IDictionary <String, X509Certificate2> hashCerts()
{
var hashList = new Dictionary <String, X509Certificate2>(StringComparer.InvariantCultureIgnoreCase);
using (var hasher = HashAlgorithm.Create(SubjectAlgorithm.FriendlyName)) {
if (hasher == null)
{
return(hashList);
}
var certList = new X509Certificate2Collection();
certList.AddRange(cms.Certificates);
foreach (StoreName storeName in new[] { StoreName.Root, StoreName.CertificateAuthority, StoreName.AuthRoot })
{
var store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
certList.AddRange(store.Certificates);
store.Close();
}
foreach (X509Certificate2 cmsCert in certList)
{
String hashString = AsnFormatter.BinaryToString(hasher.ComputeHash(cmsCert.RawData), format: EncodingFormat.NOCRLF);
if (hashList.ContainsKey(hashString))
{
continue;
}
hashList.Add(hashString, cmsCert);
}
}
return(hashList);
}
void encode()
{
List <Byte> rawData = new List <Byte>(IssuerName.RawData);
rawData.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexRaw), 4));
RawData = rawData.ToArray();
}
/// <summary>
/// Exports the current X509CRL2 object to a file.
/// </summary>
/// <param name="path">The path to a CRL file.</param>
/// <param name="encoding">Encoding of the exported file.</param>
/// <exception cref="ArgumentException">Specified encoding type is not supported.</exception>
/// <exception cref="UninitializedObjectException">An object is not initialized.</exception>
public void Export(String path, X509EncodingType encoding)
{
if (RawData == null)
{
throw new UninitializedObjectException();
}
String Base64;
switch (encoding)
{
case X509EncodingType.Base64:
Base64 = AsnFormatter.BinaryToString(RawData, EncodingType.Base64);
File.WriteAllText(path, Base64);
break;
case X509EncodingType.Base64Header:
Base64 = AsnFormatter.BinaryToString(RawData, EncodingType.Base64CrlHeader);
File.WriteAllText(path, Base64);
break;
case X509EncodingType.Binary:
File.WriteAllBytes(path, RawData);
break;
default:
throw new ArgumentException("Specified encoding is not supported.");
}
}
public static String GetHexString(IEnumerable <Byte> rawData, Asn1Lite node)
{
Int32 startOffset = node.Offset + node.TagLength - node.PayloadLength;
Int32 endOffset = node.Offset + node.TagLength;
return(AsnFormatter.BinaryToString(rawData.ToArray(), EncodingType.Hex, 0, startOffset, endOffset - startOffset));
}
void encode()
{
var rawData = new List <Byte>(IssuerName.RawData);
rawData.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexRaw), (Byte)Asn1Type.INTEGER));
_rawData.AddRange(Asn1Utils.Encode(rawData.ToArray(), 48));
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
IncludedComponents = AuthorityKeyIdentifierFlags.None;
do
{
switch (asn.Tag)
{
case 0x80:
KeyIdentifier = AsnFormatter.BinaryToString(asn.GetPayload(), EncodingType.HexRaw, EncodingFormat.NOCRLF);
IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier;
break;
case 0xa1:
IssuerNames = new X509AlternativeNameCollection();
var bytes = Asn1Utils.Encode(asn.GetPayload(), 48);
IssuerNames.Decode(bytes);
IssuerNames.Close();
IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames;
break;
case 0x82:
SerialNumber = AsnFormatter.BinaryToString(asn.GetPayload());
IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber;
break;
}
} while (asn.MoveNextCurrentLevel());
}
static String DecodeOctetString(Asn1Reader asn)
{
return(AsnFormatter.BinaryToString(
asn.RawData,
EncodingType.HexRaw,
EncodingFormat.NOCRLF, asn.PayloadStartOffset, asn.PayloadLength));
}
/// <summary>
/// Formats a current object to string.
