private Attribute MakeSigningCertificateAttribute(SignatureParameters parameters) { try { byte[] certHash = DigestUtilities.CalculateDigest (parameters.DigestAlgorithm.GetName(), parameters.SigningCertificate.GetEncoded()); if (parameters.DigestAlgorithm == DigestAlgorithm.SHA1) { SigningCertificate sc = new SigningCertificate(new EssCertID(certHash)); return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc ))); } else { EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(parameters.DigestAlgorithm .GetOid()), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert } ); return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet (scv2))); } } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (CertificateException e) { throw new RuntimeException(e); } }
public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName) { using (var certificate = _fixture.GetDefaultCertificate()) { var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName); Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value); Assert.Equal(1, attribute.Values.Count); var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData); Assert.Equal(1, signingCertificateV2.Certificates.Count); var essCertIdV2 = signingCertificateV2.Certificates[0]; var expectedHash = SignTestUtility.GetHash(certificate, hashAlgorithmName); SignTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash); Assert.Equal( hashAlgorithmName, CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value)); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); var serialNumber = certificate.GetSerialNumber(); // Convert from little endian to big endian. Array.Reverse(serialNumber); SignTestUtility.VerifyByteArrays( serialNumber, essCertIdV2.IssuerSerial.SerialNumber); } }
private Asn1EncodableVector CreateSignatureAttribute(byte[] dataHashSha256, X509Certificate signingCertificate) { Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector(); signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( attrType: new DerObjectIdentifier(Oid.PKCS9AtContentType), attrValues: new DerSet(new DerObjectIdentifier(Oid.PKCS7IdData)))); // Add PKCS#9 messageDigest signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( attrType: new DerObjectIdentifier(Oid.PKCS9AtMessageDigest), attrValues: new DerSet(new DerOctetString(dataHashSha256)))); // Add PKCS#9 signingTime signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( attrType: new DerObjectIdentifier(Oid.PKCS9AtSigningTime), attrValues: new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow))))); // Add SigningCertificateV2 byte[] certHash = this.ComputeHash(signingCertificate.GetEncoded()); EssCertIDv2 essCert1 = new EssCertIDv2(new AlgorithmIdentifier(new DerObjectIdentifier(Oid.SHA256)), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 }); signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( attrType: new DerObjectIdentifier(Oid.SigningCertificateV2), attrValues: new DerSet(scv2))); return(signedAttributesVector); }
// Sign the message with the private key of the signer. static public byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert, bool detached, bool UsaTSA, string TSAurl, string TSAuser, string TSApass) { try { SHA256Managed hashSha256 = new SHA256Managed(); byte[] certHash = hashSha256.ComputeHash(signerCert.RawData); EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 }); Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(CertHAttribute); Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v); CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp(); var rsa = (RSACryptoServiceProvider)signerCert.PrivateKey; Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(signerCert); cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null); ArrayList certList = new ArrayList(); certList.Add(certCopy); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); cms.AddCertificates(st1); CmsProcessableByteArray file = new CmsProcessableByteArray(msg); //CmsProcessableFile(File); CmsSignedData Firmato = cms.Generate(file, false); //se settato a true, il secondo argomento integra l'intero file byte[] bb = Firmato.GetEncoded(); if (UsaTSA) { CmsSignedData sd = new CmsSignedData(bb); SignerInformationStore signers = sd.GetSignerInfos(); byte[] signature = null; SignerInformation signer = null; foreach (SignerInformation signer_ in signers.GetSigners()) { signer = signer_; break; } signature = signer.GetSignature(); Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass)); signer = SignerInformation.ReplaceUnsignedAttributes(signer, at); IList signerInfos = new ArrayList(); signerInfos.Add(signer); sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos)); bb = sd.GetEncoded(); } return(bb); } catch (Exception ex) { MessageBox.Show(ex.ToString()); return(null); } }
