// throws PkixNameConstraintValidatorException
/**
* Check if the given GeneralName is contained in the excluded ISet.
*
* @param name The GeneralName.
* @throws PkixNameConstraintValidatorException
* If the <code>name</code> is
* excluded.
*/
public void checkExcluded(GeneralName name)
{
switch (name.TagNo)
{
case 1:
CheckExcludedEmail(excludedSubtreesEmail, ExtractNameAsString(name));
break;
case 2:
checkExcludedDNS(excludedSubtreesDNS, DerIA5String.GetInstance(
name.Name).GetString());
break;
case 4:
CheckExcludedDN(Asn1Sequence.GetInstance(name.Name.ToAsn1Object()));
break;
case 6:
checkExcludedURI(excludedSubtreesURI, DerIA5String.GetInstance(
name.Name).GetString());
break;
case 7:
byte[] ip = Asn1OctetString.GetInstance(name.Name).GetOctets();
checkExcludedIP(excludedSubtreesIP, ip);
break;
}
}
/**
* create an AccessDescription with the oid and location provided.
*/
public AccessDescription(
DerObjectIdentifier oid,
GeneralName location)
{
accessMethod = oid;
accessLocation = location;
}
public SemanticsInformation(
DerObjectIdentifier semanticsIdentifier,
GeneralName[] generalNames)
{
this.semanticsIdentifier = semanticsIdentifier;
this.nameRegistrationAuthorities = generalNames;
}
/**
* create an AuthorityInformationAccess with the oid and location provided.
*/
public AuthorityInformationAccess(
DerObjectIdentifier oid,
GeneralName location)
{
accessMethod = oid;
accessLocation = location;
}
/** Creates a new PopoSigningKeyInput with sender name as authInfo. */
public PopoSigningKeyInput(
GeneralName sender,
SubjectPublicKeyInfo spki)
{
this.sender = sender;
this.publicKey = spki;
}
public PkiHeaderBuilder(
int pvno,
GeneralName sender,
GeneralName recipient)
: this(new DerInteger(pvno), sender, recipient)
{
}
private GeneralSubtree(
Asn1Sequence seq)
{
baseName = GeneralName.GetInstance(seq[0]);
switch (seq.Count)
{
case 1:
break;
case 2:
{
Asn1TaggedObject o = Asn1TaggedObject.GetInstance(seq[1]);
switch (o.TagNo)
{
case 0:
minimum = DerInteger.GetInstance(o, false);
break;
case 1:
maximum = DerInteger.GetInstance(o, false);
break;
default:
throw new ArgumentException("Bad tag number: " + o.TagNo);
}
break;
}
case 3:
{
minimum = DerInteger.GetInstance(Asn1TaggedObject.GetInstance(seq[1]));
maximum = DerInteger.GetInstance(Asn1TaggedObject.GetInstance(seq[2]));
break;
}
default:
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
}
private static Asn1Sequence FromCertificate(
X509Certificate certificate)
{
try
{
GeneralName genName = new GeneralName(
PrincipalUtilities.GetIssuerX509Principal(certificate));
if (certificate.Version == 3)
{
Asn1OctetString ext = certificate.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
if (ext != null)
{
Asn1OctetString str = (Asn1OctetString) X509ExtensionUtilities.FromExtensionValue(ext);
return (Asn1Sequence) new AuthorityKeyIdentifier(
str.GetOctets(), new GeneralNames(genName), certificate.SerialNumber).ToAsn1Object();
}
}
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
certificate.GetPublicKey());
return (Asn1Sequence) new AuthorityKeyIdentifier(
info, new GeneralNames(genName), certificate.SerialNumber).ToAsn1Object();
}
catch (Exception e)
{
throw new CertificateParsingException("Exception extracting certificate details", e);
}
}
public override void PerformTest()
{
GeneralName name = new GeneralName(new X509Name("CN=hello world"));
NamingAuthority auth = new NamingAuthority(new DerObjectIdentifier("1.2.3"), "url", new DirectoryString("fred"));
Admissions admissions = new Admissions(name, auth, new ProfessionInfo[0]);
checkConstruction(admissions, name, auth);
admissions = Admissions.GetInstance(null);
if (admissions != null)
{
Fail("null GetInstance() failed.");
}
try
{
Admissions.GetInstance(new Object());
Fail("GetInstance() failed to detect bad object.");
}
catch (ArgumentException)
{
// expected
}
}
private void checkValues(
Admissions admissions,
GeneralName name,
NamingAuthority auth)
{
checkMandatoryField("admissionAuthority", name, admissions.AdmissionAuthority);
checkMandatoryField("namingAuthority", auth, admissions.NamingAuthority);
}
private AccessDescription(
Asn1Sequence seq)
{
if (seq.Count != 2)
throw new ArgumentException("wrong number of elements in sequence");
accessMethod = DerObjectIdentifier.GetInstance(seq[0]);
accessLocation = GeneralName.GetInstance(seq[1]);
}
/**
* Constructor from a given details.
