public byte[] GetBytes()
{
ASN1 privateKeyAlgorithm = new ASN1(0x30);
privateKeyAlgorithm.Add(ASN1Convert.FromOid(_algorithm));
privateKeyAlgorithm.Add(new ASN1(0x05)); // ASN.1 NULL
ASN1 pki = new ASN1(0x30);
pki.Add(new ASN1(0x02, new byte [1] {
(byte)_version
}));
pki.Add(privateKeyAlgorithm);
pki.Add(new ASN1(0x04, _key));
if (_list.Count > 0)
{
ASN1 attributes = new ASN1(0xA0);
foreach (ASN1 attribute in _list)
{
attributes.Add(attribute);
}
pki.Add(attributes);
}
return(pki.GetBytes());
}
// Note: PKCS#8 doesn't define how to generate the key required for encryption
// so you're on your own. Just don't try to copy the big guys too much ;)
// Netscape: http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt
// Microsoft: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
public byte[] GetBytes()
{
if (_algorithm == null)
{
throw new CryptographicException("No algorithm OID specified");
}
ASN1 encryptionAlgorithm = new ASN1(0x30);
encryptionAlgorithm.Add(ASN1Convert.FromOid(_algorithm));
// parameters ANY DEFINED BY algorithm OPTIONAL
if ((_iterations > 0) || (_salt != null))
{
ASN1 salt = new ASN1(0x04, _salt);
ASN1 iterations = ASN1Convert.FromInt32(_iterations);
ASN1 parameters = new ASN1(0x30);
parameters.Add(salt);
parameters.Add(iterations);
encryptionAlgorithm.Add(parameters);
}
// encapsulates EncryptedData into an OCTET STRING
ASN1 encryptedData = new ASN1(0x04, _data);
ASN1 encryptedPrivateKeyInfo = new ASN1(0x30);
encryptedPrivateKeyInfo.Add(encryptionAlgorithm);
encryptedPrivateKeyInfo.Add(encryptedData);
return(encryptedPrivateKeyInfo.GetBytes());
}
internal ASN1 GetASN1(byte encoding)
{
byte encode = encoding;
if (encode == 0xFF)
{
encode = SelectBestEncoding();
}
ASN1 asn1 = new ASN1(0x30);
asn1.Add(ASN1Convert.FromOid(oid));
switch (encode)
{
case 0x13:
// PRINTABLESTRING
asn1.Add(new ASN1(0x13, Encoding.ASCII.GetBytes(attrValue)));
break;
case 0x16:
// IA5STRING
asn1.Add(new ASN1(0x16, Encoding.ASCII.GetBytes(attrValue)));
break;
case 0x1E:
// BMPSTRING
asn1.Add(new ASN1(0x1E, Encoding.BigEndianUnicode.GetBytes(attrValue)));
break;
}
return(asn1);
}
public X509Extension(ASN1 asn1)
{
if ((asn1.Tag != 0x30) || (asn1.Count < 2))
{
throw new ArgumentException(("Invalid X.509 extension."));
}
if (asn1[0].Tag != 0x06)
{
throw new ArgumentException(("Invalid X.509 extension."));
}
extnOid = ASN1Convert.ToOid(asn1[0]);
extnCritical = ((asn1[1].Tag == 0x01) && (asn1[1].Value[0] == 0xFF));
// last element is an octet string which may need to be decoded
extnValue = asn1 [asn1.Count - 1];
if ((extnValue.Tag == 0x04) && (extnValue.Length > 0) && (extnValue.Count == 0))
{
try {
ASN1 encapsulated = new ASN1(extnValue.Value);
extnValue.Value = null;
extnValue.Add(encapsulated);
}
catch {
// data isn't ASN.1
}
}
Decode();
}
public EnvelopedData(ASN1 asn1) : this()
{
if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 3))
{
throw new ArgumentException("Invalid EnvelopedData");
}
if (asn1[0][0].Tag != 0x02)
{
throw new ArgumentException("Invalid version");
}
_version = asn1[0][0].Value[0];
// recipientInfos
ASN1 recipientInfos = asn1 [0][1];
if (recipientInfos.Tag != 0x31)
{
throw new ArgumentException("missing RecipientInfos");
}
for (int i = 0; i < recipientInfos.Count; i++)
{
ASN1 recipientInfo = recipientInfos [i];
_recipientInfos.Add(new RecipientInfo(recipientInfo));
}
ASN1 encryptedContentInfo = asn1[0][2];
