/// <summary> /// Initializes a new instance of <strong>PkcsSignerInfoBuilder</strong> class from existing signer information. All data from existing /// signer information is copied to builder. /// </summary> /// <param name="signerInfo">Existing signer information to copy the information from.</param> /// <exception cref="ArgumentNullException"> /// <strong>signerInfo</strong> parameter is null. /// </exception> public PkcsSignerInfoBuilder(PkcsSignerInfo signerInfo) { if (signerInfo == null) { throw new ArgumentNullException(nameof(signerInfo)); } initializeFromSignerInfo(signerInfo); }
Boolean checkSingleHash(PkcsSignerInfo signerInfo) { Byte[] hashValue = getHashValue(signerInfo); if (hashValue == null) { return(false); } Byte[] hash = calculateHash(signerInfo.HashAlgorithm.AlgorithmId); return(compareHashes(hashValue, hash)); }
Byte[] getHashValue(PkcsSignerInfo signerInfo) { X509Attribute attr = signerInfo.AuthenticatedAttributes[MESSAGE_DIGEST]; if (attr == null) { return(null); } var asn = new Asn1Reader(attr.RawData); return(asn.GetPayload()); }
Boolean checkSingleSignature(PkcsSignerInfo signerInfo, Boolean validOnly) { X509Certificate2Collection certs; X509Certificate2 signerCert = null; switch (signerInfo.Issuer.Type) { case SubjectIdentifierType.IssuerAndSerialNumber: var issuerAndSerial = (X509IssuerSerial)signerInfo.Issuer.Value; certs = Certificates.Find(X509FindType.FindBySerialNumber, issuerAndSerial.SerialNumber, validOnly); certs = certs.Find(X509FindType.FindByIssuerDistinguishedName, issuerAndSerial.Issuer, validOnly); if (certs.Count > 0) { signerCert = certs[0]; } break; case SubjectIdentifierType.SubjectKeyIdentifier: String si = signerInfo.Issuer.Value.ToString(); certs = Certificates.Find(X509FindType.FindBySubjectKeyIdentifier, si, true); if (certs.Count > 0) { signerCert = certs[0]; } break; case SubjectIdentifierType.NoSignature: return(checkSingleHash(signerInfo)); default: throw new ArgumentOutOfRangeException(); } // return False if we can't find signer certificate. if (signerCert == null) { return(false); } // if hash check passed, do hash signature validation. var signer = new MessageSigner(signerCert, new Oid2(signerInfo.HashAlgorithm.AlgorithmId, false)); Byte[] data = signerInfo.AuthenticatedAttributes.Encode(); data[0] = 0x31; if (validOnly) { return(signer.VerifyData(data, signerInfo.EncryptedHash) && checkCertChain(signerCert)); } return(signer.VerifyData(data, signerInfo.EncryptedHash)); }
void initializeFromSignerInfo(PkcsSignerInfo signerInfo) { Version = signerInfo.Version; SubjectIdentifier = signerInfo.Issuer.Type; signerCert = signerInfo.Issuer; X509Attribute attribute = signerInfo.AuthenticatedAttributes.FirstOrDefault(x => x.Oid.Value == CONTENT_TYPE); if (attribute != null) { ContentType = new Asn1ObjectIdentifier(attribute.RawData).Value; } pubKeyAlgId = signerInfo.EncryptedHashAlgorithm; hashAlgId = signerInfo.HashAlgorithm; hashValue = signerInfo.EncryptedHash; _authAttributes.AddRange(signerInfo.AuthenticatedAttributes); }