private bool MatchesDN(
X509Name subject,
GeneralNames targets)
{
GeneralName[] names = targets.GetNames();
for (int i = 0; i != names.Length; i++)
{
GeneralName gn = names[i];
if (gn.TagNo == GeneralName.DirectoryName)
{
try
{
if (X509Name.GetInstance(gn.Name).Equivalent(subject))
{
return true;
}
}
catch (Exception)
{
}
}
}
return false;
}
private V2Form(
Asn1Sequence seq)
{
if (seq.Count > 3)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
int index = 0;
if (!(seq[0] is Asn1TaggedObject))
{
index++;
this.issuerName = GeneralNames.GetInstance(seq[0]);
}
for (int i = index; i != seq.Count; i++)
{
Asn1TaggedObject o = Asn1TaggedObject.GetInstance(seq[i]);
if (o.TagNo == 0)
{
baseCertificateID = IssuerSerial.GetInstance(o, false);
}
else if (o.TagNo == 1)
{
objectDigestInfo = ObjectDigestInfo.GetInstance(o, false);
}
else
{
throw new ArgumentException("Bad tag number: " + o.TagNo);
}
}
}
public IssuerSerial(
GeneralNames issuer,
DerInteger serial)
{
this.issuer = issuer;
this.serial = serial;
}
public V2Form(
GeneralNames issuerName,
IssuerSerial baseCertificateID,
ObjectDigestInfo objectDigestInfo)
{
this.issuerName = issuerName;
this.baseCertificateID = baseCertificateID;
this.objectDigestInfo = objectDigestInfo;
}
public DistributionPoint(
DistributionPointName distributionPointName,
ReasonFlags reasons,
GeneralNames crlIssuer)
{
this.distributionPoint = distributionPointName;
this.reasons = reasons;
this.cRLIssuer = crlIssuer;
}
/**
*
*/
public IetfAttrSyntax(
Asn1Sequence seq)
{
int i = 0;
if (seq[0] is Asn1TaggedObject)
{
policyAuthority = GeneralNames.GetInstance(((Asn1TaggedObject)seq[0]), false);
i++;
}
else if (seq.Count == 2)
{ // VOMS fix
policyAuthority = GeneralNames.GetInstance(seq[0]);
i++;
}
if (!(seq[i] is Asn1Sequence))
{
throw new ArgumentException("Non-IetfAttrSyntax encoding");
}
seq = (Asn1Sequence) seq[i];
foreach (Asn1Object obj in seq)
{
int type;
if (obj is DerObjectIdentifier)
{
type = ValueOid;
}
else if (obj is DerUtf8String)
{
type = ValueUtf8;
}
else if (obj is DerOctetString)
{
type = ValueOctets;
}
else
{
throw new ArgumentException("Bad value type encoding IetfAttrSyntax");
}
if (valueChoice < 0)
{
valueChoice = type;
}
if (type != valueChoice)
{
throw new ArgumentException("Mix of value types in IetfAttrSyntax");
}
values.Add(obj);
}
}
/**
* Constructor.
* @param roleAuthority the role authority of this RoleSyntax.
* @param roleName the role name of this RoleSyntax.
*/
public RoleSyntax(
GeneralNames roleAuthority,
GeneralName roleName)
{
if (roleName == null
|| roleName.TagNo != GeneralName.UniformResourceIdentifier
|| ((IAsn1String) roleName.Name).GetString().Equals(""))
{
throw new ArgumentException("the role name MUST be non empty and MUST " +
"use the URI option of GeneralName");
}
this.roleAuthority = roleAuthority;
this.roleName = roleName;
}
/**
* create an AuthorityKeyIdentifier with the GeneralNames tag and
* the serial number provided as well.
*/
public AuthorityKeyIdentifier(
SubjectPublicKeyInfo spki,
GeneralNames name,
BigInteger serialNumber)
{
IDigest digest = new Sha1Digest();
byte[] resBuf = new byte[digest.GetDigestSize()];
byte[] bytes = spki.PublicKeyData.GetBytes();
digest.BlockUpdate(bytes, 0, bytes.Length);
digest.DoFinal(resBuf, 0);
this.keyidentifier = new DerOctetString(resBuf);
this.certissuer = name;
this.certserno = new DerInteger(serialNumber);
}
private IssuerSerial(
Asn1Sequence seq)
{
if (seq.Count != 2 && seq.Count != 3)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
issuer = GeneralNames.GetInstance(seq[0]);
serial = DerInteger.GetInstance(seq[1]);
if (seq.Count == 3)
{
issuerUid = DerBitString.GetInstance(seq[2]);
}
}
/**
* Constructor for a holder for an v1 attribute certificate.
