// methods
private void Decode(byte[] data)
{
ASN1 encryptedPrivateKeyInfo = new ASN1(data);
if (encryptedPrivateKeyInfo.Tag != 0x30)
{
throw new CryptographicException("invalid EncryptedPrivateKeyInfo");
}
ASN1 encryptionAlgorithm = encryptedPrivateKeyInfo [0];
if (encryptionAlgorithm.Tag != 0x30)
{
throw new CryptographicException("invalid encryptionAlgorithm");
}
ASN1 algorithm = encryptionAlgorithm [0];
if (algorithm.Tag != 0x06)
{
throw new CryptographicException("invalid algorithm");
}
_algorithm = ASN1Convert.ToOid(algorithm);
// parameters ANY DEFINED BY algorithm OPTIONAL
if (encryptionAlgorithm.Count > 1)
{
ASN1 parameters = encryptionAlgorithm [1];
if (parameters.Tag != 0x30)
{
throw new CryptographicException("invalid parameters");
}
ASN1 salt = parameters [0];
if (salt.Tag != 0x04)
{
throw new CryptographicException("invalid salt");
}
_salt = salt.Value;
ASN1 iterationCount = parameters [1];
if (iterationCount.Tag != 0x02)
{
throw new CryptographicException("invalid iterationCount");
}
_iterations = ASN1Convert.ToInt32(iterationCount);
}
ASN1 encryptedData = encryptedPrivateKeyInfo [1];
if (encryptedData.Tag != 0x04)
{
throw new CryptographicException("invalid EncryptedData");
}
_data = encryptedData.Value;
}
// internal stuff
internal void Decode(byte[] attribute)
{
if ((attribute == null) || (attribute [0] != 0x06))
{
throw new CryptographicException(Locale.GetText("Expected an OID."));
}
ASN1 oid = new ASN1(attribute);
_contentType = new Oid(ASN1Convert.ToOid(oid));
_encoded = null;
}
protected override void Decode()
{
keyPurpose = new ArrayList();
ASN1 aSN = new ASN1(extnValue.Value);
if (aSN.Tag != 48)
{
throw new ArgumentException("Invalid ExtendedKeyUsage extension");
}
for (int i = 0; i < aSN.Count; i++)
{
keyPurpose.Add(ASN1Convert.ToOid(aSN[i]));
}
}
protected override void Decode()
{
this.policies = new Hashtable();
ASN1 asn = new ASN1(this.extnValue.Value);
if (asn.Tag != 48)
{
throw new ArgumentException("Invalid CertificatePolicies extension");
}
for (int i = 0; i < asn.Count; i++)
{
this.policies.Add(ASN1Convert.ToOid(asn[i][0]), null);
}
}
protected override void Decode()
{
this.policies = new Hashtable();
ASN1 asN1 = new ASN1(this.extnValue.Value);
if (asN1.Tag != (byte)48)
{
throw new ArgumentException("Invalid CertificatePolicies extension");
}
for (int index = 0; index < asN1.Count; ++index)
{
this.policies.Add((object)ASN1Convert.ToOid(asN1[index][0]), (object)null);
}
}
protected override void Decode()
{
this.keyPurpose = new ArrayList();
ASN1 asn = new ASN1(base.extnValue.Value);
if (asn.Tag != 0x30)
{
throw new ArgumentException("Invalid ExtendedKeyUsage extension");
}
for (int i = 0; i < asn.Count; i++)
{
this.keyPurpose.Add(ASN1Convert.ToOid(asn[i]));
}
}
private void Decode(byte[] data)
{
ASN1 aSN = new ASN1(data);
if (aSN.Tag != 48)
{
throw new CryptographicException("invalid EncryptedPrivateKeyInfo");
}
ASN1 aSN2 = aSN[0];
if (aSN2.Tag != 48)
{
throw new CryptographicException("invalid encryptionAlgorithm");
}
ASN1 aSN3 = aSN2[0];
if (aSN3.Tag != 6)
{
throw new CryptographicException("invalid algorithm");
}
_algorithm = ASN1Convert.ToOid(aSN3);
if (aSN2.Count > 1)
{
ASN1 aSN4 = aSN2[1];
if (aSN4.Tag != 48)
{
throw new CryptographicException("invalid parameters");
}
ASN1 aSN5 = aSN4[0];
if (aSN5.Tag != 4)
{
throw new CryptographicException("invalid salt");
}
_salt = aSN5.Value;
ASN1 aSN6 = aSN4[1];
if (aSN6.Tag != 2)
{
throw new CryptographicException("invalid iterationCount");