private static void VerifyAttributes( CryptographicAttributeObjectCollection attributes, SignPackageRequest request) { var pkcs9SigningTimeAttributeFound = false; var commitmentTypeIndicationAttributeFound = false; var signingCertificateV2AttributeFound = false; foreach (var attribute in attributes) { Assert.Equal(1, attribute.Values.Count); switch (attribute.Oid.Value) { case "1.2.840.113549.1.9.5": // PKCS #9 signing time Assert.IsType <Pkcs9SigningTime>(attribute.Values[0]); pkcs9SigningTimeAttributeFound = true; break; case Oids.CommitmentTypeIndication: var qualifier = CommitmentTypeQualifier.Read(attribute.Values[0].RawData); var expectedCommitmentType = AttributeUtility.GetSignatureTypeOid(request.SignatureType); Assert.Equal(expectedCommitmentType, qualifier.CommitmentTypeIdentifier.Value); commitmentTypeIndicationAttributeFound = true; break; case Oids.SigningCertificateV2: var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData); Assert.Equal(1, signingCertificateV2.Certificates.Count); var essCertIdV2 = signingCertificateV2.Certificates[0]; Assert.Equal(SignTestUtility.GetHash(request.Certificate, request.SignatureHashAlgorithm), essCertIdV2.CertificateHash); Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(request.Certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifySerialNumber(request.Certificate, essCertIdV2.IssuerSerial); Assert.Null(signingCertificateV2.Policies); signingCertificateV2AttributeFound = true; break; } } Assert.True(pkcs9SigningTimeAttributeFound); Assert.True(commitmentTypeIndicationAttributeFound); Assert.True(signingCertificateV2AttributeFound); }
public TimeStampToken(CmsSignedData signedData) { tsToken = signedData; if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.Count != 1) { throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature."); } IEnumerator enumerator = signers.GetEnumerator(); enumerator.MoveNext(); tsaSignerInfo = (SignerInformation)enumerator.Current; try { CmsProcessable signedContent = tsToken.SignedContent; MemoryStream memoryStream = new MemoryStream(); signedContent.Write(memoryStream); tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(memoryStream.ToArray()))); Org.BouncyCastle.Asn1.Cms.Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate]; if (attribute != null) { SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0])); } else { attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attribute == null) { throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0])); } } catch (CmsException ex) { throw new TspException(ex.Message, ex.InnerException); } }
public TimeStampToken(CmsSignedData signedData) { //IL_0063: Unknown result type (might be due to invalid IL or missing references) //IL_0094: Unknown result type (might be due to invalid IL or missing references) //IL_009a: Expected O, but got Unknown tsToken = signedData; if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } global::System.Collections.ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.get_Count() != 1) { throw new ArgumentException(string.Concat((object)"Time-stamp token signed by ", (object)signers.get_Count(), (object)" signers, but it must contain just the TSA signature.")); } global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signers).GetEnumerator(); enumerator.MoveNext(); tsaSignerInfo = (SignerInformation)enumerator.get_Current(); try { CmsProcessable signedContent = tsToken.SignedContent; MemoryStream val = new MemoryStream(); signedContent.Write((Stream)(object)val); tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(val.ToArray()))); Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate]; if (attribute != null) { SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0])); return; } attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attribute == null) { throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0])); } catch (CmsException ex) { throw new TspException(((global::System.Exception)ex).get_Message(), ((global::System.Exception)ex).get_InnerException()); } }
private void basicSha256Test(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs) { var sInfoGenerator = makeInfoGenerator(privateKey, cert, TspAlgorithms.Sha256, null, null); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( sInfoGenerator, Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256), new DerObjectIdentifier("1.2"), true); tsTokenGen.SetCertificates(certs); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha256, new byte[32], BigInteger.ValueOf(100)); TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed); TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("23"), DateTime.Now); Assert.AreEqual((int)PkiStatus.Granted, tsResp.Status); tsResp = new TimeStampResponse(tsResp.GetEncoded()); TimeStampToken tsToken = tsResp.TimeStampToken; tsToken.Validate(cert); Asn1.Cms.AttributeTable table = tsToken.SignedAttributes; Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificateV2]); Asn1DigestFactory digCalc = Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256); IStreamCalculator calc = digCalc.CreateCalculator(); using (Stream s = calc.Stream) { var crt = cert.GetEncoded(); s.Write(crt, 0, crt.Length); } byte[] certHash = ((SimpleBlockResult)calc.GetResult()).Collect(); SigningCertificateV2 sigCertV2 = SigningCertificateV2.GetInstance(table[PkcsObjectIdentifiers.IdAASigningCertificateV2].AttrValues[0]); Assert.IsTrue(Arrays.AreEqual(certHash, sigCertV2.GetCerts()[0].GetCertHash())); }
