private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
{
TbsCertificateStructure certificate;
using (Asn1InputStream input = new Asn1InputStream(x509certificate.GetTbsCertificate()))
{
certificate = TbsCertificateStructure.GetInstance(input.ReadObject());
}
AlgorithmIdentifier algorithmId = certificate.SubjectPublicKeyInfo.AlgorithmID;
var serial = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(certificate.Issuer, certificate.SerialNumber.Value);
IBufferedCipher cipher;
try
{
cipher = CipherUtilities.GetCipher(algorithmId.Algorithm.Id);
}
catch (Exception e)
{
// should never happen, if this happens throw IOException instead
throw new Exception("Could not find a suitable javax.crypto provider", e);
}
cipher.Init(true, x509certificate.GetPublicKey());
DerOctetString octets = new DerOctetString(cipher.DoFinal(abyte0));
RecipientIdentifier recipientId = new RecipientIdentifier(serial);
return(new KeyTransRecipientInfo(recipientId, algorithmId, octets));
}
/// <summary>
/// Generate an X509Certificate.
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <param name="Extensions">Extensions to include in the certificate</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(CspParameters cspParam, X509Extensions Extensions)
{
TbsCertificateStructure tbsCert = GenerateTbsCert(Extensions);
// Check this complies with policy
if (policy != null)
{
TestAgainstPolicy test = new TestAgainstPolicy(policy);
if (!test.report(tbsCert))
{
throw new PolicyEnforcementException(test.status.ToString());
}
}
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
signature = SysSigner.Sign(cert, cspParam, signatureAlgorithm);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
/// <summary>
/// Generate an X509 Certificate
/// </summary>
/// <param name="cspParam">CspParameters instance that has the private signing key</param>
/// <returns>An X509 Certificate</returns>
public X509Certificate Generate(CspParameters cspParam)
{
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
byte[] cert = tbsCert.GetEncoded();
byte[] signature;
try
{
signature = SysSigner.Sign(cert, cspParam, signatureAlgorithm);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
/// <summary>
/// Generate an X509Certificate.
/// </summary>
/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
/// <param name="Extensions">Set of extensions to include in the certificate.</param>
/// <returns>
/// An X509Certificate.
/// </returns>
/// <exception cref="PolicyEnforcementException">CA policy violation</exception>
/// <exception cref="CertificateEncodingException">
/// Exception encoding TBS cert
/// or
/// Exception producing certificate object
/// </exception>
public virtual X509Certificate Generate(AsymmetricKeyParameter privateKey, X509Extensions Extensions)
{
TbsCertificateStructure tbsCert = GenerateTbsCert(Extensions);
// Check this complies with policy
if (policy != null)
{
TestAgainstPolicy test = new TestAgainstPolicy(policy);
if (!test.report(tbsCert))
{
throw new PolicyEnforcementException(test.status.ToString());
}
}
byte[] signature;
try
{
signature = X509Utilities.GetSignatureForObject(
sigOid, signatureAlgorithm, privateKey, null, tbsCert);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
/// <summary>
/// Generate a new X509Certificate specifying a SecureRandom instance that you would like to use.