}
_iterations = ASN1Convert.ToInt32(aSN6);
}
ASN1 aSN7 = aSN[1];
if (aSN7.Tag != 4)
{
throw new CryptographicException("invalid EncryptedData");
}
_data = aSN7.Value;
}
private void Decode(byte[] data)
{
ASN1 asn = new ASN1(data);
if (asn.Tag != 48)
{
throw new CryptographicException("invalid EncryptedPrivateKeyInfo");
}
ASN1 asn2 = asn[0];
if (asn2.Tag != 48)
{
throw new CryptographicException("invalid encryptionAlgorithm");
}
ASN1 asn3 = asn2[0];
if (asn3.Tag != 6)
{
throw new CryptographicException("invalid algorithm");
}
this._algorithm = ASN1Convert.ToOid(asn3);
if (asn2.Count > 1)
{
ASN1 asn4 = asn2[1];
if (asn4.Tag != 48)
{
throw new CryptographicException("invalid parameters");
}
ASN1 asn5 = asn4[0];
if (asn5.Tag != 4)
{
throw new CryptographicException("invalid salt");
}
this._salt = asn5.Value;
ASN1 asn6 = asn4[1];
if (asn6.Tag != 2)
{
throw new CryptographicException("invalid iterationCount");
}
this._iterations = ASN1Convert.ToInt32(asn6);
}
ASN1 asn7 = asn[1];
if (asn7.Tag != 4)
{
throw new CryptographicException("invalid EncryptedData");
}
this._data = asn7.Value;
}
private void Decode(byte[] data)
{
ASN1 asN1_1 = new ASN1(data);
if (asN1_1.Tag != (byte)48)
{
throw new CryptographicException("invalid EncryptedPrivateKeyInfo");
}
ASN1 asN1_2 = asN1_1[0];
if (asN1_2.Tag != (byte)48)
{
throw new CryptographicException("invalid encryptionAlgorithm");
}
ASN1 asn1_1 = asN1_2[0];
if (asn1_1.Tag != (byte)6)
{
throw new CryptographicException("invalid algorithm");
}
this._algorithm = ASN1Convert.ToOid(asn1_1);
if (asN1_2.Count > 1)
{
ASN1 asN1_3 = asN1_2[1];
if (asN1_3.Tag != (byte)48)
{
throw new CryptographicException("invalid parameters");
}
ASN1 asN1_4 = asN1_3[0];
if (asN1_4.Tag != (byte)4)
{
throw new CryptographicException("invalid salt");
}
this._salt = asN1_4.Value;
ASN1 asn1_2 = asN1_3[1];
if (asn1_2.Tag != (byte)2)
{
throw new CryptographicException("invalid iterationCount");
}
this._iterations = ASN1Convert.ToInt32(asn1_2);
}
ASN1 asN1_5 = asN1_1[1];
if (asN1_5.Tag != (byte)4)
{
throw new CryptographicException("invalid EncryptedData");
}
this._data = asN1_5.Value;
}
protected override void Decode()
{
policies = new Hashtable();
ASN1 sequence = new ASN1(extnValue.Value);
if (sequence.Tag != 0x30)
{
throw new ArgumentException("Invalid CertificatePolicies extension");
}
// for every policy OID
for (int i = 0; i < sequence.Count; i++)
{
policies.Add(ASN1Convert.ToOid(sequence [i][0]), null);
}
}
protected override void Decode()
{
keyPurpose = new ArrayList();
ASN1 sequence = new ASN1(extnValue.Value);
if (sequence.Tag != 0x30)
{
throw new ArgumentException("Invalid ExtendedKeyUsage extension");
}
// for every policy OID
for (int i = 0; i < sequence.Count; i++)
{
keyPurpose.Add(ASN1Convert.ToOid(sequence [i]));
}
}
public X509Extension(ASN1 asn1)
{
if ((asn1.Tag != 0x30) || (asn1.Count < 2))
{
throw new ArgumentException(Locale.GetText("Invalid X.509 extension."));
}
if (asn1[0].Tag != 0x06)
{
throw new ArgumentException(Locale.GetText("Invalid X.509 extension."));
}
extnOid = ASN1Convert.ToOid(asn1[0]);
extnCritical = ((asn1[1].Tag == 0x01) && (asn1[1].Value[0] == 0xFF));
extnValue = asn1 [asn1.Count - 1]; // last element
Decode();
}
// methods
private void Decode(byte[] data)
{
ASN1 privateKeyInfo = new ASN1(data);
if (privateKeyInfo.Tag != 0x30)
{
throw new CryptographicException("invalid PrivateKeyInfo");
}
ASN1 version = privateKeyInfo [0];
if (version.Tag != 0x02)
{
