private void CoSign(CmsSigner signer, bool silent)
{
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
try {
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
try {
// Marshal to unmanaged memory.
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
// Add the signature.
if (!CAPI.CryptMsgControl(m_safeCryptMsgHandle,
0,
CAPI.CMSG_CTRL_ADD_SIGNER,
pSignerEncodeInfo.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
}
}
finally {
// and don't forget to dispose of resources allocated for the structure.
signerEncodeInfo.Dispose();
}
// Finally, add certs to bag of certs.
PkcsUtils.AddCertsToMessage(m_safeCryptMsgHandle, Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
private static System.Security.Cryptography.SafeCryptMsgHandle OpenToDecode(byte[] encodedMessage, System.Security.Cryptography.Pkcs.ContentInfo contentInfo, bool detached)
{
System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = System.Security.Cryptography.CAPI.CAPISafe.CryptMsgOpenToDecode(0x10001, detached ? 4 : 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if ((hCryptMsg == null) || hCryptMsg.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (!System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, encodedMessage, (uint)encodedMessage.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (2 != PkcsUtils.GetMessageType(hCryptMsg))
{
throw new CryptographicException(-2146889724);
}
if (detached)
{
byte[] content = contentInfo.Content;
if (((content != null) && (content.Length > 0)) && !System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, content, (uint)content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
return(hCryptMsg);
}
internal void Reset(SubjectIdentifierType type, object value)
{
switch (type)
{
case SubjectIdentifierType.Unknown:
case SubjectIdentifierType.NoSignature:
break;
case SubjectIdentifierType.IssuerAndSerialNumber:
if (value.GetType() != typeof(X509IssuerSerial))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString());
}
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
if (!PkcsUtils.CmsSupported())
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported"));
}
if (value.GetType() != typeof(string))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type_Value_Mismatch"), value.GetType().ToString());
}
break;
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), type.ToString());
}
this.m_type = type;
this.m_value = value;
}
private unsafe void CounterSign(CmsSigner signer)
{
// Sanity check.
Debug.Assert(signer != null);
//
CspParameters parameters = new CspParameters();
if (X509Utils.GetPrivateKeyInfo(X509Utils.GetCertContext(signer.Certificate), ref parameters) == false)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission kp = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry entry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Sign);
kp.AccessEntries.Add(entry);
kp.Demand();
// Get the signer's index.
uint index = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0);
// Create CMSG_SIGNER_ENCODE_INFO structure.
SafeLocalAllocHandle pSignerEncodeInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(Marshal.SizeOf(typeof(CAPI.CMSG_SIGNER_ENCODE_INFO))));
CAPI.CMSG_SIGNER_ENCODE_INFO signerEncodeInfo = PkcsUtils.CreateSignerEncodeInfo(signer);
try {
// Marshal to unmanaged memory.
Marshal.StructureToPtr(signerEncodeInfo, pSignerEncodeInfo.DangerousGetHandle(), false);
// Counter sign.
if (!CAPI.CryptMsgCountersign(m_signedCms.GetCryptMsgHandle(),
index,
1,
pSignerEncodeInfo.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
// CAPI requires that the messge be re-encoded if any unauthenticated
// attribute has been added. So, let's re-open it to decode to work
// around this limitation.
m_signedCms.ReopenToDecode();
}
finally {
Marshal.DestroyStructure(pSignerEncodeInfo.DangerousGetHandle(), typeof(CAPI.CMSG_SIGNER_ENCODE_INFO));
pSignerEncodeInfo.Dispose();
// and don't forget to dispose of resources allocated for the structure.
signerEncodeInfo.Dispose();
}
// Finally, add certs to bag of certs.
