private unsafe void CounterSign(CmsSigner signer)
{
// Sanity check.
Debug.Assert(signer != null);
//
CspParameters parameters = new CspParameters();
if (X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters) == false)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
kp.AccessEntries.Add(entry);
kp.Demand();
// Get the signer's index.
uint index = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0);
// Create CMSG_SIGNER_ENCODE_INFO structure.
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try {
// Marshal to unmanaged memory.
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
// Counter sign.
if (!CAPI.CryptMsgCountersign(m_signedCms.GetCryptMsgHandle(),
index,
1,
pSignerEncodeInfo.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
// CAPI requires that the messge be re-encoded if any unauthenticated
// attribute has been added. So, let's re-open it to decode to work
// around this limitation.
m_signedCms.ReopenToDecode();
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
// and don't forget to dispose of resources allocated for the structure.
signerEncodeInfo.Dispose();
}
// Finally, add certs to bag of certs.
PkcsUtils.AddCertsToMessage(m_signedCms.GetCryptMsgHandle(), m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
return;
}
private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission containerPermission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
containerPermission.AccessEntries.Add(accessEntry);
containerPermission.Demand();
uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
private void CoSign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
try
{
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(64U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
if (!CAPI.CryptMsgControl(this.m_safeCryptMsgHandle, 0U, 6U, localAllocHandle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
}
}
finally
{
signerEncodeInfo.Dispose();
}
int num = (int)PkcsUtils.AddCertsToMessage(this.m_safeCryptMsgHandle, this.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
private void CoSign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
try {
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try {
// Marshal to unmanaged memory.
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
// Add the signature.
if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
0,
CAPI.CMSG_CTRL_ADD_SIGNER,
pSignerEncodeInfo.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
}
}
finally {
// and don't forget to dispose of resources allocated for the structure.
signerEncodeInfo.Dispose();
}
// Finally, add certs to bag of certs.
PkcsUtils.AddCertsToMessage(m_safeCryptMsgHandle, Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
private unsafe void Sign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNED_ENCODE_INFO signedEncodeInfo = new CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNED_ENCODE_INFO)));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
byte[] encodedMessage = (byte[])null;
try
{
SafeLocalAllocHandle localAllocHandle = CAPI.LocalAlloc(0U, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr((object)signerEncodeInfo, localAllocHandle.DangerousGetHandle(), false);
X509Certificate2Collection bagOfCertificates = PkcsUtils.CreateBagOfCertificates(signer);
SafeLocalAllocHandle encodedCertBlob = PkcsUtils.CreateEncodedCertBlob(bagOfCertificates);
signedEncodeInfo.cSigners = 1U;
signedEncodeInfo.rgSigners = localAllocHandle.DangerousGetHandle();
signedEncodeInfo.cCertEncoded = (uint)bagOfCertificates.Count;
if (bagOfCertificates.Count > 0)
{
signedEncodeInfo.rgCertEncoded = encodedCertBlob.DangerousGetHandle();
}
