private void SignManigestFile(PassGeneratorRequest request)
{
X509Certificate2 card = GetCertificate(request);
if (card == null)
{
throw new FileNotFoundException("Certificate could not be found. Please ensure the thumbprint and cert location values are correct.");
}
try
{
Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(card);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = DotNetUtilities.GetKeyPair(card.PrivateKey).Private;
X509Certificate2 appleCA = GetAppleCertificate(request);
Org.BouncyCastle.X509.X509Certificate appleCert = DotNetUtilities.FromX509Certificate(appleCA);
ArrayList intermediateCerts = new ArrayList();
intermediateCerts.Add(appleCert);
intermediateCerts.Add(cert);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(intermediateCerts);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(privateKey, cert, CmsSignedDataGenerator.DigestSha1);
generator.AddCertificates(st1);
CmsProcessable content = new CmsProcessableByteArray(manifestFile);
CmsSignedData signedData = generator.Generate(content, false);
signatureFile = signedData.GetEncoded();
}
catch (Exception exp)
{
throw new ManifestSigningException("Failed to sign manifest", exp);
}
}
/// <summary>
/// Get a signature block that java will load a JAR with
/// </summary>
/// <param name="sfFileData">The data to sign</param>
/// <returns>The signature block (including certificate) for the data passed in</returns>
private byte[] SignIt(byte[] sfFileData)
{
AsymmetricKeyParameter privateKey = null;
var cert = LoadCert(_pemData, out privateKey);
//create things needed to make the CmsSignedDataGenerator work
var certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(new List <X509Certificate>()
{
cert
}));
CmsSignedDataGenerator dataGen = new CmsSignedDataGenerator();
dataGen.AddCertificates(certStore);
dataGen.AddSigner(privateKey, cert, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha256);
//content is detached- i.e. not included in the signature block itself
CmsProcessableByteArray detachedContent = new CmsProcessableByteArray(sfFileData);
var signedContent = dataGen.Generate(detachedContent, false);
//do lots of stuff to get things in the proper ASN.1 structure for java to parse it properly. much trial and error.
var signerInfos = signedContent.GetSignerInfos();
var signer = signerInfos.GetSigners().Cast <SignerInformation>().First();
SignerInfo signerInfo = signer.ToSignerInfo();
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier("2.16.840.1.101.3.4.2.1"), DerNull.Instance));
ContentInfo encapContentInfo = new ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.1"), null);
Asn1EncodableVector asnVector = new Asn1EncodableVector();
asnVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
Asn1EncodableVector signersVector = new Asn1EncodableVector();
signersVector.Add(signerInfo.ToAsn1Object());
SignedData signedData = new SignedData(new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(asnVector), null, new DerSet(signersVector));
ContentInfo contentInfo = new ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.2"), signedData);
return(contentInfo.GetDerEncoded());
}
protected void SignDetached(Stream signed, Stream unsigned, BC::Crypto.AsymmetricCipherKeyPair bcKeyPair, byte[] keyId)
{
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Information, 0, "Signing the message in name of {0}", Convert.ToBase64String(keyId));
#else
logger.LogInformation("Signing the message in name of {0}", Convert.ToBase64String(keyId));
#endif
SignatureAlgorithm signAlgo = EteeActiveConfig.Seal.NativeSignatureAlgorithm;
var sigFactory = new Asn1SignatureFactory(signAlgo.Algorithm.FriendlyName, bcKeyPair.Private);
SignerInfoGenerator sigInfoGen = new SignerInfoGeneratorBuilder()
.Build(sigFactory, keyId);
CmsSignedDataGenerator cmsSignedDataGen = new CmsSignedDataGenerator();
cmsSignedDataGen.AddSignerInfoGenerator(sigInfoGen);
CmsSignedData detachedSignature = cmsSignedDataGen.Generate(new CmsProcessableProxy(unsigned), false);
byte[] detachedSignatureBytes = detachedSignature.GetEncoded();
signed.Write(detachedSignatureBytes, 0, detachedSignatureBytes.Length);
}
/// <summary>
/// Generates the signed cms data.
