void decode(Asn1Reader asn)
{
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
Version = (Int32) new Asn1Integer(asn).Value;
asn.MoveNextAndExpectTags(48);
RequestMessage = new TspMessageImprint(asn.GetTagRawData());
while (asn.MoveNextCurrentLevel())
{
switch (asn.Tag)
{
case (Byte)Asn1Type.OBJECT_IDENTIFIER:
PolicyID = new Asn1ObjectIdentifier(asn).Value;
break;
case (Byte)Asn1Type.INTEGER:
UseNonce = true;
nonce = new Asn1Integer(asn).Value.ToByteArray();
break;
case (Byte)Asn1Type.BOOLEAN:
RequestCertificates = new Asn1Boolean(asn).Value;
break;
case 0xa0:
var extList = new X509ExtensionCollection();
extList.Decode(asn.GetTagRawData());
foreach (X509Extension extension in extList)
{
_extensions.Add(extension);
}
break;
}
}
}
/// <summary>
/// Decodes ASN.1-encoded byte array to an instance of <see cref="X509Extension"/> class.
/// </summary>
/// <param name="asn">ASN.1 reader that points to the beginning of the X.509 extension structure.</param>
/// <exception cref="ArgumentNullException"><strong>asn</strong> parameter is null.</exception>
/// <exception cref="Asn1InvalidTagException">Decoder encountered an unexpected ASN.1 type identifier.</exception>
/// <returns>Decoded extension object.</returns>
public static X509Extension Decode(Asn1Reader asn)
{
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
Int32 offset = asn.Offset;
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
Oid oid = new Asn1ObjectIdentifier(asn).Value;
Boolean critical = false;
asn.MoveNextAndExpectTags((Byte)Asn1Type.BOOLEAN, (Byte)Asn1Type.OCTET_STRING);
if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
{
critical = Asn1Utils.DecodeBoolean(asn.GetTagRawData());
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING);
}
// at this point ASN points to OCTET_STRING
X509Extension retValue = new X509Extension(oid, asn.GetPayload(), critical).ConvertExtension();
asn.Seek(offset);
return(retValue);
}
void decode(Byte[] rawData) {
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
ContentType = new Asn1ObjectIdentifier(asn.GetTagRawData()).Value;
asn.MoveNextAndExpectTags(0xa0); // [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL, 0xa0
asn.MoveNextAndExpectTags(0x30); // SEQUENCE OF ANY
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER); // version
Version = (Int32)new Asn1Integer(asn.GetTagRawData()).Value;
asn.MoveNextCurrentLevelAndExpectTags(0x31);
decodeDigestAlgorithms(asn);
asn.MoveNextCurrentLevelAndExpectTags(0x30); // ContentInfo
Byte[] content = extractContent(asn);
while (asn.MoveNextCurrentLevel()) {
switch (asn.Tag) {
case 0xa0:
decodeCertificates(asn);
break;
case 0xa1:
decodeCrls(asn);
break;
case 0x31:
decodeSignerInfos(asn);
break;
default:
throw new ArgumentException("Invalid type.");
}
}
RawData = rawData;
DecodeContent(content);
}
void decode(Byte[] rawData)
{
var asn = new Asn1Reader(rawData);
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING);
SecurityIdentifier = Encoding.ASCII.GetString(asn.GetPayload());
}
/// <summary>
/// Decodes embedded payload of the CMC message. Current implementation supports only PKCS#10 certificate
/// request objects.
