/** Creates a new PopoSigningKeyInput using password-based MAC. */
 public PopoSigningKeyInput(
     PKMacValue pkmac,
     SubjectPublicKeyInfo spki)
 {
     this.publicKeyMac = pkmac;
     this.publicKey = spki;
 }
Beispiel #2
0
        private static readonly AlgorithmIdentifier PublicKeyAlgorithm = AlgorithmIdentifier.GetInstance("1.2.840.113549.1.1.1"); // OID for RSA

        #endregion Fields

        #region Methods

        /// <summary>
        /// The decode public key.
        /// </summary>
        /// <param name="keyString">
        /// The key string.
        /// </param>
        /// <returns>
        /// The <see cref="PublicKey"/>.
        /// </returns>
        public PublicKey DecodePublicKey(string keyString)
        {
            byte[] data = Convert.FromBase64String(keyString);
            var keyInfo = new SubjectPublicKeyInfo(PublicKeyAlgorithm, data);
            AsymmetricKeyParameter publicKeyParam = PublicKeyFactory.CreateKey(keyInfo);
            return new PublicKey(publicKeyParam);
        }
 /** Creates a new PopoSigningKeyInput with sender name as authInfo. */
 public PopoSigningKeyInput(
     GeneralName sender,
     SubjectPublicKeyInfo spki)
 {
     this.sender = sender;
     this.publicKey = spki;
 }
		public PublicKeyAndChallenge(
			Asn1Sequence seq)
		{
			pkacSeq = seq;
			spki = SubjectPublicKeyInfo.GetInstance(seq[0]);
			challenge = DerIA5String.GetInstance(seq[1]);
		}
		/**
		* decrypt the content and return an input stream.
		*/
		public override CmsTypedStream GetContentStream(
//			Key key)
			ICipherParameters key)
		{
			if (!(key is AsymmetricKeyParameter))
				throw new ArgumentException("KeyAgreement requires asymmetric key", "key");

			AsymmetricKeyParameter privKey = (AsymmetricKeyParameter) key;

			if (!privKey.IsPrivate)
				throw new ArgumentException("Expected private key", "key");

			try
			{
				OriginatorPublicKey origK = _info.Originator.OriginatorKey;
				PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);
				SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(privInfo.AlgorithmID, origK.PublicKey.GetBytes());
				AsymmetricKeyParameter pubKey = PublicKeyFactory.CreateKey(pubInfo);

				string wrapAlg = DerObjectIdentifier.GetInstance(
					Asn1Sequence.GetInstance(_keyEncAlg.Parameters)[0]).Id;

				IBasicAgreement agreement = AgreementUtilities.GetBasicAgreementWithKdf(
					_keyEncAlg.ObjectID, wrapAlg);

				agreement.Init(privKey);

				BigInteger wKeyNum = agreement.CalculateAgreement(pubKey);
				// TODO Fix the way bytes are derived from the secret
				byte[] wKeyBytes = wKeyNum.ToByteArrayUnsigned();
				KeyParameter wKey = ParameterUtilities.CreateKeyParameter(wrapAlg, wKeyBytes);

				IWrapper keyCipher = WrapperUtilities.GetWrapper(wrapAlg);

				keyCipher.Init(false, wKey);

				AlgorithmIdentifier aid = _encAlg;
				string alg = aid.ObjectID.Id;

				byte[] encryptedKey = _encryptedKey.GetOctets();
				byte[] sKeyBytes = keyCipher.Unwrap(encryptedKey, 0, encryptedKey.Length);

				KeyParameter sKey = ParameterUtilities.CreateKeyParameter(alg, sKeyBytes);

				return GetContentFromSessionKey(sKey);
			}
			catch (SecurityUtilityException e)
			{
				throw new CmsException("couldn't create cipher.", e);
			}
			catch (InvalidKeyException e)
			{
				throw new CmsException("key invalid in message.", e);
			}
			catch (Exception e)
			{
				throw new CmsException("originator key invalid.", e);
			}
		}
        internal TbsCertificateStructure(
			Asn1Sequence seq)
        {
            int seqStart = 0;

            this.seq = seq;

            //
            // some certficates don't include a version number - we assume v1
            //
            if (seq[0] is DerTaggedObject)
            {
                version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
            }
            else
            {
                seqStart = -1;          // field 0 is missing!
                version = new DerInteger(0);
            }

            serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);

            signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
            issuer = X509Name.GetInstance(seq[seqStart + 3]);

            //
            // before and after dates
            //
            Asn1Sequence  dates = (Asn1Sequence)seq[seqStart + 4];

            startDate = Time.GetInstance(dates[0]);
            endDate = Time.GetInstance(dates[1]);

            subject = X509Name.GetInstance(seq[seqStart + 5]);

            //
            // public key info.
            //
            subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);

            for (int extras = seq.Count - (seqStart + 6) - 1; extras > 0; extras--)
            {
                DerTaggedObject extra = (DerTaggedObject) seq[seqStart + 6 + extras];

                switch (extra.TagNo)
                {
                    case 1:
                        issuerUniqueID = DerBitString.GetInstance(extra, false);
                        break;
                    case 2:
                        subjectUniqueID = DerBitString.GetInstance(extra, false);
                        break;
                    case 3:
                        extensions = X509Extensions.GetInstance(extra);
                        break;
                }
            }
        }
		/**
         *
         * Calulates the keyIdentifier using a SHA1 hash over the BIT STRING
         * from SubjectPublicKeyInfo as defined in RFC2459.
         *
         **/
        public SubjectKeyIdentifier(
            SubjectPublicKeyInfo spki)
        {
            IDigest digest = new Sha1Digest();
            byte[] resBuf = new byte[digest.GetDigestSize()];