/// </summary>
/// <returns>Formatted string.</returns>
public override String ToString()
{
if (RawData == null)
{
return(String.Empty);
}
StringBuilder sb = new StringBuilder();
StringBuilder algParamString = new StringBuilder();
if (Parameters == null)
{
algParamString.Append(" NULL");
}
else
{
algParamString.AppendLine(" ");
EncodingType format = EncodingType.Hex;
if (Parameters.Length > 16)
{
format = EncodingType.HexAddress;
}
algParamString.Append(AsnFormatter.BinaryToString(Parameters, format).TrimEnd());
}
sb.Append(
// TODO: algorithm identifier is more than signature algorithm identifier, it is commonly used
// TODO: structure type in X.509 and PKCS world
$@"Signature Algorithm:
Algorithm ObjectId: {AlgorithmId.Format(true)}
Algorithm Parameters:{algParamString}
");
return(sb.ToString());
}
/// <param name="nonceValue">The encoded data to use to create the extension.</param>
/// <param name="critical"><strong>True</strong> if the extension is critical; otherwise, <strong>False</strong>.</param>
public X509NonceExtension(AsnEncodedData nonceValue, Boolean critical)
: base(new Oid("1.3.6.1.5.5.7.48.1.2", "OCSP Nonce"), nonceValue.RawData, critical)
{
Asn1Reader asn = new Asn1Reader(nonceValue.RawData);
Value = AsnFormatter.BinaryToString(asn.GetPayload(), EncodingType.Hex);
}
/// <summary>
/// Formats a current object to string.
/// </summary>
/// <returns>Formatted string.</returns>
public override String ToString()
{
var sb = new StringBuilder();
var algParamString = new StringBuilder();
if (param == null)
{
algParamString.Append(" NULL");
}
else
{
algParamString.Append(Environment.NewLine + " ");
EncodingType format = EncodingType.Hex;
if (param.Length > 16)
{
format = EncodingType.HexAddress;
}
algParamString.Append(
AsnFormatter.BinaryToString(param, format)
.Replace(Environment.NewLine, Environment.NewLine + " ")
.TrimEnd());
}
sb.Append(
// TODO: algorithm identifier is more than signature algorithm identifier, it is commonly used
// TODO: structure type in X.509 and PKCS world
$@"Signature Algorithm:
Algorithm ObjectId: {AlgorithmId.Format(true)}
Algorithm Parameters:{algParamString}
");
return(sb.ToString());
}
public virtual String Format()
{
return("-----BEGIN RSA PRIVATE KEY-----" +
Environment.NewLine +
AsnFormatter.BinaryToString(RawData, EncodingType.Base64) +
"-----End RSA PRIVATE KEY-----");
}
void initializeFromAsn(Byte[] rawData)
{
Asn1Reader asn1 = new Asn1Reader(rawData);
if (asn1.Tag != 48)
{
throw new Exception("Unable to decode. Input data is not valid ASN.1 encoded data.");
}
asn1.MoveNext();
HashingAlgorithm = new AlgorithmIdentifier(Asn1Utils.Encode(asn1.GetPayload(), 48)).AlgorithmId;
asn1.MoveNextCurrentLevel();
// issuerNameHash
if (asn1.Tag != 4)
{
throw new Exception("Unable to decode. The data is invalid");
}
IssuerNameId = AsnFormatter.BinaryToString(asn1.GetPayload()).Trim();
asn1.MoveNextCurrentLevel();
// issuerKeyId
if (asn1.Tag != 4)
{
throw new Exception("Unable to decode. The data is invalid");
}
IssuerKeyId = AsnFormatter.BinaryToString(asn1.GetPayload()).Trim();
asn1.MoveNextCurrentLevel();
// serialnumber
if (asn1.Tag != 2)
{
throw new Exception("Unable to decode. The data is invalid");
}
serialNumber = asn1.GetPayload();
IsReadOnly = true;
}
void initializeHash(Byte[] bytes)
{
UnderlyingType = typeof(String);
PropertyValue = bytes.Length == 0
? null
: AsnFormatter.BinaryToString(bytes, EncodingType.Hex, EncodingFormat.NOCRLF);
}
/// <summary>
/// Encodes the current X509CRL2 object to a form specified in the <strong>encoding</strong> parameter.
