/// <summary>
/// Método para crear el generador de firmas
/// </summary>
/// <param name="signerProvider"></param>
/// <param name="parameters"></param>
/// <param name="originalSignedData"></param>
/// <returns></returns>
private CustomCMSSignedDataGenerator CreateSignedGenerator(ISigner signerProvider,
SignatureParameters parameters, CmsSignedData originalSignedData)
{
X509CertificateParser parser = new X509CertificateParser();
var signerCertificate = parser.ReadCertificate(parameters.Certificate.GetRawCertData());
CustomCMSSignedDataGenerator generator = new CustomCMSSignedDataGenerator();
Dictionary <DerObjectIdentifier, Asn1Encodable> signedAttrDic = GetSignedAttributes(parameters);
if (!signedAttrDic.ContainsKey(PkcsObjectIdentifiers.IdAAContentHint) &&
originalSignedData != null)
{
var attrContentHint = GetContentHintAttribute(originalSignedData.GetSignerInfos());
if (attrContentHint != null)
{
signedAttrDic.Add(PkcsObjectIdentifiers.IdAAContentHint, attrContentHint);
}
}
CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator
(new Org.BouncyCastle.Asn1.Cms.AttributeTable(signedAttrDic));
generator.SignerProvider = signerProvider;
generator.AddSigner(new NullPrivateKey(), signerCertificate,
PkcsObjectIdentifiers.RsaEncryption.Id, parameters.DigestMethod.Oid, signedAttrGen, null);
if (originalSignedData != null)
{
generator.AddSigners(originalSignedData.GetSignerInfos());
}
bool addSignerCert = true;
if (originalSignedData != null)
{
IX509Store originalCertStore = originalSignedData.GetCertificates("Collection");
generator.AddCertificates(originalCertStore);
addSignerCert = !CheckCertExists(signerCertificate, originalCertStore);
}
if (addSignerCert)
{
List <X509Certificate> certs = new List <X509Certificate>();
certs.Add(signerCertificate);
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs));
generator.AddCertificates(certStore);
}
return(generator);
}
public Queue <string> GetSignersCommonNames(CmsSignedData cms)
{
var lst = new Queue <string>();
var store = cms.GetCertificates("COLLECTION");
var signers = cms.GetSignerInfos();
foreach (var sig in signers.GetSigners())
{
var signer = (SignerInformation)sig;
foreach (var st in store.GetMatches(signer.SignerID))
{
var crt = (X509Certificate)st;
var dn = crt.SubjectDN.ToString();
var regex = new Regex(@"^CN=|,\S.*");
var commonName = regex.Replace(dn, "");
lst.Enqueue(commonName);
}
}
return(lst);
}
public static bool ValidateSignature(byte[] messageBytes, byte[] signatureBytes, X509Certificate certificate)
{
CmsProcessable signedContent = new CmsProcessableByteArray(messageBytes);
CmsSignedData signedData = new CmsSignedData(signedContent, signatureBytes);
IX509Store certificateStore = signedData.GetCertificates("Collection");
SignerInformationStore signerInfoStore = signedData.GetSignerInfos();
ICollection signers = signerInfoStore.GetSigners();
foreach (SignerInformation signer in signers)
{
bool isChainValid = ValidateCertificateChain(certificateStore, signer.SignerID);
if (!isChainValid)
{
return(false);
}
bool verified = signer.Verify(certificate);
if (!verified)
{
return(false);
}
}
return(true);
}
public static void ReadXmlSigned(this Fattura fattura, Stream stream, bool validateSignature = true)
{
CmsSignedData signedFile = new CmsSignedData(stream);
if (validateSignature)
{
IX509Store certStore = signedFile.GetCertificates("Collection");
ICollection certs = certStore.GetMatches(new X509CertStoreSelector());
SignerInformationStore signerStore = signedFile.GetSignerInfos();
ICollection signers = signerStore.GetSigners();
foreach (object tempCertification in certs)
{
Org.BouncyCastle.X509.X509Certificate certification = tempCertification as Org.BouncyCastle.X509.X509Certificate;
foreach (object tempSigner in signers)
{
SignerInformation signer = tempSigner as SignerInformation;
if (!signer.Verify(certification.GetPublicKey()))
{
throw new FatturaElettronicaSignatureException(Resources.ErrorMessages.SignatureException);
}
}
}
}
using (var memoryStream = new MemoryStream())
{
signedFile.SignedContent.Write(memoryStream);
fattura.ReadXml(memoryStream);
}
}
public override IList <X509Crl> GetCRLsFromSignature()