SafeCryptMsgHandle safeCryptMsgHandle = string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) != 0 ? CAPI.CryptMsgOpenToEncode(65537U, this.Detached ? 4U : 0U, 2U, new IntPtr((void *)&signedEncodeInfo), this.ContentInfo.ContentType.Value, IntPtr.Zero) : CAPI.CryptMsgOpenToEncode(65537U, this.Detached ? 4U : 0U, 2U, new IntPtr((void *)&signedEncodeInfo), IntPtr.Zero, IntPtr.Zero);
if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (this.ContentInfo.Content.Length > 0 && !CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
encodedMessage = PkcsUtils.GetContent(safeCryptMsgHandle);
safeCryptMsgHandle.Dispose();
encodedCertBlob.Dispose();
}
finally
{
Marshal.DestroyStructure(localAllocHandle.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
localAllocHandle.Dispose();
}
}
finally
{
signerEncodeInfo.Dispose();
}
SafeCryptMsgHandle safeCryptMsgHandle1 = SignedCms.OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if (this.m_safeCryptMsgHandle != null && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = safeCryptMsgHandle1;
GC.KeepAlive((object)signer);
}
private unsafe void Sign(CmsSigner signer, bool silent)
{
SafeCryptMsgHandle safeCryptMsgHandle = null;
CAPI.CMSG_SIGNED_ENCODE_INFO signedEncodeInfo = new CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNED_ENCODE_INFO)));
SafeCryptProvHandle safeCryptProvHandle;
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent, out safeCryptProvHandle);
byte[] encodedMessage = null;
try {
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LMEM_FIXED, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try {
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
X509Certificate2Collection bagOfCerts = PkcsUtils.CreateBagOfCertificates(signer);
SafeLocalAllocHandle pEncodedBagOfCerts = PkcsUtils.CreateEncodedCertBlob(bagOfCerts);
signedEncodeInfo.cSigners = 1;
signedEncodeInfo.rgSigners = pSignerEncodeInfo.DangerousGetHandle();
signedEncodeInfo.cCertEncoded = (uint)bagOfCerts.Count;
if (bagOfCerts.Count > 0)
{
signedEncodeInfo.rgCertEncoded = pEncodedBagOfCerts.DangerousGetHandle();
}
// Because of the way CAPI treats inner content OID, we should pass NULL
// for data type, otherwise detached will not work.
if (String.Compare(this.ContentInfo.ContentType.Value, CAPI.szOID_RSA_data, StringComparison.OrdinalIgnoreCase) == 0)
{
safeCryptMsgHandle = CAPI.CryptMsgOpenToEncode(CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
Detached ? CAPI.CMSG_DETACHED_FLAG : 0,
CAPI.CMSG_SIGNED,
new IntPtr(&signedEncodeInfo),
IntPtr.Zero,
IntPtr.Zero);
}
else
{
safeCryptMsgHandle = CAPI.CryptMsgOpenToEncode(CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
Detached ? CAPI.CMSG_DETACHED_FLAG : 0,
CAPI.CMSG_SIGNED,
new IntPtr(&signedEncodeInfo),
this.ContentInfo.ContentType.Value,
IntPtr.Zero);
}
if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (this.ContentInfo.Content.Length > 0)
{
if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
// Retrieve encoded message.
encodedMessage = PkcsUtils.GetContent(safeCryptMsgHandle);
safeCryptMsgHandle.Dispose();
pEncodedBagOfCerts.Dispose();
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
}
}
finally {
// Don't forget to free all the resource still held inside signerEncodeInfo.
signerEncodeInfo.Dispose();
safeCryptProvHandle.Dispose();
}
// Re-open to decode.
safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if (m_safeCryptMsgHandle != null && !m_safeCryptMsgHandle.IsInvalid)
{
m_safeCryptMsgHandle.Dispose();
}
m_safeCryptMsgHandle = safeCryptMsgHandle;
GC.KeepAlive(signer);
}
internal static unsafe CAPI.CMSG_SIGNER_ENCODE_INFO CreateSignerEncodeInfo(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = new CAPI.CMSG_SIGNER_ENCODE_INFO(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO)));
SafeCryptProvHandle invalidHandle1 = SafeCryptProvHandle.InvalidHandle;