if (encryptedContentInfo.Tag != 0x30)
{
throw new ArgumentException("missing EncryptedContentInfo");
}
ASN1 contentType = encryptedContentInfo [0];
if (contentType.Tag != 0x06)
{
throw new ArgumentException("missing EncryptedContentInfo.ContentType");
}
_content = new ContentInfo(ASN1Convert.ToOid(contentType));
ASN1 contentEncryptionAlgorithm = encryptedContentInfo [1];
if (contentEncryptionAlgorithm.Tag != 0x30)
{
throw new ArgumentException("missing EncryptedContentInfo.ContentEncryptionAlgorithmIdentifier");
}
_encryptionAlgorithm = new ContentInfo(ASN1Convert.ToOid(contentEncryptionAlgorithm [0]));
_encryptionAlgorithm.Content = contentEncryptionAlgorithm [1];
ASN1 encryptedContent = encryptedContentInfo [2];
if (encryptedContent.Tag != 0x80)
{
throw new ArgumentException("missing EncryptedContentInfo.EncryptedContent");
}
_encrypted = encryptedContent.Value;
}
protected override ASN1 ToBeSigned(string oid)
{
// TBSCertificate
ASN1 tbsCert = new ASN1(0x30);
if (version > 1)
{
// TBSCertificate / [0] Version DEFAULT v1,
byte[] ver = { (byte)(version - 1) };
ASN1 v = tbsCert.Add(new ASN1(0xA0));
v.Add(new ASN1(0x02, ver));
}
// TBSCertificate / CertificateSerialNumber,
tbsCert.Add(new ASN1(0x02, sn));
// TBSCertificate / AlgorithmIdentifier,
tbsCert.Add(PKCS7.AlgorithmIdentifier(oid));
// TBSCertificate / Name
tbsCert.Add(X501.FromString(issuer));
// TBSCertificate / Validity
ASN1 validity = tbsCert.Add(new ASN1(0x30));
// TBSCertificate / Validity / Time
validity.Add(ASN1Convert.FromDateTime(notBefore));
// TBSCertificate / Validity / Time
validity.Add(ASN1Convert.FromDateTime(notAfter));
// TBSCertificate / Name
tbsCert.Add(X501.FromString(subject));
// TBSCertificate / SubjectPublicKeyInfo
tbsCert.Add(SubjectPublicKeyInfo());
if (version > 1)
{
// TBSCertificate / [1] IMPLICIT UniqueIdentifier OPTIONAL
if (issuerUniqueID != null)
{
tbsCert.Add(new ASN1(0xA1, UniqueIdentifier(issuerUniqueID)));
}
// TBSCertificate / [2] IMPLICIT UniqueIdentifier OPTIONAL
if (subjectUniqueID != null)
{
tbsCert.Add(new ASN1(0xA1, UniqueIdentifier(subjectUniqueID)));
}
// TBSCertificate / [3] Extensions OPTIONAL
if ((version > 2) && (extensions.Count > 0))
{
tbsCert.Add(new ASN1(0xA3, extensions.GetBytes()));
}
}
return(tbsCert);
}
static public ASN1 AlgorithmIdentifier(string oid)
{
ASN1 ai = new ASN1(0x30);
ai.Add(ASN1Convert.FromOid(oid));
ai.Add(new ASN1(0x05)); // NULL
return(ai);
}
static public ASN1 AlgorithmIdentifier(string oid, ASN1 parameters)
{
ASN1 ai = new ASN1(0x30);
ai.Add(ASN1Convert.FromOid(oid));
ai.Add(parameters);
return(ai);
}
static private bool IsOid(string oid)
{
try {
ASN1 asn = ASN1Convert.FromOid(oid);
return(asn.Tag == 0x06);
}
catch {
return(false);
}
}
static public ASN1 Attribute(string oid, ASN1 value)
{
ASN1 attr = new ASN1(0x30);
attr.Add(ASN1Convert.FromOid(oid));
ASN1 aset = attr.Add(new ASN1(0x31));
aset.Add(value);
return(attr);
}
// methods
private void Decode(byte[] data)
{
ASN1 encryptedPrivateKeyInfo = new ASN1(data);
if (encryptedPrivateKeyInfo.Tag != 0x30)
{
throw new CryptographicException("invalid EncryptedPrivateKeyInfo");
}
ASN1 encryptionAlgorithm = encryptedPrivateKeyInfo [0];
if (encryptionAlgorithm.Tag != 0x30)
{
throw new CryptographicException("invalid encryptionAlgorithm");
}
ASN1 algorithm = encryptionAlgorithm [0];
if (algorithm.Tag != 0x06)
{
