/// <summary>
        /// </summary>
        /// <param name="secret">密钥,机器人安全设置页面,加签一栏下面显示的SEC开头的字符串。</param>
        /// <returns></returns>
        public static string GetSignParam(string secret)
            long timestamp = (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds;

            string stringToSign = timestamp + "\n" + secret;
            Mac    mac          = Mac.getInstance("HmacSHA256");

            mac.init(new SecretKeySpec(System.Text.Encoding.Default.GetBytes(secret), "HmacSHA256"));
            byte[] signData = mac.doFinal(System.Text.Encoding.Default.GetBytes(stringToSign));
            string sign     = URLEncoder.encode(Convert.ToBase64String(signData), "UTF-8");

            return("&timestamp=" + Convert.ToString(timestamp) + "&sign=" + sign);
        /// <summary>
        /// Create <b>HmacSHA1</b> byte[] signature for data and key
        /// </summary>
        /// <param name="data"> byte[] </param>
        /// <param name="key">  byte[] </param>
        /// <returns> signature byte[] </returns>
        /// <exception cref="SignatureException"> </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public byte[] sign(byte[] data, byte[] key) throws java.security.SignatureException
        public virtual sbyte[] sign(sbyte[] data, sbyte[] key)
                Mac mac = Mac.getInstance(HmacSHA1);
                mac.init(new SecretKeySpec(key, HmacSHA1));
            catch (Exception e)
                throw new SignatureException("Unable to calculate a request signature: " + e.Message, e);
Ejemplo n.º 3
        private void F(
            byte[]  P,
            byte[]  S,
            int c,
            byte[]  iBuf,
            byte[]  outBytes,
            int outOff)
            byte[]           state = new byte[hMac.getMacSize()];
            CipherParameters param = new KeyParameter(P);


            if (S != null)
                hMac.update(S, 0, S.Length);

            hMac.update(iBuf, 0, iBuf.Length);

            hMac.doFinal(state, 0);

            Array.Copy(state, 0, outBytes, outOff, state.Length);

            for (int count = 1; count != c; count++)
                hMac.update(state, 0, state.Length);
                hMac.doFinal(state, 0);

                for (int j = 0; j != state.Length; j++)
                    outBytes[outOff + j] ^= state[j];
Ejemplo n.º 4
        private byte[] decryptBlock(
            byte[]  in_enc,
            int inOff,
            int inLen,
            byte[]  z)
        //throws InvalidCipherTextException
            byte[]        M          = null;
            KeyParameter  macKey     = null;
            KDFParameters kParam     = new KDFParameters(z, param.getDerivationV());
            int           macKeySize = param.getMacKeySize();


            inLen -= mac.getMacSize();

            if (cipher == null)                 // stream mode
                byte[] buf = new byte[inLen + (macKeySize / 8)];

                M = new byte[inLen];

                kdf.generateBytes(buf, 0, buf.Length);

                for (int i = 0; i != inLen; i++)
                    M[i] = (byte)(in_enc[inOff + i] ^ buf[i]);

                macKey = new KeyParameter(buf, inLen, (macKeySize / 8));
                int    cipherKeySize = ((IESWithCipherParameters)param).getCipherKeySize();
                byte[] buf           = new byte[(cipherKeySize / 8) + (macKeySize / 8)];

                cipher.init(false, new KeyParameter(buf, 0, (cipherKeySize / 8)));

                byte[] tmp = new byte[cipher.getOutputSize(inLen)];

                int off = cipher.processBytes(in_enc, inOff, inLen, tmp, 0);

                off += cipher.doFinal(tmp, off);

                M = new byte[off];

                Array.Copy(tmp, 0, M, 0, off);

                macKey = new KeyParameter(buf, (cipherKeySize / 8), (macKeySize / 8));

            byte[] macIV = param.getEncodingV();

            mac.update(in_enc, inOff, inLen);
            mac.update(macIV, 0, macIV.Length);
            mac.doFinal(macBuf, 0);

            inOff += inLen;

            for (int t = 0; t < macBuf.Length; t++)
                if (macBuf[t] != in_enc[inOff + t])
                    throw (new InvalidCipherTextException("Mac codes failed to equal."));