			byte[] bytes = spki.PublicKeyData.GetBytes();
            digest.BlockUpdate(bytes, 0, bytes.Length);
            digest.DoFinal(resBuf, 0);
            this.keyIdentifier = resBuf;
        }
        /**
         *
         * Calulates the keyidentifier using a SHA1 hash over the BIT STRING
         * from SubjectPublicKeyInfo as defined in RFC2459.
         *
         * Example of making a AuthorityKeyIdentifier:
         * <pre>
         *   SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
         *       publicKey.getEncoded()).readObject());
         *   AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
         * </pre>
         *
         **/
        public AuthorityKeyIdentifier(
            SubjectPublicKeyInfo spki)
        {
            IDigest digest = new Sha1Digest();
            byte[] resBuf = new byte[digest.GetDigestSize()];

            byte[] bytes = spki.PublicKeyData.GetBytes();
            digest.BlockUpdate(bytes, 0, bytes.Length);
            digest.DoFinal(resBuf, 0);
            this.keyidentifier = new DerOctetString(resBuf);
        }
		public CertificationRequestInfo(
            X509Name				subject,
            SubjectPublicKeyInfo	pkInfo,
            Asn1Set					attributes)
        {
            this.subject = subject;
            this.subjectPKInfo = pkInfo;
            this.attributes = attributes;

			if (subject == null || version == null || subjectPKInfo == null)
            {
                throw new ArgumentException(
					"Not all mandatory fields set in CertificationRequestInfo generator.");
            }
        }
        /**
         * create an AuthorityKeyIdentifier with the GeneralNames tag and
         * the serial number provided as well.
         */
        public AuthorityKeyIdentifier(
            SubjectPublicKeyInfo	spki,
            GeneralNames			name,
            BigInteger				serialNumber)
        {
            IDigest digest = new Sha1Digest();
            byte[] resBuf = new byte[digest.GetDigestSize()];

            byte[] bytes = spki.PublicKeyData.GetBytes();
            digest.BlockUpdate(bytes, 0, bytes.Length);
            digest.DoFinal(resBuf, 0);

            this.keyidentifier = new DerOctetString(resBuf);
            this.certissuer = name;
            this.certserno = new DerInteger(serialNumber);
        }
		public X509CertStoreSelector(
			X509CertStoreSelector o)
		{
			this.authorityKeyIdentifier = o.AuthorityKeyIdentifier;
			this.basicConstraints = o.BasicConstraints;
			this.certificate = o.Certificate;
			this.certificateValid = o.CertificateValid;
			this.extendedKeyUsage = o.ExtendedKeyUsage;
			this.issuer = o.Issuer;
			this.keyUsage = o.KeyUsage;
			this.policy = o.Policy;
			this.privateKeyValid = o.PrivateKeyValid;
			this.serialNumber = o.SerialNumber;
			this.subject = o.Subject;
			this.subjectKeyIdentifier = o.SubjectKeyIdentifier;
			this.subjectPublicKey = o.SubjectPublicKey;
			this.subjectPublicKeyAlgID = o.SubjectPublicKeyAlgID;
		}
        private CertTemplate(Asn1Sequence seq)
        {
            this.seq = seq;

            foreach (Asn1TaggedObject tObj in seq)
            {
                switch (tObj.TagNo)
                {
                case 0:
                    version = DerInteger.GetInstance(tObj, false);
                    break;
                case 1:
                    serialNumber = DerInteger.GetInstance(tObj, false);
                    break;
                case 2:
                    signingAlg = AlgorithmIdentifier.GetInstance(tObj, false);
                    break;
                case 3:
                    issuer = X509Name.GetInstance(tObj, true); // CHOICE
                    break;
                case 4:
                    validity = OptionalValidity.GetInstance(Asn1Sequence.GetInstance(tObj, false));
                    break;
                case 5:
                    subject = X509Name.GetInstance(tObj, true); // CHOICE
                    break;
                case 6:
                    publicKey = SubjectPublicKeyInfo.GetInstance(tObj, false);
                    break;
                case 7:
                    issuerUID = DerBitString.GetInstance(tObj, false);
                    break;
                case 8:
                    subjectUID = DerBitString.GetInstance(tObj, false);
                    break;
                case 9:
                    extensions = X509Extensions.GetInstance(tObj, false);
                    break;
                default:
                    throw new ArgumentException("unknown tag: " + tObj.TagNo, "seq");
                }
            }
        }
        private PopoSigningKeyInput(Asn1Sequence seq)
        {
            Asn1Encodable authInfo = (Asn1Encodable)seq[0];

            if (authInfo is Asn1TaggedObject)
            {
                Asn1TaggedObject tagObj = (Asn1TaggedObject)authInfo;
                if (tagObj.TagNo != 0)
                {
                    throw new ArgumentException("Unknown authInfo tag: " + tagObj.TagNo, "seq");
                }
                sender = GeneralName.GetInstance(tagObj.GetObject());
            }
            else
            {
                publicKeyMac = PKMacValue.GetInstance(authInfo);
            }

            publicKey = SubjectPublicKeyInfo.GetInstance(seq[1]);
        }
        private void TbsV1CertGenerate()
        {
			V1TbsCertificateGenerator gen = new V1TbsCertificateGenerator();
            DateTime startDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 1);
            DateTime endDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 12);

            gen.SetSerialNumber(new DerInteger(1));

            gen.SetStartDate(new Time(startDate));
            gen.SetEndDate(new Time(endDate));

            gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
            gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 1"));

            gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));

            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance),
                new RsaPublicKeyStructure(BigInteger.One, BigInteger.Two));

            gen.SetSubjectPublicKeyInfo(info);

            TbsCertificateStructure tbs = gen.GenerateTbsCertificate();

			if (!Arrays.AreEqual(tbs.GetEncoded(), v1Cert))
            {
                Fail("failed v1 cert generation");
            }

            //
            // read back test
            //
            Asn1InputStream aIn = new Asn1InputStream(v1Cert);
            Asn1Object o = aIn.ReadObject();

            if (!Arrays.AreEqual(o.GetEncoded(), v1Cert))
            {
                Fail("failed v1 cert read back test");
            }
        }
		private CertificationRequestInfo(
            Asn1Sequence seq)
        {
            version = (DerInteger) seq[0];

			subject = X509Name.GetInstance(seq[1]);
            subjectPKInfo = SubjectPublicKeyInfo.GetInstance(seq[2]);

