public IssuerAndSerialNumber(
X509Name name,
DerInteger certSerialNumber)
{
this.name = name;
this.certSerialNumber = certSerialNumber;
}
public IssuerAndSerialNumber(
X509Name name,
DerInteger serialNumber)
{
this.name = name;
this.serialNumber = serialNumber;
}
public IssuerAndSerialNumber(
X509Name name,
BigInteger serialNumber)
{
this.name = name;
this.serialNumber = new DerInteger(serialNumber);
}
public ResponderID(
X509Name id)
{
if (id == null)
throw new ArgumentNullException("id");
this.id = id;
}
internal TbsCertificateStructure(
Asn1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq[0] is DerTaggedObject)
{
version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
}
else
{
seqStart = -1; // field 0 is missing!
version = new DerInteger(0);
}
serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);
signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
issuer = X509Name.GetInstance(seq[seqStart + 3]);
//
// before and after dates
//
Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];
startDate = Time.GetInstance(dates[0]);
endDate = Time.GetInstance(dates[1]);
subject = X509Name.GetInstance(seq[seqStart + 5]);
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);
for (int extras = seq.Count - (seqStart + 6) - 1; extras > 0; extras--)
{
DerTaggedObject extra = (DerTaggedObject) seq[seqStart + 6 + extras];
switch (extra.TagNo)
{
case 1:
issuerUniqueID = DerBitString.GetInstance(extra, false);
break;
case 2:
subjectUniqueID = DerBitString.GetInstance(extra, false);
break;
case 3:
extensions = X509Extensions.GetInstance(extra);
break;
}
}
}
public AttributeCertificateHolder(
X509Name issuerName,
BigInteger serialNumber)
{
holder = new Holder(
new IssuerSerial(
GenerateGeneralNames(issuerName),
new DerInteger(serialNumber)));
}
public Pkcs10CertificationRequestDelaySigned(
string signatureAlgorithm,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes,
AsymmetricKeyParameter signingKey)
: base(signatureAlgorithm, subject, publicKey, attributes, signingKey)
{
}
private IssuerAndSerialNumber(
Asn1Sequence seq)
{
if (seq.Count != 2)
throw new ArgumentException("Wrong number of elements in sequence", "seq");
this.name = X509Name.GetInstance(seq[0]);
this.certSerialNumber = DerInteger.GetInstance(seq[1]);
}
private ServiceLocator(
Asn1Sequence seq)
{
this.issuer = X509Name.GetInstance(seq[0]);
if (seq.Count > 1)
{
this.locator = seq[1].ToAsn1Object();
}
}
/**
* Constructor for CRLEntries of indirect CRLs. If <code>isIndirect</code>
* is <code>false</code> {@link #getCertificateIssuer()} will always
* return <code>null</code>, <code>previousCertificateIssuer</code> is
* ignored. If this <code>isIndirect</code> is specified and this CrlEntry
* has no certificate issuer CRL entry extension
* <code>previousCertificateIssuer</code> is returned by
* {@link #getCertificateIssuer()}.
*
* @param c
* TbsCertificateList.CrlEntry object.
* @param isIndirect
* <code>true</code> if the corresponding CRL is a indirect
* CRL.
* @param previousCertificateIssuer
* Certificate issuer of the previous CrlEntry.
*/
public X509CrlEntry(
CrlEntry c,
bool isIndirect,
X509Name previousCertificateIssuer)
{
this.c = c;
this.isIndirect = isIndirect;
this.previousCertificateIssuer = previousCertificateIssuer;
this.certificateIssuer = loadCertificateIssuer();
}
public ServiceLocator(
X509Name issuer,
Asn1Object locator)
{
if (issuer == null)
throw new ArgumentNullException("issuer");
this.issuer = issuer;
this.locator = locator;
}
public RespID(
X509Name name)
{
try
{
this.id = new ResponderID(name);
}
catch (Exception e)
{
throw new ArgumentException("can't decode name.", e);
}
}
/**
* Set the requestor name to the passed in X509Principal
*
* @param requestorName a X509Principal representing the requestor name.
*/
public void SetRequestorName(
X509Name requestorName)
{
try
{
this.requestorName = new GeneralName(GeneralName.DirectoryName, requestorName);
}
catch (Exception e)
{
throw new ArgumentException("cannot encode principal", e);
}
}
/// <summary>
/// Creates an instance of TrustAnchor with the specified X509Certificate and
/// optional name constraints, which are intended to be used as additional
/// constraints when validating an X.509 certification path.
