/// <summary>
/// Decodes a ASN.1-encoded byte array that contains revoked certificate information to a collection.
/// </summary>
/// <param name="asn">ASN.1 that points to the beginning of the CRL entry collection structure.</param>
/// <exception cref="Asn1InvalidTagException">The encoded data is not valid.</exception>
/// <exception cref="ArgumentNullException">The <strong>rawData</strong> parameter is null reference.</exception>
/// <remarks>This method removes any existing entries in the collection before decoding.</remarks>
public void Decode(Asn1Reader asn)
{
if (asn == null)
{
throw new ArgumentNullException(nameof(asn));
}
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
Int32 offset = asn.Offset;
InternalList.Clear();
InternalList.Capacity = asn.GetNestedNodeCount();
if (!asn.MoveNext())
{
throw new Asn1InvalidTagException(asn.Offset);
}
do
{
InternalList.Add(new X509CRLEntry(asn));
} while (asn.MoveNextSibling());
asn.Seek(offset);
}
void readCrlReasonCode(Asn1Reader asn)
{
if (asn.Tag != 48)
{
return;
}
asn.MoveNext();
do
{
Int32 offset = asn.Offset;
asn.MoveNextAndExpectTags(Asn1Type.OBJECT_IDENTIFIER);
var oid = new Asn1ObjectIdentifier(asn).Value;
if (oid.Value == X509ExtensionOid.CRLReasonCode)
{
asn.MoveNext();
if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
{
asn.MoveNext();
}
if (asn.Tag == (Byte)Asn1Type.OCTET_STRING)
{
asn.MoveNext();
if (asn.PayloadLength > 0)
{
ReasonCode = asn[asn.PayloadStartOffset];
break;
}
}
}
asn.Seek(offset);
} while (asn.MoveNextSibling());
}
void decode(Asn1Reader asn)
{
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
RawData = asn.GetTagRawData();
Int32 offset = asn.Offset;
asn.MoveNext();
SerialNumber = Asn1Utils.DecodeInteger(asn.GetTagRawData(), true);
asn.MoveNextAndExpectTags(Asn1Type.UTCTime, Asn1Type.GeneralizedTime);
switch (asn.Tag)
{
case (Byte)Asn1Type.UTCTime:
RevocationDate = new Asn1UtcTime(asn.GetTagRawData()).Value;
break;
case (Byte)Asn1Type.GeneralizedTime:
RevocationDate = Asn1Utils.DecodeGeneralizedTime(asn.GetTagRawData());
break;
}
if (asn.MoveNextSibling())
{
// use high-performant extension decoder instead of generic one.
// Since CRLs may store a hundreds of thousands entries, this is
// pretty reasonable to save loops whenever possible.
readCrlReasonCode(asn);
}
asn.Seek(offset);
}
void decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
if (asn.PayloadLength == 0)
{
return;
}
do
{
switch (asn.Tag)
{
case 0xA0:
Asn1Reader distName = new Asn1Reader(asn.GetPayload());
do
{
switch (distName.Tag)
{
case 0xA0:
// full name
_fullNames.Decode(Asn1Utils.Encode(distName.GetPayload(), 48));
break;
case 0xA1:
// relative to issuer name
Byte[] relativeName = Asn1Utils.Encode(distName.GetPayload(), 48);
RelativeToIssuerName = new X500DistinguishedName(relativeName);
break;
default:
throw new InvalidDataException("The data is invalid");
}
} while (distName.MoveNextSibling());
break;
case 0xA1:
// reasons
Asn1BitString bs = new Asn1BitString(asn.GetPayload());
if (bs.Value[0] == 0)
{
Reasons = X509RevocationReasonFlag.Unspecified;
}
else
{
Reasons = (X509RevocationReasonFlag)bs.Value[0];
}
break;
case 0xA2:
// crl issuer
_crlIssuers.Decode(Asn1Utils.Encode(asn.GetPayload(), 48));
break;
default:
throw new InvalidDataException("The data is invalid.");
}
} while (asn.MoveNextSibling());
_rawData.AddRange(rawData);
}
static X509AlternativeNameCollection decodeNamesFromAsn(Byte[] rawData)
{
var altNames = new X509AlternativeNameCollection();
var asn = new Asn1Reader(rawData);
asn.MoveNext();
do
{
altNames.Add(new X509AlternativeName(asn.GetPayload()));
} while (asn.MoveNextSibling());
altNames.Close();
return(altNames);
}
void decode()
{
var asn = new Asn1Reader(RawData);
if (asn.PayloadLength == 0)
{
return;
}
asn.MoveNext();
do
{
switch (asn.Tag)
{
case 0xa0:
DistributionPoint = new X509DistributionPoint(Asn1Utils.Encode(asn.GetTagRawData(), 48));
break;
case 0xa1:
OnlyUserCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa2:
OnlyCaCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa3:
var val = new Asn1BitString(asn.GetPayload());
if (val.Value.Length > 1)
{
Reasons = (X509RevocationReasonFlag)BitConverter.ToUInt16(val.Value, 0);
}
else if (val.Value.Length == 1)
{
Reasons = (X509RevocationReasonFlag)val.Value[0];
}
break;
case 0xa4:
IndirectCRL = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa5:
OnlyAttributeCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
}
} while (asn.MoveNextSibling());
}
void m_decode(Byte[] rawData)
{
var asn = new Asn1Reader(rawData);
asn.MoveNext();
do
{
if (asn.PayloadLength > 0)
{
switch (asn.Tag)
{
case 0xa0: _permittedSubtree.AddRange(decodeNamesFromAsn(asn.GetTagRawData())); break;
case 0xa1: _excludedSubtree.AddRange(decodeNamesFromAsn(asn.GetTagRawData())); break;
}
}
} while (asn.MoveNextSibling());
}
/// <summary>
/// Decodes ASN.1-encoded byte array that represents a collection of <see cref="X509Extension"/> objects.
