public void Upgrade(SignatureDocument signatureDocument, UpgradeParameters parameters) { UnsignedProperties unsignedProperties = null; CertificateValues certificateValues = null; X509Certificate2 signingCertificate = signatureDocument.XadesSignature.GetSigningCertificate(); unsignedProperties = signatureDocument.XadesSignature.UnsignedProperties; unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs = new CompleteCertificateRefs(); CompleteCertificateRefs completeCertificateRefs = unsignedProperties.UnsignedSignatureProperties.CompleteCertificateRefs; Guid guid = Guid.NewGuid(); completeCertificateRefs.Id = "CompleteCertificates-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues(); certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues; CertificateValues certificateValues2 = certificateValues; guid = Guid.NewGuid(); certificateValues2.Id = "CertificatesValues-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs = new CompleteRevocationRefs(); CompleteRevocationRefs completeRevocationRefs = unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs; guid = Guid.NewGuid(); completeRevocationRefs.Id = "CompleteRev-" + guid.ToString(); unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues(); RevocationValues revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues; guid = Guid.NewGuid(); revocationValues.Id = "RevocationValues-" + guid.ToString(); AddCertificate(signingCertificate, unsignedProperties, false, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod, null); AddTSACertificates(unsignedProperties, parameters.OCSPServers, parameters.CRL, parameters.DigestMethod); signatureDocument.XadesSignature.UnsignedProperties = unsignedProperties; TimeStampCertRefs(signatureDocument, parameters); signatureDocument.UpdateDocument(); }
public override IList <X509Crl> GetCRLsFromSignature() { IList <X509Crl> list = new List <X509Crl>(); // Add certificates contained in SignedData foreach (X509Crl crl in cmsSignedData.GetCrls ("Collection").GetMatches(null)) { list.Add(crl); } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = BCStaticHelpers.GetSigner(cmsSignedData, signerId); if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null) { RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]); foreach (CertificateList crlObj in revValues.GetCrlVals()) { X509Crl crl = new X509Crl(crlObj); list.Add(crl); } } return(list); }
private IDictionary ExtendUnsignedAttributes(IDictionary unsignedAttrs, X509Certificate signingCertificate, DateTime signingDate, ICertificateSource optionalCertificateSource) { var validationContext = CertificateVerifier.ValidateCertificate(signingCertificate, signingDate, optionalCertificateSource, null, null); List <X509CertificateStructure> certificateValues = new List <X509CertificateStructure>(); List <CertificateList> crlValues = new List <CertificateList>(); List <BasicOcspResponse> ocspValues = new List <BasicOcspResponse>(); foreach (CertificateAndContext c in validationContext.NeededCertificates) { if (!c.Equals(signingCertificate)) { certificateValues.Add(X509CertificateStructure.GetInstance(((Asn1Sequence)Asn1Object.FromByteArray(c.Certificate.GetEncoded())))); } } foreach (X509Crl relatedcrl in validationContext.NeededCRL) { crlValues.Add(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(relatedcrl.GetEncoded()))); } foreach (BasicOcspResp relatedocspresp in validationContext.NeededOCSPResp) { ocspValues.Add((BasicOcspResponse.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(relatedocspresp.GetEncoded())))); } RevocationValues revocationValues = new RevocationValues(crlValues.ToArray(), ocspValues.ToArray(), null); unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new DerSet(revocationValues))); unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsCertValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(certificateValues.ToArray())))); return(unsignedAttrs); }
