Inheritance: Pkcs9AttributeObject
Exemplo n.º 1
        /// <summary>
        /// Create a byte array containing a signed S/MIME message.
        /// </summary>
        /// <param name="buffer">A byte array to streamline bit shuffling.</param>
        /// <param name="contentBytes">The contents of the envelope to be encrypted.</param>
        /// <param name="message">An OpaqueMail.MailMessage that contains the message to send.</param>
        /// <param name="alreadyEncrypted">Whether a portion of the message has previously been signed, as when triple wrapping.</param>
        private byte[] SmimeSign(byte[] buffer, byte[] contentBytes, MailMessage message, bool alreadyEncrypted)
            if (message.SmimeSigningCertificate == null)
                // If the implementation requires S/MIME signing (the default), throw an error if there's no certificate.
                if ((message.SmimeSettingsMode & SmimeSettingsMode.RequireExactSettings) > 0)
                    throw new SmtpException("Trying to send a signed message, but no signing certificate has been assigned.");
                    return contentBytes;

            // First, create a buffer for tracking the unsigned portion of this message.
            StringBuilder unsignedMessageBuilder = new StringBuilder(Constants.SMALLSBSIZE);

            // If triple wrapping, the previous layer was an encrypted envelope and needs to be Base64 encoded.
            if (alreadyEncrypted)
                unsignedMessageBuilder.Append("Content-Type: application/pkcs7-mime; smime-type=enveloped-data;\r\n\tname=\"smime.p7m\"\r\n");
                unsignedMessageBuilder.Append("Content-Transfer-Encoding: base64\r\n");
                unsignedMessageBuilder.Append("Content-Description: \"S/MIME Cryptographic envelopedCms\"\r\n");
                unsignedMessageBuilder.Append("Content-Disposition: attachment; filename=\"smime.p7m\"\r\n\r\n");


            // Prepare the signing parameters.
            ContentInfo contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(unsignedMessageBuilder.ToString()));
            SignedCms signedCms = new SignedCms(contentInfo, true);

            CmsSigner signer = new CmsSigner(message.SubjectIdentifierType, message.SmimeSigningCertificate);
            signer.IncludeOption = X509IncludeOption.WholeChain;

            // Sign the current time.
            if ((message.SmimeSigningOptionFlags & SmimeSigningOptionFlags.SignTime) > 0)
                Pkcs9SigningTime signingTime = new Pkcs9SigningTime();

            // Encode the signed message.
            byte[] signedBytes = signedCms.Encode();

            // Embed the signed and original version of the message using MIME.
            StringBuilder messageBuilder = new StringBuilder(Constants.SMALLSBSIZE);

            // Build the MIME message by embedding the unsigned and signed portions.
            messageBuilder.Append("This is a multi-part S/MIME signed message.\r\n\r\n");
            messageBuilder.Append("--" + (alreadyEncrypted ? SmimeTripleSignedCmsBoundaryName : SmimeSignedCmsBoundaryName) + "\r\n");
            messageBuilder.Append("\r\n--" + (alreadyEncrypted ? SmimeTripleSignedCmsBoundaryName : SmimeSignedCmsBoundaryName) + "\r\n");
            messageBuilder.Append("Content-Type: application/x-pkcs7-signature; smime-type=signed-data; name=\"smime.p7s\"\r\n");
            messageBuilder.Append("Content-Transfer-Encoding: base64\r\n");
            messageBuilder.Append("Content-Description: \"S/MIME Cryptographic signedCms\"\r\n");
            messageBuilder.Append("Content-Disposition: attachment; filename=\"smime.p7s\"\r\n\r\n");
            messageBuilder.Append(Functions.ToBase64String(signedBytes, 0, signedBytes.Length));
            messageBuilder.Append("\r\n--" + (alreadyEncrypted ? SmimeTripleSignedCmsBoundaryName : SmimeSignedCmsBoundaryName) + "--\r\n");

            return Encoding.UTF8.GetBytes(messageBuilder.ToString());
Exemplo n.º 2
        CmsSigner CreateSigner(X509Certificate2 cert)
            CmsSigner signer = new CmsSigner(cert)
                                       IncludeOption = m_certChainInclude,
                                       DigestAlgorithm = ToDigestAlgorithmOid(m_digestAlgorithm)

