public virtual bool CheckIntegrity(Document detachedDocument)
{
try
{
bool ret = false;
SignerInformation si = null;
if (detachedDocument != null)
{
// Recreate a SignerInformation with the content using a CMSSignedDataParser
CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(detachedDocument.OpenStream()), _cmsSignedData.GetEncoded());
sp.GetSignedContent().Drain();
si = BCStaticHelpers.GetSigner(sp, signerInformation.SignerID);
}
else
{
si = signerInformation;
}
ret = si.Verify(SigningCertificate);
return(ret);
}
catch (CertificateExpiredException)
{
return(false);
}
catch (CmsException)
{
return(false);
}
catch (IOException)
{
return(false);
}
}
public void TestCertOrdering2()
{
IList certList = new ArrayList();
MemoryStream bOut = new MemoryStream();
certList.Add(SignCert);
certList.Add(OrigCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut, true);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
x509Certs = sp.GetCertificates("Collection");
ArrayList a = new ArrayList(x509Certs.GetMatches(null));
Assert.AreEqual(2, a.Count);
Assert.AreEqual(SignCert, a[0]);
Assert.AreEqual(OrigCert, a[1]);
}
public void TestSha1AndMD5WithRsa()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddDigests(CmsSignedDataStreamGenerator.DigestSha1,
CmsSignedDataStreamGenerator.DigestMD5);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
Stream sigOut = gen.Open(bOut);
sigOut.Write(testBytes, 0, testBytes.Length);
gen.AddCertificates(x509Certs);
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestMD5);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
CmsSignedDataParser sp = new CmsSignedDataParser(
new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
public static Stream ReplaceCertificatesAndCrls(Stream original, IX509Store x509Certs, IX509Store x509Crls, IX509Store x509AttrCerts, Stream outStr)
{
CmsSignedDataStreamGenerator cmsSignedDataStreamGenerator = new CmsSignedDataStreamGenerator();
CmsSignedDataParser cmsSignedDataParser = new CmsSignedDataParser(original);
cmsSignedDataStreamGenerator.AddDigests(cmsSignedDataParser.DigestOids);
CmsTypedStream signedContent = cmsSignedDataParser.GetSignedContent();
bool flag = signedContent != null;
Stream stream = cmsSignedDataStreamGenerator.Open(outStr, cmsSignedDataParser.SignedContentType.Id, flag);
if (flag)
{
Streams.PipeAll(signedContent.ContentStream, stream);
}
if (x509AttrCerts != null)
{
cmsSignedDataStreamGenerator.AddAttributeCertificates(x509AttrCerts);
}
if (x509Certs != null)
{
cmsSignedDataStreamGenerator.AddCertificates(x509Certs);
}
if (x509Crls != null)
{
cmsSignedDataStreamGenerator.AddCrls(x509Crls);
}
cmsSignedDataStreamGenerator.AddSigners(cmsSignedDataParser.GetSignerInfos());
Platform.Dispose(stream);
return(outStr);
}
public void TestSha1WithRsaNonData()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl, OrigCrl);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
Stream sigOut = gen.Open(bOut, "1.2.3.4", true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
CmsTypedStream stream = sp.GetSignedContent();
Assert.AreEqual("1.2.3.4", stream.ContentType);
stream.Drain();
// compute expected content digest
byte[] hash = DigestUtilities.CalculateDigest("SHA1", testBytes);
VerifySignatures(sp, hash);
}
public void TestEncapsulatedSignerStoreReplacement()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
Stream sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
//
// create new Signer
//
MemoryStream original = new MemoryStream(bOut.ToArray(), false);
bOut.SetLength(0);
gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha224);
gen.AddCertificates(x509Certs);
sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedData sd = new CmsSignedData(bOut.ToArray());
//
// replace signer
//
