private void VerifyCounterSignature(SignerInformation signInfo, byte[] certificate)
{
SignerInformation csi = GetFirstSignerInfo(signInfo.GetCounterSignatures());
X509Certificate cert = new X509CertificateParser().ReadCertificate(certificate);
Assert.IsTrue(csi.Verify(cert));
}
private void ReadInformation()
{
if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime] != null)
{
_signingDate = DerUtcTime.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.Pkcs9AtSigningTime].AttrValues[0]).ToDateTime().ToLocalTime();
}
if (_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr] != null)
{
var signerAttr = SignerAttribute.GetInstance(_signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAAEtsSignerAttr].AttrValues[0]);
List <string> claimedRoles = new List <string>();
foreach (BcCms.Attribute claimedAttr in signerAttr.ClaimedAttributes)
{
foreach (var value in claimedAttr.AttrValues)
{
claimedRoles.Add(DerUtf8String.GetInstance(value).GetString());
}
}
_signerRoles = claimedRoles;
}
if (_signerInformation.UnsignedAttributes != null &&
_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken] != null)
{
_timeStamp = new TimeStampToken(new CmsSignedData(_signerInformation.UnsignedAttributes[PkcsObjectIdentifiers.IdAASignatureTimeStampToken].AttrValues[0].GetEncoded()));
}
// Se leen las contrafirmas
var signers = _signerInformation.GetCounterSignatures().GetSigners();
_counterSignatures = new List <SignerInfoNode>();
foreach (var signer in signers)
{
SignerInfoNode node = new SignerInfoNode((SignerInformation)signer, _sigDocument);
_counterSignatures.Add(node);
}
// Se intenta identificar el certificado empleado para la firma, esto quizás se pueda mejorar
byte[] certHash = null;
IssuerSerial issuerSerial = null;
if (_signerInformation.DigestAlgOid == DigestMethod.SHA1.Oid)
{
BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
SigningCertificate sc = SigningCertificate.GetInstance(attr.AttrValues[0]);
EssCertID ecid = sc.GetCerts()[0];
issuerSerial = ecid.IssuerSerial;
certHash = ecid.GetCertHash();
}
else
{
BcCms.Attribute attr = _signerInformation.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
SigningCertificateV2 sc2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);
EssCertIDv2 ecid = sc2.GetCerts()[0];
issuerSerial = ecid.IssuerSerial;
certHash = ecid.GetCertHash();
}
DigestMethod digestMethod = DigestMethod.GetByOid(_signerInformation.DigestAlgOid);
foreach (X509CertificateStructure cs in _sigDocument.Certificates)
{
if (issuerSerial == null || cs.TbsCertificate.SerialNumber.Equals(issuerSerial.Serial))
{
byte[] currentCertHash = digestMethod.CalculateDigest(cs.GetEncoded());
if (certHash.SequenceEqual(currentCertHash))
{
_certificate = new X509Certificate(cs);
break;
}
}
}
}
private void VerifyCounterSignature(SignerInformation signInfo, byte[] certificate)
{
SignerInformation csi = GetFirstSignerInfo(signInfo.GetCounterSignatures());
X509Certificate cert = new X509CertificateParser().ReadCertificate(certificate);
Assert.IsTrue(csi.Verify(cert));
}
private DocsPaVO.documento.SignerInfo ExtractSignerInfo(List <string> ErrorMessageLst, IX509Store store, SignerInformation signer)
{
DocsPaVO.documento.SignerInfo thisSinger = new DocsPaVO.documento.SignerInfo();
Org.BouncyCastle.X509.X509Certificate cert1 = GetCertificate(signer, store);
try
{
if (!signer.Verify(cert1))
{
ErrorMessageLst.Add("Not valid signature");
}
}
catch (Exception e)
{
ErrorMessageLst.Add(e.Message);
}
thisSinger.isCountersigner = signer.IsCounterSignature;
if (signer.SignedAttributes != null)
{
if (signer.SignedAttributes[Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2] == null)
{
ErrorMessageLst.Add("Id-AA-SigningCertificateV2 not found");
}
if (signer.SignedAttributes[CmsAttributes.MessageDigest] == null)
{
ErrorMessageLst.Add("Pkcs9AtMessageDigest not found");
}
if (!signer.IsCounterSignature) //Pare che i controfirmatari non ncessitino di questo parametro
{
if (signer.SignedAttributes[Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Pkcs9AtContentType] == null)