throw new CryptographicException("invalid algorithm");
}
_algorithm = ASN1Convert.ToOid(algorithm);
// parameters ANY DEFINED BY algorithm OPTIONAL
if (encryptionAlgorithm.Count > 1)
{
ASN1 parameters = encryptionAlgorithm [1];
if (parameters.Tag != 0x30)
{
throw new CryptographicException("invalid parameters");
}
ASN1 salt = parameters [0];
if (salt.Tag != 0x04)
{
throw new CryptographicException("invalid salt");
}
_salt = salt.Value;
ASN1 iterationCount = parameters [1];
if (iterationCount.Tag != 0x02)
{
throw new CryptographicException("invalid iterationCount");
}
_iterations = ASN1Convert.ToInt32(iterationCount);
}
ASN1 encryptedData = encryptedPrivateKeyInfo [1];
if (encryptedData.Tag != 0x04)
{
throw new CryptographicException("invalid EncryptedData");
}
_data = encryptedData.Value;
}
internal ASN1 GetASN1()
{
// ContentInfo ::= SEQUENCE {
ASN1 contentInfo = new ASN1(0x30);
// contentType ContentType, -> ContentType ::= OBJECT IDENTIFIER
contentInfo.Add(ASN1Convert.FromOid(contentType));
// content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
if ((content != null) && (content.Count > 0))
{
contentInfo.Add(content);
}
return(contentInfo);
}
// methods
private void Decode(byte[] data)
{
ASN1 privateKeyInfo = new ASN1(data);
if (privateKeyInfo.Tag != 0x30)
{
throw new CryptographicException("invalid PrivateKeyInfo");
}
ASN1 version = privateKeyInfo [0];
if (version.Tag != 0x02)
{
throw new CryptographicException("invalid version");
}
_version = version.Value [0];
ASN1 privateKeyAlgorithm = privateKeyInfo [1];
if (privateKeyAlgorithm.Tag != 0x30)
{
throw new CryptographicException("invalid algorithm");
}
ASN1 algorithm = privateKeyAlgorithm [0];
if (algorithm.Tag != 0x06)
{
throw new CryptographicException("missing algorithm OID");
}
_algorithm = ASN1Convert.ToOid(algorithm);
ASN1 privateKey = privateKeyInfo [2];
_key = privateKey.Value;
// attributes [0] IMPLICIT Attributes OPTIONAL
if (privateKeyInfo.Count > 3)
{
ASN1 attributes = privateKeyInfo [3];
for (int i = 0; i < attributes.Count; i++)
{
_list.Add(attributes [i]);
}
}
}
public EncryptedData(ASN1 asn1) : this()
{
if ((asn1.Tag != 0x30) || (asn1.Count < 2))
{
throw new ArgumentException("Invalid EncryptedData");
}
if (asn1 [0].Tag != 0x02)
{
throw new ArgumentException("Invalid version");
}
_version = asn1 [0].Value [0];
ASN1 encryptedContentInfo = asn1 [1];
if (encryptedContentInfo.Tag != 0x30)
{
throw new ArgumentException("missing EncryptedContentInfo");
}
ASN1 contentType = encryptedContentInfo [0];
if (contentType.Tag != 0x06)
{
throw new ArgumentException("missing EncryptedContentInfo.ContentType");
}
_content = new ContentInfo(ASN1Convert.ToOid(contentType));
ASN1 contentEncryptionAlgorithm = encryptedContentInfo [1];
if (contentEncryptionAlgorithm.Tag != 0x30)
{
throw new ArgumentException("missing EncryptedContentInfo.ContentEncryptionAlgorithmIdentifier");
}
_encryptionAlgorithm = new ContentInfo(ASN1Convert.ToOid(contentEncryptionAlgorithm [0]));
_encryptionAlgorithm.Content = contentEncryptionAlgorithm [1];
ASN1 encryptedContent = encryptedContentInfo [2];
if (encryptedContent.Tag != 0x80)
{
throw new ArgumentException("missing EncryptedContentInfo.EncryptedContent");
}
_encrypted = encryptedContent.Value;
}
/* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
private ASN1 SubjectPublicKeyInfo()
{
ASN1 keyInfo = new ASN1(0x30);
if (aa is RSA)
{
keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.113549.1.1.1"));
RSAParameters p = (aa as RSA).ExportParameters(false);
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
ASN1 key = new ASN1(0x30);
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Modulus));
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Exponent));
keyInfo.Add(new ASN1(UniqueIdentifier(key.GetBytes())));
}
else if (aa is DSA)
{
DSAParameters p = (aa as DSA).ExportParameters(false);
/* Dss-Parms ::= SEQUENCE {
* p INTEGER,
* q INTEGER,
* g INTEGER }
*/
ASN1 param = new ASN1(0x30);
param.Add(ASN1Convert.FromUnsignedBigInteger(p.P));
param.Add(ASN1Convert.FromUnsignedBigInteger(p.Q));
param.Add(ASN1Convert.FromUnsignedBigInteger(p.G));
keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.10040.4.1", param));
ASN1 key = keyInfo.Add(new ASN1(0x03));
// DSAPublicKey ::= INTEGER -- public key, y
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Y));
}
else
{
throw new NotSupportedException("Unknown Asymmetric Algorithm " + aa.ToString());
}
return(keyInfo);
}
/*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
static public byte[] Encode(RSA rsa)
{
RSAParameters param = rsa.ExportParameters(true);
ASN1 rsaPrivateKey = new ASN1(0x30);
rsaPrivateKey.Add(new ASN1(0x02, new byte [1] {
0x00
}));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Modulus));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Exponent));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.D));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.P));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Q));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DP));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DQ));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.InverseQ));
return(rsaPrivateKey.GetBytes());
}
public ContentInfo(ASN1 asn1)
{
// SEQUENCE with 1 or 2 elements
if ((asn1.Tag != 0x30) || ((asn1.Count < 1) && (asn1.Count > 2)))
{
throw new ArgumentException("Invalid ASN1");
}
if (asn1[0].Tag != 0x06)
{
throw new ArgumentException("Invalid contentType");
}
contentType = ASN1Convert.ToOid(asn1[0]);
if (asn1.Count > 1)
{
if (asn1[1].Tag != 0xA0)
{
throw new ArgumentException("Invalid content");
}
content = asn1[1];
}
}
public RecipientInfo(ASN1 data)
{
if (data.Tag != 0x30)
{
throw new ArgumentException("Invalid RecipientInfo");
}
ASN1 version = data [0];
if (version.Tag != 0x02)
{
throw new ArgumentException("missing Version");
}
_version = version.Value [0];
// issuerAndSerialNumber IssuerAndSerialNumber
ASN1 subjectIdentifierType = data [1];
if ((subjectIdentifierType.Tag == 0x80) && (_version == 3))
{
_ski = subjectIdentifierType.Value;
}
else
{
_issuer = X501.ToString(subjectIdentifierType [0]);
_serial = subjectIdentifierType [1].Value;
}
ASN1 keyEncryptionAlgorithm = data [2];
_oid = ASN1Convert.ToOid(keyEncryptionAlgorithm [0]);
ASN1 encryptedKey = data [3];
_key = encryptedKey.Value;
}
// TODO: INCOMPLETE
public SignerInfo(ASN1 asn1) : this()
{
if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 5))
{
throw new ArgumentException("Invalid SignedData");
}
// version Version
if (asn1[0][0].Tag != 0x02)
{
throw new ArgumentException("Invalid version");
}
version = asn1[0][0].Value[0];
// issuerAndSerialNumber IssuerAndSerialNumber
ASN1 subjectIdentifierType = asn1 [0][1];
if ((subjectIdentifierType.Tag == 0x80) && (version == 3))
