protected virtual void CheckSignature(
IVerifierFactory verifier)
{
if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
{
throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
}
IStreamCalculator streamCalculator = verifier.CreateCalculator();
try
{
byte[] b = this.cert.ACInfo.GetEncoded();
streamCalculator.Stream.Write(b, 0, b.Length);
Platform.Dispose(streamCalculator.Stream);
}
catch (IOException e)
{
throw new SignatureException("Exception encoding certificate info object", e);
}
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
/// <summary>
/// Validate the signature on the Pkcs10 certification request in this holder.
/// </summary>
/// <param name="verifierProvider">A ContentVerifierProvider that can generate a verifier for the signature.</param>
/// <returns>true if the signature is valid, false otherwise.</returns>
public bool IsSignatureValid(IVerifierFactoryProvider <AlgorithmIdentifier> verifierProvider)
{
CertificationRequestInfo requestInfo = certificationRequest.GetCertificationRequestInfo();
IStreamCalculator <IVerifier> calculator;
try
{
IVerifierFactory <AlgorithmIdentifier> verifier = verifierProvider.CreateVerifierFactory(certificationRequest.SignatureAlgorithm);
calculator = verifier.CreateCalculator();
Stream sOut = calculator.Stream;
byte[] data = requestInfo.GetEncoded(Asn1Encodable.Der);
sOut.Write(data, 0, data.Length);
sOut.Close();
return(calculator.GetResult().IsVerified(this.GetSignature()));
}
catch (Exception e)
{
throw new PkcsException("unable to process signature: " + e.Message, e);
}
}
protected virtual void CheckSignature(IVerifierFactory verifier)
{
//IL_0063: Expected O, but got Unknown
if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
{
throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
}
IStreamCalculator streamCalculator = verifier.CreateCalculator();
try
{
byte[] encoded = cert.ACInfo.GetEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
Platform.Dispose(streamCalculator.Stream);
}
catch (IOException val)
{
IOException exception = val;
throw new SignatureException("Exception encoding certificate info object", (global::System.Exception)(object) exception);
}
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(GetSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
/**
* Initialise the signature object for verification.
*
* @param verifierBuilderProvider provider for a content verifier builder for the signature type of interest.
* @param pubKey the public key to use for verification
* @throws PgpException if there's an issue with creating the verifier.
*/
public void InitVerify(IVerifierFactoryProvider <PgpSignatureTypeIdentifier> verifierFactoryProvider)
{
IVerifierFactory <PgpSignatureTypeIdentifier> verifierFactory = verifierFactoryProvider.CreateVerifierFactory(new PgpSignatureTypeIdentifier(sigPack.KeyAlgorithm, sigPack.HashAlgorithm));
lastb = 0;
sigOut = verifierFactory.CreateCalculator();
}
/// <summary>
/// Verify a message with a public key based signature attached.
/// </summary>
/// <param name="verifierFactory">a factory of signature verifiers.</param>
/// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns>
public bool Verify(IVerifierFactory verifierFactory)
{
IStreamCalculator streamCalculator = verifierFactory.CreateCalculator();
IVerifier result = (IVerifier)Process(streamCalculator);
return(result.IsVerified(pkiMessage.Protection.GetBytes()));
}
private static bool verify(IVerifierFactory verifier, AlgorithmIdentifier signatureAlgorithm, byte[] signedData, byte[] signature)
{
IStreamCalculator streamCalculator = verifier.CreateCalculator();
byte[] b = signedData;
streamCalculator.Stream.Write(b, 0, b.Length);
//Platform.Dispose(streamCalculator.Stream);
return(((IVerifier)streamCalculator.GetResult()).IsVerified(signature));
}
public bool Verify(IVerifierFactory verifier)
{
try
{
byte[] derEncoded = reqInfo.GetDerEncoded();
IStreamCalculator streamCalculator = verifier.CreateCalculator();
streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length);
Platform.Dispose(streamCalculator.Stream);
return(((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets()));
}
catch (Exception exception)
{
throw new SignatureException("exception encoding TBS cert request", exception);
}
}
protected virtual void CheckSignature(IVerifierFactory verifier)
{
if (!IsAlgIDEqual(this.c.SignatureAlgorithm, this.c.TbsCertificate.Signature))
{
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
IStreamCalculator calculator = verifier.CreateCalculator();
byte[] tbsCertificate = this.GetTbsCertificate();
calculator.Stream.Write(tbsCertificate, 0, tbsCertificate.Length);
Platform.Dispose(calculator.Stream);
if (!((IVerifier)calculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
protected virtual void CheckSignature(IVerifierFactory verifier)
{
if (!this.c.SignatureAlgorithm.Equals(this.c.TbsCertList.Signature))
{
throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
}
IStreamCalculator calculator = verifier.CreateCalculator();
byte[] tbsCertList = this.GetTbsCertList();
calculator.Stream.Write(tbsCertList, 0, tbsCertList.Length);
Platform.Dispose(calculator.Stream);
if (!((IVerifier)calculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("CRL does not verify with supplied public key.");
}
}
public bool Verify(
IVerifierFactory verifier)
{
try
{
byte[] b = reqInfo.GetDerEncoded();
IStreamCalculator streamCalculator = verifier.CreateCalculator();
streamCalculator.Stream.Write(b, 0, b.Length);
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);
return(((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets()));
}
catch (Exception e)
{
throw new SignatureException("exception encoding TBS cert request", e);
}
}
/*
* verify that the given public key successfully handles and confirms the
* signature associated with this signer.
