public static void SignCert(string tbsfile, string tbssig)
{
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
var t1 = GenerateJcaObject(
TbsCertificateStructure.GetInstance(Asn1Sequence.FromByteArray(File.ReadAllBytes(tbsfile))), sigAlgId,
System.IO.File.ReadAllBytes(tbssig).Take(256).ToArray());
System.IO.File.WriteAllBytes("cert.cer", t1.GetEncoded());
Console.WriteLine("saved as cert.cer");
}
private ProtectedPkiMessage FinalizeMessage(PkiHeader header, DerBitString protection)
{
if (extraCerts.Count > 0)
{
CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count];
for (int i = 0; i < cmpCertificates.Length; i++)
{
byte[] cert = ((X509Certificate)extraCerts[i]).GetEncoded();
cmpCertificates[i] = CmpCertificate.GetInstance((Asn1Sequence.FromByteArray(cert)));
}
return(new ProtectedPkiMessage(new PkiMessage(header, body, protection, cmpCertificates)));
}
return(new ProtectedPkiMessage(new PkiMessage(header, body, protection)));
}
public static string DecodeEncryptionParamSet(byte[] data)
{
if (data == null)
{
throw ExceptionUtility.ArgumentNull("data");
}
string encryptionParamSet;
try
{
var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence;
encryptionParamSet = (s[0] as DerObjectIdentifier).Id;
}
catch (Exception exception)
{
throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "Gost2814789BlobParametersDecode");
}
return(encryptionParamSet);
}
public void Decode(byte[] data)
{
if (data == null)
{
throw ExceptionUtility.ArgumentNull("data");
}
try
{
var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence;
var key = s[0] as Asn1Sequence;
var parms = s[1] as Asn1Sequence;
EncryptionParamSet = (parms[0] as DerObjectIdentifier).Id;
Ukm = (parms[1] as DerOctetString).GetOctets();
EncryptedKey = (key[0] as DerOctetString).GetOctets();
Mac = (key[1] as DerOctetString).GetOctets();
}
catch (Exception exception)
{
throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "DecodeGostR3410Key");
}
}
public void Decode(byte[] data)
{
if (data == null)
{
throw ExceptionUtility.ArgumentNull("data");
}
try
{
var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence;
var s0 = s[0] as Asn1Sequence;
var s1 = (s[1] as Asn1TaggedObject).GetObject() as Asn1Sequence;
var s11 = (s1[1] as Asn1TaggedObject).GetObject() as Asn1Sequence;
var s1101 = (s11[0] as Asn1Sequence)[1] as Asn1Sequence;
SessionEncryptedKey = new GostKeyExchangeInfo
{
EncryptionParamSet = (s1[0] as DerObjectIdentifier).Id,
EncryptedKey = (s0[0] as DerOctetString).GetOctets(),
Mac = (s0[1] as DerOctetString).GetOctets(),
Ukm = (s1[2] as DerOctetString).GetOctets()
};
TransportParameters = new GostKeyExchangeParameters
{
PublicKeyParamSet = (s1101[0] as DerObjectIdentifier).Id,
DigestParamSet = (s1101[1] as DerObjectIdentifier).Id,
EncryptionParamSet = s1101.Count > 2 ? (s1101[2] as DerObjectIdentifier).Id : null,
PublicKey = (DerOctetString.FromByteArray((s11[1] as DerBitString).GetBytes()) as DerOctetString).GetOctets(),
PrivateKey = null
};
}
catch (Exception exception)
{
throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "GostR3410KeyTransportDecode");
}
}
internal static void GetCertStatus(
DateTime validDate,
X509Crl crl,
Object cert,
CertStatus certStatus)
{
X509Crl bcCRL = null;
try
{
bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded())));
}
catch (Exception exception)
{
throw new Exception("Bouncy Castle X509Crl could not be created.", exception);
}
X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert));
if (crl_entry == null)
{
return;
}
X509Name issuer = GetIssuerPrincipal(cert);
if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) ||
