protected virtual void CheckSignature(
            IVerifierFactory verifier)
        {
            if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
            {
                throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
            }

            IStreamCalculator streamCalculator = verifier.CreateCalculator();

            try
            {
                byte[] b = this.cert.ACInfo.GetEncoded();

                streamCalculator.Stream.Write(b, 0, b.Length);

                Platform.Dispose(streamCalculator.Stream);
            }
            catch (IOException e)
            {
                throw new SignatureException("Exception encoding certificate info object", e);
            }

            if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
            {
                throw new InvalidKeyException("Public key presented not for certificate signature");
            }
        }
        /// <summary>
        /// Validate the signature on the Pkcs10 certification request in this holder.
        /// </summary>
        /// <param name="verifierProvider">A ContentVerifierProvider that can generate a verifier for the signature.</param>
        /// <returns>true if the signature is valid, false otherwise.</returns>
        public bool IsSignatureValid(IVerifierFactoryProvider <AlgorithmIdentifier> verifierProvider)
        {
            CertificationRequestInfo requestInfo = certificationRequest.GetCertificationRequestInfo();

            IStreamCalculator <IVerifier> calculator;

            try
            {
                IVerifierFactory <AlgorithmIdentifier> verifier = verifierProvider.CreateVerifierFactory(certificationRequest.SignatureAlgorithm);

                calculator = verifier.CreateCalculator();

                Stream sOut = calculator.Stream;

                byte[] data = requestInfo.GetEncoded(Asn1Encodable.Der);

                sOut.Write(data, 0, data.Length);

                sOut.Close();

                return(calculator.GetResult().IsVerified(this.GetSignature()));
            }
            catch (Exception e)
            {
                throw new PkcsException("unable to process signature: " + e.Message, e);
            }
        }
示例#3
0
        protected virtual void CheckSignature(IVerifierFactory verifier)
        {
            //IL_0063: Expected O, but got Unknown
            if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
            {
                throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
            }
            IStreamCalculator streamCalculator = verifier.CreateCalculator();

            try
            {
                byte[] encoded = cert.ACInfo.GetEncoded();
                streamCalculator.Stream.Write(encoded, 0, encoded.Length);
                Platform.Dispose(streamCalculator.Stream);
            }
            catch (IOException val)
            {
                IOException exception = val;
                throw new SignatureException("Exception encoding certificate info object", (global::System.Exception)(object) exception);
            }
            if (!((IVerifier)streamCalculator.GetResult()).IsVerified(GetSignature()))
            {
                throw new InvalidKeyException("Public key presented not for certificate signature");
            }
        }
        /**
         * Initialise the signature object for verification.
         *
         * @param verifierBuilderProvider   provider for a content verifier builder for the signature type of interest.
         * @param pubKey  the public key to use for verification
         * @throws PgpException if there's an issue with creating the verifier.
         */
        public void InitVerify(IVerifierFactoryProvider <PgpSignatureTypeIdentifier> verifierFactoryProvider)
        {
            IVerifierFactory <PgpSignatureTypeIdentifier> verifierFactory = verifierFactoryProvider.CreateVerifierFactory(new PgpSignatureTypeIdentifier(sigPack.KeyAlgorithm, sigPack.HashAlgorithm));

            lastb  = 0;
            sigOut = verifierFactory.CreateCalculator();
        }
示例#5
0
        /// <summary>
        /// Verify a message with a public key based signature attached.
        /// </summary>
        /// <param name="verifierFactory">a factory of signature verifiers.</param>
        /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns>
        public bool Verify(IVerifierFactory verifierFactory)
        {
            IStreamCalculator streamCalculator = verifierFactory.CreateCalculator();

            IVerifier result = (IVerifier)Process(streamCalculator);

            return(result.IsVerified(pkiMessage.Protection.GetBytes()));
        }
        private static bool verify(IVerifierFactory verifier, AlgorithmIdentifier signatureAlgorithm, byte[] signedData, byte[] signature)
        {
            IStreamCalculator streamCalculator = verifier.CreateCalculator();

            byte[] b = signedData;

            streamCalculator.Stream.Write(b, 0, b.Length);