/// <summary> /// Método para crear el atributo que contiene la información del certificado empleado para la firma /// </summary> /// <param name="parameters"></param> /// <returns></returns> private BcCms.Attribute MakeSigningCertificateAttribute(SignatureParameters parameters) { X509Certificate certificate = new X509CertificateParser().ReadCertificate(parameters.Certificate.GetRawCertData()); TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( certificate.GetTbsCertificate())); GeneralName gn = new GeneralName(tbs.Issuer); GeneralNames gns = new GeneralNames(gn); IssuerSerial issuerSerial = new IssuerSerial(gns, tbs.SerialNumber); byte[] certHash = DigestUtilities.CalculateDigest(parameters.DigestMethod.Name, certificate.GetEncoded()); var policies = GetPolicyInformation(certificate); if (parameters.DigestMethod == DigestMethod.SHA1) { SigningCertificate sc = null; if (policies != null) { Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerSequence(new EssCertID(certHash, issuerSerial))); v.Add(new DerSequence(policies)); sc = SigningCertificate.GetInstance(new DerSequence(v)); } else { sc = new SigningCertificate(new EssCertID(certHash, issuerSerial)); } return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc))); } else { EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(parameters.DigestMethod .Oid), certHash, issuerSerial); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert }, policies); return(new BcCms.Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet (scv2))); } }
private Attribute MakeSigningCertificateAttribute(SignatureParameters parameters) { byte[] certHash = DigestUtilities.CalculateDigest(Helpers.CmsSignedHelper.Instance.GetDigestAlgName(parameters.DigestAlgorithmOID), parameters.SigningCertificate.GetEncoded()); if (parameters.DigestAlgorithmOID == DigestAlgorithm.SHA1.OID) { SigningCertificate sc = new SigningCertificate(new EssCertID(certHash, new IssuerSerial( new GeneralNames(new GeneralName(parameters.SigningCertificate.IssuerDN)), new DerInteger(parameters.SigningCertificate.SerialNumber)))); //SigningCertificate sc = new SigningCertificate(new EssCertID(certHash)); return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(sc))); } else { EssCertIDv2 essCert = new EssCertIDv2(new AlgorithmIdentifier(new DerObjectIdentifier(parameters.DigestAlgorithmOID)), certHash, new IssuerSerial( new GeneralNames(new GeneralName(parameters.SigningCertificate.IssuerDN)), new DerInteger(parameters.SigningCertificate.SerialNumber))); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert }); return(new Attribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2))); } }
public static byte[] FirmaFileBouncy(byte[] data, X509Certificate2 cert) { try { SHA256Managed hashSha256 = new SHA256Managed(); byte[] certHash = hashSha256.ComputeHash(cert.RawData); EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 }); Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(CertHAttribute); Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v); CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp(); var rsa = (RSACryptoServiceProvider)cert.PrivateKey; Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert); cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null); ArrayList certList = new ArrayList(); certList.Add(certCopy); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); cms.AddCertificates(st1); //mi ricavo il file da firmare CmsSignedData Firmato = cms.Generate(new CmsProcessableByteArray(data), false); CmsSigner cmsSigner = new CmsSigner(cert); cmsSigner.IncludeOption = X509IncludeOption.EndCertOnly; System.Security.Cryptography.Pkcs.ContentInfo contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(Firmato.GetEncoded()); SignedCms signedCms = new SignedCms(); signedCms.Decode(Firmato.GetEncoded()); byte[] ret = signedCms.Encode(); return(ret); } catch { return(null); } }
