private void CoSign(CmsSigner signer, bool silent) { CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent); try { SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)))); try { // Marshal to unmanaged memory. Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false); // Add the signature. if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle, 0, CAPI.CMSG_CTRL_ADD_SIGNER, pSignerEncodeInfo.DangerousGetHandle())) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } finally { Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)); pSignerEncodeInfo.Dispose(); } } finally { // and don't forget to dispose of resources allocated for the structure. signerEncodeInfo.Dispose(); } // Finally, add certs to bag of certs. PkcsUtils.AddCertsToMessage(m_safeCryptMsgHandle, Certificates, PkcsUtils.CreateBagOfCertificates(signer)); }
private static System.Security.Cryptography.SafeCryptMsgHandle OpenToDecode(byte[] encodedMessage, System.Security.Cryptography.Pkcs.ContentInfo contentInfo, bool detached) { System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = System.Security.Cryptography.CAPI.CAPISafe.CryptMsgOpenToDecode(0x10001, detached ? 4 : 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); if ((hCryptMsg == null) || hCryptMsg.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (!System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, encodedMessage, (uint)encodedMessage.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (2 != PkcsUtils.GetMessageType(hCryptMsg)) { throw new CryptographicException(-2146889724); } if (detached) { byte[] content = contentInfo.Content; if (((content != null) && (content.Length > 0)) && !System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, content, (uint)content.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } return(hCryptMsg); }
internal void Reset(SubjectIdentifierType type, object value) { switch (type) { case SubjectIdentifierType.Unknown: case SubjectIdentifierType.NoSignature: break; case SubjectIdentifierType.IssuerAndSerialNumber: if (value.GetType() != typeof(X509IssuerSerial)) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString()); } break; case SubjectIdentifierType.SubjectKeyIdentifier: if (!PkcsUtils.CmsSupported()) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported")); } if (value.GetType() != typeof(string)) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString()); } break; default: throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), type.ToString()); } this.m_type = type; this.m_value = value; }
private unsafe void CounterSign(CmsSigner signer) { // Sanity check. Debug.Assert(signer != null); // CspParameters parameters = new CspParameters(); if (X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters) == false) { throw new CryptographicException(Marshal.GetLastWin32Error()); } KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign); kp.AccessEntries.Add(entry); kp.Demand(); // Get the signer's index. uint index = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0); // Create CMSG_SIGNER_ENCODE_INFO structure. SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)))); CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer); try { // Marshal to unmanaged memory. Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false); // Counter sign. if (!CAPI.CryptMsgCountersign(m_signedCms.GetCryptMsgHandle(), index, 1, pSignerEncodeInfo.DangerousGetHandle())) { throw new CryptographicException(Marshal.GetLastWin32Error()); } // CAPI requires that the messge be re-encoded if any unauthenticated // attribute has been added. So, let's re-open it to decode to work // around this limitation. m_signedCms.ReopenToDecode(); } finally { Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)); pSignerEncodeInfo.Dispose(); // and don't forget to dispose of resources allocated for the structure. signerEncodeInfo.Dispose(); } // Finally, add certs to bag of certs. PkcsUtils.AddCertsToMessage(m_signedCms.GetCryptMsgHandle(), m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer)); return; }