*/
public bool Verify(
ISignerInformationVerifierProvider verifierProvider)
{
IVerifierFactory <AlgorithmIdentifier> verifierFact = verifierProvider.CreateVerifierFactory(this.SignatureAlgorithmID, this.DigestAlgorithmID);
// Optional, but still need to validate if present
Asn1.Cms.Time signingTime = GetSigningTime();
if (signingTime != null)
{
IDatedVerifierFactory <AlgorithmIdentifier> datedFact = verifierFact as IDatedVerifierFactory <AlgorithmIdentifier>;
if (datedFact != null)
{
if (!datedFact.IsValidAt(signingTime.Date))
{
throw new CmsDatedVerifierNotValidException("verifier not valid at signingTime");
}
}
}
return(doVerify(verifierProvider.IsRawSigner, verifierFact, verifierProvider.CreateDigestFactory(this.DigestAlgorithmID)));
}
protected virtual void CheckSignature(
IVerifierFactory verifier)
{
if (!c.SignatureAlgorithm.Equals(c.TbsCertList.Signature))
{
throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
}
//Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;
IStreamCalculator streamCalculator = verifier.CreateCalculator();
byte[] b = this.GetTbsCertList();
streamCalculator.Stream.Write(b, 0, b.Length);
Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("CRL does not verify with supplied public key.");
}
}
protected virtual void CheckSignature(
IVerifierFactory verifier)
{
if (!IsAlgIDEqual(c.SignatureAlgorithm, c.TbsCertificate.Signature))
{
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
}
Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;
IStreamCalculator streamCalculator = verifier.CreateCalculator();
byte[] b = this.GetTbsCertificate();
streamCalculator.Stream.Write(b, 0, b.Length);
Platform.Dispose(streamCalculator.Stream);
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
private bool doVerify(bool isRawVerifier, IVerifierFactory <AlgorithmIdentifier> verifierFactory, IDigestFactory <AlgorithmIdentifier> digestFactory)
{
IStreamCalculator <IVerifier> contentVerifier = verifierFactory.CreateCalculator();
Stream sigOut = contentVerifier.Stream;
try
{
if (resultDigest == null)
{
IStreamCalculator <IBlockResult> calc = digestFactory.CreateCalculator();
if (content != null)
{
Stream digOut = calc.Stream;
if (signedAttributeSet == null)
{
if (isRawVerifier)
{
content.Write(digOut);
}
else
{
Stream cOut = new TeeOutputStream(digOut, sigOut);
content.Write(cOut);
cOut.Close();
}
}
else
{
content.Write(digOut);
byte[] enc = this.GetEncodedSignedAttributes();
sigOut.Write(enc, 0, enc.Length);
}
digOut.Close();
}
else if (signedAttributeSet != null)
{
byte[] enc = this.GetEncodedSignedAttributes();
sigOut.Write(enc, 0, enc.Length);
}
else
{
// TODO Get rid of this exception and just treat content==null as empty not missing?
