void initializeFromAsn(Byte[] rawData)
{
Asn1Reader asn1 = new Asn1Reader(rawData);
if (asn1.Tag != 48)
{
throw new Exception("Unable to decode. Input data is not valid ASN.1 encoded data.");
}
asn1.MoveNext();
HashingAlgorithm = new AlgorithmIdentifier(Asn1Utils.Encode(asn1.GetPayload(), 48)).AlgorithmId;
asn1.MoveNextCurrentLevel();
// issuerNameHash
if (asn1.Tag != 4)
{
throw new Exception("Unable to decode. The data is invalid");
}
IssuerNameId = AsnFormatter.BinaryToString(asn1.GetPayload()).Trim();
asn1.MoveNextCurrentLevel();
// issuerKeyId
if (asn1.Tag != 4)
{
throw new Exception("Unable to decode. The data is invalid");
}
IssuerKeyId = AsnFormatter.BinaryToString(asn1.GetPayload()).Trim();
asn1.MoveNextCurrentLevel();
// serialnumber
if (asn1.Tag != 2)
{
throw new Exception("Unable to decode. The data is invalid");
}
serialNumber = asn1.GetPayload();
IsReadOnly = true;
}
void decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
if (asn.PayloadLength == 0)
{
return;
}
do
{
switch (asn.Tag)
{
case 0xA0:
Asn1Reader distName = new Asn1Reader(asn.GetPayload());
do
{
switch (distName.Tag)
{
case 0xA0:
// full name
_fullNames.Decode(Asn1Utils.Encode(distName.GetPayload(), 48));
break;
case 0xA1:
// relative to issuer name
Byte[] relativeName = Asn1Utils.Encode(distName.GetPayload(), 48);
RelativeToIssuerName = new X500DistinguishedName(relativeName);
break;
default:
throw new InvalidDataException("The data is invalid");
}
} while (distName.MoveNextSibling());
break;
case 0xA1:
// reasons
Asn1BitString bs = new Asn1BitString(asn.GetPayload());
if (bs.Value[0] == 0)
{
Reasons = X509RevocationReasonFlag.Unspecified;
}
else
{
Reasons = (X509RevocationReasonFlag)bs.Value[0];
}
break;
case 0xA2:
// crl issuer
_crlIssuers.Decode(Asn1Utils.Encode(asn.GetPayload(), 48));
break;
default:
throw new InvalidDataException("The data is invalid.");
}
} while (asn.MoveNextSibling());
_rawData.AddRange(rawData);
}
public static String GetEditValue(Asn1Reader asn)
{
switch (asn.Tag)
{
case (Byte)Asn1Type.INTEGER:
return(new Asn1Integer(asn.RawData).Value.ToString());
case (Byte)Asn1Type.BIT_STRING:
return(HexUtility.GetHexEditString(new Asn1BitString(asn).Value));
case (Byte)Asn1Type.OBJECT_IDENTIFIER:
Oid oid = new Asn1ObjectIdentifier(asn).Value;
return(oid.Value);
case (Byte)Asn1Type.BOOLEAN:
case (Byte)Asn1Type.UTCTime:
case (Byte)Asn1Type.GeneralizedTime:
case (Byte)Asn1Type.UTF8String:
case (Byte)Asn1Type.NumericString:
case (Byte)Asn1Type.PrintableString:
case (Byte)Asn1Type.TeletexString:
case (Byte)Asn1Type.VideotexString:
case (Byte)Asn1Type.IA5String:
case (Byte)Asn1Type.VisibleString:
case (Byte)Asn1Type.UniversalString:
case (Byte)Asn1Type.BMPString:
return(GetViewValue(asn));
default:
return((asn.Tag & (Byte)Asn1Type.TAG_MASK) == 6
? Encoding.UTF8.GetString(asn.GetPayload())
: HexUtility.GetHexEditString(asn.GetPayload()));
}
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
IncludedComponents = AuthorityKeyIdentifierFlags.None;
do
{
switch (asn.Tag)
{
case 0x80:
KeyIdentifier = AsnFormatter.BinaryToString(asn.GetPayload(), EncodingType.HexRaw, EncodingFormat.NOCRLF);
IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier;
break;
case 0xa1:
