private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath)
{
byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath);
X509Certificate2 card = GetCertificate(request);
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate();
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(dataToSign);
CmsSignedData signedData = generator.Generate(content, false);
string outputDirectory = Path.GetDirectoryName(manifestFileAndPath);
string signatureFileAndPath = Path.Combine(outputDirectory, "signature");
File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded());
}
private void SignManigestFile(PassGeneratorRequest request)
{
X509Certificate2 card = GetCertificate(request);
if (card == null)
{
throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
}
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate();
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(manifestFile);
CmsSignedData signedData = generator.Generate(content, false);
signatureFile = signedData.GetEncoded();
}
public static IX509Store Create(
string type,
IX509StoreParameters parameters)
{
if (type == null)
{
throw new ArgumentNullException("type");
}
string[] parts = type.ToUpper(CultureInfo.InvariantCulture).Split('/');
if (parts.Length < 2)
{
throw new ArgumentException("type");
}
switch (parts[0])
{
case "ATTRIBUTECERTIFICATE":
case "CERTIFICATE":
case "CERTIFICATEPAIR":
case "CRL":
{
if (parts[1] == "COLLECTION")
{
X509CollectionStoreParameters p = (X509CollectionStoreParameters)parameters;
return(new X509CollectionStore(p.GetCollection()));
}
break;
}
}
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
private void SignManigestFile(PassGeneratorRequest request)
{
Trace.TraceInformation("Signing the manifest file...");
X509Certificate2 card = GetCertificate(request);
if (card == null)
{
throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
}
X509Certificate2 appleCA = GetAppleCertificate(request);
if (appleCA == null)
{
throw new FileNotFoundException("Apple Certficate could not be found. Please downloaad from http://www.apple.com/certificateauthority/ and install into your LOCAL MACHINE certificate store.");
}
try
{
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
Trace.TraceInformation("Fetching Apple Certificate for signing..");
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
Trace.TraceInformation("Constructing the certificate chain..");
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
Trace.TraceInformation("Processing the signature..");
CmsProcessable content = new CmsProcessableByteArray(manifestFile);
CmsSignedData signedData = generator.Generate(content, false);
signatureFile = signedData.GetEncoded();
Trace.TraceInformation("The file has been successfully signed!");
}
catch (Exception exp)
{
Trace.TraceError("Failed to sign the manifest file: [{0}]", exp.Message);
throw new ManifestSigningException("Failed to sign manifest", exp);
}
}
public static IX509Store Create(string type, IX509StoreParameters parameters)
{
if (type == null)
{
throw new ArgumentNullException("type");
}
string[] array = Platform.ToUpperInvariant(type).Split(new char[]
{
'/'
});
if (array.Length < 2)
{
throw new ArgumentException("type");
}
if (array[1] != "COLLECTION")
{
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
X509CollectionStoreParameters x509CollectionStoreParameters = (X509CollectionStoreParameters)parameters;
ICollection collection = x509CollectionStoreParameters.GetCollection();
string a;
if ((a = array[0]) != null)
{
if (!(a == "ATTRIBUTECERTIFICATE"))
{
if (!(a == "CERTIFICATE"))
{
if (!(a == "CERTIFICATEPAIR"))
{
if (!(a == "CRL"))
{
goto IL_F8;
}
X509StoreFactory.checkCorrectType(collection, typeof(X509Crl));
}
else
{
X509StoreFactory.checkCorrectType(collection, typeof(X509CertificatePair));
}
}
else
{
X509StoreFactory.checkCorrectType(collection, typeof(X509Certificate));
}
}
else
{
X509StoreFactory.checkCorrectType(collection, typeof(IX509AttributeCertificate));
}
return(new X509CollectionStore(collection));
}
IL_F8:
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
/// <summary>