{
IList <X509Crl> list = new AList <X509Crl>();
try
{
// Add certificates contained in SignedData
foreach (X509Crl crl in cmsSignedData.GetCrls
("Collection").GetMatches(null))
{
list.AddItem(crl);
}
// Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present
SignerInformation si = cmsSignedData.GetSignerInfos().GetFirstSigner(signerId);
if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues] != null)
{
RevocationValues revValues = RevocationValues.GetInstance(si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsRevocationValues].AttrValues[0]);
foreach (CertificateList crlObj in revValues.GetCrlVals())
{
X509Crl crl = new X509Crl(crlObj);
list.AddItem(crl);
}
}
}
/*catch (StoreException e)
* {
* throw new RuntimeException(e);
* }*/
catch (CrlException e)
{
throw new RuntimeException(e);
}
return(list);
}
/// <param name="signedData"></param>
/// <returns></returns>
public virtual CmsSignedData ExtendCMSSignedData(CmsSignedData signedData, Document
originalData, SignatureParameters parameters)
{
SignerInformationStore signerStore = signedData.GetSignerInfos();
List <SignerInformation> siArray = new List <SignerInformation>();
//Iterator<SignerInformation> infos = signerStore.GetSigners().Iterator();
IEnumerator infos = signerStore.GetSigners().GetEnumerator();
while (infos.MoveNext())
{
SignerInformation si = (SignerInformation)infos.Current;
try
{
siArray.Add(ExtendCMSSignature(signedData, si, parameters, originalData));
}
catch (IOException)
{
//LOG.Error("Exception when extending signature");
siArray.Add(si);
}
}
SignerInformationStore newSignerStore = new SignerInformationStore(siArray);
return(CmsSignedData.ReplaceSigners(signedData, newSignerStore));
}
public byte[] VerifySignature(CmsSignedData cms)
{
var isGost = false;
var signer = cms.GetSignerInfos().GetSigners();
foreach (var s in signer)
{
var sig = (SignerInformation)s;
isGost = sig.DigestAlgOid.Contains("1.2.643");
}
PkiService service;
if (isGost)
{
service = new GOSTPkiService();
}
else
{
service = new RSAPkiService();
}
return(service.VerifySignature(cms));
}
/// <summary>
/// Method that performs the signing process
/// </summary>
/// <param name="input"></param>
/// <param name="parameters"></param>
/// <param name="signedData"></param>
/// <returns></returns>
private SignatureDocument ComputeSignature(CmsProcessableByteArray content, SignatureParameters parameters, CmsSignedData signedData)
{
byte[] toBeSigned = ToBeSigned(content, parameters, signedData, false);
byte[] signature = parameters.Signer.SignData(toBeSigned, parameters.DigestMethod);
PreComputedSigner preComputedSigner = new PreComputedSigner(signature);
CustomCMSSignedDataGenerator generator = CreateSignedGenerator(preComputedSigner, parameters, signedData);
CmsSignedData newSignedData = null;
if (parameters.SignaturePackaging == SignaturePackaging.ATTACHED_IMPLICIT && parameters.PreCalculatedDigest == null)
{
newSignedData = generator.Generate(content, true);
}
else
{
if (parameters.PreCalculatedDigest != null)
{
generator.PreCalculatedDigest = parameters.PreCalculatedDigest;
newSignedData = generator.Generate(null, false);
}
else if (content != null)
{
newSignedData = generator.Generate(content, false);
}
else
{
generator.PreCalculatedDigest = GetDigestValue(signedData.GetSignerInfos(), parameters.DigestMethod);
newSignedData = generator.Generate(null, false);
}
}
return(new SignatureDocument(new CmsSignedData(newSignedData.GetEncoded())));
}
private void VerifySignatures(CmsSignedData s, byte[] contentDigest)
{
IX509Store x509Certs = s.GetCertificates("Collection");
IX509Store x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate)certEnum.Current;
VerifySigner(signer, cert);
if (contentDigest != null)
{
Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest()));
}
}
ICollection certColl = x509Certs.GetMatches(null);
ICollection crlColl = x509Crls.GetMatches(null);
Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count);
Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count);
}
public static bool VerifySignatures(FileInfo contentFile, Stream signedDataStream)
{
