public static SignerInformation AddCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners)
{
Org.BouncyCastle.Asn1.Cms.SignerInfo signerInfo = signerInformation.info;
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInformation.UnsignedAttributes;
Asn1EncodableVector asn1EncodableVector;
if (unsignedAttributes != null)
{
asn1EncodableVector = unsignedAttributes.ToAsn1EncodableVector();
}
else
{
asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]);
}
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (SignerInformation signerInformation2 in counterSigners.GetSigners())
{
asn1EncodableVector2.Add(new Asn1Encodable[]
{
signerInformation2.ToSignerInfo()
});
}
asn1EncodableVector.Add(new Asn1Encodable[]
{
new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.CounterSignature, new DerSet(asn1EncodableVector2))
});
return(new SignerInformation(new Org.BouncyCastle.Asn1.Cms.SignerInfo(signerInfo.SignerID, signerInfo.DigestAlgorithm, signerInfo.AuthenticatedAttributes, signerInfo.DigestEncryptionAlgorithm, signerInfo.EncryptedDigest, new DerSet(asn1EncodableVector)), signerInformation.contentType, signerInformation.content, null));
}
public static SignerInformation AddCounterSigners(SignerInformation signerInformation, SignerInformationStore counterSigners)
{
Org.BouncyCastle.Asn1.Cms.SignerInfo signerInfo = signerInformation.info;
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInformation.UnsignedAttributes;
Asn1EncodableVector asn1EncodableVector = ((unsignedAttributes == null) ? new Asn1EncodableVector() : unsignedAttributes.ToAsn1EncodableVector());
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector();
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)counterSigners.GetSigners()).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
SignerInformation signerInformation2 = (SignerInformation)enumerator.get_Current();
asn1EncodableVector2.Add(signerInformation2.ToSignerInfo());
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
asn1EncodableVector.Add(new Attribute(CmsAttributes.CounterSignature, new DerSet(asn1EncodableVector2)));
return(new SignerInformation(new Org.BouncyCastle.Asn1.Cms.SignerInfo(signerInfo.SignerID, signerInfo.DigestAlgorithm, signerInfo.AuthenticatedAttributes, signerInfo.DigestEncryptionAlgorithm, signerInfo.EncryptedDigest, new DerSet(asn1EncodableVector)), signerInformation.contentType, signerInformation.content, null));
}
internal SignerInformation(Org.BouncyCastle.Asn1.Cms.SignerInfo info, DerObjectIdentifier contentType, CmsProcessable content, IDigestCalculator digestCalculator)
{
this.info = info;
this.sid = new SignerID();
this.contentType = contentType;
this.isCounterSignature = (contentType == null);
try
{
SignerIdentifier signerID = info.SignerID;
if (signerID.IsTagged)
{
Asn1OctetString instance = Asn1OctetString.GetInstance(signerID.ID);
this.sid.SubjectKeyIdentifier = instance.GetEncoded();
}
else
{
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber instance2 = Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber.GetInstance(signerID.ID);
this.sid.Issuer = instance2.Name;
this.sid.SerialNumber = instance2.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.digestCalculator = digestCalculator;
}
public static SignerInformation ReplaceUnsignedAttributes(SignerInformation signerInformation, Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes)
{
Org.BouncyCastle.Asn1.Cms.SignerInfo signerInfo = signerInformation.info;
Asn1Set unauthenticatedAttributes = null;
if (unsignedAttributes != null)
{
unauthenticatedAttributes = new DerSet(unsignedAttributes.ToAsn1EncodableVector());
}
return(new SignerInformation(new Org.BouncyCastle.Asn1.Cms.SignerInfo(signerInfo.SignerID, signerInfo.DigestAlgorithm, signerInfo.AuthenticatedAttributes, signerInfo.DigestEncryptionAlgorithm, signerInfo.EncryptedDigest, unauthenticatedAttributes), signerInformation.contentType, signerInformation.content, null));
}
public SignerInformationStore GetCounterSignatures()
{
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = UnsignedAttributes;
if (unsignedAttributes == null)
{
return(new SignerInformationStore((global::System.Collections.ICollection)Platform.CreateArrayList(0)));
}
global::System.Collections.IList list = Platform.CreateArrayList();
Asn1EncodableVector all = unsignedAttributes.GetAll(CmsAttributes.CounterSignature);
global::System.Collections.IEnumerator enumerator = all.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
Attribute attribute = (Attribute)enumerator.get_Current();
Asn1Set attrValues = attribute.AttrValues;
_ = attrValues.Count;
_ = 1;
{
global::System.Collections.IEnumerator enumerator2 = attrValues.GetEnumerator();
try
{
while (enumerator2.MoveNext())
{
