr); }
private void ValidateResponse(BasicOcspResp in_OcspResp, X509Certificate in_CertificadoEmisor) { ValidarResponseSignature(in_OcspResp, in_CertificadoEmisor.GetPublicKey()); ValidarSignerAuthorization(in_CertificadoEmisor, in_OcspResp.GetCerts()[0]); }
private static bool IsSelfSigned(X509Certificate certificate) { if (!certificate.SubjectDN.Equivalent(certificate.IssuerDN)) return false; try { certificate.Verify(certificate.GetPublicKey()); return true; } catch (SignatureException) { return false; } catch (InvalidKeyException) { return false; } }
private void VerifySigner(SignerInformation signer, X509Certificate cert) { if (cert.GetPublicKey() is DsaPublicKeyParameters) { DsaPublicKeyParameters key = (DsaPublicKeyParameters)cert.GetPublicKey(); if (key.Parameters == null) { Assert.IsTrue(signer.Verify(GetInheritedKey(key))); } else { Assert.IsTrue(signer.Verify(cert)); } } else { Assert.IsTrue(signer.Verify(cert)); } }
private bool IsRequestSignatureValid(X509Certificate cert, string signature, HttpRequestBase request) { byte[] requestBytes; using (MemoryStream mem = new MemoryStream()) { request.InputStream.CopyTo(mem); request.InputStream.Position = 0; requestBytes = mem.ToArray(); } byte[] signatureBytes = null; try { signatureBytes = Convert.FromBase64String(signature); } catch (FormatException) { return false; } var publicKey = (RsaKeyParameters)cert.GetPublicKey(); var signer = SignerUtilities.GetSigner("SHA1withRSA"); signer.Init(false, publicKey); signer.BlockUpdate(requestBytes, 0, requestBytes.Length); return signer.VerifySignature(signatureBytes); }
static Asn1OctetString CreateIssuerKeyHash(X509Certificate rootCertificate) { var publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rootCertificate.GetPublicKey()); byte[] bytes = publicKeyInfo.PublicKeyData.GetBytes(); return CreateDigestFromBytes(bytes); }
public bool Match( // Certificate cert) X509Certificate x509Cert) { // if (!(cert is X509Certificate)) // { // return false; // } // // X509Certificate x509Cert = (X509Certificate)cert; try { if (holder.BaseCertificateID != null) { return holder.BaseCertificateID.Serial.Value.Equals(x509Cert.SerialNumber) && MatchesDN(PrincipalUtilities.GetIssuerX509Principal(x509Cert), holder.BaseCertificateID.Issuer); } if (holder.EntityName != null) { if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName)) { return true; } } if (holder.ObjectDigestInfo != null) { IDigest md = null; try { md = DigestUtilities.GetDigest(DigestAlgorithm); } catch (Exception) { return false; } switch (DigestedObjectType) { case ObjectDigestInfo.PublicKey: { // TODO: DSA Dss-parms //byte[] b = x509Cert.GetPublicKey().getEncoded(); // TODO Is this the right way to encode? byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo( x509Cert.GetPublicKey()).GetEncoded(); md.BlockUpdate(b, 0, b.Length); break; } case ObjectDigestInfo.PublicKeyCert: { byte[] b = x509Cert.GetEncoded(); md.BlockUpdate(b, 0, b.Length); break; } // TODO Default handler? } // TODO Shouldn't this be the other way around? if (!Arrays.AreEqual(DigestUtilities.DoFinal(md), GetObjectDigest())) { return false; } } } catch (CertificateEncodingException) { return false; } return false; }
/** * Checks the validity of the certificate, and calls the next * verifier in the chain, if any. * @param signCert the certificate that needs to be checked * @param issuerCert its issuer * @param signDate the date the certificate needs to be valid * @return a list of <code>VerificationOK</code> objects. * The list will be empty if the certificate couldn't be verified. * @throws GeneralSecurityException * @throws IOException */ virtual public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime signDate) { // Check if the certificate is valid on the signDate //if (signDate != null) signCert.CheckValidity(signDate); // Check if the signature is valid if (issuerCert != null) { signCert.Verify(issuerCert.GetPublicKey()); } // Also in case, the certificate is self-signed else { signCert.Verify(signCert.GetPublicKey()); } List<VerificationOK> result = new List<VerificationOK>(); if (verifier != null) result.AddRange(verifier.Verify(signCert, issuerCert, signDate)); return result; }
/** * Checks if a CRL verifies against the issuer certificate or a trusted anchor. * @param crl the CRL * @param crlIssuer the trusted anchor * @return true if the CRL can be trusted */ public bool IsSignatureValid(X509Crl crl, X509Certificate crlIssuer) { // check if the CRL was issued by the issuer if (crlIssuer != null) { try { crl.Verify(crlIssuer.GetPublicKey()); return true; } catch (GeneralSecurityException) { LOGGER.Warn("CRL not issued by the same authority as the certificate that is being checked"); } } // check the CRL against trusted anchors if (certificates == null) return false; try { // loop over the certificate in the key store foreach (X509Certificate anchor in certificates) { try { crl.Verify(anchor.GetPublicKey()); return true; } catch (GeneralSecurityException) {} } } catch (GeneralSecurityException) { return false; } return false; }
