/// <summary>
/// Parse asn data
/// </summary>
/// <param name="data"></param>
private void Parse(byte[] data)
{
if (base.Oid.Value != Oids.AuthorityKeyIdentifier &&
base.Oid.Value != Oids.AuthorityKeyIdentifier2)
{
throw new FormatException("Extension has unknown oid.");
}
var authorityKey =
new Org.BouncyCastle.X509.Extension.AuthorityKeyIdentifierStructure(
new Org.BouncyCastle.Asn1.DerOctetString(data));
if (authorityKey == null)
{
throw new FormatException("Extension has bad oid.");
}
if (authorityKey.AuthorityCertSerialNumber != null)
{
SerialNumber = new SerialNumber(
authorityKey.AuthorityCertSerialNumber.ToByteArray());
}
AuthorityNames.Clear();
if (authorityKey.AuthorityCertIssuer != null)
{
foreach (var name in authorityKey.AuthorityCertIssuer.GetNames())
{
if (name.TagNo == Org.BouncyCastle.Asn1.X509.GeneralName.DirectoryName)
{
AuthorityNames.Add(name.Name.ToString());
}
}
}
KeyId = authorityKey.GetKeyIdentifier().ToBase16String();
}
/// <summary>
/// Create extension
/// </summary>
/// <param name="authorityNames"></param>
/// <param name="serialNumber">big-endian</param>
/// <param name="keyId"></param>
/// <param name="critical"></param>
public X509AuthorityKeyIdentifierExtension(IEnumerable <string> authorityNames,
SerialNumber serialNumber, string keyId, bool critical = false) :
this(Oids.AuthorityKeyIdentifier,
BuildAuthorityKeyIdentifier(authorityNames, serialNumber, keyId),
critical)
{
}
/// <summary>
/// Build the X509 Authority Key extension.
/// </summary>
/// <param name="authorityNames">The distinguished name of the issuer</param>
/// <param name="serialNumber">The serial number of the issuer</param>
/// <param name="keyId">The subject key identifier to use</param>
private static byte[] BuildAuthorityKeyIdentifier(
IEnumerable <string> authorityNames, SerialNumber serialNumber, string keyId)
{
using (var writer = new AsnWriter(AsnEncodingRules.DER)) {
writer.PushSequence();
if (keyId != null)
{
var keyIdTag = new Asn1Tag(TagClass.ContextSpecific, 0);
writer.WriteOctetString(keyIdTag, keyId.DecodeAsBase16());
}
var issuerNameTag = new Asn1Tag(TagClass.ContextSpecific, 1);
writer.PushSequence(issuerNameTag);
// Add the tag to constructed context-specific 4 (GeneralName.directoryName)
foreach (var issuerName in authorityNames)
{
var directoryNameTag = new Asn1Tag(TagClass.ContextSpecific, 4, true);
writer.PushSetOf(directoryNameTag);
writer.WriteEncodedValue(X500DistinguishedNameEx.Create(issuerName).RawData);
writer.PopSetOf(directoryNameTag);
}
writer.PopSequence(issuerNameTag);
var issuerSerialTag = new Asn1Tag(TagClass.ContextSpecific, 2);
writer.WriteInteger(issuerSerialTag, serialNumber.ToBigInteger());
writer.PopSequence();
return(writer.Encode());
}
}
public void TestParseX509AuthorityKeyIdentifierExtension3()
{
// Setup
var authority = "CN=TestAuthority";
var keyId = "32362340932423";
var serialNumber = new SerialNumber(40);
// Act
var extension1 = new X509AuthorityKeyIdentifierExtension(
authority, serialNumber, keyId, false);
var buffer = extension1.RawData;
var extension2 = new X509AuthorityKeyIdentifierExtension(buffer);
var extension3 = new X509AuthorityKeyIdentifierExtension(extension2, true);
// Assert
Assert.Equal(extension1.AuthorityNames, extension3.AuthorityNames);
Assert.Single(extension3.AuthorityNames);
Assert.Equal(authority, extension1.AuthorityNames.Single());
Assert.Equal(extension1.SerialNumber, extension3.SerialNumber);
Assert.Equal(serialNumber, extension3.SerialNumber);
Assert.Equal(extension1.KeyId, extension3.KeyId);
Assert.Equal(keyId, extension3.KeyId);
Assert.Equal(Oids.AuthorityKeyIdentifier,
extension1.Oid.Value);
Assert.Equal(Oids.AuthorityKeyIdentifier,
extension3.Oid.Value);
Assert.True(extension3.Critical);
}