            Pkcs9SigningTime signingTime = new Pkcs9SigningTime();

            return signer;
Exemplo n.º 3
		public void Constructor_DateTime_Now () 
			Pkcs9SigningTime st = new Pkcs9SigningTime (DateTime.UtcNow);
			Assert.AreEqual (signingTimeName, st.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (signingTimeOid, st.Oid.Value, "Oid.Value");
			Assert.AreEqual (15, st.RawData.Length, "RawData.Length");
			Assert.AreEqual (BitConverter.ToString (st.RawData).ToLower ().Replace ("-", " "), st.Format (true), "Format(true)");
			Assert.AreEqual (BitConverter.ToString (st.RawData).ToLower ().Replace ("-", " "), st.Format (false), "Format(false)");
Exemplo n.º 4
		public void CopyFrom_Bad ()
			Pkcs9SigningTime st = new Pkcs9SigningTime (mono10release);
			Pkcs9DocumentName dn = new Pkcs9DocumentName ("Mono");
			st.CopyFrom (dn);
			Assert.AreEqual (dn.Oid.FriendlyName, st.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (dn.Oid.Value, st.Oid.Value, "Oid.Value");
			Assert.AreEqual (BitConverter.ToString (dn.RawData), BitConverter.ToString (st.RawData), "RawData");
			// wrong ASN.1
			Assert.AreEqual (mono10release, st.SigningTime, "SigningTime");
Exemplo n.º 5
 public static void SigningTimeFromRawData()
     DateTime dateTime = new DateTime(2015, 4, 1);
     byte[] rawData = "170d3135303430313030303030305a".HexToByteArray();
     Pkcs9SigningTime p = new Pkcs9SigningTime(rawData);
     Assert.Equal(rawData, p.RawData);
     DateTime cookedData = p.SigningTime;
     Assert.Equal(dateTime, cookedData);
     string oid = p.Oid.Value;
     Assert.Equal(s_OidSigningTime, oid);
Exemplo n.º 6
        /// <summary>
        /// Проверка файла с подписью на валидность подписи
        /// </summary>
        /// <returns>Сообщения (или ошибки) о проверки подписи</returns>
        public ValidationResult Verify()
            var result = new ValidationResult();

            if (this.Signature == null)
                result.AddError("Отсутствует файл с подписью!");
                return result;

            //Создаем пакет с подписью для проверки самой подписи
            SignedCms cms = null;

            if (this.Detached)
            {//отсоединенная подпись

                //создаем контейнер с оригинальными данными, подпись которых будет проверяться
                ContentInfo content = new ContentInfo(this.Original);

                //формируем пакет с оригинальными данными и параметрами подписи
                cms = new SignedCms(content, true);
            {// присоединенная подпись

                //формируем пустой пакет с данными
                //так как в случае присоединенной подписи
                //данные содержатся в самом подписанном файле
                cms = new SignedCms();

                //декодируем файл, содержащий подпись
                //если вылетает ошибка - значит подпись не верна!!!

                //возможно, информация о подписаниях отсутствует
                if (cms.SignerInfos.Count <= 0)
                    result.AddError("Нет информации о подписях (возможно файл не подписан)");
                    return result;

                result.AddInfo("Электронная Подпись Вернa.");
                result.Add("Файл подписан следующим(и) сертификатом(и):");

                foreach (SignerInfo si in cms.SignerInfos)
                    var certificate = new Certificate(si.Certificate);
                    if (_certificate == null)
                        _certificate = certificate;

                    result.Add(certificate.SerialNumber + " [" + certificate.Thumbprint + "]");