throw new CryptographicException("invalid version");
}
_version = version.Value [0];
ASN1 privateKeyAlgorithm = privateKeyInfo [1];
if (privateKeyAlgorithm.Tag != 0x30)
{
throw new CryptographicException("invalid algorithm");
}
ASN1 algorithm = privateKeyAlgorithm [0];
if (algorithm.Tag != 0x06)
{
throw new CryptographicException("missing algorithm OID");
}
_algorithm = ASN1Convert.ToOid(algorithm);
ASN1 privateKey = privateKeyInfo [2];
_key = privateKey.Value;
// attributes [0] IMPLICIT Attributes OPTIONAL
if (privateKeyInfo.Count > 3)
{
ASN1 attributes = privateKeyInfo [3];
for (int i = 0; i < attributes.Count; i++)
{
_list.Add(attributes [i]);
}
}
}
[Test] // bug #75780
public void FromString_Quoted()
{
ASN1 asn = X501.FromString("CN=\"foo, bar\", C=US");
Assert.AreEqual(0x30, asn.Tag, "Tag");
Assert.AreEqual(2, asn.Count, "Count");
Assert.AreEqual(0x31, asn[0].Tag, "Tag-0");
Assert.AreEqual(1, asn[0].Count, "Count-0");
Assert.AreEqual("2.5.4.3", ASN1Convert.ToOid(asn[0][0][0]), "OID-0");
Assert.AreEqual("foo, bar", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0");
Assert.AreEqual(0x31, asn[1].Tag, "Tag-1");
Assert.AreEqual(1, asn[1].Count, "Count-1");
Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[1][0][0]), "OID-1");
Assert.AreEqual("US", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1");
}
public EncryptedData(ASN1 asn1) : this()
{
if ((asn1.Tag != 0x30) || (asn1.Count < 2))
{
throw new ArgumentException("Invalid EncryptedData");
}
if (asn1 [0].Tag != 0x02)
{
throw new ArgumentException("Invalid version");
}
_version = asn1 [0].Value [0];
ASN1 encryptedContentInfo = asn1 [1];
if (encryptedContentInfo.Tag != 0x30)
{
throw new ArgumentException("missing EncryptedContentInfo");
}
ASN1 contentType = encryptedContentInfo [0];
if (contentType.Tag != 0x06)
{
throw new ArgumentException("missing EncryptedContentInfo.ContentType");
}
_content = new ContentInfo(ASN1Convert.ToOid(contentType));
ASN1 contentEncryptionAlgorithm = encryptedContentInfo [1];
if (contentEncryptionAlgorithm.Tag != 0x30)
{
throw new ArgumentException("missing EncryptedContentInfo.ContentEncryptionAlgorithmIdentifier");
}
_encryptionAlgorithm = new ContentInfo(ASN1Convert.ToOid(contentEncryptionAlgorithm [0]));
_encryptionAlgorithm.Content = contentEncryptionAlgorithm [1];
ASN1 encryptedContent = encryptedContentInfo [2];
if (encryptedContent.Tag != 0x80)
{
throw new ArgumentException("missing EncryptedContentInfo.EncryptedContent");
}
_encrypted = encryptedContent.Value;
}
public void FromString_UnrecognizedEncoding()
{
// from rfc2253
ASN1 asn = X501.FromString("1.3.6.1.4.1.1466.0=#04024869,O=Test,C=GB");
Assert.AreEqual(0x30, asn.Tag, "Tag");
Assert.AreEqual(3, asn.Count, "Count");
Assert.AreEqual(0x31, asn[0].Tag, "Tag-0");
Assert.AreEqual(1, asn[0].Count, "Count-0");
Assert.AreEqual("1.3.6.1.4.1.1466.0", ASN1Convert.ToOid(asn[0][0][0]), "OID-0");
ASN1 octetstring = asn[0][0][1];
Assert.AreEqual(0x04, octetstring.Tag, "Value-Tag");
Assert.AreEqual(2, octetstring.Length, "Value-Length");
Assert.AreEqual("4869", BitConverter.ToString(octetstring.Value), "Value-Value");
}
public ContentInfo(ASN1 asn1)
{
// SEQUENCE with 1 or 2 elements
if ((asn1.Tag != 0x30) || ((asn1.Count < 1) && (asn1.Count > 2)))
{
throw new ArgumentException("Invalid ASN1");
}
if (asn1[0].Tag != 0x06)
{
throw new ArgumentException("Invalid contentType");
}
contentType = ASN1Convert.ToOid(asn1[0]);
if (asn1.Count > 1)
{
if (asn1[1].Tag != 0xA0)
{