*
* @param tagObj The ASN.1 tagged holder object.
*/
public Holder(
Asn1TaggedObject tagObj)
{
switch (tagObj.TagNo)
{
case 0:
baseCertificateID = IssuerSerial.GetInstance(tagObj, false);
break;
case 1:
entityName = GeneralNames.GetInstance(tagObj, false);
break;
default:
throw new ArgumentException("unknown tag in Holder");
}
this.version = 0;
}
protected internal AuthorityKeyIdentifier(
Asn1Sequence seq)
{
foreach (Asn1TaggedObject o in seq)
{
switch (o.TagNo)
{
case 0:
this.keyidentifier = Asn1OctetString.GetInstance(o, false);
break;
case 1:
this.certissuer = GeneralNames.GetInstance(o, false);
break;
case 2:
this.certserno = DerInteger.GetInstance(o, false);
break;
default:
throw new ArgumentException("illegal tag");
}
}
}
private DistributionPoint(
Asn1Sequence seq)
{
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject t = Asn1TaggedObject.GetInstance(seq[i]);
switch (t.TagNo)
{
case 0:
distributionPoint = DistributionPointName.GetInstance(t, true);
break;
case 1:
reasons = new ReasonFlags(DerBitString.GetInstance(t, false));
break;
case 2:
cRLIssuer = GeneralNames.GetInstance(t, false);
break;
}
}
}
/// <summary>
/// Don't use this one if you are trying to be RFC 3281 compliant.
/// Use it for v1 attribute certificates only.
/// </summary>
/// <param name="names">Our GeneralNames structure</param>
public AttCertIssuer(
GeneralNames names)
{
obj = names;
choiceObj = obj.ToAsn1Object();
}
/**
* create an AuthorityKeyIdentifier with a precomupted key identifier
* and the GeneralNames tag and the serial number provided as well.
*/
public AuthorityKeyIdentifier(
byte[] keyIdentifier,
GeneralNames name,
BigInteger serialNumber)
{
this.keyidentifier = new DerOctetString(keyIdentifier);
this.certissuer = GeneralNames.GetInstance(name.ToAsn1Object());
this.certserno = new DerInteger(serialNumber);
}
/**
* create an AuthorityKeyIdentifier with a precomputed key identifier
*/
public AuthorityKeyIdentifier(
byte[] keyIdentifier)
{
this.keyidentifier = new DerOctetString(keyIdentifier);
this.certissuer = null;
this.certserno = null;
}
public DistributionPointName(
GeneralNames name)
: this(FullName, name)
{
}
public V2Form(GeneralNames issuerName)
: this(issuerName, null, null)
{
}
private X509Name[] GetPrincipals(
GeneralNames names)
{
object[] p = this.GetNames(names.GetNames());
int count = 0;
for (int i = 0; i != p.Length; i++)
{
if (p[i] is X509Name)
{
++count;
}
}
X509Name[] result = new X509Name[count];
int pos = 0;
for (int i = 0; i != p.Length; i++)
{
if (p[i] is X509Name)
{
result[pos++] = (X509Name)p[i];
}
}
return result;
}
public V2Form(GeneralNames issuerName, ObjectDigestInfo objectDigestInfo)
: this(issuerName, null, objectDigestInfo)
{
}
public V2Form(GeneralNames issuerName, IssuerSerial baseCertificateID)
: this(issuerName, baseCertificateID, null)
{
}
public static Asn1EncodableVector GenerateSignerInfo(X509Certificate2 cert,
String digestAlgorithmName,
byte[] datos,
AdESPolicy policy,
bool signingCertificateV2,
byte[] messageDigest,
DateTime signDate,
bool padesMode,
String contentType,
String contentDescription)
{
// ALGORITMO DE HUELLA DIGITAL
AlgorithmIdentifier digestAlgorithmOID = SigUtils.MakeAlgId(AOAlgorithmID.GetOID(digestAlgorithmName));
// // ATRIBUTOS
// authenticatedAttributes
Asn1EncodableVector contexExpecific = InitContexExpecific(
digestAlgorithmName,
datos,
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Data.Id,
messageDigest,
signDate,
padesMode
);
// Serial Number
// comentar lo de abajo para version del rfc 3852
if (signingCertificateV2)
{
// INICIO SINGING CERTIFICATE-V2
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralNames gns = new GeneralNames(new GeneralName(tbs.Issuer));
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier
* DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial
* IssuerSerial OPTIONAL }
* Hash ::= OCTET STRING */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertIDv2[] essCertIDv2 = { new EssCertIDv2(digestAlgorithmOID, certHash, isuerSerial) };
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificateV2 scv2;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