public void TestBasicSha256() { var sInfoGenerator = makeInfoGenerator(privateKey, cert, TspAlgorithms.Sha256, null, null); TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( sInfoGenerator, Asn1DigestFactory.Get(NistObjectIdentifiers.IdSha256), new DerObjectIdentifier("1.2"), true); tsTokenGen.SetCertificates(certs); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha256, new byte[32]); Assert.IsFalse(request.CertReq); TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed); TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow); tsResp = new TimeStampResponse(tsResp.GetEncoded()); TimeStampToken tsToken = tsResp.TimeStampToken; tsToken.Validate(cert); TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo; AttributeTable table = tsToken.SignedAttributes; var r = table.Get(PkcsObjectIdentifiers.IdAASigningCertificateV2); Assert.NotNull(r); Assert.AreEqual(PkcsObjectIdentifiers.IdAASigningCertificateV2, r.AttrType); var set = r.AttrValues; SigningCertificateV2 sCert = SigningCertificateV2.GetInstance(set[0]); var issSerNum = sCert.GetCerts()[0].IssuerSerial; Assert.AreEqual(cert.SerialNumber, issSerNum.Serial.Value); }
/// <summary> /// Creates the signed attributes. /// </summary> /// <returns>The signed attributes.</returns> /// <param name="docHash">Document hash.</param> /// <param name="signingCert">Signing cert.</param> private static DerSet CreateSignedAttributes(byte[] docHash, X509Certificate signingCert) { Asn1EncodableVector signedAttrs = new Asn1EncodableVector(); signedAttrs.Add(new BCAttribute( PkcsObjectIdentifiers.Pkcs9AtContentType, new DerSet(PkcsObjectIdentifiers.Data) )); signedAttrs.Add(new BCAttribute( PkcsObjectIdentifiers.Pkcs9AtMessageDigest, new DerSet(new DerOctetString(docHash)) )); // IdAASignerCertificateV2 byte[] certHash = CalculateSha256Hash(signingCert.GetEncoded()); GeneralNames issuer = new GeneralNames(new GeneralName(signingCert.IssuerDN)); IssuerSerial issuerSerial = new IssuerSerial(issuer, new DerInteger(signingCert.SerialNumber)); AlgorithmIdentifier algIdentifier = new AlgorithmIdentifier(new DerObjectIdentifier(Sha256Oid)); EssCertIDv2 essCert = new EssCertIDv2(algIdentifier, certHash, issuerSerial); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert }); signedAttrs.Add(new BCAttribute( PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2) )); signedAttrs.Add(new BCAttribute( PkcsObjectIdentifiers.Pkcs9AtSigningTime, new DerSet(new DerUtcTime(System.DateTime.UtcNow)) )); return(new DerSet(signedAttrs)); }
public TimeStampToken( CmsSignedData signedData) { this.tsToken = signedData; if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.Count != 1) { throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature."); } IEnumerator signerEnum = signers.GetEnumerator(); signerEnum.MoveNext(); tsaSignerInfo = (SignerInformation)signerEnum.Current; try { CmsProcessable content = tsToken.SignedContent; MemoryStream bOut = new MemoryStream(); content.Write(bOut); this.tstInfo = new TimeStampTokenInfo( TstInfo.GetInstance( Asn1Object.FromByteArray(bOut.ToArray()))); Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[ PkcsObjectIdentifiers.IdAASigningCertificate]; // if (attr == null) // { // throw new TspValidationException( // "no signing certificate attribute found, time stamp invalid."); // } // // SigningCertificate signCert = SigningCertificate.GetInstance( // attr.AttrValues[0]); // // this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]); if (attr != null) { SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]); this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0])); } else { attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attr == null) { throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]); this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0])); } } catch (CmsException e) { throw new TspException(e.Message, e.InnerException); } }
public byte[] FirmaFileBouncy(string NomeFile, X509Certificate2 cert, bool GiaFirmato, bool UsaTSA, string TSAurl, string TSAuser, string TSApass, out string RisFirma) { try { SHA256Managed hashSha256 = new SHA256Managed(); byte[] certHash = hashSha256.ComputeHash(cert.RawData); EssCertIDv2 essCert1 = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.1"), certHash); SigningCertificateV2 scv2 = new SigningCertificateV2(new EssCertIDv2[] { essCert1 }); Org.BouncyCastle.Asn1.Cms.Attribute CertHAttribute = new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(CertHAttribute); Org.BouncyCastle.Asn1.Cms.AttributeTable AT = new Org.BouncyCastle.Asn1.Cms.AttributeTable(v); CmsSignedDataGenWithRsaCsp cms = new CmsSignedDataGenWithRsaCsp(); var rsa = (RSACryptoServiceProvider)cert.PrivateKey; Org.BouncyCastle.X509.X509Certificate certCopy = DotNetUtilities.FromX509Certificate(cert); cms.MyAddSigner(rsa, certCopy, "1.2.840.113549.1.1.1", "2.16.840.1.101.3.4.2.1", AT, null); ArrayList certList = new ArrayList(); certList.Add(certCopy); Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList); Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP); cms.AddCertificates(st1); //mi ricavo il file da firmare FileInfo FileDaAprire = new FileInfo(NomeFile); /*CmsSignedData Firmato; * if (GiaFirmato) { * CmsSignedData signedData = new CmsSignedData(File.ReadAllBytes(NomeFile)); * if (signedData!