/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="isCompliant"><b>QcCompliant</b>. True is the cert is European Qualified Certificate otherwize false</param>
/// <param name="limit"><b>QcLimitValue</b>. Monetary value </param>
/// <param name="retentionPeriod"><b>QcRetentionPeriod</b></param>
/// <param name="isQSCD"><b>QcSSCD</b></param>
/// <param name="pdsLocations"><b>QcPds</b></param>
/// <param name="type"><b>QcType</b></param>
/// <param name="psd2"><b>PSD2 QcStatement</b></param>
/// <param name="critical"></param>
public QualifiedCertificateStatementsExtension(bool isCompliant, QcMonetaryValue limit, int retentionPeriod, bool isQSCD, IEnumerable <PdsLocation> pdsLocations, QcTypeIdentifiers type, Psd2Attributes psd2, bool critical)
{
Oid = new Oid(Oid_QC_Statements, "Qualified Certificate Statements");
Critical = critical;
var statements = new List <DerAsnSequence>();
if (isCompliant)
{
statements.Add(new QcComplianceStatement());
}
if (retentionPeriod > 0)
{
statements.Add(new QcRetentionPeriodStatement(retentionPeriod));
}
if (limit != null)
{
statements.Add(new QcLimitValueStatement(limit));
}
if (isQSCD)
{
statements.Add(new QcSSCDStatement());
}
statements.Add(new QcTypeStatement(type));
if (pdsLocations?.Any() == true)
{
statements.Add(new QcPdsStatement(pdsLocations));
}
if (psd2 != null)
{
statements.Add(new Psd2QcStatement(psd2));
}
RawData = DerConvert.Encode(new DerAsnSequence(statements.ToArray())).ToArray();
_Statements = new QualifiedCertificateStatements(isCompliant, limit, retentionPeriod, isQSCD, pdsLocations, type, psd2);
_decoded = true;
}
public void Decode_EmptyRawDataArray_ShouldThrowArgumentException()
{
var ex = Assert.Throws <ArgumentException>(() => DerConvert.Decode(new byte[] { }));
Assert.That(ex.Message, Does.StartWith("Data cannot be empty"));
Assert.That(ex.ParamName, Is.EqualTo("rawData"));
}
public void Decode_NoDefaultDecoder_ShouldThrowArgumentNullException()
{
DerConvert.DefaultDecoder = null;
var ex = Assert.Throws <ArgumentNullException>(() => DerConvert.Decode(new byte[] { 0x00 }));
Assert.That(ex.ParamName, Is.EqualTo("DefaultDecoder"));
}
private void DecodeExtension()
{
var sequence = DerConvert.Decode(RawData) as DerAsnSequence;
_Policies = new CertificatePolicies(sequence.Value).Extract();
_decoded = true;
}
private void DecodeExtension()
{
var sequence = DerConvert.Decode(RawData) as DerAsnSequence;
_Psd2Type = new Psd2QcStatement(sequence.Value).ExtractAttributes();
_decoded = true;
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="distributionPoints"></param>
/// <param name="critical"></param>
public CRLDistributionPointsExtension(CRLDistributionPoint[] distributionPoints, bool critical)
{
Oid = new Oid(Oid_CRLDistributionPoints, "CRL Distribution Points");
Critical = critical;
RawData = DerConvert.Encode(new CRLDistributionPoints(distributionPoints)).ToArray();
_DistributionPoints = distributionPoints;
_decoded = true;
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="policies"></param>
/// <param name="critical"></param>
public CertificatePoliciesExtension(PolicyInformation[] policies, bool critical)
{
Oid = new Oid(Oid_CertificatePolicies, "Certificate Policies");
Critical = critical;
RawData = DerConvert.Encode(new CertificatePolicies(policies)).ToArray();
_Policies = policies;
_decoded = true;
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="psd2Type"></param>
/// <param name="critical"></param>
public QualifiedCertificateStatementsExtension(Psd2CertificateAttributes psd2Type, bool critical)
{
Oid = new Oid(Oid_QC_Statements, "Qualified Certificate Statements");
Critical = critical;
RawData = DerConvert.Encode(new Psd2QcStatement(psd2Type)).ToArray();
_Psd2Type = psd2Type;
_decoded = true;
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="accessDescritpions"></param>
