private void VerifySignatures(CmsSignedData s, byte[] contentDigest) { IX509Store x509Certs = s.GetCertificates("Collection"); IX509Store x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate)certEnum.Current; VerifySigner(signer, cert); if (contentDigest != null) { Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest())); } } ICollection certColl = x509Certs.GetMatches(null); ICollection crlColl = x509Crls.GetMatches(null); Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count); Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count); }
public static bool VerifySignatures(FileInfo contentFile, Stream signedDataStream) { CmsProcessable signedContent = null; CmsSignedData cmsSignedData = null; Org.BouncyCastle.X509.Store.IX509Store store = null; ICollection signers = null; bool verifiedStatus = false; try { //Org.BouncyCastle.Security.addProvider(new BouncyCastleProvider()); signedContent = new CmsProcessableFile(contentFile); cmsSignedData = new CmsSignedData(signedContent, signedDataStream); store = cmsSignedData.GetCertificates("Collection");//.getCertificates(); IX509Store certStore = cmsSignedData.GetCertificates("Collection"); signers = cmsSignedData.GetSignerInfos().GetSigners(); foreach (var item in signers) { SignerInformation signer = (SignerInformation)item; var certCollection = certStore.GetMatches(signer.SignerID); IEnumerator iter = certCollection.GetEnumerator(); iter.MoveNext(); var cert = (Org.BouncyCastle.X509.X509Certificate)iter.Current; verifiedStatus = signer.Verify(cert.GetPublicKey()); } } catch (Exception e) { throw e; } return(verifiedStatus); }
public override IList <X509Certificate> GetCertificates() { IList <X509Certificate> list = new AList <X509Certificate>(); try { if (!onlyExtended) { LOG.Info(cmsSignedData.GetCertificates("Collection").GetMatches(null).Count + " certificate in collection" ); //foreach (X509CertificateHolder ch in (ICollection<X509CertificateHolder>)cmsSignedData foreach (X509Certificate ch in cmsSignedData .GetCertificates("Collection").GetMatches(null)) { //X509Certificate c = new X509CertificateObject(ch.ToASN1Structure()); X509Certificate c = ch; LOG.Info("Certificate for subject " + c.SubjectDN); if (!list.Contains(c)) { list.AddItem(c); } } } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = cmsSignedData.GetSignerInfos().GetFirstSigner(signerId); if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues] != null) { DerSequence seq = (DerSequence)si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues].AttrValues[0]; for (int i = 0; i < seq.Count; i++) { X509CertificateStructure cs = X509CertificateStructure.GetInstance(seq[i]); //X509Certificate c = new X509CertificateObject(cs); X509Certificate c = new X509Certificate(cs); if (!list.Contains(c)) { list.AddItem(c); } } } } catch (CertificateParsingException e) { throw new RuntimeException(e); } /*catch (StoreException e) * { * throw new RuntimeException(e); * }*/ return(list); }
public static MemoryStream ParseSignature(Stream stream, bool validateSignature) { var signedFile = new CmsSignedData(stream); if (validateSignature) { var certStore = signedFile.GetCertificates("Collection"); var certs = certStore.GetMatches(new X509CertStoreSelector()); var signerStore = signedFile.GetSignerInfos(); var signers = signerStore.GetSigners(); foreach (object tempCertification in certs) { var certification = tempCertification as Org.BouncyCastle.X509.X509Certificate; foreach (object tempSigner in signers) { var signer = tempSigner as SignerInformation; if (!signer.Verify(certification.GetPublicKey())) { throw new SignatureException(Resources.ErrorMessages.SignatureException); } } } } var memoryStream = new MemoryStream(); signedFile.SignedContent.Write(memoryStream); return(memoryStream); }
public SignatureDocument(CmsSignedData signedData) { _signedData = signedData; _certs = CmsUtilities.GetCertificatesFromStore(_signedData.GetCertificates("Collection")); _signaturePackaging = _signedData.SignedContent != null ? SignaturePackaging.ATTACHED_IMPLICIT : SignaturePackaging.DETACHED_EXPLICIT; ReadSignersInfo(); }
public Queue <string> GetSignersCommonNames(CmsSignedData cms) { var lst = new Queue <string>(); var store = cms.GetCertificates("COLLECTION"); var signers = cms.GetSignerInfos(); foreach (var sig in signers.GetSigners()) { var signer = (SignerInformation)sig; foreach (var st in store.GetMatches(signer.SignerID)) { var crt = (X509Certificate)st; var dn = crt.SubjectDN.ToString(); var regex = new Regex(@"^CN=|,\S.*"); var commonName = regex.Replace(dn, ""); lst.Enqueue(commonName); } } return(lst); }
/// <summary> /// Verifies if the ETK contains a token that is still valid and can be trusted. /// </summary> /// <remarks> /// <para> /// This method checks if the certificate in the ETK is issued by a trusted party. Trust means /// the root certificate is trusted by the computer it is running on and all /// validation checks, including revocation, are successful. Root /// certificates are trusted by the computer if present in the /// <see cref="StoreName.Root"/> store. /// </para> /// <para> /// This method no longer validates the signer of the ETK token due lack of signing time in the ETK. /// The encryption certificate inside the ETK is still completely verified, this means there isn't a reduction in /// security compared to the previous implementation. /// </para> /// </remarks> /// <param name="checkRevocation"><c>true</c>to check if the certificates that issued the encryption cert aren't revoked</param> /// <returns>Detailed information about the encryption certificate status</returns> public CertificateSecurityInformation Verify(bool checkRevocation) { IList <CertificateList> crls; IList <BasicOcspResponse> ocps; //Get encryption cert BC::X509Certificate encCert = DotNetUtilities.FromX509Certificate(ToCertificate()); trace.TraceEvent(TraceEventType.Information, 0, "Verifying ETK: {0}", encCert.SubjectDN.ToString()); //Check the certificate IX509Store certs = raw.GetCertificates("COLLECTION"); if (checkRevocation) { crls = new List <CertificateList>(); ocps = new List <BasicOcspResponse>(); } else { crls = null; ocps = null; } CertificateSecurityInformation certInfo = encCert.Verify(DateTime.UtcNow, new int[] { 2, 3 }, EteeActiveConfig.Unseal.MinimumEncryptionKeySize.AsymmerticRecipientKey, certs, ref crls, ref ocps); if (!(encCert.GetPublicKey() is RsaKeyParameters)) { certInfo.securityViolations.Add(CertSecurityViolation.NotValidKeyType); trace.TraceEvent(TraceEventType.Warning, 0, "Only RSA keys can be used for sealing"); } return(certInfo); }