            //Platform.Dispose(streamCalculator.Stream);

            return(((IVerifier)streamCalculator.GetResult()).IsVerified(signature));
        }
 public bool Verify(IVerifierFactory verifier)
 {
     try
     {
         byte[]            derEncoded       = reqInfo.GetDerEncoded();
         IStreamCalculator streamCalculator = verifier.CreateCalculator();
         streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length);
         Platform.Dispose(streamCalculator.Stream);
         return(((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets()));
     }
     catch (Exception exception)
     {
         throw new SignatureException("exception encoding TBS cert request", exception);
     }
 }
        protected virtual void CheckSignature(IVerifierFactory verifier)
        {
            if (!IsAlgIDEqual(this.c.SignatureAlgorithm, this.c.TbsCertificate.Signature))
            {
                throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
            }
            IStreamCalculator calculator = verifier.CreateCalculator();

            byte[] tbsCertificate = this.GetTbsCertificate();
            calculator.Stream.Write(tbsCertificate, 0, tbsCertificate.Length);
            Platform.Dispose(calculator.Stream);
            if (!((IVerifier)calculator.GetResult()).IsVerified(this.GetSignature()))
            {
                throw new InvalidKeyException("Public key presented not for certificate signature");
            }
        }
示例#9
0
        protected virtual void CheckSignature(IVerifierFactory verifier)
        {
            if (!this.c.SignatureAlgorithm.Equals(this.c.TbsCertList.Signature))
            {
                throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
            }
            IStreamCalculator calculator = verifier.CreateCalculator();

            byte[] tbsCertList = this.GetTbsCertList();
            calculator.Stream.Write(tbsCertList, 0, tbsCertList.Length);
            Platform.Dispose(calculator.Stream);
            if (!((IVerifier)calculator.GetResult()).IsVerified(this.GetSignature()))
            {
                throw new InvalidKeyException("CRL does not verify with supplied public key.");
            }
        }
        public bool Verify(
            IVerifierFactory verifier)
        {
            try
            {
                byte[] b = reqInfo.GetDerEncoded();

                IStreamCalculator streamCalculator = verifier.CreateCalculator();

                streamCalculator.Stream.Write(b, 0, b.Length);

                BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);

                return(((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets()));
            }
            catch (Exception e)
            {
                throw new SignatureException("exception encoding TBS cert request", e);
            }
        }
示例#11
0
        /*
         * verify that the given public key successfully handles and confirms the
         * signature associated with this signer.
         */
        public bool Verify(
            ISignerInformationVerifierProvider verifierProvider)
        {
            IVerifierFactory <AlgorithmIdentifier> verifierFact = verifierProvider.CreateVerifierFactory(this.SignatureAlgorithmID, this.DigestAlgorithmID);

            // Optional, but still need to validate if present
            Asn1.Cms.Time signingTime = GetSigningTime();

            if (signingTime != null)
            {
                IDatedVerifierFactory <AlgorithmIdentifier> datedFact = verifierFact as IDatedVerifierFactory <AlgorithmIdentifier>;
                if (datedFact != null)
                {
                    if (!datedFact.IsValidAt(signingTime.Date))
                    {
                        throw new CmsDatedVerifierNotValidException("verifier not valid at signingTime");
                    }
                }
            }

            return(doVerify(verifierProvider.IsRawSigner, verifierFact, verifierProvider.CreateDigestFactory(this.DigestAlgorithmID)));
        }
示例#12
0
        protected virtual void CheckSignature(
            IVerifierFactory verifier)
        {
            if (!c.SignatureAlgorithm.Equals(c.TbsCertList.Signature))
            {
                throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
            }

            //Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;

            IStreamCalculator streamCalculator = verifier.CreateCalculator();

            byte[] b = this.GetTbsCertList();

            streamCalculator.Stream.Write(b, 0, b.Length);

            Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);

            if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
            {
                throw new InvalidKeyException("CRL does not verify with supplied public key.");
            }
        }
示例#13
0
        protected virtual void CheckSignature(
            IVerifierFactory verifier)
        {
            if (!IsAlgIDEqual(c.SignatureAlgorithm, c.TbsCertificate.Signature))
            {
                throw new CertificateException("signature algorithm in TBS cert not same as outer cert");
            }

            Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;

            IStreamCalculator streamCalculator = verifier.CreateCalculator();

            byte[] b = this.GetTbsCertificate();

            streamCalculator.Stream.Write(b, 0, b.Length);

            Platform.Dispose(streamCalculator.Stream);

            if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
            {
                throw new InvalidKeyException("Public key presented not for certificate signature");
            }
        }
示例#14
0
        private bool doVerify(bool isRawVerifier, IVerifierFactory <AlgorithmIdentifier> verifierFactory, IDigestFactory <AlgorithmIdentifier> digestFactory)
        {
            IStreamCalculator <IVerifier> contentVerifier = verifierFactory.CreateCalculator();
            Stream sigOut = contentVerifier.Stream;

            try
            {
                if (resultDigest == null)
                {
                    IStreamCalculator <IBlockResult> calc = digestFactory.CreateCalculator();
                    if (content != null)
                    {
                        Stream digOut = calc.Stream;

                        if (signedAttributeSet == null)
                        {
                            if (isRawVerifier)
                            {
                                content.Write(digOut);
                            }
                            else
                            {
                                Stream cOut = new TeeOutputStream(digOut, sigOut);

                                content.Write(cOut);

                                cOut.Close();
                            }
                        }
                        else
                        {
                            content.Write(digOut);
                            byte[] enc = this.GetEncodedSignedAttributes();
                            sigOut.Write(enc, 0, enc.Length);
                        }

                        digOut.Close();
                    }
                    else if (signedAttributeSet != null)
                    {
                        byte[] enc = this.GetEncodedSignedAttributes();

                        sigOut.Write(enc, 0, enc.Length);
                    }
                    else
                    {
                        // TODO Get rid of this exception and just treat content==null as empty not missing?
                        throw new CmsException("data not encapsulated in signature - use detached constructor.");
                    }

                    resultDigest = calc.GetResult().Collect();
                }
                else
                {
                    if (signedAttributeSet == null)
                    {
                        if (content != null)
                        {
                            content.Write(sigOut);
                        }
                    }
                    else
                    {
                        byte[] enc = this.GetEncodedSignedAttributes();

                        sigOut.Write(enc, 0, enc.Length);
                    }
                }

                sigOut.Close();
            }
            catch (Exception e)
            {
                throw new CmsException("can't process object to create signature.", e);
            }

            // RFC 3852 11.1 Check the content-type attribute is correct
            {
                Asn1Object validContentType = GetSingleValuedSignedAttribute(
                    CmsAttributes.ContentType, "content-type");
                if (validContentType == null)
                {
                    if (!isCounterSignature && signedAttributeSet != null)
                    {
                        throw new CmsException("The content-type attribute type MUST be present whenever signed attributes are present in signed-data");
                    }
                }
                else
                {
                    if (isCounterSignature)
                    {
                        throw new CmsException("[For counter signatures,] the signedAttributes field MUST NOT contain a content-type attribute");
                    }

                    if (!(validContentType is DerObjectIdentifier))
                    {
                        throw new CmsException("content-type attribute value not of ASN.1 type 'OBJECT IDENTIFIER'");
                    }

                    DerObjectIdentifier signedContentType = (DerObjectIdentifier)validContentType;

                    if (!signedContentType.Equals(contentType))
                    {
                        throw new CmsException("content-type attribute value does not match eContentType");
                    }
                }
            }

            Asn1.Cms.AttributeTable signedAttrTable = this.SignedAttributes;

