/// <summary>
/// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
/// <returns>An IX509AttributeCertificate.</returns>
public IX509AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory)
{
if (!extGenerator.IsEmpty)
{
acInfoGen.SetExtensions(extGenerator.Generate());
}
AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo();
byte[] encoded = acInfo.GetDerEncoded();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
Platform.Dispose(streamCalculator.Stream);
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(acInfo, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
try
{
v.Add(new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()));
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(v))));
}
catch (Exception e)
{
// TODO
// throw new ExtCertificateEncodingException("constructed invalid certificate", e);
throw new CertificateEncodingException("constructed invalid certificate", e);
}
}
public IX509AttributeCertificate Generate(AsymmetricKeyParameter publicKey, SecureRandom random)
{
if (!this.extGenerator.IsEmpty)
{
this.acInfoGen.SetExtensions(this.extGenerator.Generate());
}
AttributeCertificateInfo attributeCertificateInfo = this.acInfoGen.GenerateAttributeCertificateInfo();
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]);
asn1EncodableVector.Add(new Asn1Encodable[]
{
attributeCertificateInfo,
this.sigAlgId
});
IX509AttributeCertificate result;
try
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
new DerBitString(X509Utilities.GetSignatureForObject(this.sigOID, this.signatureAlgorithm, publicKey, random, attributeCertificateInfo))
});
result = new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(asn1EncodableVector)));
}
catch (Exception e)
{
throw new CertificateEncodingException("constructed invalid certificate", e);
}
return(result);
}
/// <summary>
/// Generate an X509 certificate, based on the current issuer and subject,
/// using the supplied source of randomness, if required.
/// </summary>
public IX509AttributeCertificate Generate(
AsymmetricKeyParameter publicKey,
SecureRandom random)
{
if (!extGenerator.IsEmpty)
{
acInfoGen.SetExtensions(extGenerator.Generate());
}
AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo();
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(acInfo, sigAlgId);
try
{
v.Add(new DerBitString(X509Utilities.GetSignatureForObject(sigOID, signatureAlgorithm, publicKey, random, acInfo)));
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(v))));
}
catch (Exception e)
{
// TODO
// throw new ExtCertificateEncodingException("constructed invalid certificate", e);
throw new CertificateEncodingException("constructed invalid certificate", e);
}
}
public void AddAttributeCertificates(IX509Store store)
{
try
{
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)store.GetMatches(null)).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
IX509AttributeCertificate iX509AttributeCertificate = (IX509AttributeCertificate)enumerator.get_Current();
_certs.Add((object)new DerTaggedObject(explicitly: false, 2, AttributeCertificate.GetInstance(Asn1Object.FromByteArray(iX509AttributeCertificate.GetEncoded()))));
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
catch (global::System.Exception e)
{
throw new CmsException("error processing attribute certs", e);
}
}
private IX509AttributeCertificate ReadPemCertificate(Stream inStream)
{
Asn1Sequence asn1Sequence = X509AttrCertParser.PemAttrCertParser.ReadPemObject(inStream);
if (asn1Sequence != null)
{
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(asn1Sequence)));
}
return(null);
}
private IX509AttributeCertificate ReadPemCertificate(
Stream inStream)
{
Asn1Sequence seq = PemAttrCertParser.ReadPemObject(inStream);
return(seq == null
? null
//: new X509V2AttributeCertificate(seq.getEncoded());
: new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq)));
}
private IX509AttributeCertificate ReadDerCertificate(Asn1InputStream dIn)
{
Asn1Sequence asn1Sequence = (Asn1Sequence)dIn.ReadObject();
if (asn1Sequence.Count > 1 && asn1Sequence[0] is DerObjectIdentifier && asn1Sequence[0].Equals(PkcsObjectIdentifiers.SignedData))
{
this.sData = SignedData.GetInstance(Asn1Sequence.GetInstance((Asn1TaggedObject)asn1Sequence[1], true)).Certificates;
