public static void TagMustBeCorrect_Custom(PublicEncodingRules ruleSet)
{
byte[] inputData = "850D3530303130323132333435365A".HexToByteArray();
AsnReader reader = new AsnReader(inputData, (AsnEncodingRules)ruleSet);
AssertExtensions.Throws <ArgumentException>(
"expectedTag",
() => reader.GetUtcTime(Asn1Tag.Null));
Assert.True(reader.HasData, "HasData after bad universal tag");
Assert.Throws <CryptographicException>(() => reader.GetUtcTime());
Assert.True(reader.HasData, "HasData after default tag");
Assert.Throws <CryptographicException>(
() => reader.GetUtcTime(new Asn1Tag(TagClass.Application, 5)));
Assert.True(reader.HasData, "HasData after wrong custom class");
Assert.Throws <CryptographicException>(
() => reader.GetUtcTime(new Asn1Tag(TagClass.ContextSpecific, 7)));
Assert.True(reader.HasData, "HasData after wrong custom tag value");
Assert.Equal(
new DateTimeOffset(1950, 1, 2, 12, 34, 56, TimeSpan.Zero),
reader.GetUtcTime(new Asn1Tag(TagClass.ContextSpecific, 5)));
Assert.False(reader.HasData, "HasData after reading value");
}
public static void ParseTime_Valid(
PublicEncodingRules ruleSet,
string inputHex,
int year,
int month,
int day,
int hour,
int minute,
int second,
int offsetHour,
int offsetMinute)
{
byte[] inputData = inputHex.HexToByteArray();
AsnReader reader = new AsnReader(inputData, (AsnEncodingRules)ruleSet);
DateTimeOffset value = reader.GetUtcTime();
Assert.Equal(year, value.Year);
Assert.Equal(month, value.Month);
Assert.Equal(day, value.Day);
Assert.Equal(hour, value.Hour);
Assert.Equal(minute, value.Minute);
Assert.Equal(second, value.Second);
Assert.Equal(0, value.Millisecond);
Assert.Equal(new TimeSpan(offsetHour, offsetMinute, 0), value.Offset);
}
public override DateTime DecodeUtcTime(byte[] encodedUtcTime)
{
// Read using BER because the CMS specification says the encoding is BER.
AsnReader reader = new AsnReader(encodedUtcTime, AsnEncodingRules.BER);
DateTimeOffset value = reader.GetUtcTime();
reader.ThrowIfNotEmpty();
return(value.UtcDateTime);
}
public static void ReadUtcTime_TwoYearMaximum(int maximum, int interpretedYear)
{
byte[] inputData = "170D3132303130323233353935395A".HexToByteArray();
AsnReader reader = new AsnReader(inputData, AsnEncodingRules.BER);
DateTimeOffset value = reader.GetUtcTime(maximum);
Assert.Equal(interpretedYear, value.Year);
}
public static void ReadUtcTime_Throws(
string description,
PublicEncodingRules ruleSet,
string inputHex)
{
byte[] inputData = inputHex.HexToByteArray();
AsnReader reader = new AsnReader(inputData, (AsnEncodingRules)ruleSet);
Assert.Throws <CryptographicException>(() => reader.GetUtcTime());
}
public override DateTime DecodeUtcTime(byte[] encodedUtcTime)
{
// Read using BER because the CMS specification says the encoding is BER.
AsnReader reader = new AsnReader(encodedUtcTime, AsnEncodingRules.BER);
DateTimeOffset value = reader.GetUtcTime();
if (reader.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
return(value.UtcDateTime);
}
public static void ReadUtcTime_WayTooBig_Throws()
{
// Need to exceed the length that the shared pool will return for 17:
byte[] inputData = new byte[4097 + 4];
inputData[0] = 0x17;
inputData[1] = 0x82;
inputData[2] = 0x10;
inputData[3] = 0x01;
AsnReader reader = new AsnReader(inputData, AsnEncodingRules.BER);
Assert.Throws <CryptographicException>(() => reader.GetUtcTime());
}
public static void ParseTime_InvalidValue_LegalString()
{
byte[] inputData = "17113030303030303030303030302D31353030".HexToByteArray();
var exception = Assert.Throws <CryptographicException>(
() =>
{
AsnReader reader = new AsnReader(inputData, AsnEncodingRules.BER);
reader.GetUtcTime();
});
Assert.NotNull(exception.InnerException);
Assert.IsType <ArgumentOutOfRangeException>(exception.InnerException);
}
public static void ExpectedTag_IgnoresConstructed(
PublicEncodingRules ruleSet,
string inputHex,
PublicTagClass tagClass,
int tagValue)
{
byte[] inputData = inputHex.HexToByteArray();
