public CompressedDataParser(
Asn1SequenceParser seq)
{
this._version = (DerInteger)seq.ReadObject();
this._compressionAlgorithm = AlgorithmIdentifier.GetInstance(seq.ReadObject().ToAsn1Object());
this._encapContentInfo = new ContentInfoParser((Asn1SequenceParser)seq.ReadObject());
}
public RsaesOaepParameters(
Asn1Sequence seq)
{
hashAlgorithm = DefaultHashAlgorithm;
maskGenAlgorithm = DefaultMaskGenFunction;
pSourceAlgorithm = DefaultPSourceAlgorithm;
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject o = (Asn1TaggedObject)seq[i];
switch (o.TagNo)
{
case 0:
hashAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 1:
maskGenAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 2:
pSourceAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
default:
throw new ArgumentException("unknown tag");
}
}
}
private EssCertIDv2(
Asn1Sequence seq)
{
if (seq.Count > 3)
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
int count = 0;
if (seq[0] is Asn1OctetString)
{
// Default value
this.hashAlgorithm = DefaultAlgID;
}
else
{
this.hashAlgorithm = AlgorithmIdentifier.GetInstance(seq[count++].ToAsn1Object());
}
this.certHash = Asn1OctetString.GetInstance(seq[count++].ToAsn1Object()).GetOctets();
if (seq.Count > count)
{
this.issuerSerial = IssuerSerial.GetInstance(
Asn1Sequence.GetInstance(seq[count].ToAsn1Object()));
}
}
public CmsEnvelopedDataParser(
Stream envelopedData)
: base(envelopedData)
{
this._attrNotRead = true;
this.envelopedData = new EnvelopedDataParser(
(Asn1SequenceParser)this.contentInfo.GetContent(Asn1Tags.Sequence));
// TODO Validate version?
//DerInteger version = this.envelopedData.Version;
//
// read the recipients
//
Asn1Set recipientInfos = Asn1Set.GetInstance(this.envelopedData.GetRecipientInfos().ToAsn1Object());
//
// read the encrypted content info
//
EncryptedContentInfoParser encInfo = this.envelopedData.GetEncryptedContentInfo();
this._encAlg = encInfo.ContentEncryptionAlgorithm;
ICmsReadable readable = new CmsProcessableInputStream(
((Asn1OctetStringParser)encInfo.GetEncryptedContent(Asn1Tags.OctetString)).GetOctetStream());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsEnvelopedSecureReadable(
this._encAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
string rfc3211WrapperName = Helper.GetRfc3211WrapperName(keyEncryptionKeyOID);
IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName);
// Note: In Java build, the IV is automatically generated in JCE layer
int ivLength = rfc3211WrapperName.StartsWith("DESEDE") ? 8 : 16;
byte[] iv = new byte[ivLength];
random.NextBytes(iv);
ICipherParameters parameters = new ParametersWithIV(keyEncryptionKey, iv);
keyWrapper.Init(true, new ParametersWithRandom(parameters, random));
Asn1OctetString encryptedKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
DerSequence seq = new DerSequence(
new DerObjectIdentifier(keyEncryptionKeyOID),
new DerOctetString(iv));
AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(
PkcsObjectIdentifiers.IdAlgPwriKek, seq);
return new RecipientInfo(new PasswordRecipientInfo(
keyDerivationAlgorithm, keyEncryptionAlgorithm, encryptedKey));
}
private AttributeCertificateInfo(
Asn1Sequence seq)
{
if (seq.Count < 7 || seq.Count > 9)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
this.version = DerInteger.GetInstance(seq[0]);
this.holder = Holder.GetInstance(seq[1]);
this.issuer = AttCertIssuer.GetInstance(seq[2]);
this.signature = AlgorithmIdentifier.GetInstance(seq[3]);
this.serialNumber = DerInteger.GetInstance(seq[4]);
this.attrCertValidityPeriod = AttCertValidityPeriod.GetInstance(seq[5]);
this.attributes = Asn1Sequence.GetInstance(seq[6]);
for (int i = 7; i < seq.Count; i++)
{
Asn1Encodable obj = (Asn1Encodable) seq[i];
if (obj is DerBitString)
{
this.issuerUniqueID = DerBitString.GetInstance(seq[i]);
