internal static List <AttributeAsn> BuildAttributes(CryptographicAttributeObjectCollection attributes)
{
List <AttributeAsn> signedAttrs = new List <AttributeAsn>();
if (attributes == null || attributes.Count == 0)
{
return(signedAttrs);
}
foreach (CryptographicAttributeObject attributeObject in attributes)
{
AttributeAsn newAttr = new AttributeAsn
{
AttrType = attributeObject.Oid,
AttrValues = new ReadOnlyMemory <byte> [attributeObject.Values.Count],
};
for (int i = 0; i < attributeObject.Values.Count; i++)
{
newAttr.AttrValues[i] = attributeObject.Values[i].RawData;
}
signedAttrs.Add(newAttr);
}
return(signedAttrs);
}
public static AttributeAsn[] NormalizeAttributeSet(
AttributeAsn[] setItems,
Action <byte[]> encodedValueProcessor = null)
{
byte[] normalizedValue;
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSetOf();
foreach (AttributeAsn item in setItems)
{
item.Encode(writer);
}
writer.PopSetOf();
normalizedValue = writer.Encode();
if (encodedValueProcessor != null)
{
encodedValueProcessor(normalizedValue);
}
}
AsnReader reader = new AsnReader(normalizedValue, AsnEncodingRules.DER);
AsnReader setReader = reader.ReadSetOf();
AttributeAsn[] decodedSet = new AttributeAsn[setItems.Length];
int i = 0;
while (setReader.HasData)
{
AttributeAsn.Decode(setReader, out AttributeAsn item);
decodedSet[i] = item;
i++;
}
return(decodedSet);
}
internal static List <AttributeAsn> BuildAttributes(CryptographicAttributeObjectCollection attributes)
{
List <AttributeAsn> signedAttrs = new List <AttributeAsn>();
if (attributes == null || attributes.Count == 0)
{
return(signedAttrs);
}
foreach (CryptographicAttributeObject attributeObject in attributes)
{
using (var writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSetOf();
foreach (AsnEncodedData objectValue in attributeObject.Values)
{
writer.WriteEncodedValue(objectValue.RawData);
}
writer.PopSetOf();
AttributeAsn newAttr = new AttributeAsn
{
AttrType = attributeObject.Oid,
AttrValues = writer.Encode(),
};
signedAttrs.Add(newAttr);
}
}
return(signedAttrs);
}
internal static void Decode(ref AsnValueReader reader, ReadOnlyMemory <byte> rebind, out SignedAttributesSet decoded)
{
decoded = default;
Asn1Tag tag = reader.PeekTag();
AsnValueReader collectionReader;
if (tag.HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
// Decode SEQUENCE OF for SignedAttributes
{
collectionReader = reader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 0));
var tmpList = new List <AttributeAsn>();
AttributeAsn tmpItem;
while (collectionReader.HasData)
{
AttributeAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.SignedAttributes = tmpList.ToArray();
}
}
else
{
throw new CryptographicException();
}
}
public static void Decode(ref AsnValueReader reader, Asn1Tag expectedTag, ReadOnlyMemory <byte> rebind, out EnvelopedDataAsn decoded)
{
decoded = default;
AsnValueReader sequenceReader = reader.ReadSequence(expectedTag);
AsnValueReader collectionReader;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
OriginatorInfoAsn tmpOriginatorInfo;
OriginatorInfoAsn.Decode(ref sequenceReader, new Asn1Tag(TagClass.ContextSpecific, 0), rebind, out tmpOriginatorInfo);
