public OriginatorPublicKey(
AlgorithmIdentifier algorithm,
byte[] publicKey)
{
this.algorithm = algorithm;
this.publicKey = new DerBitString(publicKey);
}
private AttributeCertificateInfo(
Asn1Sequence seq)
{
if (seq.Count < 7 || seq.Count > 9)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
this.version = DerInteger.GetInstance(seq[0]);
this.holder = Holder.GetInstance(seq[1]);
this.issuer = AttCertIssuer.GetInstance(seq[2]);
this.signature = AlgorithmIdentifier.GetInstance(seq[3]);
this.serialNumber = DerInteger.GetInstance(seq[4]);
this.attrCertValidityPeriod = AttCertValidityPeriod.GetInstance(seq[5]);
this.attributes = Asn1Sequence.GetInstance(seq[6]);
for (int i = 7; i < seq.Count; i++)
{
Asn1Encodable obj = (Asn1Encodable) seq[i];
if (obj is DerBitString)
{
this.issuerUniqueID = DerBitString.GetInstance(seq[i]);
}
else if (obj is Asn1Sequence || obj is X509Extensions)
{
this.extensions = X509Extensions.GetInstance(seq[i]);
}
}
}
public AttributeCertificate(
AttributeCertificateInfo acinfo,
AlgorithmIdentifier signatureAlgorithm,
DerBitString signatureValue)
{
this.acinfo = acinfo;
this.signatureAlgorithm = signatureAlgorithm;
this.signatureValue = signatureValue;
}
private CertificateList(
Asn1Sequence seq)
{
if (seq.Count != 3)
throw new ArgumentException("sequence wrong size for CertificateList", "seq");
tbsCertList = TbsCertificateList.GetInstance(seq[0]);
sigAlgID = AlgorithmIdentifier.GetInstance(seq[1]);
sig = DerBitString.GetInstance(seq[2]);
}
private AttributeCertificate(
Asn1Sequence seq)
{
if (seq.Count != 3)
throw new ArgumentException("Bad sequence size: " + seq.Count);
this.acinfo = AttributeCertificateInfo.GetInstance(seq[0]);
this.signatureAlgorithm = AlgorithmIdentifier.GetInstance(seq[1]);
this.signatureValue = DerBitString.GetInstance(seq[2]);
}
public BasicOcspResponse(
ResponseData tbsResponseData,
AlgorithmIdentifier signatureAlgorithm,
DerBitString signature,
Asn1Sequence certs)
{
this.tbsResponseData = tbsResponseData;
this.signatureAlgorithm = signatureAlgorithm;
this.signature = signature;
this.certs = certs;
}
private Signature(
Asn1Sequence seq)
{
signatureAlgorithm = AlgorithmIdentifier.GetInstance(seq[0]);
signatureValue = (DerBitString)seq[1];
if (seq.Count == 3)
{
certs = Asn1Sequence.GetInstance(
(Asn1TaggedObject)seq[2], true);
}
}
private BasicOcspResponse(
Asn1Sequence seq)
{
this.tbsResponseData = ResponseData.GetInstance(seq[0]);
this.signatureAlgorithm = AlgorithmIdentifier.GetInstance(seq[1]);
this.signature = (DerBitString)seq[2];
if (seq.Count > 3)
{
this.certs = Asn1Sequence.GetInstance((Asn1TaggedObject)seq[3], true);
}
}
public Signature(
AlgorithmIdentifier signatureAlgorithm,
DerBitString signatureValue,
Asn1Sequence certs)
{
if (signatureAlgorithm == null)
throw new ArgumentException("signatureAlgorithm");
if (signatureValue == null)
throw new ArgumentException("signatureValue");
this.signatureAlgorithm = signatureAlgorithm;
this.signatureValue = signatureValue;
this.certs = certs;
}
public ECPrivateKeyStructure(
BigInteger key,
DerBitString publicKey,
Asn1Encodable parameters)
{
if (key == null)
throw new ArgumentNullException("key");
Asn1EncodableVector v = new Asn1EncodableVector(
new DerInteger(1),
new DerOctetString(key.ToByteArrayUnsigned()));
if (parameters != null)
{
v.Add(new DerTaggedObject(true, 0, parameters));
}
if (publicKey != null)
{
v.Add(new DerTaggedObject(true, 1, publicKey));
}
this.seq = new DerSequence(v);
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
AsymmetricKeyParameter key)
{
if (key == null)
throw new ArgumentNullException("key");
if (!key.IsPrivate)
throw new ArgumentException("Public key passed - private key expected", "key");
if (key is ElGamalPrivateKeyParameters)
{
ElGamalPrivateKeyParameters _key = (ElGamalPrivateKeyParameters)key;
return new PrivateKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(