IssuerNames = new X509AlternativeNameCollection();
var bytes = Asn1Utils.Encode(asn.GetPayload(), 48);
IssuerNames.Decode(bytes);
IssuerNames.Close();
IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames;
break;
case 0x82:
SerialNumber = AsnFormatter.BinaryToString(asn.GetPayload());
IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber;
break;
}
} while (asn.MoveNextCurrentLevel());
}
void m_decode(Byte[] rawData)
{
var aiaUrls = new List <String>();
var ocspUrls = new List <String>();
var asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
do
{
Int32 offset = asn.Offset;
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
String oidString = Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData()).Value;
asn.MoveNextAndExpectTags(0x86);
switch (oidString)
{
case "1.3.6.1.5.5.7.48.2": aiaUrls.Add(Encoding.ASCII.GetString(asn.GetPayload())); break;
case "1.3.6.1.5.5.7.48.1": ocspUrls.Add(Encoding.ASCII.GetString(asn.GetPayload())); break;
}
asn.MoveToPosition(offset);
} while (asn.MoveNextCurrentLevel());
CertificationAuthorityIssuer = aiaUrls.ToArray();
OnlineCertificateStatusProtocol = ocspUrls.ToArray();
}
void decodeIpAddress()
{
Type = X509AlternativeNamesEnum.IpAddress;
try {
Asn1Reader asn = new Asn1Reader(RawData);
Int32 takeBytes;
Boolean maskPresented = false;
switch (asn.PayloadLength)
{
case 4: takeBytes = 4; break;
case 16: takeBytes = 16; break;
case 8: takeBytes = 4; maskPresented = true; break;
case 32: takeBytes = 16; maskPresented = true; break;
default: throw new ArgumentException("Invalid IPv4 or IPv6 address length.");
}
Value = new IPAddress(asn.GetPayload().Skip(0).Take(takeBytes).ToArray()).ToString();
if (maskPresented)
{
List <Byte> bytes = asn.GetPayload().Skip(takeBytes).Take(takeBytes).ToList();
if (bytes[0] > 127)
{
bytes.Add(0);
}
BigInteger maskLength = new BigInteger(bytes.ToArray()).GetEnabledBitCount();
Value += "/" + maskLength;
}
} catch { throw new ArgumentException("Input data is not valid IPv4 or IPv6 address."); }
}
void m_decode(Byte[] rawData)
{
List <String> aiaUrls = new List <String>();
List <String> ocspUrls = new List <String>();
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new ArgumentException("The data is invalid");
}
asn.MoveNext();
do
{
Asn1Reader asnurl = new Asn1Reader(asn.GetTagRawData());
if (asnurl.Tag != 48)
{
throw new ArgumentException("The data is invalid");
}
asnurl.MoveNext();
String oidString = Asn1Utils.DecodeObjectIdentifier(asnurl.GetTagRawData()).Value;
asnurl.MoveNext();
if (asnurl.Tag != 134)
{
throw new ArgumentException("The data is invalid");
}
switch (oidString)
{
case "1.3.6.1.5.5.7.48.2": aiaUrls.Add(Encoding.ASCII.GetString(asnurl.GetPayload())); break;
case "1.3.6.1.5.5.7.48.1": ocspUrls.Add(Encoding.ASCII.GetString(asnurl.GetPayload())); break;
}
} while (asn.MoveNextCurrentLevel());
CertificationAuthorityIssuer = aiaUrls.ToArray();
OnlineCertificateStatusProtocol = ocspUrls.ToArray();
}
void decodeIpAddress() {
Type = X509AlternativeNamesEnum.IpAddress;
try {
Asn1Reader asn = new Asn1Reader(rawData);
// as per RFC5280 §4.2.1.10 and §4.2.1.10, empty value is not allowed. Either, 8 or 32 bytes
// IP address should be provided. However, Microsoft uses empty value. Needs some clarification.