* <p/>
* Parameter <code>professionInfos</code> is mandatory.
*
* @param admissionAuthority The admission authority.
* @param namingAuthority The naming authority.
* @param professionInfos The profession infos.
*/
public Admissions(
GeneralName admissionAuthority,
NamingAuthority namingAuthority,
ProfessionInfo[] professionInfos)
{
this.admissionAuthority = admissionAuthority;
this.namingAuthority = namingAuthority;
this.professionInfos = new DerSequence(professionInfos);
}
private SinglePubInfo(Asn1Sequence seq)
{
pubMethod = DerInteger.GetInstance(seq[0]);
if (seq.Count == 2)
{
pubLocation = GeneralName.GetInstance(seq[1]);
}
}
public void Read_WithUnsupportedChoice_Throws()
{
var bytes = new BcGeneralName(BcGeneralName.RegisteredID, new DerObjectIdentifier("1.2.3")).GetDerEncoded();
var exception = Assert.Throws <SignatureException>(
() => GeneralName.Read(bytes));
Assert.Equal("The ASN.1 data is unsupported.", exception.Message);
}
private PkiHeaderBuilder(
DerInteger pvno,
GeneralName sender,
GeneralName recipient)
{
this.pvno = pvno;
this.sender = sender;
this.recipient = recipient;
}
public void Read_WithDistinguishedName_ReturnsGeneralName()
{
var bytes = new BcGeneralName(BcGeneralName.DirectoryName, new X509Name("CN=test")).GetDerEncoded();
var generalName = GeneralName.Read(bytes);
Assert.NotNull(generalName);
Assert.Equal("CN=test", generalName.DirectoryName.Name);
}
public TbsRequest(
GeneralName requestorName,
Asn1Sequence requestList,
X509Extensions requestExtensions)
{
this.version = V1;
this.requestorName = requestorName;
this.requestList = requestList;
this.requestExtensions = requestExtensions;
}
public GeneralName[] GetNames()
{
GeneralName[] names = new GeneralName[seq.Count];
for (int i = 0; i != seq.Count; i++)
{
names[i] = GeneralName.GetInstance(seq[i]);
}
return names;
}
/**
* Constructor from a given details.
* <p/>
* <p/>
* Either <code>generalName</code> or <code>certRef</code> MUST be
* <code>null</code>.
*
* @param country The country code whose laws apply.
* @param typeOfSubstitution The type of procuration.
* @param thirdPerson The GeneralName of the person who is represented.
* @param certRef Reference to certificate of the person who is represented.
*/
public Procuration(
string country,
DirectoryString typeOfSubstitution,
GeneralName thirdPerson,
IssuerSerial certRef)
{
this.country = new DerPrintableString(country, true);
this.typeOfSubstitution = typeOfSubstitution;
this.thirdPerson = thirdPerson;
this.certRef = certRef;
}
public GeneralSubtree(GeneralName baseName, BigInteger minimum, BigInteger maximum)
{
this.baseName = baseName;
if (minimum != null)
{
this.minimum = new DerInteger(minimum);
}
if (maximum != null)
{
this.maximum = new DerInteger(maximum);
}
}
/**
* Set the requestor name to the passed in X509Principal
*
* @param requestorName a X509Principal representing the requestor name.