_key.Parameters.P,
_key.Parameters.G).ToAsn1Object()),
new DerInteger(_key.X));
}
if (key is DsaPrivateKeyParameters)
{
DsaPrivateKeyParameters _key = (DsaPrivateKeyParameters)key;
return new PrivateKeyInfo(
new AlgorithmIdentifier(
X9ObjectIdentifiers.IdDsa,
new DsaParameter(
_key.Parameters.P,
_key.Parameters.Q,
_key.Parameters.G).ToAsn1Object()),
new DerInteger(_key.X));
}
if (key is DHPrivateKeyParameters)
{
DHPrivateKeyParameters _key = (DHPrivateKeyParameters)key;
DHParameter p = new DHParameter(
_key.Parameters.P, _key.Parameters.G, _key.Parameters.L);
return new PrivateKeyInfo(
new AlgorithmIdentifier(_key.AlgorithmOid, p.ToAsn1Object()),
new DerInteger(_key.X));
}
if (key is RsaKeyParameters)
{
AlgorithmIdentifier algID = new AlgorithmIdentifier(
PkcsObjectIdentifiers.RsaEncryption, DerNull.Instance);
RsaPrivateKeyStructure keyStruct;
if (key is RsaPrivateCrtKeyParameters)
{
RsaPrivateCrtKeyParameters _key = (RsaPrivateCrtKeyParameters)key;
keyStruct = new RsaPrivateKeyStructure(
_key.Modulus,
_key.PublicExponent,
_key.Exponent,
_key.P,
_key.Q,
_key.DP,
_key.DQ,
_key.QInv);
}
else
{
RsaKeyParameters _key = (RsaKeyParameters) key;
keyStruct = new RsaPrivateKeyStructure(
_key.Modulus,
BigInteger.Zero,
_key.Exponent,
BigInteger.Zero,
BigInteger.Zero,
BigInteger.Zero,
BigInteger.Zero,
BigInteger.Zero);
}
return new PrivateKeyInfo(algID, keyStruct.ToAsn1Object());
}
if (key is ECPrivateKeyParameters)
{
ECPrivateKeyParameters priv = (ECPrivateKeyParameters)key;
ECDomainParameters dp = priv.Parameters;
int orderBitLength = dp.N.BitLength;
AlgorithmIdentifier algID;
ECPrivateKeyStructure ec;
if (priv.AlgorithmName == "ECGOST3410")
{
if (priv.PublicKeyParamSet == null)
throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
priv.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet);
algID = new AlgorithmIdentifier(CryptoProObjectIdentifiers.GostR3410x2001, gostParams);
// TODO Do we need to pass any parameters here?
ec = new ECPrivateKeyStructure(orderBitLength, priv.D);
}
else
{
X962Parameters x962;
if (priv.PublicKeyParamSet == null)
{
X9ECParameters ecP = new X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed());
x962 = new X962Parameters(ecP);
}
else
{
x962 = new X962Parameters(priv.PublicKeyParamSet);
}
DerBitString publicKey = new DerBitString(ECKeyPairGenerator.GetCorrespondingPublicKey(priv).Q.GetEncoded());
ec = new ECPrivateKeyStructure(orderBitLength, priv.D, publicKey, x962);
algID = new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, x962);
}
return new PrivateKeyInfo(algID, ec);
}
if (key is Gost3410PrivateKeyParameters)
{
Gost3410PrivateKeyParameters _key = (Gost3410PrivateKeyParameters)key;
if (_key.PublicKeyParamSet == null)
throw Platform.CreateNotImplementedException("Not a CryptoPro parameter set");
byte[] keyEnc = _key.X.ToByteArrayUnsigned();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyBytes.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // must be little endian
}
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
_key.PublicKeyParamSet, CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet, null);
AlgorithmIdentifier algID = new AlgorithmIdentifier(
CryptoProObjectIdentifiers.GostR3410x94,
algParams.ToAsn1Object());
return new PrivateKeyInfo(algID, new DerOctetString(keyBytes));
}
throw new ArgumentException("Class provided is not convertible: " + Platform.GetTypeName(key));
}
private void init(
ISignatureFactory signatureCalculator,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes,
AsymmetricKeyParameter signingKey)
{
this.sigAlgId = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails;
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] reqInfoData = reqInfo.GetDerEncoded();
streamCalculator.Stream.Write(reqInfoData, 0, reqInfoData.Length);
Platform.Dispose(streamCalculator.Stream);
// Generate Signature.
