예제 #1
0
        private IASSod(byte[] sod)
        {
            //Create asn1 structure of IAS sod object
            var asn1 = ASN1Tag.Parse(sod, true);
            //Take root element that represents all data signed
            var root = asn1.Child(0);

            root.Child(0, 06).Verify(OID.ToByteArray(OID.OIDsignedData)); //06 Verify that result is a OBJECT IDENTIFIER
            //Struttura che negli altri elementi verrà firmata
            SignedDataObject = root.DeepChild(1, 0, 2);
            SignedDataObject.Child(0, 06).Verify(OID.ToByteArray(OID.OIDldsSecurityObject)); //06 Verify that result is a OBJECT IDENTIFIER

            /*GET SIGNED DATA THAT CONTAINS HASHED INFORMATION OF:
             * - ID servizi
             * - Seriale carta
             * - Certificato utente
             * - Chiave pubblica di internal authentication
             * - Chiave pubblica di internal authentication per i servizi*/
            SignedData = SignedDataObject.DeepChild(1, 0).Child(0, 0x30); //0x30 Verify that result is a SEQUENCE
            //GET DOCUMENT SIGNER CERTIFICATE
            //This object can be parsed to X509Certificate2 class costrusctor
            DSCertificate = root.DeepChild(1, 0, 3).Child(0, 0x30);  //0x30 Verify that result is a SEQUENCE
            //GET SIGNER INFO
            var signerInfo = root.DeepChild(1, 0, 4).Child(0, 0x30); //0x30 Verify that result is a SEQUENCE

            /*GET INFORMATION OF ISSUER FROM SIGNER INFO
             * La struttura dati contenuta si avvicina alla seguente:
             * 0 SET (1 elem)
             *  0.0 SEQUENCE (2 elem)
             *      0.0.0 OBJECT IDENTIFIER (2.5.4.3 commonName (X.520 DN component))
             *      0.0.1 PrintableString (Italian Country Signer CA - TEST)
             * 1 SET (1 elem)
             *  1.0 SEQUENCE (2 elem)
             *      1.0.0 OBJECT IDENTIFIER (2.5.4.11 organizationalUnitName (X.520 DN component))
             *      1.0.1 PrintableString (National Electronic Center of State Police)
             * 2 SET (1 elem)
             *  2.0 SEQUENCE (2 elem)
             *      2.0.0 OBJECT IDENTIFIER (2.5.4.10 organizationName (X.520 DN component))
             *      2.0.1 PrintableString (Ministry of Interior)
             * 3 SET (1 elem)
             *  3.0 SEQUENCE (2 elem)
             *      3.0.0 OBJECT IDENTIFIER (2.5.4.6 countryName (X.520 DN component))
             *      3.0.1 PrintableString (IT)*/
            IssuerName = signerInfo.DeepChild(1).Child(0, 0x30); //0x30 Verify that result is a SEQUENCE

            /*GET INFORMATION OF SIGNER CERTIFICATE SERIAL NUMBER FROM DS CERT
             * La struttura dati contenuta si avvicina alla seguente:
             * 0 INTEGER (value of serial number)*/
            SerialNumber = signerInfo.DeepChild(1).Child(1, 0x02); //02 Verify that result is a INTEGER

            /*GET INFORMATION ABOUT SIGNER FROM DS CERT
             * La struttura dati contenuta si avvicina alla seguente:
             * 0 SEQUENCE (2 elem)
             *  0.0 OBJECT IDENTIFIER (1.2.840.113549.1.9.3 OIDcontentType)
             *  0.1 SET (1 elem)
             *      0.1.0 OBJECT IDENTIFIER (2.23.136.1.1.1 Security)
             * 1 SEQUENCE (2 elem)
             *  1.0 OBJECT IDENTIFIER (1.2.840.113549.1.9.4 OIDmessageDigest)
             *  1.1 SET (1 elem)
             *      1.1.0 OCTET STRING (F92C82AE7A944DCFFE4CCD0B6CAFA9D0134ED16EBEEFE6D9A44B641920F99BA9... (hash)) */
            SignatureAlgoritmIdentifier = signerInfo.Child(3, 0xA0);                                          //0xA0 Verify that result is a CONTEXT_SPECIFIC
            //Verify data structure of SignerInfo object
            SignatureAlgoritmIdentifier.DeepChild(0, 0).Verify(OID.ToByteArray(OID.OIDcontentType));          //Verify that node 0.0 is a OIDcontentType Object identifier
            SignatureAlgoritmIdentifier.DeepChild(0, 1, 0).Verify(OID.ToByteArray(OID.OIDldsSecurityObject)); //Verify that node 0.1.0 is a OIDldsSecurityObject Object identifier
            SignatureAlgoritmIdentifier.DeepChild(1, 0).Verify(OID.ToByteArray(OID.OIDmessageDigest));        //Verify that node 1.0 is a OIDmessageDigest Object identifier
            //Get message digest of Signer that is in the octect string object
            SignerMessageDigest = SignatureAlgoritmIdentifier.DeepChild(1, 1).Child(0, 04);                   //04 Verify that result is a OCTECT STRING
            //GET MESSAGE DIGEST SIGN ALGORYTM AND HASH ALGORYTM
            OIDDSMessageDigestSignAlgo = OID.ToString(signerInfo.DeepChild(4).Child(0, 06).Data);             //06 Verify that result is a OBJECT IDENTIFIER
            OIDDSMessageDigestHashAlgo = OID.ToString(signerInfo.DeepChild(2).Child(0, 06).Data);             //06 Verify that result is a OBJECT IDENTIFIER
            //Verify Signed data hash algoritm
            //SignedData.Child(0, 02).Verify(new byte[] { 0 });
            SignedData.DeepChild(1).Child(0, 06).Verify(OID.Encode(OIDDSMessageDigestHashAlgo)); //Verify hash algoritm

            /*GET SIGNATURE
             * La struttura dati contenuta si avvicina alla seguente:
             * 0 OCTET STRING (42C600B32BD5EFF0A684F65BD4526872AD3D4EADA3017A6E836736340BCCDA7DB9622...)*/
            Signature = signerInfo.Child(5, 04); //04 Verify that result is a OCTECT STRING
        }