public static ECKey FromDER(byte[] der)
{
// To understand this code, see the definition of the ASN.1 format for EC private keys in the OpenSSL source
// code in ec_asn1.c:
//
// ASN1_SEQUENCE(EC_PRIVATEKEY) = {
// ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
// ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
// ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
// ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
// } ASN1_SEQUENCE_END(EC_PRIVATEKEY)
//
Asn1InputStream decoder = new Asn1InputStream(der);
DerSequence seq = (DerSequence)decoder.ReadObject();
CheckArgument(seq.Count == 4, "Input does not appear to be an ASN.1 OpenSSL EC private key");
CheckArgument(((DerInteger)seq[0]).Value.Equals(BigInteger.One),
"Input is of wrong version");
byte[] bits = ((DerOctetString)seq[1]).GetOctets();
#if !PORTABLE
decoder.Close();
#else
decoder.Dispose();
#endif
return(new ECKey(bits, true));
}
public static EcdsaSignature DecodeFromDer(byte[] bytes)
{
try
{
var decoder = new Asn1InputStream(bytes);
var seq = (Asn1Sequence)decoder.ReadObject();
DerInteger r, s;
try
{
r = (DerInteger)seq[0];
s = (DerInteger)seq[1];
}
catch (InvalidCastException)
{
return(null);
}
decoder.Close();
// OpenSSL deviates from the DER spec by interpreting these values as unsigned, though they should not be
// Thus, we always use the positive versions. See: http://r6.ca/blog/20111119T211504Z.html
return(new EcdsaSignature(r.PositiveValue, s.PositiveValue));
}
catch (IOException e)
{
throw new ApplicationException("Decoding form DER failed", e);
}
}
public static bool BouncyCastleVerify(byte[] hash, byte[] signature, byte[] publicKey)
{
Asn1InputStream asn1 = new Asn1InputStream(signature);
try
{
ECDsaSigner signer = new ECDsaSigner();
signer.Init(false, new ECPublicKeyParameters(curve.Curve.DecodePoint(publicKey), domain));
Asn1Sequence seq = (Asn1Sequence)asn1.ReadObject();
DerInteger r = DerInteger.GetInstance(seq[0]);
DerInteger s = DerInteger.GetInstance(seq[1]);
return(signer.VerifySignature(hash, r.PositiveValue, s.PositiveValue));
}
catch (Exception e)
{
return(false);
}
finally
{
try
{
asn1.Close();
}
catch (IOException)
{
}
}
}
public static void Main(string[] args)
{
FileStream inputStream = File.OpenRead(args[0]);
Asn1InputStream asn1InputStream = new Asn1InputStream(inputStream);
Asn1Object obj;
while ((obj = asn1InputStream.ReadObject()) != null)
{
Console.WriteLine(Asn1Dump.DumpAsString(obj));
}
asn1InputStream.Close();
}
public static void Main(string[] args)
{
FileStream fIn = File.OpenRead(args[0]);
Asn1InputStream bIn = new Asn1InputStream(fIn);
Asn1Object obj;
while ((obj = bIn.ReadObject()) != null)
{
Console.WriteLine(Asn1Dump.DumpAsString(obj));
}
bIn.Close();
}
public static string DumpDer(byte[] der)
{
StringBuilder builder = new StringBuilder();
Asn1InputStream decoder = new Asn1InputStream(der);
DerSequence seq = (DerSequence)decoder.ReadObject();
builder.AppendLine("Version : " + Encoders.Hex.EncodeData(seq[0].GetDerEncoded()));
builder.AppendLine("Private : " + Encoders.Hex.EncodeData(seq[1].GetDerEncoded()));
builder.AppendLine("Params : " + Encoders.Hex.EncodeData(((DerTaggedObject)seq[2]).GetObject().GetDerEncoded()));
builder.AppendLine("Public : " + Encoders.Hex.EncodeData(seq[3].GetDerEncoded()));
decoder.Close();
return(builder.ToString());
}
public static void Main(string[] args)
{
FileStream fIn = File.OpenRead(args[0]);
Asn1InputStream bIn = new Asn1InputStream(fIn);
Asn1Object obj;
while ((obj = bIn.ReadObject()) != null)
{
Console.WriteLine(Asn1Dump.DumpAsString(obj));
}
bIn.Close();
}
/******** EXTERNAL OBJECT PUBLIC METHODS - END ********/
private bool ReadBase64(string base64)
{
byte[] keybytes = Base64.Decode(base64);
Asn1InputStream istream = new Asn1InputStream(keybytes);
Asn1Sequence seq = (Asn1Sequence)istream.ReadObject();
this.privateKeyInfo = PrivateKeyInfo.GetInstance(seq);
istream.Close();
if (this.privateKeyInfo == null)
{
this.error.setError("PK015", "Could not read private key from base64 string");
return(false);
}
this.privateKeyAlgorithm = this.privateKeyInfo.PrivateKeyAlgorithm.Algorithm.Id;//this.privateKeyInfo.GetPrivateKeyAlgorithm().getAlgorithm().getId(); // 1.2.840.113549.1.1.1
return(true);
