2 // System.Security.Cryptography.Pkcs.SignedCms class
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Security.Cryptography.X509Certificates;
33 using System.Security.Cryptography.Xml;
37 using Mono.Security.X509;
39 namespace System.Security.Cryptography.Pkcs {
41 public sealed class SignedCms {
43 private ContentInfo _content;
44 private bool _detached;
45 private SignerInfoCollection _info;
46 private X509Certificate2Collection _certs;
47 private SubjectIdentifierType _type;
54 _certs = new X509Certificate2Collection ();
55 _info = new SignerInfoCollection ();
58 public SignedCms (ContentInfo content)
59 : this (content, false)
63 public SignedCms (ContentInfo content, bool detached)
67 throw new ArgumentNullException ("content");
73 public SignedCms (SubjectIdentifierType signerIdentifierType) : this ()
75 _type = signerIdentifierType;
78 public SignedCms (SubjectIdentifierType signerIdentifierType, ContentInfo content)
79 : this (content, false)
81 _type = signerIdentifierType;
84 public SignedCms (SubjectIdentifierType signerIdentifierType, ContentInfo content, bool detached)
85 : this (content, detached)
87 _type = signerIdentifierType;
92 public X509Certificate2Collection Certificates {
93 get { return _certs; }
96 public ContentInfo ContentInfo {
98 if (_content == null) {
99 Oid oid = new Oid (PKCS7.Oid.data);
100 _content = new ContentInfo (oid, new byte [0]);
106 public bool Detached {
107 get { return _detached; }
110 public SignerInfoCollection SignerInfos {
111 get { return _info; }
115 get { return _version; }
121 public void CheckSignature (bool verifySignatureOnly)
123 foreach (SignerInfo si in _info) {
124 si.CheckSignature (verifySignatureOnly);
129 public void CheckSignature (X509Certificate2Collection extraStore, bool verifySignatureOnly)
131 foreach (SignerInfo si in _info) {
132 si.CheckSignature (extraStore, verifySignatureOnly);
137 public void CheckHash ()
139 throw new InvalidOperationException ("");
143 public void ComputeSignature ()
145 throw new CryptographicException ("");
149 public void ComputeSignature (CmsSigner signer)
155 public void ComputeSignature (CmsSigner signer, bool silent)
160 private string ToString (byte[] array, bool reverse)
162 StringBuilder sb = new StringBuilder ();
164 for (int i=array.Length - 1; i >= 0; i--)
165 sb.Append (array [i].ToString ("X2"));
167 for (int i=0; i < array.Length; i++)
168 sb.Append (array [i].ToString ("X2"));
170 return sb.ToString ();
173 private byte[] GetKeyIdentifier (Mono.Security.X509.X509Certificate x509)
175 // if present in certificate return value of the SubjectKeyIdentifier
176 Mono.Security.X509.X509Extension extn = x509.Extensions ["2.5.29.14"];
178 ASN1 bs = new ASN1 (extn.Value.Value);
181 // strangely DEPRECATED keyAttributes isn't used here (like KeyUsage)
183 // if not then we must calculate the SubjectKeyIdentifier ourselve
184 // Note: MS does that hash on the complete subjectPublicKeyInfo (unlike PKIX)
185 // http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain
186 ASN1 subjectPublicKeyInfo = new ASN1 (0x30);
187 ASN1 algo = subjectPublicKeyInfo.Add (new ASN1 (0x30));
188 algo.Add (new ASN1 (CryptoConfig.EncodeOID (x509.KeyAlgorithm)));
189 // FIXME: does it work for DSA certs (without an 2.5.29.14 extension ?)
190 algo.Add (new ASN1 (x509.KeyAlgorithmParameters));
191 byte[] pubkey = x509.PublicKey;
192 byte[] bsvalue = new byte [pubkey.Length + 1]; // add unused bits (0) before the public key
193 Array.Copy (pubkey, 0, bsvalue, 1, pubkey.Length);
194 subjectPublicKeyInfo.Add (new ASN1 (0x03, bsvalue));
195 SHA1 sha = SHA1.Create ();
196 return sha.ComputeHash (subjectPublicKeyInfo.GetBytes ());
199 [MonoTODO("incomplete - missing attributes")]
200 public void Decode (byte[] encodedMessage)
202 PKCS7.ContentInfo ci = new PKCS7.ContentInfo (encodedMessage);
203 if (ci.ContentType != PKCS7.Oid.signedData)
204 throw new Exception ("");
206 PKCS7.SignedData sd = new PKCS7.SignedData (ci.Content);
207 SubjectIdentifierType type = SubjectIdentifierType.Unknown;
210 X509Certificate2 x509 = null;
211 if (sd.SignerInfo.Certificate != null) {
212 x509 = new X509Certificate2 (sd.SignerInfo.Certificate.RawData);
214 else if ((sd.SignerInfo.IssuerName != null) && (sd.SignerInfo.SerialNumber != null)) {
215 byte[] serial = sd.SignerInfo.SerialNumber;
216 Array.Reverse (serial); // ???
217 type = SubjectIdentifierType.IssuerAndSerialNumber;
218 X509IssuerSerial xis = new X509IssuerSerial ();
219 xis.IssuerName = sd.SignerInfo.IssuerName;
220 xis.SerialNumber = ToString (serial, true);
222 // TODO: move to a FindCertificate (issuer, serial, collection)
223 foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) {
224 if (x.IssuerName == sd.SignerInfo.IssuerName) {
225 if (ToString (x.SerialNumber, true) == xis.SerialNumber) {
226 x509 = new X509Certificate2 (x.RawData);
232 else if (sd.SignerInfo.SubjectKeyIdentifier != null) {
233 string ski = ToString (sd.SignerInfo.SubjectKeyIdentifier, false);
234 type = SubjectIdentifierType.SubjectKeyIdentifier;
236 // TODO: move to a FindCertificate (ski, collection)
237 foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) {
238 if (ToString (GetKeyIdentifier (x), false) == ski) {
239 x509 = new X509Certificate2 (x.RawData);
245 SignerInfo si = new SignerInfo (sd.SignerInfo.HashName, x509, type, o, sd.SignerInfo.Version);
246 // si.AuthenticatedAttributes
247 // si.UnauthenticatedAttributes
250 ASN1 content = sd.ContentInfo.Content;
251 Oid oid = new Oid (sd.ContentInfo.ContentType);
253 if (!_detached || _content == null) {
254 if (content[0] == null)
255 throw new ArgumentException ("ContentInfo has no content. Detached signature ?");
257 _content = new ContentInfo (oid, content[0].Value);
260 foreach (Mono.Security.X509.X509Certificate x in sd.Certificates) {
261 _certs.Add (new X509Certificate2 (x.RawData));
264 _version = sd.Version;
268 public byte[] Encode ()
270 /* Mono.Security.X509.X509Certificate x509 = null;
271 Cms.SignerInfo si = new Cms.SignerInfo ();
273 case SubjectIdentifierType.SubjectKeyIdentifier:
274 si.SubjectKeyIdentifier = GetKeyIdentifier (x509);
277 // SubjectIdentifierType.IssuerAndSerialNumber
278 si.IssuerName = x509.IssuerName;
279 si.SerialNumber = x509.SerialNumber;
283 Cms.SignedData sd = new Cms.SignedData ();
284 sd.Version = _version;
287 Cms.ContentInfo ci = new Cms.ContentInfo (Cms.signedData);
288 ci.Content = sd.ASN1;
289 return ci.GetBytes ();*/
294 public void RemoveSignature (SignerInfo signerInfo)
299 public void RemoveSignature (int index)