Asn1Encodable asn1Encodable = (Asn1Encodable)enumerator2.get_Current();
Org.BouncyCastle.Asn1.Cms.SignerInfo instance = Org.BouncyCastle.Asn1.Cms.SignerInfo.GetInstance(asn1Encodable.ToAsn1Object());
string digestAlgName = CmsSignedHelper.Instance.GetDigestAlgName(instance.DigestAlgorithm.Algorithm.Id);
list.Add((object)new SignerInformation(instance, null, null, new CounterSignatureDigestCalculator(digestAlgName, GetSignature())));
}
}
finally
{
global::System.IDisposable disposable2 = enumerator2 as global::System.IDisposable;
if (disposable2 != null)
{
disposable2.Dispose();
}
}
}
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
return(new SignerInformationStore((global::System.Collections.ICollection)list));
}
private bool CheckForVersion3(
Asn1Set signerInfs)
{
foreach (object obj in signerInfs)
{
SignerInfo s = SignerInfo.GetInstance(obj);
if (s.Version.Value.IntValue == 3)
{
return(true);
}
}
return(false);
}
internal SignerInformation(
SignerInfo info,
DerObjectIdentifier contentType,
CmsProcessable content,
IDigestCalculator digestCalculator)
{
this.info = info;
this.sid = new SignerID();
this.contentType = contentType;
this.isCounterSignature = contentType == null;
try
{
SignerIdentifier s = info.SignerID;
if (s.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID);
sid.SubjectKeyIdentifier = octs.GetEncoded();
}
else
{
Asn1.Cms.IssuerAndSerialNumber iAnds =
Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID);
sid.Issuer = iAnds.Name;
sid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.digestCalculator = digestCalculator;
}
public SignerInformationStore GetCounterSignatures()
{
Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = this.UnsignedAttributes;
if (unsignedAttributes == null)
{
return(new SignerInformationStore(Platform.CreateArrayList(0)));
}
IList list = Platform.CreateArrayList();
Asn1EncodableVector all = unsignedAttributes.GetAll(CmsAttributes.CounterSignature);
foreach (Org.BouncyCastle.Asn1.Cms.Attribute attribute in all)
{
Asn1Set attrValues = attribute.AttrValues;
int arg_53_0 = attrValues.Count;
foreach (Asn1Encodable asn1Encodable in attrValues)
{
Org.BouncyCastle.Asn1.Cms.SignerInfo instance = Org.BouncyCastle.Asn1.Cms.SignerInfo.GetInstance(asn1Encodable.ToAsn1Object());
string digestAlgName = CmsSignedHelper.Instance.GetDigestAlgName(instance.DigestAlgorithm.ObjectID.Id);
list.Add(new SignerInformation(instance, null, null, new CounterSignatureDigestCalculator(digestAlgName, this.GetSignature())));
}
}
return(new SignerInformationStore(list));
}
private SignerInfo GetSignerInfo()
{
if (_signedData.SignerInfos.Count != 1)
Console.WriteLine("WARNING: found {0} signerInfos", _signedData.SignerInfos.Count);
SignerInfo info = new SignerInfo((Asn1Sequence)_signedData.SignerInfos[0]);
return info;
}
/// <summary>
/// Generates PKCS#7 signature of specified data
/// </summary>
/// <param name="data">Data to be signed</param>
/// <param name="detached">Flag indicating whether detached signature should be produced</param>
/// <param name="signingCertificate">Signing certificate</param>
/// <param name="certPath">Certification path for signing certificate</param>
/// <returns>DER encoded PKCS#7 signature of specified data</returns>
public byte[] GenerateSignature(byte[] data, bool detached, BCX509.X509Certificate signingCertificate, ICollection<BCX509.X509Certificate> certPath)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
string hashOid = GetHashOid(_hashAlgorihtm);
IDigest hashGenerator = GetHashGenerator(_hashAlgorihtm);
// Compute hash of input data
byte[] dataHash = ComputeDigest(hashGenerator, data);
// Construct SignerInfo.signedAttrs
Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector();
// Add PKCS#9 contentType signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(OID.PKCS9AtContentType),
new DerSet(new DerObjectIdentifier(OID.PKCS7IdData))));
// Add PKCS#9 messageDigest signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(OID.PKCS9AtMessageDigest),
new DerSet(new DerOctetString(dataHash))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(OID.PKCS9AtSigningTime),
new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow)))));
DerSet signedAttributes = new DerSet(signedAttributesVector);
// Sign SignerInfo.signedAttrs with PKCS#1 v1.5 RSA signature using private key stored on PKCS#11 compatible device
byte[] pkcs1Digest = ComputeDigest(hashGenerator, signedAttributes.GetDerEncoded());
byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid);
byte[] pkcs1Signature = null;
using (Session session = _slot.OpenSession(true))
using (Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS))
pkcs1Signature = session.Sign(mechanism, _privateKeyHandle, pkcs1DigestInfo);
