public static void SerializeChoice_Third() { DirectoryStringClass directoryString = new DirectoryStringClass { PrintableString = "Printable", }; using (AsnWriter writer = AsnSerializer.Serialize(directoryString, AsnEncodingRules.DER)) { Assert.Equal("13095072696E7461626C65", writer.Encode().ByteArrayToHex()); } }
public static void SerializeChoice_First() { DirectoryStringClass directoryString = new DirectoryStringClass { Utf8String = "UTF8", }; using (AsnWriter writer = AsnSerializer.Serialize(directoryString, AsnEncodingRules.DER)) { Assert.Equal("0C0455544638", writer.Encode().ByteArrayToHex()); } }
public static void SerializeChoice_Second() { DirectoryStringClass directoryString = new DirectoryStringClass { BmpString = "BMP", }; using (AsnWriter writer = AsnSerializer.Serialize(directoryString, AsnEncodingRules.DER)) { Assert.Equal("1E060042004D0050", writer.Encode().ByteArrayToHex()); } }
public static void SerializeChoice_WithinChoice6() { var hybrid = new FlexibleStringStructHybrid { Ascii = "IA5", }; using (AsnWriter writer = AsnSerializer.Serialize(hybrid, AsnEncodingRules.DER)) { Assert.Equal("1603494135", writer.Encode().ByteArrayToHex()); } }
public static void WriteOptionals(string expectedHex, bool hasUtf8, bool hasIa5) { var data = new OptionalValues { Utf8String = hasUtf8 ? "UTF8" : null, IA5String = hasIa5 ? "IA5" : null, }; AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER); Assert.Equal(expectedHex, writer.Encode().ByteArrayToHex()); }
public static void SerializeExplicitValue() { var data = new ExplicitValueStruct { ExplicitInt = 3, ImplicitInt = 0x17, }; AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER); Assert.Equal("3008A003020103020117", writer.Encode().ByteArrayToHex()); }
public static void SerializeNamedBitList() { var flagsContainer = new NamedBitListModeVariants { DefaultMode = SomeFlagsEnum.BitEleven | SomeFlagsEnum.BitTwo | SomeFlagsEnum.BitFourteen }; using (AsnWriter writer = AsnSerializer.Serialize(flagsContainer, AsnEncodingRules.DER)) { Assert.Equal("30050303012012", writer.Encode().ByteArrayToHex()); } }
public static void WriteNegativeIntegers() { BigIntegers bigIntegers = new BigIntegers { First = -273, Second = new byte[] { 0xFE, 0xED, 0xF0, 0x0D }, }; using (AsnWriter writer = AsnSerializer.Serialize(bigIntegers, AsnEncodingRules.DER)) { Assert.Equal("300A0202FEEF0204FEEDF00D", writer.EncodeAsSpan().ByteArrayToHex()); } }
public static void SerializeDefaultValue_AsNonDefault() { var extension = new X509DeserializeTests.Extension { ExtnId = "2.5.29.15", Critical = true, ExtnValue = new byte[] { 0x03, 0x02, 0x05, 0xA0 }, }; AsnWriter writer = AsnSerializer.Serialize(extension, AsnEncodingRules.DER); Assert.Equal("300E0603551D0F0101FF0404030205A0", writer.Encode().ByteArrayToHex()); }
public static void SerializeDefaultValue_AsDefault() { var extension = new X509DeserializeTests.Extension { ExtnId = "2.5.29.19", Critical = false, ExtnValue = new byte[] { 0x30, 0x00 }, }; AsnWriter writer = AsnSerializer.Serialize(extension, AsnEncodingRules.DER); Assert.Equal("30090603551D1304023000", writer.Encode().ByteArrayToHex()); }
public static void SerializeChoice_WithinChoice5() { var hybrid = new FlexibleStringStructHybrid { DirectoryString = new DirectoryStringClass { Utf8String = "Marco", }, }; AsnWriter writer = AsnSerializer.Serialize(hybrid, AsnEncodingRules.DER); Assert.Equal("0C054D6172636F", writer.Encode().ByteArrayToHex()); }
