示例#1
0
        /// <summary>
        /// metodo que realiza el sello reciviendo el archivo key como matriaz de bytes
        /// </summary>
        /// <param name="CadenaOriginal"></param>
        /// <param name="ArchivoClavePrivada"></param>
        /// <param name="lPassword"></param>
        /// <returns></returns>
        public string Sign(string CadenaOriginal, byte[] ArchivoClavePrivada, string lPassword)
        {
            byte[] ClavePrivada  = ArchivoClavePrivada;
            byte[] bytesFirmados = null;

            SecureString  lSecStr = new SecureString();
            SHA256Managed sham    = new SHA256Managed();

            lSecStr.Clear();

            foreach (char c in lPassword)
            {
                lSecStr.AppendChar(c);
            }

            RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(ClavePrivada, lSecStr);

            try
            {
                bytesFirmados = lrsa.SignData(Encoding.UTF8.GetBytes(CadenaOriginal), sham);
            }
            catch (NullReferenceException ex)
            {
                throw new DigitalSignException(109, "109", "Clave privada incorrecta.", ex);
            }
            string sellodigital = Convert.ToBase64String(bytesFirmados);

            return(sellodigital);
        }
示例#2
0
        public System.Security.Cryptography.Xml.Signature ApplySignature(
            byte[] privateKey,
            string password,
            string xml)
        {
            try
            {
                SecureString lSecStr = new SecureString();
                lSecStr.Clear();

                foreach (char c in password)
                {
                    lSecStr.AppendChar(c);
                }

                RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(privateKey, lSecStr);
                XmlDocument xmlDoc            = new XmlDocument();
                xmlDoc.PreserveWhitespace = false;
                xmlDoc.LoadXml(xml);
                return(this.SignXml(xmlDoc, (RSA)lrsa));
            }
            catch (Exception ex)
            {
                throw new DigitalSignException(109, "109", "La contraseña del certificado no es válida.", ex);
            }
        }
示例#3
0
        public string SellarMD5(string CadenaOriginal, string ArchivoClavePrivada, string lPassword)
        {
            byte[]       ClavePrivada    = File.ReadAllBytes(ArchivoClavePrivada);
            byte[]       bytesFirmados   = null;
            byte[]       bCadenaOriginal = null;
            SecureString lSecStr         = new SecureString();

            lSecStr.Clear();
            foreach (char c in lPassword)
            {
                lSecStr.AppendChar(c);
            }
            RSACryptoServiceProvider lrsa   = OpensslKey.DecodeEncryptedPrivateKeyInfo(ClavePrivada, lSecStr);
            MD5CryptoServiceProvider hasher = new MD5CryptoServiceProvider();

            bCadenaOriginal = Encoding.UTF8.GetBytes(CadenaOriginal);
            hasher.ComputeHash(bCadenaOriginal);
            bytesFirmados = lrsa.SignData(bCadenaOriginal, hasher);
            string sellodigital = Convert.ToBase64String(bytesFirmados);

            return(sellodigital);
        }
示例#4
0
        public bool validateCerKEYContent(byte[] cer, byte[] key, string password, string rfc)
        {
            try
            {
                if (String.IsNullOrEmpty(password))
                {
                    throw new DigitalSignException(5050, "5051", "Es necesario especificar la contraseña del certificado.", null);
                }

                SecureString secureString = new SecureString();
                secureString.Clear();

                foreach (char c in password)
                {
                    secureString.AppendChar(c);
                }

                RSACryptoServiceProvider lrsa = OpensslKey.DecodeEncryptedPrivateKeyInfo(key, secureString);

                if (lrsa == null)
                {
                    throw new DigitalSignException(5052, "5052", "La constraseña de los certificados proporcionada no es correcta.", null);
                }

                //validate Subject
                X509Certificate2 x509Certificate2 = new X509Certificate2(cer);

                if (!x509Certificate2.Subject.ToLower().Contains(rfc.ToLower()))
                {
                    throw new DigitalSignException(5053, "5053", "El certificado no corresponde con el RFC proporcionado.", null);
                }

                //matches cer and key
                char[] arrayOfChars = password.ToCharArray();
                AsymmetricKeyParameter privateKey = PrivateKeyFactory.DecryptKey(arrayOfChars, key);

                Org.BouncyCastle.X509.X509Certificate bouncyCastleCert = new Org.BouncyCastle.X509.X509Certificate(
                    new X509CertificateParser().ReadCertificate(x509Certificate2.GetRawCertData()).CertificateStructure);

                RsaKeyParameters publicKey = (RsaKeyParameters)bouncyCastleCert.GetPublicKey();
                byte[]           numArray  = new byte[256];
                new SecureRandom().NextBytes(numArray);
                var    signer    = new Signer();
                byte[] signature = signer.Sign(privateKey, numArray);
                var    isMatched = signer.VerifySignature(publicKey, numArray, signature);

                if (!isMatched)
                {
                    throw new DigitalSignException(5054, "5054", "El .CER no corresponde con el .KEY proporcionado.", null);
                }

                //validación de CSD / FIEL
                if (!
                    (KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.DigitalSignature) &&
                     KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.NonRepudiation) &&
                     !KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.DataEncipherment) &&
                     !KeyUsageHasUsage(x509Certificate2, X509KeyUsageFlags.KeyAgreement)
                    ))
                {
                    throw new DigitalSignException(5055, "5055", "El certificado proporcionado debe de ser un CSD válido (No debe de ser FIEL).", null);
                }

                return(true);
            }
            catch (DigitalSignException)
            {
                throw;
            }
            catch (Exception ex)
            {
                throw new DigitalSignException(109, "109", "El certificado proporcionado no es correcto.", ex);
            }
        }