AsnReader reader = new AsnReader(inputData, (AsnEncodingRules)ruleSet);
DateTimeOffset val1 = reader.GetUtcTime(new Asn1Tag((TagClass)tagClass, tagValue, true));
Assert.False(reader.HasData);
reader = new AsnReader(inputData, (AsnEncodingRules)ruleSet);
DateTimeOffset val2 = reader.GetUtcTime(new Asn1Tag((TagClass)tagClass, tagValue, false));
Assert.False(reader.HasData);
Assert.Equal(val1, val2);
}
internal static void Decode(AsnReader reader, out TimeAsn decoded)
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
decoded = default;
Asn1Tag tag = reader.PeekTag();
if (tag.HasSameClassAndValue(Asn1Tag.UtcTime))
{
decoded.UtcTime = reader.GetUtcTime();
}
else if (tag.HasSameClassAndValue(Asn1Tag.GeneralizedTime))
{
decoded.GeneralTime = reader.GetGeneralizedTime();
}
else
{
throw new CryptographicException();
}
}
internal CertificateDataAsn(byte[] rawData)
{
AsnReader reader = new AsnReader(rawData, AsnEncodingRules.DER).ReadSequence();
AsnReader tbsCertificate = reader.ReadSequence();
if (tbsCertificate.PeekTag() == explicit0)
{
AsnReader version = tbsCertificate.ReadSequence(explicit0);
version.TryReadInt32(out Version);
}
else if (tbsCertificate.PeekTag() != Asn1Tag.Integer)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
else
{
Version = 0;
}
if (Version < 0 || Version > 2)
{
throw new CryptographicException();
}
SerialNumber = tbsCertificate.GetIntegerBytes().ToArray();
AsnReader tbsSignature = tbsCertificate.ReadSequence();
TbsSignature.AlgorithmId = tbsSignature.ReadObjectIdentifierAsString();
TbsSignature.Parameters = tbsSignature.HasData ? tbsSignature.GetEncodedValue().ToArray() : Array.Empty <byte>();
if (tbsSignature.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
Issuer = new X500DistinguishedName(tbsCertificate.GetEncodedValue().ToArray());
AsnReader validity = tbsCertificate.ReadSequence();
NotBefore = validity.GetUtcTime().UtcDateTime; // FIXME
NotAfter = validity.GetUtcTime().UtcDateTime;
if (validity.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
Subject = new X500DistinguishedName(tbsCertificate.GetEncodedValue().ToArray());
SubjectPublicKeyInfo = tbsCertificate.GetEncodedValue().ToArray();
AsnReader subjectPublicKeyInfo = new AsnReader(SubjectPublicKeyInfo, AsnEncodingRules.DER).ReadSequence();
AsnReader subjectKeyAlgorithm = subjectPublicKeyInfo.ReadSequence();
PublicKeyAlgorithm.AlgorithmId = subjectKeyAlgorithm.ReadObjectIdentifierAsString();
PublicKeyAlgorithm.Parameters = subjectKeyAlgorithm.HasData ? subjectKeyAlgorithm.GetEncodedValue().ToArray() : Array.Empty <byte>();
if (subjectKeyAlgorithm.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
PublicKey = subjectPublicKeyInfo.ReadBitString();
if (subjectPublicKeyInfo.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
if (Version > 0 &&
tbsCertificate.HasData &&
tbsCertificate.PeekTag() == explicit1)
{
IssuerUniqueId = tbsCertificate.ReadBitString();
}
else
{
IssuerUniqueId = null;
}
if (Version > 0 &&
tbsCertificate.HasData &&
tbsCertificate.PeekTag() == explicit2)
{
SubjectUniqueId = tbsCertificate.ReadBitString();
}
else
{
SubjectUniqueId = null;
}
Extensions = new List <X509Extension>();
if (Version > 1 &&
tbsCertificate.HasData &&
tbsCertificate.PeekTag() == explicit3)
{
AsnReader extensions = tbsCertificate.ReadSequence(explicit3);
extensions = extensions.ReadSequence();
while (extensions.HasData)
{
AsnReader extensionReader = extensions.ReadSequence();
string oid = extensionReader.ReadObjectIdentifierAsString();
bool critical = false;
if (extensionReader.PeekTag() == Asn1Tag.Boolean)
{
critical = extensionReader.ReadBoolean();
}
byte[] extensionData = extensionReader.ReadOctetString();
Extensions.Add(new X509Extension(oid, extensionData, critical));
if (extensionReader.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
}
}
if (tbsCertificate.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
AsnReader signatureAlgorithm = reader.ReadSequence();
SignatureAlgorithm.AlgorithmId = signatureAlgorithm.ReadObjectIdentifierAsString();