/// </summary>
/// <param name="extensions">Destination collection where decoded extensions will be added.</param>
/// <param name="asn">ASN.1 reader which points to the beginning of the extenstion collection structure.</param>
/// <exception cref="Asn1InvalidTagException">Decoder encountered an unexpected ASN.1 type identifier.</exception>
/// <exception cref="ArgumentNullException">
/// <strong>extensions</strong> and/or <strong>asn</strong> parameter is null.
/// </exception>
/// <remarks> If current collection contains items, decoded items will be appended to existing items.</remarks>
public static void Decode(this X509ExtensionCollection extensions, Asn1Reader asn)
{
if (extensions == null)
{
throw new ArgumentNullException(nameof(extensions));
}
if (asn == null)
{
throw new ArgumentNullException(nameof(asn));
}
Int32 offset = asn.Offset;
if (!asn.MoveNext() || asn.PayloadLength == 0)
{
return;
}
do
{
extensions.Add(X509ExtensionExtensions.Decode(asn));
} while (asn.MoveNextSibling());
asn.Seek(offset);
}
void m_decode()
{
try {
Type = X509CrlType.BaseCrl;
var signedInfo = new SignedContentBlob(_rawData, ContentBlobType.SignedBlob);
// signature and alg
signature = signedInfo.Signature.Value;
sigUnused = signedInfo.Signature.UnusedBits;
SignatureAlgorithm = signedInfo.SignatureAlgorithm.AlgorithmId;
// tbs
var asn = new Asn1Reader(signedInfo.ToBeSignedData);
if (!asn.MoveNext())
{
throw new Asn1InvalidTagException();
}
// version
if (asn.Tag == (Byte)Asn1Type.INTEGER)
{
Version = (Int32)Asn1Utils.DecodeInteger(asn.GetTagRawData()) + 1;
asn.MoveNextSibling();
}
else
{
Version = 1;
}
// hash algorithm
var h = new AlgorithmIdentifier(asn.GetTagRawData());
if (h.AlgorithmId.Value != SignatureAlgorithm.Value)
{
throw new CryptographicException("Algorithm mismatch.");
}
if (!asn.MoveNextSibling())
{
throw new Asn1InvalidTagException();
}
// issuer
IssuerName = new X500DistinguishedName(asn.GetTagRawData());
// NextUpdate, RevokedCerts and Extensions are optional. Ref: RFC5280, p.118
if (!asn.MoveNextSibling())
{
throw new Asn1InvalidTagException();
}
switch (asn.Tag)
{
case (Byte)Asn1Type.UTCTime:
ThisUpdate = new Asn1UtcTime(asn.GetTagRawData()).Value;
break;
case (Byte)Asn1Type.GeneralizedTime:
ThisUpdate = Asn1Utils.DecodeGeneralizedTime(asn.GetTagRawData());
break;
default:
throw new Asn1InvalidTagException();
}
if (!asn.MoveNextSibling())
{
return;
}
switch (asn.Tag)
{
case (Byte)Asn1Type.UTCTime:
case (Byte)Asn1Type.GeneralizedTime:
switch (asn.Tag)
{
case (Byte)Asn1Type.UTCTime:
NextUpdate = new Asn1UtcTime(asn.GetTagRawData()).Value;
break;
case (Byte)Asn1Type.GeneralizedTime:
NextUpdate = Asn1Utils.DecodeGeneralizedTime(asn.GetTagRawData());
break;
default:
throw new Asn1InvalidTagException();
}
if (!asn.MoveNextSibling())
{
return;
}
if (asn.Tag == 48)
{
_revokedCerts.Decode(asn);
if (!asn.MoveNextSibling())
{
return;
}
readExtensions(asn);
}
else
{
readExtensions(asn);
}
break;
case 48:
if (asn.Tag == 48)
{
_revokedCerts.Decode(asn);
if (!asn.MoveNextSibling())
{
return;
}
readExtensions(asn);
}
else
{
readExtensions(asn);
}
break;
default:
readExtensions(asn);
break;
}
calculateThumbprint();
} catch (Exception e) {
throw new CryptographicException("Cannot find the requested object.", e);
}
}