throw new CmsException("data not encapsulated in signature - use detached constructor.");
}
resultDigest = calc.GetResult().Collect();
}
else
{
if (signedAttributeSet == null)
{
if (content != null)
{
content.Write(sigOut);
}
}
else
{
byte[] enc = this.GetEncodedSignedAttributes();
sigOut.Write(enc, 0, enc.Length);
}
}
sigOut.Close();
}
catch (Exception e)
{
throw new CmsException("can't process object to create signature.", e);
}
// RFC 3852 11.1 Check the content-type attribute is correct
{
Asn1Object validContentType = GetSingleValuedSignedAttribute(
CmsAttributes.ContentType, "content-type");
if (validContentType == null)
{
if (!isCounterSignature && signedAttributeSet != null)
{
throw new CmsException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
}
}
else
{
if (isCounterSignature)
{
throw new CmsException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
}
if (!(validContentType is DerObjectIdentifier))
{
throw new CmsException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
}
DerObjectIdentifier signedContentType = (DerObjectIdentifier)validContentType;
if (!signedContentType.Equals(contentType))
{
throw new CmsException("content-type attribute value does not match eContentType");
}
}
}
Asn1.Cms.AttributeTable signedAttrTable = this.SignedAttributes;
// RFC 6211 Validate Algorithm Identifier protection attribute if present
{
Asn1.Cms.AttributeTable unsignedAttrTable = this.UnsignedAttributes;
if (unsignedAttrTable != null && unsignedAttrTable.GetAll(CmsAttributes.CmsAlgorithmProtect).Count > 0)
{
throw new CmsException("A cmsAlgorithmProtect attribute MUST be a signed attribute");
}
if (signedAttrTable != null)
{
Asn1EncodableVector protectionAttributes = signedAttrTable.GetAll(CmsAttributes.CmsAlgorithmProtect);
if (protectionAttributes.Count > 1)
{
throw new CmsException("Only one instance of a cmsAlgorithmProtect attribute can be present");
}
if (protectionAttributes.Count > 0)
{
Asn1.Cms.Attribute attr = Asn1.Cms.Attribute.GetInstance(protectionAttributes[0]);
if (attr.AttrValues.Count != 1)
{
throw new CmsException("A cmsAlgorithmProtect attribute MUST contain exactly one value");
}
CmsAlgorithmProtection algorithmProtection = CmsAlgorithmProtection.GetInstance(attr.AttrValues[0]);
if (!CmsUtilities.IsEquivalent(algorithmProtection.DigestAlgorithm, info.DigestAlgorithm))
{
throw new CmsException("CMS Algorithm Identifier Protection check failed for digestAlgorithm");
}
if (!CmsUtilities.IsEquivalent(algorithmProtection.SignatureAlgorithm, info.DigestEncryptionAlgorithm))
{
throw new CmsException("CMS Algorithm Identifier Protection check failed for signatureAlgorithm");
}
}
}
}
// RFC 3852 11.2 Check the message-digest attribute is correct
{
Asn1Encodable validMessageDigest = GetSingleValuedSignedAttribute(
CmsAttributes.MessageDigest, "message-digest");
if (validMessageDigest == null)
{
if (signedAttributeSet != null)
{
throw new CmsException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
}
}
else
{
if (!(validMessageDigest is Asn1OctetString))
{
throw new CmsException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
}
Asn1OctetString signedMessageDigest = (Asn1OctetString)validMessageDigest;
if (!Arrays.ConstantTimeAreEqual(resultDigest, signedMessageDigest.GetOctets()))
{
throw new CmsSignerDigestMismatchException("message-digest attribute value does not match calculated value");
}
}
}
// RFC 3852 11.4 Validate countersignature attribute(s)
{
if (signedAttrTable != null &&
signedAttrTable.GetAll(CmsAttributes.CounterSignature).Count > 0)
{
throw new CmsException("A countersignature attribute MUST NOT be a signed attribute");
}
Asn1.Cms.AttributeTable unsignedAttrTable = this.UnsignedAttributes;
if (unsignedAttrTable != null)
{
Asn1EncodableVector csAttrs = unsignedAttrTable.GetAll(CmsAttributes.CounterSignature);
for (int i = 0; i < csAttrs.Count; ++i)
{
Asn1.Cms.Attribute csAttr = Asn1.Cms.Attribute.GetInstance(csAttrs[i]);
if (csAttr.AttrValues.Count < 1)
{
throw new CmsException("A countersignature attribute MUST contain at least one AttributeValue");