CmsProcessable signedContent = null;
CmsSignedData cmsSignedData = null;
Org.BouncyCastle.X509.Store.IX509Store store = null;
ICollection signers = null;
bool verifiedStatus = false;
try
{
//Org.BouncyCastle.Security.addProvider(new BouncyCastleProvider());
signedContent = new CmsProcessableFile(contentFile);
cmsSignedData = new CmsSignedData(signedContent, signedDataStream);
store = cmsSignedData.GetCertificates("Collection");//.getCertificates();
IX509Store certStore = cmsSignedData.GetCertificates("Collection");
signers = cmsSignedData.GetSignerInfos().GetSigners();
foreach (var item in signers)
{
SignerInformation signer = (SignerInformation)item;
var certCollection = certStore.GetMatches(signer.SignerID);
IEnumerator iter = certCollection.GetEnumerator();
iter.MoveNext();
var cert = (Org.BouncyCastle.X509.X509Certificate)iter.Current;
verifiedStatus = signer.Verify(cert.GetPublicKey());
}
}
catch (Exception e)
{
throw e;
}
return(verifiedStatus);
}
/*
* /// <exception cref="System.IO.IOException"></exception>
* public override Document ExtendDocument(Document document, Document originalDocument
* , SignatureParameters parameters)
* {
* CAdESSignatureExtension extension = GetExtensionProfile(parameters);
* if (extension != null)
* {
* return extension.ExtendSignatures(document, originalDocument, parameters);
* }
* else
* {
* //LOG.Info("No extension for " + parameters.SignatureFormat);
* }
* return document;
* }
*/
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISignatureFactory factory,
SignatureParameters parameters, CAdESProfileBES cadesProfile,
bool includeUnsignedAttributes, CmsSignedData originalSignedData
)
{
var signedAttrGen = new DefaultSignedAttributeTableGenerator(
new AttributeTable(cadesProfile.GetSignedAttributes(parameters)));
SimpleAttributeTableGenerator unsignedAttrGen = null;
if (includeUnsignedAttributes)
{
var attributes = cadesProfile.GetUnsignedAttributes(parameters);
if (attributes.Count != 0)
{
unsignedAttrGen = new SimpleAttributeTableGenerator(new AttributeTable(attributes));
}
}
SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder();
sigInfoGeneratorBuilder.WithSignedAttributeGenerator(signedAttrGen);
if (unsignedAttrGen != null)
{
sigInfoGeneratorBuilder.WithUnsignedAttributeGenerator(unsignedAttrGen);
}
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSignerInfoGenerator(sigInfoGeneratorBuilder.Build(factory, parameters.SigningCertificate));
if (originalSignedData != null)
{
generator.AddSigners(originalSignedData.GetSignerInfos());
}
var certs = new List <X509Certificate>();
certs.Add(parameters.SigningCertificate);
if (parameters.CertificateChain != null)
{
foreach (X509Certificate cert in parameters.CertificateChain)
{
if (!cert.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN))
{
certs.Add(cert);
}
}
}
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(certs));
generator.AddCertificates(certStore);
if (originalSignedData != null)
{
generator.AddCertificates(originalSignedData.GetCertificates("Collection"));
}
return(generator);
}
public Stream ToBeSigned(Document document, SignatureParameters parameters)
{
if (document is null)
{
throw new ArgumentNullException(nameof(document));
}
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (parameters.SignaturePackaging != SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
{
throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
}
byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
bool includeContent = true;
if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
{
includeContent = false;
}
CmsSignedData signed = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), false, null).Generate(content, includeContent);
var e = signed.GetSignerInfos().GetSigners().GetEnumerator();
e.MoveNext();
var si = e.Current as SignerInformation;
return(new MemoryStream(si.GetEncodedSignedAttributes()));
}
public static MemoryStream ParseSignature(Stream stream, bool validateSignature)
{
var signedFile = new CmsSignedData(stream);
if (validateSignature)
{
var certStore = signedFile.GetCertificates("Collection");
var certs = certStore.GetMatches(new X509CertStoreSelector());