/// </summary>
/// <param name="privateKey">The private key of the issuer used to sign this certificate.</param>
/// <param name="random">The Secure Random you want to use.</param>
/// <returns>An X509Certificate.</returns>
private X509Certificate generate(SecureRandom random, AsymmetricKeyParameter privateKey)
{
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
byte[] signature;
try
{
signature = X509Utilities.GetSignatureForObject(
sigOID, signatureAlgorithm, (AsymmetricKeyParameter)privateKey, random, tbsCert);
}
catch (Exception e)
{
throw new CertificateEncodingException("Exception encoding TBS cert", e);
}
try
{
return(GenerateJcaObject(tbsCert, signature));
}
catch (CertificateParsingException e)
{
throw new CertificateEncodingException("Exception producing certificate object", e);
}
}
public X509Certificate Generate(AsymmetricKeyParameter privateKey, SecureRandom random)
{
TbsCertificateStructure tbsCertificateStructure = this.tbsGen.GenerateTbsCertificate();
byte[] signatureForObject;
try
{
signatureForObject = X509Utilities.GetSignatureForObject(this.sigOID, this.signatureAlgorithm, privateKey, random, tbsCertificateStructure);
}
catch (Exception e)
{
throw new CertificateEncodingException("exception encoding TBS cert", e);
}
X509Certificate result;
try
{
result = this.GenerateJcaObject(tbsCertificateStructure, signatureForObject);
}
catch (CertificateParsingException e2)
{
throw new CertificateEncodingException("exception producing certificate object", e2);
}
return(result);
}
public static byte[] GetSubjectPublicKeyInfo(this System.Security.Cryptography.X509Certificates.X509Certificate certificate)
{
var cert = new X509CertificateParser().ReadCertificate(certificate.GetRawCertData());
var tbsCert = TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetTbsCertificate()));
return(tbsCert.SubjectPublicKeyInfo.GetDerEncoded());
}
internal override bool analyse(TbsCertificateStructure tbsCert)
{
bool status = true;
BasicConstraints bc = BasicConstraints.GetInstance(tbsCert.Extensions.GetExtension(X509Extensions.BasicConstraints));
// If CA PathLength == 0, then cannot issue CA certs
if ((bc.IsCA()) && (pathLen == 0))
{
report = report + "CA PathLengthConstraint = 0 - cannot issue CA certificates;";
status = false;
}
// If CA PathLength set cert PathLength must be <
if ((bc.IsCA()) && (pathLen < int.MaxValue) && (bc.PathLenConstraint.IntValue >= pathLen))
{
report = report + "CA PathLengthConstraint = " + pathLen.ToString() + " - invalid certificate Path Length = " + bc.PathLenConstraint.IntValue.ToString() + ";";
status = false;
}
// If CA PathLength set then cert must set a PathLength
if ((bc.IsCA()) && (pathLen < int.MaxValue) && (bc.PathLenConstraint == null))
{
report = report + "CA PathLengthConstraint = " + pathLen.ToString() + " - certificate must set PathLengthConstraint;";
status = false;
}
return(status);
}
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
{
Asn1InputStream asn1inputstream =
new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate()));
TbsCertificateStructure tbscertificatestructure =
TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject());
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID;
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerandserialnumber =
new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(
tbscertificatestructure.Issuer,
tbscertificatestructure.SerialNumber.Value);
IBufferedCipher cipher = CipherUtilities.GetCipher(algorithmidentifier.ObjectID);
cipher.Init(true, x509certificate.GetPublicKey());
byte[] outp = new byte[10000];
int len = cipher.DoFinal(abyte0, outp, 0);
byte[] abyte1 = new byte[len];
System.Array.Copy(outp, 0, abyte1, 0, len);
DerOctetString deroctetstring = new DerOctetString(abyte1);
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return(new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring));
}
/// <summary>
/// Generate an X509Certificate using your own SecureRandom.
/// </summary>
/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
/// <param name="random">You Secure Random instance.</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(
AsymmetricKeyParameter privateKey,
SecureRandom random)
{
TbsCertificateStructure tbsCert = GenerateTbsCert();
byte[] signature;
try
{
signature = X509Utilities.GetSignatureForObject(
sigOid, signatureAlgorithm, privateKey, random, tbsCert);
}
catch (Exception e)
{
// TODO
// throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
throw new CertificateEncodingException("exception encoding TBS cert", e);
}
try
{
return(GenerateJcaObject(tbsCert, signature));
}
catch (CertificateParsingException e)
{
// TODO
// throw new ExtCertificateEncodingException("exception producing certificate object", e);
throw new CertificateEncodingException("exception producing certificate object", e);
}
}
private X509Certificate GenerateJcaObject(
TbsCertificateStructure tbsCert,
byte[] signature)
{
return(new X509Certificate(
new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))));
}
private void TbsV3CertGenerate()
{
V3TbsCertificateGenerator gen = new V3TbsCertificateGenerator();
DateTime startDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 1);
DateTime endDate = MakeUtcDateTime(1970, 1, 1, 0, 0, 2);
gen.SetSerialNumber(new DerInteger(2));
gen.SetStartDate(new Time(startDate));
gen.SetEndDate(new Time(endDate));
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.SetSubject(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.MD5WithRsaEncryption, DerNull.Instance));
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(BigInteger.One, BigInteger.Two)),
new DerInteger(3));
gen.SetSubjectPublicKeyInfo(info);
//
// add extensions
//
IList order = new ArrayList();
IDictionary extensions = new Hashtable();
order.Add(X509Extensions.AuthorityKeyIdentifier);
order.Add(X509Extensions.SubjectKeyIdentifier);
order.Add(X509Extensions.KeyUsage);
extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
extensions.Add(X509Extensions.SubjectKeyIdentifier, new X509Extension(true, new DerOctetString(new SubjectKeyIdentifier(info))));
extensions.Add(X509Extensions.KeyUsage, new X509Extension(false, new DerOctetString(new KeyUsage(KeyUsage.DataEncipherment))));
X509Extensions ex = new X509Extensions(order, extensions);
gen.SetExtensions(ex);
TbsCertificateStructure tbs = gen.GenerateTbsCertificate();
if (!Arrays.AreEqual(tbs.GetEncoded(), v3Cert))
{
Fail("failed v3 cert generation");
}
//
// read back test
//
Asn1Object o = Asn1Object.FromByteArray(v3Cert);
if (!Arrays.AreEqual(o.GetEncoded(), v3Cert))
{
Fail("failed v3 cert read back test");
}
}
/**
* add a recipient.
