public CompressedDataParser(
Asn1SequenceParser seq)
{
this._version = (DerInteger)seq.ReadObject();
this._compressionAlgorithm = AlgorithmIdentifier.GetInstance(seq.ReadObject().ToAsn1Object());
this._encapContentInfo = new ContentInfoParser((Asn1SequenceParser)seq.ReadObject());
}
public EncryptedPrivateKeyInfo(
AlgorithmIdentifier algId,
byte[] encoding)
{
this.algId = algId;
this.data = new DerOctetString(encoding);
}
public EncryptedContentInfoParser(
Asn1SequenceParser seq)
{
_contentType = (DerObjectIdentifier)seq.ReadObject();
_contentEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(seq.ReadObject().ToAsn1Object());
_encryptedContent = (Asn1TaggedObjectParser)seq.ReadObject();
}
public OriginatorPublicKey(
AlgorithmIdentifier algorithm,
byte[] publicKey)
{
this.algorithm = algorithm;
this.publicKey = new DerBitString(publicKey);
}
public CmsAuthEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthEnvelopedData authEnvData = AuthEnvelopedData.GetInstance(contentInfo.Content);
this.originator = authEnvData.OriginatorInfo;
//
// read the recipients
//
Asn1Set recipientInfos = authEnvData.RecipientInfos;
//
// read the auth-encrypted content info
//
EncryptedContentInfo authEncInfo = authEnvData.AuthEncryptedContentInfo;
this.authEncAlg = authEncInfo.ContentEncryptionAlgorithm;
CmsSecureReadable secureReadable = new AuthEnvelopedSecureReadable(this);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
// FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data)
this.authAttrs = authEnvData.AuthAttrs;
this.mac = authEnvData.Mac.GetOctets();
this.unauthAttrs = authEnvData.UnauthAttrs;
}
private EncryptedValue(Asn1Sequence seq)
{
int index = 0;
while (seq[index] is Asn1TaggedObject)
{
Asn1TaggedObject tObj = (Asn1TaggedObject)seq[index];
switch (tObj.TagNo)
{
case 0:
intendedAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 1:
symmAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 2:
encSymmKey = DerBitString.GetInstance(tObj, false);
break;
case 3:
keyAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 4:
valueHint = Asn1OctetString.GetInstance(tObj, false);
break;
}
++index;
}
encValue = DerBitString.GetInstance(seq[index]);
}
public TimeStampRequest Generate(
string digestAlgorithmOid,
byte[] digest,
BigInteger nonce)
{
if (digestAlgorithmOid == null)
{
throw new ArgumentException("No digest algorithm specified");
}
DerObjectIdentifier digestAlgOid = new DerObjectIdentifier(digestAlgorithmOid);
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOid, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(algID, digest);
X509Extensions ext = null;
if (extOrdering.Count != 0)
{
ext = new X509Extensions(extOrdering, extensions);
}
DerInteger derNonce = nonce == null
? null
: new DerInteger(nonce);
return new TimeStampRequest(
new TimeStampReq(messageImprint, reqPolicy, derNonce, certReq, ext));
}
public override void PerformTest()
{
AlgorithmIdentifier algId = new AlgorithmIdentifier(new DerObjectIdentifier("1.2.2.3"));
byte[] digest = new byte[20];
OtherHash otherHash = new OtherHash(
new OtherHashAlgAndValue(algId, digest));
OtherCertID otherCertID = new OtherCertID(otherHash);
OtherSigningCertificate otherCert = new OtherSigningCertificate(otherCertID);
checkConstruction(otherCert, otherCertID);
otherCert = OtherSigningCertificate.GetInstance(null);
if (otherCert != null)
{
Fail("null GetInstance() failed.");
}
try
{
OtherCertID.GetInstance(new Object());
Fail("GetInstance() failed to detect bad object.");
}
catch (ArgumentException)
{
// expected
}
}
private PrivateKeyInfo(
Asn1Sequence seq)
{
IEnumerator e = seq.GetEnumerator();
e.MoveNext();
IBigInteger version = ((DerInteger) e.Current).Value;
if (version.IntValue != 0)
{
throw new ArgumentException("wrong version for private key info");
}
e.MoveNext();
algID = AlgorithmIdentifier.GetInstance(e.Current);
try
{
e.MoveNext();
Asn1OctetString data = (Asn1OctetString) e.Current;
privKey = Asn1Object.FromByteArray(data.GetOctets());
}
catch (IOException)
{
throw new ArgumentException("Error recoverying private key from sequence");
}
if (e.MoveNext())
{
attributes = Asn1Set.GetInstance((Asn1TaggedObject) e.Current, false);
}
}
public CmsAuthenticatedDataParser(
Stream envelopedData)
: base(envelopedData)
{
this.authAttrNotRead = true;
this.authData = new AuthenticatedDataParser(
(Asn1SequenceParser)contentInfo.GetContent(Asn1Tags.Sequence));
// TODO Validate version?
