public Attribute(
DERObjectIdentifier attrType,
ASN1Set attrValues)
{
this.attrType = attrType;
this.attrValues = attrValues;
}
public EnvelopedData(
OriginatorInfo originatorInfo,
ASN1Set recipientInfos,
EncryptedContentInfo encryptedContentInfo,
ASN1Set unprotectedAttrs)
{
if (originatorInfo != null || unprotectedAttrs != null)
{
version = new DERInteger(2);
}
else
{
version = new DERInteger(0);
IEnumerator e = recipientInfos.getObjects();
while (e.MoveNext())
{
RecipientInfo ri = RecipientInfo.getInstance(e.Current);
if (!ri.getVersion().Equals(version))
{
version = new DERInteger(2);
break;
}
}
}
this.originatorInfo = originatorInfo;
this.recipientInfos = recipientInfos;
this.encryptedContentInfo = encryptedContentInfo;
this.unprotectedAttrs = unprotectedAttrs;
}
/**
* Constructs an X509 name
* @param seq an ASN1 Sequence
*/
public X509Name(ASN1Sequence seq)
{
IEnumerator e = seq.getObjects();
while (e.MoveNext())
{
ASN1Set sett = (ASN1Set)e.Current;
for (int i = 0; i < sett.size(); i++)
{
ASN1Sequence s = (ASN1Sequence)sett.getObjectAt(i);
String id = (String)DefaultSymbols[s.getObjectAt(0)];
if (id == null)
{
continue;
}
ArrayList vs = (ArrayList)values[id];
if (vs == null)
{
vs = new ArrayList();
values[id] = vs;
}
vs.Add(((DERString)s.getObjectAt(1)).getString());
}
}
}
public OriginatorInfo(
ASN1Sequence seq)
{
switch (seq.size())
{
case 0: // empty
break;
case 1:
ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0);
switch ((int)o.getTagNo())
{
case 0:
certs = ASN1Set.getInstance(o, false);
break;
case 1:
crls = ASN1Set.getInstance(o, false);
break;
default:
throw new ArgumentException("Bad tag in OriginatorInfo: " + o.getTagNo());
}
break;
case 2:
certs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(0), false);
crls = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false);
break;
default:
throw new ArgumentException("OriginatorInfo too big");
}
}
public OriginatorInfo(
ASN1Set certs,
ASN1Set crls)
{
this.certs = certs;
this.crls = crls;
}
public SafeBag(
DERObjectIdentifier oid,
ASN1Object obj)
{
this.bagId = oid;
this.bagValue = obj;
this.bagAttributes = null;
}
public SafeBag(
DERObjectIdentifier oid,
ASN1Object obj,
ASN1Set bagAttributes)
{
this.bagId = oid;
this.bagValue = obj;
this.bagAttributes = bagAttributes;
}
public SafeBag(
ASN1Sequence seq)
{
this.bagId = (DERObjectIdentifier)seq.getObjectAt(0);
this.bagValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject();
if (seq.size() == 3)
{
this.bagAttributes = (ASN1Set)seq.getObjectAt(2);
}
}
public AttributeTable(
ASN1Set s)
{
for (int i = 0; i != s.size(); i++)
{
Attribute a = Attribute.getInstance(s.getObjectAt(i));
attributes.Add(a.getAttrType(), a);
}
}
/// <summary>
/// Instanciate a PKCS10CertificationRequest object with the necessary credentials.
/// </summary>
///<param name="signatureAlgorithm">Name of Sig Alg.</param>
/// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param>
/// <param name="key">Public Key to be included in cert reqest.</param>
/// <param name="attributes">ASN1Set of Attributes.</param>
/// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param>
public PKCS10CertificationRequest(String signatureAlgorithm,
X509Name subject,
AsymmetricKeyParameter key,
ASN1Set attributes,
AsymmetricKeyParameter signingKey)
{
DERObjectIdentifier sigOID = SignerUtil.getObjectIdentifier(signatureAlgorithm.ToUpper());
if (sigOID == null)
{
throw new ArgumentException("Unknown signature type requested");
}
if (subject == null)
{
throw new ArgumentException("subject must not be null");
}
if (key == null)
{
throw new ArgumentException("public key must not be null");
}
this.sigAlgId = new AlgorithmIdentifier(sigOID, null);
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(key);
this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
Signer sig = null;
// Create appropriate Signature.
sig = SignerUtil.getSigner(sigAlgId.getObjectId());
sig.init(true, signingKey);
// Encode.
