private static PrimarySignature AddCertificates(SignedCms destination, SignedCms source)
{
using (var readStream = new MemoryStream(destination.Encode()))
using (var writeStream = new MemoryStream())
{
var certificates = GetBouncyCastleCertificates(destination)
.Concat(GetBouncyCastleCertificates(source))
.Distinct()
.ToList();
var certificateStore = X509StoreFactory.Create(
"Certificate/" + BouncyCastleCollection,
new X509CollectionStoreParameters(certificates));
var crlStore = new CmsSignedData(destination.Encode()).GetCrls(BouncyCastleCollection);
var attributeCertificateStore = new CmsSignedData(destination.Encode()).GetAttributeCertificates(BouncyCastleCollection);
CmsSignedDataParser.ReplaceCertificatesAndCrls(
readStream,
certificateStore,
crlStore,
attributeCertificateStore,
writeStream);
return(PrimarySignature.Load(writeStream.ToArray()));
}
}
public static MemoryStream ParseSignature(Stream stream, bool validateSignature)
{
var signedFile = new CmsSignedData(stream);
if (validateSignature)
{
var certStore = signedFile.GetCertificates("Collection");
var certs = certStore.GetMatches(new X509CertStoreSelector());
var signerStore = signedFile.GetSignerInfos();
var signers = signerStore.GetSigners();
foreach (object tempCertification in certs)
{
var certification = tempCertification as Org.BouncyCastle.X509.X509Certificate;
foreach (object tempSigner in signers)
{
var signer = tempSigner as SignerInformation;
if (!signer.Verify(certification.GetPublicKey()))
{
throw new SignatureException(Resources.ErrorMessages.SignatureException);
}
}
}
}
var memoryStream = new MemoryStream();
signedFile.SignedContent.Write(memoryStream);
return(memoryStream);
}
public byte[] VerifySignature(CmsSignedData cms)
{
var isGost = false;
var signer = cms.GetSignerInfos().GetSigners();
foreach (var s in signer)
{
var sig = (SignerInformation)s;
isGost = sig.DigestAlgOid.Contains("1.2.643");
}
PkiService service;
if (isGost)
{
service = new GOSTPkiService();
}
else
{
service = new RSAPkiService();
}
return(service.VerifySignature(cms));
}
public Queue <string> GetSignersCommonNames(CmsSignedData cms)
{
var lst = new Queue <string>();
var store = cms.GetCertificates("COLLECTION");
var signers = cms.GetSignerInfos();
foreach (var sig in signers.GetSigners())
{
var signer = (SignerInformation)sig;
foreach (var st in store.GetMatches(signer.SignerID))
{
var crt = (X509Certificate)st;
var dn = crt.SubjectDN.ToString();
var regex = new Regex(@"^CN=|,\S.*");
var commonName = regex.Replace(dn, "");
lst.Enqueue(commonName);
}
}
return(lst);
}
private byte[] EncodeAndSign(string input)
{
var _signingCertificate = GetSigningCertificate(string.Empty);
AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(_signingCertificate.PrivateKey);
X509Certificate bouncy = new X509CertificateParser().ReadCertificate(_signingCertificate.GetRawCertData());
byte[] content = new UTF8Encoding().GetBytes(input);
var signedDataGenerator = new CmsSignedDataGenerator();
var processableByteArray = new CmsProcessableByteArray(content);
IList certCollection = new ArrayList();
var chain = new X509Chain();
chain.Build(_signingCertificate);
foreach (X509ChainElement link in chain.ChainElements)
{
certCollection.Add(DotNetUtilities.FromX509Certificate(link.Certificate));
}
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(
certCollection));
signedDataGenerator.AddCertificates(certStore);
signedDataGenerator.AddSigner(keyPair.Private, bouncy, CmsSignedGenerator.DigestSha1);
CmsSignedData signedData = signedDataGenerator.Generate(processableByteArray, true);
return(signedData.GetEncoded());
}
/// <param name="signedData"></param>
/// <returns></returns>
public virtual CmsSignedData ExtendCMSSignedData(CmsSignedData signedData, Document
originalData, SignatureParameters parameters)
{
