/** * base constructor - with encapsulated content */ public CmsSignedData( Stream sigData) : this(CmsUtilities.ReadContentInfo(sigData)) { }
/** * generate a signed object that for a CMS Signed Data * object - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. */ public CmsSignedData Generate( string signedContentType, // FIXME Avoid accessing more than once to support CmsProcessableInputStream CmsProcessable content, bool encapsulate) { Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector signerInfos = new Asn1EncodableVector(); _digests.Clear(); // clear the current preserved digest state // // add the precalculated SignerInfo objects. // foreach (SignerInformation signer in _signers) { digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); // TODO Verify the content type and calculated digest match the precalculated SignerInfo signerInfos.Add(signer.ToSignerInfo()); } // // add the SignerInfo objects // bool isCounterSignature = (signedContentType == null); DerObjectIdentifier contentTypeOid = isCounterSignature ? null : new DerObjectIdentifier(signedContentType); foreach (SignerInf signer in signerInfs) { try { digestAlgs.Add(signer.DigestAlgorithmID); signerInfos.Add(signer.ToSignerInfo(contentTypeOid, content, rand)); } catch (IOException e) { throw new CmsException("encoding error.", e); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for signature.", e); } catch (SignatureException e) { throw new CmsException("error creating signature.", e); } catch (CertificateEncodingException e) { throw new CmsException("error creating sid.", e); } } Asn1Set certificates = null; if (_certs.Count != 0) { certificates = CmsUtilities.CreateBerSetFromList(_certs); } Asn1Set certrevlist = null; if (_crls.Count != 0) { certrevlist = CmsUtilities.CreateBerSetFromList(_crls); } Asn1OctetString octs = null; if (encapsulate) { MemoryStream bOut = new MemoryStream(); if (content != null) { try { content.Write(bOut); } catch (IOException e) { throw new CmsException("encapsulation error.", e); } } octs = new BerOctetString(bOut.ToArray()); } ContentInfo encInfo = new ContentInfo(contentTypeOid, octs); SignedData sd = new SignedData( new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos)); ContentInfo contentInfo = new ContentInfo(CmsObjectIdentifiers.SignedData, sd); return(new CmsSignedData(content, contentInfo)); }
public CmsEnvelopedData( Stream envelopedData) : this(CmsUtilities.ReadContentInfo(envelopedData)) { }
public CmsCompressedData( byte[] compressedData) : this(CmsUtilities.ReadContentInfo(compressedData)) { }
protected Stream Open( Stream outStr, AlgorithmIdentifier macAlgId, ICipherParameters cipherParameters, Asn1EncodableVector recipientInfos) { try { // // ContentInfo // BerSequenceGenerator cGen = new BerSequenceGenerator(outStr); cGen.AddObject(CmsObjectIdentifiers.AuthenticatedData); // // Authenticated Data // BerSequenceGenerator authGen = new BerSequenceGenerator( cGen.GetRawOutputStream(), 0, true); authGen.AddObject(new DerInteger(AuthenticatedData.CalculateVersion(null))); Stream authRaw = authGen.GetRawOutputStream(); Asn1Generator recipGen = _berEncodeRecipientSet ? (Asn1Generator) new BerSetGenerator(authRaw) : new DerSetGenerator(authRaw); foreach (Asn1Encodable ae in recipientInfos) { recipGen.AddObject(ae); } recipGen.Close(); authGen.AddObject(macAlgId); BerSequenceGenerator eiGen = new BerSequenceGenerator(authRaw); eiGen.AddObject(CmsObjectIdentifiers.Data); Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, false, _bufferSize); IMac mac = MacUtilities.GetMac(macAlgId.ObjectID); // TODO Confirm no ParametersWithRandom needed mac.Init(cipherParameters); Stream mOut = new TeeOutputStream(octetOutputStream, new MacOutputStream(mac)); return(new CmsAuthenticatedDataOutputStream(mOut, mac, cGen, authGen, eiGen)); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } }
public CmsSignedData( CmsProcessable signedContent, byte[] sigBlock) : this(signedContent, CmsUtilities.ReadContentInfo(new MemoryStream(sigBlock, false))) { }
/** * base constructor - content with detached signature. * * @param signedContent the content that was signed. * @param sigData the signature object. */ public CmsSignedData( CmsProcessable signedContent, Stream sigData) : this(signedContent, CmsUtilities.ReadContentInfo(sigData)) { }
public CmsAuthEnvelopedData( Stream authEnvData) : this(CmsUtilities.ReadContentInfo(authEnvData)) { }
public void AddCertificates( IX509Store certStore) { _certs.AddRange(CmsUtilities.GetCertificatesFromStore(certStore)); }
private Stream Open( Stream outStream, AlgorithmIdentifier encAlgID, ICipherParameters cipherParameters, Asn1EncodableVector recipientInfos) { try { // // ContentInfo // BerSequenceGenerator cGen = new BerSequenceGenerator(outStream); cGen.AddObject(CmsObjectIdentifiers.EnvelopedData); // // Encrypted Data // BerSequenceGenerator envGen = new BerSequenceGenerator( cGen.GetRawOutputStream(), 0, true); envGen.AddObject(this.Version); Stream envRaw = envGen.GetRawOutputStream(); Asn1Generator recipGen = _berEncodeRecipientSet ? (Asn1Generator) new BerSetGenerator(envRaw) : new DerSetGenerator(envRaw); foreach (Asn1Encodable ae in recipientInfos) { recipGen.AddObject(ae); } recipGen.Close(); BerSequenceGenerator eiGen = new BerSequenceGenerator(envRaw); eiGen.AddObject(CmsObjectIdentifiers.Data); eiGen.AddObject(encAlgID); Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, false, _bufferSize); IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.Algorithm); cipher.Init(true, new ParametersWithRandom(cipherParameters, rand)); CipherStream cOut = new CipherStream(octetOutputStream, null, cipher); return(new CmsEnvelopedDataOutputStream(this, cOut, cGen, envGen, eiGen)); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } }
/** * generate a signed object that for a CMS Signed Data * object - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. */ public CmsSignedData Generate( string signedContentType, CmsProcessable content, bool encapsulate) { Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector signerInfos = new Asn1EncodableVector(); DerObjectIdentifier contentTypeOID = new DerObjectIdentifier(signedContentType); _digests.Clear(); // clear the current preserved digest state // // add the precalculated SignerInfo objects. // foreach (SignerInformation signer in _signers) { digestAlgs.Add(FixAlgID(signer.DigestAlgorithmID)); signerInfos.Add(signer.ToSignerInfo()); } // // add the SignerInfo objects // foreach (SignerInf signer in signerInfs) { try { digestAlgs.Add(FixAlgID(signer.DigestAlgorithmID)); signerInfos.Add(signer.ToSignerInfo(contentTypeOID, content)); } catch (IOException e) { throw new CmsException("encoding error.", e); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for signature.", e); } catch (SignatureException e) { throw new CmsException("error creating signature.", e); } catch (CertificateEncodingException e) { throw new CmsException("error creating sid.", e); } } Asn1Set certificates = null; if (_certs.Count != 0) { certificates = CmsUtilities.CreateDerSetFromList(_certs); } Asn1Set certrevlist = null; if (_crls.Count != 0) { certrevlist = CmsUtilities.CreateDerSetFromList(_crls); } Asn1OctetString octs = null; if (encapsulate) { MemoryStream bOut = new MemoryStream(); try { content.Write(bOut); } catch (IOException e) { throw new CmsException("encapsulation error.", e); } octs = new BerOctetString(bOut.ToArray()); } Asn1.Cms.ContentInfo encInfo = new Asn1.Cms.ContentInfo(contentTypeOID, octs); Asn1.Cms.SignedData sd = new Asn1.Cms.SignedData( new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos)); Asn1.Cms.ContentInfo contentInfo = new Asn1.Cms.ContentInfo( PkcsObjectIdentifiers.SignedData, sd); return(new CmsSignedData(content, contentInfo)); }