throw new ArgumentException("Invalid content");
}
content = asn1[1];
}
}
private void Decode(byte[] data)
{
ASN1 asn = new ASN1(data);
if (asn.Tag != 48)
{
throw new CryptographicException("invalid PrivateKeyInfo");
}
ASN1 asn2 = asn[0];
if (asn2.Tag != 2)
{
throw new CryptographicException("invalid version");
}
this._version = (int)asn2.Value[0];
ASN1 asn3 = asn[1];
if (asn3.Tag != 48)
{
throw new CryptographicException("invalid algorithm");
}
ASN1 asn4 = asn3[0];
if (asn4.Tag != 6)
{
throw new CryptographicException("missing algorithm OID");
}
this._algorithm = ASN1Convert.ToOid(asn4);
ASN1 asn5 = asn[2];
this._key = asn5.Value;
if (asn.Count > 3)
{
ASN1 asn6 = asn[3];
for (int i = 0; i < asn6.Count; i++)
{
this._list.Add(asn6[i]);
}
}
}
private void Decode(byte[] data)
{
ASN1 asN1_1 = new ASN1(data);
if (asN1_1.Tag != (byte)48)
{
throw new CryptographicException("invalid PrivateKeyInfo");
}
ASN1 asN1_2 = asN1_1[0];
if (asN1_2.Tag != (byte)2)
{
throw new CryptographicException("invalid version");
}
this._version = (int)asN1_2.Value[0];
ASN1 asN1_3 = asN1_1[1];
if (asN1_3.Tag != (byte)48)
{
throw new CryptographicException("invalid algorithm");
}
ASN1 asn1 = asN1_3[0];
if (asn1.Tag != (byte)6)
{
throw new CryptographicException("missing algorithm OID");
}
this._algorithm = ASN1Convert.ToOid(asn1);
this._key = asN1_1[2].Value;
if (asN1_1.Count <= 3)
{
return;
}
ASN1 asN1_4 = asN1_1[3];
for (int index = 0; index < asN1_4.Count; ++index)
{
this._list.Add((object)asN1_4[index]);
}
}
private void Decode(byte[] data)
{
ASN1 aSN = new ASN1(data);
if (aSN.Tag != 48)
{
throw new CryptographicException("invalid PrivateKeyInfo");
}
ASN1 aSN2 = aSN[0];
if (aSN2.Tag != 2)
{
throw new CryptographicException("invalid version");
}
_version = aSN2.Value[0];
ASN1 aSN3 = aSN[1];
if (aSN3.Tag != 48)
{
throw new CryptographicException("invalid algorithm");
}
ASN1 aSN4 = aSN3[0];
if (aSN4.Tag != 6)
{
throw new CryptographicException("missing algorithm OID");
}
_algorithm = ASN1Convert.ToOid(aSN4);
ASN1 aSN5 = aSN[2];
_key = aSN5.Value;
if (aSN.Count > 3)
{
ASN1 aSN6 = aSN[3];
for (int i = 0; i < aSN6.Count; i++)
{
_list.Add(aSN6[i]);
}
}
}
public void FromString_OID()
{
// adapted from rfc2253
ASN1 asn = X501.FromString("1.3.6.1.4.1.1466.0=Mono,O=Test,C=GB");
Assert.AreEqual(0x30, asn.Tag, "Tag");
Assert.AreEqual(3, asn.Count, "Count");
Assert.AreEqual(0x31, asn[0].Tag, "Tag-0");
Assert.AreEqual(1, asn[0].Count, "Count-0");
Assert.AreEqual("1.3.6.1.4.1.1466.0", ASN1Convert.ToOid(asn[0][0][0]), "OID-0");
Assert.AreEqual("Mono", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0");
Assert.AreEqual(0x31, asn[1].Tag, "Tag-1");
Assert.AreEqual(1, asn[1].Count, "Count-1");
Assert.AreEqual("2.5.4.10", ASN1Convert.ToOid(asn[1][0][0]), "OID-1");
Assert.AreEqual("Test", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1");
Assert.AreEqual(0x31, asn[2].Tag, "Tag-2");
Assert.AreEqual(1, asn[2].Count, "Count-2");
Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[2][0][0]), "OID-2");
Assert.AreEqual("GB", Encoding.ASCII.GetString(asn[2][0][1].Value), "Value-2");
}
public void FromString_EscapingComma()
{
// from rfc2253
ASN1 asn = X501.FromString("CN=L. Eagle,O=Sue\\, Grabbit and Runn,C=GB");
Assert.AreEqual(0x30, asn.Tag, "Tag");
Assert.AreEqual(3, asn.Count, "Count");
Assert.AreEqual(0x31, asn[0].Tag, "Tag-0");
Assert.AreEqual(1, asn[0].Count, "Count-0");
Assert.AreEqual("2.5.4.3", ASN1Convert.ToOid(asn[0][0][0]), "OID-0");