MemoryStream newOut = new MemoryStream();
CmsSignedDataParser.ReplaceSigners(original, sd.GetSignerInfos(), newOut);
sd = new CmsSignedData(newOut.ToArray());
IEnumerator signerEnum = sd.GetSignerInfos().GetSigners().GetEnumerator();
signerEnum.MoveNext();
SignerInformation signer = (SignerInformation)signerEnum.Current;
Assert.AreEqual(signer.DigestAlgOid, CmsSignedDataStreamGenerator.DigestSha224);
CmsSignedDataParser sp = new CmsSignedDataParser(newOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
public void TestSha1WithRsa()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
IX509Store x509Crls = CmsTestUtil.MakeCrlStore(SignCrl, OrigCrl);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
Stream sigOut = gen.Open(bOut);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
CmsSignedDataParser sp = new CmsSignedDataParser(
new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray());
sp.GetSignedContent().Drain();
// compute expected content digest
byte[] hash = DigestUtilities.CalculateDigest("SHA1", testBytes);
VerifySignatures(sp, hash);
//
// try using existing signer
//
gen = new CmsSignedDataStreamGenerator();
gen.AddSigners(sp.GetSignerInfos());
gen.AddCertificates(sp.GetCertificates("Collection"));
gen.AddCrls(sp.GetCrls("Collection"));
bOut.SetLength(0);
sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
VerifyEncodedData(bOut);
//
// look for the CRLs
//
ArrayList col = new ArrayList(x509Crls.GetMatches(null));
Assert.AreEqual(2, col.Count);
Assert.IsTrue(col.Contains(SignCrl));
Assert.IsTrue(col.Contains(OrigCrl));
}
public void TestSha1WithRsaEncapsulatedSubjectKeyID()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private,
CmsTestUtil.CreateSubjectKeyId(OrigCert.GetPublicKey()).GetKeyIdentifier(),
CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
Stream sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
byte[] contentDigest = (byte[])gen.GetGeneratedDigests()[CmsSignedGenerator.DigestSha1];
ArrayList signers = new ArrayList(sp.GetSignerInfos().GetSigners());
AttributeTable table = ((SignerInformation)signers[0]).SignedAttributes;
Asn1.Cms.Attribute hash = table[CmsAttributes.MessageDigest];
Assert.IsTrue(Arrays.AreEqual(contentDigest, ((Asn1OctetString)hash.AttrValues[0]).GetOctets()));
//
// try using existing signer
//
gen = new CmsSignedDataStreamGenerator();
gen.AddSigners(sp.GetSignerInfos());
// gen.AddCertificatesAndCRLs(sp.GetCertificatesAndCrls("Collection", "BC"));
gen.AddCertificates(sp.GetCertificates("Collection"));
bOut.SetLength(0);
sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedData sd = new CmsSignedData(new CmsProcessableByteArray(testBytes), bOut.ToArray());
Assert.AreEqual(1, sd.GetSignerInfos().GetSigners().Count);
VerifyEncodedData(bOut);
}
private void VerifyEncodedData(
MemoryStream bOut)
{
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
sp.Close();
}
public void TestSha1WithRsaEncapsulatedBuffered()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
//
// find unbuffered length
//
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut, true);
for (int i = 0; i != 2000; i++)
{
sigOut.WriteByte((byte)(i & 0xff));
}
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
int unbufferedLength = bOut.ToArray().Length;
//
// find buffered length - buffer size less than default
//
bOut.SetLength(0);
gen = new CmsSignedDataStreamGenerator();
gen.SetBufferSize(300);
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
sigOut = gen.Open(bOut, true);
for (int i = 0; i != 2000; i++)
{
sigOut.WriteByte((byte)(i & 0xff));
}
sigOut.Close();
VerifyEncodedData(bOut);
Assert.IsTrue(unbufferedLength < bOut.ToArray().Length);
}
public void TestSha1WithRsaEncapsulatedBufferedStream()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
