/// <summary>
/// Initializes a new instance of the <see cref="Asn1TagInfo"/> struct.
/// </summary>
/// <param name="asn1SnmpTag">The asn1 SNMP tag.</param>
/// <param name="constructType">Type of the construct.</param>
public Asn1TagInfo(Asn1SnmpTag asn1SnmpTag, ConstructType constructType)
{
this.Asn1ClassType = Asn1Class.Application;
this.Asn1ConstructType = constructType;
this.Asn1SnmpTagType = asn1SnmpTag;
this.Asn1TagType = Asn1Tag.NotAsn1Data;
}
/// <summary>
/// Initializes a new instance of the <see cref="Asn1TagInfo"/> struct.
/// </summary>
/// <param name="asn1Tag">The asn1 tag.</param>
/// <param name="constructType">Type of the construct.</param>
/// <param name="asn1Class">The asn1 class.</param>
public Asn1TagInfo(Asn1Tag asn1Tag, ConstructType constructType, Asn1Class asn1Class)
{
this.Asn1ClassType = asn1Class;
this.Asn1ConstructType = constructType;
this.Asn1SnmpTagType = Asn1SnmpTag.NotSnmpData;
this.Asn1TagType = asn1Tag;
}
/// <summary>
/// Initializes a new instance of the <see cref="Asn1TagInfo"/> struct.
/// </summary>
/// <param name="asn1Tag">The asn1 tag.</param>
/// <param name="constructType">Type of the construct.</param>
public Asn1TagInfo(Asn1Tag asn1Tag, ConstructType constructType)
{
this.Asn1ClassType = Asn1Class.Universal;
this.Asn1ConstructType = constructType;
this.Asn1SnmpTagType = Asn1SnmpTag.NotSnmpData;
this.Asn1TagType = asn1Tag;
}
public static DateTime GetUtcTime(Asn1Tag tag)
{
byte[] data = tag.Data;
// YYMMDDhhmmssZ
if (data.Length != 13) throw new IOException("Invalid UTC time, data length is not 13.");
for (int i = 0; i < 12; i++)
{
if (data[i] < '0' || tag.Data[i] > '9')
throw new IOException("Invalid UTC time, contains illegal character.");
}
if (data[12] != 'Z')
throw new IOException("Invalid UTC time, doesn't contain Z.");
int year, month, day, hour, minute, second;
year = GetNDigitValue(data, 0, 2);
month = GetNDigitValue(data, 2, 2);
day = GetNDigitValue(data, 4, 2);
hour = GetNDigitValue(data, 6, 2);
minute = GetNDigitValue(data, 8, 2);
second = GetNDigitValue(data, 10, 2);
year += (year < 86) ? 2000 : 1900;
DateTime utcTime = new DateTime(year, month, day, hour, minute, second);
return utcTime;
}
public void ShowAsn1(Asn1Tag root)
{
treeView1.Nodes.Clear();
Asn1TreeNode treeNode = new Asn1TreeNode(root);
treeView1.Nodes.Add(treeNode);
AddSubNodes(treeNode, root);
treeView1.ExpandAll();
}
public static string GetDataString(Asn1Tag tag)
{
if (tag.Class == Asn1.Class.Universal)
{
switch ((Asn1.TagNumber)tag.Identifier)
{
case Asn1.TagNumber.ObjectIdentifier:
return GetOidDataString(tag);
case Asn1.TagNumber.BitString:
return GetBitDataString(tag);
case Asn1.TagNumber.PrintableString:
return GetPrintableDataString(tag, Encoding.ASCII);
case Asn1.TagNumber.Utrf8String:
return GetPrintableDataString(tag, Encoding.UTF8);
case Asn1.TagNumber.UtcTime:
return GetUtcDataString(tag);
}
}
return GetHexDataString(tag.Data, 0, Math.Min(64, tag.Data.Length));
}
public Asn1TreeNode(Asn1Tag asn1Node)
{
this.Asn1Node = asn1Node;
// Use data length instead of full byte count
this.Text = string.Concat("(", asn1Node.StartByte, ", ", (asn1Node.IndefiniteLength ? "inf" : Asn1.GetTotalByteCount(asn1Node).ToString()), ") ", asn1Node.ShortDescription);
if (!asn1Node.Constructed)
{
this.Text += string.Concat(": ", asn1Node.DataText);
}
if (asn1Node.Class == Asn1.Class.Universal && asn1Node.Identifier <= 31)
{
this.ImageIndex = Asn1ImageIndexes[asn1Node.Identifier];
}
else
{
this.ImageIndex = 32;
}
this.SelectedImageIndex = this.ImageIndex;
this.ContextMenu = CreateContextMenu();
}
public void OpenFile(string file)
{
SuspendLayout();
try
{
using (FileStream fs = new FileStream(file, FileMode.Open, FileAccess.Read))
{
try
{
byte[] pemData = PemReader.ReadPem(fs);
using (MemoryStream ms = new MemoryStream(pemData))
{
rootNode = Asn1.Decode(ms);
}
}
catch (ArgumentException)
{
fs.Position = 0;
rootNode = Asn1.Decode(fs);
}
stsFile.Text = string.Concat("File: ", file);
stsSize.Text = string.Concat("Size: ", fs.Length.ToString(), " bytes");
Text = string.Concat(TitleBase, " - ", file);
}
ShowAsn1(rootNode);
UpdateHexViewerData();
}
catch (Exception ex)
{
MessageBox.Show(this, "Error while opening file: " + ex.Message, "Error opening file", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
}
ResumeLayout();
}
public static long GetTotalByteCount(Asn1Tag node)
{
if (node.Constructed)
{
return Asn1.EncodeHeader(node).Length + node.Sum(subTag => GetTotalByteCount(subTag));
}
else
{
return Asn1.EncodeHeader(node).Length + node.Data.Length;
}
}
public static void ExportText(string filename, Asn1Tag node)
{
CallWithFilestream(ExportText, filename, node);
}
public static void EncodeHeader(Stream stream, Asn1Tag node)
{
byte[] header = EncodeHeader(node);
stream.Write(header, 0, header.Length);
}
/// <summary>
/// Initializes a new instance of the <see cref="Asn1TagInfo"/> struct.