*/
public void SetRequestorName(
X509Name requestorName)
{
try
{
this.requestorName = new GeneralName(GeneralName.DirectoryName, requestorName);
}
catch (Exception e)
{
throw new ArgumentException("cannot encode principal", e);
}
}
public static GeneralName GetInstance(object obj)
{
if (obj == null || obj is GeneralName)
{
return((GeneralName)obj);
}
if (obj is Asn1TaggedObject)
{
Asn1TaggedObject asn1TaggedObject = (Asn1TaggedObject)obj;
int tagNo = asn1TaggedObject.TagNo;
switch (tagNo)
{
case 0:
return(new GeneralName(tagNo, Asn1Sequence.GetInstance(asn1TaggedObject, false)));
case 1:
return(new GeneralName(tagNo, DerIA5String.GetInstance(asn1TaggedObject, false)));
case 2:
return(new GeneralName(tagNo, DerIA5String.GetInstance(asn1TaggedObject, false)));
case 3:
throw new ArgumentException("unknown tag: " + tagNo);
case 4:
return(new GeneralName(tagNo, X509Name.GetInstance(asn1TaggedObject, true)));
case 5:
return(new GeneralName(tagNo, Asn1Sequence.GetInstance(asn1TaggedObject, false)));
case 6:
return(new GeneralName(tagNo, DerIA5String.GetInstance(asn1TaggedObject, false)));
case 7:
return(new GeneralName(tagNo, Asn1OctetString.GetInstance(asn1TaggedObject, false)));
case 8:
return(new GeneralName(tagNo, DerObjectIdentifier.GetInstance(asn1TaggedObject, false)));
}
}
if (obj is byte[])
{
try
{
return(GeneralName.GetInstance(Asn1Object.FromByteArray((byte[])obj)));
}
catch (IOException)
{
throw new ArgumentException("unable to parse encoded general name");
}
}
throw new ArgumentException("unknown object in GetInstance: " + obj.GetType().FullName, "obj");
}
private GeneralSubtree(Asn1Sequence seq)
{
//IL_008d: Unknown result type (might be due to invalid IL or missing references)
//IL_00bd: Unknown result type (might be due to invalid IL or missing references)
//IL_00fb: Unknown result type (might be due to invalid IL or missing references)
//IL_0124: Unknown result type (might be due to invalid IL or missing references)
baseName = GeneralName.GetInstance(seq[0]);
switch (seq.Count)
{
case 2:
{
Asn1TaggedObject instance3 = Asn1TaggedObject.GetInstance(seq[1]);
switch (instance3.TagNo)
{
case 0:
minimum = DerInteger.GetInstance(instance3, isExplicit: false);
break;
case 1:
maximum = DerInteger.GetInstance(instance3, isExplicit: false);
break;
default:
throw new ArgumentException(string.Concat((object)"Bad tag number: ", (object)instance3.TagNo));
}
break;
}
case 3:
{
Asn1TaggedObject instance = Asn1TaggedObject.GetInstance(seq[1]);
if (instance.TagNo != 0)
{
throw new ArgumentException(string.Concat((object)"Bad tag number for 'minimum': ", (object)instance.TagNo));
}
minimum = DerInteger.GetInstance(instance, isExplicit: false);
Asn1TaggedObject instance2 = Asn1TaggedObject.GetInstance(seq[2]);
if (instance2.TagNo != 1)
{
throw new ArgumentException(string.Concat((object)"Bad tag number for 'maximum': ", (object)instance2.TagNo));
}
maximum = DerInteger.GetInstance(instance2, isExplicit: false);
break;
}
default:
throw new ArgumentException(string.Concat((object)"Bad sequence size: ", (object)seq.Count));
case 1:
break;
}
}
private void checkValues(
AdmissionSyntax syntax,
GeneralName authority,
Asn1Sequence admissions)
{
checkMandatoryField("admissionAuthority", authority, syntax.AdmissionAuthority);
Admissions[] adm = syntax.GetContentsOfAdmissions();
if (adm.Length != 1 || !adm[0].Equals(admissions[0]))
{
Fail("admissions check failed");
}
}
private AuthorityInformationAccess(
Asn1Sequence seq)
{
foreach (DerSequence vec in seq)
{
if (vec.Count != 2)
{
throw new ArgumentException("wrong number of elements in inner sequence");
}
accessMethod = (DerObjectIdentifier) vec[0];
accessLocation = (GeneralName) vec[1];
}
}
private AuthorityInformationAccess(
Asn1Sequence seq)
{
foreach (DerSequence vec in seq)
{
if (vec.Count != 2)
{
throw new ArgumentException("wrong number of elements in inner sequence");
}
accessMethod = (DerObjectIdentifier)vec[0];
accessLocation = (GeneralName)vec[1];
}
}
public void Read_WithTsa_ReturnsInstance()
{
var tsa = new BcGeneralName(new X509Name("C=US,ST=WA,L=Redmond,O=NuGet,CN=NuGet Test Certificate"));
var test = new Test()
{
Tsa = tsa
};
var bcTstInfo = test.CreateBcTstInfo();
var tstInfo = TstInfo.Read(bcTstInfo.GetDerEncoded());
Verify(test, tstInfo);
Verify(bcTstInfo, tstInfo);
}
public override void PerformTest()
{
DerObjectIdentifier statementId = new DerObjectIdentifier("1.1");
SemanticsInformation mv = new SemanticsInformation(statementId);
CheckConstruction(mv, statementId, null);
GeneralName[] names = new GeneralName[2];
names[0] = new GeneralName(GeneralName.Rfc822Name, "*****@*****.**");
names[1] = new GeneralName(new X509Name("cn=test"));
mv = new SemanticsInformation(statementId, names);
CheckConstruction(mv, statementId, names);
mv = new SemanticsInformation(names);
CheckConstruction(mv, null, names);
mv = SemanticsInformation.GetInstance(null);
if (mv != null)
{
Fail("null GetInstance() failed.");
}
try
{
SemanticsInformation.GetInstance(new object());
Fail("GetInstance() failed to detect bad object.");
}
catch (ArgumentException)
{
// expected
}
try
{
new SemanticsInformation(DerSequence.Empty);
Fail("constructor failed to detect empty sequence.");
}
catch (ArgumentException)
{
// expected
}
}
/**
* Constructor.