private void DoClose() { Platform.Dispose(_out); // TODO Parent context(s) should really be be closed explicitly _eiGen.Close(); outer._digests.Clear(); // clear the current preserved digest state if (outer._certs.Count > 0) { Asn1Set certs = outer.UseDerForCerts ? CmsUtilities.CreateDerSetFromList(outer._certs) : CmsUtilities.CreateBerSetFromList(outer._certs); WriteToGenerator(_sigGen, new BerTaggedObject(false, 0, certs)); } if (outer._crls.Count > 0) { Asn1Set crls = outer.UseDerForCrls ? CmsUtilities.CreateDerSetFromList(outer._crls) : CmsUtilities.CreateBerSetFromList(outer._crls); WriteToGenerator(_sigGen, new BerTaggedObject(false, 1, crls)); } // // Calculate the digest hashes // foreach (DictionaryEntry de in outer._messageDigests) { outer._messageHashes.Add(de.Key, DigestUtilities.DoFinal((IDigest)de.Value)); } // TODO If the digest OIDs for precalculated signers weren't mixed in with // the others, we could fill in outer._digests here, instead of SignerInfoGenerator.Generate // // collect all the SignerInfo objects // Asn1EncodableVector signerInfos = new Asn1EncodableVector(); // // add the generated SignerInfo objects // { foreach (DigestAndSignerInfoGeneratorHolder holder in outer._signerInfs) { AlgorithmIdentifier digestAlgorithm = holder.DigestAlgorithm; byte[] calculatedDigest = (byte[])outer._messageHashes[ Helper.GetDigestAlgName(holder.digestOID)]; outer._digests[holder.digestOID] = calculatedDigest.Clone(); signerInfos.Add(holder.signerInf.Generate(_contentOID, digestAlgorithm, calculatedDigest)); } } // // add the precalculated SignerInfo objects. // { foreach (SignerInformation signer in outer._signers) { // TODO Verify the content type and calculated digest match the precalculated SignerInfo // if (!signer.ContentType.Equals(_contentOID)) // { // // TODO The precalculated content type did not match - error? // } // // byte[] calculatedDigest = (byte[])outer._digests[signer.DigestAlgOid]; // if (calculatedDigest == null) // { // // TODO We can't confirm this digest because we didn't calculate it - error? // } // else // { // if (!Arrays.AreEqual(signer.GetContentDigest(), calculatedDigest)) // { // // TODO The precalculated digest did not match - error? // } // } signerInfos.Add(signer.ToSignerInfo()); } } WriteToGenerator(_sigGen, new DerSet(signerInfos)); _sigGen.Close(); _sGen.Close(); }
/** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. * @param out stream the CMS object is to be written to. * @param signedContentType OID for data to be signed. * @param encapsulate true if data should be encapsulated. * @param dataOutputStream output stream to copy the data being signed to. */ public Stream Open( Stream outStream, string signedContentType, bool encapsulate, Stream dataOutputStream) { if (outStream == null) { throw new ArgumentNullException("outStream"); } if (!outStream.CanWrite) { throw new ArgumentException("Expected writeable stream", "outStream"); } if (dataOutputStream != null && !dataOutputStream.CanWrite) { throw new ArgumentException("Expected writeable stream", "dataOutputStream"); } _messageDigestsLocked = true; // // ContentInfo // BerSequenceGenerator sGen = new BerSequenceGenerator(outStream); sGen.AddObject(CmsObjectIdentifiers.SignedData); // // Signed Data // BerSequenceGenerator sigGen = new BerSequenceGenerator( sGen.GetRawOutputStream(), 0, true); bool isCounterSignature = (signedContentType == null); DerObjectIdentifier contentTypeOid = isCounterSignature ? null : new