public static bool ValidateSignature(byte[] messageBytes, byte[] signatureBytes, X509Certificate certificate) { CmsProcessable signedContent = new CmsProcessableByteArray(messageBytes); CmsSignedData signedData = new CmsSignedData(signedContent, signatureBytes); IX509Store certificateStore = signedData.GetCertificates("Collection"); SignerInformationStore signerInfoStore = signedData.GetSignerInfos(); ICollection signers = signerInfoStore.GetSigners(); foreach (SignerInformation signer in signers) { bool isChainValid = ValidateCertificateChain(certificateStore, signer.SignerID); if (!isChainValid) { return(false); } bool verified = signer.Verify(certificate); if (!verified) { return(false); } } return(true); }
internal X509Certificate GenerateCertificate(String certificateString) { X509Certificate x509Certificate = null; try { byte[] bytes = Convert.FromBase64CharArray(certificateString.ToCharArray(), 0, certificateString.Length); CmsSignedData cmsSignedData = new CmsSignedData(bytes); IX509Store store = cmsSignedData.GetCertificates("Collection"); ICollection allCertificates = store.GetMatches(null); IEnumerator enumerator = allCertificates.GetEnumerator(); while (enumerator.MoveNext()) { x509Certificate = (X509Certificate)enumerator.Current; Console.WriteLine("Server Generated Certificate: " + x509Certificate.ToString()); } } catch (Exception ex) { System.Diagnostics.Debug.WriteLine("Certificate generation error: " + ex); throw new Exception("Certificate generation error"); } return(x509Certificate); }
/* * /// <exception cref="System.IO.IOException"></exception> * public override Document ExtendDocument(Document document, Document originalDocument * , SignatureParameters parameters) * { * CAdESSignatureExtension extension = GetExtensionProfile(parameters); * if (extension != null) * { * return extension.ExtendSignatures(document, originalDocument, parameters); * } * else * { * //LOG.Info("No extension for " + parameters.SignatureFormat); * } * return document; * } */ private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISignatureFactory factory, SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData ) { var signedAttrGen = new DefaultSignedAttributeTableGenerator( new AttributeTable(cadesProfile.GetSignedAttributes(parameters))); SimpleAttributeTableGenerator unsignedAttrGen = null; if (includeUnsignedAttributes) { var attributes = cadesProfile.GetUnsignedAttributes(parameters); if (attributes.Count != 0) { unsignedAttrGen = new SimpleAttributeTableGenerator(new AttributeTable(attributes)); } } SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); sigInfoGeneratorBuilder.WithSignedAttributeGenerator(signedAttrGen); if (unsignedAttrGen != null) { sigInfoGeneratorBuilder.WithUnsignedAttributeGenerator(unsignedAttrGen); } CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSignerInfoGenerator(sigInfoGeneratorBuilder.Build(factory, parameters.SigningCertificate)); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } var certs = new List <X509Certificate>(); certs.Add(parameters.SigningCertificate); if (parameters.CertificateChain != null) { foreach (X509Certificate cert in parameters.CertificateChain) { if (!cert.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { certs.Add(cert); } } } IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return(generator); }
public static void ReadXmlSigned(this Fattura fattura, Stream stream, bool validateSignature = true) { CmsSignedData signedFile = new CmsSignedData(stream); if (validateSignature) { IX509Store certStore = signedFile.GetCertificates("Collection"); ICollection certs = certStore.GetMatches(new X509CertStoreSelector()); SignerInformationStore signerStore = signedFile.GetSignerInfos(); ICollection signers = signerStore.GetSigners(); foreach (object tempCertification in certs) { Org.BouncyCastle.X509.X509Certificate certification = tempCertification as Org.BouncyCastle.X509.X509Certificate; foreach (object tempSigner in signers) { SignerInformation signer = tempSigner as SignerInformation; if (!signer.Verify(certification.GetPublicKey())) { throw new FatturaElettronicaSignatureException(Resources.ErrorMessages.SignatureException); } } } } using (var memoryStream = new MemoryStream()) { signedFile.SignedContent.Write(memoryStream); fattura.ReadXml(memoryStream); } }
// https://github.com/joschi/cryptoworkshop-bouncycastle/blob/master/src/main/java/cwguide/BcSignedDataExample.java public static void foo() { byte[] data = null; Org.BouncyCastle.Cms.CmsSignedData signedData = new CmsSignedData(data); byte[] content = signedData.SignedContent.GetContent() as byte[]; Org.BouncyCastle.X509.Store.IX509Store certs = signedData.GetCertificates("type"); }
