using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.GM; using Org.BouncyCastle.Asn1.Nist; using Org.BouncyCastle.Asn1.Oiw; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.Rosstandart; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Cms; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509; using System; using System.Collections.Generic; using System.IO; namespace Org.BouncyCastle.Tsp { public class TspUtil { private static readonly Dictionary<DerObjectIdentifier, int> DigestLengths; static TspUtil() { DigestLengths = new Dictionary<DerObjectIdentifier, int>(); DigestLengths.Add(PkcsObjectIdentifiers.MD5, 16); DigestLengths.Add(OiwObjectIdentifiers.IdSha1, 20); DigestLengths.Add(NistObjectIdentifiers.IdSha224, 28); DigestLengths.Add(NistObjectIdentifiers.IdSha256, 32); DigestLengths.Add(NistObjectIdentifiers.IdSha384, 48); DigestLengths.Add(NistObjectIdentifiers.IdSha512, 64); DigestLengths.Add(NistObjectIdentifiers.IdSha3_224, 28); DigestLengths.Add(NistObjectIdentifiers.IdSha3_256, 32); DigestLengths.Add(NistObjectIdentifiers.IdSha3_384, 48); DigestLengths.Add(NistObjectIdentifiers.IdSha3_512, 64); DigestLengths.Add(TeleTrusTObjectIdentifiers.RipeMD128, 16); DigestLengths.Add(TeleTrusTObjectIdentifiers.RipeMD160, 20); DigestLengths.Add(TeleTrusTObjectIdentifiers.RipeMD256, 32); DigestLengths.Add(CryptoProObjectIdentifiers.GostR3411, 32); DigestLengths.Add(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_256, 32); DigestLengths.Add(RosstandartObjectIdentifiers.id_tc26_gost_3411_12_512, 64); DigestLengths.Add(GMObjectIdentifiers.sm3, 32); } public static IList<TimeStampToken> GetSignatureTimestamps(SignerInformation signerInfo) { List<TimeStampToken> list = new List<TimeStampToken>(); Org.BouncyCastle.Asn1.Cms.AttributeTable unsignedAttributes = signerInfo.UnsignedAttributes; if (unsignedAttributes != null) { foreach (Org.BouncyCastle.Asn1.Cms.Attribute item in unsignedAttributes.GetAll(PkcsObjectIdentifiers.IdAASignatureTimeStampToken)) { foreach (Asn1Encodable attrValue in item.AttrValues) { try { TimeStampToken timeStampToken = new TimeStampToken(Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(attrValue.ToAsn1Object())); TimeStampTokenInfo timeStampInfo = timeStampToken.TimeStampInfo; if (!Arrays.FixedTimeEquals(DigestUtilities.CalculateDigest(timeStampInfo.MessageImprintAlgOid, signerInfo.GetSignature()), timeStampInfo.GetMessageImprintDigest())) throw new TspValidationException("Incorrect digest in message imprint"); list.Add(timeStampToken); } catch (SecurityUtilityException) { throw new TspValidationException("Unknown hash algorithm specified in timestamp"); } catch (Exception) { throw new TspValidationException("Timestamp could not be parsed"); } } } return list; } return list; } public static void ValidateCertificate(X509Certificate cert) { if (cert.Version != 3) throw new ArgumentException("Certificate must have an ExtendedKeyUsage extension."); Asn1OctetString extensionValue = cert.GetExtensionValue(X509Extensions.ExtendedKeyUsage); if (extensionValue == null) throw new TspValidationException("Certificate must have an ExtendedKeyUsage extension."); if (!cert.GetCriticalExtensionOids().Contains(X509Extensions.ExtendedKeyUsage.Id)) throw new TspValidationException("Certificate must have an ExtendedKeyUsage extension marked as critical."); try { ExtendedKeyUsage instance = ExtendedKeyUsage.GetInstance(extensionValue.GetOctets()); if (!instance.HasKeyPurposeId(KeyPurposeID.id_kp_timeStamping) || instance.Count != 1) throw new TspValidationException("ExtendedKeyUsage not solely time stamping."); } catch (IOException) { throw new TspValidationException("cannot process ExtendedKeyUsage extension"); } } internal static int GetDigestLength(DerObjectIdentifier digestAlgOid) { if (!DigestLengths.TryGetValue(digestAlgOid, out int value)) throw new TspException("digest algorithm cannot be found."); return value; } internal static IList<DerObjectIdentifier> GetExtensionOids(X509Extensions extensions) { if (extensions != null) return new List<DerObjectIdentifier>(extensions.GetExtensionOids()); return new List<DerObjectIdentifier>(); } } }