public static Rfc3161TimestampToken LoadAndVerifyHash(byte[] encodedToken, byte[] hash) { if (encodedToken == null) { throw new ArgumentNullException(nameof(encodedToken)); } if (hash == null) { throw new ArgumentNullException(nameof(hash)); } Rfc3161TimestampToken token = CryptVerifyTimeStampSignature(encodedToken, null); if (!token.TokenInfo.HasMessageHash(hash)) { const int NTE_BAD_HASH = unchecked ((int)0x80090002); token.SignerCertificate?.Dispose(); foreach (var cert in token.AdditionalCerts) { cert?.Dispose(); } throw new CryptographicException(NTE_BAD_HASH); } return(token); }
public Rfc3161TimestampTokenNet472Wrapper( IRfc3161TimestampTokenInfo tstInfo, X509Certificate2 signerCertificate, X509Certificate2Collection additionalCerts, byte[] encoded) { _rfc3161TimestampToken = new Rfc3161TimestampToken( tstInfo, signerCertificate, additionalCerts, encoded); }
private static void ValidateTimestampResponse(byte[] nonce, byte[] data, Rfc3161TimestampToken timestampToken) { if (!nonce.SequenceEqual(timestampToken.TokenInfo.GetNonce())) { throw new TimestampException(NuGetLogCode.NU3026, Strings.TimestampFailureNonceMismatch); } if (!timestampToken.TokenInfo.HasMessageHash(data)) { throw new TimestampException(NuGetLogCode.NU3019, Strings.TimestampIntegrityCheckFailed); } }
private static void ValidateTimestampResponseNonce( byte[] nonce, Rfc3161TimestampToken timestampToken) { if (!nonce.SequenceEqual(timestampToken.TokenInfo.GetNonce())) { throw new TimestampException(LogMessage.CreateError( NuGetLogCode.NU3026, string.Format(CultureInfo.CurrentCulture, Strings.TimestampResponseExceptionGeneral, Strings.TimestampFailureNonceMismatch))); } }
private static void ValidateTimestampCms(SigningSpecifications spec, SignedCms timestampCms, Rfc3161TimestampToken timestampToken) { var signerInfo = timestampCms.SignerInfos[0]; try { signerInfo.CheckSignature(verifySignatureOnly: true); } catch (Exception e) { throw new TimestampException(NuGetLogCode.NU3021, Strings.SignError_TimestampSignatureValidationFailed, e); } if (signerInfo.Certificate == null) { throw new TimestampException(NuGetLogCode.NU3020, Strings.SignError_TimestampNoCertificate); } if (!CertificateUtility.IsSignatureAlgorithmSupported(signerInfo.Certificate)) { var certificateSignatureAlgorithm = GetNameOrOidString(signerInfo.Certificate.SignatureAlgorithm); var supportedSignatureAlgorithms = string.Join(", ", spec.AllowedSignatureAlgorithms); var errorMessage = string.Format(CultureInfo.CurrentCulture, Strings.TimestampCertificateUnsupportedSignatureAlgorithm, certificateSignatureAlgorithm, supportedSignatureAlgorithms); throw new TimestampException(NuGetLogCode.NU3022, errorMessage); } if (!CertificateUtility.IsCertificatePublicKeyValid(signerInfo.Certificate)) { throw new TimestampException(NuGetLogCode.NU3023, Strings.SignError_TimestampCertificateFailsPublicKeyLengthRequirement); } if (!spec.AllowedHashAlgorithmOids.Contains(signerInfo.DigestAlgorithm.Value)) { var digestAlgorithm = GetNameOrOidString(signerInfo.DigestAlgorithm); var supportedSignatureAlgorithms = string.Join(", ", spec.AllowedHashAlgorithms); var errorMessage = string.Format(CultureInfo.CurrentCulture, Strings.TimestampResponseUnsupportedDigestAlgorithm, digestAlgorithm, supportedSignatureAlgorithms); throw new TimestampException(NuGetLogCode.NU3024, errorMessage); } if (CertificateUtility.IsCertificateValidityPeriodInTheFuture(signerInfo.Certificate)) { throw new TimestampException(NuGetLogCode.NU3025, Strings.SignError_TimestampNotYetValid); } if (!CertificateUtility.IsDateInsideValidityPeriod(signerInfo.Certificate, timestampToken.TokenInfo.Timestamp)) { throw new TimestampException(NuGetLogCode.NU3036, Strings.SignError_TimestampGeneralizedTimeInvalid); } }