sigBits = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
}
public OriginatorPublicKey(
Asn1Sequence seq)
{
algorithm = AlgorithmIdentifier.GetInstance(seq[0]);
publicKey = (DerBitString) seq[1];
}
public Signature(
AlgorithmIdentifier signatureAlgorithm,
DerBitString signatureValue)
: this(signatureAlgorithm, signatureValue, null)
{
}
protected virtual DerBitString CorruptSignature(DerBitString bs)
{
return new DerBitString(CorruptBit(bs.GetOctets()));
}
protected virtual DerBitString CorruptBitString(DerBitString bs)
{
return new DerBitString(CorruptBit(bs.GetBytes()));
}
public void SignRequest(DerBitString signedData)
{
//build the signature from the signed data
sigBits = signedData;
}
public void SignRequest(byte[] signedData)
{
//build the signature from the signed data
sigBits = new DerBitString(signedData);
}
public ECPrivateKeyStructure(
int orderBitLength,
BigInteger key,
DerBitString publicKey,
Asn1Encodable parameters)
{
if (key == null)
throw new ArgumentNullException("key");
if (orderBitLength < key.BitLength)
throw new ArgumentException("must be >= key bitlength", "orderBitLength");
byte[] bytes = BigIntegers.AsUnsignedByteArray((orderBitLength + 7) / 8, key);
Asn1EncodableVector v = new Asn1EncodableVector(
new DerInteger(1),
new DerOctetString(bytes));
if (parameters != null)
{
v.Add(new DerTaggedObject(true, 0, parameters));
}
if (publicKey != null)
{
v.Add(new DerTaggedObject(true, 1, publicKey));
}
this.seq = new DerSequence(v);
}
private void init(
ISignatureCalculator signatureCalculator,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes,
AsymmetricKeyParameter signingKey)
{
this.sigAlgId = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails;
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
Stream sigStream = signatureCalculator.GetSignatureUpdater();
byte[] reqInfoData = reqInfo.GetDerEncoded();
sigStream.Write(reqInfoData, 0, reqInfoData.Length);
// Generate Signature.
sigBits = new DerBitString(signatureCalculator.Signature());
}
/// <summary>
/// Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
/// </summary>
///<param name="signatureAlgorithm">Name of Sig Alg.</param>
/// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param>
/// <param name="publicKey">Public Key to be included in cert reqest.</param>
/// <param name="attributes">ASN1Set of Attributes.</param>
/// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param>
public Pkcs10CertificationRequest(
string signatureAlgorithm,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes,
AsymmetricKeyParameter signingKey)
{
if (signatureAlgorithm == null)
throw new ArgumentNullException("signatureAlgorithm");
if (subject == null)
throw new ArgumentNullException("subject");
if (publicKey == null)
throw new ArgumentNullException("publicKey");
if (publicKey.IsPrivate)
throw new ArgumentException("expected public key", "publicKey");
if (!signingKey.IsPrivate)
throw new ArgumentException("key for signing must be private", "signingKey");
// DerObjectIdentifier sigOid = SignerUtilities.GetObjectIdentifier(signatureAlgorithm);
string algorithmName = signatureAlgorithm.ToUpper(CultureInfo.InvariantCulture);
DerObjectIdentifier sigOid = (DerObjectIdentifier) algorithms[algorithmName];
if (sigOid == null)
{
try
{
sigOid = new DerObjectIdentifier(algorithmName);
}
catch (Exception e)
{
throw new ArgumentException("Unknown signature type requested", e);
}
}
if (noParams.Contains(sigOid))
{
this.sigAlgId = new AlgorithmIdentifier(sigOid);
}
else if (exParams.Contains(algorithmName))
{
this.sigAlgId = new AlgorithmIdentifier(sigOid, (Asn1Encodable) exParams[algorithmName]);
}
else
{
this.sigAlgId = new AlgorithmIdentifier(sigOid, DerNull.Instance);
}
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
ISigner sig = SignerUtilities.GetSigner(signatureAlgorithm);
sig.Init(true, signingKey);
try
{
// Encode.
byte[] b = reqInfo.GetDerEncoded();
sig.BlockUpdate(b, 0, b.Length);
}
catch (Exception e)
{
throw new ArgumentException("exception encoding TBS cert request", e);
}
// Generate Signature.