PkcsUtils.AddCertsToMessage(m_signedCms.GetCryptMsgHandle(), m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
return;
}
private void CounterSign(CmsSigner signer)
{
CspParameters parameters = new CspParameters();
if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
uint dwIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0);
System.Security.Cryptography.SafeLocalAllocHandle handle = System.Security.Cryptography.CAPI.LocalAlloc(0x40, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))));
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer);
try
{
Marshal.StructureToPtr(structure, handle.DangerousGetHandle(), false);
if (!System.Security.Cryptography.CAPI.CryptMsgCountersign(this.m_signedCms.GetCryptMsgHandle(), dwIndex, 1, handle.DangerousGetHandle()))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
this.m_signedCms.ReopenToDecode();
}
finally
{
Marshal.DestroyStructure(handle.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO));
handle.Dispose();
structure.Dispose();
}
PkcsUtils.AddCertsToMessage(this.m_signedCms.GetCryptMsgHandle(), this.m_signedCms.Certificates, PkcsUtils.CreateBagOfCertificates(signer));
}
//
// Private methods.
//
private void Reset(SubjectIdentifierType recipientIdentifierType, X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
switch (recipientIdentifierType)
{
case SubjectIdentifierType.Unknown:
recipientIdentifierType = SubjectIdentifierType.IssuerAndSerialNumber;
break;
case SubjectIdentifierType.IssuerAndSerialNumber:
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
if (!PkcsUtils.CmsSupported())
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Not_Supported"));
}
break;
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), recipientIdentifierType.ToString());
}
m_recipientIdentifierType = recipientIdentifierType;
m_certificate = certificate;
}
private unsafe void Sign(CmsSigner signer, bool silent)
{
System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = null;
System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO cmsg_signed_encode_info = new System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNED_ENCODE_INFO)));
System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO structure = PkcsUtils.CreateSignerEncodeInfo(signer, silent);
byte[] encodedMessage = null;
try
{
System.Security.Cryptography.SafeLocalAllocHandle handle2 = System.Security.Cryptography.CAPI.LocalAlloc(0, new IntPtr(Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO))));
try
{
Marshal.StructureToPtr(structure, handle2.DangerousGetHandle(), false);
X509Certificate2Collection certificates = PkcsUtils.CreateBagOfCertificates(signer);
System.Security.Cryptography.SafeLocalAllocHandle handle3 = PkcsUtils.CreateEncodedCertBlob(certificates);
cmsg_signed_encode_info.cSigners = 1;
cmsg_signed_encode_info.rgSigners = handle2.DangerousGetHandle();
cmsg_signed_encode_info.cCertEncoded = (uint)certificates.Count;
if (certificates.Count > 0)
{
cmsg_signed_encode_info.rgCertEncoded = handle3.DangerousGetHandle();
}
if (string.Compare(this.ContentInfo.ContentType.Value, "1.2.840.113549.1.7.1", StringComparison.OrdinalIgnoreCase) == 0)
{
hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), IntPtr.Zero, IntPtr.Zero);
}
else
{
hCryptMsg = System.Security.Cryptography.CAPI.CryptMsgOpenToEncode(0x10001, this.Detached ? 4 : 0, 2, new IntPtr((void *)&cmsg_signed_encode_info), this.ContentInfo.ContentType.Value, IntPtr.Zero);
}
if ((hCryptMsg == null) || hCryptMsg.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if ((this.ContentInfo.Content.Length > 0) && !System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, this.ContentInfo.pContent, (uint)this.ContentInfo.Content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
encodedMessage = PkcsUtils.GetContent(hCryptMsg);
hCryptMsg.Dispose();
handle3.Dispose();
}
finally
{
Marshal.DestroyStructure(handle2.DangerousGetHandle(), typeof(System.Security.Cryptography.CAPI.CMSG_SIGNER_ENCODE_INFO));
handle2.Dispose();
}
}
finally
{
structure.Dispose();
}
hCryptMsg = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = hCryptMsg;
GC.KeepAlive(signer);
}
public void RemoveSignature(SignerInfo signerInfo)
{
if (signerInfo == null)
{
throw new ArgumentNullException("signerInfo");
}
this.RemoveSignature(PkcsUtils.GetSignerIndex(this.m_safeCryptMsgHandle, signerInfo, 0));
}
private static byte[] Encode(string documentDescription)
{
if (string.IsNullOrEmpty(documentDescription))
{
throw new ArgumentNullException("documentDescription");
}
return(PkcsUtils.EncodeOctetString(documentDescription));
}
public void RemoveCounterSignature(int index)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), index);
}
public byte[] Encode()
{
if ((this.m_safeCryptMsgHandle == null) || this.m_safeCryptMsgHandle.IsInvalid)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_MessageNotSigned"));
}
return(PkcsUtils.GetMessage(this.m_safeCryptMsgHandle));
}
internal void ReopenToDecode()
{
byte[] message = PkcsUtils.GetMessage(this.m_safeCryptMsgHandle);
if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = OpenToDecode(message, this.ContentInfo, this.Detached);
}
internal void ReopenToDecode()
{
byte[] encodedMessage = PkcsUtils.GetMessage(m_safeCryptMsgHandle);
if (m_safeCryptMsgHandle != null && !m_safeCryptMsgHandle.IsInvalid)
{
m_safeCryptMsgHandle.Dispose();
}
m_safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
}
public void RemoveCounterSignature(int index)
{
// We only support one level of counter signing.
