/// <summary> /// Encodes current object to a ASN.1-encoded byte array. /// </summary> /// <returns>ASN.1-encoded byte array.</returns> /// <remarks> /// Explicit notice text is always encoded as a <strong>BMPString</strong>. /// <para>Notice reference is encoded in the following sequence: attempts to encode a string as a /// <strong>VisibleString</strong> and then as a <strong>BMPString</strong> if <strong>VisibleString</strong> fails.</para> /// </remarks> public Byte[] Encode() { switch (Type) { case X509PolicyQualifierType.CpsUrl: if (String.IsNullOrEmpty(PolicyUrl.AbsoluteUri)) { throw new UninitializedObjectException(); } List <Byte> rawData = new List <Byte>(); rawData.AddRange(Asn1Utils.EncodeObjectIdentifier(new Oid("1.3.6.1.5.5.7.2.1"))); rawData.AddRange(Asn1Utils.EncodeIA5String(PolicyUrl.AbsoluteUri)); return(Asn1Utils.Encode(rawData.ToArray(), 48)); case X509PolicyQualifierType.UserNotice: List <Byte> refpart = new List <Byte>(); if (!String.IsNullOrEmpty(NoticeReference)) { refpart.AddRange(EncodeString(NoticeReference)); refpart.AddRange(Asn1Utils.Encode(new Asn1Integer(NoticeNumber).RawData, 48)); refpart = new List <Byte>(Asn1Utils.Encode(refpart.ToArray(), 48)); } if (!String.IsNullOrEmpty(NoticeText)) { refpart.AddRange(Asn1Utils.EncodeBMPString(NoticeText)); } List <Byte> oid = new List <Byte>(); oid.AddRange(Asn1Utils.EncodeObjectIdentifier(new Oid("1.3.6.1.5.5.7.2.2"))); oid.AddRange(Asn1Utils.Encode(refpart.ToArray(), 48)); return(Asn1Utils.Encode(oid.ToArray(), 48)); default: throw new UninitializedObjectException(); } }
static IEnumerable <Byte> EncodeString(String str) { try { return(Asn1Utils.EncodeVisibleString(str)); } catch { return(Asn1Utils.EncodeBMPString(str)); } }
void readExtensions() { schemaVersion = (Int32)_entry[DsUtils.PropPkiSchemaVersion]; foreach (String oid in new[] { X509ExtensionOid.KeyUsage, X509ExtensionOid.EnhancedKeyUsage, X509ExtensionOid.CertificatePolicies, X509ExtensionOid.CertTemplateInfoV2, X509ExtensionOid.BasicConstraints, X509ExtensionOid.OcspRevNoCheck }) { switch (oid) { case X509ExtensionOid.KeyUsage: _extensions.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, isExtensionCritical(X509ExtensionOid.KeyUsage))); break; case X509ExtensionOid.EnhancedKeyUsage: if (_ekuList.Count == 0) { break; } _extensions.Add(new X509EnhancedKeyUsageExtension(EnhancedKeyUsage, isExtensionCritical(X509ExtensionOid.EnhancedKeyUsage))); _extensions.Add(new X509ApplicationPoliciesExtension(EnhancedKeyUsage, isExtensionCritical(X509ExtensionOid.ApplicationPolicies))); break; case X509ExtensionOid.CertificatePolicies: if (_certPolicies.Count > 0) { var policies = new X509CertificatePolicyCollection(); foreach (Oid policyOid in _certPolicies) { var oid2 = new Oid2(policyOid.Value, OidGroupEnum.IssuancePolicy, true); X509CertificatePolicy policy = new X509CertificatePolicy(policyOid.Value); try { policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0])); } catch { } policies.Add(policy); } _extensions.Add(new X509CertificatePoliciesExtension(policies, isExtensionCritical( X509ExtensionOid.CertificatePolicies))); } break; case X509ExtensionOid.CertTemplateInfoV2: Boolean isCritical = isExtensionCritical(X509ExtensionOid.CertTemplateInfoV2); if (schemaVersion == 1) { _extensions.Add(new X509Extension(new