			//
            // some CertificationRequestInfo objects seem to treat this field
            // as optional.
            //
            if (seq.Count > 3)
            {
                DerTaggedObject tagobj = (DerTaggedObject) seq[3];
                attributes = Asn1Set.GetInstance(tagobj, false);
            }

			if (subject == null || version == null || subjectPKInfo == null)
            {
                throw new ArgumentException(
					"Not all mandatory fields set in CertificationRequestInfo generator.");
            }
        }
Beispiel #16
0
 /**
  * Return a RFC 3280 type 1 key identifier. As in:
  * <pre>
  * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
  * value of the BIT STRING subjectPublicKey (excluding the tag,
  * length, and number of unused bits).
  * </pre>
  * @param keyInfo the key info object containing the subjectPublicKey field.
  * @return the key identifier.
  */
 public static SubjectKeyIdentifier CreateSha1KeyIdentifier(
     SubjectPublicKeyInfo keyInfo)
 {
     return(new SubjectKeyIdentifier(keyInfo));
 }
Beispiel #17
0
        private void EncodePublicKey()
        {
            X9ECParameters ecP = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime239v3);

            if (X9IntegerConverter.GetByteLength(ecP.Curve) != 30)
            {
                Fail("wrong byte length reported for curve");
            }

            if (ecP.Curve.FieldSize != 239)
            {
                Fail("wrong field size reported for curve");
            }

            //
            // named curve
            //
            X962Parameters _params = new X962Parameters(X9ObjectIdentifiers.Prime192v1);

            X9ECPoint pPoint = new X9ECPoint(
                new FpPoint(ecP.Curve, new FpFieldElement(BigInteger.Two, BigInteger.One),
                new FpFieldElement(BigInteger.ValueOf(4), BigInteger.ValueOf(3)),
                true));

            Asn1OctetString p = (Asn1OctetString) pPoint.ToAsn1Object();

            if (p == null)
            {
                Fail("failed to convert to ASN.1");
            }

            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, _params), p.GetOctets());

            if (!Arrays.AreEqual(info.GetEncoded(), namedPub))
            {
                Fail("failed public named generation");
            }

            Asn1Object o = Asn1Object.FromByteArray(namedPub);

            if (!info.Equals(o))
            {
                Fail("failed public named equality");
            }

            //
            // explicit curve parameters
            //
            _params = new X962Parameters(ecP);

            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, _params), p.GetOctets());

            if (!Arrays.AreEqual(info.GetEncoded(), expPub))
            {
                Fail("failed public explicit generation");
            }

            o = Asn1Object.FromByteArray(expPub);

            if (!info.Equals(o))
            {
                Fail("failed public explicit equality");
            }
        }
Beispiel #18
0
        public static AsymmetricKeyParameter CreateKey(
            SubjectPublicKeyInfo keyInfo)
        {
            AlgorithmIdentifier algID = keyInfo.AlgorithmID;
            DerObjectIdentifier algOid = algID.ObjectID;

            // TODO See RSAUtil.isRsaOid in Java build
            if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
                || algOid.Equals(X509ObjectIdentifiers.IdEARsa)
                || algOid.Equals(PkcsObjectIdentifiers.IdRsassaPss)
                || algOid.Equals(PkcsObjectIdentifiers.IdRsaesOaep))
            {
                RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(
                    keyInfo.GetPublicKey());

                return new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent);
            }
            else if (algOid.Equals(X9ObjectIdentifiers.DHPublicNumber))
            {
                Asn1Sequence seq = Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object());

                DHPublicKey dhPublicKey = DHPublicKey.GetInstance(keyInfo.GetPublicKey());

                BigInteger y = dhPublicKey.Y.Value;

                if (IsPkcsDHParam(seq))
                    return ReadPkcsDHParam(algOid, y, seq);

                DHDomainParameters dhParams = DHDomainParameters.GetInstance(seq);

                BigInteger p = dhParams.P.Value;
                BigInteger g = dhParams.G.Value;
                BigInteger q = dhParams.Q.Value;

                BigInteger j = null;
                if (dhParams.J != null)
                {
                    j = dhParams.J.Value;
                }

                DHValidationParameters validation = null;
                DHValidationParms dhValidationParms = dhParams.ValidationParms;
                if (dhValidationParms != null)
                {
                    byte[] seed = dhValidationParms.Seed.GetBytes();
                    BigInteger pgenCounter = dhValidationParms.PgenCounter.Value;

                    // TODO Check pgenCounter size?

                    validation = new DHValidationParameters(seed, pgenCounter.IntValue);
                }

                return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
            }
            else if (algOid.Equals(PkcsObjectIdentifiers.DhKeyAgreement))
            {
                Asn1Sequence seq = Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object());

                DerInteger derY = (DerInteger) keyInfo.GetPublicKey();

                return ReadPkcsDHParam(algOid, derY.Value, seq);
            }
            else if (algOid.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
            {
                ElGamalParameter para = new ElGamalParameter(
                    Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
                DerInteger derY = (DerInteger) keyInfo.GetPublicKey();

                return new ElGamalPublicKeyParameters(
                    derY.Value,
                    new ElGamalParameters(para.P, para.G));
            }
            else if (algOid.Equals(X9ObjectIdentifiers.IdDsa)
                || algOid.Equals(OiwObjectIdentifiers.DsaWithSha1))
            {
                DerInteger derY = (DerInteger) keyInfo.GetPublicKey();
                Asn1Encodable ae = algID.Parameters;

                DsaParameters parameters = null;
                if (ae != null)
                {
                    DsaParameter para = DsaParameter.GetInstance(ae.ToAsn1Object());
                    parameters = new DsaParameters(para.P, para.Q, para.G);
                }

                return new DsaPublicKeyParameters(derY.Value, parameters);
            }
            else if (algOid.Equals(X9ObjectIdentifiers.IdECPublicKey))
            {
                X962Parameters para = new X962Parameters(algID.Parameters.ToAsn1Object());