/// Signiert die Daten mit dem angegebenen Absender-Zertifikat
/// </summary>
/// <param name="data">Die zu signierenden Daten</param>
/// <param name="privateKey">Der private Schlüssel mit dem signiert werden soll (passend zum Zeritifikat <paramref name="cert"/>)</param>
/// <param name="cert">Das Absender-Zertifikat</param>
/// <param name="certs">Die Zertifikate, die zusätzlich im Ergebnis gespeichert werden sollen (z.B. für eine Zertifkatskette)</param>
/// <returns>Die signierten Daten</returns>
public static byte[] SignData(byte[] data, AsymmetricKeyParameter privateKey, X509Certificate cert, IEnumerable<X509Certificate> certs = null)
{
var gen = new CmsSignedDataGenerator();
var allCerts = new List<X509Certificate>();
if (certs != null)
allCerts.AddRange(certs);
var storeParams = new X509CollectionStoreParameters(allCerts);
var certStore = X509StoreFactory.Create("Certificate/Collection", storeParams);
gen.AddCertificates(certStore);
gen.AddSigner(privateKey, cert, NistObjectIdentifiers.IdSha256.Id);
var message = new CmsProcessableByteArray(data);
var signedData = gen.Generate(message, true);
return signedData.GetEncoded();
}
public static IX509Store Create(
string type,
IX509StoreParameters parameters)
{
if (type == null)
{
throw new ArgumentNullException("type");
}
string[] parts = Platform.ToUpperInvariant(type).Split('/');
if (parts.Length < 2)
{
throw new ArgumentException("type");
}
if (parts[1] != "COLLECTION")
{
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
X509CollectionStoreParameters p = (X509CollectionStoreParameters)parameters;
ICollection coll = p.GetCollection();
switch (parts[0])
{
case "ATTRIBUTECERTIFICATE":
checkCorrectType(coll, typeof(IX509AttributeCertificate));
break;
case "CERTIFICATE":
checkCorrectType(coll, typeof(X509Certificate));
break;
case "CERTIFICATEPAIR":
checkCorrectType(coll, typeof(X509CertificatePair));
break;
case "CRL":
checkCorrectType(coll, typeof(X509Crl));
break;
default:
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
return(new X509CollectionStore(coll));
}
public static IX509Store Create(string type, IX509StoreParameters parameters)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
//IL_0032: Unknown result type (might be due to invalid IL or missing references)
if (type == null)
{
throw new ArgumentNullException("type");
}
string[] array = Platform.ToUpperInvariant(type).Split(new char[1] {
'/'
});
if (array.Length < 2)
{
throw new ArgumentException("type");
}
if (array[1] != "COLLECTION")
{
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
X509CollectionStoreParameters x509CollectionStoreParameters = (X509CollectionStoreParameters)parameters;
global::System.Collections.ICollection collection = x509CollectionStoreParameters.GetCollection();
switch (array[0])
{
case "ATTRIBUTECERTIFICATE":
checkCorrectType(collection, typeof(IX509AttributeCertificate));
break;
case "CERTIFICATE":
checkCorrectType(collection, typeof(X509Certificate));
break;
case "CERTIFICATEPAIR":
checkCorrectType(collection, typeof(X509CertificatePair));
break;
case "CRL":
checkCorrectType(collection, typeof(X509Crl));
break;
default:
throw new NoSuchStoreException("X.509 store type '" + type + "' not available.");
}
return(new X509CollectionStore(collection));
}
private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath)
{
byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath);
X509Certificate2 card = GetCertificate(request);
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate();
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(dataToSign);
CmsSignedData signedData = generator.Generate(content, false);
string outputDirectory = Path.GetDirectoryName(manifestFileAndPath);
string signatureFileAndPath = Path.Combine(outputDirectory, "signature");
File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded());
}
static IEnumerable<Org.BouncyCastle.X509.X509Certificate> BuildCertificateChainBC(byte[] primary, IEnumerable<byte[]> additional)
{
X509CertificateParser parser = new X509CertificateParser();
PkixCertPathBuilder builder = new PkixCertPathBuilder();