/// </summary>
/// <returns>The signed cms data.</returns>
/// <param name="signingData">Signing data.</param>
/// <param name="signerCert">Signer certificate/</param>
/// <param name="privateKey">Signer private key.</param>
private static byte[] GenerateSignedCmsData(DerSet signingData, X509Certificate signerCert, AsymmetricKeyParameter privateKey)
{
CmsSignedDataGenerator cmsDataGenerator = new CmsSignedDataGenerator();
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(new X509Certificate[] { signerCert }));
cmsDataGenerator.AddCertificates(x509Certs);
Org.BouncyCastle.Asn1.Cms.AttributeTable attTable = new Org.BouncyCastle.Asn1.Cms.AttributeTable(signingData);
cmsDataGenerator.AddSigner(
privateKey,
signerCert,
SignerUtilities.GetObjectIdentifier(Sha256WithRsa).Id,
Sha256Oid,
new SimpleAttributeTableGenerator(attTable),
null);
CmsSignedData detachedSignedData = cmsDataGenerator.Generate(null, false);
return(detachedSignedData.GetEncoded());
}
public byte[] GetSignedCms(Stream rangedStream)
{
rangedStream.Position = 0;
CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator();
var cert = DotNetUtilities.FromX509Certificate(Certificate);
var key = DotNetUtilities.GetKeyPair(Certificate.PrivateKey);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(new[] { cert }));
signedDataGenerator.AddSigner(key.Private, cert, CmsSignedDataGenerator.DigestSha1);
signedDataGenerator.AddCertificates(x509Certs);
CmsProcessableInputStream msg = new CmsProcessableInputStream(rangedStream);
CmsSignedData signedData = signedDataGenerator.Generate(msg, false);
return(signedData.GetEncoded());
}
// https://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/cms/CMSSignedDataGenerator.html
private void SignInternal(
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate
, byte[] data)
{
// https://stackoverflow.com/questions/3240222/get-private-key-from-bouncycastle-x509-certificate-c-sharp
// Org.BouncyCastle.X509.X509Certificate c = FromX509Certificate(certificate);
//var algorithm = LumiSoft.Net.X509.DigestAlgorithms.GetDigest(c.SigAlgOid);
//var signature = new LumiSoft.Net.X509.X509Certificate2Signature(this.m_certificate, algorithm);
//signature.Sign(data);
CmsProcessable msg = new Org.BouncyCastle.Cms.CmsProcessableByteArray(data);
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom();
Org.BouncyCastle.X509.X509Certificate c = FromX509Certificate(certificate);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair issuerKeys = GetKeyPair(certificate.PrivateKey);
string signatureAlgo = certificate.PrivateKey is RSA ? "SHA1withRSA" : certificate.PrivateKey is DSA ? "SHA1withDSA" : null;
// var sha1Signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA1withRSA");
// https://stackoverflow.com/questions/3240222/get-private-key-from-bouncycastle-x509-certificate-c-sharp
// https://stackoverflow.com/questions/36712679/bouncy-castles-x509v3certificategenerator-setsignaturealgorithm-marked-obsolete
Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory =
new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory
(signatureAlgo, issuerKeys.Private, random);
// gen.AddCertificates(certs);
gen.AddSignerInfoGenerator(new SignerInfoGeneratorBuilder()
.Build(signatureFactory, c)
);
this.m_signedData = gen.Generate(msg, false);
}
public static byte[] SignCHUIDByRandomKeyPair(IEnumerable <byte> value)
{
var keyPair = new RSAKeyPairGeneratorBC(1024).Generate();
var certificateGenerator = new X509CertificateGeneratorBC();
certificateGenerator.SetIssuerDN("CN=ONVIF TT, C=US");
certificateGenerator.SetSubjectDN("CN=ONVIF TT, C=US");
certificateGenerator.SetNotValidBefore(DateTime.UtcNow.AddYears(-1));
certificateGenerator.SetNotValidAfter(DateTime.UtcNow.AddYears(1));
certificateGenerator.SetSerialNumber();
certificateGenerator.SetSignatureAlgorithm("SHA1WithRSAEncryption");
certificateGenerator.SetPublicKey(keyPair.PublicKey);
var generator = new CmsSignedDataGenerator();
generator.AddSigner(PrivateKeyFactory.CreateKey(keyPair.PrivateKey),
certificateGenerator.Generate(keyPair.PrivateKey).GetEncoded(),
CmsSignedDataGenerator.DigestSha1);
return(generator.Generate(new CmsProcessableByteArray(value.ToArray())).GetEncoded());
}
/// <summary>
/// Returns a new PKCS#7 instance containing certificates and (optionally CRLs)
/// </summary>
/// <param name="CertificateList">The certificate list.</param>
/// <param name="CrlList">The CRL list.</param>
/// <returns>
/// PKCS#7 instance
/// </returns>
/// <exception cref="System.ArgumentException">No input</exception>