/// <summary> /// Método para crear el generador de firmas /// </summary> /// <param name="signerProvider"></param> /// <param name="parameters"></param> /// <param name="originalSignedData"></param> /// <returns></returns> private CustomCMSSignedDataGenerator CreateSignedGenerator(ISigner signerProvider, SignatureParameters parameters, CmsSignedData originalSignedData) { X509CertificateParser parser = new X509CertificateParser(); var signerCertificate = parser.ReadCertificate(parameters.Certificate.GetRawCertData()); CustomCMSSignedDataGenerator generator = new CustomCMSSignedDataGenerator(); Dictionary <DerObjectIdentifier, Asn1Encodable> signedAttrDic = GetSignedAttributes(parameters); if (!signedAttrDic.ContainsKey(PkcsObjectIdentifiers.IdAAContentHint) && originalSignedData != null) { var attrContentHint = GetContentHintAttribute(originalSignedData.GetSignerInfos()); if (attrContentHint != null) { signedAttrDic.Add(PkcsObjectIdentifiers.IdAAContentHint, attrContentHint); } } CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator (new Org.BouncyCastle.Asn1.Cms.AttributeTable(signedAttrDic)); generator.SignerProvider = signerProvider; generator.AddSigner(new NullPrivateKey(), signerCertificate, PkcsObjectIdentifiers.RsaEncryption.Id, parameters.DigestMethod.Oid, signedAttrGen, null); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } bool addSignerCert = true; if (originalSignedData != null) { IX509Store originalCertStore = originalSignedData.GetCertificates("Collection"); generator.AddCertificates(originalCertStore); addSignerCert = !CheckCertExists(signerCertificate, originalCertStore); } if (addSignerCert) { List <X509Certificate> certs = new List <X509Certificate>(); certs.Add(signerCertificate); IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); } return(generator); }
static void Main(string[] args) { //if (args.Length > 0) //string fullFileName = Path.GetFullPath(args[0]); foreach (string fileName in Directory.GetFiles("p7m")) { FileStream file = new FileStream(fileName, FileMode.Open); bool isValid = true; Console.WriteLine("File to decrypt: " + fileName); try { CmsSignedData signedFile = new CmsSignedData(file); IX509Store certStore = signedFile.GetCertificates("Collection"); ICollection certs = certStore.GetMatches(new X509CertStoreSelector()); SignerInformationStore signerStore = signedFile.GetSignerInfos(); ICollection signers = signerStore.GetSigners(); foreach (object tempCertification in certs) { X509Certificate certification = tempCertification as X509Certificate; foreach (object tempSigner in signers) { SignerInformation signer = tempSigner as SignerInformation; if (!signer.Verify(certification.GetPublicKey())) { isValid = false; break; } } } string newFileName = Path.Combine(Directory.CreateDirectory("p7m-extracted").Name, Path.GetFileNameWithoutExtension(fileName)); using (var fileStream = new FileStream(newFileName, FileMode.Create, FileAccess.Write)) { signedFile.SignedContent.Write(fileStream); Console.WriteLine("File decrypted: " + newFileName); } } catch (Exception ex) { isValid = false; } Console.WriteLine("File valid: " + isValid); ; } Console.ReadLine(); }
public override IList <X509Certificate> GetCertificates() { IList <X509Certificate> list = new List <X509Certificate>(); if (!onlyExtended) { logger.Info(cmsSignedData.GetCertificates("Collection").GetMatches(null).Count + " certificate in collection"); foreach (X509Certificate ch in cmsSignedData.GetCertificates("Collection").GetMatches(null)) { X509Certificate c = ch; logger.Info("Certificate for subject " + c.SubjectDN); if (!list.Contains(c)) { list.Add(c); } } } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = BCStaticHelpers.GetSigner(cmsSignedData, signerId); if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues] != null) { DerSequence seq = (DerSequence)si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues].AttrValues[0]; for (int i = 0; i < seq.Count; i++) { X509CertificateStructure cs = X509CertificateStructure.GetInstance(seq[i]); X509Certificate c = new X509Certificate(cs); if (!list.Contains(c)) { list.Add(c); } } } return(list); }
/// <summary> /// Extracts a certificate chain from PKCS#7 CMS payload encoded in PEM. /// </summary> /// <param name="pemEncodedPkcs7">The payload containing the PKCS#7 CMS data.</param> /// <remarks> /// The method is expecting a PKCS#7/CMS SignedData structure containing no "content" and zero SignerInfos. /// </remarks> /// <returns> /// The certificate chain contained in the specified payload. /// </returns> /// <exception cref="ArgumentNullException"><paramref name="pemEncodedPkcs7"/> is null.</exception> /// <exception cref="ArgumentException"><paramref name="pemEncodedPkcs7"/> is white space.</exception> public static IReadOnlyList <X509Certificate> ReadCertChainFromPemEncodedPkcs7CmsString( string pemEncodedPkcs7) { new { pemEncodedPkcs7 }.Must().NotBeNullNorWhiteSpace(); IReadOnlyList <X509Certificate> result; using (var stringReader = new StringReader(pemEncodedPkcs7)) { var pemReader = new PemReader(stringReader); var pemObject = pemReader.ReadPemObject(); var data = new CmsSignedData(pemObject.Content); var certStore = data.GetCertificates("COLLECTION"); result = certStore.GetMatches(null).Cast <X509Certificate>().ToList(); } return(result); }
private static X509Certificate GenerateCertificate(String certificateString) { byte[] bytes = Convert.FromBase64CharArray(certificateString.ToCharArray(), 0, certificateString.Length); CmsSignedData cmsSignedData = new CmsSignedData(bytes); IX509Store store = cmsSignedData.GetCertificates("Collection"); ICollection allCertificates = store.GetMatches(null); IEnumerator enumerator = allCertificates.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate x509 = (X509Certificate)enumerator.Current; Console.WriteLine("Server Generated Certificate: " + x509.ToString()); return(x509); } throw new Exception("Certificate generation error"); }