public static void SerializeChoice_WithinChoice4() { var hybrid = new FlexibleStringStructHybrid { DirectoryString = new DirectoryStringClass { BmpString = "Polo", }, }; AsnWriter writer = AsnSerializer.Serialize(hybrid, AsnEncodingRules.DER); Assert.Equal("1E080050006F006C006F", writer.Encode().ByteArrayToHex()); }
private void AddGeneralName(GeneralNameAsn generalName) { try { // Verify that the general name can be serialized and store it. using (AsnWriter writer = AsnSerializer.Serialize(generalName, AsnEncodingRules.DER)) { _encodedNames.Add(writer.Encode()); } } catch (EncoderFallbackException) { throw new CryptographicException(SR.Cryptography_Invalid_IA5String); } }
internal byte[] ToPkcs10Request(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm) { // State validation should be runtime checks if/when this becomes public API Debug.Assert(signatureGenerator != null); Debug.Assert(Subject != null); Debug.Assert(PublicKey != null); byte[] signatureAlgorithm = signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm); AlgorithmIdentifierAsn signatureAlgorithmAsn; // Deserialization also does validation of the value (except for Parameters, which have to be validated separately). signatureAlgorithmAsn = AsnSerializer.Deserialize <AlgorithmIdentifierAsn>(signatureAlgorithm, AsnEncodingRules.DER); if (signatureAlgorithmAsn.Parameters.HasValue) { Helpers.ValidateDer(signatureAlgorithmAsn.Parameters.Value); } SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn(); spki.Algorithm = new AlgorithmIdentifierAsn { Algorithm = PublicKey.Oid, Parameters = PublicKey.EncodedParameters.RawData }; spki.SubjectPublicKey = PublicKey.EncodedKeyValue.RawData; CertificationRequestInfoAsn requestInfo = new CertificationRequestInfoAsn { Version = 0, Subject = this.Subject.RawData, SubjectPublicKeyInfo = spki, Attributes = Attributes.Select(e => new X501AttributeAsn(e)).ToArray(), }; using (AsnWriter writer = AsnSerializer.Serialize(requestInfo, AsnEncodingRules.DER)) { byte[] encodedRequestInfo = writer.Encode(); CertificationRequestAsn certificationRequest = new CertificationRequestAsn { CertificationRequestInfo = requestInfo, SignatureAlgorithm = signatureAlgorithmAsn, SignatureValue = signatureGenerator.SignData(encodedRequestInfo, hashAlgorithm), }; using (AsnWriter signedWriter = AsnSerializer.Serialize(certificationRequest, AsnEncodingRules.DER)) { return(signedWriter.Encode()); } } }
/// <summary> /// Create a timestamp request using a pre-computed hash value. /// </summary> /// <param name="hash">The pre-computed hash value to be timestamped.</param> /// <param name="hashAlgorithmId"> /// The Object Identifier (OID) for the hash algorithm which produced <paramref name="hash"/>. /// </param> /// <param name="requestedPolicyId"> /// The Object Identifier (OID) for a timestamp policy the Timestamp Authority (TSA) should use, /// or <c>null</c> to express no preference. /// </param> /// <param name="nonce"> /// An optional nonce (number used once) to uniquely identify this request to pair it with the response. /// The value is interpreted as an unsigned big-endian integer and may be normalized to the encoding format. /// </param> /// <param name="requestSignerCertificates"> /// Indicates whether the Timestamp Authority (TSA) must (<c>true</c>) or must not (<c>false</c>) include /// the signing certificate in the issued timestamp token. /// </param> /// <param name="extensions">RFC3161 extensions to present with the request.