scv2 = new SigningCertificateV2(essCertIDv2, GetPolicyInformation(policy)); // con politica
}
else
{
scv2 = new SigningCertificateV2(essCertIDv2); // Sin politica
}
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificateV2, new DerSet(scv2)));
// FIN SINGING CERTIFICATE-V2
}
else
{
// INICIO SINGNING CERTIFICATE
/** IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber
* CertificateSerialNumber } */
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(
new Org.BouncyCastle.X509.X509Certificate(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(
cert.GetRawCertData()))).GetTbsCertificate()));
GeneralName gn = new GeneralName(tbs.Issuer);
GeneralNames gns = new GeneralNames(gn);
IssuerSerial isuerSerial = new IssuerSerial(gns, tbs.SerialNumber);
/** ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial
* OPTIONAL }
* Hash ::= OCTET STRING -- SHA1 hash of entire certificate */
byte[] certHash = Digester.Digest(cert.GetRawCertData(), digestAlgorithmName);
EssCertID essCertID = new EssCertID(certHash, isuerSerial);
/** PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId,
* policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo
* OPTIONAL }
* CertPolicyId ::= OBJECT IDENTIFIER
* PolicyQualifierInfo ::= SEQUENCE { policyQualifierId
* PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */
SigningCertificate scv;
if (policy.GetPolicyIdentifier() != null)
{
/** SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF
* ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL
* } */
/*
* HAY QUE HACER UN SEQUENCE, YA QUE EL CONSTRUCTOR DE BOUNCY
* CASTLE NO TIENE DICHO CONSTRUCTOR.
*/
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(new DerSequence(essCertID));
v.Add(new DerSequence(GetPolicyInformation(policy)));
scv = SigningCertificate.GetInstance(new DerSequence(v)); // con politica
}
else
{
scv = new SigningCertificate(essCertID); // Sin politica
}
/** id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
* member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16)
* id-aa(2) 12 } */
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(scv)));
}
// INICIO SIGPOLICYID ATTRIBUTE
if (policy.GetPolicyIdentifier() != null)
{
/**
* SigPolicyId ::= OBJECT IDENTIFIER Politica de firma.
*/
DerObjectIdentifier doiSigPolicyId = new DerObjectIdentifier(policy.GetPolicyIdentifier().ToLower().Replace("urn:oid:", ""));
/**
* OtherHashAlgAndValue ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* hashValue OCTET STRING }
*
*/
// Algoritmo para el hash
AlgorithmIdentifier hashid;
// si tenemos algoritmo de calculo de hash, lo ponemos
if (policy.GetPolicyIdentifierHashAlgorithm() != null)
{
hashid = SigUtils.MakeAlgId(
AOAlgorithmID.GetOID(
AOSignConstants.GetDigestAlgorithmName(
policy.GetPolicyIdentifierHashAlgorithm())));
}
// si no tenemos, ponemos el algoritmo de firma.
else
{
hashid = digestAlgorithmOID;
}
// hash del documento, descifrado en b64
byte[] hashed;
if (policy.GetPolicyIdentifierHash() != null)
{
hashed = System.Convert.FromBase64String(policy.GetPolicyIdentifierHash());
}
else
{
hashed = new byte[] { 0 };
}
DigestInfo otherHashAlgAndValue = new DigestInfo(hashid, hashed);
/**
* SigPolicyQualifierInfo ::= SEQUENCE {
* SigPolicyQualifierId SigPolicyQualifierId,
* SigQualifier ANY DEFINED BY policyQualifierId }
*/
AOSigPolicyQualifierInfo spqInfo = null;
if (policy.GetPolicyQualifier() != null)
{
spqInfo = new AOSigPolicyQualifierInfo(policy.GetPolicyQualifier().ToString());
}
/**
* SignaturePolicyId ::= SEQUENCE {
* sigPolicyId SigPolicyId,
* sigPolicyHash SigPolicyHash,
* sigPolicyQualifiers SEQUENCE SIZE (1..MAX) OF
* AOSigPolicyQualifierInfo OPTIONAL}
*
*/
Asn1EncodableVector v = new Asn1EncodableVector();
// sigPolicyId
v.Add(doiSigPolicyId);
// sigPolicyHash
v.Add(otherHashAlgAndValue.ToAsn1Object()); // como sequence
// sigPolicyQualifiers
if (spqInfo != null)
{
v.Add(spqInfo.toASN1Primitive());
}
DerSequence ds = new DerSequence(v);
// Secuencia con singningCertificate
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAEtsSigPolicyID, new DerSet(ds.ToAsn1Object())));
// FIN SIGPOLICYID ATTRIBUTE
}
/**
* Secuencia con el tipo de contenido firmado. No se agrega en firmas PAdES.