// taken from bouncy castle SignedDataTest.cs private static bool VerifySignatures( CmsSignedData sp) { var signaturesValid = true; IX509Store x509Certs = sp.GetCertificates("Collection"); SignerInformationStore signers = sp.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); Org.BouncyCastle.X509.X509Certificate cert = (Org.BouncyCastle.X509.X509Certificate)certEnum.Current; signaturesValid &= signer.Verify(cert); } return(signaturesValid); }
public static byte[] VerifySignature(CmsSignedData cms) { var store = cms.GetCertificates("COLLECTION"); var signers = cms.GetSignerInfos(); byte[] arr; using (var stream = new MemoryStream()) { cms.SignedContent.Write(stream); arr = stream.ToArray(); } foreach (var sig in signers.GetSigners()) { var signer = (SignerInformation)sig; foreach (var st in store.GetMatches(signer.SignerID)) { var crt = (X509Certificate)st; CheckCertificateValidity(crt); var gst = new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411_2012_256Digest()); gst.Init(false, crt.GetPublicKey()); gst.BlockUpdate(arr, 0, arr.Length); var t = gst.VerifySignature(signer.GetSignature()); if (!t) { throw new CryptographicException("Cannot verify signature"); } } } return(arr); }
public static byte[] getHashFromSignature(byte[] signature) { CmsSignedData content = new CmsSignedData(signature); byte[] retval = null; try { SignerInformationStore sistore = content.GetSignerInfos(); foreach (SignerInformation signer in sistore.GetSigners()) { if (signer.SignedAttributes != null) { if (signer.SignedAttributes[Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtMessageDigest] != null) { Asn1Encodable enc = signer.SignedAttributes[Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtMessageDigest].AttrValues[0]; retval = Org.BouncyCastle.Asn1.Asn1OctetString.GetInstance(enc).GetOctets(); } } else { IX509Store store = content.GetCertificates("Collection"); ICollection certsColl = store.GetMatches(null); foreach (Org.BouncyCastle.X509.X509Certificate cert in certsColl) { signer.Verify(cert); retval = signer.GetContentDigest(); break; } } if (retval != null) { return(retval); } } } catch { return(getSha256(extractSignedContent(signature))); } return(null); }
public void verify(byte[] byte_pdfData, X509Certificate2 trustCert, string signatureName) { PdfReader pdfReader = new PdfReader(byte_pdfData); AcroFields acroField = pdfReader.AcroFields; if (signatureName == null || "".CompareTo(signatureName) != 0) { signatureName = acroField.GetSignatureNames().Last(); } PdfPKCS7 pdfP7 = acroField.VerifySignature(signatureName); if (pdfP7 == null) { throw new NullReferenceException("Invalid signatureName:" + signatureName); } if (!pdfP7.Verify()) { throw new PdfException("Unable to verify specified signature field, specify signature invalid"); } byte[] pkcs7Signatue = pdfP7.GetEncodedPKCS7(); CmsSignedData signedData = new CmsSignedData(pkcs7Signatue); // Get signer certificate from CMSSignedData IX509Store x509Certs = signedData.GetCertificates("Collection"); ICollection cerlist = x509Certs.GetMatches(null); IEnumerator cEnum = cerlist.GetEnumerator(); ArrayList _chain = new ArrayList(); while (cEnum.MoveNext()) { Org.BouncyCastle.X509.X509Certificate cer = (Org.BouncyCastle.X509.X509Certificate)cEnum.Current; X509Certificate2 cer2 = new X509Certificate2(cer.GetEncoded()); _chain.Add(cer2); } X509Certificate2[] certChain = (X509Certificate2[])_chain.ToArray(typeof(X509Certificate2)); validateSignature(signedData, certChain[0]); }
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(SignatureParameters parameters, CAdESProfileBES cadesProfile, bool includeUnsignedAttributes = true, CmsSignedData originalSignedData = null, byte[] signature = null) { CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); X509Certificate signerCertificate = parameters.SigningCertificate; CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator(new AttributeTable(cadesProfile.GetSignedAttributes(parameters) as System.Collections.IDictionary)); CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator(includeUnsignedAttributes ? new AttributeTable(cadesProfile.GetUnsignedAttributes(parameters) as System.Collections.IDictionary) : null); var builder = new SignerInfoGeneratorBuilder().WithSignedAttributeGenerator(signedAttrGen).WithUnsignedAttributeGenerator(unsignedAttrGen); generator.AddSignerInfoGenerator(builder.Build(new ReadySignatureFactory(new PreComputedSigner(signature), parameters.DigestWithEncriptionOID), signerCertificate)); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } var certs = new List <X509Certificate> { parameters.SigningCertificate }; if (parameters.CertificateChain != null) { foreach (X509Certificate c in parameters.CertificateChain) { if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { certs.Add(c); } } } IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return(generator); }
public void TestSignHashWithBouncyCastle() { byte[] hashBytes = System.Convert.FromBase64String(Base64encodedHashToSign); byte[] signedCmsData = SignatureProvider.SignatureProvider.Sign(hashBytes, SignerName, SignerEmail, SignerCountry, SignerOrganization); CmsSignedData cmsSignedData = new CmsSignedData(signedCmsData); IX509Store x509Certs = cmsSignedData.GetCertificates("Collection"); SignerInformationStore signers = cmsSignedData.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); Assert.AreEqual(1, certCollection.Count); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate)certEnum.Current; Assert.AreEqual(cert.SubjectDN.ToString(), "CN=Cyril Thirion,E=cyril.thirion\\[email protected],C=FR,O=Acme"); Assert.AreEqual(signer.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtContentType].AttrValues[0].ToString(), PkcsObjectIdentifiers.Data.ToString()); Assert.IsNotNull(signer.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtMessageDigest]); Assert.IsNotNull(signer.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]); Assert.IsNotNull(signer.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime]); Assert.AreEqual( "#" + BitConverter.ToString(hashBytes).Replace("-", ""), signer.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtMessageDigest].AttrValues[0].ToString(), true ); byte[] signedData = signer.GetEncodedSignedAttributes(); System.IO.File.WriteAllBytes("/tmp/tmp.txt", signedData); ISigner s = SignerUtilities.GetSigner("SHA256withRSA"); s.Init(false, cert.GetPublicKey()); s.BlockUpdate(signedData, 0, signedData.Length); Assert.IsTrue(s.VerifySignature(signer.GetSignature()), "Signature verification failed."); } }