* @param roleAuthority the role authority of this RoleSyntax.
* @param roleName the role name of this RoleSyntax.
*/
public RoleSyntax(
GeneralNames roleAuthority,
GeneralName roleName)
{
if (roleName == null
|| roleName.TagNo != GeneralName.UniformResourceIdentifier
|| ((IAsn1String) roleName.Name).GetString().Equals(""))
{
throw new ArgumentException("the role name MUST be non empty and MUST " +
"use the URI option of GeneralName");
}
this.roleAuthority = roleAuthority;
this.roleName = roleName;
}
/**
* Constructor from a given details.
*
* According RFC 3280, the minimum and maximum fields are not used with any
* name forms, thus minimum MUST be zero, and maximum MUST be absent.
* <p>
* If minimum is <code>null</code>, zero is assumed, if
* maximum is <code>null</code>, maximum is absent.</p>
*
* @param baseName
* A restriction.
* @param minimum
* Minimum
*
* @param maximum
* Maximum
*/
public GeneralSubtree(
GeneralName baseName,
BigInteger minimum,
BigInteger maximum)
{
this.baseName = baseName;
if (minimum != null)
{
this.minimum = new DerInteger(minimum);
}
if (maximum != null)
{
this.maximum = new DerInteger(maximum);
}
}
/**
* Constructor.
* @param roleAuthority the role authority of this RoleSyntax.
* @param roleName the role name of this RoleSyntax.
*/
public RoleSyntax(
GeneralNames roleAuthority,
GeneralName roleName)
{
if (roleName == null ||
roleName.TagNo != GeneralName.UniformResourceIdentifier ||
((IAsn1String)roleName.Name).GetString().Equals(""))
{
throw new ArgumentException("the role name MUST be non empty and MUST " +
"use the URI option of GeneralName");
}
this.roleAuthority = roleAuthority;
this.roleName = roleName;
}
/**
* Constructor from Asn1TaggedObject.
*
* @param tagObj The tagged object.
* @throws ArgumentException if the encoding is wrong.
*/
private Target(
Asn1TaggedObject tagObj)
{
switch ((Choice) tagObj.TagNo)
{
case Choice.Name: // GeneralName is already a choice so explicit
targetName = GeneralName.GetInstance(tagObj, true);
break;
case Choice.Group:
targetGroup = GeneralName.GetInstance(tagObj, true);
break;
default:
throw new ArgumentException("unknown tag: " + tagObj.TagNo);
}
}
private GeneralSubtree(Asn1Sequence seq)
{
this.baseName = GeneralName.GetInstance(seq[0]);
switch (seq.Count)
{
case 1:
return;
case 2:
{
Asn1TaggedObject instance = Asn1TaggedObject.GetInstance(seq[1]);
switch (instance.TagNo)
{
case 0:
this.minimum = DerInteger.GetInstance(instance, false);
return;
case 1:
this.maximum = DerInteger.GetInstance(instance, false);
return;
default:
throw new ArgumentException("Bad tag number: " + instance.TagNo);
}
break;
}
case 3:
{
Asn1TaggedObject instance2 = Asn1TaggedObject.GetInstance(seq[1]);
if (instance2.TagNo != 0)
{
throw new ArgumentException("Bad tag number for 'minimum': " + instance2.TagNo);
}
this.minimum = DerInteger.GetInstance(instance2, false);
Asn1TaggedObject instance3 = Asn1TaggedObject.GetInstance(seq[2]);
if (instance3.TagNo != 1)
{
throw new ArgumentException("Bad tag number for 'maximum': " + instance3.TagNo);
}
this.maximum = DerInteger.GetInstance(instance3, false);
return;
}
default:
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
}
private Target(Asn1TaggedObject tagObj)
{
switch (tagObj.TagNo)
{
case 0:
this.targetName = GeneralName.GetInstance(tagObj, true);
return;
case 1:
this.targetGroup = GeneralName.GetInstance(tagObj, true);
return;
default:
throw new ArgumentException("unknown tag: " + tagObj.TagNo);
}
}
/**
* Constructor from Asn1TaggedObject.