*
* @param cert recipient's public key certificate
* @exception ArgumentException if there is a problem with the certificate
*/
public void AddKeyTransRecipient(
X509Certificate cert)
{
TbsCertificateStructure recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(cert);
SubjectPublicKeyInfo info = recipientTbsCert.SubjectPublicKeyInfo;
this.AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper(info.AlgorithmID.Algorithm, info.AlgorithmID.Parameters, cert)));
}
static X509Certificate GenerateJcaObject(
TbsCertificateStructure tbsCert,
AlgorithmIdentifier sigAlg,
byte[] signature)
{
return(new X509Certificate(
new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature))));
}
public static void CreateCert(string parentcer, string csrFile)
{
var issuer = new X509CertificateParser().ReadCertificate(File.OpenRead(parentcer));
var reader = new PemReader(File.OpenText(csrFile));
var csr = (Pkcs10CertificationRequest)(reader.ReadObject());
var csrinfo = csr.GetCertificationRequestInfo();
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BigInteger serial = new BigInteger(128, new SecureRandom());
DateTime from = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day);
DateTime to = from.AddYears(5);
V3TbsCertificateGenerator tbsGen = new V3TbsCertificateGenerator();
tbsGen.SetIssuer(issuer.SubjectDN);
tbsGen.SetSerialNumber(new DerInteger(serial));
tbsGen.SetStartDate(new Time(from));
tbsGen.SetEndDate(new Time(to));
tbsGen.SetSubjectPublicKeyInfo(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(csr.GetPublicKey()));
tbsGen.SetSubject(csrinfo.Subject);
// add certificate purposes
Asn1EncodableVector vector = new Asn1EncodableVector();
vector.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.2"));
vector.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.2"));
vector.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.10.3.12"));
vector.Add(new DerObjectIdentifier("1.3.6.1.5.5.7.3.4"));
DerSequence seq = new DerSequence(vector);
X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
extGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, seq);
tbsGen.SetExtensions(extGenerator.Generate());
tbsGen.SetSignature(sigAlgId);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
// save the TBS
System.IO.File.WriteAllBytes("tbs.cer", tbsCert.GetDerEncoded());
Console.WriteLine("generate the signature (SHA->DER->ENCRYPT) for tbs.cer and call it tbs.sig");
Console.WriteLine("And then press enter");
Console.ReadLine();
var t1 = GenerateJcaObject(tbsCert, sigAlgId, System.IO.File.ReadAllBytes("tbs.sig").Take(256).ToArray());
System.IO.File.WriteAllBytes("cert.cer", t1.GetEncoded());
Console.WriteLine("saved as cert.cer");
}
// internal Asn1.Cms.AttributeTable SignedAttributes
// {
// get { return _sAttr; }
// }
//
// internal Asn1.Cms.AttributeTable UnsignedAttributes
// {
// get { return _unsAttr; }
// }
internal SignerInfo ToSignerInfo(
DerObjectIdentifier contentType)
{
AlgorithmIdentifier digAlgId = new AlgorithmIdentifier(
new DerObjectIdentifier(this.DigestAlgOid), DerNull.Instance);
AlgorithmIdentifier encAlgId = CmsSignedGenerator.GetEncAlgorithmIdentifier(this.EncryptionAlgOid);
byte[] hash = DigestUtilities.DoFinal(_digest);
outer._digests.Add(_digestOID, hash.Clone());
IDictionary parameters = outer.GetBaseParameters(contentType, digAlgId, hash);
Asn1.Cms.AttributeTable signed = (_sAttr != null)
// ? _sAttr.GetAttributes(Collections.unmodifiableMap(parameters))
? _sAttr.GetAttributes(parameters)
: null;
Asn1Set signedAttr = outer.GetAttributeSet(signed);
//
// sig must be composed from the DER encoding.