public static CmsSignedData Create(ArrayList CertificateList, ArrayList CrlList)
{
if ((CertificateList == null) && (CrlList == null))
{
throw new ArgumentException("No input");
}
CmsSignedDataGenerator p7Gen = new CmsSignedDataGenerator();
IX509Store certs = X509StoreFactory.Create("CERTIFICATE/COLLECTION", new X509CollectionStoreParameters(CertificateList));
p7Gen.AddCertificates(certs);
// If CRL is required
if (CrlList != null)
{
IX509Store crls = X509StoreFactory.Create("CRL/COLLECTION", new X509CollectionStoreParameters(CrlList));
p7Gen.AddCrls(crls);
}
return(p7Gen.Generate(null));
}
/// <summary>
/// 我也不晓得这个叫什么
/// </summary>
/// <param name="orgData"></param>
/// <returns></returns>
public static string SignEnvelop(string orgData)
{
Pkcs12StoreBuilder pkcs12StoreBuilder = new Pkcs12StoreBuilder();
var pkcs12Store = pkcs12StoreBuilder.Build();
pkcs12Store.Load(File.OpenRead(PfxPath), pfxPwd.ToCharArray());
IEnumerable aliases = pkcs12Store.Aliases;
var enumerator = aliases.GetEnumerator();
enumerator.MoveNext();
var alias = enumerator.Current.ToString();
var privKey = pkcs12Store.GetKey(alias);
var x509Cert = pkcs12Store.GetCertificate(alias).Certificate;
var sha1Signer = SignerUtilities.GetSigner("SHA1withRSA");
sha1Signer.Init(true, privKey.Key);
var bs = Encoding.UTF8.GetBytes(orgData);
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
gen.AddSignerInfoGenerator(
new SignerInfoGeneratorBuilder().Build(new Asn1SignatureFactory("SHA1withRSA", privKey.Key), x509Cert));
IList certList = new ArrayList();
certList.Add(x509Cert);
gen.AddCertificates(X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(certList)));
var msg = new CmsProcessableByteArray(bs);
var sigData = gen.Generate(msg, true);
var signData = sigData.GetEncoded();
var certificate = DotNetUtilities.FromX509Certificate(new SystemX509.X509Certificate(CertPath));
var rst = Convert.ToBase64String(EncryptEnvelop(certificate, signData));
return(rst);
}
private byte[] SignWithCertificate(byte[] bytesToSign)
{
var generator = new CmsSignedDataGenerator();
var privKey = _gatewayKeyProvider.SigningPrivateKey;
var certificate = _gatewayKeyProvider.SigningCertificate;
var certificates = new List <Org.BouncyCastle.X509.X509Certificate>();
certificates.Add(certificate);
var storeParameters = new X509CollectionStoreParameters(certificates);
IX509Store store = X509StoreFactory.Create("Certificate/Collection", storeParameters);
generator.AddSigner(privKey, certificate, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256);
generator.AddCertificates(store);
var message = new CmsProcessableByteArray(bytesToSign);
CmsSignedData signedData = generator.Generate(message, false);
return(signedData.GetEncoded());
}
public byte[] Sign(Stream data)
{
CmsProcessable msg = new CmsProcessableInputStream(data);
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
SignerInfoGenerator signerInfoGenerator = new SignerInfoGeneratorBuilder()
.WithSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator())
.Build(signatureFactory, x509Certificate);
gen.AddSignerInfoGenerator(signerInfoGenerator);
X509CollectionStoreParameters collectionStoreParameters = new X509CollectionStoreParameters(new List <X509Certificate> {
x509Certificate
});
IX509Store collectionStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", collectionStoreParameters);
gen.AddCertificates(collectionStore);
CmsSignedData sigData = gen.Generate(msg, false);
return(sigData.GetEncoded());
}
public static byte[] SignBC(string text, X509Certificate2 cert)
{
Org.BouncyCastle.X509.X509Certificate cert2 = DotNetUtilities.FromX509Certificate(cert);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter K = DotNetUtilities.GetKeyPair(cert.PrivateKey).Private;
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(K, cert2, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha256);
List <Org.BouncyCastle.X509.X509Certificate> certList = new List <Org.BouncyCastle.X509.X509Certificate>();
certList.Add(cert2);
Org.BouncyCastle.X509.Store.X509CollectionStoreParameters PP = new Org.BouncyCastle.X509.Store.X509CollectionStoreParameters(certList);
Org.BouncyCastle.X509.Store.IX509Store st1 = Org.BouncyCastle.X509.Store.X509StoreFactory.Create("CERTIFICATE/COLLECTION", PP);
generator.AddCertificates(st1);
byte[] data = Encoding.UTF8.GetBytes(text);
CmsSignedData signedData = generator.Generate(new CmsProcessableByteArray(data), true);
return(signedData.GetEncoded());
}