public void TestCreate509AuthorityKeyIdentifierExtension2()
{
var authority = "CN=TestAuthority";
var keyId = "32362340932423";
var serial = new byte[20];
var rand = new Random();
rand.NextBytes(serial);
serial[0] = 0;
serial[1] = 0;
serial[2] = 0;
var serialNumber = new SerialNumber(serial);
using (var rsa = RSA.Create()) {
var request = rsa.ToKey().CreateCertificateRequest(
new X500DistinguishedName("CN=test"),
SignatureType.PS256,
new X509AuthorityKeyIdentifierExtension(authority, serialNumber, keyId)
.YieldReturn());
var cert = request.Create(new X500DistinguishedName("CN=test"),
X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1),
DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromDays(1), serialNumber.Value);
var aki = cert.GetAuthorityKeyIdentifierExtension();
Assert.Equal(serialNumber, aki.SerialNumber);
Assert.Equal(serialNumber.ToString(), cert.SerialNumber);
Assert.Equal(aki.SerialNumber, SerialNumber.Parse(cert.SerialNumber));
}
}
public void ConvertToStringAndParseSize(long value)
{
var serial1 = new SerialNumber(value);
var serial2 = SerialNumber.Parse(serial1.ToString());
Assert.Equal(serial1, serial2);
}
public void TestParseX509AuthorityKeyIdentifierExtension2()
{
// Setup
var authorities = new List <string> {
"CN=TestAuthority", "CN=test", "CN=ttttttt"
};
var keyId = "32362340932423";
var serialNumber = new SerialNumber();
// Act
var extension1 = new X509AuthorityKeyIdentifierExtension(
authorities, serialNumber, keyId, false);
var sm1 = extension1.Format(true);
var s1 = extension1.Format(false);
var buffer = extension1.RawData;
var extension2 = new X509AuthorityKeyIdentifierExtension(buffer, true);
var sm2 = extension2.Format(true);
var s2 = extension2.Format(false);
// Assert
Assert.Equal(extension1.AuthorityNames, extension2.AuthorityNames);
Assert.Equal(authorities, extension1.AuthorityNames);
Assert.Equal(extension1.SerialNumber, extension2.SerialNumber);
Assert.Equal(serialNumber, extension2.SerialNumber);
Assert.Equal(extension1.KeyId, extension2.KeyId);
Assert.Equal(keyId, extension2.KeyId);
Assert.Equal(Oids.AuthorityKeyIdentifier,
extension1.Oid.Value);
Assert.Equal(Oids.AuthorityKeyIdentifier,
extension2.Oid.Value);
Assert.True(extension2.Critical);
Assert.Equal(sm1, sm2);
Assert.Equal(s1, s2);
}
public void TestParseX509AuthorityKeyIdentifierExtension1()
{
// Setup
var authority = "CN=TestAuthority";
var keyId = "32362340932423";
var serialNumber = new SerialNumber(4);
// Act
var extension1 = new X509AuthorityKeyIdentifierExtension(
authority, serialNumber, keyId, false);
var sm1 = extension1.Format(true);
var s1 = extension1.Format(false);
var buffer = extension1.RawData;
var extension2 = new X509AuthorityKeyIdentifierExtension(buffer);
var sm2 = extension2.Format(true);
var s2 = extension2.Format(false);
// Assert
Assert.Equal(extension1.AuthorityNames, extension2.AuthorityNames);
Assert.Single(extension2.AuthorityNames);
Assert.Equal(authority, extension1.AuthorityNames.Single());
Assert.Equal(extension1.SerialNumber, extension2.SerialNumber);
Assert.Equal(serialNumber, extension2.SerialNumber);
Assert.Equal(extension1.KeyId, extension2.KeyId);
Assert.Equal(keyId, extension2.KeyId);
Assert.Equal(Oids.AuthorityKeyIdentifier,
extension1.Oid.Value);
Assert.Equal(Oids.AuthorityKeyIdentifier,
extension2.Oid.Value);
Assert.Equal(sm1, sm2);
Assert.Equal(s1, s2);
}
/// <summary>
/// Create extension
/// </summary>
/// <param name="authorityName"></param>
/// <param name="serialNumber">big-endian</param>
/// <param name="keyId"></param>
/// <param name="critical"></param>
public X509AuthorityKeyIdentifierExtension(string authorityName,
SerialNumber serialNumber, string keyId, bool critical = false) :
this(authorityName.YieldReturn(), serialNumber, keyId, critical)
{
}