if (asn.PayloadLength == 0) { return; }
Int32 takeBytes;
Boolean maskPresented = false;
switch (asn.PayloadLength) {
case 4: takeBytes = 4; break;
case 16: takeBytes = 16; break;
case 8: takeBytes = 4; maskPresented = true; break;
case 32: takeBytes = 16; maskPresented = true; break;
default: throw new ArgumentException("Invalid IPv4 or IPv6 address length.");
}
Value = new IPAddress(asn.GetPayload().Skip(0).Take(takeBytes).ToArray()).ToString();
if (maskPresented) {
List<Byte> bytes = asn.GetPayload().Skip(takeBytes).Take(takeBytes).ToList();
if (bytes[0] > 127) { bytes.Add(0); }
BigInteger maskLength = new BigInteger(bytes.ToArray()).GetEnabledBitCount();
Value += "/" + maskLength;
}
} catch { throw new ArgumentException("Input data is not valid IPv4 or IPv6 address."); }
}
// decoders
void decodeOtherName() {
try {
Asn1Reader asn = new Asn1Reader(rawData);
if (!asn.MoveNext()) { throw new ArgumentException("Input data is not valid OtherName."); }
Oid oid = new Oid(Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData()));
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNext();
OID = oid;
switch (oid.Value) {
// UPN
case "1.3.6.1.4.1.311.20.2.3":
Type = X509AlternativeNamesEnum.UserPrincipalName;
if (asn.PayloadLength == 0) { return; }
Value = Encoding.UTF8.GetString(asn.GetPayload()); break;
// GUID
case "1.3.6.1.4.1.311.25.1":
if (asn.PayloadLength == 0) { return; }
Guid guid = new Guid(asn.GetPayload());
Type = X509AlternativeNamesEnum.Guid;
Value = guid.ToString();
break;
default:
Value = String.Empty;
Type = X509AlternativeNamesEnum.OtherName;
foreach (Byte B in asn.GetPayload()) {
Value += $"{B:x2}" + " ";
}
Value = Value.Trim();
break;
}
} catch { throw new ArgumentException("Input data is not valid OtherName."); }
}
void m_decode(Asn1Reader asn)
{
if (asn.GetPayload().Any(b => (b < 48 || b > 57) && b != 32))
{
throw new InvalidDataException(String.Format(InvalidType, "Numeric String"));
}
Value = Encoding.ASCII.GetString(asn.GetPayload());
}
void m_decode(Asn1Reader asn)
{
if (asn.GetPayload().Any(b => b < 32 || b > 126))
{
throw new InvalidDataException(String.Format(InvalidType, TYPE.ToString()));
}
Value = Encoding.ASCII.GetString(asn.GetPayload());
}
void m_decode(Asn1Reader asn)
{
if (asn.GetPayload().Any(b => b > 127))
{
throw new InvalidDataException(String.Format(InvalidType, "IA5 String"));
}
Value = Encoding.ASCII.GetString(asn.GetPayload());
}
void m_decode(Asn1Reader asn)
{
if (!testValue(asn.GetPayload()))
{
throw new InvalidDataException(String.Format(InvalidType, "Printable String"));
}
Value = Encoding.ASCII.GetString(asn.GetPayload());
}
void decodeUrl() {
Type = X509AlternativeNamesEnum.URL;
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.PayloadLength == 0) { return; }
try {
Value = new Uri(Encoding.UTF8.GetString(asn.GetPayload())).AbsoluteUri;
} catch {
Value = Encoding.UTF8.GetString(asn.GetPayload());
}
}
public static String GetViewValue(Asn1Reader asn)
{
if (asn.PayloadLength == 0 && asn.Tag != (Byte)Asn1Type.NULL)
{
return("NULL");
}
switch (asn.Tag)
{
case (Byte)Asn1Type.BOOLEAN:
return(new Asn1Boolean(asn).Value.ToString());
case (Byte)Asn1Type.INTEGER:
return(DecodeInteger(asn));
case (Byte)Asn1Type.BIT_STRING:
return(DecodeBitString(asn));
case (Byte)Asn1Type.OCTET_STRING:
return(DecodeOctetString(asn));
case (Byte)Asn1Type.NULL:
return(null);
case (Byte)Asn1Type.OBJECT_IDENTIFIER:
return(DecodeObjectIdentifier(asn));
case (Byte)Asn1Type.UTF8String:
case (Byte)Asn1Type.VisibleString:
return(Encoding.UTF8.GetString(asn.GetPayload()));
// we do not care on encoding enforcement when viewing data
case (Byte)Asn1Type.NumericString:
case (Byte)Asn1Type.PrintableString:
case (Byte)Asn1Type.TeletexString:
case (Byte)Asn1Type.VideotexString:
case (Byte)Asn1Type.IA5String:
return(Encoding.ASCII.GetString(asn.GetPayload()));
case (Byte)Asn1Type.UTCTime:
return(DecodeUtcTime(asn));
case (Byte)Asn1Type.BMPString:
return(new Asn1BMPString(asn).Value);
case (Byte)Asn1Type.GeneralizedTime:
return(DecodeGeneralizedTime(asn));
default:
return((asn.Tag & (Byte)Asn1Type.TAG_MASK) == 6
? DecodeUTF8String(asn)
: DecodeOctetString(asn));
}
}
void m_initialize(Asn1Reader response)
{
response.MoveNext();
CertId = new CertID(Asn1Utils.Encode(response.GetPayload(), 48));
response.MoveNextCurrentLevel();
switch (response.Tag)
{
case 128:
CertStatus = CertificateStatus.Good;
response.MoveNextCurrentLevel();
break;
case 161:
CertStatus = CertificateStatus.Revoked;
response.MoveNext();
DateTime revokedWhen = Asn1Utils.DecodeGeneralizedTime(response.GetTagRawData());
response.MoveNext();
Int16 reason = 0;
if (response.Tag == 160)
{
response.MoveNext();
reason = response.GetPayload()[0];
response.MoveNext();
}
RevocationInfo = new X509CRLEntry(CertId.SerialNumber, revokedWhen, reason);
break;
case 130:
CertStatus = CertificateStatus.Unknown;
response.MoveNextCurrentLevel();
break;
}
//response.MoveNextCurrentLevel();
ThisUpdate = Asn1Utils.DecodeGeneralizedTime(response.GetTagRawData());
while (response.MoveNextCurrentLevel())
{
switch (response.Tag)
{
case 160:
Asn1Reader asn = new Asn1Reader(response.GetPayload());
NextUpdate = Asn1Utils.DecodeGeneralizedTime(asn.GetTagRawData());
break;
case 161:
Extensions.Decode(response.GetPayload());
break;
}
}
}
void decodeRsaPss(Asn1Reader asn)
{
PaddingScheme = SignaturePadding.PSS;
asn.MoveNext();
HashingAlgorithm = asn.Tag == 0xa0
? new Oid2(new AlgorithmIdentifier(asn.GetPayload()).AlgorithmId, false)
: new Oid2(AlgorithmOids.SHA1, false);
// feed asn reader to salt identifier
while (asn.MoveNextCurrentLevel() && asn.Tag != 0xa2)
{
}
PssSaltByteCount = asn.Tag == 0xa2
? (Int32)Asn1Utils.DecodeInteger(asn.GetPayload())
: 20;
}
void decode()
{
var asn = new Asn1Reader(RawData);
if (asn.PayloadLength == 0)
{
return;
}
asn.MoveNext();
do
{
switch (asn.Tag)
{
case 0xa0:
DistributionPoint = new X509DistributionPoint(Asn1Utils.Encode(asn.GetTagRawData(), 48));
break;
case 0xa1:
OnlyUserCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa2:
OnlyCaCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa3:
var val = new Asn1BitString(asn.GetPayload());
if (val.Value.Length > 1)
{
Reasons = (X509RevocationReasonFlag)BitConverter.ToUInt16(val.Value, 0);
}
else if (val.Value.Length == 1)
{
Reasons = (X509RevocationReasonFlag)val.Value[0];
}
break;
case 0xa4:
IndirectCRL = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa5:
OnlyAttributeCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
}
} while (asn.MoveNextSibling());
}
static Tuple <Byte[], Byte[]> getRsaComponents(PublicKey publicKey)
{
var asn = new Asn1Reader(publicKey.EncodedKeyValue.RawData);
asn.MoveNext(); // pub key
Byte[] modulus = asn.GetPayload();
// if modulus is negative (usually) it is prepended with extra leading zero in ASN encoding.