//
// find unbuffered length
//
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut, true);
for (int i = 0; i != 2000; i++)
{
sigOut.WriteByte((byte)(i & 0xff));
}
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
int unbufferedLength = bOut.ToArray().Length;
//
// find buffered length with buffered stream - should be equal
//
bOut.SetLength(0);
gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
sigOut = gen.Open(bOut, true);
byte[] data = new byte[2000];
for (int i = 0; i != 2000; i++)
{
data[i] = (byte)(i & 0xff);
}
Streams.PipeAll(new MemoryStream(data, false), sigOut);
sigOut.Close();
VerifyEncodedData(bOut);
Assert.AreEqual(unbufferedLength, bOut.ToArray().Length);
}
public void TestCertStoreReplacement()
{
IList certList = new ArrayList();
MemoryStream bOut = new MemoryStream();
byte[] data = Encoding.ASCII.GetBytes(TestMessage);
certList.Add(OrigDsaCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut);
sigOut.Write(data, 0, data.Length);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
//
// create new certstore with the right certificates
//
certList = new ArrayList();
certList.Add(OrigCert);
certList.Add(SignCert);
x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
//
// replace certs
//
MemoryStream original = new MemoryStream(bOut.ToArray(), false);
MemoryStream newOut = new MemoryStream();
CmsSignedDataParser.ReplaceCertificatesAndCrls(original, x509Certs, null, null, newOut);
CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(new MemoryStream(data, false)), newOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
public void TestSha1WithRsaNonData()
{
IList certList = new ArrayList();
IList crlList = new ArrayList();
MemoryStream bOut = new MemoryStream();
certList.Add(OrigCert);
certList.Add(SignCert);
crlList.Add(SignCrl);
crlList.Add(OrigCrl);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
IX509Store x509Crls = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(crlList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
Stream sigOut = gen.Open(bOut, "1.2.3.4", true);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
CmsTypedStream stream = sp.GetSignedContent();
Assert.AreEqual("1.2.3.4", stream.ContentType);
stream.Drain();
//
// compute expected content digest
//
IDigest md = DigestUtilities.GetDigest("SHA1");
md.BlockUpdate(testBytes, 0, testBytes.Length);
byte[] hash = DigestUtilities.DoFinal(md);
VerifySignatures(sp, hash);
}
public void TestWithAttributeCertificate()
{
IList certList = new ArrayList();
certList.Add(SignCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
IX509AttributeCertificate attrCert = CmsTestUtil.GetAttributeCertificate();
ArrayList attrCerts = new ArrayList();
attrCerts.Add(attrCert);
IX509Store store = X509StoreFactory.Create(
"AttributeCertificate/Collection",
new X509CollectionStoreParameters(attrCerts));
gen.AddAttributeCertificates(store);
MemoryStream bOut = new MemoryStream();
Stream sigOut = gen.Open(bOut, true);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
Assert.AreEqual(4, sp.Version);
store = sp.GetAttributeCertificates("Collection");
ArrayList coll = new ArrayList(store.GetMatches(null));
Assert.AreEqual(1, coll.Count);
Assert.IsTrue(coll.Contains(attrCert));
}
/// <summary>
/// Verify the digital signatures of the specified signedData and extract the original content.
/// </summary>
/// <returns>A list of digital signatures.</returns>
/// <param name="signedData">The signed data.</param>
/// <param name="content">The original content.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="signedData"/> is <c>null</c>.
/// </exception>
public IList <IDigitalSignature> Verify(Stream signedData, out Stream content)
{
// FIXME: find out what exceptions BouncyCastle can throw...