=null){ * SignerInformationStore signers = signedData.GetSignerInfos(); * certList.Add(signers.GetSigners()); * //MessageBox.Show(signedData.ContentInfo.GetEncoded().Length.ToString()); * //signedData.ContentInfo.GetEncoded(); * } * certList.Insert(0,certCopy); * CmsProcessableByteArray file = new CmsProcessableByteArray(signedData.ContentInfo.GetEncoded()); * Firmato = cms.Generate(file, true); * } else { * certList.Add(certCopy); * CmsProcessableFile file = new CmsProcessableFile(FileDaAprire); * Firmato = cms.Generate(file, true); * } */ CmsProcessableFile file = new CmsProcessableFile(FileDaAprire); CmsSignedData Firmato = cms.Generate(file, true); byte[] Encoded = Firmato.GetEncoded(); if (UsaTSA) { CmsSignedData sd = new CmsSignedData(Encoded); SignerInformationStore signers = sd.GetSignerInfos(); byte[] signature = null; SignerInformation signer = null; foreach (SignerInformation signer_ in signers.GetSigners()) { signer = signer_; break; } signature = signer.GetSignature(); Org.BouncyCastle.Asn1.Cms.AttributeTable at = new Org.BouncyCastle.Asn1.Cms.AttributeTable(GetTimestamp(signature, TSAurl, TSAuser, TSApass)); signer = SignerInformation.ReplaceUnsignedAttributes(signer, at); IList signerInfos = new ArrayList(); signerInfos.Add(signer); sd = CmsSignedData.ReplaceSigners(sd, new SignerInformationStore(signerInfos)); Encoded = sd.GetEncoded(); } RisFirma = ""; return(Encoded); } catch (Exception ex) { RisFirma = ex.ToString(); return(null); } }
private void ReadInformation() { if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime] != null) { _signingDate = DerUtcTime.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime].AttrValues[0]).ToDateTime().ToLocalTime(); } if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr] != null) { var signerAttr = SignerAttribute.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr].AttrValues[0]); List <string> claimedRoles = new List <string>(); foreach (BcCms.Attribute claimedAttr in signerAttr.ClaimedAttributes) { foreach (var value in claimedAttr.AttrValues) { claimedRoles.Add(DerUtf8String.GetInstance(value).GetString()); } } _signerRoles = claimedRoles; } if (_signerInformation.UnsignedAttributes != null && _signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken] != null) { _timeStamp = new TimeStampToken(new CmsSignedData(_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken].AttrValues[0].GetEncoded())); } // Se leen las contrafirmas var signers = _signerInformation.GetCounterSignatures().GetSigners(); _counterSignatures = new List <SignerInfoNode>(); foreach (var signer in signers) { SignerInfoNode node = new SignerInfoNode((SignerInformation)signer, _sigDocument); _counterSignatures.Add(node); } // Se intenta identificar el certificado empleado para la firma, esto quizás se pueda mejorar byte[] certHash = null; IssuerSerial issuerSerial = null; if (_signerInformation.DigestAlgOid == DigestMethod.SHA1.Oid) { BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate]; SigningCertificate sc = SigningCertificate.GetInstance(attr.AttrValues[0]); EssCertID ecid = sc.GetCerts()[0]; issuerSerial = ecid.IssuerSerial; certHash = ecid.GetCertHash(); } else { BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; SigningCertificateV2 sc2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]); EssCertIDv2 ecid = sc2.GetCerts()[0]; issuerSerial = ecid.IssuerSerial; certHash = ecid.GetCertHash(); } DigestMethod digestMethod = DigestMethod.GetByOid(_signerInformation.DigestAlgOid); foreach (X509CertificateStructure cs in _sigDocument.Certificates) { if (issuerSerial == null || cs.TbsCertificate.SerialNumber.Equals(issuerSerial.Serial)) { byte[] currentCertHash = digestMethod.CalculateDigest(cs.GetEncoded()); if (certHash.SequenceEqual(currentCertHash)) { _certificate = new X509Certificate(cs); break; } } } }
