X509Store
private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath) { byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath); X509Certificate2 card = GetCertificate(request); Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(dataToSign); CmsSignedData signedData = generator.Generate(content, false); string outputDirectory = Path.GetDirectoryName(manifestFileAndPath); string signatureFileAndPath = Path.Combine(outputDirectory, "signature"); File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded()); }
private void SignManigestFile(PassGeneratorRequest request) { X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); }
public static IX509Store Create( string type, IX509StoreParameters parameters) { if (type == null) { throw new ArgumentNullException("type"); } string[] parts = type.ToUpper(CultureInfo.InvariantCulture).Split('/'); if (parts.Length < 2) { throw new ArgumentException("type"); } switch (parts[0]) { case "ATTRIBUTECERTIFICATE": case "CERTIFICATE": case "CERTIFICATEPAIR": case "CRL": { if (parts[1] == "COLLECTION") { X509CollectionStoreParameters p = (X509CollectionStoreParameters)parameters; return(new X509CollectionStore(p.GetCollection())); } break; } } throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); }
private void SignManigestFile(PassGeneratorRequest request) { Trace.TraceInformation("Signing the manifest file..."); X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } X509Certificate2 appleCA = GetAppleCertificate(request); if (appleCA == null) { throw new FileNotFoundException("Apple Certficate could not be found. Please downloaad from http://www.apple.com/certificateauthority/ and install into your LOCAL MACHINE certificate store."); } try { Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; Trace.TraceInformation("Fetching Apple Certificate for signing.."); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); Trace.TraceInformation("Constructing the certificate chain.."); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); Trace.TraceInformation("Processing the signature.."); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); Trace.TraceInformation("The file has been successfully signed!"); } catch (Exception exp) { Trace.TraceError("Failed to sign the manifest file: [{0}]", exp.Message); throw new ManifestSigningException("Failed to sign manifest", exp); } }
public static IX509Store Create(string type, IX509StoreParameters parameters) { if (type == null) { throw new ArgumentNullException("type"); } string[] array = Platform.ToUpperInvariant(type).Split(new char[] { '/' }); if (array.Length < 2) { throw new ArgumentException("type"); } if (array[1] != "COLLECTION") { throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); } X509CollectionStoreParameters x509CollectionStoreParameters = (X509CollectionStoreParameters)parameters; ICollection collection = x509CollectionStoreParameters.GetCollection(); string a; if ((a = array[0]) != null) { if (!(a == "ATTRIBUTECERTIFICATE")) { if (!(a == "CERTIFICATE")) { if (!(a == "CERTIFICATEPAIR")) { if (!(a == "CRL")) { goto IL_F8; } X509StoreFactory.checkCorrectType(collection, typeof(X509Crl)); } else { X509StoreFactory.checkCorrectType(collection, typeof(X509CertificatePair)); } } else { X509StoreFactory.checkCorrectType(collection, typeof(X509Certificate)); } } else { X509StoreFactory.checkCorrectType(collection, typeof(IX509AttributeCertificate)); } return(new X509CollectionStore(collection)); } IL_F8: throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); }
/// <summary> /// Signiert die Daten mit dem angegebenen Absender-Zertifikat /// </summary> /// <param name="data">Die zu signierenden Daten</param> /// <param name="privateKey">Der private Schlüssel mit dem signiert werden soll (passend zum Zeritifikat <paramref name="cert"/>)</param> /// <param name="cert">Das Absender-Zertifikat</param> /// <param name="certs">Die Zertifikate, die zusätzlich im Ergebnis gespeichert werden sollen (z.B. für eine Zertifkatskette)</param> /// <returns>Die signierten Daten</returns> public static byte[] SignData(byte[] data, AsymmetricKeyParameter privateKey, X509Certificate cert, IEnumerable<X509Certificate> certs = null) { var gen = new CmsSignedDataGenerator(); var allCerts = new List<X509Certificate>(); if (certs != null) allCerts.AddRange(certs); var storeParams = new X509CollectionStoreParameters(allCerts); var certStore = X509StoreFactory.Create("Certificate/Collection", storeParams); gen.AddCertificates(certStore); gen.AddSigner(privateKey, cert, NistObjectIdentifiers.IdSha256.Id); var message = new CmsProcessableByteArray(data); var signedData = gen.Generate(message, true); return signedData.GetEncoded(); }
public static IX509Store Create( string type, IX509StoreParameters parameters) { if (type == null) { throw new ArgumentNullException("type"); } string[] parts = Platform.ToUpperInvariant(type).Split('/'); if (parts.Length < 2) { throw new ArgumentException("type"); } if (parts[1] != "COLLECTION") { throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); } X509CollectionStoreParameters p = (X509CollectionStoreParameters)parameters; ICollection coll = p.GetCollection(); switch (parts[0]) { case "ATTRIBUTECERTIFICATE": checkCorrectType(coll, typeof(IX509AttributeCertificate)); break; case "CERTIFICATE": checkCorrectType(coll, typeof(X509Certificate)); break; case "CERTIFICATEPAIR": checkCorrectType(coll, typeof(X509CertificatePair)); break; case "CRL": checkCorrectType(coll, typeof(X509Crl)); break; default: throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); } return(new X509CollectionStore(coll)); }