Assert.AreEqual("L. Eagle", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0");
Assert.AreEqual(0x31, asn[1].Tag, "Tag-1");
Assert.AreEqual(1, asn[1].Count, "Count-1");
Assert.AreEqual("2.5.4.10", ASN1Convert.ToOid(asn[1][0][0]), "OID-1");
Assert.AreEqual("Sue, Grabbit and Runn", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1");
Assert.AreEqual(0x31, asn[2].Tag, "Tag-2");
Assert.AreEqual(1, asn[2].Count, "Count-2");
Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[2][0][0]), "OID-2");
Assert.AreEqual("GB", Encoding.ASCII.GetString(asn[2][0][1].Value), "Value-2");
}
public void FromString_EscapingCarriageReturn()
{
// from rfc2253
ASN1 asn = X501.FromString(@"CN=Before\0DAfter,O=Test,C=GB");
Assert.AreEqual(0x30, asn.Tag, "Tag");
Assert.AreEqual(3, asn.Count, "Count");
Assert.AreEqual(0x31, asn[0].Tag, "Tag-0");
Assert.AreEqual(1, asn[0].Count, "Count-0");
Assert.AreEqual("2.5.4.3", ASN1Convert.ToOid(asn[0][0][0]), "OID-0");
Assert.AreEqual("Before\rAfter", Encoding.ASCII.GetString(asn[0][0][1].Value), "Value-0");
Assert.AreEqual(0x31, asn[1].Tag, "Tag-1");
Assert.AreEqual(1, asn[1].Count, "Count-1");
Assert.AreEqual("2.5.4.10", ASN1Convert.ToOid(asn[1][0][0]), "OID-1");
Assert.AreEqual("Test", Encoding.ASCII.GetString(asn[1][0][1].Value), "Value-1");
Assert.AreEqual(0x31, asn[2].Tag, "Tag-2");
Assert.AreEqual(1, asn[2].Count, "Count-2");
Assert.AreEqual("2.5.4.6", ASN1Convert.ToOid(asn[2][0][0]), "OID-2");
Assert.AreEqual("GB", Encoding.ASCII.GetString(asn[2][0][1].Value), "Value-2");
}
public RecipientInfo(ASN1 data)
{
if (data.Tag != 0x30)
{
throw new ArgumentException("Invalid RecipientInfo");
}
ASN1 version = data [0];
if (version.Tag != 0x02)
{
throw new ArgumentException("missing Version");
}
_version = version.Value [0];
// issuerAndSerialNumber IssuerAndSerialNumber
ASN1 subjectIdentifierType = data [1];
if ((subjectIdentifierType.Tag == 0x80) && (_version == 3))
{
_ski = subjectIdentifierType.Value;
}
else
{
_issuer = X501.ToString(subjectIdentifierType [0]);
_serial = subjectIdentifierType [1].Value;
}
ASN1 keyEncryptionAlgorithm = data [2];
_oid = ASN1Convert.ToOid(keyEncryptionAlgorithm [0]);
ASN1 encryptedKey = data [3];
_key = encryptedKey.Value;
}
private void Parse(byte[] crl)
{
string text = "Input data cannot be coded as a valid CRL.";
try
{
ASN1 aSN = new ASN1(encoded);
if (aSN.Tag != 48 || aSN.Count != 3)
{
throw new CryptographicException(text);
}
ASN1 aSN2 = aSN[0];
if (aSN2.Tag != 48 || aSN2.Count < 3)
{
throw new CryptographicException(text);
}
int num = 0;
if (aSN2[num].Tag == 2)
{
version = (byte)(aSN2[num++].Value[0] + 1);
}
else
{
version = 1;
}
signatureOID = ASN1Convert.ToOid(aSN2[num++][0]);
issuer = X501.ToString(aSN2[num++]);
thisUpdate = ASN1Convert.ToDateTime(aSN2[num++]);
ASN1 aSN3 = aSN2[num++];
if (aSN3.Tag == 23 || aSN3.Tag == 24)
{
nextUpdate = ASN1Convert.ToDateTime(aSN3);
aSN3 = aSN2[num++];
}
entries = new ArrayList();
if (aSN3 != null && aSN3.Tag == 48)
{
ASN1 aSN4 = aSN3;
for (int i = 0; i < aSN4.Count; i++)
{
entries.Add(new X509CrlEntry(aSN4[i]));
}
}
else
{
num--;
}
ASN1 aSN5 = aSN2[num];
if (aSN5 != null && aSN5.Tag == 160 && aSN5.Count == 1)
{
extensions = new X509ExtensionCollection(aSN5[0]);
}
else
{
extensions = new X509ExtensionCollection(null);
}
string b = ASN1Convert.ToOid(aSN[1][0]);
if (signatureOID != b)
{
throw new CryptographicException(text + " [Non-matching signature algorithms in CRL]");
}
byte[] value = aSN[2].Value;
signature = new byte[value.Length - 1];