public override IList <X509Crl> GetCRLsFromSignature() { IList <X509Crl> list = new AList <X509Crl>(); try { // Add certificates contained in SignedData foreach (X509Crl crl in cmsSignedData.GetCrls ("Collection").GetMatches(null)) { list.AddItem(crl); } // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = cmsSignedData.GetSignerInfos().GetFirstSigner(signerId); if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null) { RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]); foreach (CertificateList crlObj in revValues.GetCrlVals()) { X509Crl crl = new X509Crl(crlObj); list.AddItem(crl); } } } /*catch (StoreException e) * { * throw new RuntimeException(e); * }*/ catch (CrlException e) { throw new RuntimeException(e); } return(list); }
/// <exception cref="System.IO.IOException"></exception> //private IDictionary<DerObjectIdentifier, Asn1Encodable> ExtendUnsignedAttributes(IDictionary // <DerObjectIdentifier, Asn1Encodable> unsignedAttrs, X509Certificate signingCertificate // , DateTime signingDate, CertificateSource optionalCertificateSource) private IDictionary ExtendUnsignedAttributes(IDictionary unsignedAttrs , X509Certificate signingCertificate, DateTime signingDate , CertificateSource optionalCertificateSource) { ValidationContext validationContext = certificateVerifier.ValidateCertificate(signingCertificate , signingDate, optionalCertificateSource, null, null); try { IList <X509CertificateStructure> certificateValues = new AList <X509CertificateStructure >(); AList <CertificateList> crlValues = new AList <CertificateList>(); AList <BasicOcspResponse> ocspValues = new AList <BasicOcspResponse>(); foreach (CertificateAndContext c in validationContext.GetNeededCertificates()) { if (!c.Equals(signingCertificate)) { certificateValues.AddItem(X509CertificateStructure.GetInstance(((Asn1Sequence)Asn1Object.FromByteArray (c.GetCertificate().GetEncoded())))); } } foreach (X509Crl relatedcrl in validationContext.GetNeededCRL()) { crlValues.AddItem(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(((X509Crl )relatedcrl).GetEncoded()))); } foreach (BasicOcspResp relatedocspresp in validationContext.GetNeededOCSPResp()) { ocspValues.AddItem((BasicOcspResponse.GetInstance((Asn1Sequence)Asn1Object.FromByteArray( relatedocspresp.GetEncoded())))); } CertificateList[] crlValuesArray = new CertificateList[crlValues.Count]; BasicOcspResponse[] ocspValuesArray = new BasicOcspResponse[ocspValues.Count]; RevocationValues revocationValues = new RevocationValues(Sharpen.Collections.ToArray (crlValues, crlValuesArray), Sharpen.Collections.ToArray(ocspValues, ocspValuesArray ), null); //unsignedAttrs.Put(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new Attribute unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new BcCms.Attribute (PkcsObjectIdentifiers.IdAAEtsRevocationValues, new DerSet(revocationValues)) ); X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues .Count]; //unsignedAttrs.Put(PkcsObjectIdentifiers.IdAAEtsCertValues, new Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(Sharpen.Collections.ToArray(certificateValues unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsCertValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(Sharpen.Collections.ToArray(certificateValues , certValuesArray))))); } catch (CertificateEncodingException e) { throw new RuntimeException(e); } catch (CrlException e) { throw new RuntimeException(e); } return(unsignedAttrs); }
public override IList <BasicOcspResp> GetOCSPResponsesFromSignature() { IList <BasicOcspResp> list = new List <BasicOcspResp>(); // Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present SignerInformation si = BCStaticHelpers.GetSigner(cmsSignedData, signerId); if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null) { RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]); foreach (BasicOcspResponse ocspObj in revValues.GetOcspVals()) { BasicOcspResp bOcspObj = new BasicOcspResp(ocspObj); list.Add(bOcspObj); } } return(list); }