/// </summary>
/// <inheritdoc select="param"/>
/// <remarks>This member cannot be inherited or overriden.</remarks>
protected override void DecodeContent(Byte[] rawData)
{
var asn = new Asn1Reader(rawData);
asn.MoveNextAndExpectTags(0x30); // ControlSequence ::= SEQUENCE OF TaggedAttribute
asn.MoveNextCurrentLevelAndExpectTags(0x30); // ReqSequence ::= SEQUENCE OF TaggedRequest
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
asn.MoveNextAndExpectTags(0x30);
// theoretically, it is a sequence, but we pick only first request. Never seen an array of requests
Content = new X509CertificateRequestPkcs10(asn.GetTagRawData());
}
void decodeTstInfo(Asn1Reader asn)
{
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
Version = (Int32) new Asn1Integer(asn).Value;
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
PolicyID = new Asn1ObjectIdentifier(asn).Value;
asn.MoveNextAndExpectTags(48);
RequestMessage = new TspMessageImprint(asn.GetTagRawData());
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.INTEGER);
SerialNumber = new Asn1Integer(asn).Value;
asn.MoveNextAndExpectTags((Byte)Asn1Type.GeneralizedTime);
GenerationTimestamp = new Asn1GeneralizedTime(asn).Value;
decodeOptionalFields(asn);
}
void readCrlReasonCode(Asn1Reader asn)
{
if (asn.Tag != 48)
{
return;
}
asn.MoveNext();
do
{
Int32 offset = asn.Offset;
asn.MoveNextAndExpectTags(Asn1Type.OBJECT_IDENTIFIER);
var oid = new Asn1ObjectIdentifier(asn).Value;
if (oid.Value == X509ExtensionOid.CRLReasonCode)
{
asn.MoveNext();
if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
{
asn.MoveNext();
}
if (asn.Tag == (Byte)Asn1Type.OCTET_STRING)
{
asn.MoveNext();
if (asn.PayloadLength > 0)
{
ReasonCode = asn[asn.PayloadStartOffset];
break;
}
}
}
asn.Seek(offset);
} while (asn.MoveNextSibling());
}
void decode(Asn1Reader asn)
{
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
RawData = asn.GetTagRawData();
Int32 offset = asn.Offset;
asn.MoveNext();
SerialNumber = Asn1Utils.DecodeInteger(asn.GetTagRawData(), true);
asn.MoveNextAndExpectTags(Asn1Type.UTCTime, Asn1Type.GeneralizedTime);
switch (asn.Tag)
{
case (Byte)Asn1Type.UTCTime:
RevocationDate = new Asn1UtcTime(asn.GetTagRawData()).Value;
break;
case (Byte)Asn1Type.GeneralizedTime:
RevocationDate = Asn1Utils.DecodeGeneralizedTime(asn.GetTagRawData());
break;
}
if (asn.MoveNextSibling())
{
// use high-performant extension decoder instead of generic one.
// Since CRLs may store a hundreds of thousands entries, this is
// pretty reasonable to save loops whenever possible.
readCrlReasonCode(asn);
}
asn.Seek(offset);
}
// decoders
void decodeOtherName() {
try {
Asn1Reader asn = new Asn1Reader(rawData);
if (!asn.MoveNext()) { throw new ArgumentException("Input data is not valid OtherName."); }
Oid oid = new Oid(Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData()));
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNext();
OID = oid;
switch (oid.Value) {
// UPN
case "1.3.6.1.4.1.311.20.2.3":
Type = X509AlternativeNamesEnum.UserPrincipalName;
if (asn.PayloadLength == 0) { return; }
Value = Encoding.UTF8.GetString(asn.GetPayload()); break;
// GUID
case "1.3.6.1.4.1.311.25.1":
if (asn.PayloadLength == 0) { return; }
Guid guid = new Guid(asn.GetPayload());
Type = X509AlternativeNamesEnum.Guid;
Value = guid.ToString();
break;
default:
Value = String.Empty;
Type = X509AlternativeNamesEnum.OtherName;
foreach (Byte B in asn.GetPayload()) {
Value += $"{B:x2}" + " ";
}
Value = Value.Trim();
break;
}
} catch { throw new ArgumentException("Input data is not valid OtherName."); }