Oid(X509ExtensionOid.CertificateTemplate), Asn1Utils.EncodeBMPString((String)_entry[DsUtils.PropCN]), isCritical)); } else { Int32 major = (Int32)_entry[DsUtils.PropPkiTemplateMajorVersion]; Int32 minor = (Int32)_entry[DsUtils.PropPkiTemplateMinorVersion]; var templateOid = new Oid((String)_entry[DsUtils.PropCertTemplateOid]); var extension = new X509CertificateTemplateExtension(templateOid, major, minor) { Critical = isCritical }; _extensions.Add(extension); } break; case X509ExtensionOid.BasicConstraints: if ( SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA || (EnrollmentOptions & CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) > 0 ) { Boolean isCA; if (SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA) { isCA = true; } else { isCA = false; } Boolean hasConstraints = GetPathLengthConstraint() != -1; _extensions.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), isExtensionCritical( X509ExtensionOid.BasicConstraints))); } break; case X509ExtensionOid.OcspRevNoCheck: if ((EnrollmentOptions & CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) > 0) { _extensions.Add(new X509Extension(X509ExtensionOid.OcspRevNoCheck, new Byte[] { 5, 0 }, isExtensionCritical( X509ExtensionOid.OcspRevNoCheck))); } break; } } }
void get_extensions() { schemaVersion = (Int32)_entry.Properties["msPKI-Template-Schema-Version"].Value; foreach (String oid in new [] { "2.5.29.15", "2.5.29.37", "2.5.29.32", "1.3.6.1.4.1.311.20.2", "2.5.29.19", "1.3.6.1.5.5.7.48.1.5" }) { switch (oid) { case "2.5.29.15": _exts.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, test_critical("2.5.29.15"))); break; case "2.5.29.37": if (_ekus.Count == 0) { break; } _exts.Add(new X509EnhancedKeyUsageExtension(_ekus, test_critical("2.5.29.37"))); _exts.Add(new X509ApplicationPoliciesExtension(_ekus, test_critical("1.3.6.1.4.1.311.21.10"))); break; case "2.5.29.32": if (CertificatePolicies.Count > 0) { X509CertificatePolicyCollection policies = new X509CertificatePolicyCollection(); foreach (Oid poloid in CertificatePolicies) { Oid2 oid2 = new Oid2(poloid.Value, OidGroupEnum.IssuancePolicy, true); X509CertificatePolicy policy = new X509CertificatePolicy(poloid.Value); try { policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0])); } catch { } policies.Add(policy); } _exts.Add(new X509CertificatePoliciesExtension(policies, test_critical("2.5.29.32"))); } break; case "1.3.6.1.4.1.311.20.2": if (schemaVersion == 1) { _exts.Add(new X509Extension(new Oid("1.3.6.1.4.1.311.20.2"), Asn1Utils.EncodeBMPString((String)_entry.Properties["cn"].Value), test_critical("1.3.6.1.4.1.311.20.2"))); } else { Int32 major = (Int32)_entry.Properties["Revision"].Value; Int32 minor = (Int32)_entry.Properties["msPKI-Template-Minor-Revision"].Value; Oid tempoid = new Oid((String)_entry.Properties["msPKI-Cert-Template-OID"].Value); _exts.Add(new X509CertificateTemplateExtension(tempoid, major, minor)); _exts[_exts.Count - 1].Critical = test_critical("1.3.6.1.4.1.311.21.7"); } break; case "2.5.29.19": if ( SubjectType == "Certification Authority" || SubjectType == "Cross Certification Authority" || (EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) != 0 ) { Boolean isCA; if (SubjectType == "Certification Authority" || SubjectType == "Cross Certification Authority") { isCA = true; } else { isCA = false; } Boolean hasConstraints = GetPathLengthConstraint() != -1; _exts.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), test_critical("2.5.29.19"))); } break; case "1.3.6.1.5.5.7.48.1.5": if ((EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) != 0) { _exts.Add(new X509Extension("1.3.6.1.5.5.7.48.1.5", new Byte[] { 5, 0 }, test_critical("1.3.6.1.5.5.7.48.1.5"))); } break; } } }