                X9ECParameters x9;
                if (para.IsNamedCurve)
                {
                    x9 = ECKeyPairGenerator.FindECCurveByOid((DerObjectIdentifier)para.Parameters);
                }
                else
                {
                    x9 = new X9ECParameters((Asn1Sequence)para.Parameters);
                }

                Asn1OctetString key = new DerOctetString(keyInfo.PublicKeyData.GetBytes());
                X9ECPoint derQ = new X9ECPoint(x9.Curve, key);
                ECPoint q = derQ.Point;

                if (para.IsNamedCurve)
                {
                    return new ECPublicKeyParameters("EC", q, (DerObjectIdentifier)para.Parameters);
                }

                ECDomainParameters dParams = new ECDomainParameters(x9.Curve, x9.G, x9.N, x9.H, x9.GetSeed());
                return new ECPublicKeyParameters(q, dParams);
            }
            else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
            {
                Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
                    (Asn1Sequence) algID.Parameters);

                Asn1OctetString key;
                try
                {
                    key = (Asn1OctetString) keyInfo.GetPublicKey();
                }
                catch (IOException)
                {
                    throw new ArgumentException("invalid info structure in GOST3410 public key");
                }

                byte[] keyEnc = key.GetOctets();
                byte[] x = new byte[32];
                byte[] y = new byte[32];

                for (int i = 0; i != y.Length; i++)
                {
                    x[i] = keyEnc[32 - 1 - i];
                }

                for (int i = 0; i != x.Length; i++)
                {
                    y[i] = keyEnc[64 - 1 - i];
                }

                ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);

                if (ecP == null)
                    return null;

                ECPoint q = ecP.Curve.CreatePoint(new BigInteger(1, x), new BigInteger(1, y));

                return new ECPublicKeyParameters("ECGOST3410", q, gostParams.PublicKeyParamSet);
            }
            else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x94))
            {
                Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
                    (Asn1Sequence) algID.Parameters);

                DerOctetString derY;
                try
                {
                    derY = (DerOctetString) keyInfo.GetPublicKey();
                }
                catch (IOException)
                {
                    throw new ArgumentException("invalid info structure in GOST3410 public key");
                }

                byte[] keyEnc = derY.GetOctets();
                byte[] keyBytes = new byte[keyEnc.Length];

                for (int i = 0; i != keyEnc.Length; i++)
                {
                    keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
                }

                BigInteger y = new BigInteger(1, keyBytes);

                return new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet);
            }
            else
            {
                throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algOid);
            }
        }
		/**
		 * Return a RFC 3280 type 1 key identifier. As in:
		 * <pre>
		 * (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
		 * value of the BIT STRING subjectPublicKey (excluding the tag,
		 * length, and number of unused bits).
		 * </pre>
		 * @param keyInfo the key info object containing the subjectPublicKey field.
		 * @return the key identifier.
		 */
		public static SubjectKeyIdentifier CreateSha1KeyIdentifier(
			SubjectPublicKeyInfo keyInfo)
		{
			return new SubjectKeyIdentifier(keyInfo);
		}
		/**
		 * Calculates the keyIdentifier using a SHA1 hash over the BIT STRING
		 * from SubjectPublicKeyInfo as defined in RFC3280.
		 *
		 * @param spki the subject public key info.
		 */
		public SubjectKeyIdentifier(
			SubjectPublicKeyInfo spki)
		{
			this.keyIdentifier = GetDigest(spki);
		}
		private static byte[] GetDigest(
			SubjectPublicKeyInfo spki)
		{
            IDigest digest = new Sha1Digest();
            byte[] resBuf = new byte[digest.GetDigestSize()];

			byte[] bytes = spki.PublicKeyData.GetBytes();
            digest.BlockUpdate(bytes, 0, bytes.Length);
            digest.DoFinal(resBuf, 0);
            return resBuf;
		}
        /**
        * Read a Key Pair
        */
        private object ReadPrivateKey(PemObject pemObject)
        {
            //
            // extract the key
            //
            Debug.Assert(pemObject.Type.EndsWith("PRIVATE KEY"));

            string type = pemObject.Type.Substring(0, pemObject.Type.Length - "PRIVATE KEY".Length).Trim();
            byte[] keyBytes = pemObject.Content;

            IDictionary fields = Platform.CreateHashtable();
            foreach (PemHeader header in pemObject.Headers)
            {
                fields[header.Name] = header.Value;
            }

            string procType = (string) fields["Proc-Type"];

            if (procType == "4,ENCRYPTED")
            {
                if (pFinder == null)
                    throw new PasswordException("No password finder specified, but a password is required");

                char[] password = pFinder.GetPassword();

                if (password == null)
                    throw new PasswordException("Password is null, but a password is required");

                string dekInfo = (string) fields["DEK-Info"];
                string[] tknz = dekInfo.Split(',');

                string dekAlgName = tknz[0].Trim();
                byte[] iv = Hex.Decode(tknz[1].Trim());

                keyBytes = PemUtilities.Crypt(false, keyBytes, password, dekAlgName, iv);
            }

            try
            {
                IAsymmetricKeyParameter pubSpec, privSpec;
                Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(keyBytes);

                switch (type)
                {
                    case "RSA":
                    {
                        if (seq.Count != 9)
                            throw new PemException("malformed sequence in RSA private key");

                        RsaPrivateKeyStructure rsa = new RsaPrivateKeyStructure(seq);

                        pubSpec = new RsaKeyParameters(false, rsa.Modulus, rsa.PublicExponent);
                        privSpec = new RsaPrivateCrtKeyParameters(
                            rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
                            rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2,
                            rsa.Coefficient);

                        break;
                    }

                    case "DSA":
                    {
                        if (seq.Count != 6)
                            throw new PemException("malformed sequence in DSA private key");