/// </summary>
/// <param name="asn1Class">The asn1 class.</param>
/// <param name="constructType">Type of the construct.</param>
/// <param name="tagType">Type of the tag.</param>
internal Asn1TagInfo(int asn1Class, int constructType, int tagType)
{
this.Asn1ClassType = (Asn1Class)asn1Class;
this.Asn1ConstructType = (ConstructType)constructType;
if (this.Asn1ClassType == Asn1Class.Application)
{
this.Asn1SnmpTagType = (Asn1SnmpTag)tagType;
this.Asn1TagType = Asn1Tag.NotAsn1Data;
}
else
{
this.Asn1TagType = (Asn1Tag)tagType;
this.Asn1SnmpTagType = Asn1SnmpTag.NotSnmpData;
}
}
internal static void Decode(ref AsnValueReader reader, Asn1Tag expectedTag, ReadOnlyMemory <byte> rebind, out Rfc3161TimeStampReq decoded)
{
decoded = default;
AsnValueReader sequenceReader = reader.ReadSequence(expectedTag);
AsnValueReader defaultReader;
AsnValueReader collectionReader;
ReadOnlySpan <byte> rebindSpan = rebind.Span;
int offset;
ReadOnlySpan <byte> tmpSpan;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
System.Security.Cryptography.Pkcs.Asn1.MessageImprint.Decode(ref sequenceReader, rebind, out decoded.MessageImprint);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.ObjectIdentifier))
{
decoded.ReqPolicy = sequenceReader.ReadObjectIdentifier();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Integer))
{
tmpSpan = sequenceReader.ReadIntegerBytes();
decoded.Nonce = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Boolean))
{
decoded.CertReq = sequenceReader.ReadBoolean();
}
else
{
defaultReader = new AsnValueReader(s_defaultCertReq, AsnEncodingRules.DER);
decoded.CertReq = defaultReader.ReadBoolean();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
// Decode SEQUENCE OF for Extensions
{
collectionReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
var tmpList = new List <System.Security.Cryptography.Asn1.X509ExtensionAsn>();
System.Security.Cryptography.Asn1.X509ExtensionAsn tmpItem;
while (collectionReader.HasData)
{
System.Security.Cryptography.Asn1.X509ExtensionAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.Extensions = tmpList.ToArray();
}
}
sequenceReader.ThrowIfNotEmpty();
}
internal abstract void WriteString(AsnWriter writer, Asn1Tag tag, string s);
public static void ReadMicrosoftComCert()
{
byte[] bytes = MicrosoftDotComSslCertBytes;
AsnReader fileReader = new AsnReader(bytes, AsnEncodingRules.DER);
AsnReader certReader = fileReader.ReadSequence();
Assert.False(fileReader.HasData, "fileReader.HasData");
AsnReader tbsCertReader = certReader.ReadSequence();
AsnReader sigAlgReader = certReader.ReadSequence();
Assert.True(
certReader.TryReadPrimitiveBitStringValue(
out int unusedBitCount,
out ReadOnlyMemory <byte> signature),
"certReader.TryReadPrimitiveBitStringValue");
Assert.Equal(0, unusedBitCount);
AssertRefSame(signature, ref bytes[1176], "Signature is a ref to bytes[1176]");
Assert.False(certReader.HasData, "certReader.HasData");
AsnReader versionExplicitWrapper = tbsCertReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
Assert.True(versionExplicitWrapper.TryReadInt32(out int certVersion));
Assert.Equal(2, certVersion);
Assert.False(versionExplicitWrapper.HasData, "versionExplicitWrapper.HasData");
ReadOnlyMemory <byte> serialBytes = tbsCertReader.ReadIntegerBytes();
AssertRefSame(serialBytes, ref bytes[15], "Serial number starts at bytes[15]");
AsnReader tbsSigAlgReader = tbsCertReader.ReadSequence();
Assert.Equal("1.2.840.113549.1.1.11", tbsSigAlgReader.ReadObjectIdentifierAsString());
Assert.True(tbsSigAlgReader.HasData, "tbsSigAlgReader.HasData before ReadNull");
tbsSigAlgReader.ReadNull();
Assert.False(tbsSigAlgReader.HasData, "tbsSigAlgReader.HasData after ReadNull");
AsnReader issuerReader = tbsCertReader.ReadSequence();
Asn1Tag printableString = new Asn1Tag(UniversalTagNumber.PrintableString);
AssertRdn(issuerReader, "2.5.4.6", 57, printableString, bytes, "issuer[C]");
AssertRdn(issuerReader, "2.5.4.10", 70, printableString, bytes, "issuer[O]");
AssertRdn(issuerReader, "2.5.4.11", 101, printableString, bytes, "issuer[OU]");
AssertRdn(issuerReader, "2.5.4.3", 134, printableString, bytes, "issuer[CN]");
Assert.False(issuerReader.HasData, "issuerReader.HasData");
AsnReader validityReader = tbsCertReader.ReadSequence();
Assert.Equal(new DateTimeOffset(2014, 10, 15, 0, 0, 0, TimeSpan.Zero), validityReader.ReadUtcTime());
Assert.Equal(new DateTimeOffset(2016, 10, 15, 23, 59, 59, TimeSpan.Zero), validityReader.ReadUtcTime());
Assert.False(validityReader.HasData, "validityReader.HasData");
AsnReader subjectReader = tbsCertReader.ReadSequence();
Asn1Tag utf8String = new Asn1Tag(UniversalTagNumber.UTF8String);
AssertRdn(subjectReader, "1.3.6.1.4.1.311.60.2.1.3", 220, printableString, bytes, "subject[EV Country]");
AssertRdn(subjectReader, "1.3.6.1.4.1.311.60.2.1.2", 241, utf8String, bytes, "subject[EV State]", "Washington");
AssertRdn(subjectReader, "2.5.4.15", 262, printableString, bytes, "subject[Business Category]");
AssertRdn(subjectReader, "2.5.4.5", 293, printableString, bytes, "subject[Serial Number]");
AssertRdn(subjectReader, "2.5.4.6", 313, printableString, bytes, "subject[C]");
AssertRdn(subjectReader, "2.5.4.17", 326, utf8String, bytes, "subject[Postal Code]", "98052");
AssertRdn(subjectReader, "2.5.4.8", 342, utf8String, bytes, "subject[ST]", "Washington");
AssertRdn(subjectReader, "2.5.4.7", 363, utf8String, bytes, "subject[L]", "Redmond");
AssertRdn(subjectReader, "2.5.4.9", 381, utf8String, bytes, "subject[Street Address]", "1 Microsoft Way");
AssertRdn(subjectReader, "2.5.4.10", 407, utf8String, bytes, "subject[O]", "Microsoft Corporation");
AssertRdn(subjectReader, "2.5.4.11", 439, utf8String, bytes, "subject[OU]", "MSCOM");
AssertRdn(subjectReader, "2.5.4.3", 455, utf8String, bytes, "subject[CN]", "www.microsoft.com");
Assert.False(subjectReader.HasData, "subjectReader.HasData");
AsnReader subjectPublicKeyInfo = tbsCertReader.ReadSequence();
AsnReader spkiAlgorithm = subjectPublicKeyInfo.ReadSequence();
Assert.Equal("1.2.840.113549.1.1.1", spkiAlgorithm.ReadObjectIdentifierAsString());
spkiAlgorithm.ReadNull();
Assert.False(spkiAlgorithm.HasData, "spkiAlgorithm.HasData");
Assert.True(
subjectPublicKeyInfo.TryReadPrimitiveBitStringValue(
out unusedBitCount,
out ReadOnlyMemory <byte> encodedPublicKey),
"subjectPublicKeyInfo.TryReadBitStringBytes");
Assert.Equal(0, unusedBitCount);
AssertRefSame(encodedPublicKey, ref bytes[498], "Encoded public key starts at byte 498");
Assert.False(subjectPublicKeyInfo.HasData, "subjectPublicKeyInfo.HasData");
AsnReader publicKeyReader = new AsnReader(encodedPublicKey, AsnEncodingRules.DER);
AsnReader rsaPublicKeyReader = publicKeyReader.ReadSequence();
AssertRefSame(rsaPublicKeyReader.ReadIntegerBytes(), ref bytes[506], "RSA Modulus is at bytes[502]");
Assert.True(rsaPublicKeyReader.TryReadInt32(out int rsaExponent));
Assert.Equal(65537, rsaExponent);
Assert.False(rsaPublicKeyReader.HasData, "rsaPublicKeyReader.HasData");
Assert.False(publicKeyReader.HasData, "publicKeyReader.HasData");
AsnReader extensionsContainer = tbsCertReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
AsnReader extensions = extensionsContainer.ReadSequence();
Assert.False(extensionsContainer.HasData, "extensionsContainer.HasData");
AsnReader sanExtension = extensions.ReadSequence();
Assert.Equal("2.5.29.17", sanExtension.ReadObjectIdentifierAsString());
Assert.True(sanExtension.TryReadPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> sanExtensionBytes));
Assert.False(sanExtension.HasData, "sanExtension.HasData");
AsnReader sanExtensionPayload = new AsnReader(sanExtensionBytes, AsnEncodingRules.DER);
AsnReader sanExtensionValue = sanExtensionPayload.ReadSequence();
Assert.False(sanExtensionPayload.HasData, "sanExtensionPayload.HasData");
Asn1Tag dnsName = new Asn1Tag(TagClass.ContextSpecific, 2);
Assert.Equal("www.microsoft.com", sanExtensionValue.ReadCharacterString(dnsName, UniversalTagNumber.IA5String));
Assert.Equal("wwwqa.microsoft.com", sanExtensionValue.ReadCharacterString(dnsName, UniversalTagNumber.IA5String));
Assert.False(sanExtensionValue.HasData, "sanExtensionValue.HasData");
AsnReader basicConstraints = extensions.ReadSequence();
Assert.Equal("2.5.29.19", basicConstraints.ReadObjectIdentifierAsString());
Assert.True(basicConstraints.TryReadPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> basicConstraintsBytes));
AsnReader basicConstraintsPayload = new AsnReader(basicConstraintsBytes, AsnEncodingRules.DER);
AsnReader basicConstraintsValue = basicConstraintsPayload.ReadSequence();
Assert.False(basicConstraintsValue.HasData, "basicConstraintsValue.HasData");
Assert.False(basicConstraintsPayload.HasData, "basicConstraintsPayload.HasData");
AsnReader keyUsageExtension = extensions.ReadSequence();
