public AttributeCertificateInfo GenerateAttributeCertificateInfo() { if ((serialNumber == null) || (signature == null) || (issuer == null) || (startDate == null) || (endDate == null) || (holder == null) || (attributes == null)) { throw new InvalidOperationException("not all mandatory fields set in V2 AttributeCertificateInfo generator"); } Asn1EncodableVector v = new Asn1EncodableVector( version, holder, issuer, signature, serialNumber); // // before and after dates => AttCertValidityPeriod // v.Add(new AttCertValidityPeriod(startDate, endDate)); // Attributes v.Add(new DerSequence(attributes)); if (issuerUniqueID != null) { v.Add(issuerUniqueID); } if (extensions != null) { v.Add(extensions); } return AttributeCertificateInfo.GetInstance(new DerSequence(v)); }
/** * Constructor for elliptic curves over binary fields * <code>F<sub>2<sup>m</sup></sub></code>. * @param m The exponent <code>m</code> of * <code>F<sub>2<sup>m</sup></sub></code>. * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> + * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code> * represents the reduction polynomial <code>f(z)</code>. * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> + * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code> * represents the reduction polynomial <code>f(z)</code>. * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> + * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code> * represents the reduction polynomial <code>f(z)</code>.. */ public X9FieldID( int m, int k1, int k2, int k3) { this.id = X9ObjectIdentifiers.CharacteristicTwoField; Asn1EncodableVector fieldIdParams = new Asn1EncodableVector(new DerInteger(m)); if(k2 == 0) { if(k3 != 0) throw new ArgumentException("inconsistent k values"); fieldIdParams.Add( X9ObjectIdentifiers.TPBasis, new DerInteger(k1)); } else { if(k2 <= k1 || k3 <= k2) throw new ArgumentException("inconsistent k values"); fieldIdParams.Add( X9ObjectIdentifiers.PPBasis, new DerSequence( new DerInteger(k1), new DerInteger(k2), new DerInteger(k3))); } this.parameters = new DerSequence(fieldIdParams); }
private void AddOptional(Asn1EncodableVector v, int tagNo, Asn1Encodable obj) { if (obj != null) { v.Add(new DerTaggedObject(true, tagNo, obj)); } }
private static Asn1EncodableVector ConvertVector(IList numbers) { Asn1EncodableVector av = new Asn1EncodableVector(); foreach (object o in numbers) { DerInteger di; if (o is BigInteger) { di = new DerInteger((BigInteger)o); } else if (o is int) { di = new DerInteger((int)o); } else { throw new ArgumentException(); } av.Add(di); } return av; }
/** * Constructor for elliptic curves over binary fields * <code>F<sub>2<sup>m</sup></sub></code>. * @param m The exponent <code>m</code> of * <code>F<sub>2<sup>m</sup></sub></code>. * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> + * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code> * represents the reduction polynomial <code>f(z)</code>. * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> + * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code> * represents the reduction polynomial <code>f(z)</code>. * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> + * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code> * represents the reduction polynomial <code>f(z)</code>.. */ public X9FieldID( int m, int k1, int k2, int k3) { this.id = X9ObjectIdentifiers.CharacteristicTwoField; Asn1EncodableVector fieldIdParams = new Asn1EncodableVector(new DerInteger(m)); if (k2 == 0) { fieldIdParams.Add( X9ObjectIdentifiers.TPBasis, new DerInteger(k1)); } else { fieldIdParams.Add( X9ObjectIdentifiers.PPBasis, new DerSequence( new DerInteger(k1), new DerInteger(k2), new DerInteger(k3))); } this.parameters = new DerSequence(fieldIdParams); }
/** * <pre> * Challenge ::= SEQUENCE { * owf AlgorithmIdentifier OPTIONAL, * * -- MUST be present in the first Challenge; MAY be omitted in * -- any subsequent Challenge in POPODecKeyChallContent (if * -- omitted, then the owf used in the immediately preceding * -- Challenge is to be used). * * witness OCTET STRING, * -- the result of applying the one-way function (owf) to a * -- randomly-generated INTEGER, A. [Note that a different * -- INTEGER MUST be used for each Challenge.] * challenge OCTET STRING * -- the encryption (under the public key for which the cert. * -- request is being made) of Rand, where Rand is specified as * -- Rand ::= SEQUENCE { * -- int INTEGER, * -- - the randomly-generated INTEGER A (above) * -- sender GeneralName * -- - the sender's name (as included in PKIHeader) * -- } * } * </pre> * @return a basic ASN.1 object representation. */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); v.AddOptional(owf); v.Add(witness); v.Add(challenge); return new DerSequence(v); }
