private void CounterSign(CmsSigner signer) { CspParameters parameters = new CspParameters(); if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open); permission.AccessEntries.Add(accessEntry); permission.Demand(); uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0); System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)))); System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer); try { Marshal.StructureToPtr(structure, handle.DangerousGetHandle(), false); if (!System.Security.Cryptography.CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1, handle.DangerousGetHandle())) { throw new CryptographicException(Marshal.GetLastWin32Error()); } this.m_signedCms.ReopenToDecode(); } finally { Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)); handle.Dispose(); structure.Dispose(); } PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer)); }
private unsafe void Sign(CmsSigner signer, bool silent) { System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = null; System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO cmsg_signed_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO))); System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer, silent); byte[] encodedMessage = null; try { System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)))); try { Marshal.StructureToPtr(structure, handle2.DangerousGetHandle(), false); X509Certificate2Collection certificates = PkcsUtils.CreateBagOfCertificates(signer); System.Security.Cryptography.SafeLocalAllocHandle handle3 = PkcsUtils.CreateEncodedCertBlob(certificates); cmsg_signed_encode_info.cSigners = 1; cmsg_signed_encode_info.rgSigners = handle2.DangerousGetHandle(); cmsg_signed_encode_info.cCertEncoded = (uint)certificates.Count; if (certificates.Count > 0) { cmsg_signed_encode_info.rgCertEncoded = handle3.DangerousGetHandle(); } if (string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) == 0) { hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), IntPtr.Zero, IntPtr.Zero); } else { hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), this.ContentInfo.ContentType.Value, IntPtr.Zero); } if ((hCryptMsg == null) || hCryptMsg.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if ((this.ContentInfo.Content.Length > 0) && !System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } encodedMessage = PkcsUtils.GetContent(hCryptMsg); hCryptMsg.Dispose(); handle3.Dispose(); } finally { Marshal.DestroyStructure(handle2.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)); handle2.Dispose(); } } finally { structure.Dispose(); } hCryptMsg = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached); if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid) { this.m_safeCryptMsgHandle.Dispose(); } this.m_safeCryptMsgHandle = hCryptMsg; GC.KeepAlive(signer); }
private void CoSign(CmsSigner signer, bool silent) { using (System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO cmsg_signer_encode_info = PkcsUtils.CreateSignerEncodeInfo(signer, silent)) { System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)))); try { Marshal.StructureToPtr(cmsg_signer_encode_info, handle.DangerousGetHandle(), false); if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0, 6, handle.DangerousGetHandle())) { throw new CryptographicException(Marshal.GetLastWin32Error()); } } finally { Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO)); handle.Dispose(); } } PkcsUtils.AddCertsToMessage(this.m_safeCryptMsgHandle, this.Certificates, PkcsUtils.CreateBagOfCertificates(signer)); }
internal static unsafe System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent) { System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO cmsg_signer_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))); System.Security.Cryptography.SafeCryptProvHandle invalidHandle = System.Security.Cryptography.SafeCryptProvHandle.InvalidHandle; uint pdwKeySpec = 0; bool pfCallerFreeProv = false; cmsg_signer_encode_info.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value; if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0) { cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3"; } cmsg_signer_encode_info.cAuthAttr = (uint)signer.SignedAttributes.Count; cmsg_signer_encode_info.rgAuthAttr = CreateCryptAttributes(signer.SignedAttributes); cmsg_signer_encode_info.cUnauthAttr = (uint)signer.UnsignedAttributes.Count; cmsg_signer_encode_info.rgUnauthAttr = CreateCryptAttributes(signer.UnsignedAttributes); if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature) { cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2"; cmsg_signer_encode_info.pCertInfo = IntPtr.Zero; cmsg_signer_encode_info.dwKeySpec = pdwKeySpec; if (!System.Security.Cryptography.CAPI.CryptAcquireContext(ref invalidHandle, (string)null, (string)null, 1, 0xf0000000)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle(); GC.SuppressFinalize(invalidHandle); cmsg_signer_encode_info.SignerId.dwIdChoice = 1; X500DistinguishedName name = new X500DistinguishedName("CN=Dummy Signer") { Oid = new Oid("1.3.6.1.4.1.311.21.9") }; cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint)name.RawData.Length; System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData)); Marshal.Copy(name.RawData, 0, handle2.DangerousGetHandle(), name.RawData.Length); cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.pbData = handle2.DangerousGetHandle(); GC.SuppressFinalize(handle2); cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1; System.Security.Cryptography.SafeLocalAllocHandle handle3 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData)); byte *handle = (byte *)handle3.DangerousGetHandle(); handle[0] = 0; cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = handle3.DangerousGetHandle(); GC.SuppressFinalize(handle3); return(cmsg_signer_encode_info); } System.Security.Cryptography.SafeCertContextHandle certContext = System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate); if (!System.Security.Cryptography.CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext, silent ? 