/// </summary>
/// <param name="encoding">Encoding type. Default is <strong>CRYPT_STRING_BASE64X509CRLHEADER</strong>.</param>
/// <returns>Encoded text.</returns>
/// <remarks>
/// The following encoding types are <strong>not</strong> supported:
/// <list type="bullet">
/// <item>Binary</item>
/// <item>Base64Any</item>
/// <item>StringAny</item>
/// <item>HexAny</item>
/// </list>
/// </remarks>
/// <exception cref="ArgumentException">Specified encoding type is not supported.</exception>
public String Encode(EncodingType encoding = EncodingType.Base64CrlHeader)
{
if (encoding == EncodingType.Binary)
{
throw new ArgumentException("Specified encoding is not supported.");
}
return(AsnFormatter.BinaryToString(_rawData, encoding));
}
/// <summary>
/// Initializes a new instance of <strong>X509CertificateTrustListEntry</strong> class using a byte array that represents certificate's thumbprint.
/// </summary>
/// <param name="thumbprint">Byte array that represents certificate's thumbprint.</param>
public X509CertificateTrustListEntry(Byte[] thumbprint)
{
if (thumbprint == null)
{
throw new ArgumentNullException(nameof(thumbprint));
}
Thumbprint = AsnFormatter.BinaryToString(thumbprint, format: EncodingFormat.NOCRLF, forceUpperCase: true);
}
static IntPtr get_thumbptr(String thumbprint)
{
Byte[] thBytes = AsnFormatter.StringToBinary(thumbprint, EncodingType.HexAny);
IntPtr thumbPtr = Marshal.AllocHGlobal(thBytes.Length);
Marshal.Copy(thBytes, 0, thumbPtr, thBytes.Length);
return(thumbPtr);
}
void initializeFromCertAndIssuer()
{
using (HashAlgorithm hasher = HashAlgorithm.Create(hashAlgorithm.FriendlyName)) {
IssuerNameId = AsnFormatter.BinaryToString(hasher.ComputeHash(_issuerName.RawData)).Trim();
}
using (HashAlgorithm hasher = HashAlgorithm.Create(hashAlgorithm.FriendlyName)) {
IssuerKeyId = AsnFormatter.BinaryToString(hasher.ComputeHash(issuerPublicKey)).Trim();
}
}
/// <summary>
/// Displays an X.509 certificate dump.
/// </summary>
/// <returns>Formatted string.</returns>
public static String Format(this X509Certificate2 cert)
{
if (cert == null)
{
return(String.Empty);
}
var blob = new SignedContentBlob(cert.RawData, ContentBlobType.SignedBlob);
String sigValue = AsnFormatter.BinaryToString(blob.Signature.Value.Reverse().ToArray(), EncodingType.HexAddress)
.Replace(Environment.NewLine, Environment.NewLine + " ");
var sb = new StringBuilder();
sb.Append($@"X509 Certificate:
Version: {cert.Version} (0x{cert.Version - 1:x})
Serial Number: {cert.SerialNumber}
{blob.SignatureAlgorithm}
Issuer:
{cert.IssuerName.FormatReverse(true).Replace(Environment.NewLine, Environment.NewLine + " ")}
Name Hash(md5) : {getNameHash(cert.IssuerName, MD5.Create())}
Name Hash(sha1) : {getNameHash(cert.IssuerName, SHA1.Create())}
Name Hash(sha256) : {getNameHash(cert.IssuerName, SHA256.Create())}
Valid From: {cert.NotBefore}