}
else if (obj is Asn1Sequence || obj is X509Extensions)
{
this.extensions = X509Extensions.GetInstance(seq[i]);
}
}
}
public SubjectPublicKeyInfo(
AlgorithmIdentifier algID,
byte[] publicKey)
{
this.keyData = new DerBitString(publicKey);
this.algID = algID;
}
public EncryptedContentInfoParser(
Asn1SequenceParser seq)
{
_contentType = (DerObjectIdentifier)seq.ReadObject();
_contentEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(seq.ReadObject().ToAsn1Object());
_encryptedContent = (Asn1TaggedObjectParser)seq.ReadObject();
}
private PrivateKeyInfo(
Asn1Sequence seq)
{
IEnumerator e = seq.GetEnumerator();
e.MoveNext();
BigInteger version = ((DerInteger) e.Current).Value;
if (version.IntValue != 0)
{
throw new ArgumentException("wrong version for private key info");
}
e.MoveNext();
algID = AlgorithmIdentifier.GetInstance(e.Current);
try
{
e.MoveNext();
Asn1OctetString data = (Asn1OctetString) e.Current;
privKey = Asn1Object.FromByteArray(data.GetOctets());
}
catch (IOException)
{
throw new ArgumentException("Error recoverying private key from sequence");
}
if (e.MoveNext())
{
attributes = Asn1Set.GetInstance((Asn1TaggedObject) e.Current, false);
}
}
public RsassaPssParameters(
Asn1Sequence seq)
{
hashAlgorithm = DefaultHashAlgorithm;
maskGenAlgorithm = DefaultMaskGenFunction;
saltLength = DefaultSaltLength;
trailerField = DefaultTrailerField;
for (int i = 0; i != seq.Count; i++)
{
Asn1TaggedObject o = (Asn1TaggedObject)seq[i];
switch (o.TagNo)
{
case 0:
hashAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 1:
maskGenAlgorithm = AlgorithmIdentifier.GetInstance(o, true);
break;
case 2:
saltLength = DerInteger.GetInstance(o, true);
break;
case 3:
trailerField = DerInteger.GetInstance(o, true);
break;
default:
throw new ArgumentException("unknown tag");
}
}
}
private LdsSecurityObject(
Asn1Sequence seq)
{
if (seq == null || seq.Count == 0)
throw new ArgumentException("null or empty sequence passed.");
IEnumerator e = seq.GetEnumerator();
// version
e.MoveNext();
version = DerInteger.GetInstance(e.Current);
// digestAlgorithmIdentifier
e.MoveNext();
digestAlgorithmIdentifier = AlgorithmIdentifier.GetInstance(e.Current);
e.MoveNext();
Asn1Sequence datagroupHashSeq = Asn1Sequence.GetInstance(e.Current);
if (version.Value.Equals(BigInteger.One))
{
e.MoveNext();
versionInfo = LdsVersionInfo.GetInstance(e.Current);
}
CheckDatagroupHashSeqSize(datagroupHashSeq.Count);
datagroupHash = new DataGroupHash[datagroupHashSeq.Count];
for (int i= 0; i< datagroupHashSeq.Count; i++)
{
datagroupHash[i] = DataGroupHash.GetInstance(datagroupHashSeq[i]);
}
}
/**
* The default version
*/
public RsassaPssParameters()
{
hashAlgorithm = DefaultHashAlgorithm;
maskGenAlgorithm = DefaultMaskGenFunction;
saltLength = DefaultSaltLength;
trailerField = DefaultTrailerField;
}
public MessageImprint(
AlgorithmIdentifier hashAlgorithm,
byte[] hashedMessage)
{
this.hashAlgorithm = hashAlgorithm;
this.hashedMessage = hashedMessage;
}
public DigestInfo(
AlgorithmIdentifier algID,
byte[] digest)
{
this.digest = digest;
this.algID = algID;
}
public TimeStampRequest Generate(
string digestAlgorithmOid,
byte[] digest,
BigInteger nonce)
{
if (digestAlgorithmOid == null)
{
throw new ArgumentException("No digest algorithm specified");
}
DerObjectIdentifier digestAlgOid = new DerObjectIdentifier(digestAlgorithmOid);
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOid, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(algID, digest);
X509Extensions ext = null;
if (extOrdering.Count != 0)
{
ext = new X509Extensions(extOrdering, extensions);
}
DerInteger derNonce = nonce == null
? null
: new DerInteger(nonce);
return new TimeStampRequest(
new TimeStampReq(messageImprint, reqPolicy, derNonce, certReq, ext));
}
/**
* Creates a new PKMACValue.