}
// Note: We don't recursively validate the countersignature value
}
}
}
try
{
if (signedAttributeSet == null && resultDigest != null)
{
if (isRawVerifier)
{
if (SignatureAlgorithmID.Algorithm.Equals(PkcsObjectIdentifiers.RsaEncryption))
{
DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.Algorithm, DerNull.Instance), resultDigest);
byte[] data = digInfo.GetEncoded(Asn1Encodable.Der);
sigOut.Write(data, 0, data.Length);
sigOut.Close();
return(contentVerifier.GetResult().IsVerified(this.GetSignature()));
}
sigOut.Write(resultDigest, 0, resultDigest.Length);
sigOut.Close();
return(contentVerifier.GetResult().IsVerified(this.GetSignature()));
}
}
sigOut.Close();
return(contentVerifier.GetResult().IsVerified(this.GetSignature()));
}
catch (IOException e)
{
throw new CmsException("can't process mime object to create signature.", e);
}
}
public bool Verify(
IVerifierFactory verifier)
{
try
{
byte[] b = reqInfo.GetDerEncoded();
IStreamCalculator streamCalculator = verifier.CreateCalculator();
streamCalculator.Stream.Write(b, 0, b.Length);
Platform.Dispose(streamCalculator.Stream);
return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets());
}
catch (Exception e)
{
throw new SignatureException("exception encoding TBS cert request", e);
}
}
/// <summary>
/// Base constructor.
/// </summary>
public PkixDatedVerifierFactory(AlgorithmIdentifier algorithm, IVerifierFactory <IParameters <Algorithm> > baseFactory, X509Certificate certificate)
{
this.algID = algorithm;
this.baseFactory = baseFactory;
this.certificate = certificate;
}
protected virtual void CheckSignature(
IVerifierFactory verifier)
{
if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
{
throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
}
IStreamCalculator streamCalculator = verifier.CreateCalculator();
try
{
byte[] b = this.cert.ACInfo.GetEncoded();
streamCalculator.Stream.Write(b, 0, b.Length);
Platform.Dispose(streamCalculator.Stream);
}
catch (IOException e)
{
throw new SignatureException("Exception encoding certificate info object", e);
}
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
private IVerifierFactory <AlgorithmIdentifier> CreateVerifierFactory(AlgorithmIdentifier algorithm, IVerifierFactory <IParameters <Algorithm> > baseFactory, X509Certificate certificate)
{
if (certificate != null)
{
return(new PkixDatedVerifierFactory(algorithm, baseFactory, certificate));
}
return(new PkixVerifierFactory(algorithm, baseFactory));
}
/// <summary>
/// Base constructor.
/// </summary>
public PkixVerifierFactory(AlgorithmIdentifier algorithm, IVerifierFactory <IParameters <Algorithm> > baseFactory)
{
this.algID = algorithm;
this.baseFactory = baseFactory;
}
public VerifierFactory(PgpSignatureTypeIdentifier algorithmDetails, IVerifierFactory <IParameters <Algorithm> > verifierFactory)
{
this.mAlgorithmDetails = algorithmDetails;
this.verifierFactory = verifierFactory;
}
protected virtual void CheckSignature(
IVerifierFactory verifier)
{
if (!c.SignatureAlgorithm.Equals(c.TbsCertList.Signature))
{
throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
}
Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;
IStreamCalculator streamCalculator = verifier.CreateCalculator();
byte[] b = this.GetTbsCertList();
streamCalculator.Stream.Write(b, 0, b.Length);
Platform.Dispose(streamCalculator.Stream);
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("CRL does not verify with supplied public key.");
}
}
protected virtual void CheckSignature(
IVerifierFactory verifier)
{
if (!IsAlgIDEqual(c.SignatureAlgorithm, c.TbsCertificate.Signature))
throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;
IStreamCalculator streamCalculator = verifier.CreateCalculator();
byte[] b = this.GetTbsCertificate();
streamCalculator.Stream.Write(b, 0, b.Length);
Platform.Dispose(streamCalculator.Stream);
if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
{
throw new InvalidKeyException("Public key presented not for certificate signature");
}
}