/// The name constraints are specified as a byte array. This byte array
/// should contain the DER encoded form of the name constraints, as they
/// would appear in the NameConstraints structure defined in RFC 2459 and
/// X.509. The ASN.1 definition of this structure appears below.
///
/// <pre>
/// NameConstraints ::= SEQUENCE {
/// permittedSubtrees [0] GeneralSubtrees OPTIONAL,
/// excludedSubtrees [1] GeneralSubtrees OPTIONAL }
///
/// GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
///
/// GeneralSubtree ::= SEQUENCE {
/// base GeneralName,
/// minimum [0] BaseDistance DEFAULT 0,
/// maximum [1] BaseDistance OPTIONAL }
///
/// BaseDistance ::= INTEGER (0..MAX)
///
/// GeneralName ::= CHOICE {
/// otherName [0] OtherName,
/// rfc822Name [1] IA5String,
/// dNSName [2] IA5String,
/// x400Address [3] ORAddress,
/// directoryName [4] Name,
/// ediPartyName [5] EDIPartyName,
/// uniformResourceIdentifier [6] IA5String,
/// iPAddress [7] OCTET STRING,
/// registeredID [8] OBJECT IDENTIFIER}
/// </pre>
///
/// Note that the name constraints byte array supplied is cloned to protect
/// against subsequent modifications.
/// </summary>
/// <param name="trustedCert">a trusted X509Certificate</param>
/// <param name="nameConstraints">a byte array containing the ASN.1 DER encoding of a
/// NameConstraints extension to be used for checking name
/// constraints. Only the value of the extension is included, not
/// the OID or criticality flag. Specify null to omit the
/// parameter.</param>
/// <exception cref="ArgumentNullException">if the specified X509Certificate is null</exception>
public TrustAnchor(
X509Certificate trustedCert,
byte[] nameConstraints)
{
if (trustedCert == null)
throw new ArgumentNullException("trustedCert");
this.trustedCert = trustedCert;
this.pubKey = null;
this.caName = null;
this.caPrincipal = null;
setNameConstraints(nameConstraints);
}
public CertificationRequestInfo(
X509Name subject,
SubjectPublicKeyInfo pkInfo,
Asn1Set attributes)
{
this.subject = subject;
this.subjectPKInfo = pkInfo;
this.attributes = attributes;
if (subject == null || version == null || subjectPKInfo == null)
{
throw new ArgumentException(
"Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
public CrlIdentifier(
X509Name crlIssuer,
DateTime crlIssuedTime,
BigInteger crlNumber)
{
if (crlIssuer == null)
throw new ArgumentNullException("crlIssuer");
this.crlIssuer = crlIssuer;
this.crlIssuedTime = new DerUtcTime(crlIssuedTime);
if (crlNumber != null)
{
this.crlNumber = new DerInteger(crlNumber);
}
}
private CrlIdentifier(
Asn1Sequence seq)
{
if (seq == null)
throw new ArgumentNullException("seq");
if (seq.Count < 2 || seq.Count > 3)
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
this.crlIssuer = X509Name.GetInstance(seq[0]);
this.crlIssuedTime = DerUtcTime.GetInstance(seq[1]);
if (seq.Count > 2)
{
this.crlNumber = DerInteger.GetInstance(seq[2]);
}
}
public X509CertStoreSelector(
X509CertStoreSelector o)
{
this.authorityKeyIdentifier = o.AuthorityKeyIdentifier;
this.basicConstraints = o.BasicConstraints;
this.certificate = o.Certificate;
this.certificateValid = o.CertificateValid;
this.extendedKeyUsage = o.ExtendedKeyUsage;
this.issuer = o.Issuer;
this.keyUsage = o.KeyUsage;
this.policy = o.Policy;
this.privateKeyValid = o.PrivateKeyValid;
this.serialNumber = o.SerialNumber;
this.subject = o.Subject;
this.subjectKeyIdentifier = o.SubjectKeyIdentifier;
this.subjectPublicKey = o.SubjectPublicKey;
this.subjectPublicKeyAlgID = o.SubjectPublicKeyAlgID;
}