Assert.Equal("2.5.29.15", keyUsageExtension.ReadObjectIdentifierAsString());
Assert.True(keyUsageExtension.ReadBoolean(), "keyUsageExtension.ReadBoolean() (IsCritical)");
Assert.True(keyUsageExtension.TryReadPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> keyUsageBytes));
AsnReader keyUsagePayload = new AsnReader(keyUsageBytes, AsnEncodingRules.DER);
Assert.Equal(
X509KeyUsageCSharpStyle.DigitalSignature | X509KeyUsageCSharpStyle.KeyEncipherment,
keyUsagePayload.ReadNamedBitListValue <X509KeyUsageCSharpStyle>());
Assert.False(keyUsagePayload.HasData, "keyUsagePayload.HasData");
AssertExtension(extensions, "2.5.29.37", false, 863, bytes);
AssertExtension(extensions, "2.5.29.32", false, 894, bytes);
AssertExtension(extensions, "2.5.29.35", false, 998, bytes);
AssertExtension(extensions, "2.5.29.31", false, 1031, bytes);
AssertExtension(extensions, "1.3.6.1.5.5.7.1.1", false, 1081, bytes);
Assert.False(extensions.HasData, "extensions.HasData");
Assert.Equal("1.2.840.113549.1.1.11", sigAlgReader.ReadObjectIdentifierAsString());
sigAlgReader.ReadNull();
Assert.False(sigAlgReader.HasData);
}
private void AddSubNodes(TreeNode rootTree, Asn1Tag rootAsn1)
{
foreach (Asn1Tag subAsn1 in rootAsn1)
{
Asn1TreeNode subTree = new Asn1TreeNode(subAsn1);
rootTree.Nodes.Add(subTree);
AddSubNodes(subTree, subAsn1);
}
}
public void SealWithMac(
ReadOnlySpan <char> password,
HashAlgorithmName hashAlgorithm,
int iterationCount)
{
if (iterationCount < 1)
{
throw new ArgumentOutOfRangeException(nameof(iterationCount));
}
if (IsSealed)
{
throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed);
}
byte[]? rentedAuthSafe = null;
Span <byte> authSafeSpan = default;
byte[]? rentedMac = null;
Span <byte> macSpan = default;
Span <byte> salt = stackalloc byte[0];
try
{
AsnWriter contentsWriter = new AsnWriter(AsnEncodingRules.BER);
using (IncrementalHash hasher = IncrementalHash.CreateHash(hashAlgorithm))
{
contentsWriter.PushSequence();
if (_contents != null)
{
foreach (ContentInfoAsn contentInfo in _contents)
{
contentInfo.Encode(contentsWriter);
}
}
contentsWriter.PopSequence();
rentedAuthSafe = CryptoPool.Rent(contentsWriter.GetEncodedLength());
if (!contentsWriter.TryEncode(rentedAuthSafe, out int written))
{
Debug.Fail("TryEncode failed with a pre-allocated buffer");
throw new InvalidOperationException();
}
authSafeSpan = rentedAuthSafe.AsSpan(0, written);
// Get an array of the proper size for the hash.
byte[] macKey = hasher.GetHashAndReset();
rentedMac = CryptoPool.Rent(macKey.Length);
macSpan = rentedMac.AsSpan(0, macKey.Length);
// Since the biggest supported hash is SHA-2-512 (64 bytes), the
// 128-byte cap here shouldn't ever come into play.
Debug.Assert(macKey.Length <= 128);
salt = stackalloc byte[Math.Min(macKey.Length, 128)];
RandomNumberGenerator.Fill(salt);
Pkcs12Kdf.DeriveMacKey(
password,
hashAlgorithm,
iterationCount,
salt,
macKey);
using (IncrementalHash mac = IncrementalHash.CreateHMAC(hashAlgorithm, macKey))
{
mac.AppendData(authSafeSpan);
if (!mac.TryGetHashAndReset(macSpan, out int bytesWritten) || bytesWritten != macSpan.Length)
{
Debug.Fail($"TryGetHashAndReset wrote {bytesWritten} of {macSpan.Length} bytes");
throw new CryptographicException();
}
}
}
// https://tools.ietf.org/html/rfc7292#section-4
//
// PFX ::= SEQUENCE {
// version INTEGER {v3(3)}(v3,...),
// authSafe ContentInfo,
// macData MacData OPTIONAL
// }
AsnWriter writer = new AsnWriter(AsnEncodingRules.BER);
{
writer.PushSequence();
writer.WriteInteger(3);
writer.PushSequence();
{
writer.WriteObjectIdentifierForCrypto(Oids.Pkcs7Data);
Asn1Tag contextSpecific0 = new Asn1Tag(TagClass.ContextSpecific, 0);
writer.PushSequence(contextSpecific0);
{
writer.WriteOctetString(authSafeSpan);
writer.PopSequence(contextSpecific0);
}
writer.PopSequence();
}
// https://tools.ietf.org/html/rfc7292#section-4
//
// MacData ::= SEQUENCE {
// mac DigestInfo,
// macSalt OCTET STRING,
// iterations INTEGER DEFAULT 1
// -- Note: The default is for historical reasons and its use is
// -- deprecated.
// }
writer.PushSequence();
{
writer.PushSequence();
{
writer.PushSequence();
{
writer.WriteObjectIdentifierForCrypto(PkcsHelpers.GetOidFromHashAlgorithm(hashAlgorithm));
writer.PopSequence();
}
writer.WriteOctetString(macSpan);
writer.PopSequence();
}
writer.WriteOctetString(salt);
if (iterationCount > 1)
{
writer.WriteInteger(iterationCount);
}
writer.PopSequence();
}
writer.PopSequence();
_sealedData = writer.Encode();
}
}
finally
{
CryptographicOperations.ZeroMemory(macSpan);
CryptographicOperations.ZeroMemory(authSafeSpan);
if (rentedMac != null)
{
// Already cleared
CryptoPool.Return(rentedMac, clearSize: 0);
}
if (rentedAuthSafe != null)
{
// Already cleared
CryptoPool.Return(rentedAuthSafe, clearSize: 0);
}
}
}
internal static void Decode(AsnReader reader, Asn1Tag expectedTag, out Asn1BindResponse decoded)
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new Asn1BindResponse();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader collectionReader;
decoded.ResultCode = sequenceReader.GetEnumeratedValue <ResultCode>();
if (sequenceReader.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> tmpMatchedDN))
{
decoded.MatchedDN = tmpMatchedDN;
}
else
{
decoded.MatchedDN = sequenceReader.ReadOctetString();
}
if (sequenceReader.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> tmpDiagnosticMessage))
{
decoded.DiagnosticMessage = tmpDiagnosticMessage;
}
else
{
decoded.DiagnosticMessage = sequenceReader.ReadOctetString();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
// Decode SEQUENCE OF for Referral
{
collectionReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
var tmpList = new List <ReadOnlyMemory <byte> >();
ReadOnlyMemory <byte> tmpItem;
while (collectionReader.HasData)
{
if (collectionReader.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> tmp))
{
tmpItem = tmp;
}
else
{
tmpItem = collectionReader.ReadOctetString();
}
tmpList.Add(tmpItem);
}
decoded.Referral = tmpList.ToArray();
}
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 7)))
{
if (sequenceReader.TryGetPrimitiveOctetStringBytes(new Asn1Tag(TagClass.ContextSpecific, 7), out ReadOnlyMemory <byte> tmpServerSaslCreds))
{
decoded.ServerSaslCreds = tmpServerSaslCreds;
}
else
{
decoded.ServerSaslCreds = sequenceReader.ReadOctetString(new Asn1Tag(TagClass.ContextSpecific, 7));
}
}
sequenceReader.ThrowIfNotEmpty();
}
internal static void Decode(ref AsnValueReader reader, Asn1Tag expectedTag, ReadOnlyMemory <byte> rebind, out SignedDataAsn decoded)
{
decoded = default;
AsnValueReader sequenceReader = reader.ReadSequence(expectedTag);
AsnValueReader collectionReader;
ReadOnlySpan <byte> rebindSpan = rebind.Span;
int offset;
ReadOnlySpan <byte> tmpSpan;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
// Decode SEQUENCE OF for DigestAlgorithms
{
collectionReader = sequenceReader.ReadSetOf();
var tmpList = new List <AlgorithmIdentifierAsn>();
AlgorithmIdentifierAsn tmpItem;
while (collectionReader.HasData)
{
AlgorithmIdentifierAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.DigestAlgorithms = tmpList.ToArray();
}
EncapsulatedContentInfoAsn.Decode(ref sequenceReader, rebind, out decoded.EncapContentInfo);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
// Decode SEQUENCE OF for CertificateSet
{
collectionReader = sequenceReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 0));
var tmpList = new List <CertificateChoiceAsn>();
CertificateChoiceAsn tmpItem;
while (collectionReader.HasData)
{
CertificateChoiceAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.CertificateSet = tmpList.ToArray();
}
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
// Decode SEQUENCE OF for Crls
{
collectionReader = sequenceReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 1));
var tmpList = new List <ReadOnlyMemory <byte> >();
ReadOnlyMemory <byte> tmpItem;
while (collectionReader.HasData)
{
tmpSpan = collectionReader.ReadEncodedValue();
tmpItem = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
tmpList.Add(tmpItem);
}
decoded.Crls = tmpList.ToArray();
}
}
// Decode SEQUENCE OF for SignerInfos
{
collectionReader = sequenceReader.ReadSetOf();
var tmpList = new List <SignerInfoAsn>();
SignerInfoAsn tmpItem;
while (collectionReader.HasData)
{
SignerInfoAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.SignerInfos = tmpList.ToArray();
}
sequenceReader.ThrowIfNotEmpty();
}
// T-REC-X.690-201508 sec 8.12
// The writer claims SetOf, and not Set, so as to avoid the field
// ordering clause of T-REC-X.690-201508 sec 9.3
private void PushSetOfCore(Asn1Tag tag)
{
PushTag(tag, UniversalTagNumber.SetOf);
}
public static void ReadSequenceOf_PreservesOptions(AsnEncodingRules ruleSet)
{
// [5] (UtcTime) 500102123456Z
// UtcTime 120102235959Z
//
// They're sorted backwards, though.