issuer.Equivalent(crl.IssuerDN, true))
{
DerEnumerated reasonCode = null;
if (crl_entry.HasExtensions)
{
try
{
reasonCode = DerEnumerated.GetInstance(
GetExtensionValue(crl_entry, X509Extensions.ReasonCode));
}
catch (Exception e)
{
throw new Exception(
"Reason code CRL entry extension could not be decoded.",
e);
}
}
// for reason keyCompromise, caCompromise, aACompromise or
// unspecified
if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) ||
reasonCode == null ||
reasonCode.Value.TestBit(0) ||
reasonCode.Value.TestBit(1) ||
reasonCode.Value.TestBit(2) ||
reasonCode.Value.TestBit(8))
{
if (reasonCode != null) // (i) or (j) (1)
{
certStatus.Status = reasonCode.Value.SignValue;
}
else // (i) or (j) (2)
{
certStatus.Status = CrlReason.Unspecified;
}
certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate);
}
}
}
/// <summary>
///
/// </summary>
/// <param name="x509_certificate2"></param>
/// <param name="encrypted_data"></param>
/// <returns></returns>
public byte[] GetDecryptedContent(X509Certificate2 x509_certificate2, byte[] encrypted_data)
{
Org.BouncyCastle.Asn1.Cms.ContentInfo _content = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(Asn1Sequence.FromByteArray(encrypted_data));
EnvelopedData _envelopedData = EnvelopedData.GetInstance(_content.Content);
EncryptedContentInfo _encryptedContentInfo = _envelopedData.EncryptedContentInfo;
byte[] _encrypt = _encryptedContentInfo.EncryptedContent.GetOctets();
RecipientInfo _recipientInfo = RecipientInfo.GetInstance(_envelopedData.RecipientInfos[0]);
KeyTransRecipientInfo _keyTransRecipientInfo = KeyTransRecipientInfo.GetInstance(_recipientInfo.Info);
byte[] _byteEncryptedKey = _keyTransRecipientInfo.EncryptedKey.GetOctets();
RSACryptoServiceProvider _rsaCrypto = (RSACryptoServiceProvider)x509_certificate2.PrivateKey;
byte[] _randomKey = _rsaCrypto.Decrypt(_byteEncryptedKey, false);
AlgorithmIdentifier _contentEncryptionAlgorithm = _encryptedContentInfo.ContentEncryptionAlgorithm;
Asn1OctetString _paramIV = Asn1OctetString.GetInstance(_contentEncryptionAlgorithm.Parameters);
byte[] _initVector = _paramIV.GetOctets();
tDESCrypto _cryptoService = new tDESCrypto(_randomKey, _initVector);
return(_cryptoService.Decrypt(_encrypt));
}
internal static void GetCertStatus(
DateTime validDate,
X509Crl crl,
Object cert,
CertStatus certStatus)
{
X509Crl bcCRL = null;
try
{
bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded())));
}
catch (Exception exception)
{
throw new Exception("Bouncy Castle X509Crl could not be created.", exception);
}
X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert));
if (crl_entry == null)
{
return;
}
X509Name issuer = GetIssuerPrincipal(cert);
if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) &&
!issuer.Equivalent(crl.IssuerDN, true))
{
return;
}
int reasonCodeValue = CrlReason.Unspecified;
if (crl_entry.HasExtensions)
{
try
{
Asn1Object extValue = GetExtensionValue(crl_entry, X509Extensions.ReasonCode);
DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue);
if (null != reasonCode)
{
reasonCodeValue = reasonCode.IntValueExact;
}
}
catch (Exception e)
{
throw new Exception("Reason code CRL entry extension could not be decoded.", e);
}
}
DateTime revocationDate = crl_entry.RevocationDate;
if (validDate.Ticks < revocationDate.Ticks)
{
switch (reasonCodeValue)
{
case CrlReason.Unspecified:
case CrlReason.KeyCompromise:
case CrlReason.CACompromise:
case CrlReason.AACompromise:
break;
default:
return;
}
}
// (i) or (j)
certStatus.Status = reasonCodeValue;
certStatus.RevocationDate = new DateTimeObject(revocationDate);
}