                        // TODO Create an ASN1 object somewhere for this?
                        //DerInteger v = (DerInteger)seq[0];
                        DerInteger p = (DerInteger)seq[1];
                        DerInteger q = (DerInteger)seq[2];
                        DerInteger g = (DerInteger)seq[3];
                        DerInteger y = (DerInteger)seq[4];
                        DerInteger x = (DerInteger)seq[5];

                        DsaParameters parameters = new DsaParameters(p.Value, q.Value, g.Value);

                        privSpec = new DsaPrivateKeyParameters(x.Value, parameters);
                        pubSpec = new DsaPublicKeyParameters(y.Value, parameters);

                        break;
                    }

                    case "EC":
                    {
                        ECPrivateKeyStructure pKey = new ECPrivateKeyStructure(seq);
                        AlgorithmIdentifier algId = new AlgorithmIdentifier(
                            X9ObjectIdentifiers.IdECPublicKey, pKey.GetParameters());

                        PrivateKeyInfo privInfo = new PrivateKeyInfo(algId, pKey.ToAsn1Object());

                        // TODO Are the keys returned here ECDSA, as Java version forces?
                        privSpec = PrivateKeyFactory.CreateKey(privInfo);

                        DerBitString pubKey = pKey.GetPublicKey();
                        if (pubKey != null)
                        {
                            SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(algId, pubKey.GetBytes());

                            // TODO Are the keys returned here ECDSA, as Java version forces?
                            pubSpec = PublicKeyFactory.CreateKey(pubInfo);
                        }
                        else
                        {
                            pubSpec = ECKeyPairGenerator.GetCorrespondingPublicKey(
                                (ECPrivateKeyParameters)privSpec);
                        }

                        break;
                    }

                    case "ENCRYPTED":
                    {
                        char[] password = pFinder.GetPassword();

                        if (password == null)
                            throw new PasswordException("Password is null, but a password is required");

                        return PrivateKeyFactory.DecryptKey(password, EncryptedPrivateKeyInfo.GetInstance(seq));
                    }

                    case "":
                    {
                        return PrivateKeyFactory.CreateKey(PrivateKeyInfo.GetInstance(seq));
                    }

                    default:
                        throw new ArgumentException("Unknown key type: " + type, "type");
                }

                return new AsymmetricCipherKeyPair(pubSpec, privSpec);
            }
            catch (IOException e)
            {
                throw e;
            }
            catch (Exception e)
            {
                throw new PemException(
                    "problem creating " + type + " private key: " + e.ToString());
            }
        }
		public void SetSubjectPublicKeyInfo(
            SubjectPublicKeyInfo pubKeyInfo)
        {
            this.subjectPublicKeyInfo = pubKeyInfo;
        }
 /**
  *
  * Calulates the keyidentifier using a SHA1 hash over the BIT STRING
  * from SubjectPublicKeyInfo as defined in RFC2459.
  *
  * Example of making a AuthorityKeyIdentifier:
  * <pre>
  *   SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
  *       publicKey.getEncoded()).readObject());
  *   AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
  * </pre>
  *
  **/
 public AuthorityKeyIdentifier(
     SubjectPublicKeyInfo spki)
     : this(spki, null, null)
 {
 }
		public static AsymmetricKeyParameter CreateKey(
			SubjectPublicKeyInfo keyInfo)
        {
            AlgorithmIdentifier algID = keyInfo.AlgorithmID;
			DerObjectIdentifier algOid = algID.ObjectID;

			// TODO See RSAUtil.isRsaOid in Java build
			if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
				|| algOid.Equals(X509ObjectIdentifiers.IdEARsa)
				|| algOid.Equals(PkcsObjectIdentifiers.IdRsassaPss)
				|| algOid.Equals(PkcsObjectIdentifiers.IdRsaesOaep))
			{
				RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(
					keyInfo.GetPublicKey());

				return new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent);
			}
			else if (algOid.Equals(PkcsObjectIdentifiers.DhKeyAgreement)
				|| algOid.Equals(X9ObjectIdentifiers.DHPublicNumber))
			{
				DHParameter para = new DHParameter(
					Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
				DerInteger derY = (DerInteger) keyInfo.GetPublicKey();

				BigInteger lVal = para.L;
				int l = lVal == null ? 0 : lVal.IntValue;
				DHParameters dhParams = new DHParameters(para.P, para.G, null, l);

				return new DHPublicKeyParameters(derY.Value, dhParams);
			}
			else if (algOid.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
			{
				ElGamalParameter para = new ElGamalParameter(
					Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
				DerInteger derY = (DerInteger) keyInfo.GetPublicKey();

				return new ElGamalPublicKeyParameters(
					derY.Value,
					new ElGamalParameters(para.P, para.G));
			}
			else if (algOid.Equals(X9ObjectIdentifiers.IdDsa)
				|| algOid.Equals(OiwObjectIdentifiers.DsaWithSha1))
			{
				DerInteger derY = (DerInteger) keyInfo.GetPublicKey();
				Asn1Encodable ae = algID.Parameters;

				DsaParameters parameters = null;
				if (ae != null)
				{
					DsaParameter para = DsaParameter.GetInstance(ae.ToAsn1Object());
					parameters = new DsaParameters(para.P, para.Q, para.G);
				}

				return new DsaPublicKeyParameters(derY.Value, parameters);
			}
			else if (algOid.Equals(X9ObjectIdentifiers.IdECPublicKey))
			{
				X962Parameters para = new X962Parameters(
					algID.Parameters.ToAsn1Object());
				X9ECParameters ecP;

				if (para.IsNamedCurve)
				{
					// TODO ECGost3410NamedCurves support (returns ECDomainParameters though)

					DerObjectIdentifier oid = (DerObjectIdentifier)para.Parameters;
					ecP = X962NamedCurves.GetByOid(oid);

					if (ecP == null)
					{
						ecP = SecNamedCurves.GetByOid(oid);

						if (ecP == null)
						{
							ecP = NistNamedCurves.GetByOid(oid);

							if (ecP == null)
							{
								ecP = TeleTrusTNamedCurves.GetByOid(oid);
							}
						}
					}
				}
				else
				{
					ecP = new X9ECParameters((Asn1Sequence)para.Parameters);
				}