if (signedData == null)
{
throw new ArgumentNullException("signedData");
}
var parser = new CmsSignedDataParser(signedData);
var signed = parser.GetSignedContent();
content = new MemoryStream();
signed.ContentStream.CopyTo(content, 4096);
content.Position = 0;
return(GetDigitalSignatures(parser));
}
public void TestAttributeGenerators()
{
IList certList = new ArrayList();
MemoryStream bOut = new MemoryStream();
certList.Add(OrigCert);
certList.Add(SignCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
CmsAttributeTableGenerator signedGen = new SignedGenAttributeTableGenerator();
CmsAttributeTableGenerator unsignedGen = new UnsignedGenAttributeTableGenerator();
gen.AddSigner(OrigKP.Private, OrigCert,
CmsSignedDataStreamGenerator.DigestSha1, signedGen, unsignedGen);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut, true);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
//
// check attributes
//
SignerInformationStore signers = sp.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
checkAttribute(signer.GetContentDigest(), signer.SignedAttributes[dummyOid1]);
checkAttribute(signer.GetSignature(), signer.UnsignedAttributes[dummyOid2]);
}
}
private void CheckSigParseable(byte[] sig)
{
CmsSignedDataParser sp = new CmsSignedDataParser(sig);
sp.Version.ToString();
CmsTypedStream sc = sp.GetSignedContent();
if (sc != null)
{
sc.Drain();
}
sp.GetAttributeCertificates("Collection");
sp.GetCertificates("Collection");
sp.GetCrls("Collection");
sp.GetSignerInfos();
sp.Close();
}
/// <summary>
/// Decrypt the specified encryptedData.
/// </summary>
/// <returns>The decrypted <see cref="MimeKit.MimeEntity"/>.</returns>
/// <param name="encryptedData">The encrypted data.</param>
/// <param name="signatures">A list of digital signatures if the data was both signed and encrypted.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="encryptedData"/> is <c>null</c>.
/// </exception>
public override MimeEntity Decrypt(Stream encryptedData, out IList <IDigitalSignature> signatures)
{
// FIXME: find out what exceptions BouncyCastle can throw...
if (encryptedData == null)
{
throw new ArgumentNullException("encryptedData");
}
var enveloped = new CmsEnvelopedDataParser(encryptedData);
var recipients = enveloped.GetRecipientInfos();
var algorithm = enveloped.EncryptionAlgorithmID;
AsymmetricKeyParameter key;
foreach (RecipientInformation recipient in recipients.GetRecipients())
{
if ((key = GetPrivateKey(recipient.RecipientID)) == null)
{
continue;
}
var content = recipient.GetContent(key);
try {
var parser = new CmsSignedDataParser(content);
var signed = parser.GetSignedContent();
using (var memory = new MemoryStream()) {
signed.ContentStream.CopyTo(memory, 4096);
content = memory.ToArray();
}
signatures = GetDigitalSignatures(parser);
} catch (Exception ex) {