</param> /// <returns> /// An <see cref="Rfc3161TimestampRequest"/> representing the chosen values. /// </returns> /// <seealso cref="Encode"/> /// <seealso cref="TryEncode"/> public static Rfc3161TimestampRequest CreateFromHash( ReadOnlyMemory <byte> hash, Oid hashAlgorithmId, Oid requestedPolicyId = null, ReadOnlyMemory <byte>?nonce = null, bool requestSignerCertificates = false, X509ExtensionCollection extensions = null) { var req = new Rfc3161TimeStampReq { Version = 1, MessageImprint = new MessageImprint { HashAlgorithm = { Algorithm = hashAlgorithmId, Parameters = AlgorithmIdentifierAsn.ExplicitDerNull, }, HashedMessage = hash, }, ReqPolicy = requestedPolicyId, CertReq = requestSignerCertificates, Nonce = nonce, }; if (extensions != null) { req.Extensions = extensions.OfType <X509Extension>().Select(e => new X509ExtensionAsn(e)).ToArray(); } // The RFC implies DER (see TryParse), and DER is the most widely understood given that // CER isn't specified. const AsnEncodingRules ruleSet = AsnEncodingRules.DER; AsnWriter writer = AsnSerializer.Serialize(req, ruleSet); byte[] encodedBytes = writer.Encode(); // Make sure everything normalizes req = AsnSerializer.Deserialize <Rfc3161TimeStampReq>(encodedBytes, ruleSet); return(new Rfc3161TimestampRequest { _encodedBytes = writer.Encode(), _parsedData = req, }); }
public ReadOnlyMemory <byte>?GetTimestampAuthorityName() { if (_tsaNameBytes == null) { GeneralName?tsaName = _parsedData.Tsa; if (tsaName == null) { return(null); } _tsaNameBytes = AsnSerializer.Serialize(tsaName.Value, AsnEncodingRules.DER).Encode(); Debug.Assert(_tsaNameBytes.HasValue); } return(_tsaNameBytes.Value); }
public static void SerializeAlgorithmIdentifier() { AlgorithmIdentifier identifier = new AlgorithmIdentifier { Algorithm = new Oid("2.16.840.1.101.3.4.2.1", "SHA-2-256"), Parameters = new byte[] { 5, 0 }, }; AsnWriter writer = AsnSerializer.Serialize(identifier, AsnEncodingRules.DER); const string ExpectedHex = "300D" + "0609608648016503040201" + "0500"; Assert.Equal(ExpectedHex, writer.Encode().ByteArrayToHex()); }
private byte[] EncryptContent( ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, out byte[] cek, out byte[] parameterBytes) { using (SymmetricAlgorithm alg = OpenAlgorithm(contentEncryptionAlgorithm)) using (ICryptoTransform encryptor = alg.CreateEncryptor()) { cek = alg.Key; if (alg is RC2) { Rc2CbcParameters rc2Params = new Rc2CbcParameters(alg.IV, alg.KeySize); using (AsnWriter writer = AsnSerializer.Serialize(rc2Params, AsnEncodingRules.DER)) { parameterBytes = writer.Encode(); } } else { parameterBytes = EncodeOctetString(alg.IV); } byte[] toEncrypt = contentInfo.Content; if (contentInfo.ContentType.Value == Oids.Pkcs7Data) { toEncrypt = EncodeOctetString(toEncrypt); return(encryptor.OneShot(toEncrypt)); } else { if (contentInfo.Content.Length == 0) { return(encryptor.OneShot(contentInfo.Content)); } else { AsnReader reader = new AsnReader(contentInfo.Content, AsnEncodingRules.BER); return(encryptor.OneShot(reader.PeekContentBytes().ToArray())); } } } }
public virtual byte[] ComputeCapiSha1OfPublicKey(PublicKey key) { // The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive // of the DER structural bytes. SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn(); spki.Algorithm = new AlgorithmIdentifierAsn { Algorithm = key.Oid, Parameters = key.EncodedParameters.RawData }; spki.SubjectPublicKey = key.EncodedKeyValue.RawData; using (AsnWriter writer = AsnSerializer.Serialize(spki, AsnEncodingRules.DER)) using (SHA1 hash = SHA1.Create()) { return(hash.ComputeHash(writer.Encode())); } }
public virtual byte[] EncodeX509BasicConstraints2Extension( bool certificateAuthority, bool hasPathLengthConstraint, int pathLengthConstraint) { BasicConstraintsAsn constraints = new BasicConstraintsAsn(); constraints.CA = certificateAuthority; if (hasPathLengthConstraint) { constraints.PathLengthConstraint = pathLengthConstraint; } using (AsnWriter writer = AsnSerializer.Serialize(constraints, AsnEncodingRules.DER)) { return(writer.Encode()); } }
