private static ASN1Object GetValidity(X509Validity validity)
{
return(new ASN1Sequence(new[]
{
new ASN1UTCTime(validity.NotBefore),
new ASN1UTCTime(validity.NotAfter),
}));
}
public X509Certificate(byte?version, BigInteger serialNumber, X509Validity validity,
X509Name issuer, X509Name subject, X509AlgorithmIdentifier subjectPublicKeyAlgorithm, PublicKey subjectPublicKey,
X509AlgorithmIdentifier signatureAlgorithm, BitArray signature, IEnumerable <X509Extension> extensions)
{
Version = version;
SerialNumber = serialNumber;
Validity = validity;
SignatureAlgorithm = signatureAlgorithm;
Signature = signature;
Issuer = issuer;
Subject = subject;
SubjectPublicKeyAlgorithm = subjectPublicKeyAlgorithm;
SubjectPublicKey = subjectPublicKey;
Extensions = extensions.ToList();
}
public X509Certificate(byte version, BigInteger serialNumber, X509Validity validity,
X509Name issuer, X509Name subject, X509AlgorithmIdentifier subjectPublicKeyAlgorithm, PublicKey subjectPublicKey,
X509AlgorithmIdentifier signatureAlgorithm, BitArray signature, IEnumerable<X509Extension> extensions)
{
Version = version;
SerialNumber = serialNumber;
Validity = validity;
SignatureAlgorithm = signatureAlgorithm;
Signature = signature;
Issuer = issuer;
Subject = subject;
SubjectPublicKeyAlgorithm = subjectPublicKeyAlgorithm;
SubjectPublicKey = subjectPublicKey;
Extensions = extensions.ToList();
}
private ASN1Object GetValidity(X509Validity validity)
{
return new ASN1Sequence(new[]
{
new ASN1UTCTime(validity.NotBefore),
new ASN1UTCTime(validity.NotAfter),
});
}
private X509Certificate ReadFromASN1(ASN1Object asn1)
{
var root = ToSeq(asn1, 3, 3);
// TBSCert
var tbsCertSeq = ToSeq(GetElement(root, 0), 6, 10);
var tbsOffset = 0;
byte?version = null;
if (tbsCertSeq.Elements[0] is ASN1Tagged)
{
SecurityAssert.Assert(tbsCertSeq.Elements.Count >= 7);
var taggedVersion = GetElement <ASN1Tagged>(tbsCertSeq, tbsOffset++);
SecurityAssert.Assert(taggedVersion.Tag == 0 && taggedVersion.Count == 1);
var versionInt = GetElement <ASN1Integer>(taggedVersion, 0);
SecurityAssert.Assert(versionInt.Value >= 0 && versionInt.Value <= 2);
version = (byte)(versionInt.Value + 1);
}
var serialNumber = GetElement <ASN1Integer>(tbsCertSeq, tbsOffset++).Value;
SecurityAssert.Assert(serialNumber >= 0);
var signatureAlgorithm = X509AlgorithmIdentifier.FromObject(GetElement(tbsCertSeq, tbsOffset++));
var issuer = ReadName(GetElement(tbsCertSeq, tbsOffset++));
var validitySeq = ToSeq(GetElement(tbsCertSeq, tbsOffset++), 2, 2);
var notBefore = GetElement(validitySeq, 0).GetTime();
var notAfter = GetElement(validitySeq, 1).GetTime();
var validity = new X509Validity(notBefore, notAfter);
var subject = ReadName(GetElement(tbsCertSeq, tbsOffset++));
var subjectPublicKeyInfo = ToSeq(GetElement(tbsCertSeq, tbsOffset++), 2, 2);
var subjectPublicKeyAlgorithm = X509AlgorithmIdentifier.FromObject(GetElement(subjectPublicKeyInfo, 0));
var subjectPublicKeyBits = GetElement <ASN1BitString>(subjectPublicKeyInfo, 1).Value;
var subjectPublicKey = _keyReaderRegistry.Resolve(subjectPublicKeyAlgorithm.Algorithm).ReadPublicKey(subjectPublicKeyAlgorithm, subjectPublicKeyBits);
var extensions = new List <X509Extension>();
if (version >= 2)
{
//TODO issuerUniqueID
//TODO subjectUniqueID
}
if (version >= 3)
{
var extensionsOffset = 7;
while (true)
{
if (extensionsOffset >= tbsCertSeq.Count)
{
break;
}
var obj = GetElement(tbsCertSeq, extensionsOffset++);
var tagged = obj as ASN1Tagged;
if (tagged == null || tagged.Tag != 3)
{
continue;
}
SecurityAssert.Assert(tagged.Count == 1);
var extensionsSeq = ToSeq(tagged.Elements[0]);
extensions = ReadExtensions(extensionsSeq);
break;
}
}
// TODO check root[1] == signature
// TODO read & store signature
var signature = GetElement <ASN1BitString>(root, 2).Value;
return(new X509Certificate(version, serialNumber, validity, issuer, subject, subjectPublicKeyAlgorithm, subjectPublicKey, signatureAlgorithm, signature, extensions));
}
