/// <summary> /// Creates a /// <see cref="PrivateKeySignature"/> /// instance. /// </summary> /// <param name="pk"> /// A /// <see cref="Org.BouncyCastle.Crypto.ICipherParameters"/> /// object. /// </param> /// <param name="hashAlgorithm">A hash algorithm (e.g. "SHA-1", "SHA-256",...).</param> /// <param name="provider">A security provider (e.g. "BC").</param> public PrivateKeySignature(ICipherParameters pk, String hashAlgorithm) { this.pk = pk; this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm)); encryptionAlgorithm = pk.GetAlgorithm(); if (encryptionAlgorithm.StartsWith("EC")) { encryptionAlgorithm = "ECDSA"; } }
/// <summary>Get RFC 3161 timeStampToken.</summary> /// <remarks> /// Get RFC 3161 timeStampToken. /// Method may return null indicating that timestamp should be skipped. /// </remarks> /// <param name="imprint">data imprint to be time-stamped</param> /// <returns>encoded, TSA signed data of the timeStampToken</returns> /// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Tsp.TSPException"/> public virtual byte[] GetTimeStampToken(byte[] imprint) { byte[] respBytes = null; // Setup the time stamp request TimeStampRequestGenerator tsqGenerator = new TimeStampRequestGenerator(); tsqGenerator.SetCertReq(true); if (tsaReqPolicy != null && tsaReqPolicy.Length > 0) { tsqGenerator.SetReqPolicy(tsaReqPolicy); } // tsqGenerator.setReqPolicy("1.3.6.1.4.1.601.10.3.1"); BigInteger nonce = BigInteger.ValueOf(SystemUtil.GetTimeBasedSeed()); TimeStampRequest request = tsqGenerator.Generate(new DerObjectIdentifier(DigestAlgorithms.GetAllowedDigest (digestAlgorithm)), imprint, nonce); byte[] requestBytes = request.GetEncoded(); // Call the communications layer respBytes = GetTSAResponse(requestBytes); // Handle the TSA response TimeStampResponse response = new TimeStampResponse(respBytes); // validate communication level attributes (RFC 3161 PKIStatus) response.Validate(request); PkiFailureInfo failure = response.GetFailInfo(); int value = (failure == null) ? 0 : failure.IntValue; if (value != 0) { // @todo: Translate value of 15 error codes defined by PKIFailureInfo to string throw new PdfException(PdfException.InvalidTsa1ResponseCode2).SetMessageParams(tsaURL, value.ToString()); } // @todo: validate the time stap certificate chain (if we want // assure we do not sign using an invalid timestamp). // extract just the time stamp token (removes communication status info) TimeStampToken tsToken = response.TimeStampToken; if (tsToken == null) { throw new PdfException(PdfException.Tsa1FailedToReturnTimeStampToken2).SetMessageParams(tsaURL, response.GetStatusString ()); } TimeStampTokenInfo tsTokenInfo = tsToken.TimeStampInfo; // to view details byte[] encoded = tsToken.GetEncoded(); LOGGER.Info("Timestamp generated: " + tsTokenInfo.GenTime); if (tsaInfo != null) { tsaInfo.InspectTimeStampTokenInfo(tsTokenInfo); } // Update our token size estimate for the next call (padded to be safe) this.tokenSizeEstimate = encoded.Length + 32; return(encoded); }
private AsymmetricAlgorithmSignature(AsymmetricAlgorithm algorithm, String hashAlgorithm) { this.algorithm = algorithm; this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm)); if (algorithm is RSACryptoServiceProvider) { encryptionAlgorithm = "RSA"; } #if !NETSTANDARD1_6 else if (algorithm is DSACryptoServiceProvider) { encryptionAlgorithm = "DSA"; } #endif else { throw new ArgumentException("Not supported encryption algorithm " + algorithm); } }
public virtual void ToSignaturePolicyIdentifierTest() { SignaturePolicyIdentifier actual = new SignaturePolicyInfo(POLICY_IDENTIFIER, POLICY_HASH, POLICY_DIGEST_ALGORITHM , POLICY_URI).ToSignaturePolicyIdentifier(); DerIA5String deria5String = new DerIA5String(POLICY_URI); SigPolicyQualifierInfo sigPolicyQualifierInfo = new SigPolicyQualifierInfo(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdSpqEtsUri , deria5String); DerOctetString derOctetString = new DerOctetString(POLICY_HASH); String algId = DigestAlgorithms.GetAllowedDigest(POLICY_DIGEST_ALGORITHM); DerObjectIdentifier asn1ObjectIdentifier = new DerObjectIdentifier(algId); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(asn1ObjectIdentifier); OtherHashAlgAndValue otherHashAlgAndValue = new OtherHashAlgAndValue(algorithmIdentifier, derOctetString); DerObjectIdentifier derObjectIdentifier = new DerObjectIdentifier(POLICY_IDENTIFIER); DerObjectIdentifier derObjectIdentifierInstance = DerObjectIdentifier.GetInstance(derObjectIdentifier); SignaturePolicyId signaturePolicyId = new SignaturePolicyId(derObjectIdentifierInstance, otherHashAlgAndValue , SignUtils.CreateSigPolicyQualifiers(sigPolicyQualifierInfo)); SignaturePolicyIdentifier expected = new SignaturePolicyIdentifier(signaturePolicyId); NUnit.Framework.Assert.AreEqual(expected.ToAsn1Object(), actual.ToAsn1Object()); }
internal virtual SignaturePolicyIdentifier ToSignaturePolicyIdentifier() { String algId = DigestAlgorithms.GetAllowedDigest(this.policyDigestAlgorithm); if (algId == null || algId.Length == 0) { throw new ArgumentException("Invalid policy hash algorithm"); } SignaturePolicyIdentifier signaturePolicyIdentifier = null; SigPolicyQualifierInfo spqi = null; if (this.policyUri != null && this.policyUri.Length > 0) { spqi = new SigPolicyQualifierInfo(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdSpqEtsUri, new DerIA5String (this.policyUri)); } signaturePolicyIdentifier = new SignaturePolicyIdentifier(new SignaturePolicyId(DerObjectIdentifier.GetInstance (new DerObjectIdentifier(this.policyIdentifier.Replace("urn:oid:", ""))), new OtherHashAlgAndValue(new AlgorithmIdentifier(new DerObjectIdentifier(algId)), new DerOctetString(this.policyHash)), SignUtils.CreateSigPolicyQualifiers (spqi))); return(signaturePolicyIdentifier); }
/// <summary> /// Creates a /// <see cref="PrivateKeySignature"/> /// instance. /// </summary> /// <param name="pk"> /// A /// <see cref="Org.BouncyCastle.Crypto.ICipherParameters"/> /// object. /// </param> /// <param name="hashAlgorithm">A hash algorithm (e.g. "SHA-1", "SHA-256",...).</param> /// <param name="provider">A security provider (e.g. "BC").</param> public PrivateKeySignature(ICipherParameters pk, String hashAlgorithm) { this.pk = pk; this.hashAlgorithm = DigestAlgorithms.GetDigest(DigestAlgorithms.GetAllowedDigest(hashAlgorithm)); this.encryptionAlgorithm = SignUtils.GetPrivateKeyAlgorithm(pk); }