Ejemplo n.º 5
         * Calculates the verification code of the provided key at the specified
         * instant of time using the algorithm specified in RFC 6238.
         * @param key the secret key in binary format.
         * @param tm  the instant of time.
         * @return the validation code for the provided key at the specified instant
         * of time.
        int calculateCode(byte[] key, long tm)
            // Allocating an array of bytes to represent the specified instant
            // of time.
            byte[] data  = new byte[8];
            long   value = tm;

            // Converting the instant of time from the long representation to a
            // big-endian array of bytes (RFC4226, 5.2. Description).
            for (int i = 8; i-- > 0; value >> >= 8)
                data[i] = (byte)value;

            // Building the secret key specification for the HmacSHA1 algorithm.
            System.Security.Cryptography.HMACSHA1 signKey = new SecretKeySpec(key, config.getHmacHashFunction().toString());

                // Getting an HmacSHA1/HmacSHA256 algorithm implementation from the JCE.
                Mac mac = Mac.getInstance(config.getHmacHashFunction().toString());

                // Initializing the MAC algorithm.

                // Processing the instant of time and getting the encrypted data.
                byte[] hash = mac.doFinal(data);

                // Building the validation code performing dynamic truncation
                // (RFC4226, 5.3. Generating an HOTP value)
                int offset = hash[hash.length - 1] & 0xF;

                // We are using a long because Java hasn't got an unsigned int type
                // and we need 32 unsigned bits).
                long truncatedHash = 0;

                for (int i = 0; i < 4; ++i)
                    truncatedHash <<= 8;

                    // Java bytes are signed but we need an unsigned int:
                    // cleaning off all but the LSB.
                    truncatedHash |= (hash[offset + i] & 0xFF);

                // Clean bits higher than the 32nd (inclusive) and calculate the
                // module with the maximum validation code value.
                truncatedHash &= 0x7FFFFFFF;
                truncatedHash %= config.getKeyModulus();

                // Returning the validation code to the caller.
            catch (NoSuchAlgorithmException | InvalidKeyException ex)
                // Logging the exception.
                LOGGER.log(Level.SEVERE, ex.getMessage(), ex);

                // We're not disclosing internal error details to our clients.
                throw new AuthenticatorException("The operation cannot be "
                                                 + "performed now.");
Ejemplo n.º 6
        public void save(Stream stream, char[] password, SecureRandom random)
            if (password == null)
                throw new ArgumentException("No password supplied for PKCS12Store.");

            ContentInfo[] c = new ContentInfo[2];

            // handle the key
            ASN1EncodableVector keyS = new ASN1EncodableVector();

            IEnumerator ks = keys.Keys.GetEnumerator();

            while (ks.MoveNext())
                byte[] kSalt = new byte[saltSize];


                String                  name    = (String)ks.Current;
                AsymmetricKeyEntry      privKey = (AsymmetricKeyEntry)keys[name];
                EncryptedPrivateKeyInfo kInfo   = EncryptedPrivateKeyInfoFactory.createEncryptedPrivateKeyInfo(keyAlgorithm, password, kSalt, minIterations, privKey.getKey());
                ASN1EncodableVector     kName   = new ASN1EncodableVector();

                IEnumerator e = privKey.getBagAttributeKeys();

                while (e.MoveNext())
                    String oid = (String)e.Current;
                    ASN1EncodableVector kSeq = new ASN1EncodableVector();

                    kSeq.add(new DERObjectIdentifier(oid));
                    kSeq.add(new DERSet(privKey.getBagAttribute(new DERObjectIdentifier(oid))));

                    kName.add(new DERSequence(kSeq));

                // make sure we have a local key-id
                if (privKey.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId) == null)
                    ASN1EncodableVector  kSeq = new ASN1EncodableVector();
                    X509CertificateEntry ct   = getCertificate(name);

                    kSeq.add(new DERSet(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(ct.getCertificate().getPublicKey()))));

                    kName.add(new DERSequence(kSeq));

                // make sure we are using the local alias on store
                DERBMPString nm = (DERBMPString)privKey.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                if (nm == null || !nm.getString().Equals(name))
                    ASN1EncodableVector kSeq = new ASN1EncodableVector();

                    kSeq.add(new DERSet(new DERBMPString(name)));

                    kName.add(new DERSequence(kSeq));