decoded.OriginatorInfo = tmpOriginatorInfo;
}
// Decode SEQUENCE OF for RecipientInfos
{
collectionReader = sequenceReader.ReadSetOf();
var tmpList = new List <RecipientInfoAsn>();
RecipientInfoAsn tmpItem;
while (collectionReader.HasData)
{
RecipientInfoAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.RecipientInfos = tmpList.ToArray();
}
EncryptedContentInfoAsn.Decode(ref sequenceReader, rebind, out decoded.EncryptedContentInfo);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
// Decode SEQUENCE OF for UnprotectedAttributes
{
collectionReader = sequenceReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 1));
var tmpList = new List <AttributeAsn>();
AttributeAsn tmpItem;
while (collectionReader.HasData)
{
AttributeAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.UnprotectedAttributes = tmpList.ToArray();
}
}
sequenceReader.ThrowIfNotEmpty();
}
internal static void Decode(ref AsnValueReader reader, Asn1Tag expectedTag, ReadOnlyMemory <byte> rebind, out SignerInfoAsn decoded)
{
decoded = default;
AsnValueReader sequenceReader = reader.ReadSequence(expectedTag);
AsnValueReader collectionReader;
ReadOnlySpan <byte> rebindSpan = rebind.Span;
int offset;
ReadOnlySpan <byte> tmpSpan;
if (!sequenceReader.TryReadInt32(out decoded.Version))
{
sequenceReader.ThrowIfNotEmpty();
}
SignerIdentifierAsn.Decode(ref sequenceReader, rebind, out decoded.Sid);
AlgorithmIdentifierAsn.Decode(ref sequenceReader, rebind, out decoded.DigestAlgorithm);
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
{
tmpSpan = sequenceReader.ReadEncodedValue();
decoded.SignedAttributes = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
decoded.SignedAttributesSet = SignedAttributesSet.Decode(decoded.SignedAttributes.Value, AsnEncodingRules.BER);
}
AlgorithmIdentifierAsn.Decode(ref sequenceReader, rebind, out decoded.SignatureAlgorithm);
if (sequenceReader.TryReadPrimitiveOctetStringBytes(out tmpSpan))
{
decoded.SignatureValue = rebindSpan.Overlaps(tmpSpan, out offset) ? rebind.Slice(offset, tmpSpan.Length) : tmpSpan.ToArray();
}
else
{
decoded.SignatureValue = sequenceReader.ReadOctetString();
}
if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
{
// Decode SEQUENCE OF for UnsignedAttributes
{
collectionReader = sequenceReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 1));
var tmpList = new List <AttributeAsn>();
AttributeAsn tmpItem;
while (collectionReader.HasData)
{
AttributeAsn.Decode(ref collectionReader, rebind, out tmpItem);
tmpList.Add(tmpItem);
}
decoded.UnsignedAttributes = tmpList.ToArray();
}
}
sequenceReader.ThrowIfNotEmpty();
}
internal byte[] ToPkcs10Request(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm)
{
// State validation should be runtime checks if/when this becomes public API
Debug.Assert(signatureGenerator != null);
Debug.Assert(Subject != null);
Debug.Assert(PublicKey != null);
byte[] signatureAlgorithm = signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm);
AlgorithmIdentifierAsn signatureAlgorithmAsn;
// Deserialization also does validation of the value (except for Parameters, which have to be validated separately).