// Separate root from itermediate
var intermediateCerts = new List<Org.BouncyCastle.X509.X509Certificate>();
HashSet rootCerts = new HashSet();
foreach (byte[] cert in additional)
{
var x509Cert = parser.ReadCertificate(cert);
// Separate root and subordinate certificates
if (x509Cert.IssuerDN.Equivalent(x509Cert.SubjectDN))
rootCerts.Add(new TrustAnchor(x509Cert, null));
else
intermediateCerts.Add(x509Cert);
}
// Create chain for this certificate
X509CertStoreSelector holder = new X509CertStoreSelector();
holder.Certificate = parser.ReadCertificate(primary);
// WITHOUT THIS LINE BUILDER CANNOT BEGIN BUILDING THE CHAIN
intermediateCerts.Add(holder.Certificate);
PkixBuilderParameters builderParams = new PkixBuilderParameters(rootCerts, holder);
builderParams.IsRevocationEnabled = false;
X509CollectionStoreParameters intermediateStoreParameters =
new X509CollectionStoreParameters(intermediateCerts);
builderParams.AddStore(X509StoreFactory.Create(
"Certificate/Collection", intermediateStoreParameters));
PkixCertPathBuilderResult result = builder.Build(builderParams);
return result.CertPath.Certificates.Cast<Org.BouncyCastle.X509.X509Certificate>();
}
private void SignManigestFile(PassGeneratorRequest request)
{
X509Certificate2 card = GetCertificate(request);
if (card == null)
{
throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
}
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate(request);
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(manifestFile);
CmsSignedData signedData = generator.Generate(content, false);
signatureFile = signedData.GetEncoded();
}
private void SignManigestFile(PassGeneratorRequest request)
{
Trace.TraceInformation("Signing the manifest file...");
X509Certificate2 card = GetCertificate(request);
if (card == null)
{
throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
}
try
{
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
Trace.TraceInformation("Fetching Apple Certificate for signing..");
X509Certificate2 appleCA = GetAppleCertificate(request);
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
Trace.TraceInformation("Constructing the certificate chain..");
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
Trace.TraceInformation("Processing the signature..");
CmsProcessable content = new CmsProcessableByteArray(manifestFile);
CmsSignedData signedData = generator.Generate(content, false);
signatureFile = signedData.GetEncoded();
Trace.TraceInformation("The file has been successfully signed!");
}
catch (Exception exp)
{
Trace.TraceError("Failed to sign the manifest file: [{0}]", exp.Message);
throw new ManifestSigningException("Failed to sign manifest", exp);
}
}
//jbonilla - Por algún motivo, no devuleve el certificado root.
public static X509Certificate[] BuildCertificateChainBC(X509Certificate checkCert, ICollection<X509Certificate> keystore)
{
PkixCertPathBuilder builder = new PkixCertPathBuilder();
// Separate root from itermediate
List<X509Certificate> intermediateCerts = new List<X509Certificate>();
HashSet rootCerts = new HashSet();
foreach (X509Certificate cert in keystore)
{
// Separate root and subordinate certificates
if (IsSelfSigned(cert))
rootCerts.Add(new TrustAnchor(cert, null));
else
intermediateCerts.Add(cert);
}
// Create chain for this certificate
X509CertStoreSelector holder = new X509CertStoreSelector();
holder.Certificate = checkCert;
// WITHOUT THIS LINE BUILDER CANNOT BEGIN BUILDING THE CHAIN
intermediateCerts.Add(holder.Certificate);
PkixBuilderParameters builderParams = new PkixBuilderParameters(rootCerts, holder);
builderParams.IsRevocationEnabled = false;
X509CollectionStoreParameters intermediateStoreParameters =
new X509CollectionStoreParameters(intermediateCerts);
builderParams.AddStore(X509StoreFactory.Create(
"Certificate/Collection", intermediateStoreParameters));
PkixCertPathBuilderResult result = builder.Build(builderParams);
List<X509Certificate> chain = new List<X509Certificate>();
foreach(X509Certificate cert in result.CertPath.Certificates)
{
chain.Add(cert);
}
return chain.ToArray();
}