/// <param name="critical"></param>
public AuthorityInformationAccessExtension(AccessDescription[] accessDescritpions, bool critical)
{
Oid = new Oid(Oid_AuthorityInformationAccess, "Authority Information Access");
Critical = critical;
RawData = DerConvert.Encode(new AccessDescriptionList(accessDescritpions)).ToArray();
_AccessDescriptions = accessDescritpions;
_decoded = true;
}
public void Encode_NoDefaultEncoder_ShouldThrowArgumentNullException()
{
var typeMock = new Mock <DerAsnType>(DerAsnIdentifiers.Primitive.Boolean);
DerConvert.DefaultEncoder = null;
var ex = Assert.Throws <ArgumentNullException>(() => DerConvert.Encode(typeMock.Object));
Assert.That(ex.ParamName, Is.EqualTo("DefaultEncoder"));
}
private void DecodeExtension()
{
_OrganizationIdentifier = new CABForumOrganizationIdentifier();
var root = DerConvert.Decode(RawData) as DerAsnSequence;
_OrganizationIdentifier.SchemeIdentifier = ((DerAsnPrintableString)root.Value[0]).Value;
_OrganizationIdentifier.Country = ((DerAsnPrintableString)root.Value[1]).Value;
_OrganizationIdentifier.Reference = ((DerAsnUtf8String)root.Value[2]).Value;
_decoded = true;
}
public void Decode_ShouldForwardCallToDecoder_ShouldDisposeDecoder()
{
var data = new byte[] { 1, 2, 3 };
var decoderMock = new Mock <IDerAsnDecoder>();
DerConvert.DefaultDecoder = () => decoderMock.Object;
DerConvert.Decode(data);
decoderMock.Verify(x => x.Decode(data), Times.Once);
decoderMock.Verify(x => x.Dispose(), Times.Once);
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="issuerKeyIdentifier">The subject key identifier of the issuer certificate</param>
/// <param name="critical"></param>
public AuthorityKeyIdentifierExtension(byte[] issuerKeyIdentifier, bool critical)
{
Oid = new Oid(Oid_AuthorityKeyIdentifier, "Authority Key Identifier");
Critical = critical;
RawData = DerConvert.Encode(
new DerAsnSequence(new[] {
new DerAsnOctetString(new DerAsnIdentifier(DerAsnTagClass.ContextSpecific, DerAsnEncodingType.Primitive, 0x0), issuerKeyIdentifier)
}));
_decoded = false;
}
public void Encode_ShouldForwardCallToEncoder_ShouldDisposeEncoder()
{
var typeMock = new Mock <DerAsnType>(DerAsnIdentifiers.Primitive.Boolean);
var encoderMock = new Mock <IDerAsnEncoder>();
DerConvert.DefaultEncoder = () => encoderMock.Object;
DerConvert.Encode(typeMock.Object);
encoderMock.Verify(x => x.Encode(typeMock.Object), Times.Once);
encoderMock.Verify(x => x.Dispose(), Times.Once);
}
/// <summary>
/// Used to create the extension from typed model
/// </summary>
/// <param name="organizationIdentifier"></param>
/// <param name="critical"></param>
public CABForumOrganizationIdentifierExtension(CABForumOrganizationIdentifier organizationIdentifier, bool critical)
{
Oid = new Oid(Oid_CabForumOrganizationIdentifier, "CRL Distribution Points");
Critical = critical;
var container = new DerAsnSequence(new DerAsnType[] {
new DerAsnPrintableString(organizationIdentifier.SchemeIdentifier),
new DerAsnPrintableString(organizationIdentifier.Country),
new DerAsnUtf8String(organizationIdentifier.Reference),
});
RawData = DerConvert.Encode(container).ToArray();
_OrganizationIdentifier = organizationIdentifier;
_decoded = true;
}
private void DecodeExtension()
{
_Statements = new QualifiedCertificateStatements();
var root = DerConvert.Decode(RawData) as DerAsnSequence;
if (root.Value[0] is DerAsnSequence)
{
foreach (var sequence in root.Value.OfType <DerAsnSequence>())
{
if (sequence.Value[0] is DerAsnObjectIdentifier oid)
{
switch (oid.Value.ToOidString())
{
case QcComplianceStatement.Oid_QcCompliance:
_Statements.IsCompliant = new QcComplianceStatement(sequence.Value).Extract(); break;
case QcLimitValueStatement.Oid_QcLimitValue:
_Statements.LimitValue = new QcLimitValueStatement(sequence.Value).Extract(); break;