                SafeBag kBag = new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, kInfo.toASN1Object(), new DERSet(kName));

            MemoryStream    bOut = new MemoryStream();
            DEROutputStream dOut = new DEROutputStream(bOut);

            dOut.writeObject(new DERSequence(keyS));

            BEROctetString keyString = new BEROctetString(bOut.ToArray());

            // certficate processing
            byte[] cSalt = new byte[saltSize];


            ASN1EncodableVector certSeq   = new ASN1EncodableVector();
            PKCS12PBEParams     cParams   = new PKCS12PBEParams(cSalt, minIterations);
            AlgorithmIdentifier cAlgId    = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Object());
            Hashtable           doneCerts = new Hashtable();

            IEnumerator cs = keys.Keys.GetEnumerator();

            while (cs.MoveNext())
                    String name = (String)cs.Current;
                    X509CertificateEntry cert = getCertificate(name);
                    CertBag cBag = new CertBag(
                        new DEROctetString(cert.getCertificate().getEncoded()));
                    ASN1EncodableVector fName = new ASN1EncodableVector();

                    IEnumerator e = cert.getBagAttributeKeys();

                    while (e.MoveNext())
                        String oid = (String)e.Current;
                        ASN1EncodableVector fSeq = new ASN1EncodableVector();

                        fSeq.add(new DERObjectIdentifier(oid));
                        fSeq.add(new DERSet(cert.getBagAttribute(new DERObjectIdentifier(oid))));
                        fName.add(new DERSequence(fSeq));

                    // make sure we are using the local alias on store
                    DERBMPString nm = (DERBMPString)cert.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                    if (nm == null || !nm.getString().Equals(name))
                        ASN1EncodableVector fSeq = new ASN1EncodableVector();

                        fSeq.add(new DERSet(new DERBMPString(name)));

                        fName.add(new DERSequence(fSeq));

                    // make sure we have a local key-id
                    if (cert.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId) == null)
                        ASN1EncodableVector fSeq = new ASN1EncodableVector();

                        fSeq.add(new DERSet(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getCertificate().getPublicKey()))));
                        fName.add(new DERSequence(fSeq));

                    SafeBag sBag = new SafeBag(PKCSObjectIdentifiers.certBag, cBag.toASN1Object(), new DERSet(fName));


                    doneCerts.Add(cert, cert);
                catch (Exception e)
                    throw new Exception("Error encoding certificate: " + e.Message);

            cs = certs.Keys.GetEnumerator();
            while (cs.MoveNext())
                    String certId             = (String)cs.Current;
                    X509CertificateEntry cert = (X509CertificateEntry)certs[certId];

                    if (keys[certId] != null)

                    CertBag cBag = new CertBag(
                        new DEROctetString(cert.getCertificate().getEncoded()));
                    ASN1EncodableVector fName = new ASN1EncodableVector();
                    IEnumerator         e     = cert.getBagAttributeKeys();

                    while (e.MoveNext())
                        String oid = (String)e.Current;
                        ASN1EncodableVector fSeq = new ASN1EncodableVector();

                        fSeq.add(new DERObjectIdentifier(oid));
                        fSeq.add(new DERSet(cert.getBagAttribute(new DERObjectIdentifier(oid))));
                        fName.add(new DERSequence(fSeq));

                    // make sure we are using the local alias on store
                    DERBMPString nm = (DERBMPString)cert.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
                    if (nm == null || !nm.getString().Equals(certId))
                        ASN1EncodableVector fSeq = new ASN1EncodableVector();

                        fSeq.add(new DERSet(new DERBMPString(certId)));

                        fName.add(new DERSequence(fSeq));

                    SafeBag sBag = new SafeBag(PKCSObjectIdentifiers.certBag, cBag.toASN1Object(), new DERSet(fName));


                    doneCerts.Add(cert, cert);
                catch (Exception e)
                    throw new Exception("Error encoding certificate: " + e.Message);

            cs = chainCerts.Keys.GetEnumerator();
            while (cs.MoveNext())
                    CertId certId             = (CertId)cs.Current;
                    X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId];

                    if (doneCerts[cert] != null)

