-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathBouncyCastleSigner.cs
94 lines (81 loc) · 3.27 KB
/
BouncyCastleSigner.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
using DevExpress.Pdf;
using DevExpress.Office.DigitalSignatures;
using DevExpress.Office.Tsp;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using System.Collections.Generic;
using System.IO;
using System.Linq;
namespace CustomSigner
{
// Declare a custom class to calculate a digest value:
public class BouncyCastleDigestCalculator : IDigestCalculator
{
readonly IDigest digest;
public string AlgorithmOid => DigestUtilities.GetObjectIdentifier(digest.AlgorithmName).Id;
public BouncyCastleDigestCalculator()
{
digest = new Sha512Digest();
}
public byte[] ComputeDigest(Stream stream)
{
digest.Reset();
byte[] buffer = new byte[1024 * 1024];
int readByteCount;
do
{
readByteCount = stream.Read(buffer, 0, buffer.Length);
if (readByteCount != 0)
digest.BlockUpdate(buffer, 0, readByteCount);
}
while (readByteCount != 0);
byte[] result = new byte[GetDigestSize()];
digest.DoFinal(result, 0);
return result;
}
public int GetDigestSize()
{
return digest.GetDigestSize();
}
}
public class BouncyCastleSigner : Pkcs7SignerBase
{
//Specify the signing algoritm's OID:
const string PKCS1RsaEncryption = "1.2.840.113549.1.1.1";
readonly byte[][] certificates;
readonly IAsymmetricBlockCipher rsaEngine;
//Specify a custom digest calculator:
protected override IDigestCalculator DigestCalculator { get { return new BouncyCastleDigestCalculator(); } }
protected override string SigningAlgorithmOID => PKCS1RsaEncryption;
public BouncyCastleSigner(string file, string password, ITsaClient tsaClient) : base(tsaClient, null, null, PdfSignatureProfile.Pdf)
{
//Read PKCS#12 file:
var pkcs = new Pkcs12Store(File.Open(file, FileMode.Open), password.ToCharArray());
//Get the certificate's alias:
var alias = pkcs.Aliases.OfType<string>().First(a => pkcs.IsKeyEntry(a));
//Get the certificate's chain:
certificates = pkcs.GetCertificateChain(alias).Select(c => c.Certificate.GetEncoded()).ToArray();
//Initialize the encryption engine:
rsaEngine = new Pkcs1Encoding(new RsaBlindedEngine());
rsaEngine.Init(true, pkcs.GetKey(alias).Key);
}
protected override IEnumerable<byte[]> GetCertificates()
{
return certificates;
}
protected override byte[] SignDigest(byte[] digest)
{
//Create the digest info object
//Encrypted by the signer's private key:
var dInfo = new DigestInfo(new AlgorithmIdentifier(new DerObjectIdentifier(DigestCalculator.AlgorithmOid), DerNull.Instance), digest);
byte[] digestInfo = dInfo.GetEncoded();
return rsaEngine.ProcessBlock(digestInfo, 0, digestInfo.Length);
}
}
}