const string PayloadHex =
"850D3530303130323132333435365A" +
"170D3132303130323233353935395A";
byte[] inputData;
// Build the rule-specific form of SEQUENCE { [PRIVATE 9] SEQUENCE { SET-OF { dates }, NULL } }
// The outer Set-Of is also invalid, because the NULL should be first.
if (ruleSet == AsnEncodingRules.DER)
{
inputData = ("3024" + "E922" + "A21E" + PayloadHex + "0500").HexToByteArray();
}
else
{
string inputHex = "3080" + "E980" + "A280" + PayloadHex + "0000" + "0500" + "0000" + "0000";
inputData = inputHex.HexToByteArray();
}
AsnReaderOptions options = new AsnReaderOptions
{
SkipSetSortOrderVerification = true,
UtcTimeTwoDigitYearMax = 2011,
};
AsnReader initial = new AsnReader(inputData, ruleSet, options);
AsnReader outer = initial.ReadSequence();
Assert.False(initial.HasData);
AsnReader inner = outer.ReadSequence(new Asn1Tag(TagClass.Private, 9));
Assert.False(outer.HasData);
Asn1Tag setTag = new Asn1Tag(TagClass.ContextSpecific, 2);
if (ruleSet != AsnEncodingRules.BER)
{
Assert.Throws <AsnContentException>(() => inner.ReadSetOf(false, setTag));
}
// This confirms that we've passed SkipSetOrderVerification this far.
AsnReader setOf = inner.ReadSetOf(setTag);
Assert.True(inner.HasData);
Assert.Equal(
new DateTimeOffset(1950, 1, 2, 12, 34, 56, TimeSpan.Zero),
setOf.ReadUtcTime(new Asn1Tag(TagClass.ContextSpecific, 5)));
// This confirms that we've passed UtcTimeTwoDigitYearMax,
// the default would call this 2012.
Assert.Equal(
new DateTimeOffset(1912, 1, 2, 23, 59, 59, TimeSpan.Zero),
setOf.ReadUtcTime());
Assert.False(setOf.HasData);
inner.ReadNull();
Assert.False(inner.HasData);
setOf.ThrowIfNotEmpty();
inner.ThrowIfNotEmpty();
outer.ThrowIfNotEmpty();
initial.ThrowIfNotEmpty();
}
private static void ReadData(Asn1Tag node, Stream stream, long dataLength)
{
if (dataLength > int.MaxValue)
{
throw new IOException("Can't read primitive data with more than " + int.MaxValue + " bytes.");
}
node.Data = new byte[(int)dataLength];
int read = stream.Read(node.Data, 0, node.Data.Length);
if (read != node.Data.Length)
{
throw new IOException("Unable to read enough data bytes.");
}
}
public unsafe string ProcessNegotiateChallenge(string challengeString)
{
NegState state = NegState.Unknown;
string mech = null;
byte[] blob = null;
byte[] data = Convert.FromBase64String(challengeString);
AsnReader reader = new AsnReader(data, AsnEncodingRules.DER);
AsnReader challengeReader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegotiationToken.NegTokenResp));
// NegTokenResp::= SEQUENCE {
// negState[0] ENUMERATED {
// accept - completed(0),
// accept - incomplete(1),
// reject(2),
// request - mic(3)
// } OPTIONAL,
// --REQUIRED in the first reply from the target
// supportedMech[1] MechType OPTIONAL,
// --present only in the first reply from the target
// responseToken[2] OCTET STRING OPTIONAL,
// mechListMIC[3] OCTET STRING OPTIONAL,
// ...
// }
challengeReader = challengeReader.ReadSequence();
while (challengeReader.HasData)
{
Asn1Tag tag = challengeReader.PeekTag();
if (tag.TagClass == TagClass.ContextSpecific)
{
NegTokenResp dataType = (NegTokenResp)tag.TagValue;
AsnReader specificValue = new AsnReader(challengeReader.PeekContentBytes(), AsnEncodingRules.DER);
switch (dataType)
{
case NegTokenResp.NegState:
state = specificValue.ReadEnumeratedValue <NegState>();
break;
case NegTokenResp.SupportedMech:
mech = specificValue.ReadObjectIdentifier();
break;
case NegTokenResp.ResponseToken:
blob = specificValue.ReadOctetString();
break;
default:
// Ignore everything else
break;
}
}
challengeReader.ReadEncodedValue();
}
if (Diag)
{
Console.WriteLine("Negotiate challenege: {0} - {1} in {2}", challengeString, mech, state);
}
// Mechanism should be set on first message. That means always
// as NTLM has only one challenege message.
if (!NtlmOid.Equals(mech))
{
throw new NotSupportedException($"'{mech}' mechanism is not supported");
}
if (state != NegState.Unknown && state != NegState.AcceptIncomplete)
{
// If state was set, it should be AcceptIncomplete for us to proseed.
return("");
}
if (blob?.Length > 0)
{
// Process decoded NTLM blob.