Buffer.BlockCopy(value, 1, signature, 0, signature.Length);
}
catch
{
throw new CryptographicException(text);
IL_024f :;
}
}
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
// SEQUENCE {
// INTEGER 1
if (cs.Version != 1)
return false;
// SEQUENCE {
// SEQUENCE {
string contentType = null;
ASN1 messageDigest = null;
for (int i=0; i < cs.AuthenticatedAttributes.Count; i++)
{
// SEQUENCE {
// OBJECT IDENTIFIER
ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.2.840.113549.1.9.5":
// SEQUENCE {
// OBJECT IDENTIFIER
// signingTime (1 2 840 113549 1 9 5)
// SET {
// UTCTime '030124013651Z'
// }
// }
timestamp = ASN1Convert.ToDateTime (attr[1][0]);
break;
default:
break;
}
}
if (contentType != PKCS7.Oid.data)
return false;
// verify message digest
if (messageDigest == null)
return false;
// TODO: must be read from the ASN.1 structure
string hashName = null;
switch (messageDigest.Length)
{
case 16:
hashName = "MD5";
break;
case 20:
hashName = "SHA1";
break;
}
HashAlgorithm ha = HashAlgorithm.Create (hashName);
if (!messageDigest.CompareValue (ha.ComputeHash (signature)))
return false;
// verify signature
byte[] counterSignature = cs.Signature;
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in cs.AuthenticatedAttributes)
aa.Add (a);
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
// we need to try all certificates
string issuer = cs.IssuerName;
byte[] serial = cs.SerialNumber;
foreach (X509Certificate x509 in coll)
{
if (CompareIssuerSerial (issuer, serial, x509))
{
if (x509.PublicKey.Length > counterSignature.Length)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
// we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service
// and this means copying stuff into our own RSAManaged to get the required flexibility
RSAManaged rsam = new RSAManaged ();
rsam.ImportParameters (rsa.ExportParameters (false));
if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true))
{
timestampChain.LoadCertificates (coll);
return (timestampChain.Build (x509));
}
}
}
}
// no certificate can verify this signature!
return false;
}
//private bool VerifySignature (ASN1 cs, byte[] calculatedMessageDigest, string hashName)
private bool VerifySignature (PKCS7.SignedData sd, byte[] calculatedMessageDigest, HashAlgorithm ha)
{
string contentType = null;
ASN1 messageDigest = null;
// string spcStatementType = null;
// string spcSpOpusInfo = null;
for (int i=0; i < sd.SignerInfo.AuthenticatedAttributes.Count; i++)
{
ASN1 attr = (ASN1) sd.SignerInfo.AuthenticatedAttributes [i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case "1.2.840.113549.1.9.3":
// contentType
contentType = ASN1Convert.ToOid (attr[1][0]);
break;
case "1.2.840.113549.1.9.4":
// messageDigest
messageDigest = attr[1][0];
break;
case "1.3.6.1.4.1.311.2.1.11":
// spcStatementType (Microsoft code signing)
// possible values
// - individualCodeSigning (1 3 6 1 4 1 311 2 1 21)
// - commercialCodeSigning (1 3 6 1 4 1 311 2 1 22)
// spcStatementType = ASN1Convert.ToOid (attr[1][0][0]);
break;
case "1.3.6.1.4.1.311.2.1.12":
// spcSpOpusInfo (Microsoft code signing)
/* try {
spcSpOpusInfo = System.Text.Encoding.UTF8.GetString (attr[1][0][0][0].Value);
}
catch (NullReferenceException) {
spcSpOpusInfo = null;
}*/
break;
default:
break;
}
}
if (contentType != spcIndirectDataContext)
return false;
// verify message digest
if (messageDigest == null)
return false;
if (!messageDigest.CompareValue (calculatedMessageDigest))
return false;
// verify signature