SignerInformationStore signerStore = signedData.GetSignerInfos();
List <SignerInformation> siArray = new List <SignerInformation>();
//Iterator<SignerInformation> infos = signerStore.GetSigners().Iterator();
IEnumerator infos = signerStore.GetSigners().GetEnumerator();
while (infos.MoveNext())
{
SignerInformation si = (SignerInformation)infos.Current;
try
{
siArray.Add(ExtendCMSSignature(signedData, si, parameters, originalData));
}
catch (IOException)
{
//LOG.Error("Exception when extending signature");
siArray.Add(si);
}
}
SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
return(CmsSignedData.ReplaceSigners(signedData, newSignerStore));
}
private void VerifySignatures(CmsSignedData s, byte[] contentDigest)
{
IX509Store x509Certs = s.GetCertificates("Collection");
IX509Store x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate)certEnum.Current;
VerifySigner(signer, cert);
if (contentDigest != null)
{
Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest()));
}
}
ICollection certColl = x509Certs.GetMatches(null);
ICollection crlColl = x509Crls.GetMatches(null);
Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count);
Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count);
}
public static bool VerifySignatures(FileInfo contentFile, Stream signedDataStream)
{
CmsProcessable signedContent = null;
CmsSignedData cmsSignedData = null;
Org.BouncyCastle.X509.Store.IX509Store store = null;
ICollection signers = null;
bool verifiedStatus = false;
try
{
//Org.BouncyCastle.Security.addProvider(new BouncyCastleProvider());
signedContent = new CmsProcessableFile(contentFile);
cmsSignedData = new CmsSignedData(signedContent, signedDataStream);
store = cmsSignedData.GetCertificates("Collection");//.getCertificates();
IX509Store certStore = cmsSignedData.GetCertificates("Collection");
signers = cmsSignedData.GetSignerInfos().GetSigners();
foreach (var item in signers)
{
SignerInformation signer = (SignerInformation)item;
var certCollection = certStore.GetMatches(signer.SignerID);
IEnumerator iter = certCollection.GetEnumerator();
iter.MoveNext();
var cert = (Org.BouncyCastle.X509.X509Certificate)iter.Current;
verifiedStatus = signer.Verify(cert.GetPublicKey());
}
}
catch (Exception e)
{
throw e;
}
return(verifiedStatus);
}
protected void SignDetached(Stream signed, Stream unsigned, X509Certificate2 selectedCert)
{
BC::X509.X509Certificate bcSelectedCert = DotNetUtilities.FromX509Certificate(selectedCert);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", selectedCert.Subject);
#else
logger.LogInformation("Signing the message in name of {0}", selectedCert.Subject);
#endif
BC.Crypto.ISignatureFactory sigFactory;
try
{
SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm;
BC::Crypto.AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetKeyPair(selectedCert.PrivateKey);
sigFactory = new Asn1SignatureFactory(signAlgo.Algorithm.FriendlyName, keyPair.Private);
}
catch (CryptographicException)
{
SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.WindowsSignatureAlgorithm;
sigFactory = new WinSignatureFactory(signAlgo.Algorithm, signAlgo.DigestAlgorithm, selectedCert.PrivateKey);
}
SignerInfoGenerator sigInfoGen = new SignerInfoGeneratorBuilder()
.Build(sigFactory, bcSelectedCert);
CmsSignedDataGenerator cmsSignedDataGen = new CmsSignedDataGenerator();
cmsSignedDataGen.AddSignerInfoGenerator(sigInfoGen);
CmsSignedData detachedSignature = cmsSignedDataGen.Generate(new CmsProcessableProxy(unsigned), false);
byte[] detachedSignatureBytes = detachedSignature.GetEncoded();
signed.Write(detachedSignatureBytes, 0, detachedSignatureBytes.Length);
}
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData)
{
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
si = base.ExtendCMSSignature(signedData, si, parameters, originalData);