}
private byte[] Authenticode(byte[] bRequest, DateTime signTime)
{
string requestString = "";
for (int i = 0; i < bRequest.Length; i++)
{
if (bRequest[i] >= 32)
{
requestString += (char)bRequest[i];
}
}
bRequest = Convert.FromBase64String(requestString);
Asn1InputStream asn1InputStream = new Asn1InputStream(bRequest);
Asn1Sequence instance = Asn1Sequence.GetInstance(asn1InputStream.ReadObject());
Asn1Sequence instance2 = Asn1Sequence.GetInstance(instance[1]);
Asn1TaggedObject instance3 = Asn1TaggedObject.GetInstance(instance2[1]);
Asn1OctetString instance4 = Asn1OctetString.GetInstance(instance3.GetObject());
byte[] octets = instance4.GetOctets();
asn1InputStream.Close();
Asn1EncodableVector signedAttributes = new Asn1EncodableVector();
signedAttributes.Add(new Attribute(CmsAttributes.ContentType, new DerSet(new DerObjectIdentifier("1.2.840.113549.1.7.1"))));
signedAttributes.Add(new Attribute(CmsAttributes.SigningTime, new DerSet(new DerUtcTime(signTime))));
AttributeTable signedAttributesTable = new AttributeTable(signedAttributes);
signedAttributesTable.ToAsn1EncodableVector();
DefaultSignedAttributeTableGenerator signedAttributeGenerator = new DefaultSignedAttributeTableGenerator(signedAttributesTable);
SignerInfoGeneratorBuilder signerInfoBuilder = new SignerInfoGeneratorBuilder();
signerInfoBuilder.WithSignedAttributeGenerator(signedAttributeGenerator);
ISignatureFactory signatureFactory = new Asn1SignatureFactory(hashAlg + "WithRSA", priKey);
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSignerInfoGenerator(signerInfoBuilder.Build(signatureFactory, x509Cert));
generator.AddCertificates(x509Store);
CmsSignedData cmsSignedData = generator.Generate(new CmsProcessableByteArray(octets), true);
byte[] result = cmsSignedData.ContentInfo.GetEncoded("DER");
return(Encoding.ASCII.GetBytes(Convert.ToBase64String(result).ToArray()));
}
public static AsyncCertificateRequest Parse(ProtocolVersion version, IByteBuffer data)
{
int numTypes = data.ReadByte() & 0x0FF;
byte[] certificateTypes = new byte[numTypes];
for (int i = 0; i < numTypes; ++i)
{
certificateTypes[i] = data.ReadByte();
}
IList supportedSignatureAlgorithms = null;
if (ProtocolVersion.TLSv12.IsEqualOrEarlierVersionOf(version.GetEquivalentTLSVersion()))
{
supportedSignatureAlgorithms = DtlsHelper.ParseSupportedSignatureAlgorithms(false, data);
}
IList certificateAuthorities = new List <X509Name>();
int remainingBytes = data.ReadUnsignedShort();
while (remainingBytes > 0)
{
byte[] derEncoding = new byte[data.ReadUnsignedShort()];
data.ReadBytes(derEncoding);
Asn1InputStream asn1 = new Asn1InputStream(derEncoding);
Asn1Object result = asn1.ReadObject();
asn1.Close();
if (null == result)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
if (null != asn1.ReadObject())
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
certificateAuthorities.Add(X509Name.GetInstance(result));
remainingBytes -= 2 + derEncoding.Length;
}
return(new AsyncCertificateRequest(certificateTypes, supportedSignatureAlgorithms, certificateAuthorities));
}
public static EcdsaSignature DecodeFromDer(byte[] bytes)
{
Asn1InputStream decoder = new Asn1InputStream(bytes);
DerInteger r, s;
try
{
DerSequence seq = (DerSequence)decoder.ReadObject();
r = (DerInteger)seq[0];
s = (DerInteger)seq[1];
}
catch (System.InvalidCastException)
{
return(null);
}
finally
{
decoder.Close();
}
// OpenSSL deviates from the DER spec by interpreting these values as unsigned, though they should not be
// Thus, we always use the positive versions. See: http://r6.ca/blog/20111119T211504Z.html
return(new EcdsaSignature(r.PositiveValue, s.PositiveValue));
}
public static EcdsaSignature DecodeFromDer(byte[] bytes)
{
Asn1InputStream decoder = new Asn1InputStream(bytes);
DerInteger r, s;
try
{
DerSequence seq = (DerSequence)decoder.ReadObject();
r = (DerInteger) seq[0];
s = (DerInteger) seq[1];
}
catch (System.InvalidCastException)
{
return null;
}
finally
{
decoder.Close();
}
// OpenSSL deviates from the DER spec by interpreting these values as unsigned, though they should not be
// Thus, we always use the positive versions. See: http://r6.ca/blog/20111119T211504Z.html
return new EcdsaSignature(r.PositiveValue, s.PositiveValue);
}
