internal static SignerInfoGenerator MakeInfoGenerator(AsymmetricKeyParameter key, X509Certificate cert, string digestOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { TspUtil.ValidateCertificate(cert); // // Add the ESSCertID attribute // IDictionary signedAttrs; if (signedAttr != null) { signedAttrs = signedAttr.ToDictionary(); } else { signedAttrs = new Hashtable(); } string digestName = TspTestUtil.GetDigestAlgName(digestOID); string signatureName = digestName + "with" + TspTestUtil.GetEncryptionAlgName( TspTestUtil.GetEncOid(key, digestOID)); Asn1SignatureFactory sigfact = new Asn1SignatureFactory(signatureName, key); return(new SignerInfoGeneratorBuilder() .WithSignedAttributeGenerator( new DefaultSignedAttributeTableGenerator( new Asn1.Cms.AttributeTable(signedAttrs))) .WithUnsignedAttributeGenerator( new SimpleAttributeTableGenerator(unsignedAttr)) .Build(sigfact, cert)); }
public void Validate(IList algorithms, IList policies, IList extensions) { if (!algorithms.Contains(MessageImprintAlgOid)) { throw new TspValidationException("request contains unknown algorithm.", 128); } if (policies != null && ReqPolicy != null && !policies.Contains(ReqPolicy)) { throw new TspValidationException("request contains unknown policy.", 256); } if (Extensions != null && extensions != null) { foreach (DerObjectIdentifier extensionOid in Extensions.ExtensionOids) { if (!extensions.Contains(extensionOid.Id)) { throw new TspValidationException("request contains unknown extension.", 8388608); } } } int digestLength = TspUtil.GetDigestLength(MessageImprintAlgOid); if (digestLength != GetMessageImprintDigest().Length) { throw new TspValidationException("imprint digest the wrong length.", 4); } }
public TimeStampTokenGenerator(AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID, Org.BouncyCastle.Asn1.Cms.AttributeTable signedAttr, Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttr) { this.key = key; this.cert = cert; this.digestOID = digestOID; this.tsaPolicyOID = tsaPolicyOID; this.unsignedAttr = unsignedAttr; TspUtil.ValidateCertificate(cert); IDictionary dictionary = (signedAttr == null) ? Platform.CreateHashtable() : signedAttr.ToDictionary(); try { byte[] hash = DigestUtilities.CalculateDigest("SHA-1", cert.GetEncoded()); EssCertID essCertID = new EssCertID(hash); Org.BouncyCastle.Asn1.Cms.Attribute attribute = new Org.BouncyCastle.Asn1.Cms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(new SigningCertificate(essCertID))); dictionary[attribute.AttrType] = attribute; } catch (CertificateEncodingException e) { throw new TspException("Exception processing certificate.", e); } catch (SecurityUtilityException e2) { throw new TspException("Can't find a SHA-1 implementation.", e2); } this.signedAttr = new Org.BouncyCastle.Asn1.Cms.AttributeTable(dictionary); }
public void Validate(X509Certificate cert) { try { byte[] b = DigestUtilities.CalculateDigest(certID.GetHashAlgorithmName(), cert.GetEncoded()); if (!Arrays.ConstantTimeAreEqual(certID.GetCertHash(), b)) { throw new TspValidationException("certificate hash does not match certID hash."); } if (certID.IssuerSerial != null) { if (!certID.IssuerSerial.Serial.Value.Equals(cert.SerialNumber)) { throw new TspValidationException("certificate serial number does not match certID for signature."); } GeneralName[] names = certID.IssuerSerial.Issuer.GetNames(); X509Name issuerX509Principal = PrincipalUtilities.GetIssuerX509Principal(cert); bool flag = false; for (int i = 0; i != names.Length; i++) { if (names[i].TagNo == 4 && X509Name.GetInstance(names[i].Name).Equivalent(issuerX509Principal)) { flag = true; break; } } if (!flag) { throw new TspValidationException("certificate name does not match certID for signature. "); } } TspUtil.ValidateCertificate(cert); cert.CheckValidity(tstInfo.GenTime); if (!tsaSignerInfo.Verify(cert)) { throw new TspValidationException("signature not created by certificate."); } } catch (CmsException ex) { if (ex.InnerException != null) { throw new TspException(ex.Message, ex.InnerException); } throw new TspException("CMS exception: " + ex, ex); } catch (CertificateEncodingException ex2) { throw new TspException("problem processing certificate: " + ex2, ex2); } catch (SecurityUtilityException ex3) { throw new TspException("cannot find algorithm: " + ex3.Message, ex3); } }
public virtual IList GetExtensionOids() { return(TspUtil.GetExtensionOids(extensions)); }