MemoryStream mStr = new MemoryStream();
DEROutputStream derOut = new DEROutputStream(mStr);
derOut.writeObject(reqInfo);
// Sign
byte[] b = mStr.ToArray();
sig.update(b, 0, b.Length);
// Generate Signature.
sigBits = new DERBitString(sig.generateSignature());
}
public CertificationRequestInfo(
X509Name subject,
SubjectPublicKeyInfo pkInfo,
ASN1Set attributes)
{
this.subject = subject;
this.subjectPKInfo = pkInfo;
this.attributes = attributes;
if ((subject == null) || (version == null) || (subjectPKInfo == null))
{
throw new ArgumentException("Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
public DistributionPointName(
ASN1TaggedObject obj)
{
this.type = obj.getTagNo();
if (type == FULL_NAME)
{
this.name = GeneralNames.getInstance(obj, false);
}
else
{
this.name = ASN1Set.getInstance(obj, false);
}
}
public SignedData(
DERInteger _version,
ASN1Set _digestAlgorithms,
ContentInfo _contentInfo,
ASN1Set _certificates,
ASN1Set _crls,
ASN1Set _signerInfos)
{
version = _version;
digestAlgorithms = _digestAlgorithms;
contentInfo = _contentInfo;
certificates = _certificates;
crls = _crls;
signerInfos = _signerInfos;
}
public SignedData(
ASN1Sequence seq)
{
IEnumerator e = seq.getObjects();
e.MoveNext();
version = (DERInteger)e.Current;
e.MoveNext();
digestAlgorithms = ((ASN1Set)e.Current);
e.MoveNext();
contentInfo = ContentInfo.getInstance(e.Current);
while (e.MoveNext())
{
ASN1Object o = (ASN1Object)e.Current;
//
// an interesting feature of SignedData is that there appear
// to be varying implementations...
// for the moment we ignore anything which doesn't fit.
//
if (o is ASN1TaggedObject)
{
ASN1TaggedObject tagged = (ASN1TaggedObject)o;
switch ((int)tagged.getTagNo())
{
case 0:
certBer = tagged is BERTaggedObject;
certificates = ASN1Set.getInstance(tagged, false);
break;
case 1:
crlsBer = tagged is BERTaggedObject;
crls = ASN1Set.getInstance(tagged, false);
break;
default:
throw new ArgumentException("unknown tag value " + tagged.getTagNo());
}
}
else
{
signerInfos = (ASN1Set)o;
}
}
}
public SignerInfo(
DERInteger version,
IssuerAndSerialNumber issuerAndSerialNumber,
AlgorithmIdentifier digAlgorithm,
ASN1Set authenticatedAttributes,
AlgorithmIdentifier digEncryptionAlgorithm,
ASN1OctetString encryptedDigest,
ASN1Set unauthenticatedAttributes)
{
this.version = version;
this.issuerAndSerialNumber = issuerAndSerialNumber;
this.digAlgorithm = digAlgorithm;
this.authenticatedAttributes = authenticatedAttributes;
this.digEncryptionAlgorithm = digEncryptionAlgorithm;
this.encryptedDigest = encryptedDigest;
this.unauthenticatedAttributes = unauthenticatedAttributes;
}
public SignedData(
ASN1Set digestAlgorithms,
ContentInfo contentInfo,
ASN1Set certificates,
ASN1Set crls,
ASN1Set signerInfos)
{
if (contentInfo.getContentType().Equals(CMSObjectIdentifiers.data))
{
//
// we should also be looking for attribute certificates here,
// later.
//
IEnumerator e = signerInfos.getObjects();
bool v3Found = false;
while (e.MoveNext())
{
SignerInfo s = SignerInfo.getInstance(e.Current);
if (s.getVersion().getValue().intValue() == 3)
{
v3Found = true;
}
}
if (v3Found)
{
this.version = new DERInteger(3);
}
else
{
this.version = new DERInteger(1);
}
}
else
{
this.version = new DERInteger(3);
}
this.digestAlgorithms = digestAlgorithms;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.crls = crls;
this.signerInfos = signerInfos;
}
/**
* Constructor from ASN1Sequence
*
* the principal will be a list of constructed sets, each containing an (OID, String) pair.