private void CounterSign(CmsSigner signer) { CspParameters parameters = new CspParameters(); if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open); permission.AccessEntries.Add(accessEntry); permission.Demand(); uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0); System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)))); System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer); try { Marshal.StructureToPtr(structure, handle.DangerousGetHandle(), false); if (!System.Security.Cryptography.CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1, handle.DangerousGetHandle())) { throw new CryptographicException(Marshal.GetLastWin32Error()); } this.m_signedCms.ReopenToDecode(); } finally { Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)); handle.Dispose(); structure.Dispose(); } PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer)); }
// // Private methods. // private void Reset(SubjectIdentifierType recipientIdentifierType, X509Certificate2 certificate) { if (certificate == null) { throw new ArgumentNullException("certificate"); } switch (recipientIdentifierType) { case SubjectIdentifierType.Unknown: recipientIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber; break; case SubjectIdentifierType.IssuerAndSerialNumber: break; case SubjectIdentifierType.SubjectKeyIdentifier: if (!PkcsUtils.CmsSupported()) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported")); } break; default: throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), recipientIdentifierType.ToString()); } m_recipientIdentifierType = recipientIdentifierType; m_certificate = certificate; }
private unsafe void Sign(CmsSigner signer, bool silent) { System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = null; System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO cmsg_signed_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO))); System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer, silent); byte[] encodedMessage = null; try { System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)))); try { Marshal.StructureToPtr(structure, handle2.DangerousGetHandle(), false); X509Certificate2Collection certificates = PkcsUtils.CreateBagOfCertificates(signer); System.Security.Cryptography.SafeLocalAllocHandle handle3 = PkcsUtils.CreateEncodedCertBlob(certificates); cmsg_signed_encode_info.cSigners = 1; cmsg_signed_encode_info.rgSigners = handle2.DangerousGetHandle(); cmsg_signed_encode_info.cCertEncoded = (uint)certificates.Count; if (certificates.Count > 0) { cmsg_signed_encode_info.rgCertEncoded = handle3.DangerousGetHandle(); } if (string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) == 0) { hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), IntPtr.Zero, IntPtr.Zero); } else { hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), this.ContentInfo.ContentType.Value, IntPtr.Zero); } if ((hCryptMsg == null) || hCryptMsg.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if ((this.ContentInfo.Content.Length > 0) && !System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } encodedMessage = PkcsUtils.GetContent(hCryptMsg); hCryptMsg.Dispose(); handle3.Dispose(); } finally { Marshal.DestroyStructure(handle2.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)); handle2.Dispose(); } } finally { structure.Dispose(); } hCryptMsg = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached); if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid) { this.m_safeCryptMsgHandle.Dispose(); } this.m_safeCryptMsgHandle = hCryptMsg; GC.KeepAlive(signer); }
public void RemoveSignature(SignerInfo signerInfo) { if (signerInfo == null) { throw new ArgumentNullException("signerInfo"); } this.RemoveSignature(PkcsUtils.GetSignerIndex(this.m_safeCryptMsgHandle, signerInfo, 0)); }
private static byte[] Encode(string documentDescription) { if (string.IsNullOrEmpty(documentDescription)) { throw new ArgumentNullException("documentDescription"); } return(PkcsUtils.EncodeOctetString(documentDescription)); }
public void RemoveCounterSignature(int index) { if (this.m_parentSignerInfo != null) { throw new CryptographicException(-2147483647); } this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), index); }
public byte[] Encode() { if ((this.m_safeCryptMsgHandle == null) || this.m_safeCryptMsgHandle.IsInvalid) { throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_MessageNotSigned")); } return(PkcsUtils.GetMessage(this.m_safeCryptMsgHandle)); }
internal void ReopenToDecode() { byte[] message = PkcsUtils.GetMessage(this.m_safeCryptMsgHandle); if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid) { this.m_safeCryptMsgHandle.Dispose(); } this.m_safeCryptMsgHandle = OpenToDecode(message, this.ContentInfo, this.Detached); }
