如何在TimeStampToken(Bouncy Castle)中获取签名

时间:2018-01-25 01:14:13

标签: c# bouncycastle

来自RFC 3852(和RFC 3161)我理解签名值存储为TimestampToken的SignerInfo类型的属性(它是签名数据内容类型)。

如何从Bouncy Castle的TimeStampToken实例(在C#中)获取该签名值?

2 个答案:

答案 0 :(得分:2)

您可以将类与辅助方法一起使用:

public static class TimeStampTokenHelper
{
    public static IEnumerable<SignedData> GetTimeStampTokensAsSignedData(byte[] input)
    {
        var cmsInputStream = new Asn1InputStream(input);
        var asn1Object = cmsInputStream.ReadObject();
        Assert.IsNotNull(asn1Object);

        var rootSequence = Asn1Sequence.GetInstance(asn1Object);
        var signedData = GetSignedData(rootSequence);
        return GetTimeStampTokensFromSignedData(signedData);
    }

    private static SignedData GetSignedData(Asn1Sequence sequence)
    {
        var rootContent = ContentInfo.GetInstance(sequence);
        Assert.That(rootContent.ContentType.Id, Is.EqualTo("1.2.840.113549.1.7.2")); // signedData
        var signedData = SignedData.GetInstance(rootContent.Content);
        return signedData;
    }

    private static IEnumerable<SignedData> GetTimeStampTokensFromSignedData(SignedData signedData)
    {
        return GetTimeStampTokensFromSignerInfos(signedData.SignerInfos);
    }

    private static IEnumerable<SignedData> GetTimeStampTokensFromSignerInfos(Asn1Set signerInfos)
    {
        var timestampTokens = signerInfos
            .OfType<Asn1Sequence>()
            .SelectMany(GetTimeStampTokensFromSignerInfo);
        return timestampTokens;
    }

    private static IEnumerable<SignedData> GetTimeStampTokensFromSignerInfo(Asn1Sequence signerInfoSequence)
    {
        var signerInfo = SignerInfo.GetInstance(signerInfoSequence);
        var result = signerInfo.UnauthenticatedAttributes.ToArray()
            .Select(Asn1Sequence.GetInstance)
            .Where(x => ((DerObjectIdentifier)x.GetObjectAt(0)).Id == "1.2.840.113549.1.9.16.2.14")
            .Select(x => GetSignedData(Asn1Sequence.GetInstance(Asn1Set.GetInstance(x.GetObjectAt(1)).GetObjectAt(0))));
        return result;
    }

TimeStampTokenHelper.GetTimeStampTokensAsSignedData辅助方法将时间戳标记提取为SignedData结构。您可以使用返回的SignedData数据执行所需操作。

以下是如何从SignerInfo中提取签名的示例:

var signatures = TimeStampTokenHelper.GetTimeStampTokensAsSignedData(cadesTBytes)
    .SelectMany(token => token.SignerInfos.ToArray().Select(SignerInfo.GetInstance))
    .Select(signerInfo => signerInfo.EncryptedDigest);

作为最后的提示:

  • 您可以使用free online ASN.1 viewer深入了解Cades T签名的结构
  • 您可以使用Org.BouncyCastle.Asn1.Utilities.Asn1Dump.DumpAsString方法转储Bouncycastle的ASN.1对象的字符串表示

希望这有帮助。

答案 1 :(得分:1)

我能够使用此功能获得签名:

CmsSignedData tsTokenCms = timestampToken.ToCmsSignedData();
SignerInformationStore signerInfoStore = tsTokenCms.GetSignerInfos();
SignerInformation signerInfo = signerInfoStore.GetFirstSigner(timestampToken.SignerID);
byte[] signatureBytes = signerInfo.GetSignature();
string signatureString = BitConverter.ToString(signatureBytes);
Console.WriteLine("Signature is: " + signatureString);
相关问题
最新问题