private string GetSubjectKeyIdentifier(BCX509Certificate2 certificate)
{
//SubjectKeyIdentifier ski = (certificate.Extensions["2.5.29.14"] as SubjectKeyIdentifier);
SubjectKeyIdentifier ski = SubjectKeyIdentifier.GetInstance(certificate.CertificateStructure.TbsCertificate.Extensions.GetExtension(X509Extensions.SubjectKeyIdentifier));
return((ski == null) ? String.Empty : Hex.ToHexString(ski.GetKeyIdentifier()));
}
public override void PerformTest()
{
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfo.GetInstance(
Asn1Object.FromByteArray(pubKeyInfo));
SubjectKeyIdentifier ski = SubjectKeyIdentifier.CreateSha1KeyIdentifier(pubInfo);
if (!Arrays.AreEqual(shaID, ski.GetKeyIdentifier()))
{
Fail("SHA-1 ID does not match");
}
ski = SubjectKeyIdentifier.CreateTruncatedSha1KeyIdentifier(pubInfo);
if (!Arrays.AreEqual(shaTruncID, ski.GetKeyIdentifier()))
{
Fail("truncated SHA-1 ID does not match");
}
}
/// <summary>
/// Determines whether [is the same] [the specified keyto test].
/// </summary>
/// <param name="KeytoTest">The keyto test.</param>
/// <returns></returns>
public bool IsTheSame(SubjectPublicKeyInfo KeytoTest)
{
SubjectKeyIdentifier key = SubjectKeyIdentifier.CreateSha1KeyIdentifier(KeytoTest);
if (keyIdentifier.SequenceEqual(key.GetKeyIdentifier()))
{
return(true);
}
return(false);
}
/// <summary>
/// Create SKID extension from an X509Extension
/// </summary>
/// <param name="Extension">X509 extension</param>
/// <remarks>
/// The work is done in the base class
/// </remarks>
public subjectKeyIdentifier(X509Extension Extension)
: base(Extension.IsCritical)
{
base.oid = X509Extensions.SubjectKeyIdentifier;
base.name = "SubjectKeyIdentifier";
base.displayName = "Subject Key Identifier";
SubjectKeyIdentifier skid = SubjectKeyIdentifier.GetInstance(Extension);
keyIdentifier = skid.GetKeyIdentifier();
}
/// <inheritdoc />
public override void InjectReferenceValue(X509Certificate2 value)
{
Certificate = value;
Asn1Object exValue = GetExtensionValue(value);
if (exValue == null)
{
if (IsRequired())
{
throw new PolicyRequiredException("Extention " + ExtentionIdentifier.Display + " is marked as required by is not present.");
}
PolicyValue = new PolicyValue <string>(string.Empty);
return;
}
SubjectKeyIdentifier keyId = SubjectKeyIdentifier.GetInstance(exValue);
PolicyValue = new PolicyValue <string>(PolicyUtils.CreateByteStringRep(keyId.GetKeyIdentifier()));
}
private AsymmetricKeyParameter GetSenderPublicKey(AsymmetricKeyParameter receiverPrivateKey, OriginatorIdentifierOrKey originator)
{
OriginatorPublicKey originatorPublicKey = originator.OriginatorPublicKey;
if (originatorPublicKey != null)
{
return(this.GetPublicKeyFromOriginatorPublicKey(receiverPrivateKey, originatorPublicKey));
}
OriginatorID originatorID = new OriginatorID();
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerAndSerialNumber = originator.IssuerAndSerialNumber;
if (issuerAndSerialNumber != null)
{
originatorID.Issuer = issuerAndSerialNumber.Name;
originatorID.SerialNumber = issuerAndSerialNumber.SerialNumber.Value;
}
else
{
SubjectKeyIdentifier subjectKeyIdentifier = originator.SubjectKeyIdentifier;
originatorID.SubjectKeyIdentifier = subjectKeyIdentifier.GetKeyIdentifier();
}
return(this.GetPublicKeyFromOriginatorID(originatorID));
}
private CertificateUrlTemplateBindModel BuildUrlTemplateBindModel(
string name,
string subject,
string issuer,
SubjectKeyIdentifier keyId,
AuthorityKeyIdentifier issuerId,
BigInteger serialNumber,
DateTime notBefore,
DateTime notAfter)
{
string idSubject = Hex.ToHexString(new BigInteger(keyId.GetKeyIdentifier()).ToByteArray());
string idIssuer = Hex.ToHexString(new BigInteger(issuerId.GetKeyIdentifier()).ToByteArray());
return(new CertificateUrlTemplateBindModel(
name,
subject,
issuer,
idSubject,
idIssuer,
serialNumber.ToString(),
notBefore,
notAfter));
}
public BCX509CertificateCollection Find(BCX509FindType findType, object findValue, bool validOnly)
{
if (findValue == null)
{
throw new ArgumentNullException("findValue");
}
string str = String.Empty;
DerObjectIdentifier oid = null;
string oidStr = String.Empty;
KeyUsage ku = new KeyUsage(0);
DateTime dt = DateTime.MinValue;
switch (findType)
{
case BCX509FindType.FindByThumbprint:
case BCX509FindType.FindBySubjectName:
case BCX509FindType.FindBySubjectDistinguishedName:
case BCX509FindType.FindByIssuerName:
case BCX509FindType.FindByIssuerDistinguishedName:
case BCX509FindType.FindBySerialNumber:
case BCX509FindType.FindByTemplateName:
case BCX509FindType.FindBySubjectKeyIdentifier:
try
{
str = (string)findValue;
}
catch (Exception e)
{
string msg = String.Format("Invalid find value type '{0}', expected '{1}'.", findValue.GetType(), "string");