*/
public X509Name(
ASN1Sequence seq)
{
this.seq = seq;
IEnumerator e = seq.getObjects();
while (e.MoveNext())
{
ASN1Set set = (ASN1Set)e.Current;
for (int i = 0; i < set.size(); i++)
{
ASN1Sequence s = (ASN1Sequence)set.getObjectAt(i);
ordering.Add(s.getObjectAt(0));
values.Add(((DERString)s.getObjectAt(1)).getString());
added.Add(i != 0);
}
}
}
public SignerInfo(
ASN1Sequence seq)
{
IEnumerator e = seq.getObjects();
e.MoveNext();
version = (DERInteger)e.Current;
e.MoveNext();
issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(e.Current);
e.MoveNext();
digAlgorithm = AlgorithmIdentifier.getInstance(e.Current);
e.MoveNext();
object obj = e.Current;
if (obj is ASN1TaggedObject)
{
authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false);
e.MoveNext();
digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.Current);
}
else
{
authenticatedAttributes = null;
digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj);
}
e.MoveNext();
encryptedDigest = DEROctetString.getInstance(e.Current);
if (e.MoveNext())
{
unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.Current, false);
}
else
{
unauthenticatedAttributes = null;
}
}
public CertificationRequestInfo(
ASN1Sequence seq)
{
version = (DERInteger)seq.getObjectAt(0);
subject = X509Name.getInstance(seq.getObjectAt(1));
subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2));
//
// some CertificationRequestInfo objects seem to treat this field
// as optional.
//
if (seq.size() > 3)
{
DERTaggedObject tagobj = (DERTaggedObject)seq.getObjectAt(3);
attributes = ASN1Set.getInstance(tagobj, false);
}
if ((subject == null) || (version == null) || (subjectPKInfo == null))
{
throw new ArgumentException("Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
public SignerInfo(
SignerIdentifier sid,
AlgorithmIdentifier digAlgorithm,
ASN1Set authenticatedAttributes,
AlgorithmIdentifier digEncryptionAlgorithm,
ASN1OctetString encryptedDigest,
ASN1Set unauthenticatedAttributes)
{
if (sid.isTagged())
{
this.version = new DERInteger(3);
}
else
{
this.version = new DERInteger(1);
}
this.sid = sid;
this.digAlgorithm = digAlgorithm;
this.authenticatedAttributes = authenticatedAttributes;
this.digEncryptionAlgorithm = digEncryptionAlgorithm;
this.encryptedDigest = encryptedDigest;
this.unauthenticatedAttributes = unauthenticatedAttributes;
}
public EnvelopedData(
ASN1Sequence seq)
{
int index = 0;
version = (DERInteger)seq.getObjectAt(index++);
Object tmp = seq.getObjectAt(index++);
if (tmp is ASN1TaggedObject)
{
originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false);
tmp = seq.getObjectAt(index++);
}
recipientInfos = ASN1Set.getInstance(tmp);
encryptedContentInfo = EncryptedContentInfo.getInstance(seq.getObjectAt(index++));
if (seq.size() > index)
{
unprotectedAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false);
}
}
/**
* Verifies a signature using the sub-filter adbe.pkcs7.detached or
* adbe.pkcs7.sha1.