byte[] response = ProcessChallengeMessage(blob);
if (response?.Length > 0)
{
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
using (writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegotiationToken.NegTokenResp)))
{
writer.PushSequence();
using (writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenInit.MechToken)))
{
writer.WriteOctetString(response);
}
writer.PopSequence();
}
return("Negotiate " + Convert.ToBase64String(writer.Encode(), Base64FormattingOptions.None));
}
}
return("");
}
internal override void WriteString(AsnWriter writer, Asn1Tag tag, string s) => writer.WriteCharacterString(UniversalTagNumber.UTF8String, s, tag);
private static void DecodeCore(ref AsnValueReader reader, Asn1Tag expectedTag, ReadOnlyMemory <byte> rebind, out TbsCertificateAsn decoded)
{
decoded = default;
AsnValueReader sequenceReader = reader.ReadSequence(expectedTag);
AsnValueReader explicitReader;
AsnValueReader defaultReader;
AsnValueReader collectionReader;
ReadOnlySpan <byte> rebindSpan = rebind.Span;
int offset;
ReadOnlySpan <byte> tmpSpan;
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
if (!explicitReader.TryReadInt32(out decoded.Version))
{
explicitReader.ThrowIfNotEmpty();
}
explicitReader.ThrowIfNotEmpty();
}
else
{
defaultReader = new AsnValueReader(DefaultVersion, AsnEncodingRules.DER);
if (!defaultReader.TryReadInt32(out decoded.Version))
{
defaultReader.ThrowIfNotEmpty();
}
}
tmpSpan = sequenceReader.ReadIntegerBytes();
decoded.SerialNumber = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref sequenceReader, rebind, out decoded.SignatureAlgorithm);
if (!sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag((UniversalTagNumber)16)))
{
throw new CryptographicException();
}
tmpSpan = sequenceReader.ReadEncodedValue();
decoded.Issuer = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
System.Security.Cryptography.X509Certificates.Asn1.ValidityAsn.Decode(ref sequenceReader, rebind, out decoded.Validity);
if (!sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag((UniversalTagNumber)16)))
{
throw new CryptographicException();
}
tmpSpan = sequenceReader.ReadEncodedValue();
decoded.Subject = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
System.Security.Cryptography.Asn1.SubjectPublicKeyInfoAsn.Decode(ref sequenceReader, rebind, out decoded.SubjectPublicKeyInfo);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
if (sequenceReader.TryReadPrimitiveBitString(out _, out tmpSpan, new Asn1Tag(TagClass.ContextSpecific, 1)))
{
decoded.IssuerUniqueId = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
}
else
{
decoded.IssuerUniqueId = sequenceReader.ReadBitString(out _, new Asn1Tag(TagClass.ContextSpecific, 1));
}
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 2)))
{
if (sequenceReader.TryReadPrimitiveBitString(out _, out tmpSpan, new Asn1Tag(TagClass.ContextSpecific, 2)))
{
decoded.SubjectUniqueId = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
}
else
{
decoded.SubjectUniqueId = sequenceReader.ReadBitString(out _, new Asn1Tag(TagClass.ContextSpecific, 2));
}
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
// Decode SEQUENCE OF for Extensions
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <System.Security.Cryptography.Asn1.X509ExtensionAsn>();
System.Security.Cryptography.Asn1.X509ExtensionAsn tmpItem;
while (collectionReader.HasData)
{
System.Security.Cryptography.Asn1.X509ExtensionAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.Extensions = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
}
sequenceReader.ThrowIfNotEmpty();
}
internal static void Decode(AsnReader reader, Asn1Tag expectedTag, out Rfc3161TimeStampReq decoded)
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = default;
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader defaultReader;
AsnReader collectionReader;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
System.Security.Cryptography.Pkcs.Asn1.MessageImprint.Decode(sequenceReader, out decoded.MessageImprint);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.ObjectIdentifier))
{
decoded.ReqPolicy = sequenceReader.ReadObjectIdentifier();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Integer))
{
decoded.Nonce = sequenceReader.ReadIntegerBytes();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Boolean))
{
decoded.CertReq = sequenceReader.ReadBoolean();
}
else
{
defaultReader = new AsnReader(s_defaultCertReq, AsnEncodingRules.DER);
decoded.CertReq = defaultReader.ReadBoolean();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
// Decode SEQUENCE OF for Extensions
{
collectionReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
var tmpList = new List <System.Security.Cryptography.Asn1.X509ExtensionAsn>();
System.Security.Cryptography.Asn1.X509ExtensionAsn tmpItem;
while (collectionReader.HasData)
{
System.Security.Cryptography.Asn1.X509ExtensionAsn.Decode(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.Extensions = tmpList.ToArray();
}
}
sequenceReader.ThrowIfNotEmpty();
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
// DEFAULT value handler for Version.
{
AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
tmp.WriteInteger(Version);
if (!tmp.EncodedValueEquals(DefaultVersion))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
tmp.CopyTo(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
}
}
writer.WriteInteger(SerialNumber.Span);
SignatureAlgorithm.Encode(writer);
// Validator for tag constraint for Issuer
{
if (!Asn1Tag.TryDecode(Issuer.Span, out Asn1Tag validateTag, out _) ||
!validateTag.HasSameClassAndValue(new Asn1Tag((UniversalTagNumber)16)))
{
throw new CryptographicException();
}
}
try
{
writer.WriteEncodedValue(Issuer.Span);
}
catch (ArgumentException e)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
}
Validity.Encode(writer);
// Validator for tag constraint for Subject
{
if (!Asn1Tag.TryDecode(Subject.Span, out Asn1Tag validateTag, out _) ||
!validateTag.HasSameClassAndValue(new Asn1Tag((UniversalTagNumber)16)))
{
throw new CryptographicException();
}
}
try
{
writer.WriteEncodedValue(Subject.Span);
}
catch (ArgumentException e)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
}
SubjectPublicKeyInfo.Encode(writer);
if (IssuerUniqueId.HasValue)
{
writer.WriteBitString(IssuerUniqueId.Value.Span, 0, new Asn1Tag(TagClass.ContextSpecific, 1));
}
if (SubjectUniqueId.HasValue)
{
writer.WriteBitString(SubjectUniqueId.Value.Span, 0, new Asn1Tag(TagClass.ContextSpecific, 2));
}
if (Extensions != null)
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.PushSequence();
for (int i = 0; i < Extensions.Length; i++)
{
Extensions[i].Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
}
writer.PopSequence(tag);
}
public Asn1TypeAttribute(Asn1Tag asn1TagInfo)
{
this.tagInfo = new Asn1TagInfo(asn1TagInfo);
}
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded)
where T : KrbAuthPack, new()
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new T();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader explicitReader;
AsnReader collectionReader;
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
KrbPKAuthenticator.Decode <KrbPKAuthenticator>(explicitReader, out KrbPKAuthenticator tmpPKAuthenticator);
decoded.PKAuthenticator = tmpPKAuthenticator;
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
KrbSubjectPublicKeyInfo.Decode <KrbSubjectPublicKeyInfo>(explicitReader, out KrbSubjectPublicKeyInfo tmpClientPublicValue);
decoded.ClientPublicValue = tmpClientPublicValue;
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 2)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
// Decode SEQUENCE OF for SupportedCMSTypes
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbAlgorithmIdentifier>();
KrbAlgorithmIdentifier tmpItem;
while (collectionReader.HasData)
{
KrbAlgorithmIdentifier.Decode <KrbAlgorithmIdentifier>(collectionReader, out KrbAlgorithmIdentifier tmp);
tmpItem = tmp;
tmpList.Add(tmpItem);
}
decoded.SupportedCMSTypes = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
if (explicitReader.TryReadPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> tmpClientDHNonce))
{
decoded.ClientDHNonce = tmpClientDHNonce;
}
else
{
decoded.ClientDHNonce = explicitReader.ReadOctetString();
}
explicitReader.ThrowIfNotEmpty();
}
sequenceReader.ThrowIfNotEmpty();
}
private static string GetPrintableDataString(Asn1Tag tag, Encoding encoding)
{
return encoding.GetString(tag.Data);
}
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded)
where T : KrbEncKdcRepPart, new()
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new T();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader explicitReader;
AsnReader collectionReader;
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
KrbEncryptionKey.Decode <KrbEncryptionKey>(explicitReader, out decoded.Key);
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
// Decode SEQUENCE OF for LastReq
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbLastReq>();
KrbLastReq tmpItem;
while (collectionReader.HasData)
{
KrbLastReq.Decode <KrbLastReq>(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.LastReq = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
if (!explicitReader.TryReadInt32(out decoded.Nonce))
{
explicitReader.ThrowIfNotEmpty();
}
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
decoded.KeyExpiration = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
if (explicitReader.TryReadPrimitiveBitStringValue(out _, out ReadOnlyMemory <byte> tmpFlags))
{
decoded.Flags = (TicketFlags)tmpFlags.AsLong();
}
else
{
decoded.Flags = (TicketFlags)explicitReader.ReadBitString(out _).AsLong();
}
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
decoded.AuthTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 6)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
decoded.StartTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
decoded.EndTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 8)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
decoded.RenewTill = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 9));
decoded.Realm = explicitReader.ReadCharacterString(UniversalTagNumber.GeneralString);
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 10));
KrbPrincipalName.Decode <KrbPrincipalName>(explicitReader, out decoded.SName);
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 11)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 11));
// Decode SEQUENCE OF for CAddr
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbHostAddress>();
KrbHostAddress tmpItem;
while (collectionReader.HasData)
{
KrbHostAddress.Decode <KrbHostAddress>(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.CAddr = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 12)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 12));
KrbMethodData tmpEncryptedPaData;