string hashOID = CryptoConfig.MapNameToOID (ha.ToString ());
// change to SET OF (not [0]) as per PKCS #7 1.5
ASN1 aa = new ASN1 (0x31);
foreach (ASN1 a in sd.SignerInfo.AuthenticatedAttributes)
aa.Add (a);
ha.Initialize ();
byte[] p7hash = ha.ComputeHash (aa.GetBytes ());
byte[] signature = sd.SignerInfo.Signature;
// we need to find the specified certificate
string issuer = sd.SignerInfo.IssuerName;
byte[] serial = sd.SignerInfo.SerialNumber;
foreach (X509Certificate x509 in coll)
{
if (CompareIssuerSerial (issuer, serial, x509))
{
// don't verify is key size don't match
if (x509.PublicKey.Length > (signature.Length >> 3))
{
// return the signing certificate even if the signature isn't correct
// (required behaviour for 2.0 support)
signingCertificate = x509;
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
if (rsa.VerifyHash (p7hash, hashOID, signature))
{
signerChain.LoadCertificates (coll);
trustedRoot = signerChain.Build (x509);
break;
}
}
}
}
// timestamp signature is optional
if (sd.SignerInfo.UnauthenticatedAttributes.Count == 0)
{
trustedTimestampRoot = true;
}
else
{
for (int i = 0; i < sd.SignerInfo.UnauthenticatedAttributes.Count; i++)
{
ASN1 attr = (ASN1) sd.SignerInfo.UnauthenticatedAttributes[i];
string oid = ASN1Convert.ToOid (attr[0]);
switch (oid)
{
case PKCS7.Oid.countersignature:
// SEQUENCE {
// OBJECT IDENTIFIER
// countersignature (1 2 840 113549 1 9 6)
// SET {
PKCS7.SignerInfo cs = new PKCS7.SignerInfo (attr[1]);
trustedTimestampRoot = VerifyCounterSignature (cs, signature);
break;
default:
// we don't support other unauthenticated attributes
break;
}
}
}
return (trustedRoot && trustedTimestampRoot);
}
private string GetHashName()
{
var _hashName = "";
ASN1 _algorithmId = GetVidSequence();
{
ASN1 _hashAlgorithm = _algorithmId[0];
if (_hashAlgorithm.Tag != 0x30 || _hashAlgorithm.Count < 1)
{
throw new ProxyException("not exist hash algorithm");
}
ASN1 _algorithm = _hashAlgorithm[0];
if (_algorithm.Tag != 0x06)
{
throw new ProxyException("invalid algorithm tag");
}
var _idNumber = ASN1Convert.ToOid(_algorithm);
if (_idNumber == "1.3.14.3.2.26")
{
_hashName = "SHA1";
}
else if (_idNumber == "2.16.840.1.101.3.4.2.1")
{
_hashName = "SHA256";
}
else
{
throw new ProxyException("invalid hash name");
}
/*
* 1.3.14.3.2.2 - md4WithRSA
* 1.3.14.3.2.3 - md5WithRSA
* 1.3.14.3.2.4 - md4WithRSAEncryption
* 1.3.14.3.2.6 - desECB
* 1.3.14.3.2.7 - desCBC
* 1.3.14.3.2.8 - desOFB
* 1.3.14.3.2.9 - desCFB
* 1.3.14.3.2.10 - desMAC
* 1.3.14.3.2.11 - rsaSignature
* 1.3.14.3.2.12 - dsa
* 1.3.14.3.2.13 - dsaWithSHA
* 1.3.14.3.2.14 - mdc2WithRSASignature
* 1.3.14.3.2.15 - shaWithRSASignature
* 1.3.14.3.2.16 - dhWithCommonModulus
* 1.3.14.3.2.17 - desEDE
* 1.3.14.3.2.18 - sha
* 1.3.14.3.2.19 - mdc-2
* 1.3.14.3.2.20 - dsaCommon
* 1.3.14.3.2.21 - dsaCommonWithSHA
* 1.3.14.3.2.22 - rsaKeyTransport
* 1.3.14.3.2.23 - keyed-hash-seal
* 1.3.14.3.2.24 - md2WithRSASignature
* 1.3.14.3.2.25 - md5WithRSASignature
* 1.3.14.3.2.26 - SHA-1 hash algorithm
* 1.3.14.3.2.27 - dsa With SHA1
* 1.3.14.3.2.28 - dsa With SHA1 with Common Parameters
* 1.3.14.3.2.29 - SHA1 with RSA signature
* 2.16.840.1.101.3.4.2.1 - SHA-256 hash algorithm
*/
}
return(_hashName);
}
private ASN1 GetVidSequence()
{
ASN1 _subjectAltName = null;
{
foreach (X509Extension _ext in X509Cert2.Extensions)
{
if (_ext.Oid.Value == "2.5.29.17")
{
_subjectAltName = new ASN1(_ext.RawData);
break;
}
}
if (_subjectAltName == null)
{