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
Oid = Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData());
asn.MoveNext();
Asn1Type[] types =
{
Asn1Type.IA5String,
Asn1Type.PrintableString,
Asn1Type.VisibleString,
Asn1Type.UTF8String,
Asn1Type.UniversalString,
Asn1Type.BMPString,
Asn1Type.TeletexString
};
encodingTag = (Asn1Type)asn.Tag;
Value = Asn1Utils.DecodeAnyString(asn.GetTagRawData(), types);
RawData = rawData;
}
void m_decode(Byte[] rawData)
{
var aiaUrls = new List <String>();
var ocspUrls = new List <String>();
var asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
do
{
Int32 offset = asn.Offset;
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
String oidString = Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData()).Value;
asn.MoveNextAndExpectTags(0x86);
switch (oidString)
{
case "1.3.6.1.5.5.7.48.2": aiaUrls.Add(Encoding.ASCII.GetString(asn.GetPayload())); break;
case "1.3.6.1.5.5.7.48.1": ocspUrls.Add(Encoding.ASCII.GetString(asn.GetPayload())); break;
}
asn.MoveToPosition(offset);
} while (asn.MoveNextCurrentLevel());
CertificationAuthorityIssuer = aiaUrls.ToArray();
OnlineCertificateStatusProtocol = ocspUrls.ToArray();
}
void decode(Asn1Reader asn)
{
asn.MoveNextAndExpectTags(48);
AlgorithmIdentifier = new AlgorithmIdentifier(asn.GetTagRawData());
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.OCTET_STRING);
_msgHash.AddRange(new Asn1OctetString(asn).Value);
}
void decodeCms(Asn1Reader asn)
{
asn.MoveNextAndExpectTags(48, (Byte)Asn1Type.OBJECT_IDENTIFIER);
if (asn.Tag == 48)
{
Status = new TspStatusInfo(asn.GetTagRawData());
if (Status.ResponseStatus != TspResponseStatus.Granted && Status.ResponseStatus != TspResponseStatus.GrantedWithModifications)
{
return;
}
asn.MoveNextCurrentLevelAndExpectTags(48);
}
else
{
asn.MoveToPosition(0);
}
signedCms = new DefaultSignedPkcs7(asn.GetTagRawData());
ResponseType = signedCms.ContentType;
switch (ResponseType.Value)
{
// TimeStamp Token
case "1.2.840.113549.1.9.16.1.4":
decodeTstInfo(new Asn1Reader(signedCms.Content));
break;
// PKCS 7 DATA
case "1.2.840.113549.1.7.1":
break;
}
getSigningTime();
_rawData.AddRange(asn.GetRawData());
validate();
}
void decodeResponse()
{
asn = new Asn1Reader(RawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException("Response data is not valid ASN.1 encoded data.");
}
//response status
asn.MoveNextAndExpectTags((Byte)Asn1Type.ENUMERATED);
ResponseStatus = (OCSPResponseStatus)asn.GetPayload()[0];
if (asn.NextOffset == 0)
{
return;
}
//responseBytesCS
asn.MoveNextAndExpectTags(0xa0);
asn.MoveNext();
asn.MoveNext();
decodeResponseType(new Asn1ObjectIdentifier(asn.GetTagRawData()).Value);
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING);
//BasicOCSPResponse
asn.MoveNextAndExpectTags(0x30);
asn.MoveNext();
//tbsResponseData
Asn1Reader tbsResponseData = new Asn1Reader(asn.GetTagRawData());
//decodetbsResponse(tbsResponseData);
//signatureAlgorithm
asn.MoveNextCurrentLevel();
SignatureAlgorithm = new AlgorithmIdentifier(Asn1Utils.Encode(asn.GetPayload(), 48)).AlgorithmId;
//signature
asn.MoveNextCurrentLevel();
Byte[] signature = asn.GetPayload().Skip(1).ToArray();
// GenericArray.GetSubArray(asn1.Payload, 1, asn1.Payload.Length - 1);
SignerCertificates = new X509Certificate2Collection();
if (asn.MoveNext())
{
asn.MoveNext();
Asn1Reader cert = new Asn1Reader(asn.GetPayload());
do
{
SignerCertificates.Add(new X509Certificate2(Asn1Utils.Encode(cert.GetPayload(), 48)));
} while (cert.MoveNextCurrentLevel());
verifySigner(SignerCertificates[0], true);
} // optional. Find cert in store.