                    CertBag cBag = new CertBag(
                        new DEROctetString(cert.getCertificate().getEncoded()));
                    ASN1EncodableVector fName = new ASN1EncodableVector();

                    IEnumerator e = cert.getBagAttributeKeys();

                    while (e.MoveNext())
                        DERObjectIdentifier oid  = (DERObjectIdentifier)e.Current;
                        ASN1EncodableVector fSeq = new ASN1EncodableVector();

                        fSeq.add(new DERSet(cert.getBagAttribute(oid)));
                        fName.add(new DERSequence(fSeq));

                    SafeBag sBag = new SafeBag(PKCSObjectIdentifiers.certBag, cBag.toASN1Object(), new DERSet(fName));

                catch (Exception e)
                    throw new Exception("Error encoding certificate: " + e.Message);

            bOut = new MemoryStream();

            dOut = new DEROutputStream(bOut);

            dOut.writeObject(new DERSequence(certSeq));


            byte[]        certBytes = encryptData(new AlgorithmIdentifier(certAlgorithm, cParams), bOut.ToArray(), password);
            EncryptedData cInfo     = new EncryptedData(PKCSObjectIdentifiers.data, cAlgId, new BEROctetString(certBytes));

            c[0] = new ContentInfo(PKCSObjectIdentifiers.data, keyString);

            c[1] = new ContentInfo(PKCSObjectIdentifiers.encryptedData, cInfo.toASN1Object());

            AuthenticatedSafe auth = new AuthenticatedSafe(c);

            bOut = new MemoryStream();

            BEROutputStream berOut = new BEROutputStream(bOut);


            byte[] pkg = bOut.ToArray();

            ContentInfo mainInfo = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(pkg));

            // create the mac
            byte[] mSalt   = new byte[20];
            int    itCount = minIterations;


            byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets();

            MacData mData = null;

                ASN1Encodable    parameters    = PBEUtil.generateAlgorithmParameters(OIWObjectIdentifiers.id_SHA1, mSalt, itCount);
                CipherParameters keyParameters = PBEUtil.generateCipherParameters(OIWObjectIdentifiers.id_SHA1, password, parameters);
                Mac mac = (Mac)PBEUtil.createEngine(OIWObjectIdentifiers.id_SHA1);


                mac.update(data, 0, data.Length);

                byte[] res = new byte[mac.getMacSize()];

                mac.doFinal(res, 0);

                AlgorithmIdentifier algId = new AlgorithmIdentifier(OIWObjectIdentifiers.id_SHA1, new DERNull());
                DigestInfo          dInfo = new DigestInfo(algId, res);

                mData = new MacData(dInfo, mSalt, itCount);
            catch (Exception e)
                throw new Exception("error constructing MAC: " + e.Message);

            // output the Pfx
            Pfx pfx = new Pfx(mainInfo, mData);

            berOut = new BEROutputStream(stream);

Ejemplo n.º 7
        public PKCS12Store(
            Stream input,
            char[] password)
            if (password == null)
                throw new ArgumentException("No password supplied for PKCS12Store.");

            ASN1InputStream bIn         = new ASN1InputStream(input);
            ASN1Sequence    obj         = (ASN1Sequence)bIn.readObject();
            Pfx             bag         = new Pfx(obj);
            ContentInfo     info        = bag.getAuthSafe();
            ArrayList       chain       = new ArrayList();
            bool            unmarkedKey = false;

            if (bag.getMacData() != null)           // check the mac code
                MemoryStream        bOut   = new MemoryStream();
                BEROutputStream     berOut = new BEROutputStream(bOut);
                MacData             mData  = bag.getMacData();
                DigestInfo          dInfo  = mData.getMac();
                AlgorithmIdentifier algId  = dInfo.getAlgorithmId();
                byte[] salt    = mData.getSalt();
                int    itCount = mData.getIterationCount().intValue();


                byte[] data = ((ASN1OctetString)info.getContent()).getOctets();

