internal static byte[][] SegmentedEncodeSubjectPublicKeyInfo(this PublicKey publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException(nameof(publicKey));
}
if (publicKey.Oid == null ||
string.IsNullOrEmpty(publicKey.Oid.Value) ||
publicKey.EncodedKeyValue == null)
{
throw new CryptographicException(SR.GetString(SR.Cryptography_InvalidPublicKey_Object));
}
// SubjectPublicKeyInfo::= SEQUENCE {
// algorithm AlgorithmIdentifier,
// subjectPublicKey BIT STRING
// }
//
// AlgorithmIdentifier::= SEQUENCE {
// algorithm OBJECT IDENTIFIER,
// parameters ANY DEFINED BY algorithm OPTIONAL
// }
byte[][] algorithmIdentifier;
if (publicKey.EncodedParameters == null)
{
algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(publicKey.Oid));
}
else
{
DerSequenceReader validator =
DerSequenceReader.CreateForPayload(publicKey.EncodedParameters.RawData);
validator.ValidateAndSkipDerValue();
if (validator.HasData)
{
throw new CryptographicException(SR.GetString(SR.Cryptography_Der_Invalid_Encoding));
}
algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(publicKey.Oid),
publicKey.EncodedParameters.RawData.WrapAsSegmentedForSequence());
}
return(DerEncoder.ConstructSegmentedSequence(
algorithmIdentifier,
DerEncoder.SegmentedEncodeBitString(
publicKey.EncodedKeyValue.RawData)));
}
internal byte[] Sign(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm)
{
if (signatureGenerator == null)
{
throw new ArgumentNullException(nameof(signatureGenerator));
}
byte[] encoded = Encode(signatureGenerator, hashAlgorithm);
byte[] signature = signatureGenerator.SignData(encoded, hashAlgorithm);
return(DerEncoder.ConstructSequence(
encoded.WrapAsSegmentedForSequence(),
signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm).WrapAsSegmentedForSequence(),
DerEncoder.SegmentedEncodeBitString(signature)));
}
internal byte[] ToPkcs10Request(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm)
{
// State validation should be runtime checks if/when this becomes public API
Debug.Assert(signatureGenerator != null);
Debug.Assert(Subject != null);
Debug.Assert(PublicKey != null);
// CertificationRequest ::= SEQUENCE {
// certificationRequestInfo CertificationRequestInfo,
// signatureAlgorithm AlgorithmIdentifier{ { SignatureAlgorithms } },
// signature BIT STRING
// }
byte[] encoded = Encode();
byte[] signature = signatureGenerator.SignData(encoded, hashAlgorithm);
return(DerEncoder.ConstructSequence(
encoded.WrapAsSegmentedForSequence(),
signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm).WrapAsSegmentedForSequence(),
DerEncoder.SegmentedEncodeBitString(signature)));
}