if (m_parentSignerInfo != null)
{
throw new CryptographicException(CAPI.E_NOTIMPL);
}
RemoveCounterSignature(PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0), index);
return;
}
public void RemoveCounterSignature(SignerInfo counterSignerInfo)
{
// We only support one level of counter signing.
if (m_parentSignerInfo != null)
{
throw new CryptographicException(CAPI.E_NOTIMPL);
}
if (counterSignerInfo == null)
{
throw new ArgumentNullException("counterSignerInfo");
}
foreach (CryptographicAttributeObject attribute in UnsignedAttributes)
{
if (String.Compare(attribute.Oid.Value, CAPI.szOID_RSA_counterSign, StringComparison.OrdinalIgnoreCase) == 0)
{
for (int index = 0; index < attribute.Values.Count; index++)
{
AsnEncodedData encodedCounterSignature = (AsnEncodedData)attribute.Values[index];
SignerInfo counterSignerInfo2 = new SignerInfo(m_signedCms, m_parentSignerInfo, encodedCounterSignature.RawData);
if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) &&
(counterSignerInfo2.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber))
{
X509IssuerSerial issuerSerial1 = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value;
X509IssuerSerial issuerSerial2 = (X509IssuerSerial)counterSignerInfo2.SignerIdentifier.Value;
if ((String.Compare(issuerSerial1.IssuerName, issuerSerial2.IssuerName, StringComparison.OrdinalIgnoreCase) == 0) &&
(String.Compare(issuerSerial1.SerialNumber, issuerSerial2.SerialNumber, StringComparison.OrdinalIgnoreCase) == 0))
{
RemoveCounterSignature(PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0), index);
return;
}
}
else if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier) &&
(counterSignerInfo2.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier))
{
string keyIdentifier1 = counterSignerInfo.SignerIdentifier.Value as string;
string keyIdentifier2 = counterSignerInfo2.SignerIdentifier.Value as string;
if (String.Compare(keyIdentifier1, keyIdentifier2, StringComparison.OrdinalIgnoreCase) == 0)
{
RemoveCounterSignature(PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0), index);
return;
}
}
}
}
}
throw new CryptographicException(CAPI.CRYPT_E_SIGNER_NOT_FOUND);
}
private void Decode()
{
if ((base.RawData.Length < 2) || (base.RawData[1] != (base.RawData.Length - 2)))
{
throw new CryptographicException(-2146885630);
}
if (base.RawData[0] != 6)
{
throw new CryptographicException(-2146881269);
}
this.m_contentType = new Oid(PkcsUtils.DecodeObjectIdentifier(base.RawData, 2));
this.m_decoded = true;
}
public void ComputeSignature(CmsSigner signer, bool silent)
{
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (this.ContentInfo.Content.Length == 0)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_Empty_Content"));
}
if (SubjectIdentifierType.NoSignature == signer.SignerIdentifierType)
{
if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Sign_No_Signature_First_Signer"));