//DerInteger version = this.authData.getVersion();
//
// read the recipients
//
Asn1Set recipientInfos = Asn1Set.GetInstance(authData.GetRecipientInfos().ToAsn1Object());
this.macAlg = authData.GetMacAlgorithm();
//
// read the authenticated content info
//
ContentInfoParser data = authData.GetEnapsulatedContentInfo();
CmsReadable readable = new CmsProcessableInputStream(
((Asn1OctetStringParser)data.GetContent(Asn1Tags.OctetString)).GetOctetStream());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsAuthenticatedSecureReadable(
this.macAlg, readable);
//
// build the RecipientInformationStore
//
this._recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
}
public CmsEnvelopedDataParser(
Stream envelopedData)
: base(envelopedData)
{
this._attrNotRead = true;
this.envelopedData = new EnvelopedDataParser(
(Asn1SequenceParser)this.contentInfo.GetContent(Asn1Tags.Sequence));
// TODO Validate version?
//DerInteger version = this.envelopedData.Version;
//
// read the recipients
//
Asn1Set recipientInfos = Asn1Set.GetInstance(this.envelopedData.GetRecipientInfos().ToAsn1Object());
//
// read the encrypted content info
//
EncryptedContentInfoParser encInfo = this.envelopedData.GetEncryptedContentInfo();
this._encAlg = encInfo.ContentEncryptionAlgorithm;
CmsReadable readable = new CmsProcessableInputStream(
((Asn1OctetStringParser)encInfo.GetEncryptedContent(Asn1Tags.OctetString)).GetOctetStream());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsEnvelopedSecureReadable(
this._encAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
}
private EssCertIDv2(
Asn1Sequence seq)
{
if (seq.Count != 2 && seq.Count != 3)
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
int count = 0;
if (seq[0] is Asn1OctetString)
{
// Default value
this.hashAlgorithm = DefaultAlgID;
}
else
{
this.hashAlgorithm = AlgorithmIdentifier.GetInstance(seq[count++].ToAsn1Object());
}
this.certHash = Asn1OctetString.GetInstance(seq[count++].ToAsn1Object()).GetOctets();
if (seq.Count > count)
{
this.issuerSerial = IssuerSerial.GetInstance(
Asn1Sequence.GetInstance(seq[count].ToAsn1Object()));
}
}
private LdsSecurityObject(
Asn1Sequence seq)
{
if (seq == null || seq.Count == 0)
throw new ArgumentException("null or empty sequence passed.");
IEnumerator e = seq.GetEnumerator();
// version
e.MoveNext();
version = DerInteger.GetInstance(e.Current);
// digestAlgorithmIdentifier
e.MoveNext();
digestAlgorithmIdentifier = AlgorithmIdentifier.GetInstance(e.Current);
e.MoveNext();
Asn1Sequence datagroupHashSeq = Asn1Sequence.GetInstance(e.Current);
if (version.Value.Equals(BigInteger.One))
{
e.MoveNext();
versionInfo = LdsVersionInfo.GetInstance(e.Current);
}
CheckDatagroupHashSeqSize(datagroupHashSeq.Count);
datagroupHash = new DataGroupHash[datagroupHashSeq.Count];
for (int i= 0; i< datagroupHashSeq.Count; i++)
{
datagroupHash[i] = DataGroupHash.GetInstance(datagroupHashSeq[i]);
}
}
public RsaDigestSigner(
IDigest digest)
{
this.digest = digest;