public static void ReadXmlSigned(this Fattura fattura, string filePath) { CmsSignedData signedFile = new CmsSignedData(new FileStream(filePath, FileMode.Open, FileAccess.Read)); IX509Store certStore = signedFile.GetCertificates("Collection"); ICollection certs = certStore.GetMatches(new X509CertStoreSelector()); SignerInformationStore signerStore = signedFile.GetSignerInfos(); ICollection signers = signerStore.GetSigners(); foreach (object tempCertification in certs) { Org.BouncyCastle.X509.X509Certificate certification = tempCertification as Org.BouncyCastle.X509.X509Certificate; foreach (object tempSigner in signers) { SignerInformation signer = tempSigner as SignerInformation; if (!signer.Verify(certification.GetPublicKey())) { throw new FatturaElettronicaSignatureException(Resources.ErrorMessages.SignatureException); } } } string outFile = Path.GetTempFileName(); using (var fileStream = new FileStream(outFile, FileMode.Create, FileAccess.Write)) { signedFile.SignedContent.Write(fileStream); } using (var r = XmlReader.Create(outFile, new XmlReaderSettings { IgnoreWhitespace = true, IgnoreComments = true })) { fattura.ReadXml(r); } }
private void VerifySignatures(CmsSignedData s, byte[] contentDigest) { IX509Store x509Certs = s.GetCertificates("Collection"); IX509Store x509Crls = s.GetCrls("Collection"); SignerInformationStore signers = s.GetSignerInfos(); foreach (SignerInformation signer in signers.GetSigners()) { ICollection certCollection = x509Certs.GetMatches(signer.SignerID); IEnumerator certEnum = certCollection.GetEnumerator(); certEnum.MoveNext(); X509Certificate cert = (X509Certificate) certEnum.Current; VerifySigner(signer, cert); if (contentDigest != null) { Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest())); } } ICollection certColl = x509Certs.GetMatches(null); ICollection crlColl = x509Crls.GetMatches(null); Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count); Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count); }
static void PKCS7() { GostCryptoConfig.ProviderType = ProviderTypes.VipNet; Config.InitCommon(); BCX509.X509Certificate bcCert = null; using (var g = GostCryptoConfig.CreateGost3410AsymmetricAlgorithm()) { bool detached = false; byte[] data = File.ReadAllBytes("test.xml"); var certBytes = g.ContainerCertificateRaw; BCX509.X509CertificateParser _x509CertificateParser = new BCX509.X509CertificateParser(); bcCert = _x509CertificateParser.ReadCertificate(certBytes); ICollection <BCX509.X509Certificate> certPath = new List <BCX509.X509Certificate>(); certPath.Add(bcCert); IDigest digest = new Gost3411Digest(); string hashOid = GostCryptoConfig.DefaultHashOid; byte[] dataHash = ComputeDigest(digest, data); // Construct SignerInfo.signedAttrs Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector(); // Add PKCS#9 contentType signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier("1.2.840.113549.1.9.3"), new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1")))); // Add PKCS#9 messageDigest signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier("1.2.840.113549.1.9.4"), new DerSet(new DerOctetString(dataHash)))); // Add PKCS#9 signingTime signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier("1.2.840.113549.1.9.5"), new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow))))); DerSet signedAttributes = new DerSet(signedAttributesVector); byte[] pkcs1Digest = ComputeDigest(digest, signedAttributes.GetDerEncoded()); byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid); // hash //var signature = g.CreateSignature(hash); var formatter = new GostSignatureFormatter(g); var signature = formatter.CreateSignature(pkcs1Digest); // Construct SignerInfo SignerInfo signerInfo = new SignerInfo( new SignerIdentifier(new IssuerAndSerialNumber(bcCert.IssuerDN, bcCert.SerialNumber)), new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null), signedAttributes, new AlgorithmIdentifier(new DerObjectIdentifier(GostCryptoConfig.DefaultSignOid), null), new DerOctetString(signature), null); // Construct SignedData.digestAlgorithms Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null)); // Construct SignedData.encapContentInfo ContentInfo encapContentInfo = new ContentInfo( new DerObjectIdentifier("1.2.840.113549.1.7.1"), (detached) ? null : new DerOctetString(data)); // Construct SignedData.certificates Asn1EncodableVector certificatesVector = new Asn1EncodableVector(); foreach (BCX509.X509Certificate cert in certPath) { certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); } // Construct SignedData.signerInfos Asn1EncodableVector signerInfosVector = new Asn1EncodableVector(); signerInfosVector.Add(signerInfo.ToAsn1Object()); // Construct SignedData SignedData signedData = new SignedData( new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(certificatesVector), null, new DerSet(signerInfosVector)); // Construct top level ContentInfo ContentInfo contentInfo = new ContentInfo( new DerObjectIdentifier("1.2.840.113549.1.7.2"), signedData); var res = contentInfo.GetDerEncoded(); File.WriteAllBytes("test.p7", res); CmsSignedData cms = new CmsSignedData(res); var certStore = cms.GetCertificates("Collection"); SignerInformationStore signers = cms.GetSignerInfos(); var it = signers.GetSigners().GetEnumerator(); it.MoveNext(); var signer = it.Current as SignerInformation; var b = signer.Verify(bcCert); } }
