void m_encode(Oid oid) { if (String.IsNullOrWhiteSpace(oid.Value)) { Initialize(new Asn1Reader(new Byte[] { TAG, 0 })); Value = new Oid(); return; } if (oid.Value.Length > 8096) { throw new OverflowException("Oid string is longer than 8kb"); } if (!validateOidString(oid.Value, out List <UInt64> tokens)) { throw new InvalidDataException(String.Format(InvalidType, TYPE.ToString())); } Value = oid; Initialize(new Asn1Reader(Asn1Utils.Encode(encode(tokens), TAG))); }
List <Byte> buildTbsRequest(X500DistinguishedName requester) { List <Byte> tbsRequest = new List <Byte>(); if (requester != null) { X509AlternativeName requesterName = new X509AlternativeName(X509AlternativeNamesEnum.DirectoryName, requester); tbsRequest.AddRange(Asn1Utils.Encode(requesterName.RawData, 0xa1)); } tbsRequest.AddRange(RequestList.Encode()); if (Nonce) { _listExtensions.Add(new X509NonceExtension()); Byte[] extensionsbytes = Asn1Utils.Encode(Extensions.Encode(), 162); tbsRequest.AddRange(extensionsbytes); NonceValue = _listExtensions[_listExtensions.Count - 1].Format(false).Trim(); } return(Asn1Utils.Encode(tbsRequest.ToArray(), 48).ToList()); }
/// <summary> /// Encodes current object to an ASN.1 format. /// </summary> /// <returns>ASN.1-encoded byte array that represents current object.</returns> public Byte[] Encode() { var retValue = new List <Byte>(); switch (Type) { case SubjectIdentifierType.IssuerAndSerialNumber: retValue.AddRange(((X509IssuerSerial)Value).RawData); break; case SubjectIdentifierType.SubjectKeyIdentifier: retValue.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(Value.ToString(), EncodingType.HexRaw), 0x80)); break; default: throw new ArgumentException("Invalid CMS issuer identifier type."); } return(retValue.ToArray()); }
/// <summary> /// Encodes an array of <see cref="X509PolicyQualifier"/> to an ASN.1-encoded byte array. /// </summary> /// <returns>ASN.1-encoded byte array.</returns> public Byte[] Encode() { if (_list.Count == 0) { return(null); } Int32 index = 1; List <Byte> rawData = new List <Byte>(); foreach (X509PolicyQualifier qualifier in _list) { if (qualifier.Type == X509PolicyQualifierType.UserNotice) { qualifier.NoticeNumber = index; index++; } rawData.AddRange(qualifier.Encode()); } return(Asn1Utils.Encode(rawData.ToArray(), 48)); }
void m_initialize(Int32?explicitPolicy, Int32?inhibitPolicy) { Oid = _oid; Critical = true; List <Byte> rawData = new List <Byte>(); if (explicitPolicy != null) { BigInteger integer = new BigInteger((Int32)explicitPolicy); rawData.AddRange(Asn1Utils.Encode(integer.ToLittleEndianByteArray(), 0x80)); RequireExplicitPolicy = explicitPolicy; } if (inhibitPolicy != null) { BigInteger integer = new BigInteger((Int32)inhibitPolicy); rawData.AddRange(Asn1Utils.Encode(integer.ToLittleEndianByteArray(), 0x81)); InhibitPolicyMapping = inhibitPolicy; } RawData = Asn1Utils.Encode(rawData.ToArray(), 48); }
/// <summary> /// Encodes revocation entry to a ASN.1-encoded byte array. /// </summary> /// <returns>ASN.1-encoded byte array</returns> public Byte[] Encode() { if (String.IsNullOrEmpty(SerialNumber)) { throw new UninitializedObjectException(); } List <Byte> rawData = new List <Byte>(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexAny)); rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), (Byte)Asn1Type.INTEGER)); rawData.AddRange(Asn1Utils.EncodeDateTime(RevocationDate)); if (ReasonCode != 0) { Byte[] reasonEnum = new Byte[] { 10, 1, (Byte)ReasonCode }; X509ExtensionCollection exts = new X509ExtensionCollection(); X509Extension CRlReasonCode = new X509Extension("2.5.29.21", reasonEnum, false); exts.Add(CRlReasonCode); rawData.AddRange(Crypt32Managed.EncodeX509Extensions(exts)); } return(Asn1Utils.Encode(rawData.ToArray(), 48)); }