}
this.Sign(signer, silent);
}
else
{
if (signer.Certificate == null)
{
if (silent)
{
throw new InvalidOperationException(SecurityResources.GetResourceString("Cryptography_Cms_RecipientCertificateNotFound"));
}
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
{
throw new CryptographicException(-2146893811);
}
CspParameters parameters = new CspParameters();
if (!System.Security.Cryptography.X509Certificates.X509Utils.GetPrivateKeyInfo(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(signer.Certificate), ref parameters))
{
throw new CryptographicException(SafeGetLastWin32Error());
}
KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags);
KeyContainerPermissionAccessEntry accessEntry = new KeyContainerPermissionAccessEntry(parameters, KeyContainerPermissionFlags.Sign | KeyContainerPermissionFlags.Open);
permission.AccessEntries.Add(accessEntry);
permission.Demand();
if ((this.m_safeCryptMsgHandle == null) || this.m_safeCryptMsgHandle.IsInvalid)
{
this.Sign(signer, silent);
}
else
{
this.CoSign(signer, silent);
}
}
}
public unsafe void CheckHash()
{
int size = Marshal.SizeOf(typeof(System.Security.Cryptography.CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA));
System.Security.Cryptography.CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA cmsg_ctrl_verify_signature_ex_para = new System.Security.Cryptography.CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(size)
{
dwSignerType = 4,
dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0)
};
if (!System.Security.Cryptography.CAPI.CryptMsgControl(this.m_signedCms.GetCryptMsgHandle(), 0, 0x13, new IntPtr((void *)&cmsg_ctrl_verify_signature_ex_para)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
public static Oid GetContentType(byte[] encodedMessage)
{
Oid oid;
if (encodedMessage == null)
{
throw new ArgumentNullException("encodedMessage");
}
System.Security.Cryptography.SafeCryptMsgHandle hCryptMsg = System.Security.Cryptography.CAPI.CAPISafe.CryptMsgOpenToDecode(0x10001, 0, 0, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero);
if ((hCryptMsg == null) || hCryptMsg.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
if (!System.Security.Cryptography.CAPI.CAPISafe.CryptMsgUpdate(hCryptMsg, encodedMessage, (uint)encodedMessage.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
switch (PkcsUtils.GetMessageType(hCryptMsg))
{
case 1:
oid = new Oid("1.2.840.113549.1.7.1");
break;
case 2:
oid = new Oid("1.2.840.113549.1.7.2");
break;
case 3:
oid = new Oid("1.2.840.113549.1.7.3");
break;
case 4:
oid = new Oid("1.2.840.113549.1.7.4");
break;
case 5:
oid = new Oid("1.2.840.113549.1.7.5");
break;
case 6:
oid = new Oid("1.2.840.113549.1.7.6");
break;
default:
throw new CryptographicException(-2146889724);
}
hCryptMsg.Dispose();
return(oid);
}
//
// Private methods.