            // RFC 6211 Validate Algorithm Identifier protection attribute if present
            {
                Asn1.Cms.AttributeTable unsignedAttrTable = this.UnsignedAttributes;
                if (unsignedAttrTable != null && unsignedAttrTable.GetAll(CmsAttributes.CmsAlgorithmProtect).Count > 0)
                {
                    throw new CmsException("A cmsAlgorithmProtect attribute MUST be a signed attribute");
                }
                if (signedAttrTable != null)
                {
                    Asn1EncodableVector protectionAttributes = signedAttrTable.GetAll(CmsAttributes.CmsAlgorithmProtect);
                    if (protectionAttributes.Count > 1)
                    {
                        throw new CmsException("Only one instance of a cmsAlgorithmProtect attribute can be present");
                    }

                    if (protectionAttributes.Count > 0)
                    {
                        Asn1.Cms.Attribute attr = Asn1.Cms.Attribute.GetInstance(protectionAttributes[0]);
                        if (attr.AttrValues.Count != 1)
                        {
                            throw new CmsException("A cmsAlgorithmProtect attribute MUST contain exactly one value");
                        }

                        CmsAlgorithmProtection algorithmProtection = CmsAlgorithmProtection.GetInstance(attr.AttrValues[0]);

                        if (!CmsUtilities.IsEquivalent(algorithmProtection.DigestAlgorithm, info.DigestAlgorithm))
                        {
                            throw new CmsException("CMS Algorithm Identifier Protection check failed for digestAlgorithm");
                        }

                        if (!CmsUtilities.IsEquivalent(algorithmProtection.SignatureAlgorithm, info.DigestEncryptionAlgorithm))
                        {
                            throw new CmsException("CMS Algorithm Identifier Protection check failed for signatureAlgorithm");
                        }
                    }
                }
            }

            // RFC 3852 11.2 Check the message-digest attribute is correct
            {
                Asn1Encodable validMessageDigest = GetSingleValuedSignedAttribute(
                    CmsAttributes.MessageDigest, "message-digest");
                if (validMessageDigest == null)
                {
                    if (signedAttributeSet != null)
                    {
                        throw new CmsException("the message-digest signed attribute type MUST be present when there are any signed attributes present");
                    }
                }
                else
                {
                    if (!(validMessageDigest is Asn1OctetString))
                    {
                        throw new CmsException("message-digest attribute value not of ASN.1 type 'OCTET STRING'");
                    }

                    Asn1OctetString signedMessageDigest = (Asn1OctetString)validMessageDigest;

                    if (!Arrays.ConstantTimeAreEqual(resultDigest, signedMessageDigest.GetOctets()))
                    {
                        throw new CmsSignerDigestMismatchException("message-digest attribute value does not match calculated value");
                    }
                }
            }

            // RFC 3852 11.4 Validate countersignature attribute(s)
            {
                if (signedAttrTable != null &&
                    signedAttrTable.GetAll(CmsAttributes.CounterSignature).Count > 0)
                {
                    throw new CmsException("A countersignature attribute MUST NOT be a signed attribute");
                }

                Asn1.Cms.AttributeTable unsignedAttrTable = this.UnsignedAttributes;
                if (unsignedAttrTable != null)
                {
                    Asn1EncodableVector csAttrs = unsignedAttrTable.GetAll(CmsAttributes.CounterSignature);
                    for (int i = 0; i < csAttrs.Count; ++i)
                    {
                        Asn1.Cms.Attribute csAttr = Asn1.Cms.Attribute.GetInstance(csAttrs[i]);
                        if (csAttr.AttrValues.Count < 1)
                        {
                            throw new CmsException("A countersignature attribute MUST contain at least one AttributeValue");
                        }

                        // Note: We don't recursively validate the countersignature value
                    }
                }
            }

            try
            {
                if (signedAttributeSet == null && resultDigest != null)
                {
                    if (isRawVerifier)
                    {
                        if (SignatureAlgorithmID.Algorithm.Equals(PkcsObjectIdentifiers.RsaEncryption))
                        {
                            DigestInfo digInfo = new DigestInfo(new AlgorithmIdentifier(digestAlgorithm.Algorithm, DerNull.Instance), resultDigest);
                            byte[]     data    = digInfo.GetEncoded(Asn1Encodable.Der);

                            sigOut.Write(data, 0, data.Length);

                            sigOut.Close();

                            return(contentVerifier.GetResult().IsVerified(this.GetSignature()));
                        }

                        sigOut.Write(resultDigest, 0, resultDigest.Length);

                        sigOut.Close();