{
ErrorMessageLst.Add("Pkcs9AtContentType not found");
}
}
thisSinger.SignatureAlgorithm = Org.BouncyCastle.Security.DigestUtilities.GetAlgorithmName(signer.DigestAlgorithmID.ObjectID);
if (signer.SignedAttributes[CmsAttributes.SigningTime] != null)
{
Org.BouncyCastle.Asn1.Cms.Attribute sigTime = signer.SignedAttributes[CmsAttributes.SigningTime];
if (sigTime.AttrValues.Count > 0)
{
try
{
thisSinger.SigningTime = GetSigningTime(sigTime.AttrValues[0]);
}
catch (Exception e)
{
ErrorMessageLst.Add("Error retriving SigningTime");
}
}
}
}
else
{
ErrorMessageLst.Add("Missing SignedAttributes");
}
if (gestioneTSFirma)
{
List <TSInfo> tsArr = new List <TSInfo>();
if (signer.UnsignedAttributes != null && signer.UnsignedAttributes[Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASignatureTimeStampToken] != null)
{
ICollection ret = Org.BouncyCastle.Tsp.TspUtil.GetSignatureTimestamps(signer);
foreach (Org.BouncyCastle.Tsp.TimeStampToken token in ret)
{
VerifyTimeStamp verifyTimeStamp = new VerifyTimeStamp();
ICollection certsColl = token.GetCertificates("COLLECTION").GetMatches(null);
TSInfo timeStamp = verifyTimeStamp.getTSCertInfo(certsColl);
timeStamp.TSdateTime = token.TimeStampInfo.GenTime.ToLocalTime();
timeStamp.TSserialNumber = token.TimeStampInfo.SerialNumber.ToString();
timeStamp.TSimprint = Convert.ToBase64String(token.TimeStampInfo.TstInfo.MessageImprint.GetEncoded());
timeStamp.TSdateTime = token.TimeStampInfo.GenTime;
timeStamp.TSType = TsType.PKCS;
tsArr.Add(timeStamp);
}
}
if (tsArr.Count > 0)
{
thisSinger.SignatureTimeStampInfo = tsArr.ToArray();
}
}
X509Certificate2 cert = new X509Certificate2(cert1.GetEncoded());
thisSinger.CertificateInfo.RevocationStatus = CheckCertificate(cert);
thisSinger.CertificateInfo.X509Certificate = cert1.GetEncoded();
thisSinger.CertificateInfo.RevocationStatusDescription = DecodeStatus(thisSinger.CertificateInfo.RevocationStatus);
ParseCNIPASubjectInfo(ref thisSinger.SubjectInfo, cert.SubjectName.Name);
thisSinger.CertificateInfo.IssuerName = cert.IssuerName.Name;
thisSinger.CertificateInfo.SerialNumber = cert.SerialNumber;
thisSinger.CertificateInfo.SignatureAlgorithm = cert.SignatureAlgorithm.FriendlyName;
thisSinger.CertificateInfo.SubjectName = cert.SubjectName.Name;
thisSinger.CertificateInfo.ValidFromDate = cert.NotBefore;
thisSinger.CertificateInfo.ValidToDate = cert.NotAfter;
thisSinger.CertificateInfo.ThumbPrint = cert.Thumbprint;
StringBuilder sb = new StringBuilder();
sb.AppendFormat("CertificateInfo.IssuerName: '{0}'", thisSinger.CertificateInfo.IssuerName);
sb.AppendFormat("CertificateInfo.SerialNumber: '{0}'", thisSinger.CertificateInfo.SerialNumber);
sb.AppendFormat("CertificateInfo.SignatureAlgorithm: '{0}'", thisSinger.CertificateInfo.SignatureAlgorithm);
sb.AppendFormat("CertificateInfo.SubjectName: '{0}'", thisSinger.CertificateInfo.SubjectName);
sb.AppendFormat("CertificateInfo.ValidFromDate: '{0}'", thisSinger.CertificateInfo.ValidFromDate);
sb.AppendFormat("CertificateInfo.ValidToDate: '{0}'", thisSinger.CertificateInfo.ValidToDate);
sb.AppendFormat("CertificateInfo.ThumbPrint: '{0}'", thisSinger.CertificateInfo.ThumbPrint);
//DocsPaUtils.LogsManagement.Debugger.Write(string.Format("SignedDocument.Verify - {0}", sb.ToString()));
//gestione controfirma
if (signer.UnsignedAttributes != null)
{
if (signer.UnsignedAttributes[CmsAttributes.CounterSignature] != null)
{
List <DocsPaVO.documento.SignerInfo> cSigsList = new List <DocsPaVO.documento.SignerInfo>();
List <string> csignErrs = new List <string> ();
SignerInformationStore counterSignatures = signer.GetCounterSignatures();
foreach (SignerInformation conunterSig in counterSignatures.GetSigners())
{
DocsPaVO.documento.SignerInfo cSigs = ExtractSignerInfo(csignErrs, store, conunterSig);
cSigsList.Add(cSigs);
}
if (csignErrs.Count > 0)
{
ErrorMessageLst.AddRange(csignErrs);
}
if (cSigsList.Count > 0)
{
thisSinger.counterSignatures = cSigsList.ToArray();
}
}
}
return(thisSinger);
}