throw new ProxyException("can not find subject alter name extension");
}
if (_subjectAltName.Tag != 0x30 || _subjectAltName.Count < 1)
{
throw new ProxyException("invalid subject alter name");
}
}
ASN1 _algorithmId = null;
{
for (int i = 0; i < _subjectAltName.Count; i++)
{
if (_subjectAltName[i].Tag == 0xA0)
{
_algorithmId = _subjectAltName[i];
break;
}
}
if (_algorithmId == null)
{
throw new ProxyException("not exist algorithm id");
}
if (_algorithmId.Tag != 0xA0 || _algorithmId.Count < 2)
{
throw new ProxyException("invalid virtual identity");
}
ASN1 _algorithm = _algorithmId[0];
if (_algorithm.Tag != 0x06)
{
throw new ProxyException("invalid algorithm tag");
}
var _idNumber = ASN1Convert.ToOid(_algorithm);
if (_idNumber != "1.2.410.200004.10.1.1")
{
throw new ProxyException("invalid vid algorithm");
}
}
_algorithmId = _algorithmId[1];
{
if (_algorithmId.Tag != 0xA0 || _algorithmId.Count < 1)
{
throw new ProxyException("invalid virtual identity");
}
_algorithmId = _algorithmId[0];
if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 2)
{
throw new ProxyException("invalid virtual identity");
}
//ASN1 _realName = _algorithmId[0];
}
_algorithmId = _algorithmId[1];
{
if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 1)
{
throw new ProxyException("invalid virtual identity");
}
_algorithmId = _algorithmId[0];
if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 2)
{
throw new ProxyException("invalid virtual identity");
}
ASN1 _algorithm = _algorithmId[0];
if (_algorithm.Tag != 0x06)
{
throw new ProxyException("invalid algorithm tag");
}
var _idNumber = ASN1Convert.ToOid(_algorithm);
if (_idNumber != "1.2.410.200004.10.1.1.1")
{
throw new ProxyException("invalid vid algorithm");
}
}
_algorithmId = _algorithmId[1];
if (_algorithmId.Tag != 0x30 || _algorithmId.Count < 2)
{
throw new ProxyException("invalid virtual identity");
}
return(_algorithmId);
}
// TODO: INCOMPLETE
public SignerInfo(ASN1 asn1) : this()
{
if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 5))
{
throw new ArgumentException("Invalid SignedData");
}
// version Version
if (asn1[0][0].Tag != 0x02)
{
throw new ArgumentException("Invalid version");
}
version = asn1[0][0].Value[0];
// issuerAndSerialNumber IssuerAndSerialNumber
ASN1 subjectIdentifierType = asn1 [0][1];
if ((subjectIdentifierType.Tag == 0x80) && (version == 3))
{
ski = subjectIdentifierType.Value;
}
else
{
issuer = X501.ToString(subjectIdentifierType [0]);
serial = subjectIdentifierType [1].Value;
}
// digestAlgorithm DigestAlgorithmIdentifier
ASN1 digestAlgorithm = asn1 [0][2];
hashAlgorithm = ASN1Convert.ToOid(digestAlgorithm [0]);
// authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL
int n = 3;
ASN1 authAttributes = asn1 [0][n];
if (authAttributes.Tag == 0xA0)
{
n++;
for (int i = 0; i < authAttributes.Count; i++)
{
authenticatedAttributes.Add(authAttributes [i]);
}
}
// digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier
n++;
// ASN1 digestEncryptionAlgorithm = asn1 [0][n++];
// string digestEncryptionAlgorithmOid = ASN1Convert.ToOid (digestEncryptionAlgorithm [0]);
// encryptedDigest EncryptedDigest
ASN1 encryptedDigest = asn1 [0][n++];
if (encryptedDigest.Tag == 0x04)
{
signature = encryptedDigest.Value;
}
// unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
ASN1 unauthAttributes = asn1 [0][n];
if ((unauthAttributes != null) && (unauthAttributes.Tag == 0xA1))
{
for (int i = 0; i < unauthAttributes.Count; i++)
{
unauthenticatedAttributes.Add(unauthAttributes [i]);
}
}
}