/// <summary> /// Encodes current extension to ASN.1-encoded byte array. /// </summary> /// <param name="extension">Extension to encode.</param> /// <exception cref="ArgumentNullException"><strong>extension</strong> parameter is null.</exception> /// <exception cref="UninitializedObjectException">Extension object is not properly initialized.</exception> /// <returns></returns> public static Byte[] Encode(this X509Extension extension) { if (extension == null) { throw new ArgumentNullException(nameof(extension)); } if (String.IsNullOrEmpty(extension.Oid.Value)) { throw new UninitializedObjectException(); } List <Byte> rawData = new List <Byte>(Asn1Utils.EncodeObjectIdentifier(extension.Oid)); if (extension.Critical) { rawData.AddRange(Asn1Utils.EncodeBoolean(true)); } rawData.AddRange(Asn1Utils.Encode(extension.RawData, (Byte)Asn1Type.OCTET_STRING)); return(Asn1Utils.Encode(rawData.ToArray(), 48)); }
/// <summary> /// Hashes current blob in <see cref="ToBeSignedData"/> member, constructs algorithm identifier /// (usually, with "NoSign" suffix) and attaches hash value in the signature section. /// </summary> /// <param name="hashAlgorithm">Hash algorithm to use for hashing.</param> /// <exception cref="ArgumentException"> /// Hash algorithm is not valid or cannot be mapped to respective signature algorithm. /// </exception> /// <exception cref="ArgumentNullException"> /// <strong>hashAlgorithm</strong> parameter is null. /// </exception> public void Hash(Oid2 hashAlgorithm) { if (hashAlgorithm == null) { throw new ArgumentNullException(nameof(hashAlgorithm)); } Oid2 transofrmedOid = Oid2.MapHashToSignatureOid(hashAlgorithm); using (var hasher = HashAlgorithm.Create(hashAlgorithm.FriendlyName)) { if (hasher == null) { throw new ArgumentException("Specified hash algorithm is not valid hashing algorithm"); } List <Byte> signature = hasher.ComputeHash(ToBeSignedData).ToList(); signature.Insert(0, 0); Signature = new Asn1BitString(Asn1Utils.Encode(signature.ToArray(), (Byte)Asn1Type.BIT_STRING)); } SignatureAlgorithm = new AlgorithmIdentifier(transofrmedOid.ToOid(), Asn1Utils.EncodeNull()); BlobType = ContentBlobType.SignedBlob; }
void m_initialize(X509Certificate2 cert) { List <Byte> rawData = new List <Byte>(); rawData.AddRange(cert.IssuerName.RawData); if (cert.Extensions.Count > 0) { foreach (X509Extension item in cert.Extensions.Cast <X509Extension>().Where(item => item.Oid.Value == "1.3.6.1.5.5.7.1.1")) { AIARaw = item.RawData; rawData.AddRange(item.RawData); m_extracturls(cert); } } rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), 48)); IssuerName = cert.Issuer; Critical = false; Oid = _oid; RawData = rawData.ToArray(); }
void initializeFromAsn(Byte[] rawData) { Asn1Reader asn = new Asn1Reader(rawData); if (asn.Tag != 48) { throw new Asn1InvalidTagException(asn.Offset); } asn.MoveNext(); HashingAlgorithm = new AlgorithmIdentifier(Asn1Utils.Encode(asn.GetPayload(), 48)).AlgorithmId; asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.OCTET_STRING); // issuerNameHash IssuerNameId = AsnFormatter.BinaryToString(asn.GetPayload()).Trim(); asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.OCTET_STRING); // issuerKeyId IssuerKeyId = AsnFormatter.BinaryToString(asn.GetPayload()).Trim(); asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.INTEGER); // serialnumber serialNumber = asn.GetPayload(); IsReadOnly = true; }