KrbMethodData.Decode <KrbMethodData>(explicitReader, out tmpEncryptedPaData);
decoded.EncryptedPaData = tmpEncryptedPaData;
explicitReader.ThrowIfNotEmpty();
}
sequenceReader.ThrowIfNotEmpty();
}
private KdcMessageHandlerBase LocateMessageHandler(ReadOnlyMemory <byte> request, Asn1Tag tag)
{
MessageType messageType = KrbMessage.DetectMessageType(tag);
ValidateSupportedMessageType(messageType);
if (!this.messageHandlers.TryGetValue(messageType, out MessageHandlerConstructor builder))
{
throw new KerberosProtocolException(
KerberosErrorCode.KRB_ERR_GENERIC,
$"Application tag {messageType} doesn't have a message handler registered"
);
}
var handler = builder(request, this.options);
if (handler == null)
{
throw new InvalidOperationException($"Message handler builder {messageType} must not return null");
}
handler.RegisterPreAuthHandlers(this.preAuthHandlers);
return(handler);
}
internal void Encode(AsnWriter writer, Asn1Tag tag)
{
writer.PushSequence(tag);
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
Key?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.PushSequence();
for (int i = 0; i < LastReq.Length; i++)
{
LastReq[i]?.Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
writer.WriteInteger(Nonce);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
if (HasValue(KeyExpiration))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
writer.WriteGeneralizedTime(KeyExpiration.Value);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
writer.WriteBitString(Flags.AsReadOnly());
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
writer.WriteGeneralizedTime(AuthTime);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
if (HasValue(StartTime))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
writer.WriteGeneralizedTime(StartTime.Value);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
writer.WriteGeneralizedTime(EndTime);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
if (HasValue(RenewTill))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
writer.WriteGeneralizedTime(RenewTill.Value);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
}
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 9));
writer.WriteCharacterString(UniversalTagNumber.GeneralString, Realm);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 9));
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 10));
SName?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 10));
if (HasValue(CAddr))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 11));
writer.PushSequence();
for (int i = 0; i < CAddr.Length; i++)
{
CAddr[i]?.Encode(writer);
}
writer.PopSequence();
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 11));
}
if (HasValue(EncryptedPaData))
{
writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 12));
EncryptedPaData?.Encode(writer);
writer.PopSequence(new Asn1Tag(TagClass.ContextSpecific, 12));
}
writer.PopSequence(tag);
}
public static byte[] EncodeHeader(Asn1Tag node)
{
//TODO: determine/rationalize the initial size (though it's not like we're working with megabytes)
AutoGrowArray<byte> header = new AutoGrowArray<byte>(10);
#region Tag
byte tagByte = (byte)((((int)node.Class) << 6) | ((node.Constructed ? 1 : 0) << 5));
if (node.Identifier < 31 && !node.ForceMultiByteIdentifier)
{
tagByte = (byte)(tagByte | node.Identifier);
header.Add(tagByte);
}
else
{
tagByte |= 31;
header.Add(tagByte);
int n = 0;
while ((node.Identifier >> (n * 7)) > 0)
{
n++;
}
while (n > 0)
{
n--;
tagByte = (byte)((node.Identifier >> (n * 7)) & (0x7F));
if (n >= 1) tagByte |= 0x80;
header.Add(tagByte);
}
}
#endregion
#region Length
long dataLength;
if (node.Constructed)
{
//TODO: don't calculate and generate the length of subnodes over and over again
dataLength = node.Sum(subTag => GetTotalByteCount(subTag));
}
else
{
dataLength = node.Data.Length;
}
byte lenByte;
if (node.IndefiniteLength)
{
lenByte = 0x80;
header.Add(lenByte);
}
else if (dataLength >= 0 && dataLength <= 127)
{
lenByte = (byte)dataLength;
header.Add(lenByte);
}
else if (dataLength > 0)
{
int numBytes = (int)Math.Ceiling(Math.Log(dataLength + 1) / Math.Log(256));
if (numBytes >= 0x7F) throw new IOException("Don't know how to write length with 127 bytes");
lenByte = (byte)(0x80 | (numBytes & 0x7F));
header.Add(lenByte);
for (int i = 0; i < numBytes; ++i)
{
lenByte = (byte)((dataLength >> (8 * (numBytes - i - 1))) & 0xFF);
header.Add(lenByte);
}
}
else
{
throw new IOException("Don't know how to write negative length.");
}
#endregion
return header.ToArray();
}
internal static void Decode(AsnReader reader, Asn1Tag expectedTag, out SignedDataAsn decoded)
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = default;
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader collectionReader;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
// Decode SEQUENCE OF for DigestAlgorithms
{
collectionReader = sequenceReader.ReadSetOf();
var tmpList = new List <System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn>();
System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn tmpItem;
while (collectionReader.HasData)
{
System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.DigestAlgorithms = tmpList.ToArray();
}
System.Security.Cryptography.Pkcs.Asn1.EncapsulatedContentInfoAsn.Decode(sequenceReader, out decoded.EncapContentInfo);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
// Decode SEQUENCE OF for CertificateSet
{
collectionReader = sequenceReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 0));
var tmpList = new List <System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn>();
System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn tmpItem;
while (collectionReader.HasData)
{
System.Security.Cryptography.Pkcs.Asn1.CertificateChoiceAsn.Decode(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.CertificateSet = tmpList.ToArray();
}
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
// Decode SEQUENCE OF for Crls
{
collectionReader = sequenceReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 1));
var tmpList = new List <ReadOnlyMemory <byte> >();
ReadOnlyMemory <byte> tmpItem;
while (collectionReader.HasData)
{
tmpItem = collectionReader.GetEncodedValue();
tmpList.Add(tmpItem);
}
decoded.Crls = tmpList.ToArray();
}
}
// Decode SEQUENCE OF for SignerInfos
{
collectionReader = sequenceReader.ReadSetOf();
var tmpList = new List <System.Security.Cryptography.Pkcs.Asn1.SignerInfoAsn>();
System.Security.Cryptography.Pkcs.Asn1.SignerInfoAsn tmpItem;
while (collectionReader.HasData)
{
System.Security.Cryptography.Pkcs.Asn1.SignerInfoAsn.Decode(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.SignerInfos = tmpList.ToArray();
}
sequenceReader.ThrowIfNotEmpty();
}
public static void ExportText(Stream stream, Asn1Tag node)
{
byte[] text = ASCIIEncoding.ASCII.GetBytes(node.ToShortText());
stream.Write(text, 0, text.Length);
}
internal static void Decode(ref AsnValueReader reader, Asn1Tag expectedTag, ReadOnlyMemory <byte> rebind, out Rfc3161TstInfo decoded)
{
decoded = default;
AsnValueReader sequenceReader = reader.ReadSequence(expectedTag);
AsnValueReader explicitReader;
AsnValueReader defaultReader;
AsnValueReader collectionReader;
ReadOnlySpan <byte> rebindSpan = rebind.Span;
int offset;
ReadOnlySpan <byte> tmpSpan;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
decoded.Policy = sequenceReader.ReadObjectIdentifier();
MessageImprint.Decode(ref sequenceReader, rebind, out decoded.MessageImprint);
tmpSpan = sequenceReader.ReadIntegerBytes();
decoded.SerialNumber = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
decoded.GenTime = sequenceReader.ReadGeneralizedTime();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Sequence))
{
Rfc3161Accuracy tmpAccuracy;
Rfc3161Accuracy.Decode(ref sequenceReader, rebind, out tmpAccuracy);
decoded.Accuracy = tmpAccuracy;
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Boolean))
{
decoded.Ordering = sequenceReader.ReadBoolean();
}
else
{
defaultReader = new AsnValueReader(DefaultOrdering, AsnEncodingRules.DER);
decoded.Ordering = defaultReader.ReadBoolean();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Integer))
{
tmpSpan = sequenceReader.ReadIntegerBytes();
decoded.Nonce = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
GeneralNameAsn tmpTsa;
GeneralNameAsn.Decode(ref explicitReader, rebind, out tmpTsa);
decoded.Tsa = tmpTsa;
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
// Decode SEQUENCE OF for Extensions
{
collectionReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
var tmpList = new List <X509ExtensionAsn>();
X509ExtensionAsn tmpItem;
while (collectionReader.HasData)
{
X509ExtensionAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.Extensions = tmpList.ToArray();
}
}
sequenceReader.ThrowIfNotEmpty();
}
private static void CallWithFilestream(Action<Stream, Asn1Tag> method, string filename, Asn1Tag node)
{
using (FileStream fs = new FileStream(filename, FileMode.Create, FileAccess.Write))
{
method(fs, node);
}
}
public override int BerEncode(IAsn1BerEncodingBuffer buffer, bool explicitTag = true)
{
int allLen = 0;
Asn1Tag contextTag;
switch (SelectedChoice)
{
case 1:
allLen += field0.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 0)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 2:
allLen += field1.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 1)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 3:
allLen += field2.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 2)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 4:
allLen += field3.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 3)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 5:
allLen += field4.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 4)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 6:
allLen += field5.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 5)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 7:
allLen += field6.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 6)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 8:
allLen += field7.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 7)
{
EncodingWay = EncodingWay.Primitive
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 9:
allLen += field8.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 8)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
case 10:
allLen += field9.BerEncode(buffer, false);
allLen += LengthBerEncode(buffer, allLen);
contextTag = new Asn1Tag(Asn1TagType.Context, 9)
{
EncodingWay = EncodingWay.Constructed
};
allLen += TagBerEncode(buffer, contextTag);
break;
default:
throw new Asn1ConstraintsNotSatisfied(ExceptionMessages.InvalidChoiceIndex + " AuthenticationChoice");
}
return(allLen);
}
/// <summary>
/// Parse data in a (BitString) node if it's valid ASN.1 and add read nodes as sub nodes to this node.