// But this zero is not a part of modulus, so strip it
if (modulus.Length % 8 > 0)
{
modulus = modulus.Skip(1).ToArray();
}
asn.MoveNext(); // exponent
Byte[] pubExponent = asn.GetPayload();
return(new Tuple <Byte[], Byte[]>(modulus, pubExponent));
}
/// <param name="nonceValue">The encoded data to use to create the extension.</param>
/// <param name="critical"><strong>True</strong> if the extension is critical; otherwise, <strong>False</strong>.</param>
public X509NonceExtension(AsnEncodedData nonceValue, Boolean critical)
: base(new Oid("1.3.6.1.5.5.7.48.1.2", "OCSP Nonce"), nonceValue.RawData, critical)
{
Asn1Reader asn = new Asn1Reader(nonceValue.RawData);
Value = AsnFormatter.BinaryToString(asn.GetPayload(), EncodingType.Hex);
}
/* CA Version is a combination of two 16-bit integers. Upper 16 bits represent CA private key index, lower
* 16 bits represent CA certificate index. Values can be encoded with minimum number of bytes. For example,
* if CA private key index is zero, upper 16 bits can be ommited, or truncated to minimum bytes to encode
* value. CA certificate index value can be truncated to single byte only when private key index is zero,
* otherwise, 1 or 2 bytes are used to encode private key index and 2 bytes to encode certificate index.
* We shall support various encoding options (full and reduced).
*
* CA Version is encoded maximum of 4 bytes. If encoded value is larger, both indexes are set to -1 and
* shall be treated as invalid value.
*/
void m_decode()
{
Asn1Reader asn = new Asn1Reader(RawData);
Byte[] readBytes = new Byte[4];
// handle invalid encoded value during decoding without throwing exceptions
if (asn.PayloadLength > 4)
{
CACertificateVersion = -1;
CAKeyVersion = -1;
return;
}
// calculate padding bytes to get 4 bytes byte array to represent whole 32-bit integer
Int32 diff = 4 - asn.PayloadLength;
// copy encoded value at the end of destination array and reverse if necessary
asn.GetPayload().CopyTo(readBytes, diff);
if (BitConverter.IsLittleEndian)
{
Array.Reverse(readBytes);
}
Int32 fullValue = BitConverter.ToInt32(readBytes, 0);
CACertificateVersion = (UInt16)(UInt16.MaxValue & fullValue);
CAKeyVersion = (UInt16)(UInt16.MaxValue & (fullValue >> 16));
}
void decode(Byte[] rawData)
{
var asn = new Asn1Reader(rawData);
asn.MoveNext();
Version = (Int32)Asn1Utils.DecodeInteger(asn.GetTagRawData());
asn.MoveNextCurrentLevel();
Issuer = new PkcsSubjectIdentifier(asn.GetTagRawData());
asn.MoveNextCurrentLevel();
HashAlgorithm = new AlgorithmIdentifier(asn.GetTagRawData());
asn.MoveNextCurrentLevel();
if (asn.Tag == 0xa0)
{
_authAttributes.Decode(asn.GetTagRawData());
asn.MoveNextCurrentLevel();
}
EncryptedHashAlgorithm = new AlgorithmIdentifier(asn.GetTagRawData());
asn.MoveNextCurrentLevel();
EncryptedHash = asn.GetPayload();
if (asn.MoveNextCurrentLevel() && asn.Tag == 0xa1)
{
_unauthAttributes.Decode(asn.GetTagRawData());
}
_rawData.AddRange(rawData);
}
/// <summary>
/// Decodes ASN.1 encoded byte array to an array of <see cref="X500RdnAttribute"/> objects.