uint pdwKeySpec = 0U;
bool pfCallerFreeProv = false;
signerEncodeInfo.HashAlgorithm.pszObjId = signer.DigestAlgorithm.Value;
if (string.Compare(signer.Certificate.PublicKey.Oid.Value, "1.2.840.10040.4.1", StringComparison.Ordinal) == 0)
{
signerEncodeInfo.HashEncryptionAlgorithm.pszObjId = "1.2.840.10040.4.3";
}
signerEncodeInfo.cAuthAttr = (uint)signer.SignedAttributes.Count;
signerEncodeInfo.rgAuthAttr = PkcsUtils.CreateCryptAttributes(signer.SignedAttributes);
signerEncodeInfo.cUnauthAttr = (uint)signer.UnsignedAttributes.Count;
signerEncodeInfo.rgUnauthAttr = PkcsUtils.CreateCryptAttributes(signer.UnsignedAttributes);
if (signer.SignerIdentifierType == SubjectIdentifierType.NoSignature)
{
signerEncodeInfo.HashEncryptionAlgorithm.pszObjId = "1.3.6.1.5.5.7.6.2";
signerEncodeInfo.pCertInfo = IntPtr.Zero;
signerEncodeInfo.dwKeySpec = pdwKeySpec;
if (!CAPI.CryptAcquireContext(out invalidHandle1, (string)null, (string)null, 1U, 4026531840U))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
signerEncodeInfo.hCryptProv = invalidHandle1.DangerousGetHandle();
GC.SuppressFinalize((object)invalidHandle1);
signerEncodeInfo.SignerId.dwIdChoice = 1U;
X500DistinguishedName distinguishedName = new X500DistinguishedName("CN=Dummy Signer");
distinguishedName.Oid = new Oid("1.3.6.1.4.1.311.21.9");
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.cbData = (uint)distinguishedName.RawData.Length;
SafeLocalAllocHandle localAllocHandle1 = CAPI.LocalAlloc(64U, new IntPtr((long)signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.cbData));
Marshal.Copy(distinguishedName.RawData, 0, localAllocHandle1.DangerousGetHandle(), distinguishedName.RawData.Length);
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.Issuer.pbData = localAllocHandle1.DangerousGetHandle();
GC.SuppressFinalize((object)localAllocHandle1);
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData = 1U;
SafeLocalAllocHandle localAllocHandle2 = CAPI.LocalAlloc(64U, new IntPtr((long)signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.cbData));
*(sbyte *)(void *)localAllocHandle2.DangerousGetHandle() = (sbyte)0;
signerEncodeInfo.SignerId.Value.IssuerSerialNumber.SerialNumber.pbData = localAllocHandle2.DangerousGetHandle();
GC.SuppressFinalize((object)localAllocHandle2);
return(signerEncodeInfo);
}
else
{
System.Security.Cryptography.SafeCertContextHandle certContext1 = X509Utils.GetCertContext(signer.Certificate);
if (!CAPI.CAPISafe.CryptAcquireCertificatePrivateKey(certContext1, silent ? 70U : 6U, IntPtr.Zero, out invalidHandle1, out pdwKeySpec, out pfCallerFreeProv))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
signerEncodeInfo.dwKeySpec = pdwKeySpec;
signerEncodeInfo.hCryptProv = invalidHandle1.DangerousGetHandle();
GC.SuppressFinalize((object)invalidHandle1);
CAPI.CERT_CONTEXT certContext2 = *(CAPI.CERT_CONTEXT *)(void *) certContext1.DangerousGetHandle();
signerEncodeInfo.pCertInfo = certContext2.pCertInfo;
if (signer.SignerIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier)
{
uint pcbData = 0U;
SafeLocalAllocHandle invalidHandle2 = SafeLocalAllocHandle.InvalidHandle;
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(certContext1, 20U, invalidHandle2, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (pcbData > 0U)
{
SafeLocalAllocHandle pvData = CAPI.LocalAlloc(64U, new IntPtr((long)pcbData));
if (!CAPI.CAPISafe.CertGetCertificateContextProperty(certContext1, 20U, pvData, out pcbData))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
signerEncodeInfo.SignerId.dwIdChoice = 2U;
signerEncodeInfo.SignerId.Value.KeyId.cbData = pcbData;
signerEncodeInfo.SignerId.Value.KeyId.pbData = pvData.DangerousGetHandle();
GC.SuppressFinalize((object)pvData);
}
}
return(signerEncodeInfo);
}
}