                    //дергаем время подписания документа текущей подписью
                    for (int i = 0; i < si.SignedAttributes.Count; i++)
                        if (si.SignedAttributes[i].Oid.Value == "1.2.840.113549.1.9.5") // Oid время подписания
                            Pkcs9SigningTime pkcs9_time = new Pkcs9SigningTime(si.SignedAttributes[i].Values[0].RawData);
                            result.Add("Дата и Время подписания:  " + pkcs9_time.SigningTime.ToString());
                result.AddError("Подпись НЕ верна!");

            return result;
Exemplo n.º 7
		public void CopyFrom_SigningTime_OidRaw ()
			Pkcs9SigningTime st = new Pkcs9SigningTime (DateTime.UtcNow);
			Pkcs9AttributeObject a = new Pkcs9AttributeObject ();
			a.CopyFrom (new AsnEncodedData (st.Oid, st.RawData));
Exemplo n.º 8
		public void Constructor_DateTime_1601 ()
			DateTime dt = new DateTime (1601, 01, 01, 00, 00, 00);
			Pkcs9SigningTime st = new Pkcs9SigningTime (dt);
Exemplo n.º 9
		public void Constructor_DateTime_Before2050 ()
			DateTime dt = new DateTime (2049, 12, 31, 11, 59, 59);
			// up to 2050 encoding should stay with UTCTIME (0x17), i.e. 2 digits years
			Pkcs9SigningTime st = new Pkcs9SigningTime (dt);
			Assert.AreEqual (signingTimeName, st.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (signingTimeOid, st.Oid.Value, "Oid.Value");
			Assert.AreEqual (15, st.RawData.Length, "RawData.Length");
			Assert.AreEqual ("17-0D-34-39-31-32-33-31-31-31-35-39-35-39-5A", BitConverter.ToString (st.RawData));
			Assert.AreEqual (dt, st.SigningTime, "st.SigningTime");
			Assert.AreEqual ("17 0d 34 39 31 32 33 31 31 31 35 39 35 39 5a", st.Format (true), "Format(true)");
			Assert.AreEqual ("17 0d 34 39 31 32 33 31 31 31 35 39 35 39 5a", st.Format (false), "Format(false)");
Exemplo n.º 10
		public void Constructor_DateTime_After1950 ()
			DateTime dt = new DateTime (1950, 01, 01, 00, 00, 00);
			// UTCTIME (0x17), i.e. 2 digits years, limited to 1950-2050
			Pkcs9SigningTime st = new Pkcs9SigningTime (dt);
			Assert.AreEqual (signingTimeName, st.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (signingTimeOid, st.Oid.Value, "Oid.Value");
			Assert.AreEqual (15, st.RawData.Length, "RawData.Length");
			Assert.AreEqual ("17-0D-35-30-30-31-30-31-30-30-30-30-30-30-5A", BitConverter.ToString (st.RawData));
			Assert.AreEqual (dt, st.SigningTime, "st.SigningTime");
			Assert.AreEqual ("17 0d 35 30 30 31 30 31 30 30 30 30 30 30 5a", st.Format (true), "Format(true)");
			Assert.AreEqual ("17 0d 35 30 30 31 30 31 30 30 30 30 30 30 5a", st.Format (false), "Format(false)");
Exemplo n.º 11
		public void Constructor_DateTime_Before1950 ()
			DateTime dt = new DateTime (1949, 12, 31, 11, 59, 59);
			// UTCTIME (0x17), i.e. 2 digits years, limited to 1950-2050
			Pkcs9SigningTime st = new Pkcs9SigningTime (dt);
Exemplo n.º 12
        /// <summary>
        /// 연대 서명과 관련된 정보를 반환합니다.
        /// </summary>
        /// <param name="filePath">연대 서명이 포함된 파일의 경로입니다.</param>
        /// <param name="counterCertificate">연대 서명의 인증서입니다.</param>
        /// <param name="signingTime">UTC+0 기준에서의 서명 시간입니다.</param>
        public static bool GetCounterSignerInfo(string filePath, ref X509Certificate2 counterCertificate, ref Pkcs9SigningTime signingTime)
                int encodingType;
                int contentType;
                int formatType;
                IntPtr certStore = IntPtr.Zero;
                IntPtr cryptMsg = IntPtr.Zero;
                IntPtr context = IntPtr.Zero;

                if (!CryptQueryObject(
                    out encodingType,
                    out contentType,
                    out formatType,
                    ref certStore,
                    ref cryptMsg,
                    ref context))
                    throw new Win32Exception(Marshal.GetLastWin32Error());