{
ski = subjectIdentifierType.Value;
}
else
{
issuer = X501.ToString(subjectIdentifierType [0]);
serial = subjectIdentifierType [1].Value;
}
// digestAlgorithm DigestAlgorithmIdentifier
ASN1 digestAlgorithm = asn1 [0][2];
hashAlgorithm = ASN1Convert.ToOid(digestAlgorithm [0]);
// authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL
int n = 3;
ASN1 authAttributes = asn1 [0][n];
if (authAttributes.Tag == 0xA0)
{
n++;
for (int i = 0; i < authAttributes.Count; i++)
{
authenticatedAttributes.Add(authAttributes [i]);
}
}
// digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier
n++;
// ASN1 digestEncryptionAlgorithm = asn1 [0][n++];
// string digestEncryptionAlgorithmOid = ASN1Convert.ToOid (digestEncryptionAlgorithm [0]);
// encryptedDigest EncryptedDigest
ASN1 encryptedDigest = asn1 [0][n++];
if (encryptedDigest.Tag == 0x04)
{
signature = encryptedDigest.Value;
}
// unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
ASN1 unauthAttributes = asn1 [0][n];
if ((unauthAttributes != null) && (unauthAttributes.Tag == 0xA1))
{
for (int i = 0; i < unauthAttributes.Count; i++)
{
unauthenticatedAttributes.Add(unauthAttributes [i]);
}
}
}
static public byte[] Encode(DSA dsa)
{
DSAParameters param = dsa.ExportParameters(true);
return(ASN1Convert.FromUnsignedBigInteger(param.X).GetBytes());
}
// that's were the real job is!
private void Parse(byte[] data)
{
try {
decoder = new ASN1(data);
// Certificate
if (decoder.Tag != 0x30)
{
throw new CryptographicException(encoding_error);
}
// Certificate / TBSCertificate
if (decoder [0].Tag != 0x30)
{
throw new CryptographicException(encoding_error);
}
ASN1 tbsCertificate = decoder [0];
int tbs = 0;
// Certificate / TBSCertificate / Version
ASN1 v = decoder [0][tbs];
version = 1; // DEFAULT v1
if ((v.Tag == 0xA0) && (v.Count > 0))
{
// version (optional) is present only in v2+ certs
version += v [0].Value [0]; // zero based
tbs++;
}
// Certificate / TBSCertificate / CertificateSerialNumber
ASN1 sn = decoder [0][tbs++];
if (sn.Tag != 0x02)
{
throw new CryptographicException(encoding_error);
}
serialnumber = sn.Value;
Array.Reverse(serialnumber, 0, serialnumber.Length);
// Certificate / TBSCertificate / AlgorithmIdentifier
tbs++;
// ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
issuer = tbsCertificate.Element(tbs++, 0x30);
m_issuername = X501.ToString(issuer);
ASN1 validity = tbsCertificate.Element(tbs++, 0x30);
ASN1 notBefore = validity [0];
m_from = ASN1Convert.ToDateTime(notBefore);
ASN1 notAfter = validity [1];
m_until = ASN1Convert.ToDateTime(notAfter);
subject = tbsCertificate.Element(tbs++, 0x30);
m_subject = X501.ToString(subject);
ASN1 subjectPublicKeyInfo = tbsCertificate.Element(tbs++, 0x30);
ASN1 algorithm = subjectPublicKeyInfo.Element(0, 0x30);
ASN1 algo = algorithm.Element(0, 0x06);
m_keyalgo = ASN1Convert.ToOid(algo);
// parameters ANY DEFINED BY algorithm OPTIONAL
// so we dont ask for a specific (Element) type and return DER
ASN1 parameters = algorithm [1];
m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes() : null);
ASN1 subjectPublicKey = subjectPublicKeyInfo.Element(1, 0x03);
// we must drop th first byte (which is the number of unused bits
// in the BITSTRING)
int n = subjectPublicKey.Length - 1;
m_publickey = new byte [n];
Buffer.BlockCopy(subjectPublicKey.Value, 1, m_publickey, 0, n);
// signature processing
byte[] bitstring = decoder [2].Value;