public Document GetSignedDocument(Document document, SignatureParameters parameters, byte[] signatureValue)
{
if (document is null)
{
throw new ArgumentNullException(nameof(document));
}
if (parameters is null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (parameters.SignaturePackaging
!= SignaturePackaging.ENVELOPING && parameters.SignaturePackaging != SignaturePackaging.DETACHED)
{
throw new ArgumentException("Unsupported signature packaging " + parameters.SignaturePackaging);
}
CmsSignedDataGenerator generator = CreateCMSSignedDataGenerator(parameters, GetSigningProfile(parameters), true, null, signatureValue);
byte[] toBeSigned = Streams.ReadAll(document.OpenStream());
CmsProcessableByteArray content = new CmsProcessableByteArray(toBeSigned);
bool includeContent = true;
if (parameters.SignaturePackaging == SignaturePackaging.DETACHED)
{
includeContent = false;
}
CmsSignedData data = generator.Generate(content, includeContent);
CAdESSignatureExtension extension = GetExtensionProfile(parameters);
Document signedDocument = new CMSSignedDocument(data);
if (extension != null)
{
signedDocument = extension.ExtendSignatures(signedDocument, document, parameters);
}
return(signedDocument);
}
private static string Cms(string data)
{
var requestBytes = Encoding.UTF8.GetBytes(data);
var typedData = new CmsProcessableByteArray(requestBytes);
var gen = new CmsSignedDataGenerator();
var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder();
var attrs = GetSigningParameters();
var parameters = new DefaultSignedAttributeTableGenerator(attrs);
signerInfoGeneratorBuilder.WithSignedAttributeGenerator(parameters);
var factory = new Asn1SignatureFactory(SingingAlgorithm, GetKey());
var bcCertificate = GetBankCertificate();
gen.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(factory, bcCertificate));
gen.AddCertificates(MakeCertStore(bcCertificate));
var signed = gen.Generate(typedData, false);
var signedBytes = signed.GetEncoded();
return(Convert.ToBase64String(signedBytes));
}
private CmsSignedData GenerateTimestamp(
TimeStampRequest request,
BigInteger serialNumber,
DateTime generalizedTime)
{
var messageImprint = new MessageImprint(
new AlgorithmIdentifier(
new DerObjectIdentifier(request.MessageImprintAlgOid)), request.GetMessageImprintDigest());
DerInteger nonce = request.Nonce == null ? null : new DerInteger(request.Nonce);
var tstInfo = new TstInfo(
new DerObjectIdentifier(_options.Policy.Value),
messageImprint,
new DerInteger(serialNumber),
new DerGeneralizedTime(generalizedTime),
_options.Accuracy,
DerBoolean.False,
nonce,
tsa: null,
extensions: null);
var content = new CmsProcessableByteArray(tstInfo.GetEncoded());
var signedAttributes = new Asn1EncodableVector();
var certificateBytes = new Lazy <byte[]>(() => Certificate.GetEncoded());
if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V1))
{
byte[] hash = _options.SigningCertificateV1Hash ?? DigestUtilities.CalculateDigest("SHA-1", certificateBytes.Value);
var signingCertificate = new SigningCertificate(new EssCertID(hash));
var attributeValue = new DerSet(signingCertificate);
var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificate, attributeValue);
signedAttributes.Add(attribute);
}
if (_options.SigningCertificateUsage.HasFlag(SigningCertificateUsage.V2))
{
byte[] hash = DigestUtilities.CalculateDigest("SHA-256", certificateBytes.Value);
var signingCertificateV2 = new SigningCertificateV2(new EssCertIDv2(hash));
var attributeValue = new DerSet(signingCertificateV2);
var attribute = new BcAttribute(PkcsObjectIdentifiers.IdAASigningCertificateV2, attributeValue);
signedAttributes.Add(attribute);
}
var generator = new CmsSignedDataGenerator();
if (_options.ReturnSigningCertificate)
{
var certificates = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(new[] { Certificate }));
generator.AddCertificates(certificates);
}
generator.AddSigner(
_keyPair.Private,
Certificate,
_options.SignatureHashAlgorithm.Value,
new BcAttributeTable(signedAttributes),
new BcAttributeTable(DerSet.Empty));
CmsSignedData signedCms = generator.Generate(
PkcsObjectIdentifiers.IdCTTstInfo.Id,
content,
encapsulate: true);
return(signedCms);
}
public TimeStampToken Generate(
TimeStampRequest request,
BigInteger serialNumber,
DateTime genTime, X509Extensions additionalExtensions)
{
DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid);
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(algID, request.GetMessageImprintDigest());
Accuracy accuracy = null;
if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