*
* @param tagObj The tagged object.
* @throws ArgumentException if the encoding is wrong.
*/
private Target(
Asn1TaggedObject tagObj)
{
switch ((Choice)tagObj.TagNo)
{
case Choice.Name: // GeneralName is already a choice so explicit
targetName = GeneralName.GetInstance(tagObj, true);
break;
case Choice.Group:
targetGroup = GeneralName.GetInstance(tagObj, true);
break;
default:
throw new ArgumentException("unknown tag: " + tagObj.TagNo);
}
}
public override string ToString()
{
StringBuilder stringBuilder = new StringBuilder();
string newLine = Platform.NewLine;
stringBuilder.Append("GeneralNames:");
stringBuilder.Append(newLine);
GeneralName[] array = this.names;
for (int i = 0; i < array.Length; i++)
{
GeneralName value = array[i];
stringBuilder.Append(" ");
stringBuilder.Append(value);
stringBuilder.Append(newLine);
}
return(stringBuilder.ToString());
}
private Target(Asn1TaggedObject tagObj)
{
//IL_004e: Unknown result type (might be due to invalid IL or missing references)
switch (tagObj.TagNo)
{
case 0:
targetName = GeneralName.GetInstance(tagObj, explicitly: true);
break;
case 1:
targetGroup = GeneralName.GetInstance(tagObj, explicitly: true);
break;
default:
throw new ArgumentException(string.Concat((object)"unknown tag: ", (object)tagObj.TagNo));
}
}
private void CheckConstruction(
SemanticsInformation mv,
DerObjectIdentifier semanticsIdentifier,
GeneralName[] names)
{
CheckStatement(mv, semanticsIdentifier, names);
mv = SemanticsInformation.GetInstance(mv);
CheckStatement(mv, semanticsIdentifier, names);
Asn1Sequence seq = (Asn1Sequence) Asn1Object.FromByteArray(mv.ToAsn1Object().GetEncoded());
mv = SemanticsInformation.GetInstance(seq);
CheckStatement(mv, semanticsIdentifier, names);
}
/**
* Constructor from Asn1Sequence.
* <p/>
* The sequence is of type ProcurationSyntax:
* <p/>
* <pre>
* Admissions ::= SEQUENCE
* {
* admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
* namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
* professionInfos SEQUENCE OF ProfessionInfo
* }
* </pre>
*
* @param seq The ASN.1 sequence.