internal void ReopenToDecode() { byte[] encodedMessage = PkcsUtils.GetMessage(m_safeCryptMsgHandle); if (m_safeCryptMsgHandle != null && !m_safeCryptMsgHandle.IsInvalid) { m_safeCryptMsgHandle.Dispose(); } m_safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached); }
public void RemoveCounterSignature(int index) { // We only support one level of counter signing. if (m_parentSignerInfo != null) { throw new CryptographicException(CAPI.E_NOTIMPL); } RemoveCounterSignature(PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0), index); return; }
public void RemoveCounterSignature(SignerInfo counterSignerInfo) { // We only support one level of counter signing. if (m_parentSignerInfo != null) { throw new CryptographicException(CAPI.E_NOTIMPL); } if (counterSignerInfo == null) { throw new ArgumentNullException("counterSignerInfo"); } foreach (CryptographicAttributeObject attribute in UnsignedAttributes) { if (String.Compare(attribute.Oid.Value, CAPI.szOID_RSA_counterSign, StringComparison.OrdinalIgnoreCase) == 0) { for (int index = 0; index < attribute.Values.Count; index++) { AsnEncodedData encodedCounterSignature = (AsnEncodedData)attribute.Values[index]; SignerInfo counterSignerInfo2 = new SignerInfo(m_signedCms, m_parentSignerInfo, encodedCounterSignature.RawData); if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) && (counterSignerInfo2.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber)) { X509IssuerSerial issuerSerial1 = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value; X509IssuerSerial issuerSerial2 = (X509IssuerSerial)counterSignerInfo2.SignerIdentifier.Value; if ((String.Compare(issuerSerial1.IssuerName, issuerSerial2.IssuerName, StringComparison.OrdinalIgnoreCase) == 0) && (String.Compare(issuerSerial1.SerialNumber, issuerSerial2.SerialNumber, StringComparison.OrdinalIgnoreCase) == 0)) { RemoveCounterSignature(PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0), index); return; } } else if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier) && (counterSignerInfo2.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier)) { string keyIdentifier1 = counterSignerInfo.SignerIdentifier.Value as string; string keyIdentifier2 = counterSignerInfo2.SignerIdentifier.Value as string; if (String.Compare(keyIdentifier1, keyIdentifier2, StringComparison.OrdinalIgnoreCase) == 0) { RemoveCounterSignature(PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0), index); return; } } } } } throw new CryptographicException(CAPI.CRYPT_E_SIGNER_NOT_FOUND); }
private void Decode() { if ((base.RawData.Length < 2) || (base.RawData[1] != (base.RawData.Length - 2))) { throw new CryptographicException(-2146885630); } if (base.RawData[0] != 6) { throw new CryptographicException(-2146881269); } this.m_contentType = new Oid(PkcsUtils.DecodeObjectIdentifier(base.RawData, 2)); this.m_decoded = true; }
public void ComputeSignature(CmsSigner signer, bool silent) { if (signer == null) { throw new ArgumentNullException("signer"); } if (this.ContentInfo.Content.Length == 0) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content")); } if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType) { if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer")); } this.Sign(signer, silent); } else { if (signer.Certificate == null) { if (silent) { throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound")); } signer.Certificate = PkcsUtils.SelectSignerCertificate(); } if (!signer.Certificate.HasPrivateKey) { throw new CryptographicException(-2146893811); } CspParameters parameters = new CspParameters(); if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters)) { throw new CryptographicException(SafeGetLastWin32Error()); } KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open); permission.AccessEntries.Add(accessEntry); permission.Demand(); if ((this.m_safeCryptMsgHandle == null) || this.m_safeCryptMsgHandle.IsInvalid) { this.Sign(signer, silent); } else { this.CoSign(signer, silent); } } }
public unsafe void CheckHash() { int size = Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA)); System.Security.Cryptography.CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA cmsg_ctrl_verify_signature_ex_para = new System.Security.Cryptography.CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(size) { dwSignerType = 4, dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0) }; if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0, 0x13, new IntPtr((void *)&cmsg_ctrl_verify_signature_ex_para))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } }
public static Oid GetContentType(byte[] encodedMessage) { Oid oid; if (encodedMessage == null) { throw new ArgumentNullException("encodedMessage"); } System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = System.Security.Cryptography.CAPI.CAPISafe.CryptMsgOpenToDecode(0x10001, 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); if ((hCryptMsg == null) || hCryptMsg.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (!System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, encodedMessage, (uint)encodedMessage.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } switch (PkcsUtils.GetMessageType(hCryptMsg)) { case 1: oid = new Oid("1.2.840.113549.1.7.1"); break; case 2: oid = new Oid("1.2.840.113549.1.7.2"); break; case 3: oid = new Oid("1.2.840.113549.1.7.3"); break; case 4: oid = new Oid("1.2.840.113549.1.7.4"); break; case 5: oid = new Oid("1.2.840.113549.1.7.5"); break; case 6: oid = new Oid("1.2.840.113549.1.7.6"); break; default: throw new CryptographicException(-2146889724); } hCryptMsg.Dispose(); return(oid); }
// // Private methods. // private void Decode() { if ((RawData.Length < 2) || ((uint)RawData[1] != (uint)(RawData.Length - 2))) { throw new CryptographicException(CAPI.CRYPT_E_BAD_ENCODE); } if (RawData[0] != CAPI.ASN_TAG_OBJID) { throw new CryptographicException(CAPI.CRYPT_E_ASN1_BADTAG); } m_contentType = new Oid(PkcsUtils.DecodeObjectIdentifier(RawData, 2)); m_decoded = true; }
public void RemoveCounterSignature(SignerInfo counterSignerInfo) { if (this.m_parentSignerInfo != null) { throw new CryptographicException(-2147483647); } if (counterSignerInfo == null) { throw new ArgumentNullException("counterSignerInfo"); } CryptographicAttributeObjectEnumerator enumerator = this.UnsignedAttributes.GetEnumerator(); while (enumerator.MoveNext()) { CryptographicAttributeObject current = enumerator.Current; if (string.Compare(current.Oid.Value, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0) { for (int i = 0; i < current.Values.Count; i++) { AsnEncodedData data = current.Values[i]; SignerInfo info = new SignerInfo(this.m_signedCms, this.m_parentSignerInfo, data.RawData); if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) && (info.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber)) { X509IssuerSerial serial = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value; X509IssuerSerial serial2 = (X509IssuerSerial)info.SignerIdentifier.Value; if ((string.Compare(serial.IssuerName, serial2.IssuerName, StringComparison.OrdinalIgnoreCase) != 0) || (string.Compare(serial.SerialNumber, serial2.SerialNumber, StringComparison.OrdinalIgnoreCase) != 0)) { continue; } this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), i); return; } if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier) && (info.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier)) { string strA = counterSignerInfo.SignerIdentifier.Value as string; string strB = info.SignerIdentifier.Value as string; if (string.Compare(strA, strB, StringComparison.OrdinalIgnoreCase) == 0) { this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), i); return; } } } } } throw new CryptographicException(-2146889714); }
private static SafeCryptMsgHandle OpenToDecode(byte[] encodedMessage, ContentInfo contentInfo, bool detached) { // Open the message for decode. SafeCryptMsgHandle safeCryptMsgHandle = CAPI.CAPISafe.CryptMsgOpenToDecode( CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING, detached ? CAPI.CMSG_DETACHED_FLAG : 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } // ---- the message. if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, encodedMessage, (uint)encodedMessage.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } // Make sure this is PKCS7 SignedData type. if (CAPI.CMSG_SIGNED != PkcsUtils.GetMessageType(safeCryptMsgHandle)) { throw new CryptographicException(CAPI.CRYPT_E_INVALID_MSG_TYPE); } // If detached, then update message with content if available. if (detached) { byte[] content = contentInfo.Content; if (content != null && content.Length > 0) { if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, content, (uint)content.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } } return(safeCryptMsgHandle); }