				ECDomainParameters dParams = new ECDomainParameters(
					ecP.Curve,
					ecP.G,
					ecP.N,
					ecP.H,
					ecP.GetSeed());

				DerBitString bits = keyInfo.PublicKeyData;
				byte[] data = bits.GetBytes();
				Asn1OctetString key = new DerOctetString(data);

				X9ECPoint derQ = new X9ECPoint(dParams.Curve, key);

				return new ECPublicKeyParameters(derQ.Point, dParams);
			}
			else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
			{
				Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
					(Asn1Sequence) algID.Parameters);

				Asn1OctetString key;
				try
				{
					key = (Asn1OctetString) keyInfo.GetPublicKey();
				}
				catch (IOException)
				{
					throw new ArgumentException("invalid info structure in GOST3410 public key");
				}

				byte[] keyEnc = key.GetOctets();
				byte[] x = new byte[32];
				byte[] y = new byte[32];

				for (int i = 0; i != y.Length; i++)
				{
					x[i] = keyEnc[32 - 1 - i];
				}

				for (int i = 0; i != x.Length; i++)
				{
					y[i] = keyEnc[64 - 1 - i];
				}

				ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);

				if (ecP == null)
					return null;

				ECPoint q = ecP.Curve.CreatePoint(new BigInteger(1, x), new BigInteger(1, y), false);

				return new ECPublicKeyParameters(q, gostParams.PublicKeyParamSet);
			}
			else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x94))
			{
				Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
					(Asn1Sequence) algID.Parameters);

				DerOctetString derY;
				try
				{
					derY = (DerOctetString) keyInfo.GetPublicKey();
				}
				catch (IOException)
				{
					throw new ArgumentException("invalid info structure in GOST3410 public key");
				}

				byte[] keyEnc = derY.GetOctets();
				byte[] keyBytes = new byte[keyEnc.Length];

				for (int i = 0; i != keyEnc.Length; i++)
				{
					keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
				}

				BigInteger y = new BigInteger(1, keyBytes);

				return new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet);
			}
            else
            {
                throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algOid);
            }
        }
Beispiel #26
0
 public void SetSubjectPublicKeyInfo(SubjectPublicKeyInfo pubKeyInfo)
 {
     subjectPublicKeyInfo = pubKeyInfo;
 }
Beispiel #27
0
        internal TbsCertificateStructure(
            Asn1Sequence seq)
        {
            int seqStart = 0;

            this.seq = seq;

            //
            // some certficates don't include a version number - we assume v1
            //
            if (seq[0] is DerTaggedObject)
            {
                version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
            }
            else
            {
                seqStart = -1;                          // field 0 is missing!
                version  = new DerInteger(0);
            }

            bool isV1 = false;
            bool isV2 = false;

            if (version.Value.Equals(BigInteger.Zero))
            {
                isV1 = true;
            }
            else if (version.Value.Equals(BigInteger.One))
            {
                isV2 = true;
            }
            else if (!version.Value.Equals(BigInteger.Two))
            {
                throw new ArgumentException("version number not recognised");
            }

            serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);

            signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
            issuer    = X509Name.GetInstance(seq[seqStart + 3]);

            //
            // before and after dates
            //
            Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];

            startDate = Time.GetInstance(dates[0]);
            endDate   = Time.GetInstance(dates[1]);

            subject = X509Name.GetInstance(seq[seqStart + 5]);

            //
            // public key info.
            //
            subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);

            int extras = seq.Count - (seqStart + 6) - 1;

            if (extras != 0 && isV1)
            {
                throw new ArgumentException("version 1 certificate contains extra data");
            }

            while (extras > 0)
            {
                DerTaggedObject extra = (DerTaggedObject)seq[seqStart + 6 + extras];

                switch (extra.TagNo)
                {
                case 1:
                {
                    issuerUniqueID = DerBitString.GetInstance(extra, false);
                    break;
                }

                case 2:
                {
                    subjectUniqueID = DerBitString.GetInstance(extra, false);
                    break;
                }

                case 3:
                {
                    if (isV2)
                    {
                        throw new ArgumentException("version 2 certificate cannot contain extensions");
                    }

                    extensions = X509Extensions.GetInstance(extra);
                    break;
                }
                }
                extras--;
            }
        }
Beispiel #28
0
 /**
  * Calculates the keyIdentifier using a SHA1 hash over the BIT STRING
  * from SubjectPublicKeyInfo as defined in RFC3280.
  *
  * @param spki the subject public key info.
  */
 public SubjectKeyIdentifier(
     SubjectPublicKeyInfo spki)
 {
     this.keyIdentifier = GetDigest(spki);
 }
		/**
		 * Return a RFC 3280 type 2 key identifier. As in:
		 * <pre>
		 * (2) The keyIdentifier is composed of a four bit type field with
		 * the value 0100 followed by the least significant 60 bits of the
		 * SHA-1 hash of the value of the BIT STRING subjectPublicKey.
		 * </pre>
		 * @param keyInfo the key info object containing the subjectPublicKey field.
		 * @return the key identifier.
		 */
		public static SubjectKeyIdentifier CreateTruncatedSha1KeyIdentifier(
			SubjectPublicKeyInfo keyInfo)
		{
			byte[] dig = GetDigest(keyInfo);
			byte[] id = new byte[8];