//
byte[] bOutBytes;
if (signedAttr != null)
{
bOutBytes = signedAttr.GetDerEncoded();
}
else
{
throw new Exception("signatures without signed attributes not implemented.");
}
_signature.BlockUpdate(bOutBytes, 0, bOutBytes.Length);
Asn1OctetString encDigest = new DerOctetString(_signature.GenerateSignature());
parameters = outer.GetBaseParameters(contentType, digAlgId, hash);
parameters[CmsAttributeTableParameter.Signature] = encDigest.GetOctets().Clone();
Asn1.Cms.AttributeTable unsigned = (_unsAttr != null)
// ? _unsAttr.getAttributes(Collections.unmodifiableMap(parameters))
? _unsAttr.GetAttributes(parameters)
: null;
Asn1Set unsignedAttr = outer.GetAttributeSet(unsigned);
X509Certificate cert = this.Certificate;
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(cert.GetTbsCertificate()));
IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(
tbs.Issuer, tbs.SerialNumber.Value);
return(new SignerInfo(new SignerIdentifier(encSid), digAlgId,
signedAttr, encAlgId, encDigest, unsignedAttr));
}
private X509CertificateStructure(Asn1Sequence seq)
{
if (seq.Count != 3)
{
throw new ArgumentException("sequence wrong size for a certificate", "seq");
}
tbsCert = TbsCertificateStructure.GetInstance(seq[0]);
sigAlgID = AlgorithmIdentifier.GetInstance(seq[1]);
sig = DerBitString.GetInstance(seq[2]);
}
private void CheckMalformed()
{
try
{
TbsCertificateStructure cert = TbsCertificateStructure.GetInstance(bangerCert);
}
catch (ArgumentException e)
{
// expected - anything else is not!
}
}
public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
TbsCertificateStructure tbsCertificateStructure = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] derEncoded = tbsCertificateStructure.GetDerEncoded();
streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length);
Platform.Dispose(streamCalculator.Stream);
return(GenerateJcaObject(tbsCertificateStructure, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()));
}
internal static void CheckCertificate(X509Certificate cert)
{
try
{
TbsCertificateStructure.GetInstance(cert.CertificateStructure.TbsCertificate);
}
catch (CertificateEncodingException e)
{
throw new Exception("unable to process TBSCertificate", e);
}
}
public byte[] GenerateDerEncodedUnsignedCertificate()
{
if (!extGenerator.IsEmpty)
{
tbsGen.SetExtensions(extGenerator.Generate());
}
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
return(tbsCert.GetDerEncoded());
}
public static X509Name GetIssuerX509Principal(X509Certificate cert)
{
try
{
TbsCertificateStructure instance = TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetTbsCertificate()));
return(instance.Issuer);
}
catch (global::System.Exception e)
{
throw new CertificateEncodingException("Could not extract issuer", e);
}
}
public static X509Name GetSubjectX509Principal(X509Certificate cert)
{
try
{
TbsCertificateStructure instance = TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetTbsCertificate()));
return(instance.Subject);
}
catch (Exception e)
{
throw new CertificateEncodingException("Could not extract subject", e);
}
}
private X509CertificateStructure(
Asn1Sequence seq)
{
if (seq.Count != 3)
throw new ArgumentException("sequence wrong size for a certificate", "seq");
//
// correct x509 certficate
//
tbsCert = TbsCertificateStructure.GetInstance(seq[0]);
sigAlgID = AlgorithmIdentifier.GetInstance(seq[1]);
sig = DerBitString.GetInstance(seq[2]);
}
public static void SignCert(string tbsfile, string tbssig)
{
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
var t1 = GenerateJcaObject(
TbsCertificateStructure.GetInstance(Asn1Sequence.FromByteArray(File.ReadAllBytes(tbsfile))), sigAlgId,
System.IO.File.ReadAllBytes(tbssig).Take(256).ToArray());
System.IO.File.WriteAllBytes("cert.cer", t1.GetEncoded());
Console.WriteLine("saved as cert.cer");
}
public X509CertificateStructure(
TbsCertificateStructure tbsCert,
AlgorithmIdentifier sigAlgID,
DerBitString sig)
{
if (tbsCert == null)
throw new ArgumentNullException("tbsCert");
