/// <summary>
/// Creates a
/// <see cref="PrivateKeySignature"/>
/// instance.
/// </summary>
/// <param name="pk">
/// A
/// <see cref="Org.BouncyCastle.Crypto.ICipherParameters"/>
/// object.
/// </param>
/// <param name="hashAlgorithm">A hash algorithm (e.g. "SHA-1", "SHA-256",...).</param>
/// <param name="provider">A security provider (e.g. "BC").</param>
public PrivateKeySignature(ICipherParameters pk, String hashAlgorithm)
{
this.pk = pk;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
encryptionAlgorithm = pk.GetAlgorithm();
if (encryptionAlgorithm.StartsWith("EC"))
{
encryptionAlgorithm = "ECDSA";
}
}
/// <summary>Get RFC 3161 timeStampToken.</summary>
/// <remarks>
/// Get RFC 3161 timeStampToken.
/// Method may return null indicating that timestamp should be skipped.
/// </remarks>
/// <param name="imprint">data imprint to be time-stamped</param>
/// <returns>encoded, TSA signed data of the timeStampToken</returns>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Tsp.TSPException"/>
public virtual byte[] GetTimeStampToken(byte[] imprint)
{
byte[] respBytes = null;
// Setup the time stamp request
TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator();
tsqGenerator.SetCertReq(true);
if (tsaReqPolicy != null && tsaReqPolicy.Length > 0)
{
tsqGenerator.SetReqPolicy(tsaReqPolicy);
}
// tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1");
BigInteger nonce = BigInteger.ValueOf(SystemUtil.GetTimeBasedSeed());
TimeStampRequest request = tsqGenerator.Generate(new DerObjectIdentifier(DigestAlgorithms.GetAllowedDigest
(digestAlgorithm)), imprint, nonce);
byte[] requestBytes = request.GetEncoded();
// Call the communications layer
respBytes = GetTSAResponse(requestBytes);
// Handle the TSA response
TimeStampResponse response = new TimeStampResponse(respBytes);
// validate communication level attributes (RFC 3161 PKIStatus)
response.Validate(request);
PkiFailureInfo failure = response.GetFailInfo();
int value = (failure == null) ? 0 : failure.IntValue;
if (value != 0)
{
// @todo: Translate value of 15 error codes defined by PKIFailureInfo to string
throw new PdfException(PdfException.InvalidTsa1ResponseCode2).SetMessageParams(tsaURL, value.ToString());
}
// @todo: validate the time stap certificate chain (if we want
// assure we do not sign using an invalid timestamp).
// extract just the time stamp token (removes communication status info)
TimeStampToken tsToken = response.TimeStampToken;
if (tsToken == null)
{
throw new PdfException(PdfException.Tsa1FailedToReturnTimeStampToken2).SetMessageParams(tsaURL, response.GetStatusString
());
}
TimeStampTokenInfo tsTokenInfo = tsToken.TimeStampInfo;
// to view details
byte[] encoded = tsToken.GetEncoded();
LOGGER.Info("Timestamp generated: " + tsTokenInfo.GenTime);
if (tsaInfo != null)
{
tsaInfo.InspectTimeStampTokenInfo(tsTokenInfo);
}
// Update our token size estimate for the next call (padded to be safe)
this.tokenSizeEstimate = encoded.Length + 32;
return(encoded);
}
private AsymmetricAlgorithmSignature(AsymmetricAlgorithm algorithm, String hashAlgorithm)
{
this.algorithm = algorithm;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
if (algorithm is RSACryptoServiceProvider)
{
encryptionAlgorithm = "RSA";
}
#if !NETSTANDARD1_6
else if (algorithm is DSACryptoServiceProvider)
{
encryptionAlgorithm = "DSA";
}
#endif
else
{
throw new ArgumentException("Not supported encryption algorithm " + algorithm);
}
}
public virtual void ToSignaturePolicyIdentifierTest()
{
SignaturePolicyIdentifier actual = new SignaturePolicyInfo(POLICY_IDENTIFIER, POLICY_HASH, POLICY_DIGEST_ALGORITHM
, POLICY_URI).ToSignaturePolicyIdentifier();
DerIA5String deria5String = new DerIA5String(POLICY_URI);
SigPolicyQualifierInfo sigPolicyQualifierInfo = new SigPolicyQualifierInfo(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdSpqEtsUri
, deria5String);
DerOctetString derOctetString = new DerOctetString(POLICY_HASH);
String algId = DigestAlgorithms.GetAllowedDigest(POLICY_DIGEST_ALGORITHM);
DerObjectIdentifier asn1ObjectIdentifier = new DerObjectIdentifier(algId);
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(asn1ObjectIdentifier);
OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, derOctetString);
DerObjectIdentifier derObjectIdentifier = new DerObjectIdentifier(POLICY_IDENTIFIER);
DerObjectIdentifier derObjectIdentifierInstance = DerObjectIdentifier.GetInstance(derObjectIdentifier);
SignaturePolicyId signaturePolicyId = new SignaturePolicyId(derObjectIdentifierInstance, otherHashAlgAndValue
, SignUtils.CreateSigPolicyQualifiers(sigPolicyQualifierInfo));
SignaturePolicyIdentifier expected = new SignaturePolicyIdentifier(signaturePolicyId);
NUnit.Framework.Assert.AreEqual(expected.ToAsn1Object(), actual.ToAsn1Object());
}
internal virtual SignaturePolicyIdentifier ToSignaturePolicyIdentifier()
{
String algId = DigestAlgorithms.GetAllowedDigest(this.policyDigestAlgorithm);
if (algId == null || algId.Length == 0)
{
throw new ArgumentException("Invalid policy hash algorithm");
}
SignaturePolicyIdentifier signaturePolicyIdentifier = null;
SigPolicyQualifierInfo spqi = null;
if (this.policyUri != null && this.policyUri.Length > 0)
{
spqi = new SigPolicyQualifierInfo(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdSpqEtsUri, new DerIA5String
(this.policyUri));
}
signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(DerObjectIdentifier.GetInstance
(new DerObjectIdentifier(this.policyIdentifier.Replace("urn:oid:", ""))), new OtherHashAlgAndValue(new
AlgorithmIdentifier(new DerObjectIdentifier(algId)), new DerOctetString(this.policyHash)), SignUtils.CreateSigPolicyQualifiers
(spqi)));
return(signaturePolicyIdentifier);
}
/// <summary>
/// Creates a
/// <see cref="PrivateKeySignature"/>
/// instance.
/// </summary>
/// <param name="pk">
/// A
/// <see cref="Org.BouncyCastle.Crypto.ICipherParameters"/>
/// object.
/// </param>
/// <param name="hashAlgorithm">A hash algorithm (e.g. "SHA-1", "SHA-256",...).</param>
/// <param name="provider">A security provider (e.g. "BC").</param>
public PrivateKeySignature(ICipherParameters pk, String hashAlgorithm)
{
this.pk = pk;
this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm));
this.encryptionAlgorithm = SignUtils.GetPrivateKeyAlgorithm(pk);
}