public string SignWithCMS(String serializedJson) { byte[] data = Encoding.UTF8.GetBytes(serializedJson); Pkcs11InteropFactories factories = new Pkcs11InteropFactories(); using (IPkcs11Library pkcs11Library = factories.Pkcs11LibraryFactory.LoadPkcs11Library(factories, DllLibPath, AppType.MultiThreaded)) { ISlot slot = pkcs11Library.GetSlotList(SlotsType.WithTokenPresent).FirstOrDefault(); if (slot is null) { return("No slots found"); } ITokenInfo tokenInfo = slot.GetTokenInfo(); ISlotInfo slotInfo = slot.GetSlotInfo(); using (var session = slot.OpenSession(SessionType.ReadWrite)) { session.Login(CKU.CKU_USER, Encoding.UTF8.GetBytes(TokenPin)); var certificateSearchAttributes = new List <IObjectAttribute>() { session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509) }; IObjectHandle certificate = session.FindAllObjects(certificateSearchAttributes).FirstOrDefault(); if (certificate is null) { return("Certificate not found"); } X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.MaxAllowed); // find cert by thumbprint var foundCerts = store.Certificates.Find(X509FindType.FindByIssuerName, TokenCertificate, false); //var foundCerts = store.Certificates.Find(X509FindType.FindBySerialNumber, "2b1cdda84ace68813284519b5fb540c2", true); if (foundCerts.Count == 0) { return("no device detected"); } var certForSigning = foundCerts[0]; store.Close(); ContentInfo content = new ContentInfo(new Oid("1.2.840.113549.1.7.5"), data); SignedCms cms = new SignedCms(content, true); EssCertIDv2 bouncyCertificate = new EssCertIDv2(new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47")), this.HashBytes(certForSigning.RawData)); SigningCertificateV2 signerCertificateV2 = new SigningCertificateV2(new EssCertIDv2[] { bouncyCertificate }); CmsSigner signer = new CmsSigner(certForSigning); signer.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1"); signer.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.UtcNow)); signer.SignedAttributes.Add(new AsnEncodedData(new Oid("1.2.840.113549.1.9.16.2.47"), signerCertificateV2.GetEncoded())); cms.ComputeSignature(signer); var output = cms.Encode(); return(Convert.ToBase64String(output)); } } }
private CmsSignedData GenerateTimestamp( TimeStampRequest request, BigInteger serialNumber, DateTime generalizedTime) { var messageImprint = new MessageImprint( new AlgorithmIdentifier( new DerObjectIdentifier(request.MessageImprintAlgOid)), request.GetMessageImprintDigest()); DerInteger nonce = request.Nonce == null ? null : new DerInteger(request.Nonce); var tstInfo = new TstInfo( new DerObjectIdentifier(_options.Policy.Value), messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(generalizedTime), _options.Accuracy, DerBoolean.False, nonce, tsa: null, extensions: null); var content = new CmsProcessableByteArray(tstInfo.GetEncoded()); var signedAttributes = new Asn1EncodableVector(); var certificateBytes = new Lazy <byte[]>(() => Certificate.GetEncoded()); if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V1)) { byte[] hash = _options.SigningCertificateV1Hash ?? DigestUtilities.CalculateDigest("SHA-1", certificateBytes.Value); var signingCertificate = new SigningCertificate(new EssCertID(hash)); var attributeValue = new DerSet(signingCertificate); var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificate, attributeValue); signedAttributes.Add(attribute); } if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V2)) { byte[] hash = DigestUtilities.CalculateDigest("SHA-256", certificateBytes.Value); var signingCertificateV2 = new SigningCertificateV2(new EssCertIDv2(hash)); var attributeValue = new DerSet(signingCertificateV2); var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, attributeValue); signedAttributes.Add(attribute); } var generator = new CmsSignedDataGenerator(); if (_options.ReturnSigningCertificate) { var certificates = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(new[] { Certificate })); generator.AddCertificates(certificates); } generator.AddSigner( _keyPair.Private, Certificate, _options.SignatureHashAlgorithm.Value, new BcAttributeTable(signedAttributes), new BcAttributeTable(DerSet.Empty)); CmsSignedData signedCms = generator.Generate( PkcsObjectIdentifiers.IdCTTstInfo.Id, content, encapsulate: true); return(signedCms); }
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert, String digestAlgorithmName, byte[] datos, AdESPolicy policy, bool signingCertificateV2, byte[] messageDigest, DateTime signDate, bool padesMode, String contentType, String contentDescription) { // ALGORITMO DE HUELLA DIGITAL AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName)); // // ATRIBUTOS // authenticatedAttributes Asn1EncodableVector contexExpecific = InitContexExpecific( digestAlgorithmName, datos, Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id, messageDigest, signDate, padesMode ); // Serial Number // comentar lo de abajo para version del rfc 3852 if (signingCertificateV2) { // INICIO SINGING CERTIFICATE-V2 /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber */ TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray( cert.GetRawCertData()))).GetTbsCertificate())); GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer)); IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber); /** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier * DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial * IssuerSerial OPTIONAL } * Hash ::= OCTET STRING */ byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName); EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) }; /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ SigningCertificateV2 scv2; if (policy.GetPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica } else { scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica } // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2))); // FIN SINGING CERTIFICATE-V2 } else { // INICIO SINGNING CERTIFICATE /** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber * CertificateSerialNumber } */ TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray( new Org.BouncyCastle.X509.X509Certificate( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray( cert.GetRawCertData()))).GetTbsCertificate())); GeneralName gn = new GeneralName(tbs.Issuer); GeneralNames gns = new GeneralNames(gn); IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber); /** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial * OPTIONAL } * Hash ::= OCTET STRING -- SHA1 hash of entire certificate */ byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName); EssCertID essCertID = new EssCertID(certHash, isuerSerial); /** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo * OPTIONAL } * CertPolicyId ::= OBJECT IDENTIFIER * PolicyQualifierInfo ::= SEQUENCE { policyQualifierId * PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ SigningCertificate scv; if (policy.GetPolicyIdentifier() != null) { /** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF * ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL * } */ /* * HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY * CASTLE NO TIENE DICHO CONSTRUCTOR. */ Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerSequence(essCertID)); v.Add(new DerSequence(GetPolicyInformation(policy))); scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica } else { scv = new SigningCertificate(essCertID); // Sin politica } /** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) * member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) * id-aa(2) 12 } */ // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv))); } // INICIO SIGPOLICYID ATTRIBUTE if (policy.GetPolicyIdentifier() != null) { /** * SigPolicyId ::= OBJECT IDENTIFIER Politica de firma. */ DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", "")); /** * OtherHashAlgAndValue ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * hashValue OCTET STRING } * */ // Algoritmo para el hash AlgorithmIdentifier hashid; // si tenemos algoritmo de calculo de hash, lo ponemos if (policy.GetPolicyIdentifierHashAlgorithm() != null) { hashid = SigUtils.MakeAlgId( AOAlgorithmID.GetOID( AOSignConstants.GetDigestAlgorithmName( policy.GetPolicyIdentifierHashAlgorithm()))); } // si no tenemos, ponemos el algoritmo de firma. else { hashid = digestAlgorithmOID; } // hash del documento, descifrado en b64 byte[] hashed; if (policy.GetPolicyIdentifierHash() != null) { hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash()); } else { hashed = new byte[] { 0 }; } DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed); /** * SigPolicyQualifierInfo ::= SEQUENCE { * SigPolicyQualifierId SigPolicyQualifierId, * SigQualifier ANY DEFINED BY policyQualifierId } */ AOSigPolicyQualifierInfo spqInfo = null; if (policy.GetPolicyQualifier() != null) { spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString()); } /** * SignaturePolicyId ::= SEQUENCE { * sigPolicyId SigPolicyId, * sigPolicyHash SigPolicyHash, * sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF * AOSigPolicyQualifierInfo OPTIONAL} * */ Asn1EncodableVector v = new Asn1EncodableVector(); // sigPolicyId v.Add(doiSigPolicyId); // sigPolicyHash v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence // sigPolicyQualifiers if (spqInfo != null) { v.Add(spqInfo.toASN1Primitive()); } DerSequence ds = new DerSequence(v); // Secuencia con singningCertificate contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object()))); // FIN SIGPOLICYID ATTRIBUTE } /** * Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES. * * ContentHints ::= SEQUENCE { * contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, * contentType ContentType } */ if (contentType != null && !padesMode) { ContentHints contentHints; if (contentDescription != null) { contentHints = new ContentHints(new DerObjectIdentifier(contentType), new DerUtf8String(contentDescription)); } else { contentHints = new ContentHints(new DerObjectIdentifier(contentType)); } contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute( Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint, new DerSet(contentHints.ToAsn1Object()))); } return(contexExpecific); }