public void CheckSignature(X509Certificate2Collection extraStore, bool verifySignatureOnly) { if (extraStore == null) { throw new ArgumentNullException("extraStore"); } X509Certificate2 certificate = this.Certificate; if (certificate == null) { certificate = PkcsUtils.FindCertificate(this.SignerIdentifier, extraStore); if (certificate == null) { throw new CryptographicException(-2146889714); } } this.Verify(extraStore, certificate, verifySignatureOnly); }
public void CheckHash() { int cvseSize = Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA)); CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA cvse = new CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(cvseSize); cvse.dwSignerType = CAPI.CMSG_VERIFY_SIGNER_NULL; cvse.dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0); unsafe { if (!CAPI.CryptMsgControl(m_signedCms.GetCryptMsgHandle(), 0, CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX, new IntPtr(&cvse))) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } }
public void Decode(byte[] encodedMessage) { if (encodedMessage == null) { throw new ArgumentNullException("encodedMessage"); } if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid) { this.m_safeCryptMsgHandle.Dispose(); } this.m_safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached); if (!this.Detached) { Oid contentType = PkcsUtils.GetContentType(this.m_safeCryptMsgHandle); byte[] content = PkcsUtils.GetContent(this.m_safeCryptMsgHandle); this.m_contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(contentType, content); } }
internal SubjectIdentifierOrKey(CAPI.CERT_ID certId) { switch (certId.dwIdChoice) { case CAPI.CERT_ID_ISSUER_SERIAL_NUMBER: X509IssuerSerial issuerSerial = PkcsUtils.DecodeIssuerSerial(certId.Value.IssuerSerialNumber); Reset(SubjectIdentifierOrKeyType.IssuerAndSerialNumber, issuerSerial); break; case CAPI.CERT_ID_KEY_IDENTIFIER: byte[] ski = new byte[certId.Value.KeyId.cbData]; Marshal.Copy(certId.Value.KeyId.pbData, ski, 0, ski.Length); Reset(SubjectIdentifierOrKeyType.SubjectKeyIdentifier, X509Utils.EncodeHexString(ski)); break; default: throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), certId.dwIdChoice.ToString(CultureInfo.InvariantCulture)); } }
public void Decode(byte[] encodedMessage) { if (encodedMessage == null) { throw new ArgumentNullException("encodedMessage"); } if (m_safeCryptMsgHandle != null && !m_safeCryptMsgHandle.IsInvalid) { m_safeCryptMsgHandle.Dispose(); } m_safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached); if (!this.Detached) { Oid contentType = PkcsUtils.GetContentType(m_safeCryptMsgHandle); byte[] content = PkcsUtils.GetContent(m_safeCryptMsgHandle); m_contentInfo = new ContentInfo(contentType, content); } }
public void CheckSignature(X509Certificate2Collection extraStore, bool verifySignatureOnly) { if (extraStore == null) { throw new ArgumentNullException("extraStore"); } X509Certificate2 certificate = this.Certificate; if (certificate == null) { certificate = PkcsUtils.FindCertificate(SignerIdentifier, extraStore); if (certificate == null) { throw new CryptographicException(CAPI.CRYPT_E_SIGNER_NOT_FOUND); } } Verify(extraStore, certificate, verifySignatureOnly); }
public void ComputeCounterSignature(CmsSigner signer) { if (this.m_parentSignerInfo != null) { throw new CryptographicException(-2147483647); } if (signer == null) { throw new ArgumentNullException("signer"); } if (signer.Certificate == null) { signer.Certificate = PkcsUtils.SelectSignerCertificate(); } if (!signer.Certificate.HasPrivateKey) { throw new CryptographicException(-2146893811); } this.CounterSign(signer); }
internal SubjectIdentifier(System.Security.Cryptography.CAPI.CERT_ID certId) { switch (certId.dwIdChoice) { case 1: { X509IssuerSerial serial = PkcsUtils.DecodeIssuerSerial(certId.Value.IssuerSerialNumber); this.Reset(SubjectIdentifierType.IssuerAndSerialNumber, serial); return; } case 2: { byte[] destination = new byte[certId.Value.KeyId.cbData]; Marshal.Copy(certId.Value.KeyId.pbData, destination, 0, destination.Length); this.Reset(SubjectIdentifierType.SubjectKeyIdentifier, System.Security.Cryptography.X509Certificates.X509Utils.EncodeHexString(destination)); return; } } throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), certId.dwIdChoice.ToString(CultureInfo.InvariantCulture)); }