case QcRetentionPeriodStatement.Oid_QcRetentionPeriod:
_Statements.RetentionPeriod = new QcRetentionPeriodStatement(sequence.Value).Extract(); break;
case QcSSCDStatement.Oid_QcSSCD:
_Statements.IsQSCD = new QcSSCDStatement(sequence.Value).Extract(); break;
case QcPdsStatement.Oid_QcPds:
_Statements.PdsLocations = new QcPdsStatement(sequence.Value).Extract(); break;
case QcTypeStatement.Oid_QcType:
_Statements.Type = new QcTypeStatement(sequence.Value).Extract(); break;
case Psd2QcStatement.Oid_PSD2_QcStatement:
_Statements.Psd2Type = new Psd2QcStatement(sequence.Value).Extract(); break;
default: break;
}
}
}
}
else if (root.Value[0] is DerAsnObjectIdentifier oid &&
Psd2QcStatement.Oid_PSD2_QcStatement.Equals(oid.Value.ToOidString()))
{
_Statements.Psd2Type = new Psd2QcStatement(root.Value).Extract();
}
_decoded = true;
}
private void Write(DerAsnType der, PemFormat format)
{
var derBytes = DerConvert.Encode(der);
var derBase64 = Convert.ToBase64String(derBytes);
var pem = new StringBuilder();
pem.Append(format.Header + "\n");
for (var i = 0; i < derBase64.Length; i += _maximumLineLength)
{
pem.Append(derBase64.Substring(i, Math.Min(_maximumLineLength, derBase64.Length - i)));
pem.Append("\n");
}
pem.Append(format.Footer + "\n");
using (var writer = new StreamWriter(_stream, _encoding, 4096, true))
writer.Write(pem.ToString());
}
public void WritePublicKey(RSAParameters parameters)
{
var innerSequence = new DerAsnSequence(new DerAsnType[]
{
new DerAsnInteger(parameters.Modulus, true),
new DerAsnInteger(parameters.Exponent, true)
});
var outerSequence = new DerAsnSequence(new DerAsnType[]
{
new DerAsnSequence(new DerAsnType[]
{
new DerAsnObjectIdentifier("1.2.840.113549.1.1.1"), // rsaEncryption http://www.oid-info.com/get/1.2.840.113549.1.1.1
new DerAsnNull()
}),
new DerAsnBitString(DerConvert.Encode(innerSequence))
});
Write(outerSequence, PemFormat.Public);
}
public void WritePublicKey(RSAParameters parameters)
{
var innerSequence = new DerAsnSequence(new DerAsnType[]
{
new DerAsnInteger(ToBigInteger(parameters.Modulus)),
new DerAsnInteger(ToBigInteger(parameters.Exponent))
});
var innerSequenceData = DerConvert.Encode(innerSequence);
var outerSequence = new DerAsnSequence(new DerAsnType[]
{
new DerAsnSequence(new DerAsnType[]
{
new DerAsnObjectIdentifier(1, 2, 840, 113549, 1, 1, 1), // rsaEncryption http://www.oid-info.com/get/1.2.840.113549.1.1.1
new DerAsnNull()
}),
new DerAsnBitString(ToBitArray(innerSequenceData))
});
Write(outerSequence, PemFormat.Public);
}
public RSAParameters ReadRsaKey()
{
var parts = ReadPemParts();
var headerFormat = ExtractFormat(parts.Header, isFooter: false);
var footerFormat = ExtractFormat(parts.Footer, isFooter: true);
if (!headerFormat.Equals(footerFormat))
{
throw new InvalidOperationException($"Header/footer format mismatch: {headerFormat}/{footerFormat}");
}
var derData = Convert.FromBase64String(parts.Body);
var der = DerConvert.Decode(derData);
if (headerFormat.Equals(PemFormat.Public))
{
return(ReadPublicKey(der));
}
if (headerFormat.Equals(PemFormat.Rsa))
{
return(ReadPrivateKey(der));
}
throw new NotImplementedException($"The format {headerFormat} is not yet implemented");
}
private static RSAParameters ReadPublicKey(DerAsnType der)
{
if (der == null)
{
throw new ArgumentNullException(nameof(der));
}
var outerSequence = der as DerAsnSequence;
if (outerSequence == null)
{
throw new ArgumentException($"{nameof(der)} is not a sequence");
}
if (outerSequence.Items.Count != 2)
{
throw new InvalidOperationException("Outer sequence must contain 2 parts");
}
var headerSequence = outerSequence.Items[0] as DerAsnSequence;
if (headerSequence == null)
{
throw new InvalidOperationException("First part of outer sequence must be another sequence (the header sequence)");