SignatureAlgorithm.Parameters = signatureAlgorithm.HasData ? signatureAlgorithm.GetEncodedValue().ToArray() : Array.Empty <byte>();
if (signatureAlgorithm.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
SignatureValue = reader.ReadBitString();
if (reader.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
RawData = rawData;
}
public static void ReadMicrosoftComCert()
{
byte[] bytes = MicrosoftDotComSslCertBytes;
AsnReader fileReader = new AsnReader(bytes, AsnEncodingRules.DER);
AsnReader certReader = fileReader.ReadSequence();
Assert.False(fileReader.HasData, "fileReader.HasData");
AsnReader tbsCertReader = certReader.ReadSequence();
AsnReader sigAlgReader = certReader.ReadSequence();
Assert.True(
certReader.TryGetPrimitiveBitStringValue(
out int unusedBitCount,
out ReadOnlyMemory <byte> signature),
"certReader.TryGetBitStringBytes");
Assert.Equal(0, unusedBitCount);
AssertRefSame(signature, ref bytes[1176], "Signature is a ref to bytes[1176]");
Assert.False(certReader.HasData, "certReader.HasData");
AsnReader versionExplicitWrapper = tbsCertReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
Assert.True(versionExplicitWrapper.TryReadInt32(out int certVersion));
Assert.Equal(2, certVersion);
Assert.False(versionExplicitWrapper.HasData, "versionExplicitWrapper.HasData");
ReadOnlyMemory <byte> serialBytes = tbsCertReader.GetIntegerBytes();
AssertRefSame(serialBytes, ref bytes[15], "Serial number starts at bytes[15]");
AsnReader tbsSigAlgReader = tbsCertReader.ReadSequence();
Assert.Equal("1.2.840.113549.1.1.11", tbsSigAlgReader.ReadObjectIdentifierAsString());
Assert.True(tbsSigAlgReader.HasData, "tbsSigAlgReader.HasData before ReadNull");
tbsSigAlgReader.ReadNull();
Assert.False(tbsSigAlgReader.HasData, "tbsSigAlgReader.HasData after ReadNull");
AsnReader issuerReader = tbsCertReader.ReadSequence();
Asn1Tag printableString = new Asn1Tag(UniversalTagNumber.PrintableString);
AssertRdn(issuerReader, "2.5.4.6", 57, printableString, bytes, "issuer[C]");
AssertRdn(issuerReader, "2.5.4.10", 70, printableString, bytes, "issuer[O]");
AssertRdn(issuerReader, "2.5.4.11", 101, printableString, bytes, "issuer[OU]");
AssertRdn(issuerReader, "2.5.4.3", 134, printableString, bytes, "issuer[CN]");
Assert.False(issuerReader.HasData, "issuerReader.HasData");
AsnReader validityReader = tbsCertReader.ReadSequence();
Assert.Equal(new DateTimeOffset(2014, 10, 15, 0, 0, 0, TimeSpan.Zero), validityReader.GetUtcTime());
Assert.Equal(new DateTimeOffset(2016, 10, 15, 23, 59, 59, TimeSpan.Zero), validityReader.GetUtcTime());
Assert.False(validityReader.HasData, "validityReader.HasData");
AsnReader subjectReader = tbsCertReader.ReadSequence();
Asn1Tag utf8String = new Asn1Tag(UniversalTagNumber.UTF8String);
AssertRdn(subjectReader, "1.3.6.1.4.1.311.60.2.1.3", 220, printableString, bytes, "subject[EV Country]");
AssertRdn(subjectReader, "1.3.6.1.4.1.311.60.2.1.2", 241, utf8String, bytes, "subject[EV State]", "Washington");
AssertRdn(subjectReader, "2.5.4.15", 262, printableString, bytes, "subject[Business Category]");
AssertRdn(subjectReader, "2.5.4.5", 293, printableString, bytes, "subject[Serial Number]");
AssertRdn(subjectReader, "2.5.4.6", 313, printableString, bytes, "subject[C]");
AssertRdn(subjectReader, "2.5.4.17", 326, utf8String, bytes, "subject[Postal Code]", "98052");
AssertRdn(subjectReader, "2.5.4.8", 342, utf8String, bytes, "subject[ST]", "Washington");
AssertRdn(subjectReader, "2.5.4.7", 363, utf8String, bytes, "subject[L]", "Redmond");
AssertRdn(subjectReader, "2.5.4.9", 381, utf8String, bytes, "subject[Street Address]", "1 Microsoft Way");
AssertRdn(subjectReader, "2.5.4.10", 407, utf8String, bytes, "subject[O]", "Microsoft Corporation");
AssertRdn(subjectReader, "2.5.4.11", 439, utf8String, bytes, "subject[OU]", "MSCOM");
AssertRdn(subjectReader, "2.5.4.3", 455, utf8String, bytes, "subject[CN]", "www.microsoft.com");
Assert.False(subjectReader.HasData, "subjectReader.HasData");