return(this.GetCertificate());
}
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(asn1Sequence)));
}
internal X509V2AttributeCertificate(AttributeCertificate cert)
{
this.cert = cert;
try
{
this.notAfter = cert.ACInfo.AttrCertValidityPeriod.NotAfterTime.ToDateTime();
this.notBefore = cert.ACInfo.AttrCertValidityPeriod.NotBeforeTime.ToDateTime();
}
catch (Exception innerException)
{
throw new IOException("invalid data structure in certificate!", innerException);
}
}
public static CmpCertificate GetInstance(object obj)
{
if (obj is CmpCertificate)
return (CmpCertificate)obj;
if (obj is Asn1Sequence)
return new CmpCertificate(X509CertificateStructure.GetInstance(obj));
if (obj is Asn1TaggedObject)
return new CmpCertificate(AttributeCertificate.GetInstance(((Asn1TaggedObject)obj).GetObject()));
throw new ArgumentException("Invalid object: " + Platform.GetTypeName(obj), "obj");
}
public void AddAttributeCertificates(IX509Store store)
{
try
{
foreach (IX509AttributeCertificate iX509AttributeCertificate in store.GetMatches(null))
{
this._certs.Add(new DerTaggedObject(false, 2, AttributeCertificate.GetInstance(Asn1Object.FromByteArray(iX509AttributeCertificate.GetEncoded()))));
}
}
catch (Exception e)
{
throw new CmsException("error processing attribute certs", e);
}
}
} //IL_0003: Unknown result type (might be due to invalid IL or missing references)
//IL_000d: Expected O, but got Unknown
internal X509V2AttributeCertificate(AttributeCertificate cert)
{
//IL_004c: Unknown result type (might be due to invalid IL or missing references)
this.cert = cert;
try
{
notAfter = cert.ACInfo.AttrCertValidityPeriod.NotAfterTime.ToDateTime();
notBefore = cert.ACInfo.AttrCertValidityPeriod.NotBeforeTime.ToDateTime();
}
catch (global::System.Exception ex)
{
throw new IOException("invalid data structure in certificate!", ex);
}
}
private IX509AttributeCertificate GetCertificate()
{
if (this.sData != null)
{
while (this.sDataObjectCount < this.sData.Count)
{
object obj = this.sData[this.sDataObjectCount++];
if (obj is Asn1TaggedObject && ((Asn1TaggedObject)obj).TagNo == 2)
{
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false))));
}
}
}
return(null);
}
private static AttributeCertificate GetObject(Stream input)
{
try
{
return(AttributeCertificate.GetInstance(Asn1Object.FromStream(input)));
}
catch (IOException e)
{
throw e;
}
catch (Exception e)
{
throw new IOException("exception decoding certificate structure", e);
}
}
public static CmpCertificate GetInstance(object obj)
{
if (obj is CmpCertificate)
{
return((CmpCertificate)obj);
}
if (obj is Asn1Sequence)
{
return(new CmpCertificate(X509CertificateStructure.GetInstance(obj)));
}
if (obj is Asn1TaggedObject)
{
return(new CmpCertificate(AttributeCertificate.GetInstance(((Asn1TaggedObject)obj).GetObject())));
}
throw new ArgumentException("Invalid object: " + obj.GetType().Name, "obj");
}
private SignerAttribute(object obj)
{
Asn1Sequence asn1Sequence = (Asn1Sequence)obj;
DerTaggedObject derTaggedObject = (DerTaggedObject)asn1Sequence[0];
if (derTaggedObject.TagNo == 0)
{
this.claimedAttributes = Asn1Sequence.GetInstance(derTaggedObject, true);
return;
}
if (derTaggedObject.TagNo == 1)
{
this.certifiedAttributes = AttributeCertificate.GetInstance(derTaggedObject);
return;
}
throw new ArgumentException("illegal tag.", "obj");
}
public static CmpCertificate GetInstance(object obj)
{
//IL_0056: Unknown result type (might be due to invalid IL or missing references)
if (obj is CmpCertificate)
{
return((CmpCertificate)obj);
}
if (obj is Asn1Sequence)
{
return(new CmpCertificate(X509CertificateStructure.GetInstance(obj)));
}
if (obj is Asn1TaggedObject)
{
return(new CmpCertificate(AttributeCertificate.GetInstance(((Asn1TaggedObject)obj).GetObject())));
}
throw new ArgumentException("Invalid object: " + Platform.GetTypeName(obj), "obj");
}
private static AttributeCertificate GetObject(Stream input)
{
//IL_000f: Expected O, but got Unknown
//IL_0018: Unknown result type (might be due to invalid IL or missing references)
try
{
return(AttributeCertificate.GetInstance(Asn1Object.FromStream(input)));
}
catch (IOException val)
{