DerObjectIdentifier(signedContentType); sigGen.AddObject(CalculateVersion(contentTypeOid)); Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); foreach (string digestOid in _messageDigestOids) { digestAlgs.Add( new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); } { byte[] tmp = new DerSet(digestAlgs).GetEncoded(); sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); } BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(contentTypeOid); // If encapsulating, add the data as an octet string in the sequence Stream encapStream = encapsulate ? CmsUtilities.CreateBerOctetOutputStream(eiGen.GetRawOutputStream(), 0, true, _bufferSize) : null; // Also send the data to 'dataOutputStream' if necessary Stream teeStream = GetSafeTeeOutputStream(dataOutputStream, encapStream); // Let all the digests see the data as it is written Stream digStream = AttachDigestsToOutputStream(_messageDigests.Values, teeStream); return(new CmsSignedDataOutputStream(this, digStream, signedContentType, sGen, sigGen, eiGen)); }
} //IL_0003: Unknown result type (might be due to invalid IL or missing references) //IL_000d: Expected O, but got Unknown public CmsSignedData(CmsProcessable signedContent, byte[] sigBlock) : this(signedContent, CmsUtilities.ReadContentInfo((Stream) new MemoryStream(sigBlock, false))) { } //IL_0004: Unknown result type (might be due to invalid IL or missing references)
/** * Replace the certificate and CRL information associated with this * CmsSignedData object with the new one passed in. * * @param signedData the signed data object to be used as a base. * @param x509Certs the new certificates to be used. * @param x509Crls the new CRLs to be used. * @return a new signed data object. * @exception CmsException if there is an error processing the stores */ public static CmsSignedData ReplaceCertificatesAndCrls( CmsSignedData signedData, IX509Store x509Certs, IX509Store x509Crls, IX509Store x509AttrCerts) { if (x509AttrCerts != null) { throw Platform.CreateNotImplementedException("Currently can't replace attribute certificates"); } // // copy // CmsSignedData cms = new CmsSignedData(signedData); // // replace the certs and crls in the SignedData object // Asn1Set certs = null; try { Asn1Set asn1Set = CmsUtilities.CreateBerSetFromList( CmsUtilities.GetCertificatesFromStore(x509Certs)); if (asn1Set.Count != 0) { certs = asn1Set; } } catch (X509StoreException e) { throw new CmsException("error getting certificates from store", e); } Asn1Set crls = null; try { Asn1Set asn1Set = CmsUtilities.CreateBerSetFromList( CmsUtilities.GetCrlsFromStore(x509Crls)); if (asn1Set.Count != 0) { crls = asn1Set; } } catch (X509StoreException e) { throw new CmsException("error getting CRLs from store", e); } // // replace the CMS structure. // SignedData old = signedData.signedData; cms.signedData = new SignedData( old.DigestAlgorithms, old.EncapContentInfo, certs, crls, old.SignerInfos); // // replace the contentInfo with the new one // cms.contentInfo = new ContentInfo(cms.contentInfo.ContentType, cms.signedData); return(cms); }
public void AddCrls( IX509Store crlStore) { _crls.AddRange(CmsUtilities.GetCrlsFromStore(crlStore)); }
public CmsSignedData( byte[] sigBlock) : this(CmsUtilities.ReadContentInfo(new MemoryStream(sigBlock, false))) { }
public void AddCertificates(IX509Store certStore) { CollectionUtilities.AddRange(_certs, CmsUtilities.GetCertificatesFromStore(certStore)); }
/** * Content with detached signature, digests precomputed * * @param hashes a map of precomputed digests for content indexed by name of hash. * @param sigBlock the signature object. */ public CmsSignedData( IDictionary hashes, byte[] sigBlock) : this(hashes, CmsUtilities.ReadContentInfo(sigBlock)) { }
public void AddCrls(IX509Store crlStore) { CollectionUtilities.AddRange(_crls, CmsUtilities.GetCrlsFromStore(crlStore)); }