*
* ContentHints ::= SEQUENCE {
* contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
* contentType ContentType }
*/
if (contentType != null && !padesMode)
{
ContentHints contentHints;
if (contentDescription != null)
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType),
new DerUtf8String(contentDescription));
}
else
{
contentHints = new ContentHints(new DerObjectIdentifier(contentType));
}
contexExpecific.Add(new Org.BouncyCastle.Asn1.Cms.Attribute(
Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.IdAAContentHint,
new DerSet(contentHints.ToAsn1Object())));
}
return contexExpecific;
}
public V2Form(
GeneralNames issuerName)
{
this.issuerName = issuerName;
}
/**
* create an AuthorityKeyIdentifier with the GeneralNames tag and
* the serial number provided.
*/
public AuthorityKeyIdentifier(
GeneralNames name,
IBigInteger serialNumber)
{
this.keyidentifier = null;
this.certissuer = GeneralNames.GetInstance(name.ToAsn1Object());
this.certserno = new DerInteger(serialNumber);
}
/// <summary>
///
/// </summary>
/// <remarks>Based on <see cref="http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx"/></remarks>
/// <param name="subjectName"></param>
/// <returns></returns>
public static void z_dep_GenerateCertificate(string subjectName, long serialNumber, DateTime expireOn, System.Security.Cryptography.X509Certificates.X509Certificate2 issuingCertificate, out string thumbprint, out string pemPrivateKey, out string pemPublicCert, out byte[] publicCert, out byte[] pkcs12Data, out string password)
{
AsymmetricKeyParameter caPrivateKey;
var caCert = ReadCertificateFromX509Certificate2(issuingCertificate, out caPrivateKey);
//var caAuth = new AuthorityKeyIdentifierStructure(caCert);
//var authKeyId = new AuthorityKeyIdentifier(caAuth.GetKeyIdentifier());
// ---------------------------
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var gen = new X509V3CertificateGenerator();
// var certName = new X509Name("CN=" + subjectName);
var list = new Dictionary<string, string>();
AddItems(list, "CN", subjectName);
AddItems(list, "O", "CompliaShield");
AddItems(list, "OU", "CompliaShield");
//var simpleCertName = GetItemString(list);
//var certNameLight = new X509Name(simpleCertName);
list.Add("L", "Boulder");
list.Add("ST", "Colorado");
list.Add("C", "US");
var subjectFull = GetItemString(list);
var certName = new X509Name(subjectFull);
BigInteger serialNo;
if (serialNumber == 0)
{
serialNo = BigInteger.ProbablePrime(120, random);
}
else
{
serialNo = BigInteger.ValueOf(serialNumber);
}
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(caCert.IssuerDN);
var issuerPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(caCert.GetPublicKey());
var issuerGeneralNames = new GeneralNames(new GeneralName(caCert.IssuerDN));
var issuerSerialNumber = caCert.SerialNumber;
var authorityKeyIdentifier = new AuthorityKeyIdentifier(issuerPublicKeyInfo, issuerGeneralNames, issuerSerialNumber);
gen.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, true, authorityKeyIdentifier);
// gen.SetIssuerUniqueID(caCert.IssuerUniqueID.GetBytes())
gen.SetNotAfter(expireOn);
gen.SetNotBefore(DateTime.Now.AddHours(-2));
gen.SetSignatureAlgorithm("SHA256WithRSA"); //("MD5WithRSA");
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(random, 2048)); // new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var subjectKeyPair = kpgen.GenerateKeyPair();
gen.SetPublicKey(subjectKeyPair.Public);
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
false,
new ExtendedKeyUsage(new KeyPurposeID[] { KeyPurposeID.IdKPClientAuth, KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPCodeSigning }));
//1.3.6.1.5.5.7.3.1 = server authentication
//1.3.6.1.5.5.7.3.2 = client authentication
//1.3.6.1.5.5.7.3.3 = code signing
var certificate = gen.Generate(caPrivateKey);
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.PrivateKey.GetDerEncoded());
if (seq.Count != 9)
{
throw new PemException("Malformed sequence in RSA private key.");
}
var rsa = new RsaPrivateKeyStructure(seq);
RsaPrivateCrtKeyParameters rsaparams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
//-------------