private void SubjectKeyIDTest( IAsymmetricCipherKeyPair signaturePair, X509Certificate signatureCert, string digestAlgorithm) { IList certList = new ArrayList(); IList crlList = new ArrayList(); CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!")); certList.Add(signatureCert); certList.Add(OrigCert); crlList.Add(SignCrl); IX509Store x509Certs = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(certList)); IX509Store x509Crls = X509StoreFactory.Create( "CRL/Collection", new X509CollectionStoreParameters(crlList)); CmsSignedDataGenerator gen = new CmsSignedDataGenerator(); gen.AddSigner(signaturePair.Private, CmsTestUtil.CreateSubjectKeyId(signatureCert.GetPublicKey()).GetKeyIdentifier(), digestAlgorithm); gen.AddCertificates(x509Certs); gen.AddCrls(x509Crls); CmsSignedData s = gen.Generate(msg, true); Assert.AreEqual(3, s.Version); MemoryStream bIn = new MemoryStream(s.GetEncoded(), false); Asn1InputStream aIn = new Asn1InputStream(bIn); s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject())); x509Certs = s.GetCertificates("Collection"); x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.IsTrue(signer.Verify(cert)); } // // check for CRLs // ArrayList crls = new ArrayList(x509Crls.GetMatches(null)); Assert.AreEqual(1, crls.Count); Assert.IsTrue(crls.Contains(SignCrl)); // // try using existing signer // gen = new CmsSignedDataGenerator(); gen.AddSigners(s.GetSignerInfos()); gen.AddCertificates(s.GetCertificates("Collection")); gen.AddCrls(s.GetCrls("Collection")); s = gen.Generate(msg, true); bIn = new MemoryStream(s.GetEncoded(), false); aIn = new Asn1InputStream(bIn); s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject())); x509Certs = s.GetCertificates("Collection"); x509Crls = s.GetCrls("Collection"); signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; Assert.IsTrue(signer.Verify(cert)); } CheckSignerStoreReplacement(s, signers); }
/** * we generate an intermediate certificate signed by our CA */ public static X509CertificateEntry CreateIntermediateCert( AsymmetricKeyParameter pubKey, AsymmetricKeyParameter caPrivKey, X509Certificate caCert) { // // subject name table. // IDictionary attrs = new Hashtable(); IList order = new ArrayList(); attrs.Add(X509Name.C, "AU"); attrs.Add(X509Name.O, "The Legion of the Bouncy Castle"); attrs.Add(X509Name.OU, "Bouncy Intermediate Certificate"); attrs.Add(X509Name.EmailAddress, "*****@*****.**"); order.Add(X509Name.C); order.Add(X509Name.O); order.Add(X509Name.OU); order.Add(X509Name.EmailAddress); // // create the certificate - version 3 // v3CertGen.Reset(); v3CertGen.SetSerialNumber(BigInteger.Two); v3CertGen.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(caCert)); v3CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1)); v3CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1)); v3CertGen.SetSubjectDN(new X509Name(order, attrs)); v3CertGen.SetPublicKey(pubKey); v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); // // extensions // v3CertGen.AddExtension( X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(pubKey)); v3CertGen.AddExtension( X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); v3CertGen.AddExtension( X509Extensions.BasicConstraints, true, new BasicConstraints(0)); X509Certificate cert = v3CertGen.Generate(caPrivKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(caCert.GetPublicKey()); // PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)cert; IDictionary bagAttr = new Hashtable(); // // this is actually optional - but if you want to have control // over setting the friendly name this is the way to do it... // // bagAttr.setBagAttribute( // PKCSObjectIdentifiers.pkcs_9_at_friendlyName, // new DERBMPString("Bouncy Intermediate Certificate")); bagAttr.Add(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id, new DerBmpString("Bouncy Intermediate Certificate")); return new X509CertificateEntry(cert, bagAttr); }
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) { Asn1InputStream asn1inputstream = new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate())); TbsCertificateStructure tbscertificatestructure = TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject()); AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID; Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerandserialnumber = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber( tbscertificatestructure.Issuer, tbscertificatestructure.SerialNumber.Value); IBufferedCipher cipher = CipherUtilities.GetCipher(algorithmidentifier.ObjectID); cipher.Init(true, x509certificate.GetPublicKey()); byte[] outp = new byte[10000]; int len = cipher.DoFinal(abyte0, outp, 0); byte[] abyte1 = new byte[len]; System.Array.Copy(outp, 0, abyte1, 0, len); DerOctetString deroctetstring = new DerOctetString(abyte1); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring); }
