/// <summary>
/// ContentInfo constructor - with encapsulated content
/// </summary>
/// <param name="sigData">A ContentInfo containing a signedData object.</param>
public CmsSignedData(
ContentInfo sigData)
{
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
//
// this can happen if the signed message is sent simply to send a
// certificate chain.
//
Asn1Encodable content = signedData.EncapContentInfo.Content;
if (content != null)
{
if (content is Asn1OctetString)
{
this.signedContent = new CmsProcessableByteArray(signedData.EncapContentInfo.ContentType,
((Asn1OctetString)content).GetOctets());
}
else
{
this.signedContent = new Pkcs7ProcessableObject(signedData.EncapContentInfo.ContentType, content);
}
}
else
{
this.signedContent = null;
}
}
private CmsSignedData(
CmsSignedData c)
{
this.signedData = c.signedData;
this.contentInfo = c.contentInfo;
this.signedContent = c.signedContent;
this.signerInfoStore = c.signerInfoStore;
}
/// <summary>
/// ContentInfo constructor - with detached signature.
/// </summary>
/// <param name="signedContent">The content that was signed.</param>
/// <param name="sigData">A ContentInfo containing a signedData object.</param>
public CmsSignedData(
ICmsTypedData signedContent,
ContentInfo sigData)
{
this.signedContent = signedContent;
this.contentInfo = sigData;
this.signedData = SignedData.GetInstance(contentInfo.Content);
}
private CmsEnvelopedData doGenerate(
ICmsTypedData content,
ICipherBuilderWithKey<AlgorithmIdentifier> contentEncryptor)
{
Asn1EncodableVector recipientInfos = new Asn1EncodableVector();
AlgorithmIdentifier encAlgId;
Asn1OctetString encContent;
MemoryOutputStream bOut = new MemoryOutputStream();
try
{
ICipher cOut = contentEncryptor.BuildCipher(bOut);
content.Write(cOut.Stream);
cOut.Stream.Close();
}
catch (IOException e)
{
throw new CmsException(e.Message, e);
}
byte[] encryptedContent = bOut.ToArray();
encAlgId = contentEncryptor.AlgorithmDetails;
encContent = new BerOctetString(encryptedContent);
ISymmetricKey encKey = contentEncryptor.Key;
for (IEnumerator<IRecipientInfoGenerator> it = recipientInfoGenerators.GetEnumerator(); it.MoveNext();)
{
IRecipientInfoGenerator recipient = (IRecipientInfoGenerator)it.Current;
recipientInfos.Add(recipient.Generate(encKey));
}
EncryptedContentInfo eci = new EncryptedContentInfo(
content.ContentType,
encAlgId,
encContent);
Asn1Set unprotectedAttrSet = null;
if (unprotectedAttributeGenerator != null)
{
Asn1.Cms.AttributeTable attrTable = unprotectedAttributeGenerator.GetAttributes(new Dictionary<string, object>());
unprotectedAttrSet = new BerSet(attrTable.ToAsn1EncodableVector());
}
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.EnvelopedData,
new EnvelopedData(originatorInfo, new DerSet(recipientInfos), eci, unprotectedAttrSet));
return new CmsEnvelopedData(contentInfo);
}
private CmsEncryptedData doGenerate(
ICmsTypedData content,
ICipherBuilder <AlgorithmIdentifier> contentEncryptor)
{
AlgorithmIdentifier encAlgId;
Asn1OctetString encContent;
MemoryOutputStream bOut = new MemoryOutputStream();
try
{
ICipher cipher = contentEncryptor.BuildCipher(bOut);
content.Write(cipher.Stream);
cipher.Stream.Close();
}
catch (IOException)
{
throw new CmsException("");
}
byte[] encryptedContent = bOut.ToArray();
encAlgId = contentEncryptor.AlgorithmDetails;
encContent = new BerOctetString(encryptedContent);
EncryptedContentInfo eci = new EncryptedContentInfo(
content.ContentType,
encAlgId,
encContent);
Asn1Set unprotectedAttrSet = null;
if (unprotectedAttributeGenerator != null)
{
Asn1.Cms.AttributeTable attrTable = unprotectedAttributeGenerator.GetAttributes(new Dictionary <string, object>());
unprotectedAttrSet = new BerSet(attrTable.ToAsn1EncodableVector());
}
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.EncryptedData,
new EncryptedData(eci, unprotectedAttrSet));
return(new CmsEncryptedData(contentInfo));
}
internal SignerInformation(
Asn1.Cms.SignerInfo info,
DerObjectIdentifier contentType,
ICmsTypedData content,
byte[] digest)
{
this.info = info;
this.contentType = contentType;
this.isCounterSignature = contentType == null;
try
{
SignerIdentifier s = info.SignerID;
if (s.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID);
this.sid = new SignerID(octs.GetEncoded());
}
else
{
Asn1.Cms.IssuerAndSerialNumber iAnds =
Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID);
this.sid = new SignerID(iAnds.Name, iAnds.SerialNumber.Value);
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.resultDigest = digest;
}
/**
* generate a signed object that for a CMS Signed Data
* object - if encapsulate is true a copy
* of the message will be included in the signature. The content type
* is set according to the OID represented by the string signedContentType.