Console.WriteLine("Failed to verify signed data: {0}", ex);
signatures = null;
}
using (var memory = new MemoryStream(content, false)) {
var parser = new MimeParser(memory, MimeFormat.Entity);
return(parser.ParseEntity());
}
}
throw new CmsException("Can't decrypt.");
}
public void TestSha1EncapsulatedSignature()
{
byte[] encapSigData = Base64.Decode(
"MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH"
+ "AaCAJIAEDEhlbGxvIFdvcmxkIQAAAAAAAKCCBGIwggINMIIBdqADAgECAgEF"
+ "MA0GCSqGSIb3DQEBBAUAMCUxFjAUBgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJ"
+ "BgNVBAYTAkFVMB4XDTA1MDgwNzA2MjU1OVoXDTA1MTExNTA2MjU1OVowJTEW"
+ "MBQGA1UEChMNQm91bmN5IENhc3RsZTELMAkGA1UEBhMCQVUwgZ8wDQYJKoZI"
+ "hvcNAQEBBQADgY0AMIGJAoGBAI1fZGgH9wgC3QiK6yluH6DlLDkXkxYYL+Qf"
+ "nVRszJVYl0LIxZdpb7WEbVpO8fwtEgFtoDsOdxyqh3dTBv+L7NVD/v46kdPt"
+ "xVkSNHRbutJVY8Xn4/TC/CDngqtbpbniMO8n0GiB6vs94gBT20M34j96O2IF"
+ "73feNHP+x8PkJ+dNAgMBAAGjTTBLMB0GA1UdDgQWBBQ3XUfEE6+D+t+LIJgK"
+ "ESSUE58eyzAfBgNVHSMEGDAWgBQ3XUfEE6+D+t+LIJgKESSUE58eyzAJBgNV"
+ "HRMEAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFK3r1stYOeXYJOlOyNGDTWEhZ+a"
+ "OYdFeFaS6c+InjotHuFLAy+QsS8PslE48zYNFEqYygGfLhZDLlSnJ/LAUTqF"
+ "01vlp+Bgn/JYiJazwi5WiiOTf7Th6eNjHFKXS3hfSGPNPIOjvicAp3ce3ehs"
+ "uK0MxgLAaxievzhFfJcGSUMDMIICTTCCAbagAwIBAgIBBzANBgkqhkiG9w0B"
+ "AQQFADAlMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTAe"
+ "Fw0wNTA4MDcwNjI1NTlaFw0wNTExMTUwNjI1NTlaMGUxGDAWBgNVBAMTD0Vy"
+ "aWMgSC4gRWNoaWRuYTEkMCIGCSqGSIb3DQEJARYVZXJpY0Bib3VuY3ljYXN0"
+ "bGUub3JnMRYwFAYDVQQKEw1Cb3VuY3kgQ2FzdGxlMQswCQYDVQQGEwJBVTCB"
+ "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgHCJyfwV6/V3kqSu2SOU2E/K"
+ "I+N0XohCMUaxPLLNtNBZ3ijxwaV6JGFz7siTgZD/OGfzir/eZimkt+L1iXQn"
+ "OAB+ZChivKvHtX+dFFC7Vq+E4Uy0Ftqc/wrGxE6DHb5BR0hprKH8wlDS8wSP"
+ "zxovgk4nH0ffUZOoDSuUgjh3gG8CAwEAAaNNMEswHQYDVR0OBBYEFLfY/4EG"
+ "mYrvJa7Cky+K9BJ7YmERMB8GA1UdIwQYMBaAFDddR8QTr4P634sgmAoRJJQT"
+ "nx7LMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEEBQADgYEADIOmpMd6UHdMjkyc"
+ "mIE1yiwfClCsGhCK9FigTg6U1G2FmkBwJIMWBlkeH15uvepsAncsgK+Cn3Zr"
+ "dZMb022mwtTJDtcaOM+SNeuCnjdowZ4i71Hf68siPm6sMlZkhz49rA0Yidoo"
+ "WuzYOO+dggzwDsMldSsvsDo/ARyCGOulDOAxggEvMIIBKwIBATAqMCUxFjAU"
+ "BgNVBAoTDUJvdW5jeSBDYXN0bGUxCzAJBgNVBAYTAkFVAgEHMAkGBSsOAwIa"
+ "BQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEP"
+ "Fw0wNTA4MDcwNjI1NTlaMCMGCSqGSIb3DQEJBDEWBBQu973mCM5UBOl9XwQv"
+ "lfifHCMocTANBgkqhkiG9w0BAQEFAASBgGxnBl2qozYKLgZ0ygqSFgWcRGl1"
+ "LgNuE587LtO+EKkgoc3aFqEdjXlAyP8K7naRsvWnFrsB6pUpnrgI9Z8ZSKv8"
+ "98IlpsSSJ0jBlEb4gzzavwcBpYbr2ryOtDcF+kYmKIpScglyyoLzm+KPXOoT"
+ "n7MsJMoKN3Kd2Vzh6s10PFgeAAAAAAAA");
CmsSignedDataParser sp = new CmsSignedDataParser(encapSigData);
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
/// <summary>
/// Verify the digital signatures of the specified content using the detached signatureData.