sigBits = new DerBitString(sig.GenerateSignature());
}
private OcspReq GenerateRequest(
DerObjectIdentifier signingAlgorithm,
AsymmetricKeyParameter privateKey,
X509Certificate[] chain,
SecureRandom random)
{
Asn1EncodableVector requests = new Asn1EncodableVector();
foreach (RequestObject reqObj in list)
{
try
{
requests.Add(reqObj.ToRequest());
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
TbsRequest tbsReq = new TbsRequest(requestorName, new DerSequence(requests), requestExtensions);
ISigner sig = null;
Signature signature = null;
if (signingAlgorithm != null)
{
if (requestorName == null)
{
throw new OcspException("requestorName must be specified if request is signed.");
}
try
{
sig = SignerUtilities.GetSigner(signingAlgorithm.Id);
if (random != null)
{
sig.Init(true, new ParametersWithRandom(privateKey, random));
}
else
{
sig.Init(true, privateKey);
}
}
catch (Exception e)
{
throw new OcspException("exception creating signature: " + e, e);
}
DerBitString bitSig = null;
try
{
byte[] encoded = tbsReq.GetEncoded();
sig.BlockUpdate(encoded, 0, encoded.Length);
bitSig = new DerBitString(sig.GenerateSignature());
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DerNull.Instance);
if (chain != null && chain.Length > 0)
{
Asn1EncodableVector v = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(chain[i].GetEncoded())));
}
}
catch (IOException e)
{
throw new OcspException("error processing certs", e);
}
catch (CertificateEncodingException e)
{
throw new OcspException("error encoding certs", e);
}
signature = new Signature(sigAlgId, bitSig, new DerSequence(v));
}
else
{
signature = new Signature(sigAlgId, bitSig);
}
}
return new OcspReq(new OcspRequest(tbsReq, signature));
}
private BasicOcspResp GenerateResponse(
string signatureName,
AsymmetricKeyParameter privateKey,
X509Certificate[] chain,
DateTime producedAt,
SecureRandom random)
{
DerObjectIdentifier signingAlgorithm;
try
{
signingAlgorithm = OcspUtilities.GetAlgorithmOid(signatureName);
}
catch (Exception e)
{
throw new ArgumentException("unknown signing algorithm specified", e);
}
Asn1EncodableVector responses = new Asn1EncodableVector();
foreach (ResponseObject respObj in list)
{
try
{
responses.Add(respObj.ToResponse());
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions);
ISigner sig = null;
try
{
sig = SignerUtilities.GetSigner(signatureName);
if (random != null)
{
sig.Init(true, new ParametersWithRandom(privateKey, random));
}
else
{
sig.Init(true, privateKey);
}
}
catch (Exception e)
{
throw new OcspException("exception creating signature: " + e, e);
}
DerBitString bitSig = null;
try
{
byte[] encoded = tbsResp.GetDerEncoded();
sig.BlockUpdate(encoded, 0, encoded.Length);
bitSig = new DerBitString(sig.GenerateSignature());
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = OcspUtilities.GetSigAlgID(signingAlgorithm);
if (chain != null && chain.Length > 0)
{
Asn1EncodableVector v = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(chain[i].GetEncoded())));
}
}
catch (IOException e)
{
throw new OcspException("error processing certs", e);
}
catch (Security.Certificates.CertificateEncodingException e)
{
throw new OcspException("error encoding certs", e);
}
return new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, new DerSequence(v)));
}
else
{
return new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, null));
}
}
public NetscapeCertType(DerBitString usage)
: base(usage.GetBytes(), usage.PadBits)
{
}
private BasicOcspResp GenerateResponse(
ISignatureCalculator signatureCalculator,
X509Certificate[] chain,
DateTime producedAt)
{
AlgorithmIdentifier signingAlgID = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails;
DerObjectIdentifier signingAlgorithm = signingAlgID.Algorithm;
Asn1EncodableVector responses = new Asn1EncodableVector();
foreach (ResponseObject respObj in list)
{
try
{
responses.Add(respObj.ToResponse());
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions);
DerBitString bitSig = null;
try
{
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] encoded = tbsResp.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
streamCalculator.Stream.Close();
bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).DoFinal());
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = OcspUtilities.GetSigAlgID(signingAlgorithm);
DerSequence chainSeq = null;
if (chain != null && chain.Length > 0)
{
Asn1EncodableVector v = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(chain[i].GetEncoded())));
}
}
catch (IOException e)
{
throw new OcspException("error processing certs", e);
}
catch (CertificateEncodingException e)
{
throw new OcspException("error encoding certs", e);
}
chainSeq = new DerSequence(v);
}
return new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, chainSeq));
}