*/
private Admissions(
Asn1Sequence seq)
{
if (seq.Count > 3)
throw new ArgumentException("Bad sequence size: " + seq.Count);
IEnumerator e = seq.GetEnumerator();
e.MoveNext();
Asn1Encodable o = (Asn1Encodable) e.Current;
if (o is Asn1TaggedObject)
{
switch (((Asn1TaggedObject)o).TagNo)
{
case 0:
admissionAuthority = GeneralName.GetInstance((Asn1TaggedObject)o, true);
break;
case 1:
namingAuthority = NamingAuthority.GetInstance((Asn1TaggedObject)o, true);
break;
default:
throw new ArgumentException("Bad tag number: " + ((Asn1TaggedObject)o).TagNo);
}
e.MoveNext();
o = (Asn1Encodable) e.Current;
}
if (o is Asn1TaggedObject)
{
switch (((Asn1TaggedObject)o).TagNo)
{
case 1:
namingAuthority = NamingAuthority.GetInstance((Asn1TaggedObject)o, true);
break;
default:
throw new ArgumentException("Bad tag number: " + ((Asn1TaggedObject)o).TagNo);
}
e.MoveNext();
o = (Asn1Encodable) e.Current;
}
professionInfos = Asn1Sequence.GetInstance(o);
if (e.MoveNext())
{
throw new ArgumentException("Bad object encountered: " + Platform.GetTypeName(e.Current));
}
}
private PkiHeader(Asn1Sequence seq)
{
pvno = DerInteger.GetInstance(seq[0]);
sender = GeneralName.GetInstance(seq[1]);
recipient = GeneralName.GetInstance(seq[2]);
for (int pos = 3; pos < seq.Count; ++pos)
{
Asn1TaggedObject tObj = (Asn1TaggedObject)seq[pos];
switch (tObj.TagNo)
{
case 0:
messageTime = DerGeneralizedTime.GetInstance(tObj, true);
break;
case 1:
protectionAlg = AlgorithmIdentifier.GetInstance(tObj, true);
break;
case 2:
senderKID = Asn1OctetString.GetInstance(tObj, true);
break;
case 3:
recipKID = Asn1OctetString.GetInstance(tObj, true);
break;
case 4:
transactionID = Asn1OctetString.GetInstance(tObj, true);
break;
case 5:
senderNonce = Asn1OctetString.GetInstance(tObj, true);
break;
case 6:
recipNonce = Asn1OctetString.GetInstance(tObj, true);
break;
case 7:
freeText = PkiFreeText.GetInstance(tObj, true);
break;
case 8:
generalInfo = Asn1Sequence.GetInstance(tObj, true);
break;
default:
throw new ArgumentException("unknown tag number: " + tObj.TagNo, "seq");
}
}
}
private void checkConstruction(
AdmissionSyntax syntax,
GeneralName authority,
Asn1Sequence admissions)
{
checkValues(syntax, authority, admissions);
syntax = AdmissionSyntax.GetInstance(syntax);
checkValues(syntax, authority, admissions);
Asn1InputStream aIn = new Asn1InputStream(syntax.ToAsn1Object().GetEncoded());
Asn1Sequence info = (Asn1Sequence) aIn.ReadObject();
syntax = AdmissionSyntax.GetInstance(info);
checkValues(syntax, authority, admissions);
}
private void checkConstruction(
Admissions admissions,
GeneralName name,
NamingAuthority auth)
{
checkValues(admissions, name, auth);
admissions = Admissions.GetInstance(admissions);
checkValues(admissions, name, auth);
Asn1InputStream aIn = new Asn1InputStream(admissions.ToAsn1Object().GetEncoded());
Asn1Sequence info = (Asn1Sequence)aIn.ReadObject();
admissions = Admissions.GetInstance(info);
checkValues(admissions, name, auth);
}
private PopoSigningKeyInput(Asn1Sequence seq)
{
Asn1Encodable authInfo = (Asn1Encodable)seq[0];
if (authInfo is Asn1TaggedObject)
{
Asn1TaggedObject tagObj = (Asn1TaggedObject)authInfo;
if (tagObj.TagNo != 0)
{
throw new ArgumentException("Unknown authInfo tag: " + tagObj.TagNo, "seq");
}
sender = GeneralName.GetInstance(tagObj.GetObject());
}
else
{
publicKeyMac = PKMacValue.GetInstance(authInfo);
}
publicKey = SubjectPublicKeyInfo.GetInstance(seq[1]);
}
private GeneralSubtree(
Asn1Sequence seq)
{
baseName = GeneralName.GetInstance(seq[0]);
switch (seq.Count)
{
case 1:
break;
case 2:
{
Asn1TaggedObject o = Asn1TaggedObject.GetInstance(seq[1]);
switch (o.TagNo)
{
case 0:
minimum = DerInteger.GetInstance(o, false);
break;
case 1:
maximum = DerInteger.GetInstance(o, false);
break;
default:
throw new ArgumentException("Bad tag number: " + o.TagNo);
}
break;
}
case 3:
{
minimum = DerInteger.GetInstance(Asn1TaggedObject.GetInstance(seq[1]));
maximum = DerInteger.GetInstance(Asn1TaggedObject.GetInstance(seq[2]));
break;
}
default:
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
}
private RoleSyntax(Asn1Sequence seq)
{
if (seq.Count < 1 || seq.Count > 2)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
for (int num = 0; num != seq.Count; num++)
{
Asn1TaggedObject instance = Asn1TaggedObject.GetInstance(seq[num]);
switch (instance.TagNo)
{
case 0:
this.roleAuthority = GeneralNames.GetInstance(instance, false);
break;
case 1:
this.roleName = GeneralName.GetInstance(instance, true);
break;
default:
throw new ArgumentException("Unknown tag in RoleSyntax");
}
}
}
public Target(Choice type, GeneralName name)
: this(new DerTaggedObject((int)type, name))
{
}
/**
* create an AuthorityInformationAccess with the oid and location provided.