}
if (headerSequence.Items.Count != 2)
{
throw new InvalidOperationException("The header sequence must contain 2 parts");
}
var objectIdentifier = headerSequence.Items[0] as DerAsnObjectIdentifier;
if (objectIdentifier == null)
{
throw new InvalidOperationException("First part of header sequence must be an object-identifier");
}
if (!objectIdentifier.Value.Equals("1.2.840.113549.1.1.1"))
{
throw new InvalidOperationException($"RSA object-identifier expected 1.2.840.113549.1.1.1, got: {objectIdentifier.Value}");
}
if (!(headerSequence.Items[1] is DerAsnNull))
{
throw new InvalidOperationException("Second part of header sequence must be a null");
}
var innerSequenceData = outerSequence.Items[1] as DerAsnBitString;
if (innerSequenceData == null)
{
throw new InvalidOperationException("Second part of outer sequence must be a bit-string");
}
var innerSequence = DerConvert.Decode(innerSequenceData.Value as byte[]) as DerAsnSequence;
if (innerSequence == null)
{
throw new InvalidOperationException("Could not decode the bit-string as a sequence");
}
if (innerSequence.Items.Count < 2)
{
throw new InvalidOperationException("Inner sequence must at least contain 2 parts (modulus and exponent)");
}
return(new RSAParameters
{
Modulus = GetIntegerData(innerSequence.Items[0]),
Exponent = GetIntegerData(innerSequence.Items[1])
});
}
private static RSAParameters ReadPublicKey(DerAsnType der)
{
if (der == null)
{
throw new ArgumentNullException(nameof(der));
}
var outerSequence = der as DerAsnSequence;
if (outerSequence == null)
{
throw new ArgumentException($"{nameof(der)} is not a sequence");
}
if (outerSequence.Value.Length != 2)
{
throw new InvalidOperationException("Outer sequence must contain 2 parts");
}
var headerSequence = outerSequence.Value[0] as DerAsnSequence;
if (headerSequence == null)
{
throw new InvalidOperationException("First part of outer sequence must be another sequence (the header sequence)");
}
if (headerSequence.Value.Length != 2)
{
throw new InvalidOperationException("The header sequence must contain 2 parts");
}
var objectIdentifier = headerSequence.Value[0] as DerAsnObjectIdentifier;
if (objectIdentifier == null)
{
throw new InvalidOperationException("First part of header sequence must be an object-identifier");
}
if (!Enumerable.SequenceEqual(objectIdentifier.Value, RsaIdentifier))
{
throw new InvalidOperationException($"RSA object-identifier expected 1.2.840.113549.1.1.1, got: {string.Join(".", objectIdentifier.Value.Select(x => x.ToString()))}");
}
if (!(headerSequence.Value[1] is DerAsnNull))
{
throw new InvalidOperationException("Second part of header sequence must be a null");
}
var innerSequenceBitString = outerSequence.Value[1] as DerAsnBitString;
if (innerSequenceBitString == null)
{
throw new InvalidOperationException("Second part of outer sequence must be a bit-string");
}
var innerSequenceData = innerSequenceBitString.ToByteArray();
var innerSequence = DerConvert.Decode(innerSequenceData) as DerAsnSequence;
if (innerSequence == null)
{
throw new InvalidOperationException("Could not decode the bit-string as a sequence");
}
if (innerSequence.Value.Length < 2)
{
throw new InvalidOperationException("Inner sequence must at least contain 2 parts (modulus and exponent)");
}
return(new RSAParameters
{
Modulus = GetIntegerData(innerSequence.Value[0]),
Exponent = GetIntegerData(innerSequence.Value[1])
});
}
public void Encode_NullAsAsnType_ShouldThrowArgumentNullException()
{
var ex = Assert.Throws <ArgumentNullException>(() => DerConvert.Encode(null));
Assert.That(ex.ParamName, Is.EqualTo("asnType"));
}
public void Decode_NullAsRawData_ShouldThrowArgumentNullException()
{
var ex = Assert.Throws <ArgumentNullException>(() => DerConvert.Decode(null));
Assert.That(ex.ParamName, Is.EqualTo("rawData"));
}