if (sigAlgID == null)
throw new ArgumentNullException("sigAlgID");
if (sig == null)
throw new ArgumentNullException("sig");
this.tbsCert = tbsCert;
this.sigAlgID = sigAlgID;
this.sig = sig;
}
/// <summary>
/// Generate a new X509Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(ISignatureCalculator signatureCalculator)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
streamCalculator.Stream.Close();
return(GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal()));
}
/// <summary>
/// Generate a new X509Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
/// <returns>An X509Certificate.</returns>
public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] encoded = tbsCert.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(streamCalculator.Stream);
return(GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()));
}
internal bool report(TbsCertificateStructure tbsCert)
{
bool valid = true;
int index = 0;
foreach (PolicyEnforcement module in policyModules)
{
if (!module.analyse(tbsCert))
{
valid = false;
_status[index] = module.result;
index++;
}
}
return(valid);
}
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
{
Asn1InputStream asn1inputstream = new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate()
));
TbsCertificateStructure tbscertificatestructure = TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject
());
System.Diagnostics.Debug.Assert(tbscertificatestructure != null);
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID;
IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber(tbscertificatestructure.Issuer, tbscertificatestructure
.SerialNumber.Value);
byte[] cipheredBytes = EncryptionUtils.CipherBytes(x509certificate, abyte0, algorithmidentifier);
DerOctetString deroctetstring = new DerOctetString(cipheredBytes);
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return(new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring));
}
public X509CertificateStructure(TbsCertificateStructure tbsCert, AlgorithmIdentifier sigAlgID, DerBitString sig)
{
if (tbsCert == null)
{
throw new ArgumentNullException("tbsCert");
}
if (sigAlgID == null)
{
throw new ArgumentNullException("sigAlgID");
}
if (sig == null)
{
throw new ArgumentNullException("sig");
}
this.tbsCert = tbsCert;
this.sigAlgID = sigAlgID;
this.sig = sig;
}
private static TbsCertificateStructure CreateTbsForVerification(X509Certificate2 preCertificate, IssuerInformation issuerInformation)
{
if (preCertificate.Version < 3)
{
throw new InvalidOperationException("PreCertificate version must be 3 or higher!");
}
var asn1Obj = Asn1Object.FromByteArray(preCertificate.GetTbsCertificateRaw());
var tbsCert = TbsCertificateStructure.GetInstance(asn1Obj);
var hasX509AuthorityKeyIdentifier = tbsCert.Extensions.GetExtension(new DerObjectIdentifier(Constants.X509AuthorityKeyIdentifier)) != null;
if (hasX509AuthorityKeyIdentifier &&
issuerInformation.IssuedByPreCertificateSigningCert &&
issuerInformation.X509AuthorityKeyIdentifier == null)
{
throw new InvalidOperationException("PreCertificate was not signed by a PreCertificate signing cert");
}
var orderedExtensions = GetExtensionsWithoutPoisonAndSct(tbsCert.Extensions, issuerInformation.X509AuthorityKeyIdentifier);
var generator = new V3TbsCertificateGenerator();
generator.SetSerialNumber(tbsCert.SerialNumber);
generator.SetSignature(tbsCert.Signature);
generator.SetIssuer(issuerInformation.Name ?? tbsCert.Issuer);
generator.SetStartDate(tbsCert.StartDate);
generator.SetEndDate(tbsCert.EndDate);
generator.SetSubject(tbsCert.Subject);
generator.SetSubjectPublicKeyInfo(tbsCert.SubjectPublicKeyInfo);
generator.SetIssuerUniqueID(tbsCert.IssuerUniqueID);
generator.SetSubjectUniqueID(tbsCert.SubjectUniqueID);
var extensionsGenerator = new X509ExtensionsGenerator();
foreach (var e in orderedExtensions)
{
extensionsGenerator.AddExtension(e.Key, e.Value.IsCritical, e.Value.GetParsedValue());
}
generator.SetExtensions(extensionsGenerator.Generate());
return(generator.GenerateTbsCertificate());
}