throw new CryptographicException(msg, e);
}
break;
case BCX509FindType.FindByApplicationPolicy:
case BCX509FindType.FindByCertificatePolicy:
case BCX509FindType.FindByExtension:
try
{
oidStr = (string)findValue;
}
catch (Exception e)
{
string msg = String.Format("Invalid find value type '{0}', expected '{1}'.", findValue.GetType(), "X509KeyUsageFlags");
throw new CryptographicException(msg, e);
}
// OID validation
try
{
oid = new DerObjectIdentifier(oidStr);
}
catch (FormatException)
{
string msg = String.Format("Invalid OID value '{0}'.", oidStr);
throw new ArgumentException("findValue", msg);
}
break;
case BCX509FindType.FindByKeyUsage:
try
{
ku = new KeyUsage((int)findValue);
}
catch (Exception e)
{
string msg = String.Format("Invalid find value type '{0}', expected '{1}'.", findValue.GetType(), "X509KeyUsageFlags");
throw new CryptographicException(msg, e);
}
break;
case BCX509FindType.FindByTimeValid:
case BCX509FindType.FindByTimeNotYetValid:
case BCX509FindType.FindByTimeExpired:
try
{
dt = (DateTime)findValue;
}
catch (Exception e)
{
string msg = String.Format("Invalid find value type '{0}', expected '{1}'.", findValue.GetType(), "X509DateTime");
throw new CryptographicException(msg, e);
}
break;
default:
{
string msg = String.Format("Invalid find type '{0}'.", findType);
throw new CryptographicException(msg);
}
}
CultureInfo cinv = CultureInfo.InvariantCulture;
BCX509CertificateCollection results = new BCX509CertificateCollection();
foreach (BCX509Certificate2 x in InnerList)
{
bool value_match = false;
switch (findType)
{
case BCX509FindType.FindByThumbprint:
// works with Thumbprint, GetCertHashString in both normal (upper) and lower case
value_match = ((String.Compare(str, Hex.ToHexString(x.GetSignature()), true, cinv) == 0) || (String.Compare(str, DotNetUtilities.ToX509Certificate(x).GetCertHashString(), true, cinv) == 0));
break;
case BCX509FindType.FindBySubjectName:
{
string[] names = x.SubjectDN.ToString().Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (string name in names)
{
int pos = name.IndexOf('=');
value_match = (name.IndexOf(str, pos, StringComparison.InvariantCultureIgnoreCase) >= 0);
if (value_match)
{
break;
}
}
break;
}
case BCX509FindType.FindBySubjectDistinguishedName:
value_match = (String.Compare(str, x.SubjectDN.ToString(), true, cinv) == 0);
break;
case BCX509FindType.FindByIssuerName:
{
//string iname = x.GetNameInfo (X509NameType.SimpleName, true);
//value_match = (iname.IndexOf (str, StringComparison.InvariantCultureIgnoreCase) >= 0);
string[] names = x.IssuerDN.ToString().Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (string name in names)
{
int pos = name.IndexOf('=');
value_match = (name.IndexOf(str, pos, StringComparison.InvariantCultureIgnoreCase) >= 0);
if (value_match)
{
break;
}
}
}
break;
case BCX509FindType.FindByIssuerDistinguishedName:
value_match = (String.Compare(str, x.IssuerDN.ToString(), true, cinv) == 0);
break;
case BCX509FindType.FindBySerialNumber:
value_match = (String.Compare(str, x.SerialNumber.ToString(), true, cinv) == 0);
break;
case BCX509FindType.FindByTemplateName:
// TODO - find a valid test case
break;
case BCX509FindType.FindBySubjectKeyIdentifier:
SubjectKeyIdentifier ski = SubjectKeyIdentifier.GetInstance(x.CertificateStructure.TbsCertificate.Extensions.GetExtension(X509Extensions.SubjectKeyIdentifier));
if (ski != null)
{
value_match = (String.Compare(str, Hex.ToHexString(ski.GetKeyIdentifier()), true, cinv) == 0);
}
break;
case BCX509FindType.FindByApplicationPolicy:
// note: include when no extensions are present (even if v3)
value_match = (x.GetCriticalExtensionOids().Count == 0 && x.GetNonCriticalExtensionOids().Count == 0);
// TODO - find test case with extension
break;
case BCX509FindType.FindByCertificatePolicy:
// TODO - find test case with extension
break;
case BCX509FindType.FindByExtension:
value_match = (x.GetExtensionValue(oid) != null);
break;
case BCX509FindType.FindByKeyUsage:
KeyUsage kue = KeyUsage.GetInstance(x.CertificateStructure.TbsCertificate.Extensions.GetExtension(X509Extensions.KeyUsage));
if (kue == null)
{
// key doesn't have any hard coded limitations
// note: MS doesn't check for ExtendedKeyUsage
value_match = true;
}
else
{
value_match = ((kue.IntValue & ku.IntValue) == ku.IntValue);
}
break;
case BCX509FindType.FindByTimeValid:
value_match = ((dt >= x.NotBefore) && (dt <= x.NotAfter));
break;
case BCX509FindType.FindByTimeNotYetValid:
value_match = (dt < x.NotBefore);
break;
case BCX509FindType.FindByTimeExpired:
value_match = (dt > x.NotAfter);
break;
}
if (!value_match)
{
continue;
}
if (validOnly)
{
try
{
x.Verify(x.GetPublicKey());
results.Add(x);
}
catch
{
}
}
else
{
results.Add(x);
}
}
return(results);
}