void get_extensions() { schemaVersion = (Int32)_entry[ActiveDirectory.PropPkiSchemaVersion]; foreach (String oid in new [] { X509CertExtensions.X509KeyUsage, X509CertExtensions.X509EnhancedKeyUsage, X509CertExtensions.X509CertificatePolicies, X509CertExtensions.X509CertTemplateInfoV2, X509CertExtensions.X509BasicConstraints, X509CertExtensions.X509OcspRevNoCheck }) { switch (oid) { case X509CertExtensions.X509KeyUsage: _exts.Add(new X509KeyUsageExtension(Cryptography.KeyUsage, test_critical(X509CertExtensions.X509KeyUsage))); break; case X509CertExtensions.X509EnhancedKeyUsage: if (_ekus.Count == 0) { break; } _exts.Add(new X509EnhancedKeyUsageExtension(_ekus, test_critical(X509CertExtensions.X509EnhancedKeyUsage))); _exts.Add(new X509ApplicationPoliciesExtension(_ekus, test_critical(X509CertExtensions.X509ApplicationPolicies))); break; case X509CertExtensions.X509CertificatePolicies: if (CertificatePolicies.Count > 0) { X509CertificatePolicyCollection policies = new X509CertificatePolicyCollection(); foreach (Oid poloid in CertificatePolicies) { Oid2 oid2 = new Oid2(poloid.Value, OidGroupEnum.IssuancePolicy, true); X509CertificatePolicy policy = new X509CertificatePolicy(poloid.Value); try { policy.Add(new X509PolicyQualifier(oid2.GetCPSLinks()[0])); } catch { } policies.Add(policy); } _exts.Add(new X509CertificatePoliciesExtension(policies, test_critical( X509CertExtensions.X509CertificatePolicies))); } break; case X509CertExtensions.X509CertTemplateInfoV2: if (schemaVersion == 1) { _exts.Add(new X509Extension(new Oid(X509CertExtensions.X509CertTemplateInfoV2), Asn1Utils.EncodeBMPString((String)_entry[ActiveDirectory.PropCN]), test_critical( X509CertExtensions.X509CertTemplateInfoV2))); } else { Int32 major = (Int32)_entry[ActiveDirectory.PropPkiTemplateMajorVersion]; Int32 minor = (Int32)_entry[ActiveDirectory.PropPkiTemplateMinorVersion]; Oid tempoid = new Oid((String)_entry[ActiveDirectory.PropCertTemplateOid]); _exts.Add(new X509CertificateTemplateExtension(tempoid, major, minor)); _exts[_exts.Count - 1].Critical = test_critical(X509CertExtensions.X509CertificateTemplate); } break; case X509CertExtensions.X509BasicConstraints: if ( SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA || (EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.BasicConstraintsInEndEntityCerts) != 0 ) { Boolean isCA; if (SubjectType == CertTemplateSubjectType.CA || SubjectType == CertTemplateSubjectType.CrossCA) { isCA = true; } else { isCA = false; } Boolean hasConstraints = GetPathLengthConstraint() != -1; _exts.Add(new X509BasicConstraintsExtension(isCA, hasConstraints, GetPathLengthConstraint(), test_critical( X509CertExtensions.X509BasicConstraints))); } break; case X509CertExtensions.X509OcspRevNoCheck: if ((EnrollmentOptions & (Int32)CertificateTemplateEnrollmentFlags.IncludeOcspRevNoCheck) != 0) { _exts.Add(new X509Extension(X509CertExtensions.X509OcspRevNoCheck, new Byte[] { 5, 0 }, test_critical( X509CertExtensions.X509OcspRevNoCheck))); } break; } } }