IDictionary unsignedAttrs = si.UnsignedAttributes.ToDictionary();
CAdESSignature signature = new CAdESSignature(signedData, si.SignerID);
DateTime signingTime = signature.SigningTime.Value;
if (signingTime == null)
{
signingTime = parameters.SigningDate;
}
if (signingTime == null)
{
signingTime = DateTime.Now;
}
unsignedAttrs = ExtendUnsignedAttributes(unsignedAttrs, signature.SigningCertificate, signingTime, signature.CertificateSource);
SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable
(unsignedAttrs));
return(newsi);
}
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData, SignerInformation si, SignatureParameters parameters, Document originalData)
{
if (si is null)
{
throw new System.ArgumentNullException(nameof(si));
}
if (SignatureTsa == null)
{
throw new System.ArgumentNullException(nameof(SignatureTsa));
}
logger.Info("Extend signature with id " + si.SignerID);
BcCms.AttributeTable unsigned = si.UnsignedAttributes;
IDictionary unsignedAttrHash;
if (unsigned is null)
{
unsignedAttrHash = new Dictionary <DerObjectIdentifier, Attribute>();
}
else
{
unsignedAttrHash = si.UnsignedAttributes.ToDictionary();
}
//TODO: jbonilla - What happens if it is already CAdES-T? It should not be extended again.
Attribute signatureTimeStamp = GetTimeStampAttribute(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, SignatureTsa, si.GetSignature());
unsignedAttrHash.Add(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp);
SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable
(unsignedAttrHash));
return(newsi);
}
private string SignMessage(string msg, bool isProd)
{
var gen = new CmsSignedDataGenerator();
X509Certificate2 certificate = GetCertificate(isProd);
var privKey = DotNetUtilities.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private;
var cert = DotNetUtilities.FromX509Certificate(certificate);
gen.AddSigner(privKey, cert, CmsSignedDataGenerator.DigestSha1);
var certX509 = DotNetUtilities.ToX509Certificate(cert.CertificateStructure);
var certList = new List <Org.BouncyCastle.X509.X509Certificate>();
certList.Add(cert);
X509CollectionStoreParameters PP = new X509CollectionStoreParameters(certList);
IX509Store st1 = X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
gen.AddCertificates(st1);
Encoding EncodedMsg = Encoding.UTF8;
byte[] dataToSign = EncodedMsg.GetBytes(msg);
CmsProcessable data = new CmsProcessableByteArray(dataToSign);
CmsSignedData signed = gen.Generate(PkcsObjectIdentifiers.Pkcs7, data, true);
var result = signed.GetEncoded();
return(Convert.ToBase64String(result));
}
/// <summary>
/// Method that performs the signing process
/// </summary>
/// <param name="input"></param>
/// <param name="parameters"></param>
/// <param name="signedData"></param>
/// <returns></returns>
private SignatureDocument ComputeSignature(CmsProcessableByteArray content, SignatureParameters parameters, CmsSignedData signedData)
{
byte[] toBeSigned = ToBeSigned(content, parameters, signedData, false);
byte[] signature = parameters.Signer.SignData(toBeSigned, parameters.DigestMethod);
PreComputedSigner preComputedSigner = new PreComputedSigner(signature);
CustomCMSSignedDataGenerator generator = CreateSignedGenerator(preComputedSigner, parameters, signedData);
CmsSignedData newSignedData = null;
if (parameters.SignaturePackaging == SignaturePackaging.ATTACHED_IMPLICIT && parameters.PreCalculatedDigest == null)
{
newSignedData = generator.Generate(content, true);
}
else
{
if (parameters.PreCalculatedDigest != null)
{
generator.PreCalculatedDigest = parameters.PreCalculatedDigest;
newSignedData = generator.Generate(null, false);
}
else if (content != null)
{
newSignedData = generator.Generate(content, false);
}
else
{
generator.PreCalculatedDigest = GetDigestValue(signedData.GetSignerInfos(), parameters.DigestMethod);
newSignedData = generator.Generate(null, false);