// Construct SignerInfo
SignerInfo signerInfo = new SignerInfo(
new SignerIdentifier(new IssuerAndSerialNumber(signingCertificate.IssuerDN, signingCertificate.SerialNumber)),
new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null),
signedAttributes,
new AlgorithmIdentifier(new DerObjectIdentifier(OID.PKCS1RsaEncryption), null),
new DerOctetString(pkcs1Signature),
null);
// Construct SignedData.digestAlgorithms
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
new DerObjectIdentifier(OID.PKCS7IdData),
(detached) ? null : new DerOctetString(data));
// Construct SignedData.certificates
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
foreach (BCX509.X509Certificate cert in certPath)
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
new DerSet(digestAlgorithmsVector),
encapContentInfo,
new BerSet(certificatesVector),
null,
new DerSet(signerInfosVector));
// Construct top level ContentInfo
ContentInfo contentInfo = new ContentInfo(
new DerObjectIdentifier(OID.PKCS7IdSignedData),
signedData);
return contentInfo.GetDerEncoded();
}
//var bcCert = CertificateUtilities.BuildBouncyCastleCollection(signingCertificates);
//ICollection<Org.BouncyCastle.X509.X509Certificate>
private SignedData CreateSignature(
Session session,
byte[] content,
X509Certificate2Collection signingCertificates)
{
var digestOid = ToDigestAlgorithmOid(DigestAlgorithm).Value;
var hashGenerator = GetHashGenerator(DigestAlgorithm);
var dataHash = ComputeDigest(hashGenerator, content);
// Construct SignerInfo.signedAttrs
var signedAttributesVector = new Asn1EncodableVector();
// Add PKCS#9 contentType signed attribute as Data
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(PkcsObjectIdentifiers.Pkcs9AtContentType.Id),
new DerSet(new DerObjectIdentifier(PkcsObjectIdentifiers.Data.Id))));
// Add PKCS#9 messageDigest signed attribute with hash der string encoded
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(PkcsObjectIdentifiers.Pkcs9AtMessageDigest.Id),
new DerSet(new DerOctetString(dataHash))));
// Add PKCS#9 signingTime signed attribute
signedAttributesVector.Add(
new Org.BouncyCastle.Asn1.Cms.Attribute(
new DerObjectIdentifier(PkcsObjectIdentifiers.Pkcs9AtSigningTime.Id),
new DerSet(new Time(new DerUtcTime(DateTime.UtcNow)))));
var signedAttributes = new DerSet(signedAttributesVector);
// Sign SignerInfo.signedAttrs with PKCS#1 v1.5 RSA signature using private key stored on PKCS#11 compatible device
byte[] pkcs1Digest = ComputeDigest(hashGenerator, signedAttributes.GetDerEncoded());
byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, digestOid);
// Construct SignedData.digestAlgorithms
var digestAlgorithmsVector = new Asn1EncodableVector();
// Construct SignedData.certificates
var certificatesVector = new Asn1EncodableVector();
// Construct SignedData.signerInfos
var signerInfosVector = new Asn1EncodableVector();
// Construct SignedData.encapContentInfo
var encapContentInfo = new Org.BouncyCastle.Asn1.Cms.ContentInfo(
new DerObjectIdentifier(PkcsObjectIdentifiers.Data.Id),
null); //Always a detached signature.
foreach (var signingCertificate in signingCertificates)
{
var bcSigningCertificate = CertificateUtilities.ToBouncyCastleObject(signingCertificate.RawData);
// Get public key from certificate
var pubKeyParams = bcSigningCertificate.GetPublicKey(); //AsymmetricKeyParameter
if (!(pubKeyParams is RsaKeyParameters))
{
throw new NotSupportedException("Unsupported keys. Currently supporting RSA keys only.");
}
var rsaPubKeyParams = (RsaKeyParameters)pubKeyParams;
byte[] pkcs1Signature;
if (signingCertificate.HasPrivateKey)
{
pkcs1Signature = GeneratePkcs1Signature(signingCertificate, pkcs1DigestInfo);
}
else
{
pkcs1Signature = GeneratePkcs1Signature(session, rsaPubKeyParams, bcSigningCertificate, pkcs1DigestInfo);
}
// Construct SignerInfo
var signerInfo = new Org.BouncyCastle.Asn1.Cms.SignerInfo(
new SignerIdentifier(new IssuerAndSerialNumber(bcSigningCertificate.IssuerDN, bcSigningCertificate.SerialNumber)),
new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(new DerObjectIdentifier(digestOid), null),
signedAttributes,
new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(new DerObjectIdentifier(PkcsObjectIdentifiers.RsaEncryption.Id), null),
new DerOctetString(pkcs1Signature),
null);
digestAlgorithmsVector.Add(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(new DerObjectIdentifier(digestOid), null));
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(bcSigningCertificate.GetEncoded())));
signerInfosVector.Add(signerInfo.ToAsn1Object());
}
// Construct SignedData
var signedData = new SignedData(
new DerSet(digestAlgorithmsVector),
encapContentInfo,
new BerSet(certificatesVector),
null,
new DerSet(signerInfosVector));
return(signedData);
}