var signerStore = signedFile.GetSignerInfos();
var signers = signerStore.GetSigners();
foreach (object tempCertification in certs)
{
var certification = tempCertification as Org.BouncyCastle.X509.X509Certificate;
foreach (object tempSigner in signers)
{
var signer = tempSigner as SignerInformation;
if (!signer.Verify(certification.GetPublicKey()))
{
throw new SignatureException(Resources.ErrorMessages.SignatureException);
}
}
}
}
var memoryStream = new MemoryStream();
signedFile.SignedContent.Write(memoryStream);
return(memoryStream);
}
public CAdESOCSPSource(CmsSignedData cms)
{
var signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
cmsSignedData = cms;
signerId = ((SignerInformation)signers.Current).SignerID;
}
public void TestEncapsulatedSignerStoreReplacement()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
Stream sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
//
// create new Signer
//
MemoryStream original = new MemoryStream(bOut.ToArray(), false);
bOut.SetLength(0);
gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha224);
gen.AddCertificates(x509Certs);
sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedData sd = new CmsSignedData(bOut.ToArray());
//
// replace signer
//
MemoryStream newOut = new MemoryStream();
CmsSignedDataParser.ReplaceSigners(original, sd.GetSignerInfos(), newOut);
sd = new CmsSignedData(newOut.ToArray());
IEnumerator signerEnum = sd.GetSignerInfos().GetSigners().GetEnumerator();
signerEnum.MoveNext();
SignerInformation signer = (SignerInformation)signerEnum.Current;
Assert.AreEqual(signer.DigestAlgOid, CmsSignedDataStreamGenerator.DigestSha224);
CmsSignedDataParser sp = new CmsSignedDataParser(newOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
public CAdESSignature(CmsSignedData cms)
{
var signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
_cmsSignedData = cms;
signerInformation = (SignerInformation)signers.Current;
}
/// <summary>The default constructor for CAdESCRLSource.</summary>
/// <remarks>The default constructor for CAdESCRLSource.</remarks>
/// <param name="cms"></param>
/// <exception cref="Org.Bouncycastle.Cms.CmsException">Org.Bouncycastle.Cms.CmsException
/// </exception>
public CAdESCRLSource(CmsSignedData cms)
{
IEnumerator signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
this.cmsSignedData = cms;
this.signerId = ((SignerInformation)signers.Current).SignerID;
}
public void CreateSign()
{
byte[] data = File.ReadAllBytes(Path.Combine(_settings.PackagePath, _manifestFilename));
X509Certificate2 certificate = new X509Certificate2(_settings.CertificatePath, _settings.CertificatePassword, X509KeyStorageFlags.Exportable);
X509Certificate2 intermCertificate = new X509Certificate2(_settings.IntermCertificatePath);
var privKey = SecurityUtils.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private;
var cert = SecurityUtils.FromX509Certificate(certificate);
var interm = SecurityUtils.FromX509Certificate(intermCertificate);
CmsProcessableByteArray content = new CmsProcessableByteArray(data);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privKey, cert, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256);
CmsSignedData signedContent = generator.Generate(content, false);
var si = signedContent.GetSignerInfos();
var signer = si.GetSigners().Cast <SignerInformation>().First();
SignerInfo signerInfo = signer.ToSignerInfo();
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(
algorithm: new DerObjectIdentifier(_oidSHA256),
parameters: DerNull.Instance));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
contentType: new DerObjectIdentifier(_oidPKCS7IdData),
content: null);
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(interm.GetEncoded())));
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
digestAlgorithms: new DerSet(digestAlgorithmsVector),
contentInfo: encapContentInfo,
certificates: new BerSet(certificatesVector),
crls: null,
signerInfos: new DerSet(signerInfosVector));
ContentInfo contentInfo = new ContentInfo(
contentType: new DerObjectIdentifier(_oidPKCS7IdSignedData),
content: signedData);