/// </summary>
/// <returns>A list of the digital signatures.</returns>
/// <param name="content">The content.</param>
/// <param name="signatureData">The detached signature data.</param>
/// <exception cref="System.ArgumentNullException">
/// <para><paramref name="content"/> is <c>null</c>.</para>
/// <para>-or-</para>
/// <para><paramref name="signatureData"/> is <c>null</c>.</para>
/// </exception>
public override IList <IDigitalSignature> Verify(Stream content, Stream signatureData)
{
// FIXME: find out what exceptions BouncyCastle can throw...
if (content == null)
{
throw new ArgumentNullException("content");
}
if (signatureData == null)
{
throw new ArgumentNullException("signatureData");
}
var parser = new CmsSignedDataParser(new CmsTypedStream(content), signatureData);
parser.GetSignedContent().Drain();
return(GetDigitalSignatures(parser));
}
public static Stream ReplaceSigners(Stream original, SignerInformationStore signerInformationStore, Stream outStr)
{
CmsSignedDataStreamGenerator cmsSignedDataStreamGenerator = new CmsSignedDataStreamGenerator();
CmsSignedDataParser cmsSignedDataParser = new CmsSignedDataParser(original);
cmsSignedDataStreamGenerator.AddSigners(signerInformationStore);
CmsTypedStream signedContent = cmsSignedDataParser.GetSignedContent();
bool flag = signedContent != null;
Stream stream = cmsSignedDataStreamGenerator.Open(outStr, cmsSignedDataParser.SignedContentType.Id, flag);
if (flag)
{
Streams.PipeAll(signedContent.ContentStream, stream);
}
cmsSignedDataStreamGenerator.AddAttributeCertificates(cmsSignedDataParser.GetAttributeCertificates("Collection"));
cmsSignedDataStreamGenerator.AddCertificates(cmsSignedDataParser.GetCertificates("Collection"));
cmsSignedDataStreamGenerator.AddCrls(cmsSignedDataParser.GetCrls("Collection"));
Platform.Dispose(stream);
return(outStr);
}
/// <summary>
/// The method performs file content descryption using specified private encryption key and verify signature using public key stored in PKS7 container.
/// </summary>
/// <param name="commandArguments"></param>
/// <param name="encyptCert"></param>
public static void PerformDecryptAndVerifySignature(CommandArguments commandArguments, X509Certificate2 encyptCert)
{
string inputFilePath = commandArguments.InputFile.FullName;
string outputFilePath = commandArguments.OutputFile.FullName;
//Console.WriteLine(String.Format("Loaded certificates:\r\nencyptCert {0} ", encyptCert.Subject));
//Console.WriteLine(String.Format("Load File From Disk:{0}", inputFilePath));
var newBytes = File.ReadAllBytes(inputFilePath);
CmsSignedDataParser sp = new CmsSignedDataParser(newBytes);
var cmsSignedContent = sp.GetSignedContent();
var contentStream = cmsSignedContent.ContentStream;
var decodedData = CmsDecrypt(contentStream, encyptCert);
cmsSignedContent.Drain();
bool isSignaturValid = VerifySignatures(sp);
Tracing.InfoSecurity(String.Format("VerifySignatures isSignaturValid: {0}", isSignaturValid));
Tracing.InfoSecurity(String.Format("Write File To Disk:{0}", outputFilePath));
File.WriteAllBytes(outputFilePath, decodedData);
}
public virtual bool CheckIntegrity(Document detachedDocument)
{
//TODO jbonilla Verifier?