void m_initialize(X509Certificate2 cert) { List <Byte> rawData = new List <Byte>(); rawData.AddRange(cert.IssuerName.RawData); if (cert.Extensions.Count > 0) { X509Extension ext = cert.Extensions[X509CertExtensions.X509AuthorityInformationAccess]; if (ext != null) { AIARaw = ext.RawData; rawData.AddRange(ext.RawData); m_extracturls(cert); } } rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), 48)); IssuerName = cert.Issuer; Critical = false; Oid = _oid; RawData = rawData.ToArray(); }
void encodeIpAddress(String value) { if (value == null) { rawData = new Byte[] { 135, 0 }; } else { Boolean ipv4 = value.Contains('.'); List<Byte> bytes = new List<Byte>(); String[] tokens = value.Split('/'); value = tokens[0]; String netMask = String.Empty; try { bytes.AddRange(IPAddress.Parse(value).GetAddressBytes()); } catch { throw new ArgumentException("The specified value is not valid IPv4 or IPv6 address."); } if (tokens.Length == 2) { netMask = "/" + tokens[1]; Byte maskLength = Convert.ToByte(tokens[1]); if (ipv4 && maskLength > 32) { throw new ArgumentException("The IPv4 netmask value is invalid."); } if (!ipv4 && maskLength > 128) { throw new ArgumentException("The IPv6 netmask value is invalid."); } if (ipv4) { Int32 bits = 32 - maskLength; Int32 mask = ~(0 | ((Int32)Math.Pow(2, bits) - 1)); bytes.AddRange(BitConverter.GetBytes(mask).Reverse()); } else { // ipv6 Int32 maskBits = maskLength; Int32 shiftBits = 128 - maskBits; BigInteger mask = ((BigInteger)Math.Pow(2, maskBits) - 1) << shiftBits; bytes.AddRange(mask.ToLittleEndianByteArray().Skip(1).Take(16).ToArray()); } } Value = IPAddress.Parse(value) + netMask; rawData = Asn1Utils.Encode(bytes.ToArray(), 135); } }
void m_initialize(IEnumerable <String> urls, Int32?syncDeltaTime, Boolean critical) { Oid = _oid; Critical = critical; DeltaSyncTimeInSeconds = syncDeltaTime; List <Byte> rawData = new List <Byte>(); if (DeltaSyncTimeInSeconds != null) { rawData.AddRange(new Asn1Integer(DeltaSyncTimeInSeconds.Value).RawData); } Uri[] uris = urls.Select(url => new Uri(url)).ToArray(); CrossCertDistributionPoints = new X509AlternativeNameCollection(); foreach (Uri url in uris) { CrossCertDistributionPoints.Add(new X509AlternativeName(X509AlternativeNamesEnum.URL, url)); } CrossCertDistributionPoints.Close(); rawData.AddRange(Asn1Utils.Encode(CrossCertDistributionPoints.Encode(), 48)); RawData = rawData.ToArray(); }
void signRequest(X509Certificate2 signerCert) { List <Byte> tbsRequest = buildTbsRequest(signerCert.SubjectName); Byte[] signature = MessageSignature.SignMessage(signerCert, tbsRequest.ToArray(), signatureAlgID); SignerCertificate = signerCert; if (includeFullSigChain) { buildSignerCertChain(); } else { _signerChain.Add(signerCert); } AlgorithmIdentifier algId = new AlgorithmIdentifier(signatureAlgID); List <Byte> signatureInfo = new List <Byte>(algId.RawData); signatureInfo.AddRange(new Asn1BitString(signature, false).RawData); signatureInfo.AddRange(Asn1Utils.Encode(_signerChain.Encode(), 0xa0)); tbsRequest.AddRange(Asn1Utils.Encode(Asn1Utils.Encode(signatureInfo.ToArray(), 48), 0xa0)); RawData = Asn1Utils.Encode(tbsRequest.ToArray(), 48); IsReadOnly = true; }