}
}
return(new SignatureDocument(new CmsSignedData(newSignedData.GetEncoded())));
}
byte[] extractSignedContent(byte[] signedFile)
{
CmsSignedData content = new CmsSignedData(signedFile);
CmsProcessable signedContent = content.SignedContent;
return((byte[])signedContent.GetContent());
}
// https://stackoverflow.com/questions/22658501/is-there-an-alternative-of-signedcms-in-winrt
private byte[] CheckAndRemoveSignature(string data, out bool isValid)
{
isValid = false;
// using bouncyCastle
try
{
var bytes = System.Convert.FromBase64String(data);
// assign data to CmsSignedData
CmsSignedData sig = new CmsSignedData(bytes);
// check if signature is valid
var allSigsValid = VerifySignatures(sig);
if (allSigsValid.Equals(true))
{
isValid = true;
}
// get signature from cms
byte[] content = sig.SignedContent.GetContent() as byte[];
return(content);
}
catch (System.Exception ex)
{
// cryptOutput.Text += "Error in 'BouncyCastle unsign' " + ex;
}
return(null);
}
private void SignManigestFile(PassGeneratorRequest request)
{
X509Certificate2 card = GetCertificate(request);
if (card == null)
{
throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
}
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate();
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(manifestFile);
CmsSignedData signedData = generator.Generate(content, false);
signatureFile = signedData.GetEncoded();
}
public Stream ToBeSigned(Document document, SignatureParameters parameters)
{
if (document is null)
{
throw new ArgumentNullException(nameof(document));
}
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
{
throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
}
byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
bool includeContent = true;
if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
{
includeContent = false;
}
CmsSignedData signed = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), false, null).Generate(content, includeContent);
var e = signed.GetSignerInfos().GetSigners().GetEnumerator();
e.MoveNext();
var si = e.Current as SignerInformation;
return(new MemoryStream(si.GetEncodedSignedAttributes()));
}
public byte[] Sign(byte[] cmsData)
{
IList certs = new List <X509Certificate>();
byte[] signBytes = File.ReadAllBytes(GetFile());
X509Certificate2 signCert = new X509Certificate2(signBytes, Key, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
certs.Add(DotNetUtilities.FromX509Certificate(signCert));
IX509Store x509Certs = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
AsymmetricCipherKeyPair pair = DotNetUtilities.GetKeyPair(signCert.PrivateKey);
X509Certificate bX509Certificate = DotNetUtilities.FromX509Certificate(signCert);
gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha1);
gen.AddSigner(pair.Private, bX509Certificate, CmsSignedGenerator.DigestSha256);
CmsSignedData unsignedData = new CmsSignedData(cmsData);
gen.AddCertificates(x509Certs);
CmsProcessable msg = new CmsProcessableByteArray(unsignedData.GetEncoded());
CmsSignedData cmsSignedData = gen.Generate(CmsSignedGenerator.Data, msg, true);
byte[] p7MData = cmsSignedData.GetEncoded();
return(p7MData);
}
public static CmsSignedData ReplaceSigners(CmsSignedData signedData, SignerInformationStore signerInformationStore)
{
CmsSignedData cmsSignedData = new CmsSignedData(signedData);
cmsSignedData.signerInfoStore = signerInformationStore;
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector();
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector();
foreach (SignerInformation signer in signerInformationStore.GetSigners())
{
asn1EncodableVector.Add(Helper.FixAlgID(signer.DigestAlgorithmID));
asn1EncodableVector2.Add(signer.ToSignerInfo());
}
Asn1Set asn1Set = new DerSet(asn1EncodableVector);
Asn1Set asn1Set2 = new DerSet(asn1EncodableVector2);