// first byte contains unused bits in first byte
signature = new byte [bitstring.Length - 1];
Buffer.BlockCopy(bitstring, 1, signature, 0, signature.Length);
algorithm = decoder [1];
algo = algorithm.Element(0, 0x06);
m_signaturealgo = ASN1Convert.ToOid(algo);
parameters = algorithm [1];
if (parameters != null)
{
m_signaturealgoparams = parameters.GetBytes();
}
else
{
m_signaturealgoparams = null;
}
// Certificate / TBSCertificate / issuerUniqueID
ASN1 issuerUID = tbsCertificate.Element(tbs, 0x81);
if (issuerUID != null)
{
tbs++;
issuerUniqueID = issuerUID.Value;
}
// Certificate / TBSCertificate / subjectUniqueID
ASN1 subjectUID = tbsCertificate.Element(tbs, 0x82);
if (subjectUID != null)
{
tbs++;
subjectUniqueID = subjectUID.Value;
}
// Certificate / TBSCertificate / Extensions
ASN1 extns = tbsCertificate.Element(tbs, 0xA3);
if ((extns != null) && (extns.Count == 1))
{
extensions = new X509ExtensionCollection(extns [0]);
}
else
{
extensions = new X509ExtensionCollection(null);
}
// keep a copy of the original data
m_encodedcert = (byte[])data.Clone();
}
catch (Exception ex) {
throw new CryptographicException(encoding_error, ex);
}
}
static private void AppendEntry(StringBuilder sb, ASN1 entry, bool quotes)
{
// multiple entries are valid
for (int k = 0; k < entry.Count; k++)
{
ASN1 pair = entry [k];
ASN1 s = pair [1];
if (s == null)
{
continue;
}
ASN1 poid = pair [0];
if (poid == null)
{
continue;
}
if (poid.CompareValue(countryName))
{
sb.Append("C=");
}
else if (poid.CompareValue(organizationName))
{
sb.Append("O=");
}
else if (poid.CompareValue(organizationalUnitName))
{
sb.Append("OU=");
}
else if (poid.CompareValue(commonName))
{
sb.Append("CN=");
}
else if (poid.CompareValue(localityName))
{
sb.Append("L=");
}
else if (poid.CompareValue(stateOrProvinceName))
{
sb.Append("S="); // NOTE: RFC2253 uses ST=
}
else if (poid.CompareValue(streetAddress))
{
sb.Append("STREET=");
}
else if (poid.CompareValue(domainComponent))
{
sb.Append("DC=");
}
else if (poid.CompareValue(userid))
{
sb.Append("UID=");
}
else if (poid.CompareValue(email))
{
sb.Append("E="); // NOTE: Not part of RFC2253
}
else if (poid.CompareValue(dnQualifier))
{
sb.Append("dnQualifier=");
}
else if (poid.CompareValue(title))
{
sb.Append("T=");
}
else if (poid.CompareValue(surname))
{
sb.Append("SN=");
}
else if (poid.CompareValue(givenName))
{
sb.Append("G=");
}
else if (poid.CompareValue(initial))
{
sb.Append("I=");
}
else
{
// unknown OID
sb.Append("OID."); // NOTE: Not present as RFC2253
sb.Append(ASN1Convert.ToOid(poid));
sb.Append("=");
}
string sValue = null;
// 16bits or 8bits string ? TODO not complete (+special chars!)
if (s.Tag == 0x1E)
{
// BMPSTRING
StringBuilder sb2 = new StringBuilder();
for (int j = 1; j < s.Value.Length; j += 2)
{
sb2.Append((char)s.Value[j]);
}
sValue = sb2.ToString();
}
else
{
if (s.Tag == 0x14)
{
sValue = Encoding.UTF7.GetString(s.Value);
}
else
{
sValue = Encoding.UTF8.GetString(s.Value);
}
// in some cases we must quote (") the value
// Note: this doesn't seems to conform to RFC2253
char[] specials = { ',', '+', '"', '\\', '<', '>', ';' };
if (quotes)
{
if ((sValue.IndexOfAny(specials, 0, sValue.Length) > 0) ||
sValue.StartsWith(" ") || (sValue.EndsWith(" ")))
{
sValue = "\"" + sValue + "\"";
}
}
}
sb.Append(sValue);
// separator (not on last iteration)
if (k < entry.Count - 1)
{
sb.Append(", ");
}
}
}