                    ASN1Encodable    parameters    = PBEUtil.generateAlgorithmParameters(algId.getObjectId(), mData.getSalt(), mData.getIterationCount().intValue());
                    CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, parameters);
                    Mac mac = (Mac)PBEUtil.createEngine(algId.getObjectId());


                    mac.update(data, 0, data.Length);

                    byte[] res = new byte[mac.getMacSize()];

                    mac.doFinal(res, 0);

                    byte[] dig = dInfo.getDigest();

                    if (res.Length != dig.Length)
                        throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");

                    for (int i = 0; i != res.Length; i++)
                        if (res[i] != dig[i])
                            throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
                catch (Exception e)
                    throw new Exception("error constructing MAC: " + e.Message);

            keys     = new Hashtable();
            localIds = new Hashtable();

            if (info.getContentType().Equals(PKCSObjectIdentifiers.data))
                bIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)info.getContent()).getOctets()));

                AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject());
                ContentInfo[]     c        = authSafe.getContentInfo();

                for (int i = 0; i != c.Length; i++)
                    if (c[i].getContentType().Equals(PKCSObjectIdentifiers.data))
                        ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)c[i].getContent()).getOctets()));
                        ASN1Sequence    seq = (ASN1Sequence)dIn.readObject();

                        for (int j = 0; j != seq.size(); j++)
                            SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
                            if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
                                EncryptedPrivateKeyInfo eIn      = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
                                PrivateKeyInfo          privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
                                AsymmetricKeyParameter  privKey  = PrivateKeyFactory.CreateKey(privInfo);

                                // set the attributes on the key
                                Hashtable          attributes = new Hashtable();
                                AsymmetricKeyEntry pkcs12Key  = new AsymmetricKeyEntry(privKey, attributes);
                                String             alias      = null;
                                ASN1OctetString    localId    = null;

                                if (b.getBagAttributes() != null)
                                    IEnumerator e = b.getBagAttributes().getObjects();
                                    while (e.MoveNext())
                                        ASN1Sequence        sq      = (ASN1Sequence)e.Current;
                                        DERObjectIdentifier aOid    = (DERObjectIdentifier)sq.getObjectAt(0);
                                        ASN1Set             attrSet = (ASN1Set)sq.getObjectAt(1);
                                        ASN1Encodable       attr    = null;

                                        if (attrSet.size() > 0)
                                            attr = attrSet.getObjectAt(0);

                                            attributes.Add(aOid.getId(), attr);

                                        if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
                                            alias = ((DERBMPString)attr).getString();
                                            keys.Add(alias, pkcs12Key);
                                        else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
                                            localId = (ASN1OctetString)attr;

                                if (localId != null)
                                    String name = byteArrayToString(Hex.encode(localId.getOctets()));

                                    if (alias == null)
                                        keys.Add(name, pkcs12Key);
                                        localIds.Add(alias, name);
                                    unmarkedKey = true;
                                    keys.Add("unmarked", privKey);
                            else if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
                                Console.WriteLine("extra " + b.getBagId());
                                Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
                    else if (c[i].getContentType().Equals(PKCSObjectIdentifiers.encryptedData))
                        EncryptedData d   = new EncryptedData((ASN1Sequence)c[i].getContent());
                        ASN1Sequence  seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password);

                        for (int j = 0; j != seq.size(); j++)
                            SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));

                            if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
                            else if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
                                EncryptedPrivateKeyInfo eIn      = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
                                PrivateKeyInfo          privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
                                AsymmetricKeyParameter  privKey  = PrivateKeyFactory.CreateKey(privInfo);

                                // set the attributes on the key
                                Hashtable          attributes = new Hashtable();
                                AsymmetricKeyEntry pkcs12Key  = new AsymmetricKeyEntry(privKey, attributes);
                                String             alias      = null;
                                ASN1OctetString    localId    = null;

                                IEnumerator e = b.getBagAttributes().getObjects();
                                while (e.MoveNext())
                                    ASN1Sequence        sq      = (ASN1Sequence)e.Current;
                                    DERObjectIdentifier aOid    = (DERObjectIdentifier)sq.getObjectAt(0);
                                    ASN1Set             attrSet = (ASN1Set)sq.getObjectAt(1);
                                    ASN1Encodable       attr    = null;