Valid To : {cert.NotAfter}
Subject:
{cert.SubjectName.FormatReverse(true).Replace(Environment.NewLine, Environment.NewLine + " ")}
Name Hash(md5) : {getNameHash(cert.SubjectName, MD5.Create())}
Name Hash(sha1) : {getNameHash(cert.SubjectName, SHA1.Create())}
Name Hash(sha256) : {getNameHash(cert.SubjectName, SHA256.Create())}
{cert.PublicKey.Format().TrimEnd()}
Certificate Extensions: {cert.Extensions.Count}
{cert.Extensions.Format()}
{blob.SignatureAlgorithm.ToString().TrimEnd()}
Signature: UnusedBits={blob.Signature.UnusedBits}
{sigValue}
");
sb.AppendLine(cert.Issuer.Equals(cert.Subject, StringComparison.InvariantCultureIgnoreCase)
? "Root Certificate: Subject matches Issuer"
: "Non-root Certificate");
sb.AppendLine($"Key Id Hash(sha1) : {getHashData(cert.PublicKey.Encode(), SHA1.Create())}");
sb.AppendLine($"Key Id Hash(rfc-md5) : {getHashData(cert.PublicKey.EncodedKeyValue.RawData, MD5.Create())}");
sb.AppendLine($"Key Id Hash(rfc-sha1) : {getHashData(cert.PublicKey.EncodedKeyValue.RawData, SHA1.Create())}");
sb.AppendLine($"Key Id Hash(rfc-sha256) : {getHashData(cert.PublicKey.EncodedKeyValue.RawData, SHA256.Create())}");
sb.AppendLine($"Key Id Hash(pin-sha256-b64) : {getKeyPinHash(cert.PublicKey, SHA256.Create())}");
sb.AppendLine($"Key Id Hash(pin-sha256-hex) : {getHashData(cert.PublicKey.Encode(), SHA256.Create())}");
sb.AppendLine($"Cert Hash(md5) : {getCertHash(cert, MD5.Create())}");
sb.AppendLine($"Cert Hash(sha1) : {getCertHash(cert, SHA1.Create())}");
sb.AppendLine($"Cert Hash(sha256) : {getCertHash(cert, SHA256.Create())}");
sb.AppendLine($"Signature Hash : {getHashData(blob.GetRawSignature(), SHA1.Create())}");
return(sb.ToString());
}
void m_initialize()
{
Char[] noncechars = DateTime.Now.Ticks.ToString(CultureInfo.InvariantCulture).ToCharArray();
Critical = false;
Oid = _oid;
Byte[] charBytes = noncechars.Select(Convert.ToByte).ToArray();
Value = AsnFormatter.BinaryToString(charBytes, EncodingType.Hex);
RawData = Asn1Utils.Encode(charBytes.ToArray(), 4);
}
static String DecodeInteger(Asn1Reader asn)
{
return(Settings.Default.IntAsInt
? new BigInteger(asn.GetPayload().Reverse().ToArray()).ToString()
: AsnFormatter.BinaryToString(
asn.RawData,
EncodingType.HexRaw,
EncodingFormat.NOCRLF, asn.PayloadStartOffset, asn.PayloadLength));
}
void decode(Byte[] rawData)
{
var asn = new Asn1Reader(rawData);
asn.MoveNext();
IssuerName = new X500DistinguishedName(asn.GetTagRawData());
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.INTEGER);
SerialNumber = AsnFormatter.BinaryToString(asn);
_rawData.AddRange(rawData);
}
void decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
IssuerName = new X500DistinguishedName(asn.GetTagRawData());
asn.MoveNextAndExpectTags((Byte)Asn1Type.INTEGER);
SerialNumber = AsnFormatter.BinaryToString(asn);
RawData = rawData;
}
/// <summary>
/// Gets formatted tag value.