public static IX509Store Create(string type, IX509StoreParameters parameters) { //IL_0008: Unknown result type (might be due to invalid IL or missing references) //IL_0032: Unknown result type (might be due to invalid IL or missing references) if (type == null) { throw new ArgumentNullException("type"); } string[] array = Platform.ToUpperInvariant(type).Split(new char[1] { '/' }); if (array.Length < 2) { throw new ArgumentException("type"); } if (array[1] != "COLLECTION") { throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); } X509CollectionStoreParameters x509CollectionStoreParameters = (X509CollectionStoreParameters)parameters; global::System.Collections.ICollection collection = x509CollectionStoreParameters.GetCollection(); switch (array[0]) { case "ATTRIBUTECERTIFICATE": checkCorrectType(collection, typeof(IX509AttributeCertificate)); break; case "CERTIFICATE": checkCorrectType(collection, typeof(X509Certificate)); break; case "CERTIFICATEPAIR": checkCorrectType(collection, typeof(X509CertificatePair)); break; case "CRL": checkCorrectType(collection, typeof(X509Crl)); break; default: throw new NoSuchStoreException("X.509 store type '" + type + "' not available."); } return(new X509CollectionStore(collection)); }
static IEnumerable<Org.BouncyCastle.X509.X509Certificate> BuildCertificateChainBC(byte[] primary, IEnumerable<byte[]> additional) { X509CertificateParser parser = new X509CertificateParser(); PkixCertPathBuilder builder = new PkixCertPathBuilder(); // Separate root from itermediate var intermediateCerts = new List<Org.BouncyCastle.X509.X509Certificate>(); HashSet rootCerts = new HashSet(); foreach (byte[] cert in additional) { var x509Cert = parser.ReadCertificate(cert); // Separate root and subordinate certificates if (x509Cert.IssuerDN.Equivalent(x509Cert.SubjectDN)) rootCerts.Add(new TrustAnchor(x509Cert, null)); else intermediateCerts.Add(x509Cert); } // Create chain for this certificate X509CertStoreSelector holder = new X509CertStoreSelector(); holder.Certificate = parser.ReadCertificate(primary); // WITHOUT THIS LINE BUILDER CANNOT BEGIN BUILDING THE CHAIN intermediateCerts.Add(holder.Certificate); PkixBuilderParameters builderParams = new PkixBuilderParameters(rootCerts, holder); builderParams.IsRevocationEnabled = false; X509CollectionStoreParameters intermediateStoreParameters = new X509CollectionStoreParameters(intermediateCerts); builderParams.AddStore(X509StoreFactory.Create( "Certificate/Collection", intermediateStoreParameters)); PkixCertPathBuilderResult result = builder.Build(builderParams); return result.CertPath.Certificates.Cast<Org.BouncyCastle.X509.X509Certificate>(); }
private void SignManigestFile(PassGeneratorRequest request) { X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; X509Certificate2 appleCA = GetAppleCertificate(request); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); }
private void SignManigestFile(PassGeneratorRequest request) { Trace.TraceInformation("Signing the manifest file..."); X509Certificate2 card = GetCertificate(request); if (card == null) { throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct."); } try { Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private; Trace.TraceInformation("Fetching Apple Certificate for signing.."); X509Certificate2 appleCA = GetAppleCertificate(request); Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA); Trace.TraceInformation("Constructing the certificate chain.."); ArrayList intermediateCerts = new ArrayList(); intermediateCerts.Add(appleCert); intermediateCerts.Add(cert); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1); generator.AddCertificates(st1); Trace.TraceInformation("Processing the signature.."); CmsProcessable content = new CmsProcessableByteArray(manifestFile); CmsSignedData signedData = generator.Generate(content, false); signatureFile = signedData.GetEncoded(); Trace.TraceInformation("The file has been successfully signed!"); } catch (Exception exp) { Trace.TraceError("Failed to sign the manifest file: [{0}]", exp.Message); throw new ManifestSigningException("Failed to sign manifest", exp); } }
//jbonilla - Por algún motivo, no devuleve el certificado root. public static X509Certificate[] BuildCertificateChainBC(X509Certificate checkCert, ICollection<X509Certificate> keystore) { PkixCertPathBuilder builder = new PkixCertPathBuilder(); // Separate root from itermediate List<X509Certificate> intermediateCerts = new List<X509Certificate>(); HashSet rootCerts = new HashSet(); foreach (X509Certificate cert in keystore) { // Separate root and subordinate certificates if (IsSelfSigned(cert)) rootCerts.Add(new TrustAnchor(cert, null)); else intermediateCerts.Add(cert); } // Create chain for this certificate X509CertStoreSelector holder = new X509CertStoreSelector(); holder.Certificate = checkCert; // WITHOUT THIS LINE BUILDER CANNOT BEGIN BUILDING THE CHAIN intermediateCerts.Add(holder.Certificate); PkixBuilderParameters builderParams = new PkixBuilderParameters(rootCerts, holder); builderParams.IsRevocationEnabled = false; X509CollectionStoreParameters intermediateStoreParameters = new X509CollectionStoreParameters(intermediateCerts); builderParams.AddStore(X509StoreFactory.Create( "Certificate/Collection", intermediateStoreParameters)); PkixCertPathBuilderResult result = builder.Build(builderParams); List<X509Certificate> chain = new List<X509Certificate>(); foreach(X509Certificate cert in result.CertPath.Certificates) { chain.Add(cert); } return chain.ToArray(); }