                                    if (attrSet.size() > 0)
                                        attr = attrSet.getObjectAt(0);

                                        attributes.Add(aOid.getId(), attr);

                                    if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
                                        alias = ((DERBMPString)attr).getString();
                                        keys.Add(alias, pkcs12Key);
                                    else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
                                        localId = (ASN1OctetString)attr;

                                String name = byteArrayToString(Hex.encode(localId.getOctets()));

                                if (alias == null)
                                    keys.Add(name, pkcs12Key);
                                    localIds.Add(alias, name);
                            else if (b.getBagId().Equals(PKCSObjectIdentifiers.keyBag))
                                PrivateKeyInfo         pIn     = PrivateKeyInfo.getInstance(b.getBagValue());
                                AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(pIn);

                                // set the attributes on the key
                                String             alias      = null;
                                ASN1OctetString    localId    = null;
                                Hashtable          attributes = new Hashtable();
                                AsymmetricKeyEntry pkcs12Key  = new AsymmetricKeyEntry(privKey, attributes);

                                IEnumerator e = b.getBagAttributes().getObjects();
                                while (e.MoveNext())
                                    ASN1Sequence        sq      = (ASN1Sequence)e.Current;
                                    DERObjectIdentifier aOid    = (DERObjectIdentifier)sq.getObjectAt(0);
                                    ASN1Set             attrSet = (ASN1Set)sq.getObjectAt(1);
                                    ASN1Encodable       attr    = null;

                                    if (attrSet.size() > 0)
                                        attr = attrSet.getObjectAt(0);

                                        attributes.Add(aOid.getId(), attr);

                                    if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
                                        alias = ((DERBMPString)attr).getString();
                                        keys.Add(alias, pkcs12Key);
                                    else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
                                        localId = (ASN1OctetString)attr;

                                String name = byteArrayToString(Hex.encode(localId.getOctets()));

                                if (alias == null)
                                    keys.Add(name, pkcs12Key);
                                    localIds.Add(alias, name);
                                Console.WriteLine("extra " + b.getBagId());
                                Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
                        Console.WriteLine("extra " + c[i].getContentType().getId());
                        Console.WriteLine("extra " + ASN1Dump.dumpAsString(c[i].getContent()));

            certs      = new Hashtable();
            chainCerts = new Hashtable();
            keyCerts   = new Hashtable();

            for (int i = 0; i != chain.Count; i++)
                SafeBag         b    = (SafeBag)chain[i];
                CertBag         cb   = new CertBag((ASN1Sequence)b.getBagValue());
                X509Certificate cert = new X509Certificate(((ASN1OctetString)cb.getCertValue()).getOctets());

                // set the attributes
                Hashtable            attributes = new Hashtable();
                X509CertificateEntry pkcs12cert = new X509CertificateEntry(cert, attributes);
                ASN1OctetString      localId    = null;
                String alias = null;

                if (b.getBagAttributes() != null)
                    IEnumerator e = b.getBagAttributes().getObjects();
                    while (e.MoveNext())
                        ASN1Sequence        sq      = (ASN1Sequence)e.Current;
                        DERObjectIdentifier aOid    = (DERObjectIdentifier)sq.getObjectAt(0);
                        ASN1Set             attrSet = (ASN1Set)sq.getObjectAt(1);

                        if (attrSet.size() > 0)
                            ASN1Encodable attr = attrSet.getObjectAt(0);

                            attributes.Add(aOid.getId(), attr);

                            if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
                                alias = ((DERBMPString)attr).getString();
                            else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
                                localId = (ASN1OctetString)attr;

                chainCerts.Add(new CertId(cert.getPublicKey()), pkcs12cert);

                if (unmarkedKey)
                    if (keyCerts.Count == 0)
                        String name = byteArrayToString(Hex.encode(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getPublicKey())).getKeyIdentifier()));

                        keyCerts.Add(name, pkcs12cert);
                        keys.Add(name, keys["unmarked"]);

                    if (alias == null)
                        if (localId != null)
                            String name = byteArrayToString(Hex.encode(localId.getOctets()));

                            keyCerts.Add(name, pkcs12cert);
                        certs.Add(alias, pkcs12cert);