/// </summary>
/// <param name="rawData">ASN.1-encoded byte array.</param>
/// <exception cref="ArgumentNullException">
/// <strong>rawData</strong> parameter is null.
/// </exception>
/// <exception cref="AccessViolationException">
/// The collection is read-only and cannot be modified.
/// </exception>
/// <exception cref="Asn1InvalidTagException">
/// The data in the <strong>rawData</strong> parameter is not valid array of <see cref="X500RdnAttribute"/> objects.
/// </exception>
public void Decode(Byte[] rawData)
{
if (IsReadOnly)
{
throw new AccessViolationException("An object is encoded and is write-protected.");
}
if (rawData == null)
{
throw new ArgumentNullException(nameof(rawData));
}
InternalList.Clear();
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
do
{
if (asn.Tag != 49)
{
throw new Asn1InvalidTagException(asn.Offset);
}
InternalList.Add(new X500RdnAttribute(asn.GetPayload()));
} while (asn.MoveNextCurrentLevel());
// reverse list to get attributes from leaf to root.
InternalList.Reverse();
}
public static X500RdnAttribute[] GetRdnAttributes(this X500DistinguishedName name)
{
if (name == null)
{
throw new ArgumentNullException("name");
}
if (name.RawData == null || name.RawData.Length == 0)
{
return(null);
}
Asn1Reader asn = new Asn1Reader(name.RawData);
if (!asn.MoveNext())
{
return(null);
}
if (asn.NextCurrentLevelOffset == 0)
{
return(null);
}
var retValue = new List <X500RdnAttribute>();
do
{
Asn1Reader asn2 = new Asn1Reader(asn.GetPayload());
asn2.MoveNext();
Oid oid = Asn1Utils.DecodeObjectIdentifier(asn2.GetTagRawData());
asn2.MoveNext();
String value = Asn1Utils.DecodeAnyString(asn2.GetTagRawData(), null);
retValue.Add(new X500RdnAttribute(oid, value));
} while (asn.MoveNextCurrentLevel());
return(retValue.ToArray());
}
void encodeRegisteredId(Object value) {
if (value == null) {
rawData = new Byte[] { 136, 0 };
} else {
Asn1Reader asn;
switch (value) {
case String sValue:
Value = sValue;
Oid oid = new Oid(sValue);
asn = new Asn1Reader(Asn1Utils.EncodeObjectIdentifier(oid));
Value = oid.Value;
break;
case Oid oid1:
asn = new Asn1Reader(Asn1Utils.EncodeObjectIdentifier(oid1));
Value = oid1.Value;
break;
case Oid2 oid2:
asn = new Asn1Reader(Asn1Utils.EncodeObjectIdentifier(new Oid(oid2.Value)));
Value = oid2.Value;
break;
default: throw new ArgumentException("The input data is not valid registered ID.");
}
rawData = Asn1Utils.Encode(asn.GetPayload(), 136);
}
}
/// <summary>
/// Decodes ASN.1-encoded byte array to an instance of <see cref="X509Extension"/> class.