signatureAlgorithmAsn = AlgorithmIdentifierAsn.Decode(signatureAlgorithm, AsnEncodingRules.DER);
if (signatureAlgorithmAsn.Parameters.HasValue)
{
Helpers.ValidateDer(signatureAlgorithmAsn.Parameters.Value.Span);
}
SubjectPublicKeyInfoAsn spki = default;
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = PublicKey.Oid !.Value !, Parameters = PublicKey.EncodedParameters.RawData
};
spki.SubjectPublicKey = PublicKey.EncodedKeyValue.RawData;
var attributes = new AttributeAsn[Attributes.Count];
for (int i = 0; i < attributes.Length; i++)
{
attributes[i] = new AttributeAsn(Attributes[i]);
}
CertificationRequestInfoAsn requestInfo = new CertificationRequestInfoAsn
{
Version = 0,
Subject = this.Subject.RawData,
SubjectPublicKeyInfo = spki,
Attributes = attributes
};
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
requestInfo.Encode(writer);
byte[] encodedRequestInfo = writer.Encode();
writer.Reset();
CertificationRequestAsn certificationRequest = new CertificationRequestAsn
{
CertificationRequestInfo = requestInfo,
SignatureAlgorithm = signatureAlgorithmAsn,
SignatureValue = signatureGenerator.SignData(encodedRequestInfo, hashAlgorithm),
};
certificationRequest.Encode(writer);
return(writer.Encode());
}
}
private void BuildBags(
ICertificatePalCore certPal,
ReadOnlySpan <char> passwordSpan,
AsnWriter tmpWriter,
CertBagAsn[] certBags,
AttributeAsn[] certAttrs,
SafeBagAsn[] keyBags,
ref int certIdx,
ref int keyIdx)
{
tmpWriter.WriteOctetString(certPal.RawData);
certBags[certIdx] = new CertBagAsn
{
CertId = Oids.Pkcs12X509CertBagType,
CertValue = tmpWriter.Encode(),
};
tmpWriter.Reset();
if (certPal.HasPrivateKey)
{
byte[] attrBytes = new byte[6];
attrBytes[0] = (byte)UniversalTagNumber.OctetString;
attrBytes[1] = sizeof(int);
MemoryMarshal.Write(attrBytes.AsSpan(2), ref keyIdx);
AttributeAsn attribute = new AttributeAsn
{
AttrType = Oids.LocalKeyId,
AttrValues = new ReadOnlyMemory <byte>[]
{
attrBytes,
}
};
keyBags[keyIdx] = new SafeBagAsn
{
BagId = Oids.Pkcs12ShroudedKeyBag,
BagValue = ExportPkcs8(certPal, passwordSpan),
BagAttributes = new[] { attribute }
};
// Reuse the attribute between the cert and the key.
certAttrs[certIdx] = attribute;
keyIdx++;
}
certIdx++;
}
public static AttributeAsn[] NormalizeAttributeSet(
AttributeAsn[] setItems,
Action <byte[]>?encodedValueProcessor = null)
{
byte[] normalizedValue;
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
writer.PushSetOf();
foreach (AttributeAsn item in setItems)
{
item.Encode(writer);
}
writer.PopSetOf();
normalizedValue = writer.Encode();
if (encodedValueProcessor != null)
{
encodedValueProcessor(normalizedValue);
}
try
{
AsnValueReader reader = new AsnValueReader(normalizedValue, AsnEncodingRules.DER);
AsnValueReader setReader = reader.ReadSetOf();
AttributeAsn[] decodedSet = new AttributeAsn[setItems.Length];
int i = 0;
while (setReader.HasData)
{
AttributeAsn.Decode(ref setReader, normalizedValue, out AttributeAsn item);
decodedSet[i] = item;
i++;
}
return(decodedSet);
}
catch (AsnContentException e)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
}
}
public void ComputeCounterSignature(CmsSigner signer)
{
if (_parentSignerInfo != null)
{
throw new CryptographicException(SR.Cryptography_Cms_NoCounterCounterSigner);
}
if (signer == null)
{
throw new ArgumentNullException(nameof(signer));
}
signer.CheckCertificateValue();
int myIdx = _document.SignerInfos.FindIndexForSigner(this);
if (myIdx < 0)
{
throw new CryptographicException(SR.Cryptography_Cms_SignerNotFound);
}
// Make sure that we're using the most up-to-date version of this that we can.
SignerInfo effectiveThis = _document.SignerInfos[myIdx];
X509Certificate2Collection chain;
SignerInfoAsn newSignerInfo = signer.Sign(effectiveThis._signature, null, false, out chain);
AttributeAsn newUnsignedAttr;
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSetOf();
AsnSerializer.Serialize(newSignerInfo, writer);
writer.PopSetOf();
newUnsignedAttr = new AttributeAsn
{
AttrType = new Oid(Oids.CounterSigner, Oids.CounterSigner),
AttrValues = writer.Encode(),
};
}
ref SignedDataAsn signedData = ref _document.GetRawData();