{
DerInteger seconds = null;
if (accuracySeconds > 0)
{
seconds = new DerInteger(accuracySeconds);
}
DerInteger millis = null;
if (accuracyMillis > 0)
{
millis = new DerInteger(accuracyMillis);
}
DerInteger micros = null;
if (accuracyMicros > 0)
{
micros = new DerInteger(accuracyMicros);
}
accuracy = new Accuracy(seconds, millis, micros);
}
DerBoolean derOrdering = null;
if (ordering)
{
derOrdering = DerBoolean.GetInstance(ordering);
}
DerInteger nonce = null;
if (request.Nonce != null)
{
nonce = new DerInteger(request.Nonce);
}
DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID);
if (request.ReqPolicy != null)
{
tsaPolicy = new DerObjectIdentifier(request.ReqPolicy);
}
X509Extensions respExtensions = request.Extensions;
if (additionalExtensions != null)
{
X509ExtensionsGenerator extGen = new X509ExtensionsGenerator();
if (respExtensions != null)
{
foreach (object oid in respExtensions.ExtensionOids)
{
DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid);
extGen.AddExtension(id, respExtensions.GetExtension(DerObjectIdentifier.GetInstance(id)));
}
}
foreach (object oid in additionalExtensions.ExtensionOids)
{
DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid);
extGen.AddExtension(id, additionalExtensions.GetExtension(DerObjectIdentifier.GetInstance(id)));
}
respExtensions = extGen.Generate();
}
DerGeneralizedTime generalizedTime;
if (resolution != Resolution.R_SECONDS)
{
generalizedTime = new DerGeneralizedTime(createGeneralizedTime(genTime));
}
else
{
generalizedTime = new DerGeneralizedTime(genTime);
}
TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint,
new DerInteger(serialNumber), generalizedTime, accuracy,
derOrdering, nonce, tsa, respExtensions);
try
{
CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator();
byte[] derEncodedTstInfo = tstInfo.GetDerEncoded();
if (request.CertReq)
{
signedDataGenerator.AddCertificates(x509Certs);
}
signedDataGenerator.AddCrls(x509Crls);
signedDataGenerator.AddSignerInfoGenerator(signerInfoGenerator);
CmsSignedData signedData = signedDataGenerator.Generate(
PkcsObjectIdentifiers.IdCTTstInfo.Id,
new CmsProcessableByteArray(derEncodedTstInfo),
true);
return(new TimeStampToken(signedData));
}
catch (CmsException cmsEx)
{
throw new TspException("Error generating time-stamp token", cmsEx);
}
catch (IOException e)
{
throw new TspException("Exception encoding info", e);
}
catch (X509StoreException e)
{
throw new TspException("Exception handling CertStore", e);
}
// catch (InvalidAlgorithmParameterException e)
// {
// throw new TspException("Exception handling CertStore CRLs", e);
// }
}
public TimeStampToken Generate(TimeStampRequest request, BigInteger serialNumber, DateTime genTime)
{
DerObjectIdentifier objectID = new DerObjectIdentifier(request.MessageImprintAlgOid);
AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(objectID, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(hashAlgorithm, request.GetMessageImprintDigest());
Accuracy accuracy = null;
if (this.accuracySeconds > 0 || this.accuracyMillis > 0 || this.accuracyMicros > 0)
{
DerInteger seconds = null;
if (this.accuracySeconds > 0)
{
seconds = new DerInteger(this.accuracySeconds);
}
DerInteger millis = null;
if (this.accuracyMillis > 0)
{
millis = new DerInteger(this.accuracyMillis);
}
DerInteger micros = null;
if (this.accuracyMicros > 0)
{
micros = new DerInteger(this.accuracyMicros);
}
accuracy = new Accuracy(seconds, millis, micros);
}
DerBoolean derBoolean = null;
if (this.ordering)
{
derBoolean = DerBoolean.GetInstance(this.ordering);
}
DerInteger nonce = null;
if (request.Nonce != null)
{
nonce = new DerInteger(request.Nonce);
}
DerObjectIdentifier tsaPolicyId = new DerObjectIdentifier(this.tsaPolicyOID);
if (request.ReqPolicy != null)
{
tsaPolicyId = new DerObjectIdentifier(request.ReqPolicy);
}
TstInfo tstInfo = new TstInfo(tsaPolicyId, messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy, derBoolean, nonce, this.tsa, request.Extensions);
TimeStampToken result;
try
{
CmsSignedDataGenerator cmsSignedDataGenerator = new CmsSignedDataGenerator();
byte[] derEncoded = tstInfo.GetDerEncoded();
if (request.CertReq)
{
cmsSignedDataGenerator.AddCertificates(this.x509Certs);
}
cmsSignedDataGenerator.AddCrls(this.x509Crls);
cmsSignedDataGenerator.AddSigner(this.key, this.cert, this.digestOID, this.signedAttr, this.unsignedAttr);
CmsSignedData signedData = cmsSignedDataGenerator.Generate(PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncoded), true);
result = new TimeStampToken(signedData);