/// <summary> /// Encodes current object to a DER-encoded byte array. Returned array is used to construct initial OCSP Request structure. /// </summary> /// <returns>Returns a DER-encoded byte array.</returns> /// <value>System.Byte[]</value> public Byte[] Encode() { if (!String.IsNullOrEmpty(SerialNumber)) { if (issuerPublicKey != null) { initializeFromCertAndIssuer(); } // algorithm identifier var rawData = new List <Byte>(Asn1Utils.EncodeObjectIdentifier(hashAlgorithm)); rawData.AddRange(Asn1Utils.EncodeNull()); rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), 48)); // IssuerNameId rawData.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(IssuerNameId, EncodingType.HexRaw), 4)); // IssuerKeyId rawData.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(IssuerKeyId, EncodingType.HexRaw), 4)); // SerialNumber rawData.AddRange(Asn1Utils.Encode(serialNumber, 2)); IsReadOnly = true; return(Asn1Utils.Encode(rawData.ToArray(), 48)); } throw new UninitializedObjectException(); }
void initializeFromCert(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical) { Oid = _oid; Critical = critical; IncludedComponents = AuthorityKeyIdentifierFlags.None; // TODO rawData is not used List <Byte> rawData = new List <Byte>(); if ((flags & AuthorityKeyIdentifierFlags.KeyIdentifier) > 0) { using (var hasher = SHA1.Create()) { var hashbytes = hasher.ComputeHash(issuer.PublicKey.EncodedKeyValue.RawData); KeyIdentifier = AsnFormatter.BinaryToString(hashbytes, EncodingType.HexRaw, EncodingFormat.NOCRLF); rawData.AddRange(Asn1Utils.Encode(hashbytes, 0x80)); } IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier; } if ((flags & AuthorityKeyIdentifierFlags.AlternativeNames) > 0) { X509Extension san = issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames]; Debug.Assert(san != null, "san != null"); AsnEncodedData encoded = new AsnEncodedData(san.RawData); var sanExt = new X509SubjectAlternativeNamesExtension(encoded, false); IssuerNames = sanExt.AlternativeNames; IssuerNames.Close(); Asn1Reader asn = new Asn1Reader(san.RawData); rawData.AddRange(Asn1Utils.Encode(asn.GetPayload(), 0x81)); IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames; } if ((flags & AuthorityKeyIdentifierFlags.SerialNumber) > 0) { SerialNumber = issuer.SerialNumber; rawData.AddRange(Asn1Utils.Encode(issuer.GetSerialNumber().Reverse().ToArray(), 0x82)); IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber; } RawData = Asn1Utils.Encode(rawData.ToArray(), 48); }
// here we use reduced encoding, that is, use minimum required bytes to encode extension value. void m_initialize(UInt16 caVersion, UInt16 keyVersion) { Oid = new Oid(X509CertExtensions.X509CAVersion); CACertificateVersion = caVersion; CAKeyVersion = keyVersion; // max 2 bytes List <Byte> certBytes = BitConverter.GetBytes((UInt16)CACertificateVersion).ToList(); if (BitConverter.IsLittleEndian) { certBytes.Reverse(); } if (keyVersion == 0) { if (CACertificateVersion == 0) { RawData = RawData = new Byte[] { 2, 1, 0 }; } else { // truncate leading zero bytes. Only if key index is zero. RawData = Asn1Utils.Encode(certBytes.SkipWhile(x => x == 0).ToArray(), (Byte)Asn1Type.INTEGER); } } else { List <Byte> keyBytes = BitConverter.GetBytes((UInt16)CAKeyVersion).ToList(); if (BitConverter.IsLittleEndian) { keyBytes.Reverse(); } // truncate leading zero bytes for key, cert bytes must be 2 bytes long. keyBytes = keyBytes.SkipWhile(x => x == 0).ToList(); keyBytes.AddRange(certBytes); RawData = Asn1Utils.Encode(keyBytes.ToArray(), (Byte)Asn1Type.INTEGER); } }
void m_encode(String inputString) { Value = inputString; Initialize(new Asn1Reader(Asn1Utils.Encode(Encoding.UTF32.GetBytes(inputString).Reverse().ToArray(), TAG))); }