*/
public CmsSignedData Generate(
// FIXME Avoid accessing more than once to support CmsProcessableInputStream
ICmsTypedData content,
bool encapsulate)
{
// TODO
// if (signerInfs.isEmpty())
// {
// /* RFC 3852 5.2
// * "In the degenerate case where there are no signers, the
// * EncapsulatedContentInfo value being "signed" is irrelevant. In this
// * case, the content type within the EncapsulatedContentInfo value being
// * "signed" MUST be id-data (as defined in section 4), and the content
// * field of the EncapsulatedContentInfo value MUST be omitted."
// */
// if (encapsulate)
// {
// throw new IllegalArgumentException("no signers, encapsulate must be false");
// }
// if (!DATA.equals(eContentType))
// {
// throw new IllegalArgumentException("no signers, eContentType must be id-data");
// }
// }
//
// if (!DATA.equals(eContentType))
// {
// /* RFC 3852 5.3
// * [The 'signedAttrs']...
// * field is optional, but it MUST be present if the content type of
// * the EncapsulatedContentInfo value being signed is not id-data.
// */
// // TODO signedAttrs must be present for all signers
// }
Asn1EncodableVector digestAlgs = new Asn1EncodableVector();
Asn1EncodableVector signerInfos = new Asn1EncodableVector();
_digests.Clear(); // clear the current preserved digest state
//
// add the precalculated SignerInfo objects.
//
for (IEnumerator it = _signers.GetEnumerator(); it.MoveNext();)
{
SignerInformation signer = (SignerInformation)it.Current;
digestAlgs.Add(CmsUtilities.fixAlgID(signer.DigestAlgorithmID));
// TODO Verify the content type and calculated digest match the precalculated SignerInfo
signerInfos.Add(signer.ToAsn1Structure());
}
//
// add the SignerInfo objects
//
DerObjectIdentifier contentTypeOID = content.ContentType;
Asn1OctetString octs = null;
if (content.GetContent() != null)
{
MemoryOutputStream bOut = null;
if (encapsulate)
{
bOut = new MemoryOutputStream();
}
Stream cOut = CmsUtilities.attachSignersToOutputStream(_signerGens, bOut);
// Just in case it's unencapsulated and there are no signers!
cOut = CmsUtilities.getSafeOutputStream(cOut);
try
{
content.Write(cOut);
cOut.Close();
}
catch (IOException e)
{
throw new CmsException("data processing exception: " + e.Message, e);
}
if (encapsulate)
{
octs = new BerOctetString(bOut.ToArray());
}
}
for (IEnumerator it = _signerGens.GetEnumerator(); it.MoveNext();)
{
SignerInfoGenerator sGen = (SignerInfoGenerator)it.Current;
SignerInfo inf = sGen.Generate(contentTypeOID);
digestAlgs.Add(inf.DigestAlgorithm);
signerInfos.Add(inf);
byte[] calcDigest = sGen.getCalculatedDigest();
if (calcDigest != null)
{
_digests.Add(inf.DigestAlgorithm.Algorithm.Id, calcDigest);
}
}
Asn1Set certificates = null;
if (_certs.Count != 0)
{
certificates = CmsUtilities.CreateBerSetFromList(_certs);
}
Asn1Set certrevlist = null;
if (_crls.Count != 0)
{
certrevlist = CmsUtilities.CreateBerSetFromList(_crls);
}
ContentInfo encInfo = new ContentInfo(contentTypeOID, octs);
SignedData sd = new SignedData(
new DerSet(digestAlgs),
encInfo,
certificates,
certrevlist,
new DerSet(signerInfos));
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.SignedData, sd);
return(new CmsSignedData(content, contentInfo));
}
/**
* generate a signed object that for a CMS Signed Data object
*/
public CmsSignedData Generate(
ICmsTypedData content)
{
return(Generate(content, false));
}
/// <summary>
/// Generate an enveloped object that contains an CMS Enveloped Data object using the given provider.
/// </summary>
/// <param name="content">The content to be encrypted</param>
/// <param name="contentEncryptorBuilder">The symmetric key based encryptor to encrypt the content with.</param>
/// <returns>A new CMS EnvelopedData object.</returns>
public CmsEnvelopedData generate(
ICmsTypedData content,
ICipherBuilderWithKey<AlgorithmIdentifier> contentEncryptorBuilder)
{
return doGenerate(content, contentEncryptorBuilder);
}
/**
* generate an encrypted object that contains an Cms Encrypted Data structure.
*
* @param content the content to be encrypted
* @param contentEncryptor the symmetric key based encryptor to encrypt the content with.
*/
public CmsEncryptedData generate(
ICmsTypedData content,
ICipherBuilder <AlgorithmIdentifier> contentEncryptor)
{
return(doGenerate(content, contentEncryptor));
}
/// <summary>
/// Stream constructor - with detached signature.
/// </summary>
/// <param name="signedContent">The content that was signed.</param>
/// <param name="sigData">A stream representing a ContentInfo containing a signedData object.</param>
public CmsSignedData(
ICmsTypedData signedContent,
Stream sigData)
: this(signedContent, CmsUtilities.ReadContentInfo(sigData))
{
}
/// <summary>
/// Base constructor - with detached signature.
/// </summary>
/// <param name="signedContent">The content that was signed.</param>
/// <param name="sigBlock">A byte array containing a ContentInfo containing a signedData object.</param>
public CmsSignedData(
ICmsTypedData signedContent,
byte[] sigBlock)
: this(signedContent, CmsUtilities.ReadContentInfo(new MemoryStream(sigBlock, false)))
{
}