}
catch (CmsException e)
{
throw new TspException("Error generating time-stamp token", e);
}
catch (IOException e2)
{
throw new TspException("Exception encoding info", e2);
}
catch (X509StoreException e3)
{
throw new TspException("Exception handling CertStore", e3);
}
return(result);
}
/// <exception cref="System.IO.IOException"></exception>
//private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ContentSigner contentSigner
// , DigestCalculatorProvider digestCalculatorProvider, SignatureParameters parameters
// , CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData
// )
private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISigner signer
, SignatureParameters parameters, CAdESProfileBES cadesProfile
, bool includeUnsignedAttributes, CmsSignedData originalSignedData
)
{
try
{
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
X509Certificate signerCertificate = parameters.SigningCertificate;
//X509CertificateHolder certHolder = new X509CertificateHolder(signerCertificate.GetEncoded());
ArrayList certList = new ArrayList();
certList.Add(signerCertificate);
IX509Store certHolder = X509StoreFactory.Create("CERTIFICATE/COLLECTION",
new X509CollectionStoreParameters(certList));
//jbonilla - El provider siempre es BC C#
//SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder
// (digestCalculatorProvider);
CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator
(new AttributeTable(cadesProfile.GetSignedAttributes(parameters)));
CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator
((includeUnsignedAttributes) ? new AttributeTable(cadesProfile.GetUnsignedAttributes
(parameters)) : null);
//jbonilla - No existe ContentSigner en BC C#
//SignerInfoGenerator sigInfoGen = sigInfoGeneratorBuilder.Build(contentSigner, certHolder);
//generator.AddSignerInfoGenerator(sigInfoGen);
generator.SignerProvider = signer;
generator.AddSigner(new NullPrivateKey(), signerCertificate, parameters.SignatureAlgorithm.GetOid()
, parameters.DigestAlgorithm.GetOid(), signedAttrGen, unsignedAttrGen);
if (originalSignedData != null)
{
generator.AddSigners(originalSignedData.GetSignerInfos());
}
//ICollection<X509Certificate> certs = new AList<X509Certificate>();
IList certs = new ArrayList();
//certs.AddItem(parameters.SigningCertificate);
certs.Add(parameters.SigningCertificate);
if (parameters.CertificateChain != null)
{
foreach (X509Certificate c in parameters.CertificateChain)
{
if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN))
{
//certs.AddItem(c);
certs.Add(c);
}
}
}
//JcaCertStore certStore = new JcaCertStore(certs);
IX509Store certStore = X509StoreFactory.Create("Certificate/Collection",
new X509CollectionStoreParameters(certs));
generator.AddCertificates(certStore);
if (originalSignedData != null)
{
generator.AddCertificates(originalSignedData.GetCertificates("Collection"));
}
return(generator);
}
catch (CmsException e)
{
throw new IOException("CmsException", e);
}
catch (CertificateEncodingException e)
{
throw new IOException("CertificateEncodingException", e);
}
/*catch (OperatorCreationException e)
* {
* throw new IOException(e);
* }*/
}
static void Main(string[] args)
{
byte[] entradaArray = File.ReadAllBytes(@"certificado/arquivoTeste.txt");
AsymmetricKeyParameter chavePrivada;
X509Certificate certificadoX509 = getCertificadoX509(@"certificado/certificado.p12", "123!@#", out chavePrivada);
SHA512Managed hashSHA512 = new SHA512Managed();
SHA256Managed hashSHA256 = new SHA256Managed();
byte[] certificadoX509Hash = hashSHA256.ComputeHash(certificadoX509.GetEncoded());
byte[] EntradaHash = hashSHA512.ComputeHash(entradaArray);
CmsSignedDataGenerator geradorCms = new CmsSignedDataGenerator();
//
//atributos
//
Asn1EncodableVector atributosAssinados = new Asn1EncodableVector();
//1.2.840.113549.1.9.3 -> ContentType
//1.2.840.113549.1.7.1 -> RSA Security Data Inc
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.ContentType, new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1"))));
//1.2.840.113549.1.9.5 -> Signing Time
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new DerUtcTime(DateTime.Now))));
//1.2.840.113549.1.9.4 -> messageDigest
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.MessageDigest, new DerSet(new DerOctetString(EntradaHash))));
//2.16.840.1.101.3.4.2.3 -> SHA-512
//2.16.840.1.101.3.4.2.1 -> SHA-256
//1.2.840.113549.1.9.16.5.1 -> sigPolicyQualifier-spuri
DerObjectIdentifier identificadorPolicyID = new DerObjectIdentifier("1.2.840.113549.1.9.16.2.15");