/// </summary>
/// <returns>Formatted tag value.</returns>
public override String GetDisplayValue()
{
StringBuilder SB = new StringBuilder();
SB.AppendFormat("Unused bits={0}\r\n", UnusedBits);
String tempString = AsnFormatter.BinaryToString(Value, EncodingType.HexAddress);
SB.AppendFormat("{0}\r\n", tempString.Replace("\r\n", "\r\n ").TrimEnd());
return(SB.ToString());
}
void initializeFromKeyId(String keyId, Boolean critical)
{
Oid = _oid;
Critical = critical;
IncludedComponents = AuthorityKeyIdentifierFlags.KeyIdentifier;
Byte[] keyIdBytes = AsnFormatter.StringToBinary(keyId);
KeyIdentifier = AsnFormatter.BinaryToString(keyIdBytes, EncodingType.HexRaw, EncodingFormat.NOCRLF);
RawData = Asn1Utils.Encode(AsnFormatter.StringToBinary(keyId, EncodingType.Hex), 0x80);
RawData = Asn1Utils.Encode(RawData, 48);
}
/// <summary>
/// Encodes the current X509CRL2 object to a form specified in the <strong>encoding</strong> parameter.
/// </summary>
/// <param name="encoding">Encoding type. Default is <strong>CRYPT_STRING_BASE64X509CRLHEADER</strong>.</param>
/// <returns>Encoded text.</returns>
/// <remarks>
/// The following encoding types are not supported:
/// <list type="bullet">
/// <item>Binary</item>
/// <item>Base64Any</item>
/// <item>StringAny</item>
/// <item>HexAny</item>
/// </list>
/// </remarks>
/// <exception cref="ArgumentException">Specified encoding type is not supported.</exception>
/// <exception cref="UninitializedObjectException">An object is not initialized.</exception>
public String Encode(EncodingType encoding = EncodingType.Base64CrlHeader)
{
if (RawData == null)
{
throw new UninitializedObjectException();
}
if (encoding == EncodingType.Binary)
{
throw new ArgumentException("Specified encoding is not supported.");
}
return(AsnFormatter.BinaryToString(RawData, encoding));
}
/// <inheritdoc />
public override String ToString()
{
var sb = new StringBuilder();
sb.Append(
$@"
Hash Algorithm: {AlgorithmIdentifier.AlgorithmId.Format(true)}
Hash Value :
{AsnFormatter.BinaryToString(_msgHash.ToArray(), EncodingType.HexAddress).TrimEnd().Replace("\r\n", "\r\n ")}
"
);
return(sb.ToString());
}
static String DecodeBitString(Asn1Reader asn)
{
return(String.Format(
"Unused bits: {0} : {1}",
asn.RawData[asn.PayloadStartOffset],
AsnFormatter.BinaryToString(
asn.RawData,
EncodingType.HexRaw,
EncodingFormat.NOCRLF,
asn.PayloadStartOffset + 1,
asn.PayloadLength - 1)
));
}
void generateSerialNumber()
{
if (String.IsNullOrWhiteSpace(SerialNumber))
{
using (MD5 hasher = MD5.Create()) {
serialNumber = hasher.ComputeHash(Guid.NewGuid().ToByteArray());
}
}
else
{
serialNumber = AsnFormatter.StringToBinary(SerialNumber, EncodingType.Hex);
}
}
/// <summary>
/// Encodes current instance of CTL entry to ASN.1-encoded byte array.
/// </summary>
/// <returns>
/// ASN.1-encoded byte array.
/// </returns>
public Byte[] Encode()
{
Byte[] thumbBytes = AsnFormatter.StringToBinary(Thumbprint, EncodingType.HexRaw);
var retValue = new List <Byte>(Asn1Utils.Encode(thumbBytes, (Byte)Asn1Type.OCTET_STRING));
if (_attributes.Count == 0)
{
return(Asn1Utils.Encode(retValue.ToArray(), 48));
}
var asn = new Asn1Reader(Attributes.Encode());
retValue.AddRange(Asn1Utils.Encode(asn.GetPayload(), 49));
return(Asn1Utils.Encode(retValue.ToArray(), 48));
}
public String Encode(X509EncodingType encoding)
{
switch (encoding)
{
case X509EncodingType.Base64:
return(Convert.ToBase64String(_rawData, Base64FormattingOptions.InsertLineBreaks));
case X509EncodingType.Base64Header:
return(AsnFormatter.BinaryToString(_rawData, EncodingType.Base64CrlHeader));
default:
throw new ArgumentException("Binary encoding is not supported.");
}
}