//
private void Decode()
{
if ((RawData.Length < 2) || ((uint)RawData[1] != (uint)(RawData.Length - 2)))
{
throw new CryptographicException(CAPI.CRYPT_E_BAD_ENCODE);
}
if (RawData[0] != CAPI.ASN_TAG_OBJID)
{
throw new CryptographicException(CAPI.CRYPT_E_ASN1_BADTAG);
}
m_contentType = new Oid(PkcsUtils.DecodeObjectIdentifier(RawData, 2));
m_decoded = true;
}
public void RemoveCounterSignature(SignerInfo counterSignerInfo)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
if (counterSignerInfo == null)
{
throw new ArgumentNullException("counterSignerInfo");
}
CryptographicAttributeObjectEnumerator enumerator = this.UnsignedAttributes.GetEnumerator();
while (enumerator.MoveNext())
{
CryptographicAttributeObject current = enumerator.Current;
if (string.Compare(current.Oid.Value, "1.2.840.113549.1.9.6", StringComparison.OrdinalIgnoreCase) == 0)
{
for (int i = 0; i < current.Values.Count; i++)
{
AsnEncodedData data = current.Values[i];
SignerInfo info = new SignerInfo(this.m_signedCms, this.m_parentSignerInfo, data.RawData);
if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber) && (info.SignerIdentifier.Type == SubjectIdentifierType.IssuerAndSerialNumber))
{
X509IssuerSerial serial = (X509IssuerSerial)counterSignerInfo.SignerIdentifier.Value;
X509IssuerSerial serial2 = (X509IssuerSerial)info.SignerIdentifier.Value;
if ((string.Compare(serial.IssuerName, serial2.IssuerName, StringComparison.OrdinalIgnoreCase) != 0) || (string.Compare(serial.SerialNumber, serial2.SerialNumber, StringComparison.OrdinalIgnoreCase) != 0))
{
continue;
}
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), i);
return;
}
if ((counterSignerInfo.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier) && (info.SignerIdentifier.Type == SubjectIdentifierType.SubjectKeyIdentifier))
{
string strA = counterSignerInfo.SignerIdentifier.Value as string;
string strB = info.SignerIdentifier.Value as string;
if (string.Compare(strA, strB, StringComparison.OrdinalIgnoreCase) == 0)
{
this.RemoveCounterSignature(PkcsUtils.GetSignerIndex(this.m_signedCms.GetCryptMsgHandle(), this, 0), i);
return;
}
}
}
}
}
throw new CryptographicException(-2146889714);
}
private static SafeCryptMsgHandle OpenToDecode(byte[] encodedMessage,
ContentInfo contentInfo,
bool detached)
{
// Open the message for decode.
SafeCryptMsgHandle safeCryptMsgHandle = CAPI.CAPISafe.CryptMsgOpenToDecode(
CAPI.X509_ASN_ENCODING | CAPI.PKCS_7_ASN_ENCODING,
detached ? CAPI.CMSG_DETACHED_FLAG : 0,
0,
IntPtr.Zero,
IntPtr.Zero,
IntPtr.Zero);
if (safeCryptMsgHandle == null || safeCryptMsgHandle.IsInvalid)
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
// ---- the message.
if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, encodedMessage, (uint)encodedMessage.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
// Make sure this is PKCS7 SignedData type.
if (CAPI.CMSG_SIGNED != PkcsUtils.GetMessageType(safeCryptMsgHandle))
{
throw new CryptographicException(CAPI.CRYPT_E_INVALID_MSG_TYPE);
}
// If detached, then update message with content if available.
if (detached)
{
byte[] content = contentInfo.Content;
if (content != null && content.Length > 0)
{
if (!CAPI.CAPISafe.CryptMsgUpdate(safeCryptMsgHandle, content, (uint)content.Length, true))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
}
return(safeCryptMsgHandle);
}
public void CheckSignature(X509Certificate2Collection extraStore, bool verifySignatureOnly)
{
if (extraStore == null)
{
throw new ArgumentNullException("extraStore");
}
X509Certificate2 certificate = this.Certificate;
if (certificate == null)
{
certificate = PkcsUtils.FindCertificate(this.SignerIdentifier, extraStore);
if (certificate == null)
{
throw new CryptographicException(-2146889714);
}
}
this.Verify(extraStore, certificate, verifySignatureOnly);
}
public void CheckHash()
{
int cvseSize = Marshal.SizeOf(typeof(CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA));
CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA cvse = new CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA(cvseSize);
cvse.dwSignerType = CAPI.CMSG_VERIFY_SIGNER_NULL;
cvse.dwSignerIndex = (uint)PkcsUtils.GetSignerIndex(m_signedCms.GetCryptMsgHandle(), this, 0);
unsafe {
if (!CAPI.CryptMsgControl(m_signedCms.GetCryptMsgHandle(),
0,
CAPI.CMSG_CTRL_VERIFY_SIGNATURE_EX,
new IntPtr(&cvse)))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
}
}
public void Decode(byte[] encodedMessage)
{
if (encodedMessage == null)
{
throw new ArgumentNullException("encodedMessage");
}
if ((this.m_safeCryptMsgHandle != null) && !this.m_safeCryptMsgHandle.IsInvalid)
{
this.m_safeCryptMsgHandle.Dispose();
}
this.m_safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if (!this.Detached)
{
Oid contentType = PkcsUtils.GetContentType(this.m_safeCryptMsgHandle);
byte[] content = PkcsUtils.GetContent(this.m_safeCryptMsgHandle);
this.m_contentInfo = new System.Security.Cryptography.Pkcs.ContentInfo(contentType, content);
}
}
internal SubjectIdentifierOrKey(CAPI.CERT_ID certId)
{
switch (certId.dwIdChoice)
{
case CAPI.CERT_ID_ISSUER_SERIAL_NUMBER:
X509IssuerSerial issuerSerial = PkcsUtils.DecodeIssuerSerial(certId.Value.IssuerSerialNumber);
Reset(SubjectIdentifierOrKeyType.IssuerAndSerialNumber, issuerSerial);
break;
case CAPI.CERT_ID_KEY_IDENTIFIER:
byte[] ski = new byte[certId.Value.KeyId.cbData];
Marshal.Copy(certId.Value.KeyId.pbData, ski, 0, ski.Length);
Reset(SubjectIdentifierOrKeyType.SubjectKeyIdentifier, X509Utils.EncodeHexString(ski));
break;
default:
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), certId.dwIdChoice.ToString(CultureInfo.InvariantCulture));
}
}
public void Decode(byte[] encodedMessage)
{
if (encodedMessage == null)
{
throw new ArgumentNullException("encodedMessage");
}
if (m_safeCryptMsgHandle != null && !m_safeCryptMsgHandle.IsInvalid)
{
m_safeCryptMsgHandle.Dispose();
}
m_safeCryptMsgHandle = OpenToDecode(encodedMessage, this.ContentInfo, this.Detached);
if (!this.Detached)
{
Oid contentType = PkcsUtils.GetContentType(m_safeCryptMsgHandle);
byte[] content = PkcsUtils.GetContent(m_safeCryptMsgHandle);
m_contentInfo = new ContentInfo(contentType, content);
}
}
public void CheckSignature(X509Certificate2Collection extraStore, bool verifySignatureOnly)
{
if (extraStore == null)
{
throw new ArgumentNullException("extraStore");
}
X509Certificate2 certificate = this.Certificate;
if (certificate == null)
{
certificate = PkcsUtils.FindCertificate(SignerIdentifier, extraStore);
if (certificate == null)
{
throw new CryptographicException(CAPI.CRYPT_E_SIGNER_NOT_FOUND);
}
}
Verify(extraStore, certificate, verifySignatureOnly);
}
public void ComputeCounterSignature(CmsSigner signer)
{
if (this.m_parentSignerInfo != null)
{
throw new CryptographicException(-2147483647);
}
if (signer == null)
{
throw new ArgumentNullException("signer");
}
if (signer.Certificate == null)
{
signer.Certificate = PkcsUtils.SelectSignerCertificate();
}
if (!signer.Certificate.HasPrivateKey)
{
throw new CryptographicException(-2146893811);
}
this.CounterSign(signer);
}
internal SubjectIdentifier(System.Security.Cryptography.CAPI.CERT_ID certId)
{
switch (certId.dwIdChoice)
{
case 1:
{
X509IssuerSerial serial = PkcsUtils.DecodeIssuerSerial(certId.Value.IssuerSerialNumber);
this.Reset(SubjectIdentifierType.IssuerAndSerialNumber, serial);
return;
}
case 2:
{
byte[] destination = new byte[certId.Value.KeyId.cbData];
Marshal.Copy(certId.Value.KeyId.pbData, destination, 0, destination.Length);
this.Reset(SubjectIdentifierType.SubjectKeyIdentifier, System.Security.Cryptography.X509Certificates.X509Utils.EncodeHexString(destination));
return;
}
}
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Cms_Invalid_Subject_Identifier_Type"), certId.dwIdChoice.ToString(CultureInfo.InvariantCulture));
}