			Array.Copy(dig, dig.Length - 8, id, 0, id.Length);

			id[0] &= 0x0f;
			id[0] |= 0x40;

			return new SubjectKeyIdentifier(id);
		}
		/// <summary>
        /// Create a Subject Public Key Info object for a given public key.
        /// </summary>
        /// <param name="key">One of ElGammalPublicKeyParameters, DSAPublicKeyParameter, DHPublicKeyParameters, RsaKeyParameters or ECPublicKeyParameters</param>
        /// <returns>A subject public key info object.</returns>
        /// <exception cref="Exception">Throw exception if object provided is not one of the above.</exception>
        public static SubjectPublicKeyInfo CreateSubjectPublicKeyInfo(
			AsymmetricKeyParameter key)
        {
			if (key == null)
				throw new ArgumentNullException("key");
            if (key.IsPrivate)
                throw new ArgumentException("Private key passed - public key expected.", "key");

			if (key is ElGamalPublicKeyParameters)
            {
				ElGamalPublicKeyParameters _key = (ElGamalPublicKeyParameters)key;
				ElGamalParameters kp = _key.Parameters;

				SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
					new AlgorithmIdentifier(
						OiwObjectIdentifiers.ElGamalAlgorithm,
						new ElGamalParameter(kp.P, kp.G).ToAsn1Object()),
						new DerInteger(_key.Y));

				return info;
            }

			if (key is DsaPublicKeyParameters)
            {
                DsaPublicKeyParameters _key = (DsaPublicKeyParameters) key;
				DsaParameters kp = _key.Parameters;
				Asn1Encodable ae = kp == null
					?	null
					:	new DsaParameter(kp.P, kp.Q, kp.G).ToAsn1Object();

				return new SubjectPublicKeyInfo(
                    new AlgorithmIdentifier(X9ObjectIdentifiers.IdDsa, ae),
					new DerInteger(_key.Y));
            }

			if (key is DHPublicKeyParameters)
            {
                DHPublicKeyParameters _key = (DHPublicKeyParameters) key;
				DHParameters kp = _key.Parameters;

				SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                    new AlgorithmIdentifier(
						X9ObjectIdentifiers.DHPublicNumber,
						new DHParameter(kp.P, kp.G, kp.L).ToAsn1Object()),
						new DerInteger(_key.Y));

				return info;
            } // End of DH

            if (key is RsaKeyParameters)
            {
                RsaKeyParameters _key = (RsaKeyParameters) key;

				SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
					new AlgorithmIdentifier(PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance),
					new RsaPublicKeyStructure(_key.Modulus, _key.Exponent).ToAsn1Object());

				return info;
            } // End of RSA.

			if (key is ECPublicKeyParameters)
            {
                ECPublicKeyParameters _key = (ECPublicKeyParameters) key;

				if (_key.AlgorithmName == "ECGOST3410")
				{
					if (_key.PublicKeyParamSet == null)
						throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");

					ECPoint q = _key.Q;
					BigInteger bX = q.X.ToBigInteger();
					BigInteger bY = q.Y.ToBigInteger();

					byte[] encKey = new byte[64];
					ExtractBytes(encKey, 0, bX);
					ExtractBytes(encKey, 32, bY);

					Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
						_key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet);

					AlgorithmIdentifier algID = new AlgorithmIdentifier(
						CryptoProObjectIdentifiers.GostR3410x2001,
						gostParams.ToAsn1Object());

					return new SubjectPublicKeyInfo(algID, new DerOctetString(encKey));
				}
				else
				{
					ECDomainParameters kp = _key.Parameters;

					X9ECParameters ecP = new X9ECParameters(kp.Curve, kp.G, kp.N, kp.H, kp.GetSeed());
					X962Parameters x962 = new X962Parameters(ecP);
					Asn1OctetString p = (Asn1OctetString)(new X9ECPoint(_key.Q).ToAsn1Object());

					AlgorithmIdentifier algID = new AlgorithmIdentifier(
						X9ObjectIdentifiers.IdECPublicKey, x962.ToAsn1Object());

					return new SubjectPublicKeyInfo(algID, p.GetOctets());
				}
			} // End of EC

			if (key is Gost3410PublicKeyParameters)
			{
				Gost3410PublicKeyParameters _key = (Gost3410PublicKeyParameters) key;

				if (_key.PublicKeyParamSet == null)
					throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");

				byte[] keyEnc = _key.Y.ToByteArrayUnsigned();
				byte[] keyBytes = new byte[keyEnc.Length];

				for (int i = 0; i != keyBytes.Length; i++)
				{
					keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian
				}

				Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
					_key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet);

				AlgorithmIdentifier algID = new AlgorithmIdentifier(
					CryptoProObjectIdentifiers.GostR3410x94,
					algParams.ToAsn1Object());

				return new SubjectPublicKeyInfo(algID, new DerOctetString(keyBytes));
			}

			throw new ArgumentException("Class provided no convertible: " + key.GetType().FullName);
		}
Beispiel #31
0
 public static SubjectPublicKeyInfo GetInstance(Asn1TaggedObject obj, bool explicitly)
 {
     return(SubjectPublicKeyInfo.GetInstance(Asn1Sequence.GetInstance(obj, explicitly)));
 }
 private AsymmetricKeyParameter GetPublicKeyFromOriginatorPublicKey(
     AsymmetricKeyParameter	receiverPrivateKey,
     OriginatorPublicKey		originatorPublicKey)
 {
     PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(receiverPrivateKey);
     SubjectPublicKeyInfo pubInfo = new SubjectPublicKeyInfo(
         privInfo.PrivateKeyAlgorithm,
         originatorPublicKey.PublicKey.GetBytes());
     return PublicKeyFactory.CreateKey(pubInfo);
 }
        private void TbsV3CertGenerate()
        {
            V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
            DateTime startDate = new DateTime(1970, 1, 1, 0, 0, 1);
            DateTime endDate = new DateTime(1970, 1, 1, 0, 0, 2);

            gen.SetSerialNumber(new DerInteger(2));

            gen.SetStartDate(new Time(startDate));
            gen.SetEndDate(new Time(endDate));

            gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
            gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"));

            gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));

            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                new AlgorithmIdentifier(
                    OiwObjectIdentifiers.ElGamalAlgorithm,
                    new ElGamalParameter(BigInteger.One, BigInteger.Two)),
                new DerInteger(3));

            gen.SetSubjectPublicKeyInfo(info);