* @param aid CMPObjectIdentifiers.passwordBasedMAC, with PBMParameter
* @param value MAC of the DER-encoded SubjectPublicKeyInfo
*/
public PKMacValue(
AlgorithmIdentifier algID,
DerBitString macValue)
{
this.algID = algID;
this.macValue = macValue;
}
public static EncryptedPrivateKeyInfo CreateEncryptedPrivateKeyInfo(
string algorithm,
char[] passPhrase,
byte[] salt,
int iterationCount,
PrivateKeyInfo keyInfo)
{
if (!PbeUtilities.IsPbeAlgorithm(algorithm))
throw new ArgumentException("attempt to use non-PBE algorithm with PBE EncryptedPrivateKeyInfo generation");
IBufferedCipher cipher = PbeUtilities.CreateEngine(algorithm) as IBufferedCipher;
if (cipher == null)
{
// TODO Throw exception?
}
Asn1Encodable parameters = PbeUtilities.GenerateAlgorithmParameters(
algorithm, salt, iterationCount);
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
algorithm, passPhrase, parameters);
cipher.Init(true, keyParameters);
byte[] keyBytes = keyInfo.GetEncoded();
byte[] encoding = cipher.DoFinal(keyBytes);
DerObjectIdentifier oid = PbeUtilities.GetObjectIdentifier(algorithm);
AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, parameters);
return new EncryptedPrivateKeyInfo(algID, encoding);
}
internal RecipientInformation(
AlgorithmIdentifier keyEncAlg,
CmsSecureReadable secureReadable)
{
this.keyEncAlg = keyEncAlg;
this.secureReadable = secureReadable;
}
public SubjectPublicKeyInfo(
AlgorithmIdentifier algID,
Asn1Encodable publicKey)
{
this.keyData = new DerBitString(publicKey);
this.algID = algID;
}
public OriginatorPublicKey(
AlgorithmIdentifier algorithm,
byte[] publicKey)
{
this.algorithm = algorithm;
this.publicKey = new DerBitString(publicKey);
}
public CmsAuthEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthEnvelopedData authEnvData = AuthEnvelopedData.GetInstance(contentInfo.Content);
this.originator = authEnvData.OriginatorInfo;
//
// read the recipients
//
Asn1Set recipientInfos = authEnvData.RecipientInfos;
//
// read the auth-encrypted content info
//
EncryptedContentInfo authEncInfo = authEnvData.AuthEncryptedContentInfo;
this.authEncAlg = authEncInfo.ContentEncryptionAlgorithm;
CmsSecureReadable secureReadable = new AuthEnvelopedSecureReadable(this);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
// FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data)
this.authAttrs = authEnvData.AuthAttrs;
this.mac = authEnvData.Mac.GetOctets();
this.unauthAttrs = authEnvData.UnauthAttrs;
}
public CmsAuthenticatedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthenticatedData authData = AuthenticatedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = authData.RecipientInfos;
this.macAlg = authData.MacAlgorithm;
//
// read the authenticated content info
//
ContentInfo encInfo = authData.EncapsulatedContentInfo;
ICmsReadable readable = new CmsProcessableByteArray(
Asn1OctetString.GetInstance(encInfo.Content).GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsAuthenticatedSecureReadable(
this.macAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.authAttrs = authData.AuthAttrs;
this.mac = authData.Mac.GetOctets();
this.unauthAttrs = authData.UnauthAttrs;
}
public EncryptedPrivateKeyInfo(
AlgorithmIdentifier algId,
byte[] encoding)
{
this.algId = algId;
this.data = new DerOctetString(encoding);
}
private PbmParameter(Asn1Sequence seq)
{
salt = Asn1OctetString.GetInstance(seq[0]);
owf = AlgorithmIdentifier.GetInstance(seq[1]);
iterationCount = DerInteger.GetInstance(seq[2]);
mac = AlgorithmIdentifier.GetInstance(seq[3]);
}
/**
* Generate an object that contains an CMS Compressed Data
*/
public CmsCompressedData Generate(CmsProcessable content, string compressionOid)
{
AlgorithmIdentifier comAlgId;