* @param contentsKey the /Contents key
* @param provider the provider or <code>null</code> for the default provider
* @throws SecurityException on error
* @throws CRLException on error
* @throws InvalidKeyException on error
* @throws CertificateException on error
* @throws NoSuchProviderException on error
* @throws NoSuchAlgorithmException on error
*/
public PdfPKCS7(byte[] contentsKey)
{
ASN1InputStream din = new ASN1InputStream(new MemoryStream(contentsKey));
//
// Basic checks to make sure it's a PKCS#7 SignedData Object
//
ASN1Object pkcs;
try {
pkcs = din.readObject();
}
catch {
throw new ArgumentException("can't decode PKCS7SignedData object");
}
if (!(pkcs is ASN1Sequence))
{
throw new ArgumentException("Not a valid PKCS#7 object - not a sequence");
}
ASN1Sequence signedData = (ASN1Sequence)pkcs;
DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0);
if (!objId.getId().Equals(ID_PKCS7_SIGNED_DATA))
{
throw new ArgumentException("Not a valid PKCS#7 object - not signed data");
}
ASN1Sequence content = (ASN1Sequence)((DERTaggedObject)signedData.getObjectAt(1)).getObject();
// the positions that we care are:
// 0 - version
// 1 - digestAlgorithms
// 2 - possible ID_PKCS7_DATA
// (the certificates and crls are taken out by other means)
// last - signerInfos
// the version
version = ((DERInteger)content.getObjectAt(0)).getValue().intValue();
// the digestAlgorithms
digestalgos = new Hashtable();
IEnumerator e = ((ASN1Set)content.getObjectAt(1)).getObjects();
while (e.MoveNext())
{
ASN1Sequence s = (ASN1Sequence)e.Current;
DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0);
digestalgos[o.getId()] = null;
}
// the certificates and crls
X509CertificateParser cf = new X509CertificateParser(contentsKey);
certs = new ArrayList();
while (true)
{
X509Certificate cc = cf.ReadCertificate();
if (cc == null)
{
break;
}
certs.Add(cc);
}
crls = new ArrayList();
// the possible ID_PKCS7_DATA
ASN1Sequence rsaData = (ASN1Sequence)content.getObjectAt(2);
if (rsaData.size() > 1)
{
DEROctetString rsaDataContent = (DEROctetString)((DERTaggedObject)rsaData.getObjectAt(1)).getObject();
RSAdata = rsaDataContent.getOctets();
}
// the signerInfos
int next = 3;
while (content.getObjectAt(next) is DERTaggedObject)
{
++next;
}
ASN1Set signerInfos = (ASN1Set)content.getObjectAt(next);
if (signerInfos.size() != 1)
{
throw new ArgumentException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
}
ASN1Sequence signerInfo = (ASN1Sequence)signerInfos.getObjectAt(0);
// the positions that we care are
// 0 - version
// 1 - the signing certificate serial number
// 2 - the digest algorithm
// 3 or 4 - digestEncryptionAlgorithm
// 4 or 5 - encryptedDigest
signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue();
// Get the signing certificate
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1);
BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue();
foreach (X509Certificate cert in certs)
{
if (serialNumber.Equals(cert.getSerialNumber()))
{
signCert = cert;
break;
}
}
if (signCert == null)
{
throw new ArgumentException("Can't find signing certificate with serial " + serialNumber.ToString(16));
}
digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
next = 3;
if (signerInfo.getObjectAt(next) is ASN1TaggedObject)
{
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Sequence sseq = (ASN1Sequence)tagsig.getObject();
MemoryStream bOut = new MemoryStream();
ASN1OutputStream dout = new ASN1OutputStream(bOut);
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
for (int k = 0; k < sseq.size(); ++k)
{
attribute.add(sseq.getObjectAt(k));
}
dout.writeObject(new DERSet(attribute));
dout.Close();
}
catch (IOException) {}
sigAttr = bOut.ToArray();
for (int k = 0; k < sseq.size(); ++k)
{
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().Equals(ID_MESSAGE_DIGEST))
{
ASN1Set sset = (ASN1Set)seq2.getObjectAt(1);
digestAttr = ((DEROctetString)sset.getObjectAt(0)).getOctets();
break;
}
}
if (digestAttr == null)
{
throw new ArgumentException("Authenticated attribute is missing the digest.");
}
++next;
}
digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digest = ((DEROctetString)signerInfo.getObjectAt(next)).getOctets();
if (RSAdata != null || digestAttr != null)
{
messageDigest = GetHashClass();
}
sig = SignerUtil.getSigner(GetDigestAlgorithm());
sig.init(false, signCert.getPublicKey());
}
public Attribute(
ASN1Sequence seq)
{
attrType = (DERObjectIdentifier)seq.getObjectAt(0);
attrValues = (ASN1Set)seq.getObjectAt(1);
}
public PKCS12Store(
Stream input,
char[] password)
{
if (password == null)
{
throw new ArgumentException("No password supplied for PKCS12Store.");
}
ASN1InputStream bIn = new ASN1InputStream(input);
