private LdsSecurityObject(
Asn1Sequence seq)
{
if (seq == null || seq.Count == 0)
{
throw new ArgumentException("null or empty sequence passed.");
}
IEnumerator e = seq.GetEnumerator();
// version
e.MoveNext();
version = DerInteger.GetInstance(e.Current);
// digestAlgorithmIdentifier
e.MoveNext();
digestAlgorithmIdentifier = AlgorithmIdentifier.GetInstance(e.Current);
e.MoveNext();
Asn1Sequence datagroupHashSeq = Asn1Sequence.GetInstance(e.Current);
if (version.HasValue(1))
{
e.MoveNext();
versionInfo = LdsVersionInfo.GetInstance(e.Current);
}
CheckDatagroupHashSeqSize(datagroupHashSeq.Count);
datagroupHash = new DataGroupHash[datagroupHashSeq.Count];
for (int i = 0; i < datagroupHashSeq.Count; i++)
{
datagroupHash[i] = DataGroupHash.GetInstance(datagroupHashSeq[i]);
}
}
private AuthEnvelopedData(
Asn1Sequence seq)
{
int index = 0;
// "It MUST be set to 0."
Asn1Object tmp = seq[index++].ToAsn1Object();
version = DerInteger.GetInstance(tmp);
if (!version.HasValue(0))
{
throw new ArgumentException("AuthEnvelopedData version number must be 0");
}
tmp = seq[index++].ToAsn1Object();
if (tmp is Asn1TaggedObject)
{
originatorInfo = OriginatorInfo.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++].ToAsn1Object();
}
// "There MUST be at least one element in the collection."
recipientInfos = Asn1Set.GetInstance(tmp);
if (recipientInfos.Count < 1)
{
throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo");
}
tmp = seq[index++].ToAsn1Object();
authEncryptedContentInfo = EncryptedContentInfo.GetInstance(tmp);
tmp = seq[index++].ToAsn1Object();
if (tmp is Asn1TaggedObject)
{
authAttrs = Asn1Set.GetInstance((Asn1TaggedObject)tmp, false);
tmp = seq[index++].ToAsn1Object();
}
else
{
// "The authAttrs MUST be present if the content type carried in
// EncryptedContentInfo is not id-data."
if (!authEncryptedContentInfo.ContentType.Equals(CmsObjectIdentifiers.Data))
{
if (authAttrs == null || authAttrs.Count < 1)
{
throw new ArgumentException("authAttrs must be present with non-data content");
}
}
}
mac = Asn1OctetString.GetInstance(tmp);
if (seq.Count > index)
{
tmp = seq[index++].ToAsn1Object();
unauthAttrs = Asn1Set.GetInstance((Asn1TaggedObject)tmp, false);
}
}
private void CheckLongValue(DerInteger i, long n)
{
BigInteger val = i.Value;
IsEquals(val.LongValue, n);
IsEquals(val.LongValueExact, n);
IsEquals(i.LongValueExact, n);
IsTrue(i.HasValue(n));
}
private void CheckIntValue(DerInteger i, int n)
{
BigInteger val = i.Value;
IsEquals(val.IntValue, n);
IsEquals(val.IntValueExact, n);
IsEquals(i.IntValueExact, n);
IsTrue(i.HasValue(n));
}
/**
* Produce an object suitable for an Asn1OutputStream.
*
* Returns:
*
* <pre>
* GeneralSubtree ::= SEQUENCE
* {
* baseName GeneralName,
* minimum [0] BaseDistance DEFAULT 0,
* maximum [1] BaseDistance OPTIONAL
* }
* </pre>
*
* @return a DERObject
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(baseName);
if (minimum != null && !minimum.HasValue(0))
{
v.Add(new DerTaggedObject(false, 0, minimum));
}
v.AddOptionalTagged(false, 1, maximum);
return(new DerSequence(v));
}
public AuthEnvelopedDataParser(
Asn1SequenceParser seq)
{
this.seq = seq;
// "It MUST be set to 0."