Asn1Sequence asn1Sequence = (Asn1Sequence)signedData.signedData.ToAsn1Object();
asn1EncodableVector2 = new Asn1EncodableVector(asn1Sequence[0], asn1Set);
for (int i = 2; i != asn1Sequence.Count - 1; i++)
{
asn1EncodableVector2.Add(asn1Sequence[i]);
}
asn1EncodableVector2.Add(asn1Set2);
cmsSignedData.signedData = SignedData.GetInstance(new BerSequence(asn1EncodableVector2));
cmsSignedData.contentInfo = new ContentInfo(cmsSignedData.contentInfo.ContentType, cmsSignedData.signedData);
return(cmsSignedData);
}
private CmsSignedData(CmsSignedData c)
{
signedData = c.signedData;
contentInfo = c.contentInfo;
signedContent = c.signedContent;
signerInfoStore = c.signerInfoStore;
}
/// <summary><inheritDoc></inheritDoc></summary>
/// <exception cref="System.IO.IOException"></exception>
protected override Document SignDocumentInternal(Document document, SignatureParameters parameters,
DigestSigner signer)
{
if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING &&
parameters.SignaturePackaging != SignaturePackaging.DETACHED)
{
throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
}
ExternalDigestSigner factory = new ExternalDigestSigner(signer, parameters);
CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator(
factory, parameters, GetSigningProfile(parameters), true, null);
byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
var content = new CmsProcessableByteArray(toBeSigned);
CmsSignedData data = generator.Generate(content, parameters.SignaturePackaging != SignaturePackaging.DETACHED);
Document signedDocument = new CMSSignedDocument(data);
CAdESSignatureExtension extension = GetExtensionProfile(parameters);
if (extension != null)
{
signedDocument = extension.ExtendSignatures(
new CMSSignedDocument(data), document, parameters);
}
return(signedDocument);
}
/// <exception cref="System.IO.IOException"></exception>
protected internal override SignerInformation ExtendCMSSignature(CmsSignedData signedData
, SignerInformation si, SignatureParameters parameters, Document originalData)
{
if (this.signatureTsa == null)
{
throw new ConfigurationException(ConfigurationException.MSG.CONFIGURE_TSP_SERVER);
}
//LOG.Info("Extend signature with id " + si.SignerID);
BcCms.AttributeTable unsigned = si.UnsignedAttributes;
//IDictionary<DerObjectIdentifier, Attribute> unsignedAttrHash = null;
IDictionary unsignedAttrHash = null;
if (unsigned == null)
{
unsignedAttrHash = new Dictionary <DerObjectIdentifier, Attribute>();
}
else
{
unsignedAttrHash = si.UnsignedAttributes.ToDictionary();
}
//TODO jbonilla - ¿Qué ocurre si ya es CAdES-T? No se debería volver a extender.
Attribute signatureTimeStamp = GetTimeStampAttribute(PkcsObjectIdentifiers.IdAASignatureTimeStampToken
, this.signatureTsa, digestAlgorithm, si.GetSignature());
//unsignedAttrHash.Put(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp);
unsignedAttrHash.Add(PkcsObjectIdentifiers.IdAASignatureTimeStampToken, signatureTimeStamp);
SignerInformation newsi = SignerInformation.ReplaceUnsignedAttributes(si, new BcCms.AttributeTable
(unsignedAttrHash));
return(newsi);
}
private void SignManigestFile(PassGeneratorRequest request, string manifestFileAndPath)
{
byte[] dataToSign = File.ReadAllBytes(manifestFileAndPath);
X509Certificate2 card = GetCertificate(request);
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate();
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(dataToSign);
CmsSignedData signedData = generator.Generate(content, false);
string outputDirectory = Path.GetDirectoryName(manifestFileAndPath);
string signatureFileAndPath = Path.Combine(outputDirectory, "signature");
File.WriteAllBytes(signatureFileAndPath, signedData.GetEncoded());
}
internal X509Certificate GenerateCertificate(String certificateString)
{
X509Certificate x509Certificate = null;
try
{