Asn1OctetString comOcts;
try
{
using (var bOut = new MemoryStream())
{
using (var zOut = new ZOutputStream(bOut, JZlib.Z_DEFAULT_COMPRESSION))
{
content.Write(zOut);
}
comAlgId = new AlgorithmIdentifier(new DerObjectIdentifier(compressionOid));
comOcts = new BerOctetString(bOut.ToArray());
}
}
catch (IOException e)
{
throw new CmsException("exception encoding data.", e);
}
var comContent = new ContentInfo(CmsObjectIdentifiers.Data, comOcts);
var contentInfo = new ContentInfo(CmsObjectIdentifiers.CompressedData, new CompressedData(comAlgId, comContent));
return new CmsCompressedData(contentInfo);
}
public AuthenticatedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
AlgorithmIdentifier macAlgorithm,
AlgorithmIdentifier digestAlgorithm,
ContentInfo encapsulatedContent,
Asn1Set authAttrs,
Asn1OctetString mac,
Asn1Set unauthAttrs)
{
if (digestAlgorithm != null || authAttrs != null)
{
if (digestAlgorithm == null || authAttrs == null)
{
throw new ArgumentException("digestAlgorithm and authAttrs must be set together");
}
}
version = new DerInteger(CalculateVersion(originatorInfo));
this.originatorInfo = originatorInfo;
this.macAlgorithm = macAlgorithm;
this.digestAlgorithm = digestAlgorithm;
this.recipientInfos = recipientInfos;
this.encapsulatedContentInfo = encapsulatedContent;
this.authAttrs = authAttrs;
this.mac = mac;
this.unauthAttrs = unauthAttrs;
}
public CompressedData(
Asn1Sequence seq)
{
this.version = (DerInteger) seq[0];
this.compressionAlgorithm = AlgorithmIdentifier.GetInstance(seq[1]);
this.encapContentInfo = ContentInfo.GetInstance(seq[2]);
}
public CmsEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
EnvelopedData envData = EnvelopedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = envData.RecipientInfos;
//
// read the encrypted content info
//
EncryptedContentInfo encInfo = envData.EncryptedContentInfo;
this.encAlg = encInfo.ContentEncryptionAlgorithm;
ICmsReadable readable = new CmsProcessableByteArray(encInfo.EncryptedContent.GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsEnvelopedSecureReadable(
this.encAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.unprotectedAttributes = envData.UnprotectedAttrs;
}
private EncryptedValue(Asn1Sequence seq)
{
int index = 0;
while (seq[index] is Asn1TaggedObject)
{
Asn1TaggedObject tObj = (Asn1TaggedObject)seq[index];
switch (tObj.TagNo)
{
case 0:
intendedAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 1:
symmAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 2:
encSymmKey = DerBitString.GetInstance(tObj, false);
break;
case 3:
keyAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 4:
valueHint = Asn1OctetString.GetInstance(tObj, false);
break;
}
++index;
}
encValue = DerBitString.GetInstance(seq[index]);
}
public CmsAuthenticatedDataParser(
Stream envelopedData)
: base(envelopedData)
{
this.authAttrNotRead = true;
this.authData = new AuthenticatedDataParser(
(Asn1SequenceParser)contentInfo.GetContent(Asn1Tags.Sequence));
// TODO Validate version?
//DerInteger version = this.authData.getVersion();
//
// read the recipients
//
Asn1Set recipientInfos = Asn1Set.GetInstance(authData.GetRecipientInfos().ToAsn1Object());
this.macAlg = authData.GetMacAlgorithm();
//
// read the authenticated content info
//
ContentInfoParser data = authData.GetEnapsulatedContentInfo();
ICmsReadable readable = new CmsProcessableInputStream(
((Asn1OctetStringParser)data.GetContent(Asn1Tags.OctetString)).GetOctetStream());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsAuthenticatedSecureReadable(
this.macAlg, readable);
//
// build the RecipientInformationStore
//
this._recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
}
