Signing content for apple passbook in c#

问题

Here is my code

static void Main(string[] args)
    {
        try
        {
            ContentInfo contentInfo = new ContentInfo(File.ReadAllBytes(@"D:\prj\temp\manifest.json"));
            SignedCms signedCms = new SignedCms(SubjectIdentifierType.IssuerAndSerialNumber, contentInfo);
            var signer = new CmsSigner(new X509Certificate2(@"D:\prj\temp\Shooger_Passbook_withoutKey.p12", "xxxxxxxxx"));
            signer.Certificates.Add(new X509Certificate2(@"D:\prj\temp\AppleIncRootCertificate.cer"));
            signer.Certificates.Add(new X509Certificate2(@"D:\prj\temp\AppleWWDRCA.cer"));
            signer.IncludeOption = X509IncludeOption.WholeChain;
            signer.SignedAttributes.Add(new Pkcs9SigningTime());
            signedCms.ComputeSignature(signer, false);

            byte[] myCmsMessage = signedCms.Encode();
            File.WriteAllBytes(@"D:\prj\temp\signature", myCmsMessage);
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.ToString());
        }
    }

Could somebody to tell me why it throws "An internal certificate chaining error has occurred."?

回答1:

For those tearing their hair out after renewing their certificate and finding it doesn't work, you now need to add the 'signed-time' attribute to the signature. Hence:

var oid = new Oid("1.2.840.113549.1.7.2");
ContentInfo contentInfo = new ContentInfo(oid, manifest);

var signedCms = new SignedCms(contentInfo, true);
var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, myX509certificate);
signer.IncludeOption = X509IncludeOption.EndCertOnly;
signer.Certificates.Add(appleWwdrCertificate);

// new requirement to add 'signing-date'
signer.SignedAttributes.Add(new Pkcs9SigningTime(DateTime.Now));
signedCms.ComputeSignature(signer);

bytes[] signature = signedCms.Encode();

回答2:

Try loading the Certificates from The Windows Certificate store,

Below link will provide you a detailed tutorial for Signing of Passes in .net

http://geekswithblogs.net/MobileLOB/archive/2012/07/30/part-3ndashpassbook-server.aspx

Hope this helps.. :)

回答3:

I've created an OSS library for .Net that handles all of this for you. You just need your own Passbook certificate and the main Apple certificate.

https://github.com/tomasmcguinness/dotnet-passbook

来源：https://stackoverflow.com/questions/12874074/signing-content-for-apple-passbook-in-c-sharp