private CertTemplate(Asn1Sequence seq)
{
this.seq = seq;
foreach (Asn1TaggedObject tObj in seq)
{
switch (tObj.TagNo)
{
case 0:
version = DerInteger.GetInstance(tObj, false);
break;
case 1:
serialNumber = DerInteger.GetInstance(tObj, false);
break;
case 2:
signingAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 3:
issuer = X509Name.GetInstance(tObj, true); // CHOICE
break;
case 4:
validity = OptionalValidity.GetInstance(Asn1Sequence.GetInstance(tObj, false));
break;
case 5:
subject = X509Name.GetInstance(tObj, true); // CHOICE
break;
case 6:
publicKey = SubjectPublicKeyInfo.GetInstance(tObj, false);
break;
case 7:
issuerUID = DerBitString.GetInstance(tObj, false);
break;
case 8:
subjectUID = DerBitString.GetInstance(tObj, false);
break;
case 9:
extensions = X509Extensions.GetInstance(tObj, false);
break;
default:
throw new ArgumentException("unknown tag: " + tObj.TagNo, "seq");
}
}
}
private CertificationRequestInfo(
Asn1Sequence seq)
{
version = (DerInteger) seq[0];
subject = X509Name.GetInstance(seq[1]);
subjectPKInfo = SubjectPublicKeyInfo.GetInstance(seq[2]);
//
// some CertificationRequestInfo objects seem to treat this field
// as optional.
//
if (seq.Count > 3)
{
DerTaggedObject tagobj = (DerTaggedObject) seq[3];
attributes = Asn1Set.GetInstance(tagobj, false);
}
if (subject == null || version == null || subjectPKInfo == null)
{
throw new ArgumentException(
"Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
public ServiceLocator(
X509Name issuer)
: this(issuer, null)
{
}
public GeneralName(
X509Name directoryName)
{
this.obj = directoryName;
this.tag = 4;
}
public CrlIdentifier(
X509Name crlIssuer,
DateTime crlIssuedTime)
: this(crlIssuer, crlIssuedTime, null)
{
}
public IssuerAndSerialNumber(
Asn1Sequence seq)
{
this.name = X509Name.GetInstance(seq[0]);
this.serialNumber = (DerInteger) seq[1];
}
public GeneralName(
X509Name directoryName)
{
this.obj = directoryName;
this.tag = 4;
}
internal TbsCertificateList(
Asn1Sequence seq)
{
if (seq.Count < 3 || seq.Count > 7)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
int seqPos = 0;
this.seq = seq;
if (seq[seqPos] is DerInteger)
{
version = DerInteger.GetInstance(seq[seqPos++]);
}
else
{
version = new DerInteger(0);
}
signature = AlgorithmIdentifier.GetInstance(seq[seqPos++]);
issuer = X509Name.GetInstance(seq[seqPos++]);
thisUpdate = Time.GetInstance(seq[seqPos++]);
if (seqPos < seq.Count
&& (seq[seqPos] is DerUtcTime
|| seq[seqPos] is DerGeneralizedTime
|| seq[seqPos] is Time))
{
nextUpdate = Time.GetInstance(seq[seqPos++]);
}
if (seqPos < seq.Count
&& !(seq[seqPos] is DerTaggedObject))
{
revokedCertificates = Asn1Sequence.GetInstance(seq[seqPos++]);
}
if (seqPos < seq.Count
&& seq[seqPos] is DerTaggedObject)
{
crlExtensions = X509Extensions.GetInstance(seq[seqPos]);
}
}
public void SetSubject(
X509Name subject)
{
this.subject = subject;
}
/// <summary>
/// Set the issuer distinguished name.
/// The issuer is the entity whose private key is used to sign the certificate.
/// </summary>
/// <param name="issuer">The issuers DN.</param>
public void SetIssuerDN(
X509Name issuer)
{
tbsGen.SetIssuer(issuer);
}
/// <summary>
/// Set the subject distinguished name.
/// The subject describes the entity associated with the public key.
/// </summary>
/// <param name="subject"/>
public void SetSubjectDN(
X509Name subject)
{
tbsGen.SetSubject(subject);
}
public void SetIssuer(
X509Name issuer)
{
this.issuer = issuer;
}
internal static bool IssuersMatch(
X509Name a,
X509Name b)
{
return a == null ? b == null : a.Equivalent(b, true);
}