public OriginatorInfoGenerator(IX509Store origCerts, IX509Store origCrls) { this.origCerts = CmsUtilities.GetCertificatesFromStore(origCerts); this.origCrls = ((origCrls == null) ? null : CmsUtilities.GetCrlsFromStore(origCrls)); }
internal static SignerIdentifier GetSignerIdentifier(X509Certificate cert) { return(new SignerIdentifier(CmsUtilities.GetIssuerAndSerialNumber(cert))); }
public CmsCompressedData( Stream compressedDataStream) : this(CmsUtilities.ReadContentInfo(compressedDataStream)) { }
public CmsEnvelopedData( byte[] envelopedData) : this(CmsUtilities.ReadContentInfo(envelopedData)) { }
/** * Replace the certificate and CRL information associated with this * CMSSignedData object with the new one passed in. * <p> * The output stream is returned unclosed. * </p> * @param original the signed data stream to be used as a base. * @param certsAndCrls the new certificates and CRLs to be used. * @param out the stream to Write the new signed data object to. * @return out. * @exception CmsException if there is an error processing the CertStore */ public static Stream ReplaceCertificatesAndCrls( Stream original, IX509Store x509Certs, IX509Store x509Crls, IX509Store x509AttrCerts, Stream outStr) { if (x509AttrCerts != null) { throw new NotImplementedException("Currently can't replace attribute certificates"); } Asn1StreamParser inStr = new Asn1StreamParser(original, CmsUtilities.MaximumMemory); ContentInfoParser contentInfo = new ContentInfoParser((Asn1SequenceParser)inStr.ReadObject()); SignedDataParser signedData = SignedDataParser.GetInstance(contentInfo.GetContent(Asn1Tags.Sequence)); BerSequenceGenerator sGen = new BerSequenceGenerator(outStr); sGen.AddObject(CmsObjectIdentifiers.SignedData); BerSequenceGenerator sigGen = new BerSequenceGenerator(sGen.GetRawOutputStream(), 0, true); // version number sigGen.AddObject(signedData.Version); // digests WriteToGenerator(sigGen, signedData.GetDigestAlgorithms().ToAsn1Object()); // encap content info ContentInfoParser encapContentInfo = signedData.GetEncapContentInfo(); BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(encapContentInfo.ContentType); Asn1OctetStringParser octs = (Asn1OctetStringParser)encapContentInfo.GetContent(Asn1Tags.OctetString); if (octs != null) { BerOctetStringGenerator octGen = new BerOctetStringGenerator(eiGen.GetRawOutputStream(), 0, true); byte[] inBuffer = new byte[4096]; byte[] outBuffer = new byte[4096]; Stream inOctets = octs.GetOctetStream(); Stream outOctets = octGen.GetOctetOutputStream(outBuffer); int len; while ((len = inOctets.Read(inBuffer, 0, inBuffer.Length)) > 0) { outOctets.Write(inBuffer, 0, len); } outOctets.Close(); } eiGen.Close(); // // skip existing certs and CRLs // Asn1SetParser set = signedData.GetCertificates(); if (set != null) { set.ToAsn1Object(); } set = signedData.GetCrls(); if (set != null) { set.ToAsn1Object(); } // // replace the certs and crls in the SignedData object // Asn1Set certs; try { certs = CmsUtilities.CreateDerSetFromList( CmsUtilities.GetCertificatesFromStore(x509Certs)); } catch (X509StoreException e) { throw new CmsException("error getting certs from certStore", e); } if (certs.Count > 0) { WriteToGenerator(sigGen, new DerTaggedObject(false, 0, certs)); } Asn1Set crls; try { crls = CmsUtilities.CreateDerSetFromList( CmsUtilities.GetCrlsFromStore(x509Crls)); } catch (X509StoreException e) { throw new CmsException("error getting crls from certStore", e); } if (crls.Count > 0) { WriteToGenerator(sigGen, new DerTaggedObject(false, 1, crls)); } WriteToGenerator(sigGen, signedData.GetSignerInfos().ToAsn1Object()); sigGen.Close(); sGen.Close(); return(outStr); }
public CmsAuthenticatedData( Stream authData) : this(CmsUtilities.ReadContentInfo(authData)) { }