70 : 6, IntPtr.Zero, ref invalidHandle, ref pdwKeySpec, ref pfCallerFreeProv)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cmsg_signer_encode_info.dwKeySpec = pdwKeySpec; cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle(); GC.SuppressFinalize(invalidHandle); System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = *((System.Security.Cryptography.CAPI.CERT_CONTEXT *)certContext.DangerousGetHandle()); cmsg_signer_encode_info.pCertInfo = cert_context.pCertInfo; if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier) { uint pcbData = 0; System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle; if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (pcbData <= 0) { return(cmsg_signer_encode_info); } pvData = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long)pcbData)); if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cmsg_signer_encode_info.SignerId.dwIdChoice = 2; cmsg_signer_encode_info.SignerId.Value.KeyId.cbData = pcbData; cmsg_signer_encode_info.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle(); GC.SuppressFinalize(pvData); } return(cmsg_signer_encode_info); }
internal static unsafe System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent) { System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO cmsg_signer_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))); System.Security.Cryptography.SafeCryptProvHandle invalidHandle = System.Security.Cryptography.SafeCryptProvHandle.InvalidHandle; uint pdwKeySpec = 0; bool pfCallerFreeProv = false; cmsg_signer_encode_info.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value; if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0) { cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3"; } cmsg_signer_encode_info.cAuthAttr = (uint) signer.SignedAttributes.Count; cmsg_signer_encode_info.rgAuthAttr = CreateCryptAttributes(signer.SignedAttributes); cmsg_signer_encode_info.cUnauthAttr = (uint) signer.UnsignedAttributes.Count; cmsg_signer_encode_info.rgUnauthAttr = CreateCryptAttributes(signer.UnsignedAttributes); if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature) { cmsg_signer_encode_info.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2"; cmsg_signer_encode_info.pCertInfo = IntPtr.Zero; cmsg_signer_encode_info.dwKeySpec = pdwKeySpec; if (!System.Security.Cryptography.CAPI.CryptAcquireContext(ref invalidHandle, (string) null, (string) null, 1, 0xf0000000)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle(); GC.SuppressFinalize(invalidHandle); cmsg_signer_encode_info.SignerId.dwIdChoice = 1; X500DistinguishedName name = new X500DistinguishedName("CN=Dummy Signer") { Oid = new Oid("1.3.6.1.4.1.311.21.9") }; cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint) name.RawData.Length; System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long) cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.cbData)); Marshal.Copy(name.RawData, 0, handle2.DangerousGetHandle(), name.RawData.Length); cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.Issuer.pbData = handle2.DangerousGetHandle(); GC.SuppressFinalize(handle2); cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1; System.Security.Cryptography.SafeLocalAllocHandle handle3 = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long) cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData)); byte* handle = (byte*) handle3.DangerousGetHandle(); handle[0] = 0; cmsg_signer_encode_info.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = handle3.DangerousGetHandle(); GC.SuppressFinalize(handle3); return cmsg_signer_encode_info; } System.Security.Cryptography.SafeCertContextHandle certContext = System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate); if (!System.Security.Cryptography.CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext, silent ? 70 : 6, IntPtr.Zero, ref invalidHandle, ref pdwKeySpec, ref pfCallerFreeProv)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cmsg_signer_encode_info.dwKeySpec = pdwKeySpec; cmsg_signer_encode_info.hCryptProv = invalidHandle.DangerousGetHandle(); GC.SuppressFinalize(invalidHandle); System.Security.Cryptography.CAPI.CERT_CONTEXT cert_context = *((System.Security.Cryptography.CAPI.CERT_CONTEXT*) certContext.DangerousGetHandle()); cmsg_signer_encode_info.pCertInfo = cert_context.pCertInfo; if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier) { uint pcbData = 0; System.Security.Cryptography.SafeLocalAllocHandle pvData = System.Security.Cryptography.SafeLocalAllocHandle.InvalidHandle; if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } if (pcbData <= 0) { return cmsg_signer_encode_info; } pvData = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr((long) pcbData)); if (!System.Security.Cryptography.CAPI.CAPISafe.CertGetCertificateContextProperty(certContext, 20, pvData, ref pcbData)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } cmsg_signer_encode_info.SignerId.dwIdChoice = 2; cmsg_signer_encode_info.SignerId.Value.KeyId.cbData = pcbData; cmsg_signer_encode_info.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle(); GC.SuppressFinalize(pvData); } return cmsg_signer_encode_info; }