public static void WriteAnyValueWithExpectedTag() { byte[] anyValue = "3003010100".HexToByteArray(); var data = new AnyWithExpectedTag { Id = "0.0", Data = anyValue, }; AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER); Assert.Equal("30080601003003010100", writer.Encode().ByteArrayToHex()); anyValue[0] = 0xA0; Assert.Throws <CryptographicException>(() => AsnSerializer.Serialize(data, AsnEncodingRules.DER)); }
public static void SerializeExplicitDefaultValue(int version, string expectedHex) { ExplicitDefaultAsn data = new ExplicitDefaultAsn { Version = version }; byte[] encoded; using (AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER)) { encoded = writer.Encode(); Assert.Equal(expectedHex, encoded.ByteArrayToHex()); } // Deserialize the data back. data = AsnSerializer.Deserialize <ExplicitDefaultAsn>(encoded, AsnEncodingRules.DER); Assert.Equal(version, data.Version); }
internal static byte[] EncodeContentInfo <T>( T value, string contentType, AsnEncodingRules ruleSet = AsnEncodingRules.DER) { using (AsnWriter innerWriter = AsnSerializer.Serialize(value, ruleSet)) { ContentInfoAsn content = new ContentInfoAsn { ContentType = contentType, Content = innerWriter.Encode(), }; using (AsnWriter outerWriter = AsnSerializer.Serialize(content, ruleSet)) { return(outerWriter.Encode()); } } }
public void SealWithoutIntegrity() { if (IsSealed) { throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed); } ContentInfoAsn[] contents = _contents?.ToArray() ?? Array.Empty <ContentInfoAsn>(); using (AsnWriter contentsWriter = AsnSerializer.Serialize(contents, AsnEncodingRules.BER)) using (AsnWriter writer = new AsnWriter(AsnEncodingRules.BER)) { // https://tools.ietf.org/html/rfc7292#section-4 // // PFX ::= SEQUENCE { // version INTEGER {v3(3)}(v3,...), // authSafe ContentInfo, // macData MacData OPTIONAL // } writer.PushSequence(); writer.WriteInteger(3); writer.PushSequence(); { writer.WriteObjectIdentifier(Oids.Pkcs7Data); Asn1Tag contextSpecific0 = new Asn1Tag(TagClass.ContextSpecific, 0); writer.PushSequence(contextSpecific0); { writer.WriteOctetString(contentsWriter.EncodeAsSpan()); writer.PopSequence(contextSpecific0); } writer.PopSequence(); } writer.PopSequence(); _sealedData = writer.Encode(); } }
private static byte[] EncodeAttribute(IEnumerable <X509Extension> extensions) { if (extensions == null) { throw new ArgumentNullException(nameof(extensions)); } using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER)) { writer.PushSequence(); foreach (X509Extension e in extensions) { AsnSerializer.Serialize(new X509ExtensionAsn(e), writer); } writer.PopSequence(); return(writer.Encode()); } }
internal CertificateData(byte[] rawData) { #if DEBUG try { #endif RawData = rawData; certificate = AsnSerializer.Deserialize <CertificateAsn>(rawData, AsnEncodingRules.DER); certificate.TbsCertificate.ValidateVersion(); Issuer = new X500DistinguishedName(certificate.TbsCertificate.Issuer.ToArray()); Subject = new X500DistinguishedName(certificate.TbsCertificate.Subject.ToArray()); using (AsnWriter writer = AsnSerializer.Serialize(certificate.TbsCertificate.SubjectPublicKeyInfo, AsnEncodingRules.DER)) { SubjectPublicKeyInfo = writer.Encode(); } Extensions = new List <X509Extension>(); if (certificate.TbsCertificate.Extensions != null) { foreach (X509ExtensionAsn rawExtension in certificate.TbsCertificate.Extensions) { X509Extension extension = new X509Extension( rawExtension.ExtnId, rawExtension.ExtnValue.ToArray(), rawExtension.Critical); Extensions.Add(extension); } } #if DEBUG } catch (Exception e) { throw new CryptographicException( $"Error in reading certificate:{Environment.NewLine}{PemPrintCert(rawData)}", e); } #endif }