protected void Complete(Level?level, Stream embedded, Stream signed, Stream content, X509Certificate2 providedSigner, out TimemarkKey timemarkKey) { #if NETFRAMEWORK trace.TraceEvent(TraceEventType.Information, 0, "Completing the message with of {0} bytes to level {1}", signed.Length, level); #else logger.LogInformation("Completing the message with of {0} bytes to level {1}", signed.Length, level); #endif //Create the objects we need var gen = new CmsSignedDataStreamGenerator(); var parser = new CmsSignedDataParser(signed); timemarkKey = new TimemarkKey(); //preset the digests so we can add the signers afterwards gen.AddDigests(parser.DigestOids); //Copy the content to the output Stream contentOut = gen.Open(embedded, parser.SignedContentType.Id, true); if (content != null) { content.CopyTo(contentOut); } else { parser.GetSignedContent().ContentStream.CopyTo(contentOut); } //Extract the various data from outer layer SignerInformation signerInfo = ExtractSignerInfo(parser); IX509Store embeddedCerts = parser.GetCertificates("Collection"); //Extract the various data from signer info timemarkKey.SignatureValue = signerInfo.GetSignature(); timemarkKey.SigningTime = ExtractSigningTime(signerInfo); timemarkKey.Signer = ExtractSignerCert(embeddedCerts, signerInfo, providedSigner); if (timemarkKey.Signer != null) { timemarkKey.SignerId = DotNetUtilities.FromX509Certificate(timemarkKey.Signer).GetSubjectKeyIdentifier(); } else { timemarkKey.SignerId = signerInfo.SignerID.ExtractSignerId(); } //Extract the various data from unsiged attributes of signer info IDictionary unsignedAttributes = signerInfo.UnsignedAttributes != null?signerInfo.UnsignedAttributes.ToDictionary() : new Hashtable(); TimeStampToken tst = ExtractTimestamp(unsignedAttributes); RevocationValues revocationInfo = ExtractRevocationInfo(unsignedAttributes); //quick check for an expected error and extrapolate some info if (timemarkKey.SignerId == null) { #if NETFRAMEWORK trace.TraceEvent(TraceEventType.Error, 0, "We could not find any signer information"); #else logger.LogError("We could not find any signer information"); #endif throw new InvalidMessageException("The message does not contain any valid signer info"); } if (timemarkKey.SigningTime == default && tst != null) { #if NETFRAMEWORK trace.TraceEvent(TraceEventType.Information, 0, "Implicit signing time is replaced with time-stamp time {1}", tst.TimeStampInfo.GenTime); #else logger.LogInformation("Implicit signing time is replaced with time-stamp time {1}", tst.TimeStampInfo.GenTime); #endif timemarkKey.SigningTime = tst.TimeStampInfo.GenTime; } //Are we missing embedded certs and should we add them? if ((embeddedCerts == null || embeddedCerts.GetMatches(null).Count <= 1) && timemarkKey.Signer != null && level != null) { embeddedCerts = GetEmbeddedCerts(timemarkKey); } if (embeddedCerts != null) { gen.AddCertificates(embeddedCerts); //add the existing or new embedded certs to the output. } //Are we missing timestamp and should we add them (not that time-mark authorities do not require a timestamp provider) if (tst == null && (level & Level.T_Level) == Level.T_Level && timestampProvider != null) { tst = GetTimestamp(timemarkKey); AddTimestamp(unsignedAttributes, tst); } //should be make sure we have the proper revocation info (it is hard to tell if we have everything, just go for it) if ((level & Level.L_Level) == Level.L_Level) { if (embeddedCerts != null && embeddedCerts.GetMatches(null).Count > 0) { //extend the revocation info with info about the embedded certs revocationInfo = GetRevocationValues(timemarkKey, embeddedCerts, revocationInfo); } if (tst != null) { //extend the revocation info with info about the TST revocationInfo = GetRevocationValues(tst, revocationInfo); } //update the unsigned attributes AddRevocationValues(unsignedAttributes, revocationInfo); } //Update the unsigned attributes of the signer info signerInfo = SignerInformation.ReplaceUnsignedAttributes(signerInfo, new BC::Asn1.Cms.AttributeTable(unsignedAttributes)); //Copy the signer gen.AddSigners(new SignerInformationStore(new SignerInformation[] { signerInfo })); contentOut.Close(); }