*/
public AuthorityInformationAccess(DerObjectIdentifier oid, GeneralName location)
: this(new AccessDescription(oid, location))
{
}
public RoleSyntax(GeneralName roleName)
: this(null, roleName)
{
}
private static X509Certificate2 GenerateCertificate(
string subjectName,
Action <TestCertificateGenerator> modifyGenerator,
RSA rsa,
NuGet.Common.HashAlgorithmName hashAlgorithm,
RSASignaturePaddingMode paddingMode,
ChainCertificateRequest chainCertificateRequest)
{
if (string.IsNullOrEmpty(subjectName))
{
subjectName = "NuGetTest";
}
// Create cert
var subjectDN = $"CN={subjectName}";
var certGen = new TestCertificateGenerator();
var isSelfSigned = true;
X509Certificate2 issuer = null;
DateTimeOffset? notAfter = null;
var keyUsage = X509KeyUsageFlags.DigitalSignature;
if (chainCertificateRequest == null)
{
// Self-signed certificates should have this flag set.
keyUsage |= X509KeyUsageFlags.KeyCertSign;
}
else
{
if (chainCertificateRequest.Issuer != null)
{
isSelfSigned = false;
// for a certificate with an issuer assign Authority Key Identifier
issuer = chainCertificateRequest?.Issuer;
notAfter = issuer.NotAfter.Subtract(TimeSpan.FromMinutes(5));
var publicKey = DotNetUtilities.GetRsaPublicKey(issuer.GetRSAPublicKey());
certGen.Extensions.Add(
new X509Extension(
Oids.AuthorityKeyIdentifier,
new AuthorityKeyIdentifierStructure(publicKey).GetEncoded(),
critical: false));
}
if (chainCertificateRequest.ConfigureCrl)
{
// for a certificate in a chain create CRL distribution point extension
var issuerDN = chainCertificateRequest?.Issuer?.Subject ?? subjectDN;
var crlServerUri = $"{chainCertificateRequest.CrlServerBaseUri}{issuerDN}.crl";
var generalName = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.UniformResourceIdentifier, new DerIA5String(crlServerUri));
var distPointName = new DistributionPointName(new GeneralNames(generalName));
var distPoint = new DistributionPoint(distPointName, null, null);
certGen.Extensions.Add(
new X509Extension(
TestOids.CrlDistributionPoints,
new DerSequence(distPoint).GetDerEncoded(),
critical: false));
}
if (chainCertificateRequest.IsCA)
{
// update key usage with CA cert sign and crl sign attributes
keyUsage |= X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.KeyCertSign;
}
}
var padding = paddingMode.ToPadding();
var request = new CertificateRequest(subjectDN, rsa, hashAlgorithm.ConvertToSystemSecurityHashAlgorithmName(), padding);
bool isCa = isSelfSigned ? true : (chainCertificateRequest?.IsCA ?? false);
certGen.NotAfter = notAfter ?? DateTime.UtcNow.Add(TimeSpan.FromMinutes(30));
certGen.NotBefore = DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(30));
var random = new Random();
var serial = random.Next();
var serialNumber = BitConverter.GetBytes(serial);
Array.Reverse(serialNumber);
certGen.SetSerialNumber(serialNumber);
certGen.Extensions.Add(
new X509SubjectKeyIdentifierExtension(request.PublicKey, critical: false));
certGen.Extensions.Add(
new X509KeyUsageExtension(keyUsage, critical: false));
certGen.Extensions.Add(
new X509BasicConstraintsExtension(certificateAuthority: isCa, hasPathLengthConstraint: false, pathLengthConstraint: 0, critical: true));
// Allow changes
modifyGenerator?.Invoke(certGen);
foreach (var extension in certGen.Extensions)
{
request.CertificateExtensions.Add(extension);
}
X509Certificate2 certResult;
if (isSelfSigned)
{
certResult = request.CreateSelfSigned(certGen.NotBefore, certGen.NotAfter);
}
else
{
using (var temp = request.Create(issuer, certGen.NotBefore, certGen.NotAfter, certGen.SerialNumber))
{
certResult = temp.CopyWithPrivateKey(rsa);
}
}
return(new X509Certificate2(certResult.Export(X509ContentType.Pkcs12), password: (string)null, keyStorageFlags: X509KeyStorageFlags.Exportable));
}
public GeneralSubtree(
GeneralName baseName)
: this(baseName, null, null)
{
}
public AuthorityInformationAccess(
DerObjectIdentifier oid,
GeneralName location)
{
this.descriptions = new AccessDescription[] { new AccessDescription(oid, location) };
}
/// <summary>Construct a GeneralNames object containing one GeneralName.</summary>
/// <param name="name">The name to be contained.</param>
public GeneralNames(
GeneralName name)
{
names = new GeneralName[] { name };
}
public static GeneralName GetInstance(
Asn1TaggedObject tagObj,
bool explicitly)
{
return(GeneralName.GetInstance(Asn1TaggedObject.GetInstance(tagObj, explicitly)));
}
public AccessDescription(DerObjectIdentifier oid, GeneralName location)
{
accessMethod = oid;
accessLocation = location;
}
/// <summary>
/// Create a self signed certificate with bouncy castle.