            //
            // add extensions
            //
            IList order = new ArrayList();
            IDictionary extensions = new Hashtable();

            order.Add(X509Extensions.AuthorityKeyIdentifier);
            order.Add(X509Extensions.SubjectKeyIdentifier);
            order.Add(X509Extensions.KeyUsage);

            extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
            extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(true, new DerOctetString(new SubjectKeyIdentifier(info))));
            extensions.Add(X509Extensions.KeyUsage, new X509Extension(false, new DerOctetString(new KeyUsage(KeyUsage.DataEncipherment))));

            X509Extensions ex = new X509Extensions(order, extensions);

            gen.SetExtensions(ex);

            TbsCertificateStructure tbs = gen.GenerateTbsCertificate();

            if (!Arrays.AreEqual(tbs.GetEncoded(), v3Cert))
            {
                Fail("failed v3 cert generation");
            }

            //
            // read back test
            //
            Asn1Object o = Asn1Object.FromByteArray(v3Cert);

            if (!Arrays.AreEqual(o.GetEncoded(), v3Cert))
            {
                Fail("failed v3 cert read back test");
            }
        }
        private void TbsV3CertGenWithNullSubject()
        {
            V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
            DateTime startDate = new DateTime(1970, 1, 1, 0, 0, 1);
            DateTime endDate = new DateTime(1970, 1, 1, 0, 0, 2);

            gen.SetSerialNumber(new DerInteger(2));

            gen.SetStartDate(new Time(startDate));
            gen.SetEndDate(new Time(endDate));

            gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));

            gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));

            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                new AlgorithmIdentifier(OiwObjectIdentifiers.ElGamalAlgorithm,
                    new ElGamalParameter(BigInteger.One, BigInteger.Two)),
                new DerInteger(3));

            gen.SetSubjectPublicKeyInfo(info);

            try
            {
                gen.GenerateTbsCertificate();
                Fail("null subject not caught!");
            }
            catch (InvalidOperationException e)
            {
                if (!e.Message.Equals("not all mandatory fields set in V3 TBScertificate generator"))
                {
                    Fail("unexpected exception", e);
                }
            }

            //
            // add extensions
            //
            IList order = new ArrayList();
            IDictionary extensions = new Hashtable();

            order.Add(X509Extensions.SubjectAlternativeName);

            extensions.Add(
                X509Extensions.SubjectAlternativeName,
                new X509Extension(
                    true,
                    new DerOctetString(
                        new GeneralNames(
                            new GeneralName(
                                new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"))))));

            X509Extensions ex = new X509Extensions(order, extensions);

            gen.SetExtensions(ex);

            TbsCertificateStructure tbs = gen.GenerateTbsCertificate();

            if (!Arrays.AreEqual(tbs.GetEncoded(), v3CertNullSubject))
            {
                Fail("failed v3 null sub cert generation");
            }

            //
            // read back test
            //
            Asn1Object o = Asn1Object.FromByteArray(v3CertNullSubject);

            if (!Arrays.AreEqual(o.GetEncoded(), v3CertNullSubject))
            {
                Fail("failed v3 null sub cert read back test");
            }
        }
        private AuthorityKeyIdentifier CreateAuthorityKeyId(
            SubjectPublicKeyInfo	info,
            X509Name				name,
            int						sNumber)
        {
            GeneralName genName = new GeneralName(name);

            return new AuthorityKeyIdentifier(
                info,
                GeneralNames.GetInstance(new DerSequence(genName)),
                BigInteger.ValueOf(sNumber));
        }
        private void TbsV2CertListGenerate()
        {
            V2TbsCertListGenerator gen = new V2TbsCertListGenerator();

            gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));

            gen.AddCrlEntry(new DerInteger(1), new Time(new DateTime(1970, 1, 1, 0, 0, 1)), ReasonFlags.AACompromise);

            gen.SetNextUpdate(new Time(new DateTime(1970, 1, 1, 0, 0, 2)));

            gen.SetThisUpdate(new Time(new DateTime(1970, 1, 1, 0, 0, 0, 500)));

            gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance));

            //
            // extensions
            //
            IList order = new ArrayList();
            IDictionary extensions = new Hashtable();
            SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
                new AlgorithmIdentifier(
                    OiwObjectIdentifiers.ElGamalAlgorithm,
                    new ElGamalParameter(BigInteger.One, BigInteger.Two)),
                new DerInteger(3));

            order.Add(X509Extensions.AuthorityKeyIdentifier);
            order.Add(X509Extensions.IssuerAlternativeName);
            order.Add(X509Extensions.CrlNumber);
            order.Add(X509Extensions.IssuingDistributionPoint);

            extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
            extensions.Add(X509Extensions.IssuerAlternativeName, new X509Extension(false, new DerOctetString(GeneralNames.GetInstance(new DerSequence(new GeneralName(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 3")))))));
            extensions.Add(X509Extensions.CrlNumber, new X509Extension(false, new DerOctetString(new DerInteger(1))));
            extensions.Add(X509Extensions.IssuingDistributionPoint, new X509Extension(true, new DerOctetString(IssuingDistributionPoint.GetInstance(DerSequence.Empty))));

            X509Extensions ex = new X509Extensions(order, extensions);

            gen.SetExtensions(ex);

            TbsCertificateList tbs = gen.GenerateTbsCertList();

            if (!Arrays.AreEqual(tbs.GetEncoded(), v2CertList))
            {
                Fail("failed v2 cert list generation");
            }

            //
            // read back test
            //
            Asn1InputStream aIn = new Asn1InputStream(v2CertList);
            Asn1Object o = aIn.ReadObject();

            if (!Arrays.AreEqual(o.GetEncoded(), v2CertList))
            {
                Fail("failed v2 cert list read back test");
            }
        }
 private static byte[] GetDigest(SubjectPublicKeyInfo spki)
 {
     byte[] bytes = spki.PublicKeyData.GetBytes();
     return(Digests.DoFinal(new Sha1Digest(), bytes, 0, bytes.Length));
 }