ASN1Sequence obj = (ASN1Sequence)bIn.readObject();
Pfx bag = new Pfx(obj);
ContentInfo info = bag.getAuthSafe();
ArrayList chain = new ArrayList();
bool unmarkedKey = false;
if (bag.getMacData() != null) // check the mac code
{
MemoryStream bOut = new MemoryStream();
BEROutputStream berOut = new BEROutputStream(bOut);
MacData mData = bag.getMacData();
DigestInfo dInfo = mData.getMac();
AlgorithmIdentifier algId = dInfo.getAlgorithmId();
byte[] salt = mData.getSalt();
int itCount = mData.getIterationCount().intValue();
berOut.writeObject(info);
byte[] data = ((ASN1OctetString)info.getContent()).getOctets();
try
{
ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(algId.getObjectId(), mData.getSalt(), mData.getIterationCount().intValue());
CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, parameters);
Mac mac = (Mac)PBEUtil.createEngine(algId.getObjectId());
mac.init(keyParameters);
mac.update(data, 0, data.Length);
byte[] res = new byte[mac.getMacSize()];
mac.doFinal(res, 0);
byte[] dig = dInfo.getDigest();
if (res.Length != dig.Length)
{
throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
for (int i = 0; i != res.Length; i++)
{
if (res[i] != dig[i])
{
throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
}
}
catch (Exception e)
{
throw new Exception("error constructing MAC: " + e.Message);
}
}
keys = new Hashtable();
localIds = new Hashtable();
if (info.getContentType().Equals(PKCSObjectIdentifiers.data))
{
bIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)info.getContent()).getOctets()));
AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject());
ContentInfo[] c = authSafe.getContentInfo();
for (int i = 0; i != c.Length; i++)
{
if (c[i].getContentType().Equals(PKCSObjectIdentifiers.data))
{
ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)c[i].getContent()).getOctets()));
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
for (int j = 0; j != seq.size(); j++)
{
SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
String alias = null;
ASN1OctetString localId = null;
if (b.getBagAttributes() != null)
{
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
}
if (localId != null)
{
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else
{
unmarkedKey = true;
keys.Add("unmarked", privKey);
}
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
{
chain.Add(b);
}
else
{
Console.WriteLine("extra " + b.getBagId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
}
}
}
else if (c[i].getContentType().Equals(PKCSObjectIdentifiers.encryptedData))
{
EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent());
ASN1Sequence seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password);
for (int j = 0; j != seq.size(); j++)
{
SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
{
chain.Add(b);
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
String alias = null;
ASN1OctetString localId = null;
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.keyBag))
{
PrivateKeyInfo pIn = PrivateKeyInfo.getInstance(b.getBagValue());
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(pIn);
//
// set the attributes on the key
//
String alias = null;
ASN1OctetString localId = null;
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else
{
Console.WriteLine("extra " + b.getBagId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
}
}
}
else
{
Console.WriteLine("extra " + c[i].getContentType().getId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(c[i].getContent()));
}
}
}
certs = new Hashtable();
chainCerts = new Hashtable();
keyCerts = new Hashtable();
for (int i = 0; i != chain.Count; i++)
{
SafeBag b = (SafeBag)chain[i];
CertBag cb = new CertBag((ASN1Sequence)b.getBagValue());
X509Certificate cert = new X509Certificate(((ASN1OctetString)cb.getCertValue()).getOctets());
//
// set the attributes
//
Hashtable attributes = new Hashtable();
X509CertificateEntry pkcs12cert = new X509CertificateEntry(cert, attributes);
ASN1OctetString localId = null;
String alias = null;
if (b.getBagAttributes() != null)
{
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
if (attrSet.size() > 0)
{
ASN1Encodable attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
}
}
chainCerts.Add(new CertId(cert.getPublicKey()), pkcs12cert);
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
String name = byteArrayToString(Hex.encode(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getPublicKey())).getKeyIdentifier()));
keyCerts.Add(name, pkcs12cert);
keys.Add(name, keys["unmarked"]);
keys.Remove("unmarked");
}
}
else
{
if (alias == null)
{
if (localId != null)
{
String name = byteArrayToString(Hex.encode(localId.getOctets()));
keyCerts.Add(name, pkcs12cert);
}
}
else
{
certs.Add(alias, pkcs12cert);
}
}
}
}