byte[] bytes = Convert.FromBase64CharArray(certificateString.ToCharArray(), 0, certificateString.Length);
CmsSignedData cmsSignedData = new CmsSignedData(bytes);
IX509Store store = cmsSignedData.GetCertificates("Collection");
ICollection allCertificates = store.GetMatches(null);
IEnumerator enumerator = allCertificates.GetEnumerator();
while (enumerator.MoveNext())
{
x509Certificate = (X509Certificate)enumerator.Current;
Console.WriteLine("Server Generated Certificate: " + x509Certificate.ToString());
}
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine("Certificate generation error: " + ex);
throw new Exception("Certificate generation error");
}
return(x509Certificate);
}
public static byte[] GenerateSignature(List <X509Certificate> certificateChain, AsymmetricKeyEntry privateKey, byte[] messageToSign, AttributeTable signedAttributesTable)
{
X509Certificate signingCertificate = certificateChain[certificateChain.Count - 1];
#if MAX_CMS_COMPATIBILITY
// Optional: This is the order that codesign uses:
List <X509Certificate> cmsChain = new List <X509Certificate>();
if (certificateChain.Count > 1)
{
cmsChain.AddRange(certificateChain.GetRange(0, certificateChain.Count - 1));
cmsChain.Reverse();
}
cmsChain.Add(signingCertificate);
certificateChain = cmsChain;
#endif
IX509Store certificateStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certificateChain));
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
#if MAX_CMS_COMPATIBILITY
// Optional: BouncyCastle v1.8.3 has the option to use DER instead of BER to store the certificate chain
generator.UseDerForCerts = true;
#endif
generator.AddSigner(privateKey.Key, signingCertificate, CmsSignedDataGenerator.DigestSha256, signedAttributesTable, null);
generator.AddCertificates(certificateStore);
CmsSignedData cmsSignature = generator.Generate(CmsSignedGenerator.Data, new CmsProcessableByteArray(messageToSign), false);
return(cmsSignature.GetEncoded());
}
public static bool ValidateSignature(byte[] messageBytes, byte[] signatureBytes, X509Certificate certificate)
{
CmsProcessable signedContent = new CmsProcessableByteArray(messageBytes);
CmsSignedData signedData = new CmsSignedData(signedContent, signatureBytes);
IX509Store certificateStore = signedData.GetCertificates("Collection");
SignerInformationStore signerInfoStore = signedData.GetSignerInfos();
ICollection signers = signerInfoStore.GetSigners();
foreach (SignerInformation signer in signers)
{
bool isChainValid = ValidateCertificateChain(certificateStore, signer.SignerID);
if (!isChainValid)
{
return(false);
}
bool verified = signer.Verify(certificate);
if (!verified)
{
return(false);
}
}
return(true);
}
public SignatureDocument(CmsSignedData signedData)
{
_signedData = signedData;
_certs = CmsUtilities.GetCertificatesFromStore(_signedData.GetCertificates("Collection"));
_signaturePackaging = _signedData.SignedContent != null ? SignaturePackaging.ATTACHED_IMPLICIT : SignaturePackaging.DETACHED_EXPLICIT;
ReadSignersInfo();
}
public static void ReadXmlSigned(this Fattura fattura, Stream stream, bool validateSignature = true)
{
CmsSignedData signedFile = new CmsSignedData(stream);
if (validateSignature)
{
IX509Store certStore = signedFile.GetCertificates("Collection");
ICollection certs = certStore.GetMatches(new X509CertStoreSelector());
SignerInformationStore signerStore = signedFile.GetSignerInfos();
ICollection signers = signerStore.GetSigners();
foreach (object tempCertification in certs)
{
Org.BouncyCastle.X509.X509Certificate certification = tempCertification as Org.BouncyCastle.X509.X509Certificate;
foreach (object tempSigner in signers)
{
SignerInformation signer = tempSigner as SignerInformation;
if (!signer.Verify(certification.GetPublicKey()))
{
throw new FatturaElettronicaSignatureException(Resources.ErrorMessages.SignatureException);
}
}