byte[] policyHASH = System.Text.Encoding.ASCII.GetBytes("0F6FA2C6281981716C95C79899039844523B1C61C2C962289CDAC7811FEEE29E");
List <SigPolicyQualifierInfo> sigPolicyQualifierInfos = new List <SigPolicyQualifierInfo>();
Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algoritmoIdentificador = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier("2.16.840.1.101.3.4.2.3");
SigPolicyQualifierInfo bcSigPolicyQualifierInfo = new SigPolicyQualifierInfo(new DerObjectIdentifier("1.2.840.113549.1.9.16.5.1"), new DerIA5String("http://politicas.icpbrasil.gov.br/PA_AD_RB_v2_2.der"));
sigPolicyQualifierInfos.Add(bcSigPolicyQualifierInfo);
SignaturePolicyId signaturePolicyId = new SignaturePolicyId(DerObjectIdentifier.GetInstance(new DerObjectIdentifier("2.16.76.1.7.1.6.2.2")), new OtherHashAlgAndValue(algoritmoIdentificador, new DerOctetString(policyHASH)), sigPolicyQualifierInfos);
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(identificadorPolicyID, new DerSet(signaturePolicyId)));
//1.2.840.113549.1.9.16.2.47 -> id-aa-signingCertificateV2
Org.BouncyCastle.Asn1.Ess.EssCertIDv2 essCertIDv2;
essCertIDv2 = new Org.BouncyCastle.Asn1.Ess.EssCertIDv2(certificadoX509Hash);
atributosAssinados.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(new DerObjectIdentifier("1.2.840.113549.1.9.16.2.47"), new DerSet(essCertIDv2)));
AttributeTable atributosAssinadosTabela = new AttributeTable(atributosAssinados);
//geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha256, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null);
geradorCms.AddSigner(chavePrivada, certificadoX509, CmsSignedDataGenerator.DigestSha512, new DefaultSignedAttributeTableGenerator(atributosAssinadosTabela), null);
List <X509Certificate> certificadoX509Lista = new List <X509Certificate>();
certificadoX509Lista.Add(certificadoX509);
//storeCerts.AddRange(chain);
X509CollectionStoreParameters parametrosArmazem = new X509CollectionStoreParameters(certificadoX509Lista);
IX509Store armazemCertificado = X509StoreFactory.Create("CERTIFICATE/COLLECTION", parametrosArmazem);
geradorCms.AddCertificates(armazemCertificado);
var dadosAssinado = geradorCms.Generate(new CmsProcessableByteArray(entradaArray), true); // encapsulate = false for detached signature
Console.WriteLine("Codificado => " + Convert.ToBase64String(dadosAssinado.GetEncoded()));
}
//------------------------------------------------------------------------------
public TimeStampToken Generate(
TimeStampRequest request,
IBigInteger serialNumber,
DateTime genTime)
{
DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid);
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(algID, request.GetMessageImprintDigest());
Accuracy accuracy = null;
if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
{
DerInteger seconds = null;
if (accuracySeconds > 0)
{
seconds = new DerInteger(accuracySeconds);
}
DerInteger millis = null;
if (accuracyMillis > 0)
{
millis = new DerInteger(accuracyMillis);
}
DerInteger micros = null;
if (accuracyMicros > 0)
{
micros = new DerInteger(accuracyMicros);
}
accuracy = new Accuracy(seconds, millis, micros);
}
DerBoolean derOrdering = null;
if (ordering)
{
derOrdering = DerBoolean.GetInstance(ordering);
}
DerInteger nonce = null;
if (request.Nonce != null)
{
nonce = new DerInteger(request.Nonce);
}
DerObjectIdentifier tsaPolicy = new DerObjectIdentifier(tsaPolicyOID);
if (request.ReqPolicy != null)
{
tsaPolicy = new DerObjectIdentifier(request.ReqPolicy);
}
TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint,
new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy,
derOrdering, nonce, tsa, request.Extensions);
try
{
CmsSignedDataGenerator signedDataGenerator = new CmsSignedDataGenerator();
byte[] derEncodedTstInfo = tstInfo.GetDerEncoded();
if (request.CertReq)
{
signedDataGenerator.AddCertificates(x509Certs);
}
signedDataGenerator.AddCrls(x509Crls);
signedDataGenerator.AddSigner(key, cert, digestOID, signedAttr, unsignedAttr);
CmsSignedData signedData = signedDataGenerator.Generate(
PkcsObjectIdentifiers.IdCTTstInfo.Id,
new CmsProcessableByteArray(derEncodedTstInfo),
true);
return(new TimeStampToken(signedData));
}
catch (CmsException cmsEx)
{
throw new TspException("Error generating time-stamp token", cmsEx);
}
catch (IOException e)
{
throw new TspException("Exception encoding info", e);
}
catch (X509StoreException e)
{
throw new TspException("Exception handling CertStore", e);
}
// catch (InvalidAlgorithmParameterException e)
// {
// throw new TspException("Exception handling CertStore CRLs", e);