void m_decode(Byte[] rawData) { Asn1Reader asn = new Asn1Reader(rawData); asn.MoveNext(); if (asn.PayloadLength == 0) { return; } do { Byte[] altNames; switch (asn.Tag) { case 0xA0: Asn1Reader distName = new Asn1Reader(asn.GetPayload()); do { switch (distName.Tag) { case 0xA0: // full name altNames = Asn1Utils.Encode(distName.GetPayload(), 48); FullName = new X509AlternativeNameCollection(); FullName.Decode(altNames); break; case 0xA1: // relative to issuer name Byte[] relativeName = Asn1Utils.Encode(distName.GetPayload(), 48); RelativeToIssuerName = new X500DistinguishedName(relativeName); break; default: throw new InvalidDataException("The data is invalid"); } } while (distName.MoveNextCurrentLevel()); break; case 0xA1: // reasons Asn1BitString bs = new Asn1BitString(asn.GetPayload()); if (bs.Value[0] == 0) { Reasons = X509RevocationReasons.Unspecified; break; } Byte mask = 1; do { if ((bs.Value[0] & mask) > 0) { switch (mask) { case 1: Reasons += (Int32)X509RevocationReasons.AACompromise; break; case 2: Reasons += (Int32)X509RevocationReasons.PrivilegeWithdrawn; break; case 4: Reasons += (Int32)X509RevocationReasons.CertificateHold; break; case 8: Reasons += (Int32)X509RevocationReasons.CeaseOfOperation; break; case 16: Reasons += (Int32)X509RevocationReasons.Superseded; break; case 32: Reasons += (Int32)X509RevocationReasons.ChangeOfAffiliation; break; case 64: Reasons += (Int32)X509RevocationReasons.CACompromise; break; case 128: Reasons += (Int32)X509RevocationReasons.KeyCompromise; break; } } mask <<= 1; } while (mask != 128); break; case 0xA2: // crl issuer altNames = Asn1Utils.Encode(asn.GetPayload(), 48); CRLIssuer = new X509AlternativeNameCollection(); CRLIssuer.Decode(altNames); break; default: throw new InvalidDataException("The data is invalid."); } } while (asn.MoveNextCurrentLevel()); RawData = rawData; }
void m_encode(String inputString) { Value = inputString; Init(new Asn1Reader(Asn1Utils.Encode(Encoding.UTF32.GetBytes(inputString), tag))); }
void m_encode(DateTime time, TimeZoneInfo zone, Boolean preciseTime) { tagValue = time; zoneInfo = zone; Init(new Asn1Reader(Asn1Utils.Encode(DateTimeUtils.Encode(time, zone, false, preciseTime), tag))); }
void m_encode(DateTime time, TimeZoneInfo zone, Boolean preciseTime) { Value = time; ZoneInfo = zone; Initialize(new Asn1Reader(Asn1Utils.Encode(DateTimeUtils.Encode(time, zone, true, preciseTime), TAG))); }
public static Byte[] EncodeGeneric(Byte tag, String value, Byte unusedBits) { switch (tag) { case (Byte)Asn1Type.BOOLEAN: return(new Asn1Boolean(Boolean.Parse(value)).RawData); case (Byte)Asn1Type.INTEGER: return(new Asn1Integer(BigInteger.Parse(value)).RawData); case (Byte)Asn1Type.BIT_STRING: return(new Asn1BitString(HexUtility.HexToBinary(value), unusedBits).RawData); case (Byte)Asn1Type.OCTET_STRING: return(new Asn1OctetString(HexUtility.HexToBinary(value), false).RawData); case (Byte)Asn1Type.NULL: return(new Asn1Null().RawData); case (Byte)Asn1Type.OBJECT_IDENTIFIER: return(new Asn1ObjectIdentifier(value).RawData); case (Byte)Asn1Type.ENUMERATED: return(new Asn1Enumerated(UInt64.Parse(value)).RawData); case (Byte)Asn1Type.UTF8String: return(new Asn1UTF8String(value).RawData); case (Byte)Asn1Type.NumericString: return(new Asn1NumericString(value).RawData); case (Byte)Asn1Type.TeletexString: return(new Asn1TeletexString(value).RawData); case (Byte)Asn1Type.VideotexString: return(Asn1Utils.Encode(Encoding.ASCII.GetBytes(value), tag)); case (Byte)Asn1Type.PrintableString: return(new Asn1PrintableString(value).RawData); case (Byte)Asn1Type.IA5String: return(new Asn1IA5String(value).RawData); case (Byte)Asn1Type.UTCTime: return(EncodeUTCTime(DateTime.ParseExact(value, "MM/dd/yyyy