algId = new AlgorithmIdentifier( (DerObjectIdentifier)oidMap[digest.AlgorithmName] , DerNull.Instance);
}
// private new AlgorithmIdentifier _encAlg;
public KeyTransRecipientInformation(
KeyTransRecipientInfo info,
AlgorithmIdentifier encAlg,
Stream data)
: base(encAlg, AlgorithmIdentifier.GetInstance(info.KeyEncryptionAlgorithm), data)
{
this._info = info;
// this._encAlg = encAlg;
this._rid = new RecipientID();
RecipientIdentifier r = info.RecipientIdentifier;
try
{
if (r.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(r.ID);
_rid.SubjectKeyIdentifier = octs.GetOctets();
}
else
{
IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID);
_rid.Issuer = iAnds.Name;
_rid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid rid in KeyTransRecipientInformation");
}
}
public CmsEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
EnvelopedData envData = EnvelopedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = envData.RecipientInfos;
//
// read the encrypted content info
//
EncryptedContentInfo encInfo = envData.EncryptedContentInfo;
this.encAlg = encInfo.ContentEncryptionAlgorithm;
CmsReadable readable = new CmsProcessableByteArray(encInfo.EncryptedContent.GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsEnvelopedSecureReadable(
this.encAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.unprotectedAttributes = envData.UnprotectedAttrs;
}
internal RecipientInformation(
AlgorithmIdentifier keyEncAlg,
CmsSecureReadable secureReadable)
{
this.keyEncAlg = keyEncAlg;
this.secureReadable = secureReadable;
}
public AuthenticatedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
AlgorithmIdentifier macAlgorithm,
AlgorithmIdentifier digestAlgorithm,
ContentInfo encapsulatedContent,
Asn1Set authAttrs,
Asn1OctetString mac,
Asn1Set unauthAttrs)
{
if (digestAlgorithm != null || authAttrs != null)
{
if (digestAlgorithm == null || authAttrs == null)
{
throw new ArgumentException("digestAlgorithm and authAttrs must be set together");
}
}
version = new DerInteger(CalculateVersion(originatorInfo));
this.originatorInfo = originatorInfo;
this.macAlgorithm = macAlgorithm;
this.digestAlgorithm = digestAlgorithm;
this.recipientInfos = recipientInfos;
this.encapsulatedContentInfo = encapsulatedContent;
this.authAttrs = authAttrs;
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
/**
* Generate an object that contains an CMS Compressed Data
*/
public CmsCompressedData Generate(
CmsProcessable content,
string compressionOid)
{
AlgorithmIdentifier comAlgId;
Asn1OctetString comOcts;
try
{
MemoryStream bOut = new MemoryStream();
ZOutputStream zOut = new ZOutputStream(bOut, JZlib.Z_DEFAULT_COMPRESSION);
content.Write(zOut);
zOut.Dispose();
comAlgId = new AlgorithmIdentifier(new DerObjectIdentifier(compressionOid));
comOcts = new BerOctetString(bOut.ToArray());
}
catch (IOException e)
{
throw new CmsException("exception encoding data.", e);
}
ContentInfo comContent = new ContentInfo(CmsObjectIdentifiers.Data, comOcts);