// }
}
public TimeStampToken Generate(TimeStampRequest request, BigInteger serialNumber, global::System.DateTime genTime)
{
//IL_01a0: Expected O, but got Unknown
DerObjectIdentifier algorithm = new DerObjectIdentifier(request.MessageImprintAlgOid);
AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(algorithm, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(hashAlgorithm, request.GetMessageImprintDigest());
Accuracy accuracy = null;
if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0)
{
DerInteger seconds = null;
if (accuracySeconds > 0)
{
seconds = new DerInteger(accuracySeconds);
}
DerInteger millis = null;
if (accuracyMillis > 0)
{
millis = new DerInteger(accuracyMillis);
}
DerInteger micros = null;
if (accuracyMicros > 0)
{
micros = new DerInteger(accuracyMicros);
}
accuracy = new Accuracy(seconds, millis, micros);
}
DerBoolean derBoolean = null;
if (ordering)
{
derBoolean = DerBoolean.GetInstance(ordering);
}
DerInteger nonce = null;
if (request.Nonce != null)
{
nonce = new DerInteger(request.Nonce);
}
DerObjectIdentifier tsaPolicyId = new DerObjectIdentifier(tsaPolicyOID);
if (request.ReqPolicy != null)
{
tsaPolicyId = new DerObjectIdentifier(request.ReqPolicy);
}
TstInfo tstInfo = new TstInfo(tsaPolicyId, messageImprint, new DerInteger(serialNumber), new DerGeneralizedTime(genTime), accuracy, derBoolean, nonce, tsa, request.Extensions);
try
{
CmsSignedDataGenerator cmsSignedDataGenerator = new CmsSignedDataGenerator();
byte[] derEncoded = tstInfo.GetDerEncoded();
if (request.CertReq)
{
cmsSignedDataGenerator.AddCertificates(x509Certs);
}
cmsSignedDataGenerator.AddCrls(x509Crls);
cmsSignedDataGenerator.AddSigner(key, cert, digestOID, signedAttr, unsignedAttr);
CmsSignedData signedData = cmsSignedDataGenerator.Generate(PkcsObjectIdentifiers.IdCTTstInfo.Id, new CmsProcessableByteArray(derEncoded), encapsulate: true);
return(new TimeStampToken(signedData));
}
catch (CmsException e)
{
throw new TspException("Error generating time-stamp token", e);
}
catch (IOException val)
{
IOException e2 = val;
throw new TspException("Exception encoding info", (global::System.Exception)(object) e2);
}
catch (X509StoreException e3)
{
throw new TspException("Exception handling CertStore", e3);
}
}
private void AssinarCriptografar(EnvioRemessaCobrancaBradescoJson model)
{
try
{
//exemplo validacao
var validador = new ValidarModelo();
var criticas = validador.Criticas(model);
if (criticas.Any())
{
return;
}
var data = ConverterParaJsonAspasSimples(model);
var encoding = new UTF8Encoding();
var messageBytes = encoding.GetBytes(data);
var impressaDigitalCertificado = ConfigurationManager.AppSettings["ImpressaoDigitalCertificado"];
// certificado precisa ser instalado na máquina local e na pasta pessoal, diferente disso alterar linha abaixo
var store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var privateCert = store.Certificates.Cast <X509Certificate2>().FirstOrDefault(cert => cert.Thumbprint == impressaDigitalCertificado && cert.HasPrivateKey);
if (privateCert == null)
{
throw new Exception("Certificado não localizado.");
}
if (privateCert.PrivateKey == null)
{
throw new Exception("chave privada não localizada no certificado.");
}
//convertendo certificado para objeto que o bouncycastle conhece
var bouncyCastleKey = DotNetUtilities.GetKeyPair(privateCert.PrivateKey).Private;
var x5091 = new X509Certificate(privateCert.RawData);
var x509CertBouncyCastle = DotNetUtilities.FromX509Certificate(x5091);
var generator = new CmsSignedDataGenerator();
var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder();
generator.AddSignerInfoGenerator(
signerInfoGeneratorBuilder.Build(new Asn1SignatureFactory("SHA256WithRSA", bouncyCastleKey),
x509CertBouncyCastle));
//criando certstore que o bouncycastle conhece
IList certList = new ArrayList();
certList.Add(x509CertBouncyCastle);
var store509BouncyCastle = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList));
generator.AddCertificates(store509BouncyCastle);
var cmsdata = new CmsProcessableByteArray(messageBytes);
//assina
var signeddata = generator.Generate(cmsdata, true);
var mensagemFinal = signeddata.GetEncoded();
//converte para base64 que eh o formato que o serviço espera
var mensagemConvertidaparaBase64 = Convert.ToBase64String(mensagemFinal);
//chama serviço convertendo a string na base64 em bytes
CriarServicoWebEEnviar("url_servico_bradesco_consta_manual", encoding.GetBytes(mensagemConvertidaparaBase64));
}
catch (Exception ex)
{
throw;
}
}
