public static GetAllowedDigests ( String name ) : String | ||
name | String | |
return | String |
/** * Get RFC 3161 timeStampToken. * Method may return null indicating that timestamp should be skipped. * @param imprint data imprint to be time-stamped * @return encoded, TSA signed data of the timeStampToken */ public virtual byte[] GetTimeStampToken(byte[] imprint) { byte[] respBytes = null; // Setup the time stamp request TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); tsqGenerator.SetCertReq(true); if (!string.IsNullOrEmpty(tsaReqPolicy)) { tsqGenerator.SetReqPolicy(tsaReqPolicy); } // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks + Environment.TickCount); TimeStampRequest request = tsqGenerator.Generate(DigestAlgorithms.GetAllowedDigests(digestAlgorithm), imprint, nonce); byte[] requestBytes = request.GetEncoded(); // Call the communications layer respBytes = GetTSAResponse(requestBytes); // Handle the TSA response TimeStampResponse response = new TimeStampResponse(respBytes); // validate communication level attributes (RFC 3161 PKIStatus) response.Validate(request); PkiFailureInfo failure = response.GetFailInfo(); int value = (failure == null) ? 0 : failure.IntValue; if (value != 0) { // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string throw new IOException(MessageLocalization.GetComposedMessage("invalid.tsa.1.response.code.2", tsaURL, value)); } // @todo: validate the time stap certificate chain (if we want // assure we do not sign using an invalid timestamp). // extract just the time stamp token (removes communication status info) TimeStampToken tsToken = response.TimeStampToken; if (tsToken == null) { throw new IOException(MessageLocalization.GetComposedMessage("tsa.1.failed.to.return.time.stamp.token.2", tsaURL, response.GetStatusString())); } TimeStampTokenInfo tsTokenInfo = tsToken.TimeStampInfo; // to view details byte[] encoded = tsToken.GetEncoded(); LOGGER.Info("Timestamp generated: " + tsTokenInfo.GenTime); if (tsaInfo != null) { tsaInfo.InspectTimeStampTokenInfo(tsTokenInfo); } // Update our token size estimate for the next call (padded to be safe) this.tokenSizeEstimate = encoded.Length + 32; return(encoded); }
// Constructors for creating new signatures /** * Assembles all the elements needed to create a signature, except for the data. * @param privKey the private key * @param certChain the certificate chain * @param crlList the certificate revocation list * @param hashAlgorithm the hash algorithm * @param provider the provider or <code>null</code> for the default provider * @param hasRSAdata <CODE>true</CODE> if the sub-filter is adbe.pkcs7.sha1 * @throws InvalidKeyException on error * @throws NoSuchProviderException on error * @throws NoSuchAlgorithmException on error */ public PdfPKCS7(ICipherParameters privKey, ICollection <X509Certificate> certChain, String hashAlgorithm, bool hasRSAdata) { digestAlgorithmOid = DigestAlgorithms.GetAllowedDigests(hashAlgorithm); if (digestAlgorithmOid == null) { throw new ArgumentException(MessageLocalization.GetComposedMessage("unknown.hash.algorithm.1", hashAlgorithm)); } version = signerversion = 1; certs = new List <X509Certificate>(certChain); crls = new List <X509Crl>(); digestalgos = new Dictionary <string, object>(); digestalgos[digestAlgorithmOid] = null; // // Copy in the certificates and crls used to sign the private key. // signCert = certs[0]; if (privKey != null) { // // Now we have private key, find out what the digestEncryptionAlgorithm is. // if (privKey is RsaKeyParameters) { digestEncryptionAlgorithmOid = SecurityIDs.ID_RSA; } else if (privKey is DsaKeyParameters) { digestEncryptionAlgorithmOid = SecurityIDs.ID_DSA; } else { throw new ArgumentException(MessageLocalization.GetComposedMessage("unknown.key.algorithm.1", privKey.ToString())); } } if (hasRSAdata) { RSAdata = new byte[0]; messageDigest = GetHashClass(); } if (privKey != null) { sig = SignerUtilities.GetSigner(GetDigestAlgorithm()); sig.Init(true, privKey); } }
/** * Creates an ExternalSignature instance * @param pk a PrivateKey object * @param hashAlgorithm the hash algorithm (e.g. "SHA-1", "SHA-256",...) * @param provider the security provider (e.g. "BC") */ public PrivateKeySignature(ICipherParameters pk, String hashAlgorithm) { this.pk = pk; this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm)); if (pk is RsaKeyParameters) { encryptionAlgorithm = "RSA"; } else if (pk is DsaKeyParameters) { encryptionAlgorithm = "DSA"; } else { throw new ArgumentException(MessageLocalization.GetComposedMessage("unknown.key.algorithm.1", pk.ToString())); } }
private AsymmetricAlgorithmSignature(AsymmetricAlgorithm algorithm, String hashAlgorithm) { this.algorithm = algorithm; this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm)); if (algorithm is RSACryptoServiceProvider) { encryptionAlgorithm = "RSA"; } else if (algorithm is DSACryptoServiceProvider) { encryptionAlgorithm = "DSA"; } else { throw new ArgumentException("Not supported encryption algorithm " + algorithm); } }
/// <summary> /// Creates a signature using a X509Certificate2. It supports smartcards without /// exportable private keys. /// </summary> /// <param name="certificate">The certificate with the private key</param> /// <param name="hashAlgorithm">The hash algorithm for the signature. As the Windows CAPI is used /// to do the signature the only hash guaranteed to exist is SHA-1</param> public X509Certificate2Signature(X509Certificate2 certificate, String hashAlgorithm) { if (!certificate.HasPrivateKey) { throw new ArgumentException("No private key."); } this.certificate = certificate; this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigests(hashAlgorithm)); if (certificate.PrivateKey is RSACryptoServiceProvider) { encryptionAlgorithm = "RSA"; } else if (certificate.PrivateKey is DSACryptoServiceProvider) { encryptionAlgorithm = "DSA"; } else { throw new ArgumentException("Unknown encryption algorithm " + certificate.PrivateKey); } }
protected internal SignaturePolicyIdentifier ToSignaturePolicyIdentifier() { string algId = DigestAlgorithms.GetAllowedDigests(this.PolicyDigestAlgorithm); if (string.IsNullOrEmpty(algId)) { throw new ArgumentException("Invalid policy hash algorithm"); } SignaturePolicyIdentifier signaturePolicyIdentifier = null; SigPolicyQualifierInfo spqi = null; if (!string.IsNullOrEmpty(this.PolicyUri)) { spqi = new SigPolicyQualifierInfo(PkcsObjectIdentifiers.IdSpqEtsUri, new DerIA5String(this.PolicyUri)); } signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId( DerObjectIdentifier.GetInstance(new DerObjectIdentifier(this.PolicyIdentifier.Replace("urn:oid:", ""))), new OtherHashAlgAndValue(new AlgorithmIdentifier(algId), new DerOctetString(this.PolicyHash)), spqi)); return(signaturePolicyIdentifier); }