public static string SignCmsGost2012(string data, string tlsNumber, int pin, byte[] rawCertificate, byte[] key) { var requestBytes = Encoding.UTF8.GetBytes(data); var typedData = new CmsProcessableByteArray(requestBytes); var gen = new CmsSignedDataGenerator(); var signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(); var attrs = GetSigningParameters(tlsNumber, pin); var parameters = new DefaultSignedAttributeTableGenerator(attrs); signerInfoGeneratorBuilder.WithSignedAttributeGenerator(parameters); var factory = new Asn1SignatureFactory(SingingAlgorithm, GetKey(key)); var bcCertificate = GetBankCertificate(rawCertificate); gen.AddSignerInfoGenerator(signerInfoGeneratorBuilder.Build(factory, bcCertificate)); gen.AddCertificates(MakeCertStore(bcCertificate)); var signed = gen.Generate(typedData, false); var signedBytes = signed.GetEncoded(); return(Convert.ToBase64String(signedBytes)); }
private static byte[] SignData(byte[] data, Pkcs12Store signCertificate, DateTime? requestTimestamp = null) { var signCertAlias = signCertificate.Aliases.Cast<string>().First(signCertificate.IsKeyEntry); var signCertEntry = signCertificate.GetCertificate(signCertAlias); var signCert = signCertEntry.Certificate; var signPkEntry = signCertificate.GetKey(signCertAlias); var signPk = signPkEntry.Key; string digestName; if (signCert.SigAlgOid == PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id) { digestName = "SHA1"; } else if (signCert.SigAlgOid == PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id) { digestName = "SHA256"; } else { throw new ExtraException($"Unsupported digest algorithm {signCert.SigAlgName}"); } var digestOid = DigestUtilities.GetObjectIdentifier(digestName).Id; var digest = DigestUtilities.CalculateDigest(digestName, data); var signedAttrs = new Dictionary<object, object>() { { CmsAttributeTableParameter.Digest, digest } }; if (requestTimestamp.HasValue) { var signTimestamp = new Org.BouncyCastle.Asn1.Cms.Attribute(CmsAttributes.SigningTime, new DerSet(new Time(requestTimestamp.Value.ToUniversalTime()))); signedAttrs.Add(signTimestamp.AttrType, signTimestamp); } var signedAttrGen = new DefaultSignedAttributeTableGenerator(); var signedAttrTable = signedAttrGen.GetAttributes(signedAttrs); var generator = new CmsSignedDataGenerator(); generator.AddSigner(signPk, signCert, digestOid, new DefaultSignedAttributeTableGenerator(signedAttrTable), null); var signedData = generator.Generate(new CmsProcessableByteArray(data), true); return signedData.GetEncoded(); }
/// <exception cref="System.IO.IOException"></exception> //private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ContentSigner contentSigner // , DigestCalculatorProvider digestCalculatorProvider, SignatureParameters parameters // , CAdESProfileBES cadesProfile, bool includeUnsignedAttributes, CmsSignedData originalSignedData // ) private CmsSignedDataGenerator CreateCMSSignedDataGenerator(ISigner signer , SignatureParameters parameters, CAdESProfileBES cadesProfile , bool includeUnsignedAttributes, CmsSignedData originalSignedData ) { try { CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); X509Certificate signerCertificate = parameters.SigningCertificate; //X509CertificateHolder certHolder = new X509CertificateHolder(signerCertificate.GetEncoded()); ArrayList certList = new ArrayList(); certList.Add(signerCertificate); IX509Store certHolder = X509StoreFactory.Create("CERTIFICATE/COLLECTION", new X509CollectionStoreParameters(certList)); //jbonilla - El provider siempre es BC C# //SignerInfoGeneratorBuilder sigInfoGeneratorBuilder = new SignerInfoGeneratorBuilder // (digestCalculatorProvider); CmsAttributeTableGenerator signedAttrGen = new DefaultSignedAttributeTableGenerator (new AttributeTable(cadesProfile.GetSignedAttributes(parameters))); CmsAttributeTableGenerator unsignedAttrGen = new SimpleAttributeTableGenerator ((includeUnsignedAttributes) ? new AttributeTable(cadesProfile.GetUnsignedAttributes (parameters)) : null); //jbonilla - No existe ContentSigner en BC C# //SignerInfoGenerator sigInfoGen = sigInfoGeneratorBuilder.Build(contentSigner, certHolder); //generator.AddSignerInfoGenerator(sigInfoGen); generator.SignerProvider = signer; generator.AddSigner(new NullPrivateKey(), signerCertificate, parameters.SignatureAlgorithm.GetOid() , parameters.DigestAlgorithm.GetOid(), signedAttrGen, unsignedAttrGen); if (originalSignedData != null) { generator.AddSigners(originalSignedData.GetSignerInfos()); } //ICollection<X509Certificate> certs = new AList<X509Certificate>(); IList certs = new ArrayList(); //certs.AddItem(parameters.SigningCertificate); certs.Add(parameters.SigningCertificate); if (parameters.CertificateChain != null) { foreach (X509Certificate c in parameters.CertificateChain) { if (!c.SubjectDN.Equals(parameters.SigningCertificate.SubjectDN)) { //certs.AddItem(c); certs.Add(c); } } } //JcaCertStore certStore = new JcaCertStore(certs); IX509Store certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certs)); generator.AddCertificates(certStore); if (originalSignedData != null) { generator.AddCertificates(originalSignedData.GetCertificates("Collection")); } return generator; } catch (CmsException e) { throw new IOException("CmsException", e); } catch (CertificateEncodingException e) { throw new IOException("CertificateEncodingException", e); } /*catch (OperatorCreationException e) { throw new IOException(e); }*/ }