/// </summary>
/// <param name="node">Node to read data from.</param>
/// <returns>True if valid ASN.1 was read, false if not.</returns>
private static bool ReadSubAsn1(Asn1Tag node, int dataOffset)
{
try
{
using (MemoryStream ms = new MemoryStream(node.Data, dataOffset, node.Data.Length - 1))
{
Asn1Tag subTag = Asn1.Decode(ms);
subTag.ToShortText(); // To validate, if it fails with exception, it's not added
node.AddSubTag(subTag);
return true;
}
}
catch (Exception ex) // TODO: narrow this down
{
Console.WriteLine("Exception: " + ex.Message);
return false;
}
}
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded)
where T : KrbAuthenticator, new()
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new T();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader explicitReader;
AsnReader collectionReader;
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
if (!explicitReader.TryReadInt32(out decoded.AuthenticatorVersionNumber))
{
explicitReader.ThrowIfNotEmpty();
}
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
decoded.Realm = explicitReader.ReadCharacterString(UniversalTagNumber.GeneralString);
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
KrbPrincipalName.Decode <KrbPrincipalName>(explicitReader, out decoded.CName);
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
KrbChecksum tmpChecksum;
KrbChecksum.Decode <KrbChecksum>(explicitReader, out tmpChecksum);
decoded.Checksum = tmpChecksum;
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
if (!explicitReader.TryReadInt32(out decoded.CuSec))
{
explicitReader.ThrowIfNotEmpty();
}
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 5));
decoded.CTime = explicitReader.ReadGeneralizedTime();
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 6)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 6));
KrbEncryptionKey tmpSubkey;
KrbEncryptionKey.Decode <KrbEncryptionKey>(explicitReader, out tmpSubkey);
decoded.Subkey = tmpSubkey;
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 7)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 7));
if (explicitReader.TryReadInt32(out int tmpSequenceNumber))
{
decoded.SequenceNumber = tmpSequenceNumber;
}
else
{
explicitReader.ThrowIfNotEmpty();
}
explicitReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 8)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 8));
// Decode SEQUENCE OF for AuthorizationData
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbAuthorizationData>();
KrbAuthorizationData tmpItem;
while (collectionReader.HasData)
{
KrbAuthorizationData.Decode <KrbAuthorizationData>(collectionReader, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.AuthorizationData = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
}
sequenceReader.ThrowIfNotEmpty();
}
internal override void WriteSpan(AsnWriter writer, Asn1Tag tag, ReadOnlySpan <char> s) => writer.WriteCharacterString(UniversalTagNumber.UTF8String, s, tag);
/// <summary>
/// Decode the Tbs of the CRL.
/// </summary>
/// <param name="tbs">The raw TbsCertList of the CRL.</param>
internal void DecodeCrl(byte[] tbs)
{
try
{
AsnReader crlReader = new AsnReader(tbs, AsnEncodingRules.DER);
var tag = Asn1Tag.Sequence;
var seqReader = crlReader.ReadSequence(tag);
crlReader.ThrowIfNotEmpty();
if (seqReader != null)
{
// Version is OPTIONAL
uint version = 0;
var intTag = new Asn1Tag(UniversalTagNumber.Integer);
var peekTag = seqReader.PeekTag();
if (peekTag == intTag)
{
if (seqReader.TryReadUInt32(out version))
{
if (version != 1)
{
throw new AsnContentException($"The CRL contains an incorrect version {version}");
}
}
}
// Signature Algorithm Identifier
var sigReader = seqReader.ReadSequence();
var oid = sigReader.ReadObjectIdentifier();
m_hashAlgorithmName = Oids.GetHashAlgorithmName(oid);
if (sigReader.HasData)
{
sigReader.ReadNull();
}
sigReader.ThrowIfNotEmpty();
// Issuer
m_issuerName = new X500DistinguishedName(seqReader.ReadEncodedValue().ToArray());
// thisUpdate
m_thisUpdate = seqReader.ReadUtcTime().UtcDateTime;
// nextUpdate is OPTIONAL
var utcTag = new Asn1Tag(UniversalTagNumber.UtcTime);
peekTag = seqReader.PeekTag();
if (peekTag == utcTag)
{
m_nextUpdate = seqReader.ReadUtcTime().UtcDateTime;
}
var seqTag = new Asn1Tag(UniversalTagNumber.Sequence, true);
peekTag = seqReader.PeekTag();
if (peekTag == seqTag)
{
// revoked certificates
var revReader = seqReader.ReadSequence(tag);
var revokedCertificates = new List <RevokedCertificate>();
while (revReader.HasData)
{
var crlEntry = revReader.ReadSequence();
var serial = crlEntry.ReadInteger();
var revokedCertificate = new RevokedCertificate(serial.ToByteArray());
revokedCertificate.RevocationDate = crlEntry.ReadUtcTime().UtcDateTime;
if (version == 1 &&
crlEntry.HasData)
{
// CRL entry extensions
var crlEntryExtensions = crlEntry.ReadSequence();
while (crlEntryExtensions.HasData)
{
var extension = crlEntryExtensions.ReadExtension();
revokedCertificate.CrlEntryExtensions.Add(extension);
}
crlEntryExtensions.ThrowIfNotEmpty();
}
crlEntry.ThrowIfNotEmpty();
revokedCertificates.Add(revokedCertificate);
}
revReader.ThrowIfNotEmpty();
m_revokedCertificates = revokedCertificates;
}
// CRL extensions OPTIONAL
if (version == 1 &&
seqReader.HasData)
{
var extTag = new Asn1Tag(TagClass.ContextSpecific, 0);
var optReader = seqReader.ReadSequence(extTag);
var crlExtensionList = new X509ExtensionCollection();
var crlExtensions = optReader.ReadSequence();
while (crlExtensions.HasData)
{
var extension = crlExtensions.ReadExtension();
crlExtensionList.Add(extension);
}
m_crlExtensions = crlExtensionList;
}
seqReader.ThrowIfNotEmpty();
m_decoded = true;
return;
}
throw new CryptographicException("The CRL contains ivalid data.");
}
catch (AsnContentException ace)
{
throw new CryptographicException("Failed to decode the CRL.", ace);
}
}
internal static void Decode <T>(AsnReader reader, Asn1Tag expectedTag, out T decoded)
where T : KrbKdcReq, new()
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = new T();
AsnReader sequenceReader = reader.ReadSequence(expectedTag);
AsnReader explicitReader;
AsnReader collectionReader;
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
if (!explicitReader.TryReadInt32(out int tmpProtocolVersionNumber))
{
explicitReader.ThrowIfNotEmpty();
}
decoded.ProtocolVersionNumber = tmpProtocolVersionNumber;
explicitReader.ThrowIfNotEmpty();
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
if (!explicitReader.TryReadInt32(out MessageType tmpMessageType))
{
explicitReader.ThrowIfNotEmpty();
}
decoded.MessageType = tmpMessageType;
explicitReader.ThrowIfNotEmpty();
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
{
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
// Decode SEQUENCE OF for PaData
{
collectionReader = explicitReader.ReadSequence();
var tmpList = new List <KrbPaData>();
KrbPaData tmpItem;
while (collectionReader.HasData)
{
KrbPaData.Decode <KrbPaData>(collectionReader, out KrbPaData tmp);
tmpItem = tmp;
tmpList.Add(tmpItem);
}
decoded.PaData = tmpList.ToArray();
}
explicitReader.ThrowIfNotEmpty();
}
explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 4));
KrbKdcReqBody.Decode <KrbKdcReqBody>(explicitReader, out KrbKdcReqBody tmpBody);
decoded.Body = tmpBody;
explicitReader.ThrowIfNotEmpty();
sequenceReader.ThrowIfNotEmpty();
}
// T-REC-X.690-201508 sec 8.9, 8.10
private void PushSequenceCore(Asn1Tag tag)
{
PushTag(tag.AsConstructed(), UniversalTagNumber.Sequence);
}
/// <summary>
/// Initializes a new instance of the <see cref="Asn1TagInfo"/> struct.
