/** * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes * in the signerInfo can also be set, OR a time-stamp-authority client * may be provided. * @param secondDigest the digest in the authenticatedAttributes * @param signingTime the signing time in the authenticatedAttributes * @param tsaClient TSAClient - null or an optional time stamp authority client * @return byte[] the bytes for the PKCS7SignedData object * @since 2.1.6 */ public byte[] GetEncodedPKCS7(byte[] secondDigest, DateTime signingTime, ITSAClient tsaClient, byte[] ocsp) { if (externalDigest != null) { digest = externalDigest; if (RSAdata != null) RSAdata = externalRSAdata; } else if (externalRSAdata != null && RSAdata != null) { RSAdata = externalRSAdata; sig.BlockUpdate(RSAdata, 0, RSAdata.Length); digest = sig.GenerateSignature(); } else { if (RSAdata != null) { RSAdata = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(RSAdata, 0); sig.BlockUpdate(RSAdata, 0, RSAdata.Length); } digest = sig.GenerateSignature(); } // Create the set of Hash algorithms Asn1EncodableVector digestAlgorithms = new Asn1EncodableVector(); foreach (string dal in digestalgos.Keys) { Asn1EncodableVector algos = new Asn1EncodableVector(); algos.Add(new DerObjectIdentifier(dal)); algos.Add(DerNull.Instance); digestAlgorithms.Add(new DerSequence(algos)); } // Create the contentInfo. Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_PKCS7_DATA)); if (RSAdata != null) v.Add(new DerTaggedObject(0, new DerOctetString(RSAdata))); DerSequence contentinfo = new DerSequence(v); // Get all the certificates // v = new Asn1EncodableVector(); foreach (X509Certificate xcert in certs) { Asn1InputStream tempstream = new Asn1InputStream(new MemoryStream(xcert.GetEncoded())); v.Add(tempstream.ReadObject()); } DerSet dercertificates = new DerSet(v); // Create signerinfo structure. // Asn1EncodableVector signerinfo = new Asn1EncodableVector(); // Add the signerInfo version // signerinfo.Add(new DerInteger(signerversion)); v = new Asn1EncodableVector(); v.Add(GetIssuer(signCert.GetTbsCertificate())); v.Add(new DerInteger(signCert.SerialNumber)); signerinfo.Add(new DerSequence(v)); // Add the digestAlgorithm v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(digestAlgorithm)); v.Add(DerNull.Instance); signerinfo.Add(new DerSequence(v)); // add the authenticated attribute if present if (secondDigest != null /*&& signingTime != null*/) { signerinfo.Add(new DerTaggedObject(false, 0, GetAuthenticatedAttributeSet(secondDigest, signingTime, ocsp))); } // Add the digestEncryptionAlgorithm v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(digestEncryptionAlgorithm)); v.Add(DerNull.Instance); signerinfo.Add(new DerSequence(v)); // Add the digest signerinfo.Add(new DerOctetString(digest)); // When requested, go get and add the timestamp. May throw an exception. // Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15 // Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest if (tsaClient != null) { byte[] tsImprint = new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(digest); byte[] tsToken = tsaClient.GetTimeStampToken(this, tsImprint); if (tsToken != null) { Asn1EncodableVector unauthAttributes = BuildUnauthenticatedAttributes(tsToken); if (unauthAttributes != null) { signerinfo.Add(new DerTaggedObject(false, 1, new DerSet(unauthAttributes))); } } } // Finally build the body out of all the components above Asn1EncodableVector body = new Asn1EncodableVector(); body.Add(new DerInteger(version)); body.Add(new DerSet(digestAlgorithms)); body.Add(contentinfo); body.Add(new DerTaggedObject(false, 0, dercertificates)); // if (crls.Count > 0) { // v = new Asn1EncodableVector(); // for (Iterator i = crls.Iterator();i.HasNext();) { // Asn1InputStream t = new Asn1InputStream(new ByteArrayInputStream((((X509CRL)i.Next()).GetEncoded()))); // v.Add(t.ReadObject()); // } // DERSet dercrls = new DERSet(v); // body.Add(new DERTaggedObject(false, 1, dercrls)); // } // Only allow one signerInfo body.Add(new DerSet(new DerSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // Asn1EncodableVector whole = new Asn1EncodableVector(); whole.Add(new DerObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.Add(new DerTaggedObject(0, new DerSequence(body))); MemoryStream bOut = new MemoryStream(); Asn1OutputStream dout = new Asn1OutputStream(bOut); dout.WriteObject(new DerSequence(whole)); dout.Close(); return bOut.ToArray(); }
/** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. * @param out stream the CMS object is to be written to. * @param signedContentType OID for data to be signed. * @param encapsulate true if data should be encapsulated. * @param dataOutputStream output stream to copy the data being signed to. */ public Stream Open( Stream outStream, string signedContentType, bool encapsulate, Stream dataOutputStream) { if (outStream == null) throw new ArgumentNullException("outStream"); if (!outStream.CanWrite) throw new ArgumentException("Expected writeable stream", "outStream"); if (dataOutputStream != null && !dataOutputStream.CanWrite) throw new ArgumentException("Expected writeable stream", "dataOutputStream"); _messageDigestsLocked = true; // // ContentInfo // BerSequenceGenerator sGen = new BerSequenceGenerator(outStream); sGen.AddObject(CmsObjectIdentifiers.SignedData); // // Signed Data // BerSequenceGenerator sigGen = new BerSequenceGenerator( sGen.GetRawOutputStream(), 0, true); sigGen.AddObject(CalculateVersion(signedContentType)); Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); foreach (string digestOid in _messageDigestOids) { digestAlgs.Add( new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); } { byte[] tmp = new DerSet(digestAlgs).GetEncoded(); sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); } BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(new DerObjectIdentifier(signedContentType)); // If encapsulating, add the data as an octet string in the sequence Stream encapStream = encapsulate ? CmsUtilities.CreateBerOctetOutputStream(eiGen.GetRawOutputStream(), 0, true, _bufferSize) : null; // Also send the data to 'dataOutputStream' if necessary Stream teeStream = GetSafeTeeOutputStream(dataOutputStream, encapStream); // Let all the digests see the data as it is written Stream digStream = AttachDigestsToOutputStream(_messageDigests.Values, teeStream); return new CmsSignedDataOutputStream(this, digStream, signedContentType, sGen, sigGen, eiGen); }
/** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. * @param out stream the CMS object is to be written to. * @param signedContentType OID for data to be signed. * @param encapsulate true if data should be encapsulated. * @param dataOutputStream output stream to copy the data being signed to. */ public Stream Open( Stream outStream, string signedContentType, bool encapsulate, Stream dataOutputStream) { if (outStream == null) throw new ArgumentNullException("outStream"); if (!outStream.CanWrite) throw new ArgumentException("Expected writeable stream", "outStream"); if (dataOutputStream != null && !dataOutputStream.CanWrite) throw new ArgumentException("Expected writeable stream", "dataOutputStream"); _messageDigestsLocked = true; // // ContentInfo // BerSequenceGenerator sGen = new BerSequenceGenerator(outStream); sGen.AddObject(CmsObjectIdentifiers.SignedData); // // Signed Data // BerSequenceGenerator sigGen = new BerSequenceGenerator( sGen.GetRawOutputStream(), 0, true); sigGen.AddObject(CalculateVersion(signedContentType)); Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); foreach (string digestOid in _messageDigestOids) { digestAlgs.Add( new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); } { byte[] tmp = new DerSet(digestAlgs).GetEncoded(); sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); } BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(new DerObjectIdentifier(signedContentType)); Stream digStream; if (encapsulate) { BerOctetStringGenerator octGen = new BerOctetStringGenerator( eiGen.GetRawOutputStream(), 0, true); digStream = octGen.GetOctetOutputStream(_bufferSize); if (dataOutputStream != null) { digStream = new TeeOutputStream(dataOutputStream, digStream); } } else { if (dataOutputStream != null) { digStream = dataOutputStream; } else { digStream = new NullOutputStream(); } } foreach (IDigest d in _messageDigests.Values) { digStream = new DigestStream(digStream, null, d); } return new CmsSignedDataOutputStream(this, digStream, signedContentType, sGen, sigGen, eiGen); }
internal virtual DerSet CreateDerSet( DefiniteLengthInputStream dIn) { return(DerSet.FromVector(BuildDerEncodableVector(dIn), false)); }