HH:mm:ss", CultureInfo.InvariantCulture))); case (Byte)Asn1Type.GeneralizedTime: return(EncodeGeneralizedTime(DateTime.ParseExact(value, "MM/dd/yyyy HH:mm:ss", CultureInfo.InvariantCulture))); //case (Byte)ASN1Tags.GraphicString case (Byte)Asn1Type.VisibleString: return(new Asn1VisibleString(value).RawData); case (Byte)Asn1Type.GeneralString: return(Asn1Utils.Encode(Encoding.UTF8.GetBytes(value), tag)); case (Byte)Asn1Type.UniversalString: return(new Asn1UniversalString(value).RawData); case (Byte)Asn1Type.BMPString: return(new Asn1BMPString(value).RawData); default: if ((tag & (Byte)Asn1Type.TAG_MASK) == 6) { return(Asn1Utils.Encode(Encoding.UTF8.GetBytes(value), tag)); } return(Asn1Utils.Encode(HexUtility.HexToBinary(value), tag)); } }
public static Byte[] EncodeHex(Byte tag, String hexString, Byte unusedBits) { Byte[] hexBytes = AsnFormatter.StringToBinary(hexString, EncodingType.Hex); return(Asn1Utils.Encode(hexBytes, tag)); }
void m_encode(String inputString) { Value = inputString; Init(new Asn1Reader(Asn1Utils.Encode(Encoding.BigEndianUnicode.GetBytes(inputString), tag))); }
void m_encode(BigInteger inputInteger) { Value = inputInteger; Init(new Asn1Reader(Asn1Utils.Encode(inputInteger.GetAsnBytes(), tag))); }
void m_encode(BigInteger inputInteger) { Value = Convert.ToUInt64(inputInteger); Initialize(new Asn1Reader(Asn1Utils.Encode(inputInteger.GetAsnBytes(), TAG))); }
/// <summary> /// /// </summary> public void Encode() { RawData = Asn1Utils.Encode(buildTbsRequest(null).ToArray(), 48); IsReadOnly = true; }
void m_encode(BigInteger crlNumber) { CRLNumber = crlNumber; RawData = Asn1Utils.Encode(crlNumber.ToLittleEndianByteArray(), (Byte)Asn1Type.INTEGER); }
void decodeResponse() { asn1 = new Asn1Reader(RawData); if (asn1.Tag != 48) { throw new Exception("Response data is not valid ASN.1 encoded data."); } //response status asn1.MoveNext(); if (asn1.Tag != 10) { throw new Exception("Unable to decode OCSP Reponse data. The data is invalid."); } ResponseStatus = (OCSPResponseStatus)asn1.GetPayload()[0]; if (asn1.NextOffset == 0) { return; } //responseBytesCS asn1.MoveNext(); if (asn1.Tag != 160) { throw new Exception("Unable to decode Response."); } asn1.MoveNext(); asn1.MoveNext(); if (asn1.Tag != 6) { throw new Exception("Response type is invalid."); } Byte[] oidbytes = Asn1Utils.Encode(asn1.GetPayload(), (Byte)Asn1Type.OBJECT_IDENTIFIER); decodeResponseType(oidbytes); asn1.MoveNext(); if (asn1.Tag != 4) { throw new Exception("Response is missing."); } //BasicOCSPResponse asn1.MoveNext(); if (asn1.Tag != 48) { throw new Exception("tbsResponseData is missing."); } asn1.MoveNext(); //tbsResponseData var a = asn1.GetPayload(); Asn1Reader tbsResponseData = new Asn1Reader(asn1.GetTagRawData()); //decodetbsResponse(tbsResponseData); //signatureAlgorithm asn1.MoveNextCurrentLevel(); SignatureAlgorithm = (new AlgorithmIdentifier(Asn1Utils.Encode(asn1.GetPayload(), 48))).AlgorithmId; //signature asn1.MoveNextCurrentLevel(); Byte[] signature = asn1.GetPayload().Skip(1).ToArray(); // GenericArray.GetSubArray(asn1.Payload, 1, asn1.Payload.Length - 1); SignerCertificates = new X509Certificate2Collection(); if (asn1.MoveNext()) { asn1.MoveNext(); Asn1Reader cert = new Asn1Reader(asn1.GetPayload()); do { SignerCertificates.Add(new X509Certificate2(Asn1Utils.Encode(cert.GetPayload(), 48))); } while (cert.MoveNextCurrentLevel()); verifySigner(SignerCertificates[0], true); } // optional. Find cert in store. verifyAll(tbsResponseData, signature, SignatureAlgorithm); }