AsnReader subjectPublicKeyInfo = tbsCertReader.ReadSequence();
AsnReader spkiAlgorithm = subjectPublicKeyInfo.ReadSequence();
Assert.Equal("1.2.840.113549.1.1.1", spkiAlgorithm.ReadObjectIdentifierAsString());
spkiAlgorithm.ReadNull();
Assert.False(spkiAlgorithm.HasData, "spkiAlgorithm.HasData");
Assert.True(
subjectPublicKeyInfo.TryGetPrimitiveBitStringValue(
out unusedBitCount,
out ReadOnlyMemory <byte> encodedPublicKey),
"subjectPublicKeyInfo.TryGetBitStringBytes");
Assert.Equal(0, unusedBitCount);
AssertRefSame(encodedPublicKey, ref bytes[498], "Encoded public key starts at byte 498");
Assert.False(subjectPublicKeyInfo.HasData, "subjectPublicKeyInfo.HasData");
AsnReader publicKeyReader = new AsnReader(encodedPublicKey, AsnEncodingRules.DER);
AsnReader rsaPublicKeyReader = publicKeyReader.ReadSequence();
AssertRefSame(rsaPublicKeyReader.GetIntegerBytes(), ref bytes[506], "RSA Modulus is at bytes[502]");
Assert.True(rsaPublicKeyReader.TryReadInt32(out int rsaExponent));
Assert.Equal(65537, rsaExponent);
Assert.False(rsaPublicKeyReader.HasData, "rsaPublicKeyReader.HasData");
Assert.False(publicKeyReader.HasData, "publicKeyReader.HasData");
AsnReader extensionsContainer = tbsCertReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
AsnReader extensions = extensionsContainer.ReadSequence();
Assert.False(extensionsContainer.HasData, "extensionsContainer.HasData");
AsnReader sanExtension = extensions.ReadSequence();
Assert.Equal("2.5.29.17", sanExtension.ReadObjectIdentifierAsString());
Assert.True(sanExtension.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> sanExtensionBytes));
Assert.False(sanExtension.HasData, "sanExtension.HasData");
AsnReader sanExtensionPayload = new AsnReader(sanExtensionBytes, AsnEncodingRules.DER);
AsnReader sanExtensionValue = sanExtensionPayload.ReadSequence();
Assert.False(sanExtensionPayload.HasData, "sanExtensionPayload.HasData");
Asn1Tag dnsName = new Asn1Tag(TagClass.ContextSpecific, 2);
Assert.Equal("www.microsoft.com", sanExtensionValue.GetCharacterString(dnsName, UniversalTagNumber.IA5String));
Assert.Equal("wwwqa.microsoft.com", sanExtensionValue.GetCharacterString(dnsName, UniversalTagNumber.IA5String));
Assert.False(sanExtensionValue.HasData, "sanExtensionValue.HasData");
AsnReader basicConstraints = extensions.ReadSequence();
Assert.Equal("2.5.29.19", basicConstraints.ReadObjectIdentifierAsString());
Assert.True(basicConstraints.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> basicConstraintsBytes));
AsnReader basicConstraintsPayload = new AsnReader(basicConstraintsBytes, AsnEncodingRules.DER);
AsnReader basicConstraintsValue = basicConstraintsPayload.ReadSequence();
Assert.False(basicConstraintsValue.HasData, "basicConstraintsValue.HasData");
Assert.False(basicConstraintsPayload.HasData, "basicConstraintsPayload.HasData");
AsnReader keyUsageExtension = extensions.ReadSequence();
Assert.Equal("2.5.29.15", keyUsageExtension.ReadObjectIdentifierAsString());
Assert.True(keyUsageExtension.ReadBoolean(), "keyUsageExtension.ReadBoolean() (IsCritical)");
Assert.True(keyUsageExtension.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> keyUsageBytes));
AsnReader keyUsagePayload = new AsnReader(keyUsageBytes, AsnEncodingRules.DER);
Assert.Equal(
X509KeyUsageCSharpStyle.DigitalSignature | X509KeyUsageCSharpStyle.KeyEncipherment,
keyUsagePayload.GetNamedBitListValue <X509KeyUsageCSharpStyle>());
Assert.False(keyUsagePayload.HasData, "keyUsagePayload.HasData");
AssertExtension(extensions, "2.5.29.37", false, 863, bytes);
AssertExtension(extensions, "2.5.29.32", false, 894, bytes);
AssertExtension(extensions, "2.5.29.35", false, 998, bytes);
AssertExtension(extensions, "2.5.29.31", false, 1031, bytes);
AssertExtension(extensions, "1.3.6.1.5.5.7.1.1", false, 1081, bytes);
Assert.False(extensions.HasData, "extensions.HasData");
Assert.Equal("1.2.840.113549.1.1.11", sigAlgReader.ReadObjectIdentifierAsString());
sigAlgReader.ReadNull();
Assert.False(sigAlgReader.HasData);
}