                        return(contentVerifier.GetResult().IsVerified(this.GetSignature()));
                    }
                }

                sigOut.Close();

                return(contentVerifier.GetResult().IsVerified(this.GetSignature()));
            }
            catch (IOException e)
            {
                throw new CmsException("can't process mime object to create signature.", e);
            }
        }
        public bool Verify(
            IVerifierFactory verifier)
        {
            try
            {
                byte[] b = reqInfo.GetDerEncoded();

                IStreamCalculator streamCalculator = verifier.CreateCalculator();

                streamCalculator.Stream.Write(b, 0, b.Length);

                Platform.Dispose(streamCalculator.Stream);

                return ((IVerifier)streamCalculator.GetResult()).IsVerified(sigBits.GetOctets());
            }
            catch (Exception e)
            {
                throw new SignatureException("exception encoding TBS cert request", e);
            }
        }
示例#16
0
 /// <summary>
 /// Base constructor.
 /// </summary>
 public PkixDatedVerifierFactory(AlgorithmIdentifier algorithm, IVerifierFactory <IParameters <Algorithm> > baseFactory, X509Certificate certificate)
 {
     this.algID       = algorithm;
     this.baseFactory = baseFactory;
     this.certificate = certificate;
 }
        protected virtual void CheckSignature(
            IVerifierFactory verifier)
        {
            if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
			{
				throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
			}

            IStreamCalculator streamCalculator = verifier.CreateCalculator();

			try
			{
                byte[] b = this.cert.ACInfo.GetEncoded();

                streamCalculator.Stream.Write(b, 0, b.Length);

                Platform.Dispose(streamCalculator.Stream);
            }
			catch (IOException e)
			{
				throw new SignatureException("Exception encoding certificate info object", e);
			}

			if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
			{
				throw new InvalidKeyException("Public key presented not for certificate signature");
			}
		}
        private IVerifierFactory <AlgorithmIdentifier> CreateVerifierFactory(AlgorithmIdentifier algorithm, IVerifierFactory <IParameters <Algorithm> > baseFactory, X509Certificate certificate)
        {
            if (certificate != null)
            {
                return(new PkixDatedVerifierFactory(algorithm, baseFactory, certificate));
            }

            return(new PkixVerifierFactory(algorithm, baseFactory));
        }
 /// <summary>
 /// Base constructor.
 /// </summary>
 public PkixVerifierFactory(AlgorithmIdentifier algorithm, IVerifierFactory <IParameters <Algorithm> > baseFactory)
 {
     this.algID       = algorithm;
     this.baseFactory = baseFactory;
 }
 public VerifierFactory(PgpSignatureTypeIdentifier algorithmDetails, IVerifierFactory <IParameters <Algorithm> > verifierFactory)
 {
     this.mAlgorithmDetails = algorithmDetails;
     this.verifierFactory   = verifierFactory;
 }
示例#21
0
        protected virtual void CheckSignature(
            IVerifierFactory verifier)
        {
            if (!c.SignatureAlgorithm.Equals(c.TbsCertList.Signature))
            {
                throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList.");
            }

            Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;

            IStreamCalculator streamCalculator = verifier.CreateCalculator();

            byte[] b = this.GetTbsCertList();

            streamCalculator.Stream.Write(b, 0, b.Length);

            Platform.Dispose(streamCalculator.Stream);

            if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
            {
                throw new InvalidKeyException("CRL does not verify with supplied public key.");
            }
        }
示例#22
0
        protected virtual void CheckSignature(
			IVerifierFactory verifier)
		{
			if (!IsAlgIDEqual(c.SignatureAlgorithm, c.TbsCertificate.Signature))
				throw new CertificateException("signature algorithm in TBS cert not same as outer cert");

			Asn1Encodable parameters = c.SignatureAlgorithm.Parameters;

            IStreamCalculator streamCalculator = verifier.CreateCalculator();

			byte[] b = this.GetTbsCertificate();

			streamCalculator.Stream.Write(b, 0, b.Length);

            Platform.Dispose(streamCalculator.Stream);

            if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature()))
			{
				throw new InvalidKeyException("Public key presented not for certificate signature");
			}
		}