}
}
using (var memoryStream = new MemoryStream())
{
signedFile.SignedContent.Write(memoryStream);
fattura.ReadXml(memoryStream);
}
}
public CAdESOCSPSource(CmsSignedData cms)
{
var signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
cmsSignedData = cms;
signerId = ((SignerInformation)signers.Current).SignerID;
}
public void CreateSign()
{
byte[] data = File.ReadAllBytes(Path.Combine(_settings.PackagePath, _manifestFilename));
X509Certificate2 certificate = new X509Certificate2(_settings.CertificatePath, _settings.CertificatePassword, X509KeyStorageFlags.Exportable);
X509Certificate2 intermCertificate = new X509Certificate2(_settings.IntermCertificatePath);
var privKey = SecurityUtils.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private;
var cert = SecurityUtils.FromX509Certificate(certificate);
var interm = SecurityUtils.FromX509Certificate(intermCertificate);
CmsProcessableByteArray content = new CmsProcessableByteArray(data);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privKey, cert, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256);
CmsSignedData signedContent = generator.Generate(content, false);
var si = signedContent.GetSignerInfos();
var signer = si.GetSigners().Cast <SignerInformation>().First();
SignerInfo signerInfo = signer.ToSignerInfo();
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(
algorithm: new DerObjectIdentifier(_oidSHA256),
parameters: DerNull.Instance));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
contentType: new DerObjectIdentifier(_oidPKCS7IdData),
content: null);
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(interm.GetEncoded())));
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
digestAlgorithms: new DerSet(digestAlgorithmsVector),
contentInfo: encapContentInfo,
certificates: new BerSet(certificatesVector),
crls: null,
signerInfos: new DerSet(signerInfosVector));
ContentInfo contentInfo = new ContentInfo(
contentType: new DerObjectIdentifier(_oidPKCS7IdSignedData),
content: signedData);
File.WriteAllBytes(Path.Combine(_settings.PackagePath, _signatureFilename), contentInfo.GetDerEncoded());
}
public void Test4_2()
{
byte[] data = GetRfc4134Data("4.2.bin");
CmsSignedData signedData = new CmsSignedData(data);
VerifySignatures(signedData);
CmsSignedDataParser parser = new CmsSignedDataParser(data);
VerifySignatures(parser);
}
public void Test4_3()
{
CmsProcessableByteArray unencap = new CmsProcessableByteArray(exContent);
byte[] data = GetRfc4134Data("4.3.bin");
CmsSignedData signedData = new CmsSignedData(unencap, data);
VerifySignatures(signedData, sha1);
CmsSignedDataParser parser = new CmsSignedDataParser(
new CmsTypedStream(unencap.GetInputStream()), data);
VerifySignatures(parser);
}
public void Test4_4()
{
byte[] data = GetRfc4134Data("4.4.bin");
byte[] counterSigCert = GetRfc4134Data("AliceRSASignByCarl.cer");
CmsSignedData signedData = new CmsSignedData(data);
VerifySignatures(signedData, sha1);
VerifySignerInfo4_4(GetFirstSignerInfo(signedData.GetSignerInfos()), counterSigCert);
CmsSignedDataParser parser = new CmsSignedDataParser(data);
VerifySignatures(parser);
VerifySignerInfo4_4(GetFirstSignerInfo(parser.GetSignerInfos()), counterSigCert);
}
private void VerifySignatures(CmsSignedData s, byte[] contentDigest)
{
IX509Store x509Certs = s.GetCertificates("Collection");
IX509Store x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
VerifySigner(signer, cert);
if (contentDigest != null)
{
Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest()));
}
}
ICollection certColl = x509Certs.GetMatches(null);
ICollection crlColl = x509Crls.GetMatches(null);
Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count);
Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count);
}
private void VerifySignatures(CmsSignedData s)
{
VerifySignatures(s, null);
}