/// </summary>
public static X509Certificate2 GenerateCertificate(
string subjectName,
Action <X509V3CertificateGenerator> modifyGenerator,
string signatureAlgorithm = "SHA256WITHRSA",
int publicKeyLength = 2048,
ChainCertificateRequest chainCertificateRequest = null)
{
if (string.IsNullOrEmpty(subjectName))
{
subjectName = "NuGetTest";
}
var random = new SecureRandom();
var keyPair = GenerateKeyPair(publicKeyLength);
// Create cert
var subjectDN = $"CN={subjectName}";
var certGen = new X509V3CertificateGenerator();
certGen.SetSubjectDN(new X509Name(subjectDN));
// default to new key pair
var issuerPrivateKey = keyPair.Private;
var keyUsage = KeyUsage.DigitalSignature;
var issuerDN = chainCertificateRequest?.IssuerDN ?? subjectDN;
certGen.SetIssuerDN(new X509Name(issuerDN));
#if IS_DESKTOP
if (chainCertificateRequest != null)
{
if (chainCertificateRequest.Issuer != null)
{
// for a certificate with an issuer assign Authority Key Identifier
var issuer = chainCertificateRequest?.Issuer;
var bcIssuer = DotNetUtilities.FromX509Certificate(issuer);
var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(bcIssuer);
issuerPrivateKey = DotNetUtilities.GetKeyPair(issuer.PrivateKey).Private;
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifier);
}
if (chainCertificateRequest.ConfigureCrl)
{
// for a certificate in a chain create CRL distribution point extension
var crlServerUri = $"{chainCertificateRequest.CrlServerBaseUri}{issuerDN}.crl";
var generalName = new Org.BouncyCastle.Asn1.X509.GeneralName(Org.BouncyCastle.Asn1.X509.GeneralName.UniformResourceIdentifier, new DerIA5String(crlServerUri));
var distPointName = new DistributionPointName(new GeneralNames(generalName));
var distPoint = new DistributionPoint(distPointName, null, null);
certGen.AddExtension(X509Extensions.CrlDistributionPoints, critical: false, extensionValue: new DerSequence(distPoint));
}
if (chainCertificateRequest.IsCA)
{
// update key usage with CA cert sign and crl sign attributes
keyUsage |= KeyUsage.CrlSign | KeyUsage.KeyCertSign;
}
}
#endif
certGen.SetNotAfter(DateTime.UtcNow.Add(TimeSpan.FromHours(1)));
certGen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromHours(1)));
certGen.SetPublicKey(keyPair.Public);
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certGen.SetSerialNumber(serialNumber);
var subjectKeyIdentifier = new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, subjectKeyIdentifier);
certGen.AddExtension(X509Extensions.KeyUsage.Id, false, new KeyUsage(keyUsage));
certGen.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(chainCertificateRequest?.IsCA ?? false));
// Allow changes
modifyGenerator?.Invoke(certGen);
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issuerPrivateKey, random);
var certificate = certGen.Generate(signatureFactory);
var certResult = new X509Certificate2(certificate.GetEncoded());
#if IS_DESKTOP
certResult.PrivateKey = DotNetUtilities.ToRSA(keyPair.Private as RsaPrivateCrtKeyParameters);
#endif
return(certResult);
}
/// <summary>Construct a GeneralNames object containing one GeneralName.</summary>
/// <param name="name">The name to be contained.</param>
public GeneralNames(
GeneralName name)
{
this.seq = new DerSequence(name);
}