//JcaSimpleSignerInfoVerifierBuilder verifier = new JcaSimpleSignerInfoVerifierBuilder
// ();
try
{
bool ret = false;
SignerInformation si = null;
if (detachedDocument != null)
{
// Recreate a SignerInformation with the content using a CMSSignedDataParser
CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(detachedDocument
.OpenStream()), cmsSignedData.GetEncoded());
sp.GetSignedContent().Drain();
si = sp.GetSignerInfos().GetFirstSigner(signerInformation.SignerID);
}
else
{
si = this.signerInformation;
}
//ret = si.Verify(verifier.Build(GetSigningCertificate()));
ret = si.Verify(GetSigningCertificate());
return(ret);
}
/*catch (OperatorCreationException)
* {
* return false;
* }*/
catch (CmsException)
{
return(false);
}
catch (IOException)
{
return(false);
}
}
public void TestEncapsulatedCertStoreReplacement()
{
MemoryStream bOut = new MemoryStream();
IX509Store x509Certs = CmsTestUtil.MakeCertStore(OrigDsaCert);
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut, true);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
//
// create new certstore with the right certificates
//
x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
//
// replace certs
//
MemoryStream original = new MemoryStream(bOut.ToArray(), false);
MemoryStream newOut = new MemoryStream();
CmsSignedDataParser.ReplaceCertificatesAndCrls(original, x509Certs, null, null, newOut);
CmsSignedDataParser sp = new CmsSignedDataParser(newOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
public void TestSha1AndMD5WithRsa()
{
IList certList = new ArrayList();
MemoryStream bOut = new MemoryStream();
certList.Add(OrigCert);
certList.Add(SignCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddDigests(CmsSignedDataStreamGenerator.DigestSha1,
CmsSignedDataStreamGenerator.DigestMD5);
Stream sigOut = gen.Open(bOut);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
gen.AddCertificates(x509Certs);
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestMD5);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
CmsSignedDataParser sp = new CmsSignedDataParser(
new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
private void VerifySignatures(CmsSignedDataParser sp)
{
CmsTypedStream sc = sp.GetSignedContent();
if (sc != null)
{
sc.Drain();
}
IX509Store x509Certs = sp.GetCertificates("Collection");
SignerInformationStore signers = sp.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate)certEnum.Current;
VerifySigner(signer, cert);
}
}
private async Task <dynamic> GetAxInfoData(string url)
{
var resp = await url.GetStringAsync();
var signedData = Convert.FromBase64String(resp);
var parser = new CmsSignedDataParser(signedData);
var stream = parser.GetSignedContent().ContentStream;
var doc = XDocument.Load(stream);
return(doc.Root.Elements("object")
.GroupBy(x => x.Element("objectName").Value)
.Select(g => g.First())
.Select(x => new {
allowrun = true,
allowrundomains = "",
backupurl = x.Element("backupURL").Value,
block = false,
browsertype = x.Element("browserType").Value,
browserversion = -1,
description = "",
displayname = x.Element("displayName").Value,
downloadurl = x.Element("downloadURL").Value,
forceinstall = false,
installstate = true,
killbit = false,
localversion = x.Element("objectVersion").Value,
objectclsid = x.Element("objectMIMEType").Value,
objectname = x.Element("objectName").Value,
objecttype = 0,
objectversion = x.Element("objectVersion").Value,
policydisable = false,
systemtype = x.Element("systemType").Value,
updatestate = false,
version = 0,
}));
}
public void TestSignerStoreReplacement()
{
IList certList = new ArrayList();
MemoryStream bOut = new MemoryStream();
byte[] data = Encoding.ASCII.GetBytes(TestMessage);
certList.Add(OrigCert);
certList.Add(SignCert);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
Stream sigOut = gen.Open(bOut, false);
sigOut.Write(data, 0, data.Length);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
//
// create new Signer
//
MemoryStream original = new MemoryStream(bOut.ToArray(), false);
bOut.SetLength(0);
gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha224);