/// </summary>
/// <param name="asn1Tag">The asn1 SNMP tag.</param>
public Asn1TagInfo(Asn1Tag asn1Tag) : this(asn1Tag, ConstructType.Primitive)
{
}
private static string GetBitDataString(Asn1Tag tag)
{
byte unusedBits = tag.Data[0];
return string.Concat("unused: ", unusedBits, " ", GetHexDataString(tag.Data, 1, Math.Min(64, tag.Data.Length - 1)));
}
internal abstract void WriteSpan(AsnWriter writer, Asn1Tag tag, ReadOnlySpan <char> s);
public Asn1TypeAttribute(Asn1Tag asn1Tag, ConstructType constructType, Asn1Class asn1Class)
{
this.tagInfo = new Asn1TagInfo(asn1Tag, constructType, asn1Class);
}
public Asn1TypeAttribute(Asn1Tag asn1Tag, ConstructType constructType, Asn1Class asn1Class)
{
this.tagInfo = new Asn1TagInfo(asn1Tag, constructType, asn1Class);
}
public static void Encode(Stream stream, Asn1Tag node)
{
EncodeHeader(stream, node);
EncodeData(stream, node);
}
private static string GetOidDataString(Asn1Tag tag)
{
StringBuilder oidBuf = new StringBuilder();
bool first = true;
int value = 0;
OidNode oidNode = OidDb;
for (int i = 0; i < tag.Data.Length; ++i)
{
value <<= 7;
value |= (tag.Data[i] & 0x7F);
if ((tag.Data[i] & 0x80) == 0)
{
if (first)
{
oidBuf.Append(value / 40);
oidBuf.Append('.');
oidBuf.Append(value % 40);
first = false;
if (oidNode != null) oidNode = oidNode.Get(value / 40);
if (oidNode != null) oidNode = oidNode.Get(value % 40);
}
else
{
oidBuf.Append('.');
oidBuf.Append(value);
if (oidNode != null) oidNode = oidNode.Get(value);
}
value = 0;
}
}
if (oidNode != null) oidBuf.Append(" (").Append(oidNode.Description).Append(")");
return oidBuf.ToString();
}
public static void EncodeData(string filename, Asn1Tag node)
{
CallWithFilestream(EncodeData, filename, node);
}
private static string GetUtcDataString(Asn1Tag tag)
{
DateTime utcTime = GetUtcTime(tag);
return string.Concat(utcTime.ToString("yyyy-MM-dd HH:mm:ss"), " UTC");
}
public static void EncodeData(Stream stream, Asn1Tag node)
{
#region Data
if (node.Constructed)
{
foreach (Asn1Tag subTag in node)
{
Encode(stream, subTag);
}
}
else
{
stream.Write(node.Data, 0, node.Data.Length);
}
#endregion
}
// T-REC-X.690-201508 sec 8.9, 8.10
private void PopSequenceCore(Asn1Tag tag)
{
PopTag(tag, UniversalTagNumber.Sequence);
}
internal virtual async Task <ReadOnlyMemory <byte> > ProcessMessageCoreAsync(ReadOnlyMemory <byte> request, Asn1Tag tag)
{
KdcMessageHandlerBase messageHandler;
try
{
messageHandler = this.LocateMessageHandler(request, tag);
}
catch (Exception ex) when(IsProtocolException(ex))
{
this.logger.LogWarning(ex, "Message handler could not be located for message");
return(KdcMessageHandlerBase.GenerateGenericError(ex, this.options));
}
try
{
return(await messageHandler.ExecuteAsync().ConfigureAwait(false));
}
catch (Exception ex) when(IsProtocolException(ex))
{
this.logger.LogWarning(ex, "Message handler {MessageHandler} could not process message", messageHandler.GetType());
return(KdcMessageHandlerBase.GenerateGenericError(ex, this.options));
}
}
/// <summary>
/// Decode ASN.1 tags from a stream.
/// </summary>
/// <param name="stream">Stream to read from.</param>
/// <param name="singleNode">If true, read only one single node without subnodes.</param>
/// <param name="readSubAsn1">If true, possible ASN.1 data in BitStrings will be decoded.</param>
/// <returns>The root node read from the stream.</returns>
public static Asn1Tag Decode(Stream stream, bool singleNode, bool readSubAsn1)
{
Asn1Tag node = new Asn1Tag();
Asn1.Class nodeClass;
bool constructed;
bool indefLength;
int fullIdentifier;
bool forceMultiByteIdentifier;
node.StartByte = stream.Position;
node.Identifier = ReadIdentifier(stream, out nodeClass, out constructed, out fullIdentifier, out forceMultiByteIdentifier);
node.Class = nodeClass;
node.Constructed = constructed;
node.FullIdentifier = fullIdentifier;
node.ForceMultiByteIdentifier = forceMultiByteIdentifier;
long dataLength = ReadLength(stream, out indefLength);
long headerLength = stream.Position - node.StartByte;
if (node.Constructed)
{
if (!singleNode)
{
while ((stream.Position < node.StartByte + headerLength + dataLength) || indefLength)
{
Asn1Tag subTag = Decode(stream, singleNode, readSubAsn1);
node.AddSubTag(subTag);
if (subTag.Identifier == EocIdentifier && subTag.Data.Length == EocLength)
{
break;
}
}
}
}
else
{
ReadData(node, stream, dataLength);
if (readSubAsn1)
{
switch (node.Identifier)
{
case (int)Asn1.TagNumber.BitString:
ReadSubAsn1(node, 1);
break;
case (int)Asn1.TagNumber.OctetString:
ReadSubAsn1(node, 0);
break;
}
}
}
return node;
}
/// <summary>
/// Initializes a new instance of the <see cref="Asn1TagInfo"/> struct.
/// </summary>
/// <param name="asn1Tag">The asn1 SNMP tag.</param>
public Asn1TagInfo(Asn1Tag asn1Tag)
: this(asn1Tag, ConstructType.Primitive)
{
}