//RsaPrivateCrtKeyParameters rsaparams = (RsaPrivateCrtKeyParameters)subjectKeyPair.Private;
RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(rsaparams);
CspParameters cspParameters = new CspParameters();
cspParameters.KeyContainerName = Guid.NewGuid().ToString(); // "MyKeyContainer";
RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(2048, cspParameters);
rsaKey.ImportParameters(rsaParameters);
// ------------
x509.PrivateKey = rsaKey; // DotNetUtilities.ToRSA(rsaparams);
// Generating Random Numbers
var chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-()#$%^&@+=!{}[]*.,";
var rnd = new Random();
password = new string(
Enumerable.Repeat(chars, 32)
.Select(s => s[rnd.Next(s.Length)])
.ToArray());
thumbprint = x509.Thumbprint.ToLower();
publicCert = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert);
var privateKeyPem = new StringBuilder();
var privateKeyPemWriter = new PemWriter(new StringWriter(privateKeyPem));
privateKeyPemWriter.WriteObject(certificate);
privateKeyPemWriter.WriteObject(subjectKeyPair.Private);
privateKeyPemWriter.Writer.Flush();
pemPrivateKey = privateKeyPem.ToString();
var publicKeyPem = new StringBuilder();
var utf8WithoutBom = new System.Text.UTF8Encoding(false);
var publicKeyPemWriter = new PemWriter(new StringWriterWithEncoding(publicKeyPem, utf8WithoutBom));
publicKeyPemWriter.WriteObject(certificate);
publicKeyPemWriter.Writer.Flush();
pemPublicCert = publicKeyPem.ToString();
pemPublicCert = pemPublicCert.Replace(Environment.NewLine, "\n"); //only use newline and not returns
pkcs12Data = x509.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pfx, password);
}
/**
* Constructs a holder with an entityName for v2 attribute certificates or
* with a subjectName for v1 attribute certificates.
*
* @param entityName The entity or subject name.
*/
public Holder(
GeneralNames entityName)
: this(entityName, 1)
{
}
private X509Name[] GetPrincipals(
GeneralNames names)
{
object[] p = this.GetNames(names.GetNames());
ArrayList l = new ArrayList(p.Length);
for (int i = 0; i != p.Length; i++)
{
if (p[i] is X509Name)
{
l.Add(p[i]);
}
}
return (X509Name[]) l.ToArray(typeof(X509Name));
}
/**
* Constructor that builds an instance of <code>RoleSyntax</code> by
* extracting the encoded elements from the <code>Asn1Sequence</code>
* object supplied.
* @param seq an instance of <code>Asn1Sequence</code> that holds
* the encoded elements used to build this <code>RoleSyntax</code>.
*/
private RoleSyntax(
Asn1Sequence seq)
{
if (seq.Count < 1 || seq.Count > 2)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject taggedObject = Asn1TaggedObject.GetInstance(seq[i]);
switch (taggedObject.TagNo)
{
case 0:
roleAuthority = GeneralNames.GetInstance(taggedObject, false);
break;
case 1:
roleName = GeneralName.GetInstance(taggedObject, true);
break;
default:
throw new ArgumentException("Unknown tag in RoleSyntax");
}
}
}
/**
* Constructs a holder with an entityName for v2 attribute certificates or
* with a subjectName for v1 attribute certificates.
*
* @param entityName The entity or subject name.
* @param version The version of the attribute certificate.
*/
public Holder(
GeneralNames entityName,
int version)
{
this.entityName = entityName;
this.version = version;
}
public DistributionPointName(
GeneralNames name)
: this(FullName, name)
{
}
/**
* Constructor for a holder for an v2 attribute certificate. *
*
* @param seq The ASN.1 sequence.
*/
private Holder(
Asn1Sequence seq)
{
if (seq.Count > 3)
throw new ArgumentException("Bad sequence size: " + seq.Count);
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject tObj = Asn1TaggedObject.GetInstance(seq[i]);
switch (tObj.TagNo)
{
case 0:
baseCertificateID = IssuerSerial.GetInstance(tObj, false);
break;
case 1:
entityName = GeneralNames.GetInstance(tObj, false);
break;
case 2:
objectDigestInfo = ObjectDigestInfo.GetInstance(tObj, false);
break;
default:
throw new ArgumentException("unknown tag in Holder");
}
}
this.version = 1;
}
public DistributionPoint(DistributionPointName distributionPointName, ReasonFlags reasons, GeneralNames crlIssuer)
{
distributionPoint = distributionPointName;
this.reasons = reasons;
cRLIssuer = crlIssuer;
}