/// </summary>
/// <param name="asn">ASN.1 reader that points to the beginning of the X.509 extension structure.</param>
/// <exception cref="ArgumentNullException"><strong>asn</strong> parameter is null.</exception>
/// <exception cref="Asn1InvalidTagException">Decoder encountered an unexpected ASN.1 type identifier.</exception>
/// <returns>Decoded extension object.</returns>
public static X509Extension Decode(Asn1Reader asn)
{
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
Int32 offset = asn.Offset;
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
Oid oid = new Asn1ObjectIdentifier(asn).Value;
Boolean critical = false;
asn.MoveNextAndExpectTags((Byte)Asn1Type.BOOLEAN, (Byte)Asn1Type.OCTET_STRING);
if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
{
critical = Asn1Utils.DecodeBoolean(asn.GetTagRawData());
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING);
}
// at this point ASN points to OCTET_STRING
X509Extension retValue = new X509Extension(oid, asn.GetPayload(), critical).ConvertExtension();
asn.Seek(offset);
return(retValue);
}
public static X509Extension DecodeX509Extension(Byte[] rawData)
{
if (rawData == null)
{
throw new ArgumentNullException(nameof(rawData));
}
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
if (asn.Tag != (Byte)Asn1Type.OBJECT_IDENTIFIER)
{
throw new Asn1InvalidTagException(asn.Offset);
}
Oid oid = new Asn1ObjectIdentifier(asn).Value;
Boolean critical = false;
asn.MoveNext();
if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
{
critical = Asn1Utils.DecodeBoolean(asn.GetTagRawData());
asn.MoveNext();
}
if (asn.Tag != (Byte)Asn1Type.OCTET_STRING)
{
throw new Asn1InvalidTagException(asn.Offset);
}
return(new X509Extension(oid, asn.GetPayload(), critical).ConvertExtension());
}
void encodeRegisteredId(Object value)
{
if (value == null)
{
RawData = new Byte[] { 136, 0 };
}
else
{
Asn1Reader asn;
switch (value.GetType().FullName)
{
case "System.String":
Value = (String)value;
Oid oid = new Oid((String)value);
asn = new Asn1Reader(Asn1Utils.EncodeObjectIdentifier(oid));
Value = oid.Value;
break;
case "System.Security.Oid":
asn = new Asn1Reader(Asn1Utils.EncodeObjectIdentifier((Oid)value));
Value = ((Oid)value).Value;
break;
case "System.Security.Oid2":
asn = new Asn1Reader(Asn1Utils.EncodeObjectIdentifier(new Oid(((Oid2)value).Value)));
Value = ((Oid2)value).Value;
break;
default: throw new ArgumentException("The input data is not valid registered ID.");
}
RawData = Asn1Utils.Encode(asn.GetPayload(), 136);
}
}
void decodeResponse()
{
asn = new Asn1Reader(RawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException("Response data is not valid ASN.1 encoded data.");
}
//response status
asn.MoveNextAndExpectTags((Byte)Asn1Type.ENUMERATED);
ResponseStatus = (OCSPResponseStatus)asn.GetPayload()[0];
if (asn.NextOffset == 0)
{
return;
}
//responseBytesCS
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNext();
asn.MoveNext();
decodeResponseType(new Asn1ObjectIdentifier(asn.GetTagRawData()).Value);
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING);
//BasicOCSPResponse
asn.MoveNextAndExpectTags(0x30);
asn.MoveNext();
//tbsResponseData
Asn1Reader tbsResponseData = new Asn1Reader(asn.GetTagRawData());
//decodetbsResponse(tbsResponseData);
//signatureAlgorithm
asn.MoveNextCurrentLevel();
SignatureAlgorithm = new AlgorithmIdentifier(Asn1Utils.Encode(asn.GetPayload(), 48)).AlgorithmId;
//signature
asn.MoveNextCurrentLevel();
Byte[] signature = asn.GetPayload().Skip(1).ToArray();
// GenericArray.GetSubArray(asn1.Payload, 1, asn1.Payload.Length - 1);
SignerCertificates = new X509Certificate2Collection();
if (asn.MoveNext())
{
asn.MoveNext();
Asn1Reader cert = new Asn1Reader(asn.GetPayload());
do
{
SignerCertificates.Add(new X509Certificate2(Asn1Utils.Encode(cert.GetPayload(), 48)));
} while (cert.MoveNextCurrentLevel());
verifySigner(SignerCertificates[0], true);
} // optional. Find cert in store.
verifyAll(tbsResponseData, signature, SignatureAlgorithm);
}
void getExts(Asn1Reader asn)
{
Extensions.Decode(asn.GetPayload());
if (Extensions[X509CertExtensions.X509DeltaCRLIndicator] != null)
{
Type = X509CrlType.DeltaCrl;
}
}