verifyAll(tbsResponseData, signature, SignatureAlgorithm);
}
void decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
IssuerName = new X500DistinguishedName(asn.GetTagRawData());
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
SerialNumber = AsnFormatter.BinaryToString(asn);
RawData = rawData;
}
Byte[] extractContent(Asn1Reader asn) {
Int32 offset = asn.Offset;
asn.MoveNext();
ContentType = new Asn1ObjectIdentifier(asn.GetTagRawData()).Value;
if (asn.MoveNextCurrentLevel()) { // content [0] EXPLICIT ANY DEFINED BY contentType
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING); // octet string
return asn.GetPayload();
}
asn.MoveToPoisition(offset);
return null;
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
AlgorithmId = Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData());
Parameters = asn.MoveNext() ? asn.GetTagRawData() : null;
RawData = rawData;
}
void decode(Byte[] rawData)
{
reset();
_rawData.AddRange(rawData);
cms = new DefaultSignedPkcs7(rawData);
if (cms.ContentType.Value != ctlOid.Value)
{
throw new ArgumentException("Decoded data is not valid certificate trust list.");
}
var asn = new Asn1Reader(Asn1Utils.Encode(cms.Content, 48));
asn.MoveNextAndExpectTags(48);
decodeUsages(asn);
Boolean reachedEnd = false;
while (asn.MoveNextCurrentLevel())
{
if (reachedEnd)
{
break;
}
switch (asn.Tag)
{
case (Byte)Asn1Type.OCTET_STRING:
decodeListIdentifier(asn);
break;
case (Byte)Asn1Type.INTEGER:
decodeSequenceNumber(asn);
break;
case (Byte)Asn1Type.UTCTime:
case (Byte)Asn1Type.GeneralizedTime:
decodeValidity(asn);
reachedEnd = true;
break;
default:
reachedEnd = true;
break;
}
}
decodeAlgId(asn);
asn.MoveNextCurrentLevel();
decodeEntries(asn);
if (asn.MoveNextCurrentLevel())
{
decodeExtensions(asn);
}
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNextAndExpectTags(0x30);
ToBeSignedData = asn.GetTagRawData();
asn.MoveNextCurrentLevelAndExpectTags(0x30);
SignatureAlgorithm = new AlgorithmIdentifier(asn.GetTagRawData());
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.BIT_STRING);
Signature = new Asn1BitString(asn);
}
void decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNextAndExpectTags((Byte)Asn1Type.OBJECT_IDENTIFIER);
algId = Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData());
if (asn.MoveNext())
{
param = asn.GetTagRawData();
}
_rawData.AddRange(rawData);
}
Byte[] extractContent(Asn1Reader asn)
{
Int32 offset = asn.Offset;
asn.MoveNext();
Byte[] payload = null;
ContentType = new Asn1ObjectIdentifier(asn.GetTagRawData()).Value;
if (asn.MoveNextCurrentLevel())
{
// content [0] EXPLICIT ANY DEFINED BY contentType
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING, 48); // octet string or sequence
payload = asn.GetPayload();
contentOffset = asn.Offset;
contentSize = asn.TagLength;
}
asn.MoveToPosition(offset);
return(payload);
}
/// <summary>
/// Decodes ASN.1-encoded attribute (with envelope) to an instance of <strong>X509Attribute</strong> class.
/// </summary>
/// <param name="rawData">ASN.1-encoded attribute full data.</param>
/// <exception cref="ArgumentNullException"><strong>rawData</strong> parameter is null.</exception>
/// <exception cref="Asn1InvalidTagException">Invalid tag identifier occured.</exception>
/// <returns>Instance of <strong>X509Attribute</strong> class</returns>
public static X509Attribute Decode(Byte[] rawData)
{
if (rawData == null)
{
throw new ArgumentNullException(nameof(rawData));
}
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
Oid oid = Asn1Utils.DecodeObjectIdentifier(asn.GetTagRawData());
asn.MoveNextAndExpectTags(0x31);
return(new X509Attribute(oid, asn.GetPayload()));
}
void decode(Asn1Reader asn)
{
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
ResponseStatus = (TspResponseStatus)(Int32) new Asn1Integer(asn).Value;
while (asn.MoveNextCurrentLevel())
{
switch (asn.Tag)
{
case (Byte)Asn1Type.INTEGER:
ErrorCode = (TspFailureStatus)((Int32) new Asn1Integer(asn).Value + 1);
break;
case (Byte)Asn1Type.UTF8String:
ErrorText = Encoding.UTF8.GetString(asn.GetPayload());
break;
}
}
}
void decode(Byte[] rawData)
{
var asn = new Asn1Reader(rawData);
asn.MoveNextAndExpectTags((Byte)Asn1Type.OCTET_STRING);
Thumbprint = AsnFormatter.BinaryToString(asn.GetPayload(), format: EncodingFormat.NOCRLF, forceUpperCase: true);
// check if there are attributes
if (asn.MoveNext() && asn.Tag == 49)
{
Byte[] attrBytes = asn.GetTagRawData();
// in CTL attributes are encoded as SET, but we need SEQUENCE, so change first byte to SEQUENCE (48)
attrBytes[0] = 48;
var attributes = new X509AttributeCollection();
// decode attributes into collection
attributes.Decode(attrBytes);
// and then add decoded attributes to internal list.
_attributes.AddRange(attributes);
}
}
void getVersion(Asn1Reader asn)
{
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
Version = (Int32)(Asn1Utils.DecodeInteger(asn.GetTagRawData()) + 1);
}