                /* contentType = 10; CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
                 * encodingType = 65537; PKCS_7_ASN_ENCODING | X509_ASN_ENCODING (65536 + 1)

                //Console.WriteLine("Querying file '{0}':", filePath);
                //Console.WriteLine("  Encoding Type: {0}", encodingType);
                //Console.WriteLine("  Content Type: {0}", contentType);
                //Console.WriteLine("  Format Type: {0}", formatType);
                //Console.WriteLine("  Cert Store: {0}", certStore.ToInt32());
                //Console.WriteLine("  Crypt Msg: {0}", cryptMsg.ToInt32());
                //Console.WriteLine("  Context: {0}", context.ToInt32());

                // Get size of the encoded message.
                int cbData = 0;
                if (!CryptMsgGetParam(
                    ref cbData))
                    throw new Win32Exception(Marshal.GetLastWin32Error());

                var vData = new byte[cbData];

                // Get the encoded message.
                if (!CryptMsgGetParam(
                    ref cbData))
                    throw new Win32Exception(Marshal.GetLastWin32Error());

                var signedCms = new SignedCms();

                foreach (var signerInfo in signedCms.SignerInfos)
                    foreach (var unsignedAttribute in signerInfo.UnsignedAttributes)
                        if (unsignedAttribute.Oid.Value != szOID_RSA_counterSign) continue;

                        // 하나 이상의 연대 서명이 존재하는 파일이 만약 있다면 Collection을 반환하도록 다시 짜야함
                        foreach (var counterSignInfo in signerInfo.CounterSignerInfos)
                            // 연대 서명 정보 얻는 부분
                            counterCertificate = counterSignInfo.Certificate;   // 연대 서명의 인증서

                            foreach (var signedAttribute in counterSignInfo.SignedAttributes)
                                if (signedAttribute.Oid.Value == szOID_RSA_signingTime)
                                    // 연대 서명의 서명시간
                                    signingTime = (Pkcs9SigningTime)signedAttribute.Values[0];
                                    //Console.Out.WriteLine("Signing Time UTC: " + signingTime.SigningTime);

            catch (Win32Exception ex)
                // 해당 파일에 연대 서명 정보가 없는 경우
                if (ex.HResult == -2147467259) // ex.HResult == 0x80004005
                    return false;
                throw;  // 겪어본 적 없는 예외

            return true;
Exemplo n.º 13
        public static void SigningTimeFromCookedData()
            DateTime dateTime = new DateTime(2015, 4, 1);
            Pkcs9SigningTime p = new Pkcs9SigningTime(dateTime);
            string oid = p.Oid.Value;
            Assert.Equal(s_OidSigningTime, oid);