ContentInfo contentInfo = new ContentInfo(
CmsObjectIdentifiers.CompressedData,
new CompressedData(comAlgId, comContent));
return new CmsCompressedData(contentInfo);
}
public CompressedData(
Asn1Sequence seq)
{
this.version = (DerInteger) seq[0];
this.compressionAlgorithm = AlgorithmIdentifier.GetInstance(seq[1]);
this.encapContentInfo = ContentInfo.GetInstance(seq[2]);
}
public SubjectPublicKeyInfo(
AlgorithmIdentifier algID,
Asn1Encodable publicKey)
{
this.keyData = new DerBitString(publicKey);
this.algID = algID;
}
public SubjectPublicKeyInfo(
AlgorithmIdentifier algID,
byte[] publicKey)
{
this.keyData = new DerBitString(publicKey);
this.algID = algID;
}
/**
* The default version
*/
public RsassaPssParameters()
{
hashAlgorithm = DefaultHashAlgorithm;
maskGenAlgorithm = DefaultMaskGenFunction;
saltLength = DefaultSaltLength;
trailerField = DefaultTrailerField;
}
public RsassaPssParameters(
Asn1Sequence seq)
{
hashAlgorithm = DefaultHashAlgorithm;
maskGenAlgorithm = DefaultMaskGenFunction;
saltLength = DefaultSaltLength;
trailerField = DefaultTrailerField;
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject o = (Asn1TaggedObject)seq[i];
switch (o.TagNo)
{
case 0:
hashAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 1:
maskGenAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 2:
saltLength = DerInteger.GetInstance(o, true);
break;
case 3:
trailerField = DerInteger.GetInstance(o, true);
break;
default:
throw new ArgumentException("unknown tag");
}
}
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
string rfc3211WrapperName = Helper.GetRfc3211WrapperName(keyEncryptionKeyOID);
IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName);
// Note: In Java build, the IV is automatically generated in JCE layer
int ivLength = Platform.StartsWith(rfc3211WrapperName, "DESEDE") ? 8 : 16;
byte[] iv = new byte[ivLength];
random.NextBytes(iv);
ICipherParameters parameters = new ParametersWithIV(keyEncryptionKey, iv);
keyWrapper.Init(true, new ParametersWithRandom(parameters, random));
Asn1OctetString encryptedKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
DerSequence seq = new DerSequence(
new DerObjectIdentifier(keyEncryptionKeyOID),
new DerOctetString(iv));
AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(
PkcsObjectIdentifiers.IdAlgPwriKek, seq);
return new RecipientInfo(new PasswordRecipientInfo(
keyDerivationAlgorithm, keyEncryptionAlgorithm, encryptedKey));
}
public RsaesOaepParameters(
Asn1Sequence seq)
{
hashAlgorithm = DefaultHashAlgorithm;
maskGenAlgorithm = DefaultMaskGenFunction;
pSourceAlgorithm = DefaultPSourceAlgorithm;
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject o = (Asn1TaggedObject)seq[i];
switch (o.TagNo)
{
case 0:
hashAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 1:
maskGenAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 2:
pSourceAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
default:
throw new ArgumentException("unknown tag");
}
}
}
/**
* Creates a new PKMACValue.
