internal SignerInfoEnumerator(SignerInfoCollection signerInfos) { Debug.Assert(signerInfos != null); _signerInfos = signerInfos; _position = -1; }
// only accessible from SignedPkcs7.SignerInfos internal SignerInfo(string hashName, X509Certificate2 certificate, SubjectIdentifierType type, object o, int version) { _digest = new Oid(CryptoConfig.MapNameToOID(hashName)); _certificate = certificate; _counter = new SignerInfoCollection(); _signed = new CryptographicAttributeObjectCollection(); _unsigned = new CryptographicAttributeObjectCollection(); _signer = new SubjectIdentifier(type, o); _version = version; }
// only accessible from SignedPkcs7.SignerInfos internal SignerInfo (string hashName, X509Certificate2 certificate, SubjectIdentifierType type, object o, int version) { _digest = new Oid (CryptoConfig.MapNameToOID (hashName)); _certificate = certificate; _counter = new SignerInfoCollection (); _signed = new CryptographicAttributeObjectCollection (); _unsigned = new CryptographicAttributeObjectCollection (); _signer = new SubjectIdentifier (type, o); _version = version; }
private static void CheckHashes(SignerInfoCollection signers) { if (signers == null || signers.Count < 1) { throw new CryptographicException(CAPI.CRYPT_E_NO_SIGNER); } foreach (SignerInfo signer in signers) { if (signer.SignerIdentifier.Type == SubjectIdentifierType.NoSignature) { signer.CheckHash(); } } }
private static void CheckHashes(SignerInfoCollection signers) { if ((signers == null) || (signers.Count < 1)) { throw new CryptographicException(-2146885618); } SignerInfoEnumerator enumerator = signers.GetEnumerator(); while (enumerator.MoveNext()) { SignerInfo current = enumerator.Current; if (current.SignerIdentifier.Type == SubjectIdentifierType.NoSignature) { current.CheckHash(); } } }
private static void CheckHashes(SignerInfoCollection signers) { if ((signers == null) || (signers.Count < 1)) { throw new CryptographicException(-2146885618); } SignerInfoEnumerator enumerator = signers.GetEnumerator(); while (enumerator.MoveNext()) { SignerInfo current = enumerator.Current; if (current.SignerIdentifier.Type == SubjectIdentifierType.NoSignature) { current.CheckHash(); } } }
private static void CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, bool verifySignatureOnly) { if (signers == null || signers.Count < 1) { throw new CryptographicException(CAPI.CRYPT_E_NO_SIGNER); } foreach (SignerInfo signer in signers) { signer.CheckSignature(extraStore, verifySignatureOnly); if (signer.CounterSignerInfos.Count > 0) { CheckSignatures(signer.CounterSignerInfos, extraStore, verifySignatureOnly); } } }
private static void CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, bool verifySignatureOnly) { if ((signers == null) || (signers.Count < 1)) { throw new CryptographicException(-2146885618); } SignerInfoEnumerator enumerator = signers.GetEnumerator(); while (enumerator.MoveNext()) { SignerInfo current = enumerator.Current; current.CheckSignature(extraStore, verifySignatureOnly); if (current.CounterSignerInfos.Count > 0) { CheckSignatures(current.CounterSignerInfos, extraStore, verifySignatureOnly); } } }
public static bool TryDecode(ReadOnlyMemory <byte> source, out Rfc3161TimestampToken token, out int bytesConsumed) { bytesConsumed = 0; token = null; try { ContentInfoAsn contentInfo = AsnSerializer.Deserialize <ContentInfoAsn>(source, AsnEncodingRules.BER, out int bytesActuallyRead); // https://tools.ietf.org/html/rfc3161#section-2.4.2 // // A TimeStampToken is as follows. It is defined as a ContentInfo // ([CMS]) and SHALL encapsulate a signed data content type. // // TimeStampToken::= ContentInfo // --contentType is id-signedData([CMS]) // --content is SignedData ([CMS]) if (contentInfo.ContentType != Oids.Pkcs7Signed) { return(false); } SignedCms cms = new SignedCms(); cms.Decode(source); // The fields of type EncapsulatedContentInfo of the SignedData // construct have the following meanings: // // eContentType is an object identifier that uniquely specifies the // content type. For a time-stamp token it is defined as: // // id-ct-TSTInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) // us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4} // // eContent is the content itself, carried as an octet string. // The eContent SHALL be the DER-encoded value of TSTInfo. if (cms.ContentInfo.ContentType.Value != Oids.TstInfo) { return(false); } // RFC3161: // The time-stamp token MUST NOT contain any signatures other than the // signature of the TSA. The certificate identifier (ESSCertID) of the // TSA certificate MUST be included as a signerInfo attribute inside a // SigningCertificate attribute. // RFC5816 says that ESSCertIDv2 should be allowed instead. SignerInfoCollection signerInfos = cms.SignerInfos; if (signerInfos.Count != 1) { return(false); } SignerInfo signer = signerInfos[0]; EssCertId certId; EssCertIdV2 certId2; if (!TryGetCertIds(signer, out certId, out certId2)) { return(false); } X509Certificate2 signerCert = signer.Certificate; if (signerCert == null && signer.