private SignaturesResult VerifyP7m(byte[] barr, string fileName) { //System.Diagnostics.Trace.WriteLine(string.Format("Verifica firme del file {0} ...", //System.IO.Path.GetFileName(fileName))); var result = new SignaturesResult(); result.SignatureInfos = new List <SignatureInfo>(); try { var estensione = System.IO.Path.GetExtension(fileName).ToLower(); var nomeFile = System.IO.Path.GetFileName(fileName); while (estensione == ".p7m") { Org.BouncyCastle.Cms.CmsSignedData cms = new CmsSignedData(barr); var certs = cms.GetCertificates("Collection"); var sis = cms.GetSignerInfos(); if (sis != null) { if (RecursiveP7m || ExtractSignedContent) { using (var ms = new MemoryStream()) { cms.SignedContent.Write(ms); barr = ms.ToArray(); } if (ExtractSignedContent) { result.SignedContent = barr; } } var signers = sis.GetSigners(); foreach (SignerInformation sign in signers) { var si = new SignatureInfo(); DateTime?dt = null; var aaa = sign.SignedAttributes[CmsAttributes.SigningTime]; if (aaa != null && aaa.AttrValues != null && aaa.AttrValues.Count > 0) { var st = aaa.AttrValues[0] as DerUtcTime; if (st != null) { dt = st.ToAdjustedDateTime(); } } if (dt == null) { throw new Exception("Impossibile ricavare SignDateTime."); } si.SignDateTime = dt.Value; //si.FilterSubtype= IList ccc = new ArrayList(certs.GetMatches(null)); List <Org.BouncyCastle.X509.X509Certificate> list = new List <Org.BouncyCastle.X509.X509Certificate>(); foreach (var c in ccc) { list.Add(c as Org.BouncyCastle.X509.X509Certificate); } var errors = iTextSharp.text.pdf.security.CertificateVerification.VerifyCertificates( list, keyStore, si.SignDateTime); if (errors.Count > 0) { si.ChainCertificatesNotValidAtSignedTime = true; } IList cs = new ArrayList(certs.GetMatches(sign.SignerID)); var cc = (Org.BouncyCastle.X509.X509Certificate)cs[0]; si.DigestAlgorithm = cc.SigAlgName; //si.EncryptionAlgorithm = sign.EncryptionAlgorithmID.ToString(); si.IntegrityValid = sign.Verify(cc); X509Certificate2 cert2 = new X509Certificate2(cc.GetEncoded()); si.Name = null; si.Signer = cert2.SubjectName.Name; si.Revision = sign.Version; if (CheckRevocation) { try { //si.CertificateRevocatedAtSignedTime = pkcs7.IsRevocationValid(); List <Org.BouncyCastle.Ocsp.BasicOcspResp> ocsps = new List <Org.BouncyCastle.Ocsp.BasicOcspResp>(); //if (cc.Ocsp != null) // ocsps.Add(pkcs7.Ocsp); iTextSharp.text.pdf.security.OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps); var issueCert = keyStore.SingleOrDefault( c => c.SubjectDN.Equals(cc.IssuerDN)); if (issueCert == null) { throw new Exception("Issuer certificate not found."); } List <VerificationOK> verification = ocspVerifier.Verify( cc, issueCert, si.SignDateTime); if (verification.Count == 0) { var crls = new List <Org.BouncyCastle.X509.X509Crl>(); CrlVerifier crlVerifier = new CrlVerifier(null, crls); crlVerifier.OnlineCheckingAllowed = true; verification = crlVerifier.Verify(cc, issueCert, si.SignDateTime); } if (verification.Count == 0) { si.CertificateRevocatedAtSignedTime = null; } else { si.CertificateRevocatedAtSignedTime = false; foreach (var verificationOk in verification) { System.Diagnostics.Trace.WriteLine(verificationOk); } } } catch (Exception ex) { si.CertificateRevocatedAtSignedTime = true; // o null? System.Diagnostics.Trace.WriteLine( string.Format( "Si è verificato il seguente errore durante la verifica di revoca per la firma {2} del file {0} {1}", System.IO.Path.GetFileName(fileName), ex.Message, si.Revision)); } } si.SignatureValid = si.IntegrityValid && !si.ChainCertificatesNotValidAtSignedTime && (!CheckRevocation || !si.CertificateRevocatedAtSignedTime.GetValueOrDefault(true)); result.SignatureInfos.Add(si); } } if (!RecursiveP7m) { break; } nomeFile = System.IO.Path.GetFileNameWithoutExtension(nomeFile); estensione = System.IO.Path.GetExtension(nomeFile); } result.SignaturesValid = result.SignatureInfos.All(si => si.SignatureValid); //System.Diagnostics.Trace.WriteLine(string.Format( // "Verifica firme del file {0} completata con esito {1}", System.IO.Path.GetFileName(fileName), // result.SignaturesValid ? "Positivo" : "Negativo")); } catch (Exception exx) { System.Diagnostics.Trace.WriteLine( string.Format( "Si è verificato il seguente errore durante la verifica delle firme del file {0} {1}", System.IO.Path.GetFileName(fileName), exx.Message)); throw exx; } return(result); }
public IX509Store GetCertificates(string type) { return(tsToken.GetCertificates(type)); }
/// <summary> /// Adds or removes Content to P7mFile /// </summary> /// <param name="CmsData">Signature Info</param> /// <param name="File">File, if null returns only Signature Info</param> /// <returns></returns> public static byte[] EmbedFileToPkcs(byte[] CmsData, byte[] File) { DerObjectIdentifier contentTypeOID = CmsObjectIdentifiers.Data; Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector signerInfos = new Asn1EncodableVector(); Asn1OctetString octs = null; if (File != null) { octs = new DerOctetString(File); } Org.BouncyCastle.Asn1.Cms.ContentInfo encInfo = new Org.BouncyCastle.Asn1.Cms.ContentInfo(contentTypeOID, octs); CmsProcessable content = new CmsProcessableByteArray(CmsData); Asn1Set certificates = null; Asn1Set certrevlist = null; ArrayList _certs = new ArrayList(); ArrayList _crls = new ArrayList(); ICollection certsColl = new ArrayList(); ICollection crlsColl = new ArrayList(); CmsSignedData cms = new CmsSignedData(CmsData); SignerInformationStore signers = cms.GetSignerInfos(); IX509Store store = cms.GetCertificates("Collection"); IX509Store crls = cms.GetCrls("Collection"); certsColl = store.GetMatches(null); crlsColl = crls.GetMatches(null); foreach (SignerInformation signer in signers.GetSigners()) { //digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); digestAlgs.Add(signer.DigestAlgorithmID); signerInfos.Add(signer.ToSignerInfo()); } foreach (Org.BouncyCastle.X509.X509Certificate cert in certsColl) { _certs.Add(Asn1Object.FromByteArray(cert.GetEncoded())); } foreach (Org.BouncyCastle.X509.X509Certificate clr in crlsColl) { _crls.Add(Asn1Object.FromByteArray(clr.GetEncoded())); } if (_certs.Count != 0) { certificates = CreateBerSetFromList(_certs); } if (_crls.Count != 0) { certrevlist = CreateBerSetFromList(_crls); } SignedData sd = new SignedData( new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos)); Org.BouncyCastle.Asn1.Cms.ContentInfo contentInfo = new Org.BouncyCastle.Asn1.Cms.ContentInfo(CmsObjectIdentifiers.SignedData, sd); byte[] retval = new CmsSignedData(content, contentInfo.GetDerEncoded()).GetEncoded(); string asn = BitConverter.ToString(retval).Replace("-", ""); return(retval); }
/// <summary> /// Verify PKCS7 signature /// </summary> /// <returns>CAPICOM/CryptoAPI return code or an ApplicationException in file hash doesn't match</returns> public bool Verify(ref List <string> ErrorMessageLst) { bool rc = true; //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - INIT"); try { // Decodifica un messaggio SignedCms codificato. // Al completamento della decodifica, è possibile recuperare le // informazioni decodificate dalle proprietà dell'oggetto SignedCms. CmsSignedData cms = new CmsSignedData(this.GetSignedContent(this._buf)); IX509Store store = cms.GetCertificates("Collection"); SignerInformationStore signers = cms.GetSignerInfos(); SignedData da = SignedData.GetInstance(cms.ContentInfo.Content.ToAsn1Object()); Asn1Sequence DigAlgAsn1 = null; if (da.DigestAlgorithms.Count > 0) { DigAlgAsn1 = da.DigestAlgorithms[0].ToAsn1Object() as Asn1Sequence; } if (DigAlgAsn1 != null) { this._SignAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID); } //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - Decode signed message"); // Verify signature. Do not validate signer // certificate for the purposes of this example. // Note that in a production environment, validating // the signer certificate chain will probably // be necessary. /* * verifica le firme digitali nel messaggio CMS/PKCS #7 firmato e, * facoltativamente, convalida i certificati del firmatario. * * * Se verifySignatureOnly è true, vengono verificate solo le firme digitali. * Se è false, vengono verificate le firme digitali e vengono convalidati * i certificati dei firmatari e gli scopi dei certificati. * Gli scopi di un certificato sono considerati validi se il certificato * non prevede l'utilizzo della chiave o se l'utilizzo della chiave supporta * le firme digitali o il non-rifiuto. * */ //_signersInfo = new DocsPaVO.documento.SignerInfo[signers.GetSigners().Count]; //int i = 0; List <DocsPaVO.documento.SignerInfo> signInfoLst = new List <DocsPaVO.documento.SignerInfo>(); foreach (SignerInformation signer in signers.GetSigners()) { DocsPaVO.documento.SignerInfo thisSinger = ExtractSignerInfo(ErrorMessageLst, store, signer); signInfoLst.Add(thisSinger); } _signersInfo = signInfoLst.ToArray(); //DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - CheckSignature OK, signers count: {0}", signers.GetSigners().Count)); CmsProcessable signedContent = cms.SignedContent; this._content = (byte[])signedContent.GetContent(); if ((this._SignAlgorithm != null) && this._content != null) { try { this._SignHash = BitConverter.ToString(Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(this._SignAlgorithm, this._content)).Replace("-", ""); } catch (Exception e) { ErrorMessageLst.Add(e.Message); } } //DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - Extact content, lenght: {0}", this._content.Length)); this._documentFileName = GetDocumentFileName(); this._SignType = "CADES"; //DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - DocumentFileName: '{0}'", this._documentFileName)); } catch (Exception ex) { rc = false; //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - Si è verificato un errore nella verifica della firma", ex); //throw new ApplicationException(ex.Message); ErrorMessageLst.Add(ex.Message); } finally { //DocsPaUtils.LogsManagement.Debugger.Write("SignedDocument.Verify - END"); } return(rc); }
/// <summary> /// Verifiy of CRL /// </summary> /// <param name="fileContents">byte Array file contents</param> /// <param name="endPoint">not used </param> /// <param name="args">1) Datetime? data verifica / string cachePath / string (bool) nocache</param> /// <returns></returns> public EsitoVerifica VerificaByteEV(byte[] fileContents, string endPoint, Object[] args) { //string ID = String.Format("{0}-{1}", Environment.GetEnvironmentVariable("APP_POOL_ID").Replace(" ", ""), AppDomain.CurrentDomain.BaseDirectory); bool forceDownload = false; //end point lo usiamo per forzare il download string p7mSignAlgorithm = null; //string p7mSignHash = null; DocsPaVO.documento.Internal.SignerInfo[] certSignersInfo; EsitoVerifica ev = new EsitoVerifica(); DateTime?dataverificaDT = null; string cachePath = string.Empty; if (args == null) { logger.Debug("Args (Date) is null, settign current"); dataverificaDT = DateTime.Now; } if (args.Length > 0) { dataverificaDT = args[0] as DateTime?; if (dataverificaDT == null) { logger.Debug("Date is null, settign current"); dataverificaDT = DateTime.Now; } cachePath = args[1] as string; string fdl = args[2] as string; if (!String.IsNullOrEmpty(fdl)) { Boolean.TryParse(endPoint, out forceDownload); } } int posi = IndexOfInArray(fileContents, System.Text.ASCIIEncoding.ASCII.GetBytes("Mime-Version:")); if (posi == 0) //E' un mime m7m { using (MemoryStream ms = new MemoryStream(fileContents)) { anmar.SharpMimeTools.SharpMessage