gen.AddCertificates(x509Certs);
sigOut = gen.Open(bOut);
sigOut.Write(data, 0, data.Length);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
CmsSignedData sd = new CmsSignedData(bOut.ToArray());
//
// replace signer
//
MemoryStream newOut = new MemoryStream();
CmsSignedDataParser.ReplaceSigners(original, sd.GetSignerInfos(), newOut);
sd = new CmsSignedData(new CmsProcessableByteArray(data), newOut.ToArray());
IEnumerator signerEnum = sd.GetSignerInfos().GetSigners().GetEnumerator();
signerEnum.MoveNext();
SignerInformation signer = (SignerInformation)signerEnum.Current;
Assert.AreEqual(signer.DigestAlgOid, CmsSignedDataStreamGenerator.DigestSha224);
CmsSignedDataParser sp = new CmsSignedDataParser(new CmsTypedStream(
new MemoryStream(data, false)), newOut.ToArray());
sp.GetSignedContent().Drain();
VerifySignatures(sp);
}
public void TestSha1WithRsa()
{
IList certList = new ArrayList();
IList crlList = new ArrayList();
MemoryStream bOut = new MemoryStream();
certList.Add(OrigCert);
certList.Add(SignCert);
crlList.Add(SignCrl);
crlList.Add(OrigCrl);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
IX509Store x509Crls = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(crlList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
Stream sigOut = gen.Open(bOut);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
CheckSigParseable(bOut.ToArray());
CmsSignedDataParser sp = new CmsSignedDataParser(
new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray());
sp.GetSignedContent().Drain();
//
// compute expected content digest
//
IDigest md = DigestUtilities.GetDigest("SHA1");
md.BlockUpdate(testBytes, 0, testBytes.Length);
byte[] hash = DigestUtilities.DoFinal(md);
VerifySignatures(sp, hash);
//
// try using existing signer
//
gen = new CmsSignedDataStreamGenerator();
gen.AddSigners(sp.GetSignerInfos());
gen.AddCertificates(sp.GetCertificates("Collection"));
gen.AddCrls(sp.GetCrls("Collection"));
bOut.SetLength(0);
sigOut = gen.Open(bOut, true);
sigOut.Write(testBytes, 0, testBytes.Length);
sigOut.Close();
VerifyEncodedData(bOut);
//
// look for the CRLs
//
ArrayList col = new ArrayList(x509Crls.GetMatches(null));
Assert.AreEqual(2, col.Count);
Assert.IsTrue(col.Contains(SignCrl));
Assert.IsTrue(col.Contains(OrigCrl));
}
public void TestSha1WithRsa()
{
IList certList = new ArrayList();
IList crlList = new ArrayList();
MemoryStream bOut = new MemoryStream();
certList.Add(OrigCert);
certList.Add(SignCert);
crlList.Add(SignCrl);
crlList.Add(OrigCrl);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
IX509Store x509Crls = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(crlList));
CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedDataStreamGenerator.DigestSha1);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
Stream sigOut = gen.Open(bOut);
CmsCompressedDataStreamGenerator cGen = new CmsCompressedDataStreamGenerator();
Stream cOut = cGen.Open(sigOut, CmsCompressedDataStreamGenerator.ZLib);
byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
cOut.Write(testBytes, 0, testBytes.Length);
cOut.Close();
sigOut.Close();
CheckSigParseable(bOut.ToArray());
// generate compressed stream
MemoryStream cDataOut = new MemoryStream();
cOut = cGen.Open(cDataOut, CmsCompressedDataStreamGenerator.ZLib);
cOut.Write(testBytes, 0, testBytes.Length);
cOut.Close();
CmsSignedDataParser sp = new CmsSignedDataParser(
new CmsTypedStream(new MemoryStream(cDataOut.ToArray(), false)), bOut.ToArray());
sp.GetSignedContent().Drain();
//
// compute expected content digest
//
IDigest md = DigestUtilities.GetDigest("SHA1");
byte[] cDataOutBytes = cDataOut.ToArray();
md.BlockUpdate(cDataOutBytes, 0, cDataOutBytes.Length);
byte[] hash = DigestUtilities.DoFinal(md);
VerifySignatures(sp, hash);
}
private void VerifySignatures(CmsSignedDataParser sp)
{
CmsTypedStream sc = sp.GetSignedContent();
if (sc != null)
{
sc.Drain();
}
IX509Store x509Certs = sp.GetCertificates("Collection");
SignerInformationStore signers = sp.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate)certEnum.Current;
VerifySigner(signer, cert);
}
}