            Pkcs9SigningTime p2 = new Pkcs9SigningTime(p.RawData);
            DateTime cookedData = p2.SigningTime;
            Assert.Equal(dateTime, cookedData);
Exemplo n.º 14
		public void Constructor_DateTime_MinValue () 
			Pkcs9SigningTime st = new Pkcs9SigningTime (DateTime.MinValue);
Exemplo n.º 15
		public void Constructor_DateTime_After2050 ()
			DateTime dt = new DateTime (2050, 01, 01, 00, 00, 00);
			// in 2050 encoding should switch to GENERALIZEDTIME (0x18), i.e. 4 digits years
			Pkcs9SigningTime st = new Pkcs9SigningTime (dt);
Exemplo n.º 16
		public void Constructor_DateTime_1600 ()
			DateTime dt = new DateTime (1600, 12, 31, 11, 59, 59);
			Pkcs9SigningTime st = new Pkcs9SigningTime (dt);
Exemplo n.º 17
		public void Constructor_DateTime ()
			Pkcs9SigningTime st = new Pkcs9SigningTime (mono10release);
			Assert.AreEqual (signingTimeName, st.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (signingTimeOid, st.Oid.Value, "Oid.Value");
			Assert.AreEqual (15, st.RawData.Length, "RawData.Length");
			Assert.AreEqual ("17-0D-30-34-30-36-33-30-30-34-30-30-30-30-5A", BitConverter.ToString (st.RawData), "RawData");
			Assert.AreEqual (mono10release, st.SigningTime, "st.SigningTime");
			Assert.AreEqual ("17 0d 30 34 30 36 33 30 30 34 30 30 30 30 5a", st.Format (true), "Format(true)");
			Assert.AreEqual ("17 0d 30 34 30 36 33 30 30 34 30 30 30 30 5a", st.Format (false), "Format(false)");
Exemplo n.º 18
        /// <summary>
        /// </summary>
        /// <param name="message"></param>
        /// <param name="signingCertificate"></param>
        /// <param name="encryptionCertificate"></param>
        /// <returns></returns>
        internal static byte[] GetSignature(Byte[] message, X509Certificate2 signingCertificate, X509Certificate2 encryptionCertificate)
            SignedCms signedCms = new SignedCms(new ContentInfo(message), true);

            CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signingCertificate);
            cmsSigner.IncludeOption = X509IncludeOption.WholeChain;

            if (encryptionCertificate != null)

            Pkcs9SigningTime signingTime = new Pkcs9SigningTime();

            signedCms.ComputeSignature(cmsSigner, false);

            return signedCms.Encode();
Exemplo n.º 19
		public void Constructor_Bytes () 
			byte[] date = new byte [15] { 0x17, 0x0D, 0x30, 0x34, 0x30, 0x36, 0x33, 0x30, 0x30, 0x34, 0x30, 0x30, 0x30, 0x30, 0x5A };
			Pkcs9SigningTime st = new Pkcs9SigningTime (date);
			Assert.AreEqual (signingTimeName, st.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (signingTimeOid, st.Oid.Value, "Oid.Value");
			Assert.AreEqual (15, st.RawData.Length, "RawData.Length");
			Assert.AreEqual ("17-0D-30-34-30-36-33-30-30-34-30-30-30-30-5A", BitConverter.ToString (st.RawData), "RawData");
			Assert.AreEqual (mono10release, st.SigningTime, "st.SigningTime");
			Assert.AreEqual ("17 0d 30 34 30 36 33 30 30 34 30 30 30 30 5a", st.Format (true), "Format(true)");
			Assert.AreEqual ("17 0d 30 34 30 36 33 30 30 34 30 30 30 30 5a", st.Format (false), "Format(false)");
Exemplo n.º 20
        private bool VerifySignatureTimestamp(XmlElement signatureNode, XmlNamespaceManager nsm, out DateTime verificationTime)
            verificationTime = DateTime.Now;

            XmlElement node = signatureNode.SelectSingleNode("ds:Object/as:Timestamp", nsm) as XmlElement;
            if (node != null)
                string encodedMessage = node.InnerText;

                if (!string.IsNullOrEmpty(encodedMessage))
                    byte[] base64DecodedMessage = null;
                        base64DecodedMessage = Convert.FromBase64String(encodedMessage);
                    catch (FormatException)
                        _authenticodeSignerInfo.ErrorCode = Win32.TRUST_E_TIME_STAMP;
                        throw new CryptographicException(Win32.TRUST_E_TIME_STAMP);
                    if (base64DecodedMessage != null)
                        // Create a new, nondetached SignedCms message.
                        SignedCms signedCms = new SignedCms();

                        // Verify the signature without validating the 
                        // certificate.