internal RecipientInf( X509Certificate cert) { this.cert = cert; this.pubKey = cert.GetPublicKey(); try { TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray(cert.GetTbsCertificate())); keyEncAlg = tbs.SubjectPublicKeyInfo.AlgorithmID; } // catch (IOException e) catch (Exception) { throw new ArgumentException("can't extract key algorithm from this cert"); } // catch (CertificateEncodingException) // { // throw new ArgumentException("can't extract tbs structure from this cert"); // } }
/** * Verifies a signature using the sub-filter adbe.x509.rsa_sha1. * @param contentsKey the /Contents key * @param certsKey the /Cert key * @param provider the provider or <code>null</code> for the default provider */ public PdfPKCS7(byte[] contentsKey, byte[] certsKey) { X509CertificateParser cf = new X509CertificateParser(); certs = new ArrayList(); foreach (X509Certificate cc in cf.ReadCertificates(certsKey)) { certs.Add(cc); } signCerts = certs; signCert = (X509Certificate)certs[0]; crls = new ArrayList(); Asn1InputStream inp = new Asn1InputStream(new MemoryStream(contentsKey)); digest = ((DerOctetString)inp.ReadObject()).GetOctets(); sig = SignerUtilities.GetSigner("SHA1withRSA"); sig.Init(false, signCert.GetPublicKey()); }
/** * Add a key agreement based recipient. * * @param agreementAlgorithm key agreement algorithm to use. * @param senderPrivateKey private key to initialise sender side of agreement with. * @param senderPublicKey sender public key to include with message. * @param recipientCert recipient's public key certificate. * @param cekWrapAlgorithm OID for key wrapping algorithm to use. * @exception SecurityUtilityException if the algorithm requested cannot be found * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified */ public void AddKeyAgreementRecipient( string agreementAlgorithm, AsymmetricKeyParameter senderPrivateKey, AsymmetricKeyParameter senderPublicKey, X509Certificate recipientCert, string cekWrapAlgorithm) { if (!senderPrivateKey.IsPrivate) throw new ArgumentException("Expected private key", "senderPrivateKey"); if (senderPublicKey.IsPrivate) throw new ArgumentException("Expected public key", "senderPublicKey"); IBasicAgreement agreement = AgreementUtilities.GetBasicAgreementWithKdf( agreementAlgorithm, cekWrapAlgorithm); agreement.Init(new ParametersWithRandom(senderPrivateKey, rand)); BigInteger secretNum = agreement.CalculateAgreement(recipientCert.GetPublicKey()); try { SubjectPublicKeyInfo oPubKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(senderPublicKey); OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey( new OriginatorPublicKey( new AlgorithmIdentifier(oPubKeyInfo.AlgorithmID.ObjectID, DerNull.Instance), oPubKeyInfo.PublicKeyData.GetBytes())); // TODO Fix the way bytes are derived from the secret byte[] secretBytes = secretNum.ToByteArrayUnsigned(); KeyParameter secret = ParameterUtilities.CreateKeyParameter( cekWrapAlgorithm, secretBytes); recipientInfs.Add( new RecipientInf(cekWrapAlgorithm, secret, agreementAlgorithm, cekWrapAlgorithm, originator, recipientCert)); } catch (IOException e) { throw new InvalidKeyException("cannot extract originator public key: " + e); } }
/** * Checks if an OCSP response is genuine * @param ocspResp the OCSP response * @param responderCert the responder certificate * @return true if the OCSP response verifies against the responder certificate */ public bool IsSignatureValid(BasicOcspResp ocspResp, X509Certificate responderCert) { try { return ocspResp.Verify(responderCert.GetPublicKey()); } catch (OcspException) { return false; } }
/** * verify that the given certificate successfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. */ public bool Verify( X509Certificate cert) { Asn1.Cms.AttributeTable attr = this.SignedAttributes; if (attr != null) { Asn1EncodableVector v = attr.GetAll(CmsAttributes.SigningTime); switch (v.Count) { case 0: break; case 1: { Asn1.Cms.Attribute t = (Asn1.Cms.Attribute) v[0]; Debug.Assert(t != null); Asn1Set attrValues = t.AttrValues; if (attrValues.Count != 1) throw new CmsException("A signing-time attribute MUST have a single attribute value"); Asn1.Cms.Time time = Asn1.Cms.Time.GetInstance(attrValues[0].ToAsn1Object()); cert.CheckValidity(time.Date); break; } default: throw new CmsException("The SignedAttributes in a signerInfo MUST NOT include multiple instances of the signing-time attribute"); } } return DoVerify(cert.GetPublicKey(), attr); }