* @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter
* @param value MAC of the DER-encoded SubjectPublicKeyInfo
*/
public PKMacValue(
AlgorithmIdentifier algID,
DerBitString macValue)
{
this.algID = algID;
this.macValue = macValue;
}
public DigestInfo(
AlgorithmIdentifier algID,
byte[] digest)
{
this.digest = digest;
this.algID = algID;
}
private PbmParameter(Asn1Sequence seq)
{
salt = Asn1OctetString.GetInstance(seq[0]);
owf = AlgorithmIdentifier.GetInstance(seq[1]);
iterationCount = DerInteger.GetInstance(seq[2]);
mac = AlgorithmIdentifier.GetInstance(seq[3]);
}
public MessageImprint(
AlgorithmIdentifier hashAlgorithm,
byte[] hashedMessage)
{
this.hashAlgorithm = hashAlgorithm;
this.hashedMessage = hashedMessage;
}
/// <summary>
/// Creates PKCS#1 DigestInfo
/// </summary>
/// <param name="digest">Hash value</param>
/// <param name="digestOid">Hash algorithm OID</param>
/// <returns>DER encoded PKCS#1 DigestInfo</returns>
private static byte[] CreateDigestInfo(byte[] digest, string digestOid)
{
var derObjectIdentifier = new DerObjectIdentifier(digestOid);
var algorithmIdentifier = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(derObjectIdentifier, null);
DigestInfo digestInfo = new DigestInfo(algorithmIdentifier, digest);
return(digestInfo.GetDerEncoded());
}
public CmsReadable GetReadable(
KeyParameter sKey,
Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algorithm,
CmsProcessableByteArray readable)
{
IBufferedCipher cipher;
try
{
cipher = CipherUtilities.GetCipher(algorithm.Algorithm);
var asn1Enc = algorithm.Parameters;
var asn1Params = asn1Enc == null ? null : asn1Enc.ToAsn1Object();
ICipherParameters cipherParameters = sKey;
if (asn1Params != null && !(asn1Params is Asn1Null))
{
cipherParameters = ParameterUtilities.GetCipherParameters(
algorithm.Algorithm, cipherParameters, asn1Params);
}
else
{
string alg = algorithm.Algorithm.Id;
if (alg.Equals(CmsEnvelopedGenerator.DesEde3Cbc) ||
alg.Equals(CmsEnvelopedGenerator.IdeaCbc) ||
alg.Equals(CmsEnvelopedGenerator.Cast5Cbc))
{
cipherParameters = new ParametersWithIV(cipherParameters, new byte[8]);
}
}
cipher.Init(false, cipherParameters);
}
catch (SecurityUtilityException e)
{
throw new CmsException("couldn't create cipher.", e);
}
catch (InvalidKeyException e)
{
throw new CmsException("key invalid in message.", e);
}
catch (IOException e)
{
throw new CmsException("error decoding algorithm parameters.", e);
}
try
{
return(new CmsProcessableInputStream(
new CipherStream(readable.GetInputStream(), cipher, null)));
}
catch (IOException e)
{
throw new CmsException("error reading content.", e);
}
}
public void Read_WithNonDefaultAlgorithmIdentifier_ReturnsEssCertIdV2()
{
var directoryName = new X509Name("CN=test");
var generalNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, directoryName));
var bcIssuerSerial = new BcIssuerSerial(generalNames, new DerInteger(BigInteger.One));
var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA512, Encoding.UTF8.GetBytes("peach"));
var bcAlgorithmId = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha512));
var bcEssCertId = new BcEssCertIdV2(bcAlgorithmId, hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha512, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(directoryName.ToString(), essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber);
}
internal BcTstInfo CreateBcTstInfo()
{
var bcAlgorithmIdentifier = new BcAlgorithmIdentifier(new DerObjectIdentifier(HashAlgorithm.Value));
var bcMessageImprint = new BcMessageImprint(bcAlgorithmIdentifier, Hash);
var serialNumber = new BigInteger(SerialNumber);
var ordering = GetOrdering();
var nonce = GetNonce();
var bcTstInfo = new BcTstInfo(
new DerObjectIdentifier(Policy),
bcMessageImprint,
new DerInteger(serialNumber),
GetGenTime(),
Accuracy,
ordering,
nonce,
Tsa,
Extensions);
return(bcTstInfo);
}
public void Read_WithValidInput_ReturnsEssCertId()
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var bcCertificate = DotNetUtilities.FromX509Certificate(certificate);
var bcGeneralNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN));
var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber));
var hash = SigningTestUtility.GetHash(certificate, HashAlgorithmName.SHA384);
var bcAlgorithmId = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha384));
var bcEssCertId = new BcEssCertIdV2(bcAlgorithmId, hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha384, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber);
}
}
public void SetSignature(
AlgorithmIdentifier signature)
{
this.signature = signature;
}