                        byte[] signingTime = null;
                        CryptographicAttributeObjectCollection caos = signedCms.SignerInfos[0].SignedAttributes;
                        foreach (CryptographicAttributeObject cao in caos)
                            if (0 == string.Compare(cao.Oid.Value, Win32.szOID_RSA_signingTime, StringComparison.Ordinal))
                                foreach (AsnEncodedData d in cao.Values)
                                    if (0 == string.Compare(d.Oid.Value, Win32.szOID_RSA_signingTime, StringComparison.Ordinal))
                                        signingTime = d.RawData;
                                        Pkcs9SigningTime time = new Pkcs9SigningTime(signingTime);
                                        verificationTime = time.SigningTime;
                                        return true;

            return false;
Exemplo n.º 21
		public void Constructor_Bytes_Null ()
			Pkcs9SigningTime st = new Pkcs9SigningTime (null);
 private void Initialize()
     _counterCertificateVerifier = new CertificateVerifier();
     _counterCertificate = null;
     SigningTime = null;
Exemplo n.º 23
//		[Ignore ("MS returns bad results (original time) - Mono needs to override CopyFrom to fix")]
		public void CopyFrom () 
			Pkcs9SigningTime st1 = new Pkcs9SigningTime (mono10release);
			Pkcs9SigningTime st2 = new Pkcs9SigningTime (DateTime.UtcNow);
			st1.CopyFrom (st2);
			Assert.AreEqual (st2.Oid.FriendlyName, st1.Oid.FriendlyName, "Oid.FriendlyName");
			Assert.AreEqual (st2.Oid.Value, st1.Oid.Value, "Oid.Value");
			Assert.AreEqual (BitConverter.ToString (st2.RawData), BitConverter.ToString (st1.RawData), "RawData");
			// Note: Some timing resolution is lost by goind to ASN.1
			Assert.AreEqual (st2.SigningTime.ToString (), st1.SigningTime.ToString (), "SigningTime");
Exemplo n.º 24
        /// <summary>
        /// Signs the signature request with the specified certificate, embeds all the specified additional certificates
        /// in the signature, and uses the provided additional certificates (along with the Operating
        /// System certificate store, if present) to build the full chain for the signing cert and
        /// embed that in the signature.
        /// </summary>
        /// <param name="signingCert">The certificate and private key to sign the document with</param>
        /// <param name="chainBuildingCertificates">Additional certificates to use when building the chain to embed</param>
        /// <param name="certificatesToEmbed">Additional certificates to add to the signature</param>
        public void Sign(X509Certificate2 signingCert, X509Certificate2Collection chainBuildingCertificates, X509Certificate2Collection certificatesToEmbed)
            if (_signature != null)
                throw new InvalidOperationException("A signature already exists");

            // Create the content info
            var content = new ContentInfo(Payload.Encode());

            // Create the signer
            var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, signingCert);
            var signingTime = new Pkcs9SigningTime(DateTime.UtcNow);
                new CryptographicAttributeObject(
                    new AsnEncodedDataCollection(signingTime)));

            // We do want the whole chain in the file, but we can't control how
            // CmsSigner builds the chain and add our additional certificates.
            // So, we tell it not to worry and we manually build the chain and
            // add it to the signer.
            signer.IncludeOption = X509IncludeOption.EndCertOnly;

            // Embed all the certificates in the CMS
            var chain = new X509Chain();
            if (chainBuildingCertificates != null)
            foreach (var element in chain.ChainElements)
                // Don't re-embed the signing certificate!
                if (!Equals(element.Certificate, signingCert))
            if (certificatesToEmbed != null)

            // Create the message and sign it
            // Use a local variable so that if the signature fails to compute, this object
            // remains in a "good" state.
            var cms = new SignedCms(content);
            _signature = cms;
Exemplo n.º 25
        public static void SigningTimeNullary()
            Pkcs9SigningTime p = new Pkcs9SigningTime();

            // the default constructor initializes with DateTime.Now. 
            string oid = p.Oid.Value;
            Assert.Equal(s_OidSigningTime, oid);