private Asn1Object CreateDERForRecipient(byte[] inp, X509Certificate cert) { String s = "1.2.840.113549.3.2"; byte[] outp = new byte[100]; DerObjectIdentifier derob = new DerObjectIdentifier(s); byte[] keyp = IVGenerator.GetIV(16); IBufferedCipher cf = CipherUtilities.GetCipher(derob); KeyParameter kp = new KeyParameter(keyp); byte[] iv = IVGenerator.GetIV(cf.GetBlockSize()); ParametersWithIV piv = new ParametersWithIV(kp, iv); cf.Init(true, piv); int len = cf.DoFinal(inp, outp, 0); byte[] abyte1 = new byte[len]; System.Array.Copy(outp, 0, abyte1, 0, len); DerOctetString deroctetstring = new DerOctetString(abyte1); KeyTransRecipientInfo keytransrecipientinfo = ComputeRecipientInfo(cert, keyp); DerSet derset = new DerSet(new RecipientInfo(keytransrecipientinfo)); Asn1EncodableVector ev = new Asn1EncodableVector(); ev.Add(new DerInteger(58)); ev.Add(new DerOctetString(iv)); DerSequence seq = new DerSequence(ev); AlgorithmIdentifier algorithmidentifier = new AlgorithmIdentifier(derob, seq); EncryptedContentInfo encryptedcontentinfo = new EncryptedContentInfo(PkcsObjectIdentifiers.Data, algorithmidentifier, deroctetstring); Asn1Set set = null; EnvelopedData env = new EnvelopedData(null, derset, encryptedcontentinfo, set); Org.BouncyCastle.Asn1.Cms.ContentInfo contentinfo = new Org.BouncyCastle.Asn1.Cms.ContentInfo(PkcsObjectIdentifiers.EnvelopedData, env); return contentinfo.ToAsn1Object(); }
/** * Replace the signerinformation store associated with this * CmsSignedData object with the new one passed in. You would * probably only want to do this if you wanted to change the unsigned * attributes associated with a signer, or perhaps delete one. * * @param signedData the signed data object to be used as a base. * @param signerInformationStore the new signer information store to use. * @return a new signed data object. */ public static CmsSignedData ReplaceSigners( CmsSignedData signedData, SignerInformationStore signerInformationStore) { // // copy // CmsSignedData cms = new CmsSignedData(signedData); // // replace the store // cms.signerInfoStore = signerInformationStore; // // replace the signers in the SignedData object // Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector vec = new Asn1EncodableVector(); foreach (SignerInformation signer in signerInformationStore.GetSigners()) { digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); vec.Add(signer.ToSignerInfo()); } Asn1Set digests = new DerSet(digestAlgs); Asn1Set signers = new DerSet(vec); Asn1Sequence sD = (Asn1Sequence)signedData.signedData.ToAsn1Object(); // // signers are the last item in the sequence. // vec = new Asn1EncodableVector( sD[0], // version digests); for (int i = 2; i != sD.Count - 1; i++) { vec.Add(sD[i]); } vec.Add(signers); cms.signedData = SignedData.GetInstance(new BerSequence(vec)); // // replace the contentInfo with the new one // cms.contentInfo = new ContentInfo(cms.contentInfo.ContentType, cms.signedData); return cms; }
/** * Return a signer information object with the passed in unsigned * attributes replacing the ones that are current associated with * the object passed in. * * @param signerInformation the signerInfo to be used as the basis. * @param unsignedAttributes the unsigned attributes to add. * @return a copy of the original SignerInformationObject with the changed attributes. */ public static SignerInformation ReplaceUnsignedAttributes( SignerInformation signerInformation, Asn1.Cms.AttributeTable unsignedAttributes) { SignerInfo sInfo = signerInformation.info; Asn1Set unsignedAttr = null; if (unsignedAttributes != null) { unsignedAttr = new DerSet(unsignedAttributes.ToAsn1EncodableVector()); } return new SignerInformation( new SignerInfo( sInfo.SignerID, sInfo.DigestAlgorithm, sInfo.AuthenticatedAttributes, sInfo.DigestEncryptionAlgorithm, sInfo.EncryptedDigest, unsignedAttr), signerInformation.contentType, signerInformation.content, null); }
/** * generate a signed object that for a CMS Signed Data * object - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. */ public Stream Open( Stream outStream, string signedContentType, bool encapsulate) { // // ContentInfo // BerSequenceGenerator sGen = new BerSequenceGenerator(outStream); sGen.AddObject(CmsObjectIdentifiers.SignedData); // // Signed Data // BerSequenceGenerator sigGen = new BerSequenceGenerator( sGen.GetRawOutputStream(), 0, true); sigGen.AddObject(CalculateVersion(signedContentType)); Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); // // add the precalculated SignerInfo digest algorithms. // foreach (SignerInformation signer in _signers) { digestAlgs.Add(FixAlgID(signer.DigestAlgorithmID)); } // // add