IOException val2 = val;
throw val2;
}
catch (global::System.Exception ex)
{
throw new IOException("exception decoding certificate structure", ex);
}
}
private static AttributeCertificate GetObject(Stream input)
{
AttributeCertificate instance;
try
{
instance = AttributeCertificate.GetInstance(Asn1Object.FromStream(input));
}
catch (IOException ex)
{
throw ex;
}
catch (Exception innerException)
{
throw new IOException("exception decoding certificate structure", innerException);
}
return(instance);
}
private SignerAttribute(object obj)
{
//IL_0050: Unknown result type (might be due to invalid IL or missing references)
Asn1Sequence asn1Sequence = (Asn1Sequence)obj;
DerTaggedObject derTaggedObject = (DerTaggedObject)asn1Sequence[0];
if (derTaggedObject.TagNo == 0)
{
claimedAttributes = Asn1Sequence.GetInstance(derTaggedObject, explicitly: true);
return;
}
if (derTaggedObject.TagNo == 1)
{
certifiedAttributes = AttributeCertificate.GetInstance(derTaggedObject);
return;
}
throw new ArgumentException("illegal tag.", "obj");
}
private IX509AttributeCertificate ReadDerCertificate(
Asn1InputStream dIn)
{
Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
if (seq.Count > 1 && seq[0] is DerObjectIdentifier)
{
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData))
{
sData = SignedData.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject)seq[1], true)).Certificates;
return(GetCertificate());
}
}
// return new X509V2AttributeCertificate(seq.getEncoded());
return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq)));
}
private SignerAttribute(
object obj)
{
Asn1Sequence seq = (Asn1Sequence)obj;
DerTaggedObject taggedObject = (DerTaggedObject)seq[0];
if (taggedObject.TagNo == 0)
{
claimedAttributes = Asn1Sequence.GetInstance(taggedObject, true);
}
else if (taggedObject.TagNo == 1)
{
certifiedAttributes = AttributeCertificate.GetInstance(taggedObject);
}
else
{
throw new ArgumentException("illegal tag.", "obj");
}
}
public static CmpCertificate GetInstance(object obj)
{
if (obj is CmpCertificate)
{
return((CmpCertificate)obj);
}
if (obj is Asn1Sequence)
{
return(new CmpCertificate(X509CertificateStructure.GetInstance(obj)));
}
if (obj is Asn1TaggedObject)
{
return(new CmpCertificate(AttributeCertificate.GetInstance(((Asn1TaggedObject)obj).GetObject())));
}
throw new ArgumentException("Invalid object: " + BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.GetTypeName(obj), "obj");
}
private IX509AttributeCertificate GetCertificate()
{
if (sData != null)
{
while (sDataObjectCount < sData.Count)
{
object obj = sData[sDataObjectCount++];
if (obj is Asn1TaggedObject && ((Asn1TaggedObject)obj).TagNo == 2)
{
//return new X509V2AttributeCertificate(
// Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false).GetEncoded());
return(new X509V2AttributeCertificate(
AttributeCertificate.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject)obj, false))));
}
}
}
return(null);
}
public void CheckAttributeCertificate(
int id,
byte[] cert)
{
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(cert);
string dump = Asn1Dump.DumpAsString(seq);
AttributeCertificate obj = AttributeCertificate.GetInstance(seq);
AttributeCertificateInfo acInfo = obj.ACInfo;
// Version
if (!(acInfo.Version.Equals(new DerInteger(1))) &&
(!(acInfo.Version.Equals(new DerInteger(2)))))
{
Fail("failed AC Version test for id " + id);
}
// Holder
Holder h = acInfo.Holder;
if (h == null)
{
Fail("failed AC Holder test, it's null, for id " + id);
}
// Issuer
AttCertIssuer aci = acInfo.Issuer;
if (aci == null)
{
Fail("failed AC Issuer test, it's null, for id " + id);
}
// Signature
AlgorithmIdentifier sig = acInfo.Signature;
if (sig == null)
{
Fail("failed AC Signature test for id " + id);
}
// Serial
DerInteger serial = acInfo.SerialNumber;
// Validity
AttCertValidityPeriod validity = acInfo.AttrCertValidityPeriod;
if (validity == null)
{
Fail("failed AC AttCertValidityPeriod test for id " + id);
}
// Attributes
Asn1Sequence attribSeq = acInfo.Attributes;
AttributeX509[] att = new AttributeX509[attribSeq.Count];
for (int i = 0; i < attribSeq.Count; i++)
{
att[i] = AttributeX509.GetInstance(attribSeq[i]);
}
// IssuerUniqueId
// TODO, how to best test?
