public void WriteCertificate(X509Certificate cert)
{
// build ASN1
var asn1 = GetASN1(cert);
// write ASN1 to stream
new DERWriter(stream).Write(asn1);
}
private byte[] GetBytes(X509Certificate certificate)
{
using (var ms = new MemoryStream())
{
new X509Writer(ms).WriteCertificate(certificate);
return ms.ToArray();
}
}
public void AddCertificate(byte[] rawDerBytes)
{
var reader = new X509Reader(rawDerBytes);
var cert = reader.ReadCertificate();
// TODO get SANs
var identifier = NormalizeIdentifier(cert.Subject.CommonName);
if (certificates.Count == 0)
{
defaultCertificate = cert;
}
certificates.Add(identifier, cert);
}
private ASN1Object GetASN1(X509Certificate cert)
{
var version = new ASN1Integer(cert.Version - 1);
var taggedVersion = new ASN1Tagged(0, new[] { version });
var serialNumber = new ASN1Integer(cert.SerialNumber);
var signatureAlgo = GetAlgorithmIdentifier(cert.SignatureAlgorithm);
var issuer = GetName(cert.Issuer);
var validity = GetValidity(cert.Validity);
var subject = GetName(cert.Subject);
var subjectPublicKeyInfo = new ASN1Sequence(new[]
{
GetAlgorithmIdentifier(cert.SubjectPublicKeyAlgorithm),
new ASN1BitString(cert.SubjectPublicKey.GetBytes())
});
var tbs = new List<ASN1Object>
{
taggedVersion,
serialNumber,
signatureAlgo,
issuer,
validity,
subject,
subjectPublicKeyInfo
};
if (cert.Version >= 2)
{
//TODO issuerUniqueID
//TODO subjectUniqueID
}
if (cert.Version >= 3)
{
var extensions = GetExtensions(cert.Extensions);
var taggedExtensions = new ASN1Tagged(3, new[] { extensions });
tbs.Add(taggedExtensions);
}
return new ASN1Sequence(new List<ASN1Object>
{
new ASN1Sequence(tbs),
signatureAlgo,
new ASN1BitString(cert.Signature)
});
}
public CertificateMessage(X509Certificate[] certificates) : base(HandshakeType.Certificate)
{
SecurityAssert.NotNull(certificates);
SecurityAssert.SAssert(certificates.Length <= 0xFFFFFF);
Certificates = certificates;
}