the new digests // foreach (SignerInf signer in _signerInfs) { digestAlgs.Add(FixAlgID(signer.DigestAlgorithmID)); } { byte[] tmp = new DerSet(digestAlgs).GetEncoded(); sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); } BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(new DerObjectIdentifier(signedContentType)); Stream digStream; if (encapsulate) { BerOctetStringGenerator octGen = new BerOctetStringGenerator( eiGen.GetRawOutputStream(), 0, true); if (_bufferSize != 0) { digStream = octGen.GetOctetOutputStream(new byte[_bufferSize]); } else { digStream = octGen.GetOctetOutputStream(); } } else { digStream = new NullOutputStream(); } foreach (IDigest d in _messageDigests) { digStream = new DigestStream(digStream, null, d); } return new CmsSignedDataOutputStream(this, digStream, signedContentType, sGen, sigGen, eiGen); }
internal virtual DerSet CreateDerSet( DefiniteLengthInputStream dIn) { return(DerSet.FromVector(ReadVector(dIn), false)); }
internal virtual DerSet CreateDerSet(DefiniteLengthInputStream dIn) => DerSet.FromVector(this.BuildDerEncodableVector(dIn), false);
/// <summary> /// Generates PKCS#7 signature of specified data /// </summary> /// <param name="data">Data to be signed</param> /// <param name="detached">Flag indicating whether detached signature should be produced</param> /// <param name="signingCertificate">Signing certificate</param> /// <param name="certPath">Certification path for signing certificate</param> /// <returns>DER encoded PKCS#7 signature of specified data</returns> public byte[] GenerateSignature(byte[] data, bool detached, BCX509.X509Certificate signingCertificate, ICollection<BCX509.X509Certificate> certPath) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); string hashOid = GetHashOid(_hashAlgorihtm); IDigest hashGenerator = GetHashGenerator(_hashAlgorihtm); // Compute hash of input data byte[] dataHash = ComputeDigest(hashGenerator, data); // Construct SignerInfo.signedAttrs Asn1EncodableVector signedAttributesVector = new Asn1EncodableVector(); // Add PKCS#9 contentType signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(OID.PKCS9AtContentType), new DerSet(new DerObjectIdentifier(OID.PKCS7IdData)))); // Add PKCS#9 messageDigest signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(OID.PKCS9AtMessageDigest), new DerSet(new DerOctetString(dataHash)))); // Add PKCS#9 signingTime signed attribute signedAttributesVector.Add( new Org.BouncyCastle.Asn1.Cms.Attribute( new DerObjectIdentifier(OID.PKCS9AtSigningTime), new DerSet(new Org.BouncyCastle.Asn1.Cms.Time(new DerUtcTime(DateTime.UtcNow))))); DerSet signedAttributes = new DerSet(signedAttributesVector); // Sign SignerInfo.signedAttrs with PKCS#1 v1.5 RSA signature using private key stored on PKCS#11 compatible device byte[] pkcs1Digest = ComputeDigest(hashGenerator, signedAttributes.GetDerEncoded()); byte[] pkcs1DigestInfo = CreateDigestInfo(pkcs1Digest, hashOid); byte[] pkcs1Signature = null; using (Session session = _slot.OpenSession(true)) using (Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS)) pkcs1Signature = session.Sign(mechanism, _privateKeyHandle, pkcs1DigestInfo); // Construct SignerInfo SignerInfo signerInfo = new SignerInfo( new SignerIdentifier(new IssuerAndSerialNumber(signingCertificate.IssuerDN, signingCertificate.SerialNumber)), new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null), signedAttributes, new AlgorithmIdentifier(new DerObjectIdentifier(OID.PKCS1RsaEncryption), null), new DerOctetString(pkcs1Signature), null); // Construct SignedData.digestAlgorithms Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector(); digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier(hashOid), null)); // Construct SignedData.encapContentInfo ContentInfo encapContentInfo = new ContentInfo( new DerObjectIdentifier(OID.PKCS7IdData), (detached) ? null : new DerOctetString(data)); // Construct SignedData.certificates Asn1EncodableVector certificatesVector = new Asn1EncodableVector(); foreach (BCX509.X509Certificate cert in certPath) certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded()))); // Construct SignedData.signerInfos Asn1EncodableVector signerInfosVector = new Asn1EncodableVector(); signerInfosVector.Add(signerInfo.ToAsn1Object()); // Construct SignedData SignedData signedData = new SignedData( new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(certificatesVector), null, new DerSet(signerInfosVector)); // Construct top level ContentInfo ContentInfo contentInfo = new ContentInfo( new DerObjectIdentifier(OID.PKCS7IdSignedData), signedData); return contentInfo.GetDerEncoded(); }
/** * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes * in the signerInfo can also be set. If either of the parameters is <CODE>null</CODE>, none will be used. * @param secondDigest the digest in the authenticatedAttributes * @param signingTime the signing time in the authenticatedAttributes * @return the bytes for the PKCS7SignedData object */ public byte[] GetEncodedPKCS7(byte[] secondDigest, DateTime signingTime) { if (externalDigest != null) { digest = externalDigest; if (RSAdata != null) RSAdata = externalRSAdata; } else if (externalRSAdata != null && RSAdata != null) { RSAdata = externalRSAdata; sig.BlockUpdate(RSAdata, 0, RSAdata.Length); digest = sig.GenerateSignature(); } else { if (RSAdata != null) { RSAdata = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(RSAdata, 0); sig.BlockUpdate(RSAdata, 0, RSAdata.Length); } digest = sig.GenerateSignature(); } // Create the set of Hash algorithms Asn1EncodableVector digestAlgorithms = new Asn1EncodableVector(); foreach (string dal in digestalgos.Keys) { Asn1EncodableVector algos = new Asn1EncodableVector(); algos.Add(new DerObjectIdentifier(dal)); algos.Add(DerNull.Instance); digestAlgorithms.Add(new DerSequence(algos)); } // Create the contentInfo. Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_PKCS7_DATA)); if (RSAdata != null) v.Add(new DerTaggedObject(0, new DerOctetString(RSAdata))); DerSequence contentinfo = new DerSequence(v); // Get all the certificates // v = new Asn1EncodableVector(); foreach (X509Certificate xcert in certs) { Asn1InputStream tempstream = new Asn1InputStream(new MemoryStream(xcert.GetEncoded())); v.Add(tempstream.ReadObject()); } DerSet dercertificates = new DerSet(v); // Create signerinfo structure. // Asn1EncodableVector signerinfo = new Asn1EncodableVector(); // Add the signerInfo version // signerinfo.Add(new DerInteger(signerversion)); v = new Asn1EncodableVector(); v.Add(GetIssuer(signCert.GetTbsCertificate())); v.Add(new DerInteger(signCert.SerialNumber)); signerinfo.Add(new DerSequence(v)); // Add the digestAlgorithm v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(digestAlgorithm)); v.Add(DerNull.Instance); signerinfo.Add(new DerSequence(v)); // add the authenticated attribute if present if (secondDigest != null /*&& signingTime != null*/) { Asn1EncodableVector attribute = new Asn1EncodableVector(); v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_CONTENT_TYPE)); v.Add(new DerSet(new DerObjectIdentifier(ID_PKCS7_DATA))); attribute.Add(new DerSequence(v)); v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_SIGNING_TIME)); v.Add(new DerSet(new DerUtcTime(signingTime))); attribute.Add(new DerSequence(v)); v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_MESSAGE_DIGEST)); v.Add(new DerSet(new DerOctetString(secondDigest))); attribute.Add(new DerSequence(v)); signerinfo.Add(new DerTaggedObject(false, 0, new DerSet(attribute))); } // Add the digestEncryptionAlgorithm v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(digestEncryptionAlgorithm)); v.Add(DerNull.Instance); signerinfo.Add(new DerSequence(v)); // Add the digest signerinfo.Add(new DerOctetString(digest)); // Finally build the body out of all the components above Asn1EncodableVector body = new Asn1EncodableVector(); body.Add(new DerInteger(version)); body.Add(new DerSet(digestAlgorithms)); body.Add(contentinfo); body.Add(new DerTaggedObject(false, 0, dercertificates)); // if (crls.Count > 0) { // v = new Asn1EncodableVector(); // for (Iterator i = crls.Iterator();i.HasNext();) { // Asn1InputStream t = new Asn1InputStream(new ByteArrayInputStream((((X509CRL)i.Next()).GetEncoded()))); // v.Add(t.ReadObject()); // } // DERSet dercrls = new DERSet(v); // body.Add(new DERTaggedObject(false, 1, dercrls)); // } // Only allow one signerInfo body.Add(new DerSet(new DerSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // Asn1EncodableVector whole = new Asn1EncodableVector(); whole.Add(new DerObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.Add(new DerTaggedObject(0, new DerSequence(body))); MemoryStream bOut = new MemoryStream(); Asn1OutputStream dout = new Asn1OutputStream(bOut); dout.WriteObject(new DerSequence(whole)); dout.Close(); return bOut.ToArray(); }