public void ComputeCounterSignature(CmsSigner signer) { if (_parentSignerInfo != null) { throw new CryptographicException(SR.Cryptography_Cms_NoCounterCounterSigner); } if (signer == null) { throw new ArgumentNullException(nameof(signer)); } signer.CheckCertificateValue(); int myIdx = _document.SignerInfos.FindIndexForSigner(this); if (myIdx < 0) { throw new CryptographicException(SR.Cryptography_Cms_SignerNotFound); } // Make sure that we're using the most up-to-date version of this that we can. SignerInfo effectiveThis = _document.SignerInfos[myIdx]; X509Certificate2Collection chain; SignerInfoAsn newSignerInfo = signer.Sign(effectiveThis._signature, null, false, out chain); AttributeAsn newUnsignedAttr; using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER)) { writer.PushSetOf(); AsnSerializer.Serialize(newSignerInfo, writer); writer.PopSetOf(); newUnsignedAttr = new AttributeAsn { AttrType = new Oid(Oids.CounterSigner, Oids.CounterSigner), AttrValues = writer.Encode(), }; } ref SignedDataAsn signedData = ref _document.GetRawData();
public static T[] NormalizeSet <T>( T[] setItems, Action <byte[]> encodedValueProcessor = null) { AsnSet <T> set = new AsnSet <T> { SetData = setItems, }; AsnWriter writer = AsnSerializer.Serialize(set, AsnEncodingRules.DER); byte[] normalizedValue = writer.Encode(); set = AsnSerializer.Deserialize <AsnSet <T> >(normalizedValue, AsnEncodingRules.DER); if (encodedValueProcessor != null) { encodedValueProcessor(normalizedValue); } return(set.SetData); }
private static byte[] EncodeBagValue(string certificateType, ReadOnlyMemory <byte> encodedCertificate) { // Read to ensure that there is precisely one legally encoded value. AsnReader reader = new AsnReader(encodedCertificate, AsnEncodingRules.BER); reader.GetEncodedValue(); reader.ThrowIfNotEmpty(); // No need to copy encodedCertificate here, because it will be copied into the // return value. CertBagAsn certBagAsn = new CertBagAsn { CertId = certificateType, CertValue = encodedCertificate, }; using (AsnWriter writer = AsnSerializer.Serialize(certBagAsn, AsnEncodingRules.BER)) { return(writer.Encode()); } }
public byte[] Encode() { if (!_hasData) { throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotSigned); } try { return(Helpers.EncodeContentInfo(_signedData, Oids.Pkcs7Signed)); } catch (CryptographicException) { if (Detached) { throw; } // If we can't write the contents back out then the most likely culprit is an // indefinite length encoding in the content field. To preserve as much input data // as possible while still maintaining our expectations of sorting any SET OF values, // do the following: // * Write the DER normalized version of the SignedData in detached mode. // * BER-decode that structure // * Copy the content field over // * BER-write the modified structure. SignedDataAsn copy = _signedData; copy.EncapContentInfo.Content = null; Debug.Assert(_signedData.EncapContentInfo.Content != null); using (AsnWriter detachedWriter = AsnSerializer.Serialize(copy, AsnEncodingRules.DER)) { copy = AsnSerializer.Deserialize <SignedDataAsn>(detachedWriter.Encode(), AsnEncodingRules.BER); } copy.EncapContentInfo.Content = _signedData.EncapContentInfo.Content; return(Helpers.EncodeContentInfo(copy, Oids.Pkcs7Signed, AsnEncodingRules.BER)); } }