// X509 Extensions
X509Extensions ext = acInfo.Extensions;
if (ext != null)
{
foreach (DerObjectIdentifier oid in ext.ExtensionOids)
{
X509Extension extVal = ext.GetExtension(oid);
}
}
}
public void ValidateAttributeCert()
{
if (!checkLicenseLoaded())
{
return;
}
try {
var certFileDialog = new OpenFileDialog()
{
DefaultExt = ".ac",
Filter = "X.509 attribute certificate (.ac)|*.ac"
};
if (certFileDialog.ShowDialog() != true)
{
return;
}
// Read and decode the attribute certificate
var certContent = File.ReadAllBytes(certFileDialog.FileName);
var cert = AttributeCertificate.Decode(certContent);
// If the certificate is issued without a link to its issuer (AIA extension), the validation will fail because the issuer will not be found. In this
// case, have to provide the issuer certificate when decoding the attribute certificate.
if (cert.IssuerNotFound)
{
MessageBox.Show("Could not find the issuer of the certificate. This usually happens with certificates that do not have a valid Authority Information Access (AIA) extension.\n\nTo continue, you will need to provide the .cer file of the issuer.", "Issuer not found");
var issuerFileDialog = new OpenFileDialog()
{
DefaultExt = ".cer",
Filter = "X.509 certificate|*.cer;*.crt"
};
if (issuerFileDialog.ShowDialog() != true)
{
return;
}
// Read and decode the issuer certificate
var issuerContent = File.ReadAllBytes(issuerFileDialog.FileName);
var issuerCert = PKCertificate.Decode(issuerContent);
// Re-open the attribute certificate providing the issuer certificate
cert = AttributeCertificate.Decode(certContent, new MemoryCertificateStore(new[] { issuerCert }));
}
CieStudentIdentity cieStudentIdentity = null;
if (cert.Attributes.GetOids().Contains(CieStudentIdentity.Oid))
{
cieStudentIdentity = CieStudentIdentity.Decode(cert.Attributes);
}
CieStudentData cieStudentData = null;
if (cert.Attributes.GetOids().Contains(CieStudentData.Oid))
{
cieStudentData = CieStudentData.Decode(cert.Attributes);
}
// Validate the certificate
var vr = cert.Validate(App.GetTrustArbitrator());
// Show the validation results
new ValidationResultsDialog("Attribute certificate validation results", vr).ShowDialog();
} catch (Exception ex) {
MessageBox.Show(ex.ToString(), "An error has occurred");
}
}
public SignerAttribute(
AttributeCertificate certifiedAttributes)
{
this.certifiedAttributes = certifiedAttributes;
}
/**
* Note: the addition of attribute certificates is a BC extension.
*/
public CmpCertificate(AttributeCertificate x509v2AttrCert)
{
this.x509v2AttrCert = x509v2AttrCert;
}
internal X509V2AttributeCertificate(
Asn1InputStream ais)
: this(AttributeCertificate.GetInstance(ais.ReadObject()))
{
}
