/// <summary> /// Converts the instance of BouncyCastle X509Certificate class to the instance of .NET X509Certificate2 class /// </summary> /// <param name="cert">Instance of BouncyCastle X509Certificate class</param> /// <returns>Instance of .NET X509Certificate2 class</returns> public static X509Certificate2 ToDotNetObject(BCX509.X509Certificate cert) { if (cert == null) throw new ArgumentNullException("cert"); return new X509Certificate2(ToDerEncodedByteArray(cert)); }
/// <summary> /// Checks whether specified certificate matches this certificate /// </summary> /// <param name="certificate">Certificate to be checked</param> /// <returns>Null if match cannot be performed, true if certificate matches, false otherwise</returns> public bool? Matches(BCX509.X509Certificate certificate) { if (certificate == null) return null; return certificate.Equals(CertUtils.ToBouncyCastleObject(this.Data)); }
/// <summary> /// Converts the instance of BouncyCastle X509Certificate class to the DER encoded byte array /// </summary> /// <param name="cert">Instance of BouncyCastle X509Certificate class</param> /// <returns>DER encoded byte array</returns> public static byte[] ToDerEncodedByteArray(BCX509.X509Certificate cert) { if (cert == null) throw new ArgumentNullException("cert"); return cert.GetEncoded(); }
/// <summary> /// Checks whether certificate is self-signed /// </summary> /// <param name="certificate">Certificate to be checked</param> /// <returns>True if certificate is self-signed; false otherwise</returns> public static bool IsSelfSigned(BCX509.X509Certificate certificate) { if (certificate == null) throw new ArgumentNullException("certificate"); try { certificate.Verify(certificate.GetPublicKey()); return true; } catch (Org.BouncyCastle.Security.InvalidKeyException) { return false; } }
/// <summary> /// Generates PKCS#7 signature of specified data /// </summary> /// <param name="data">Data to be signed</param> /// <param name="detached">Flag indicating whether detached signature should be produced</param> /// <param name="signingCertificate">Signing certificate</param> /// <param name="certPath">Certification path for signing certificate</param> /// <returns>DER encoded PKCS#7 signature of specified data</returns> public byte[] GenerateSignature(byte[] data, bool detached, BCX509.X509Certificate signingCertificate, ICollection<BCX509.X509Certificate> certPath) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); string hashOid = GetHashOid(_hashAlgorihtm); IDigest hashGenerator = GetHashGenerator(_hashAlgorihtm); // Compute hash of input data byte[] dataHash = ComputeDigest(hashGenerator, data); // Construct SignerInfo.signedAttrs Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector(); // Add PKCS#9 contentType signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(OID.PKCS9AtContentType), new DerSet(new DerObjectIdentifier(OID.PKCS7IdData)))); // Add PKCS#9 messageDigest signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(OID.PKCS9AtMessageDigest), new DerSet(new DerOctetString(dataHash)))); // Add PKCS#9 signingTime signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(OID.PKCS9AtSigningTime), new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow))))); DerSet signedAttributes = new DerSet(signedAttributesVector); // Sign SignerInfo.signedAttrs with PKCS#1 v1.5 RSA signature using private key stored on PKCS#11 compatible device byte[] pkcs1Digest = ComputeDigest(hashGenerator, signedAttributes.GetDerEncoded()); byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid); byte[] pkcs1Signature = null; using (Session session = _slot.OpenSession(true)) using (Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS)) pkcs1Signature = session.Sign(mechanism, _privateKeyHandle, pkcs1DigestInfo); // Construct SignerInfo SignerInfo signerInfo = new SignerInfo( new SignerIdentifier(new IssuerAndSerialNumber(signingCertificate.IssuerDN, signingCertificate.SerialNumber)), new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null), signedAttributes, new AlgorithmIdentifier(new DerObjectIdentifier(OID.PKCS1RsaEncryption), null), new DerOctetString(pkcs1Signature), null); // Construct SignedData.digestAlgorithms Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null)); // Construct SignedData.encapContentInfo ContentInfo encapContentInfo = new ContentInfo( new DerObjectIdentifier(OID.PKCS7IdData), (detached) ? null : new DerOctetString(data)); // Construct SignedData.certificates Asn1EncodableVector certificatesVector = new Asn1EncodableVector(); foreach (BCX509.X509Certificate cert in certPath) certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); // Construct SignedData.signerInfos Asn1EncodableVector signerInfosVector = new Asn1EncodableVector(); signerInfosVector.Add(signerInfo.ToAsn1Object()); // Construct SignedData SignedData signedData = new SignedData( new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(certificatesVector), null, new DerSet(signerInfosVector)); // Construct top level ContentInfo ContentInfo contentInfo = new ContentInfo( new DerObjectIdentifier(OID.PKCS7IdSignedData), signedData); return contentInfo.GetDerEncoded(); }
/// <summary> /// Checks whether specified certificate matches this private key /// </summary> /// <param name="certificate">Certificate to be checked</param> /// <returns>Null if match cannot be performed, true if certificate matches, false otherwise</returns> public bool? Matches(BCX509.X509Certificate certificate) { if (certificate == null) return null; if (this.PublicKey == null) return null; return this.PublicKey.Equals(certificate.GetPublicKey()); }