File.WriteAllBytes(Path.Combine(_settings.PackagePath, _signatureFilename), contentInfo.GetDerEncoded());
}
public void TestSha1WithRsaEncapsulatedSubjectKeyID()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private,
CmsTestUtil.CreateSubjectKeyId(OrigCert.GetPublicKey()).GetKeyIdentifier(),
CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
Stream sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
byte[] contentDigest = (byte[])gen.GetGeneratedDigests()[CmsSignedGenerator.DigestSha1];
ArrayList signers = new ArrayList(sp.GetSignerInfos().GetSigners());
AttributeTable table = ((SignerInformation)signers[0]).SignedAttributes;
Asn1.Cms.Attribute hash = table[CmsAttributes.MessageDigest];
Assert.IsTrue(Arrays.AreEqual(contentDigest, ((Asn1OctetString)hash.AttrValues[0]).GetOctets()));
//
// try using existing signer
//
gen = new CmsSignedDataStreamGenerator();
gen.AddSigners(sp.GetSignerInfos());
// gen.AddCertificatesAndCRLs(sp.GetCertificatesAndCrls("Collection", "BC"));
gen.AddCertificates(sp.GetCertificates("Collection"));
bOut.SetLength(0);
sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedData sd = new CmsSignedData(new CmsProcessableByteArray(testBytes), bOut.ToArray());
Assert.AreEqual(1, sd.GetSignerInfos().GetSigners().Count);
VerifyEncodedData(bOut);
}
/// <summary>The default constructor for CAdESCertificateSource.</summary>
/// <remarks>The default constructor for CAdESCertificateSource.</remarks>
/// <param name="encodedCMS"></param>
/// <exception cref="Org.Bouncycastle.Cms.CmsException">Org.Bouncycastle.Cms.CmsException
/// </exception>
public CAdESCertificateSource(CmsSignedData cms)
{
IEnumerator signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
this.cmsSignedData = cms;
this.signerId = ((SignerInformation)signers.Current).SignerID;
this.onlyExtended = false;
}
public TimeStampToken(
CmsSignedData signedData)
{
this.tsToken = signedData;
if (!this.tsToken.SignedContentTypeOid.Equals(PkcsObjectIdentifiers.IdCTTstInfo.Id))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by "
+ signers.Count
+ " signers, but it must contain just the TSA signature.");
}
IEnumerator signerEnum = signers.GetEnumerator();
signerEnum.MoveNext();
tsaSignerInfo = (SignerInformation)signerEnum.Current;
try
{
CmsProcessable content = tsToken.SignedContent;
MemoryStream bOut = new MemoryStream();
content.Write(bOut);
this.tstInfo = new TimeStampTokenInfo(
TstInfo.GetInstance(
Asn1Object.FromByteArray(bOut.ToArray())));
Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
PkcsObjectIdentifiers.IdAASigningCertificate];
if (attr == null)
{
throw new TspValidationException(
"no signing certificate attribute found, time stamp invalid.");
}
SigningCertificate signCert = SigningCertificate.GetInstance(
attr.AttrValues[0]);
this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);
}
catch (CmsException e)
{
throw new TspException(e.Message, e.InnerException);
}
}
private void ReadSignersInfo()
{
_nodes = new List <SignerInfoNode>();
foreach (var signer in _signedData.GetSignerInfos().GetSigners())
{
SignerInfoNode node = new SignerInfoNode((SignerInformation)signer, this);
_nodes.Add(node);
}
}
// Sign the message with the private key of the signer.
static public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert, bool detached, bool UsaTSA, string TSAurl, string TSAuser, string TSApass)
{
try
{
SHA256Managed hashSha256 = new SHA256Managed();
byte[] certHash = hashSha256.ComputeHash(signerCert.RawData);
EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash);
SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 });
Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2));
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(CertHAttribute);
Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v);
CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp();
var rsa = (RSACryptoServiceProvider)signerCert.PrivateKey;
Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(signerCert);
cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null);
ArrayList certList = new ArrayList();
certList.Add(certCopy);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