this.version = (DerInteger)seq.ReadObject();
if (!version.HasValue(0))
{
throw new Asn1ParsingException("AuthEnvelopedData version number must be 0");
}
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* AttributeCertificateInfo ::= Sequence {
* version AttCertVersion -- version is v2,
* holder Holder,
* issuer AttCertIssuer,
* signature AlgorithmIdentifier,
* serialNumber CertificateSerialNumber,
* attrCertValidityPeriod AttCertValidityPeriod,
* attributes Sequence OF Attr,
* issuerUniqueID UniqueIdentifier OPTIONAL,
* extensions Extensions OPTIONAL
* }
*
* AttCertVersion ::= Integer { v2(1) }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(9);
if (!version.HasValue(0))
{
v.Add(version);
}
v.Add(holder, issuer, signature, serialNumber, attrCertValidityPeriod, attributes);
v.AddOptional(issuerUniqueID, extensions);
return(new DerSequence(v));
}
public Pfx(
Asn1Sequence seq)
{
DerInteger version = DerInteger.GetInstance(seq[0]);
if (!version.HasValue(3))
{
throw new ArgumentException("wrong version for PFX PDU");
}
this.contentInfo = ContentInfo.GetInstance(seq[1]);
if (seq.Count == 3)
{
this.macData = MacData.GetInstance(seq[2]);
}
}
private EncryptedData(
Asn1Sequence seq)
{
if (seq.Count != 2)
{
throw new ArgumentException("Wrong number of elements in sequence", "seq");
}
DerInteger version = (DerInteger)seq[0];
if (!version.HasValue(0))
{
throw new ArgumentException("sequence not version 0");
}
this.data = (Asn1Sequence)seq[1];
}
public void CheckAttributeCertificate(
int id,
byte[] cert)
{
AttributeCertificate obj = AttributeCertificate.GetInstance(cert);
AttributeCertificateInfo acInfo = obj.ACInfo;
// Version
DerInteger version = acInfo.Version;
if (!version.HasValue(1) && !version.HasValue(2))
{
Fail("failed AC Version test for id " + id);
}
// Holder
Holder h = acInfo.Holder;
if (h == null)
{
Fail("failed AC Holder test, it's null, for id " + id);
}
// Issuer
AttCertIssuer aci = acInfo.Issuer;
if (aci == null)
{
Fail("failed AC Issuer test, it's null, for id " + id);
}
// Signature
AlgorithmIdentifier sig = acInfo.Signature;
if (sig == null)
{
Fail("failed AC Signature test for id " + id);
}
// Serial
DerInteger serial = acInfo.SerialNumber;
// Validity
AttCertValidityPeriod validity = acInfo.AttrCertValidityPeriod;
if (validity == null)
{
Fail("failed AC AttCertValidityPeriod test for id " + id);
}
// Attributes
Asn1Sequence attribSeq = acInfo.Attributes;
AttributeX509[] att = new AttributeX509[attribSeq.Count];
for (int i = 0; i < attribSeq.Count; i++)
{
att[i] = AttributeX509.GetInstance(attribSeq[i]);
}
// IssuerUniqueId
// TODO, how to best test?
// X509 Extensions
X509Extensions ext = acInfo.Extensions;
if (ext != null)
{
foreach (DerObjectIdentifier oid in ext.ExtensionOids)
{
X509Extension extVal = ext.GetExtension(oid);
}
}
}
internal TbsCertificateStructure(
Asn1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq[0] is Asn1TaggedObject)
{
version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
}
else
{
seqStart = -1; // field 0 is missing!
version = new DerInteger(0);
}
bool isV1 = false;
bool isV2 = false;
if (version.HasValue(0))
{
isV1 = true;
}
else if (version.HasValue(1))
{
isV2 = true;
}
else if (!version.HasValue(2))
{
throw new ArgumentException("version number not recognised");
}
serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);
signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
issuer = X509Name.GetInstance(seq[seqStart + 3]);
//
// before and after dates
//
Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];
startDate = Time.GetInstance(dates[0]);
endDate = Time.GetInstance(dates[1]);
subject = X509Name.GetInstance(seq[seqStart + 5]);
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);
int extras = seq.Count - (seqStart + 6) - 1;
if (extras != 0 && isV1)
{
throw new ArgumentException("version 1 certificate contains extra data");
}
while (extras > 0)
{
Asn1TaggedObject extra = Asn1TaggedObject.GetInstance(seq[seqStart + 6 + extras]);
switch (extra.TagNo)
{
case 1:
{
issuerUniqueID = DerBitString.GetInstance(extra, false);
break;
}
case 2:
{
subjectUniqueID = DerBitString.GetInstance(extra, false);
break;
}
case 3:
{
if (isV2)
{
throw new ArgumentException("version 2 certificate cannot contain extensions");
}
extensions = X509Extensions.GetInstance(Asn1Sequence.GetInstance(extra, true));
break;
}
default:
{
throw new ArgumentException("Unknown tag encountered in structure: " + extra.TagNo);
}
}
extras--;
}
}