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) { // If the cert wasn't provided, but the identifier was IssuerAndSerialNumber, // and the ESSCertId(V2) has specified an issuerSerial value, ensure it's a match. X509IssuerSerial issuerSerial = (X509IssuerSerial)signer.SignerIdentifier.Value; if (certId?.IssuerSerial != null) { if (!IssuerAndSerialMatch( certId.IssuerSerial.Value, issuerSerial.IssuerName, issuerSerial.SerialNumber)) { return(false); } } if (certId2?.IssuerSerial != null) { if (!IssuerAndSerialMatch( certId2.IssuerSerial.Value, issuerSerial.IssuerName, issuerSerial.SerialNumber)) { return(false); } } } Rfc3161TimestampTokenInfo tokenInfo; if (Rfc3161TimestampTokenInfo.TryDecode(cms.ContentInfo.Content, out tokenInfo, out _)) { if (signerCert != null && !CheckCertificate(signerCert, signer, certId, certId2, tokenInfo)) { return(false); } token = new Rfc3161TimestampToken { _parsedDocument = cms, _signerInfo = signer, _essCertId = certId, _essCertIdV2 = certId2, TokenInfo = tokenInfo, }; bytesConsumed = bytesActuallyRead; return(true); } } catch (CryptographicException) { } return(false); }
// constructors public SignedCms() { _certs = new X509Certificate2Collection(); _info = new SignerInfoCollection(); }
internal SignerInfoEnumerator(SignerInfoCollection signerInfos) { this.m_signerInfos = signerInfos; this.m_current = -1; }
private static void CheckHashes (SignerInfoCollection signers) { if (signers == null || signers.Count < 1) throw new CryptographicException(CAPI.CRYPT_E_NO_SIGNER); foreach (SignerInfo signer in signers) { if (signer.SignerIdentifier.Type == SubjectIdentifierType.NoSignature) signer.CheckHash(); } }
private static void CheckSignatures (SignerInfoCollection signers, X509Certificate2Collection extraStore, bool verifySignatureOnly) { if (signers == null || signers.Count < 1) throw new CryptographicException(CAPI.CRYPT_E_NO_SIGNER); foreach (SignerInfo signer in signers) { signer.CheckSignature(extraStore, verifySignatureOnly); if (signer.CounterSignerInfos.Count > 0) CheckSignatures(signer.CounterSignerInfos, extraStore, verifySignatureOnly); } }
// constructors public SignedCms () { _certs = new X509Certificate2Collection (); _info = new SignerInfoCollection (); }
/// <summary> /// Checks that a collection of signature was signed by the signer certificate. /// </summary> /// <param name="signers">The collection of <see cref="SignerInfo"/> to check</param> /// <param name="signerCertificate">The signer certificate that purports to sign the entity</param> /// <exception cref="SignatureException">If the entity was not signed by the claimed certificate</exception> public void CheckSignature(SignerInfoCollection signers, X509Certificate2 signerCertificate) { if (signerCertificate == null) { throw new SignatureException(SignatureError.NoCertificates); } if (signers == null || signers.Count == 0) { throw new SignatureException(SignatureError.NoSigners); } // // Find the signer // SignerInfo signer = signers.FindByThumbprint(signerCertificate.Thumbprint); if (signer == null) { throw new SignatureException(SignatureError.NoSigners); } signer.CheckSignature(true); }
internal SignerInfoEnumerator(SignerInfoCollection signerInfos) { this.m_signerInfos = signerInfos; this.m_current = -1; }
private static void CheckSignatures(SignerInfoCollection signers, X509Certificate2Collection extraStore, bool verifySignatureOnly) { if ((signers == null) || (signers.Count < 1)) { throw new CryptographicException(-2146885618); } SignerInfoEnumerator enumerator = signers.GetEnumerator(); while (enumerator.MoveNext()) { SignerInfo current = enumerator.Current; current.CheckSignature(extraStore, verifySignatureOnly); if (current.CounterSignerInfos.Count > 0) { CheckSignatures(current.CounterSignerInfos, extraStore, verifySignatureOnly); } } }