sm = new anmar.SharpMimeTools.SharpMessage(ms); if (sm.Attachments.Count > 0) { foreach (anmar.SharpMimeTools.SharpAttachment att in sm.Attachments) { if (System.IO.Path.GetExtension(att.Name).ToLower().Contains("p7m")) { att.Stream.Position = 0; BinaryReader sr = new BinaryReader(att.Stream); fileContents = sr.ReadBytes((int)att.Size); } } } } } // Ce provo.... posi = -1; posi = IndexOfInArray(fileContents, System.Text.ASCIIEncoding.ASCII.GetBytes("%PDF")); if (posi == 0) //E' un pdf { PdfReader pdfReader = isPdf(fileContents); try { AcroFields af = pdfReader.AcroFields; List <string> signNames = af.GetSignatureNames(); if (signNames.Count == 0) //Firma non è presente { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Il file PDF da verificare non contiene nessuna firma"; ev.errorCode = "1458"; return(ev); } List <DocsPaVO.documento.Internal.SignerInfo> siList = new List <DocsPaVO.documento.Internal.SignerInfo>(); foreach (string name in signNames) { PdfPKCS7 pk = af.VerifySignature(name); p7mSignAlgorithm = pk.GetHashAlgorithm(); Org.BouncyCastle.X509.X509Certificate[] certs = pk.Certificates; foreach (X509Certificate cert in certs) { DocsPaVO.documento.Internal.SignerInfo si = GetCertSignersInfo(cert); VerificaValiditaTemporaleCertificato(ev, dataverificaDT, cert, p7mSignAlgorithm); si = ControlloCRL(forceDownload, ev, cachePath, cert, si); siList.Add(si); } bool result = pk.Verify(); if (!result) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "La verifica della firma è fallita (File is Tampered)"; ev.errorCode = "1450"; } } /* * if ( * (pdfReader.PdfVersion.ToString() != "4")|| * (pdfReader.PdfVersion.ToString() != "7")) * { * ev.status = EsitoVerificaStatus.ErroreGenerico; * ev.message = "Il file da verificare non è conforme allo standard PDF 1.4 o pdf 1.7"; * ev.errorCode = "1457"; * } */ List <DocsPaVO.documento.Internal.PKCS7Document> p7docsLst = new List <DocsPaVO.documento.Internal.PKCS7Document>(); DocsPaVO.documento.Internal.PKCS7Document p7doc = new DocsPaVO.documento.Internal.PKCS7Document { SignersInfo = siList.ToArray(), DocumentFileName = null, Level = 0 }; p7docsLst.Add(p7doc); ev.VerifySignatureResult = ConvertToVerifySignatureResult(ev.status, p7docsLst.ToArray()); ev.content = fileContents; } catch (Exception e) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Error verifying pdf message :" + e.Message; ev.errorCode = "1402"; return(ev); } } else //PKCS7 { try { int doclevel = 0; List <DocsPaVO.documento.Internal.PKCS7Document> p7docsLst = new List <DocsPaVO.documento.Internal.PKCS7Document>(); do { //questa Estrazione serve solo per capire se uscire dal ciclo ricorsivo e ritornare il content try { ev.content = extractSignedContent(fileContents); } catch { break; } //Ciclo per file firmato Asn1Sequence sequenza = Asn1Sequence.GetInstance(fileContents); DerObjectIdentifier tsdOIDFile = sequenza[0] as DerObjectIdentifier; if (tsdOIDFile != null) { if (tsdOIDFile.Id == CmsObjectIdentifiers.timestampedData.Id) //TSD { logger.Debug("Found TSD file"); DerTaggedObject taggedObject = sequenza[1] as DerTaggedObject; if (taggedObject != null) { Asn1Sequence asn1seq = Asn1Sequence.GetInstance(taggedObject, true); TimeStampedData tsd = TimeStampedData.GetInstance(asn1seq); fileContents = tsd.Content.GetOctets(); } } if (tsdOIDFile.Id == CmsObjectIdentifiers.SignedData.Id) //p7m { logger.Debug("Found P7M file"); } } CmsSignedData cms = new CmsSignedData(fileContents); //controllaCrlFileP7m(cms); IX509Store store = cms.GetCertificates("Collection"); SignerInformationStore signers = cms.GetSignerInfos(); SignedData da = SignedData.GetInstance(cms.ContentInfo.Content.ToAsn1Object()); Asn1Sequence DigAlgAsn1 = null; if (da.DigestAlgorithms.Count > 0) { DigAlgAsn1 = da.DigestAlgorithms[0].ToAsn1Object() as Asn1Sequence; } if (DigAlgAsn1 != null) { p7mSignAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID); } certSignersInfo = new DocsPaVO.documento.Internal.SignerInfo[signers.GetSigners().Count]; int i = 0; foreach (SignerInformation signer in signers.GetSigners()) { bool fileOK = false; Org.BouncyCastle.X509.X509Certificate cert1 = GetCertificate(signer, store); certSignersInfo[i] = GetCertSignersInfo(cert1); VerificaValiditaTemporaleCertificato(ev, dataverificaDT, cert1, p7mSignAlgorithm); fileOK = VerificaNonRepudiation(ev, fileOK, cert1); if (!fileOK) { certSignersInfo[i].CertificateInfo.messages = ev.errorCode + " " + ev.message; } try { fileOK = VerificaCertificato(ev, signer, fileOK, cert1); } catch (Exception e) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Error verifying 2, message :" + e.Message; ev.errorCode = "1450"; } if (fileOK) { certSignersInfo[i] = ControlloCRL(forceDownload, ev, cachePath, cert1, certSignersInfo[i]); } //p7mSignHash = BitConverter.ToString(Org.BouncyCastle.Security.DigestUtilities.CalculateDigest(Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(AlgorithmIdentifier.GetInstance(DigAlgAsn1).ObjectID), (byte[])cms.SignedContent.GetContent())).Replace("-", ""); } /* * if (cms.SignedContent != null) * { * //CmsProcessable signedContent = cms.SignedContent; * //ev.content = (byte[])signedContent.GetContent(); * * ev.content = extractMatrioskaFile(fileContents); * * * * } */ DocsPaVO.documento.Internal.PKCS7Document p7doc = new DocsPaVO.documento.Internal.PKCS7Document { SignersInfo = certSignersInfo, DocumentFileName = null, Level = doclevel++ }; p7docsLst.Add(p7doc); try { fileContents = extractSignedContent(fileContents); } catch { break; } } while (true); ev.VerifySignatureResult = ConvertToVerifySignatureResult(ev.status, p7docsLst.ToArray());; } catch (Exception e) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.message = "Error verifying 1, message :" + e.Message; ev.errorCode = "1402"; return(ev); } } return(ev); }