cms.AddCertificates(st1);
CmsProcessableByteArray file = new CmsProcessableByteArray(msg); //CmsProcessableFile(File);
CmsSignedData Firmato = cms.Generate(file, false); //se settato a true, il secondo argomento integra l'intero file
byte[] bb = Firmato.GetEncoded();
if (UsaTSA)
{
CmsSignedData sd = new CmsSignedData(bb);
SignerInformationStore signers = sd.GetSignerInfos();
byte[] signature = null;
SignerInformation signer = null;
foreach (SignerInformation signer_ in signers.GetSigners())
{
signer = signer_;
break;
}
signature = signer.GetSignature();
Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass));
signer = SignerInformation.ReplaceUnsignedAttributes(signer, at);
IList signerInfos = new ArrayList();
signerInfos.Add(signer);
sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos));
bb = sd.GetEncoded();
}
return(bb);
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
return(null);
}
}
/// <summary>
/// Retrieves the signatures found in the document
/// </summary>
/// <returns>
/// a list of IAdvancedSignatures for validation purposes
/// </returns>
private IList <IAdvancedSignature> GetSignatures(CmsSignedData cmsSignedData)
{
var signatures = new List <IAdvancedSignature>();
foreach (object o in cmsSignedData.GetSignerInfos().GetSigners())
{
SignerInformation i = (SignerInformation)o;
CAdESSignature info = new CAdESSignature(cmsSignedData, i);
signatures.Add(info);
}
return(signatures);
}
private static byte[] GetRepositoryCountersignatureSignatureValue(SignedCms signedCms)
{
var cmsSignedData = new CmsSignedData(signedCms.Encode());
var signerInfoStore = cmsSignedData.GetSignerInfos();
var primarySignerInfo = GetFirstSignerInfo(signerInfoStore);
signerInfoStore = primarySignerInfo.GetCounterSignatures();
var counterSignerInfo = GetFirstSignerInfo(signerInfoStore);
return(counterSignerInfo.GetSignature());
}
private byte[] TimestampAuthorityResponse(EstEIDReader estEidReader, byte[] signedPkcs)
{
ArrayList newSigners = new ArrayList();
CmsSignedData sd = new CmsSignedData(signedPkcs);
foreach (SignerInformation si in sd.GetSignerInfos().GetSigners())
{
// possible TSA URLs
//string TsaServerUrl = "http://www.edelweb.fr/cgi-bin/service-tsp";
//string TsaServerUrl = "http://dse200.ncipher.com/TSS/HttpTspServer";
byte[] signedDigest = si.GetSignature();
byte[] timeStampHash = ComputeHash(estEidReader, signedDigest);
string TsaServerUrl = stamp.Url;
string TsaUser = stamp.User;
string TsaPassword = stamp.Password;
string error = string.Empty;
byte[] timeStampToken = X509Utils.GetTimestampToken(TsaServerUrl,
TsaUser,
TsaPassword,
timeStampHash,
ref error);
if (timeStampToken == null)
{
throw new Exception(Resources.TSA_ERROR + error);
}
Hashtable ht = new Hashtable();
Asn1Object derObj = new Asn1InputStream(timeStampToken).ReadObject();
DerSet derSet = new DerSet(derObj);
Org.BouncyCastle.Asn1.Cms.Attribute unsignAtt = new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(X509Utils.ID_TIME_STAMP_TOKEN), derSet);
ht.Add(X509Utils.ID_TIME_STAMP_TOKEN, unsignAtt);
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAtts = new Org.BouncyCastle.Asn1.Cms.AttributeTable(ht);
newSigners.Add(SignerInformation.ReplaceUnsignedAttributes(si, unsignedAtts));
}
SignerInformationStore newSignerInformationStore = new SignerInformationStore(newSigners);
CmsSignedData newSd = CmsSignedData.ReplaceSigners(sd, newSignerInformationStore);
// Encode the CMS/PKCS #7 message
return(newSd.GetEncoded());
}
public override IList <X509Certificate> GetCertificates()
{
IList <X509Certificate> list = new AList <X509Certificate>();
try
{
if (!onlyExtended)
{
LOG.Info(cmsSignedData.GetCertificates("Collection").GetMatches(null).Count + " certificate in collection"
);
//foreach (X509CertificateHolder ch in (ICollection<X509CertificateHolder>)cmsSignedData
foreach (X509Certificate ch in cmsSignedData
.GetCertificates("Collection").GetMatches(null))
{
//X509Certificate c = new X509CertificateObject(ch.ToASN1Structure());
X509Certificate c = ch;
LOG.Info("Certificate for subject " + c.SubjectDN);
if (!list.Contains(c))
{
list.AddItem(c);
}
}
}
// Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present
SignerInformation si = cmsSignedData.GetSignerInfos().GetFirstSigner(signerId);
if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues] != null)
{
DerSequence seq = (DerSequence)si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues].AttrValues[0];
for (int i = 0; i < seq.Count; i++)
{
X509CertificateStructure cs = X509CertificateStructure.GetInstance(seq[i]);
//X509Certificate c = new X509CertificateObject(cs);
X509Certificate c = new X509Certificate(cs);
if (!list.Contains(c))
{
list.AddItem(c);
}
}
}
}
catch (CertificateParsingException e)
{
throw new RuntimeException(e);
}
/*catch (StoreException e)
* {
* throw new RuntimeException(e);
* }*/
return(list);
}
static void Main(string[] args)
{
//if (args.Length > 0)
//string fullFileName = Path.GetFullPath(args[0]);
foreach (string fileName in Directory.GetFiles("p7m"))
{
FileStream file = new FileStream(fileName, FileMode.Open);
bool isValid = true;
Console.WriteLine("File to decrypt: " + fileName);
try
{
CmsSignedData signedFile = new CmsSignedData(file);
IX509Store certStore = signedFile.GetCertificates("Collection");
ICollection certs = certStore.GetMatches(new X509CertStoreSelector());
SignerInformationStore signerStore = signedFile.GetSignerInfos();
ICollection signers = signerStore.GetSigners();
foreach (object tempCertification in certs)
{
X509Certificate certification = tempCertification as X509Certificate;
foreach (object tempSigner in signers)
{
SignerInformation signer = tempSigner as SignerInformation;
if (!signer.Verify(certification.GetPublicKey()))
{
isValid = false;
break;
}
}
}
string newFileName = Path.Combine(Directory.CreateDirectory("p7m-extracted").Name, Path.GetFileNameWithoutExtension(fileName));
using (var fileStream = new FileStream(newFileName, FileMode.Create, FileAccess.Write))
{
signedFile.SignedContent.Write(fileStream);
Console.WriteLine("File decrypted: " + newFileName);
}
}
catch (Exception ex)
{
isValid = false;
}
Console.WriteLine("File valid: " + isValid);
;
}
Console.ReadLine();
}
private static PrimarySignature RemoveUnsignedAttribute(PrimarySignature signature, Func <AttributeTable, AttributeTable> remover)
{
var bytes = signature.GetBytes();
var signedData = new CmsSignedData(bytes);
var signerInfos = signedData.GetSignerInfos();
var signerInfo = GetFirstSignerInfo(signerInfos);
var updatedAttributes = remover(signerInfo.UnsignedAttributes);
var updatedSignerInfo = SignerInformation.ReplaceUnsignedAttributes(signerInfo, updatedAttributes);
var updatedSignerInfos = new SignerInformationStore(updatedSignerInfo);
var updatedSignedData = CmsSignedData.ReplaceSigners(signedData, updatedSignerInfos);
return(PrimarySignature.Load(updatedSignedData.GetEncoded()));
}
public CAdESCertificateSource(CmsSignedData cms)
{
if (cms is null)
{
throw new ArgumentNullException(nameof(cms));
}
var signers = cms.GetSignerInfos().GetSigners().GetEnumerator();
signers.MoveNext();
cmsSignedData = cms;
signerId = ((SignerInformation)signers.Current).SignerID;
onlyExtended = false;
}
public void Test4_4()
{
byte[] data = GetRfc4134Data("4.4.bin");
byte[] counterSigCert = GetRfc4134Data("AliceRSASignByCarl.cer");
CmsSignedData signedData = new CmsSignedData(data);
VerifySignatures(signedData, sha1);
VerifySignerInfo4_4(GetFirstSignerInfo(signedData.GetSignerInfos()), counterSigCert);
CmsSignedDataParser parser = new CmsSignedDataParser(data);
VerifySignatures(parser);
VerifySignerInfo4_4(GetFirstSignerInfo(parser.GetSignerInfos()), counterSigCert);
}
private void VerifySignatures(CmsSignedData s, byte[] contentDigest)
{
IX509Store x509Certs = s.GetCertificates("Collection");
IX509Store x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
VerifySigner(signer, cert);
if (contentDigest != null)
{
Assert.IsTrue(Arrays.AreEqual(contentDigest, signer.GetContentDigest()));
}
}
ICollection certColl = x509Certs.GetMatches(null);
ICollection crlColl = x509Crls.GetMatches(null);
Assert.AreEqual(certColl.Count, s.GetCertificates("Collection").GetMatches(null).Count);
Assert.AreEqual(crlColl.Count, s.GetCrls("Collection").GetMatches(null).Count);
}
