/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19 /// /// </summary> /// <param name="sSource"></param> /// <param name="sSignature"></param> /// <param name="isNotHasSource"></param> /// <returns></returns> public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource) { SecuInter.X509Certificate oCertSign = null; SignedData signedData = new SignedData(); Utilities util = new Utilities(); if (isNotHasSource == true) {//不含原文情况,将原文设入签名数据中 signedData.Content = sSource; } if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY)) { throw new Exception("签名验证不正确"); } if (isNotHasSource == false) { //含原文情况,比对原文和签名信息,进行验证 if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) // { throw new Exception("发生错误,签名原文不一致!"); } } // '判断验证结果与签名时数据是否一致 SecuInter.Signers signers = signedData.Signers; IEnumerator enumer = signers.GetEnumerator(); while (enumer.MoveNext()) //第一张证书为客户端签名证书 { SecuInter.Signer signer = (SecuInter.Signer)enumer.Current; SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate; oCertSign = oCert; //'验证通过,取签名的证书 break; } if (oCertSign == null) { throw new Exception("签名信息中无证书!"); } signedData = null; util = null; return(oCertSign); }
/// <summary>5.3.5 带原文PKCS7签名,验证并获取原文 2011-12-19 /// 含原文签名情况下使用 /// </summary> /// <param name="sSignature"></param> /// <returns></returns> public static String getSourceFromPKCS7SignData(string sSignature) { String sSource = ""; SignedData oSignedData = new SignedData(); Utilities oUtilities = new Utilities(); if (!oSignedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY)) { throw new Exception("签名验证不正确"); } SecuInter.Signers signers = oSignedData.Signers; IEnumerator enumer = signers.GetEnumerator(); while (enumer.MoveNext()) //第一张证书为客户端签名证书 { SecuInter.Signer signer = (SecuInter.Signer)enumer.Current; SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate; oCert.Display(); } sSource = oUtilities.ByteArraytoString(oSignedData.Content); oSignedData = null; oUtilities = null; return(sSource); }
/// <summary>5.3.4 PKCS7签名验证并获取证书 2011-12-19 /// /// </summary> /// <param name="sSource"></param> /// <param name="sSignature"></param> /// <param name="isNotHasSource"></param> /// <returns></returns> public static SecuInter.X509Certificate verifyPKCS7(String sSource, string sSignature, Boolean isNotHasSource, ref String signTime) { SecuInter.X509Certificate oCertSign = null; SignedData signedData = new SignedData(); Utilities util = new Utilities(); if (isNotHasSource == true) {//不含原文情况,将原文设入签名数据中 signedData.Content = sSource; } if (!signedData.Verify(sSignature, SecuInter.SECUINTER_SIGNEDDATA_VERIFY_FLAG.SECUINTER_SIGNEDDATA_VERIFY_SIGNATURE_ONLY)) { throw new Exception("签名验证不正确"); } if (isNotHasSource == false) { //含原文情况,比对原文和签名信息,进行验证 if (!sSource.Equals(util.ByteArraytoString(signedData.Content))) // { throw new Exception("发生错误,签名原文不一致!"); } } int iCertCount = signedData.Signers.Count; //获取签名时间 if (iCertCount == 1) { if (signedData.HasTSATimestamp(0)) { signTime = (signedData.getTSATimeStamp(0).ToString("yyyy-MM-dd HH:mm:ss")); } } else { for (var i = 0; i < iCertCount; i++) { signedData.Signers[i].Certificate.Display(); if (signedData.HasTSATimestamp(i)) { signTime = (signedData.getTSATimeStamp(i).ToString("yyyy-MM-dd HH:mm:ss")); } } } // '判断验证结果与签名时数据是否一致 SecuInter.Signers signers = signedData.Signers; IEnumerator enumer = signers.GetEnumerator(); while (enumer.MoveNext()) //第一张证书为客户端签名证书 { SecuInter.Signer signer = (SecuInter.Signer)enumer.Current; SecuInter.X509Certificate oCert = (SecuInter.X509Certificate)signer.Certificate; oCertSign = oCert; //'验证通过,取签名的证书 break; } if (oCertSign == null) { throw new Exception("签名信息中无证书!"); } signedData = null; util = null; return(oCertSign); }
public Setting HashAndcheckval(object setting, string signature) { X509Chain chain = new X509Chain(); chain.ChainPolicy.RevocationMode = X509RevocationMode.Offline; Setting _setting = setting as Setting; BOLLogs BOLlogs = new BOLLogs(); Users ValidUser = BOLUsers.GetDataByUsername(_setting.UserName); string hashData = DoHash(_setting.Pass); hashData = "<login><Password>" + hashData + "</Password><UserName>" + _setting.UserName + "</UserName><Captcha>" + _setting.CaptchaText + "</Captcha></login>"; string strlogContent = "<login><UserName>" + _setting.UserName + "</UserName><Password>" + _setting.Pass + "</Password></login>"; SignedData mySD = new SignedData(); try { mySD.Verify(signature, false, CAPICOM_SIGNED_DATA_VERIFY_FLAG.CAPICOM_VERIFY_SIGNATURE_ONLY); if (mySD.Content != hashData) { _setting.MsgText = "محتوای امضا تغییر یافته است"; _setting.MsgVisible = true; //BOLlogs.InsertIntoLogs((int)Enums.LogTypes.enm_ErrorInVerify, ValidUser.Code, strlogContent, _setting.RawUrl, _setting.UrlHost); return(_setting); } int count = mySD.Certificates.Count; string thump; Boolean IsValidThump = false; for (int i = 1; i <= count; i++) { Certificate cr = (Certificate)mySD.Certificates[i]; thump = cr.Thumbprint; if (!IsValidThump) { if (_setting.Tumbprint.ToUpper() == thump) { IsValidThump = true; } } } if (IsValidThump) { Login(setting); } else { _setting.MsgText = " با گواهی مربوطه امضا نشده است"; _setting.MsgVisible = true; //BOLlogs.InsertIntoLogs((int)Enums.LogTypes.enm_SignedWithAnotherCertificate, ValidUser.Code, strlogContent, _setting.RawUrl, _setting.UrlHost); } } catch (Exception e) { //_setting.MsgText = "امضا نامعتبر است"; //_setting.MsgVisible = true; //BOLlogs.InsertIntoLogs((int)Enums.LogTypes.enm_InvalidSign, ValidUser.Code, strlogContent, _setting.RawUrl, _setting.UrlHost); } SetCaptcha(_setting); return(_setting); }