/** * <pre> * OobCertHash ::= SEQUENCE { * hashAlg [0] AlgorithmIdentifier OPTIONAL, * certId [1] CertId OPTIONAL, * hashVal BIT STRING * -- hashVal is calculated over the Der encoding of the * -- self-signed certificate with the identifier certID. * } * </pre> * @return a basic ASN.1 object representation. */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); AddOptional(v, 0, hashAlg); AddOptional(v, 1, certId); v.Add(hashVal); return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * OcspRequest ::= Sequence { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(tbsRequest); if (optionalSignature != null) { v.Add(new DerTaggedObject(true, 0, optionalSignature)); } return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * OcspResponse ::= Sequence { * responseStatus OcspResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(responseStatus); if (responseBytes != null) { v.Add(new DerTaggedObject(true, 0, responseBytes)); } return new DerSequence(v); }
/** * <pre> * MacData ::= SEQUENCE { * mac DigestInfo, * macSalt OCTET STRING, * iterations INTEGER DEFAULT 1 * -- Note: The default is for historic reasons and its use is deprecated. A * -- higher value, like 1024 is recommended. * </pre> * @return the basic DERObject construction. */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(digInfo, new DerOctetString(salt)); if (!iterationCount.Equals(BigInteger.One)) { v.Add(new DerInteger(iterationCount)); } return new DerSequence(v); }
/** * <pre> * CommitmentTypeIndication ::= SEQUENCE { * commitmentTypeId CommitmentTypeIdentifier, * commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF * CommitmentTypeQualifier OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(commitmentTypeId); if (commitmentTypeQualifier != null) { v.Add(commitmentTypeQualifier); } return new DerSequence(v); }
public AttributeTable(Asn1EncodableVector v) { _attributes = Platform.CreateHashtable(v.Count); for (int i = 0; i != v.Count; i++) { AttributeX509 a = AttributeX509.GetInstance(v[i]); _attributes.Add(a.AttrType, a); } }
/* * PolicyInformation ::= Sequence { * policyIdentifier CertPolicyId, * policyQualifiers Sequence SIZE (1..MAX) OF * PolicyQualifierInfo OPTIONAL } */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(policyIdentifier); if (policyQualifiers != null) { v.Add(policyQualifiers); } return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * RevokedInfo ::= Sequence { * revocationTime GeneralizedTime, * revocationReason [0] EXPLICIT CRLReason OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(revocationTime); if (revocationReason != null) { v.Add(new DerTaggedObject(true, 0, revocationReason)); } return new DerSequence(v); }
/** * <pre> * EncryptedData ::= SEQUENCE { * version CMSVersion, * encryptedContentInfo EncryptedContentInfo, * unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } * </pre> * @return a basic ASN.1 object representation. */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(version, encryptedContentInfo); if (unprotectedAttrs != null) { v.Add(new BerTaggedObject(false, 1, unprotectedAttrs)); } return new BerSequence(v); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector seq = new Asn1EncodableVector(qcStatementId); if (qcStatementInfo != null) { seq.Add(qcStatementInfo); } return new DerSequence(seq); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * ContentInfo ::= Sequence { * contentType ContentType, * content * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(contentType); if (content != null) { v.Add(new BerTaggedObject(0, content)); } return new BerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * ServiceLocator ::= Sequence { * issuer Name, * locator AuthorityInfoAccessSyntax OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(issuer); if (locator != null) { v.Add(locator); } return new DerSequence(v); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(crlHash.ToAsn1Object()); if (crlIdentifier != null) { v.Add(crlIdentifier.ToAsn1Object()); } return new DerSequence(v); }
/** * <pre> * TimeStampResp ::= SEQUENCE { * status PkiStatusInfo, * timeStampToken TimeStampToken OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(pkiStatusInfo); if (timeStampToken != null) { v.Add(timeStampToken); } return new DerSequence(v); }
/** * <pre> * EssCertID ::= SEQUENCE { * certHash Hash, * issuerSerial IssuerSerial OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(certHash); if (issuerSerial != null) { v.Add(issuerSerial); } return new DerSequence(v); }
public AttributeTable(Asn1EncodableVector v) { _attributes = Platform.CreateHashtable(v.Count); foreach (Asn1Encodable o in v) { Attribute a = Attribute.GetInstance(o); AddAttribute(a); } }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector( octStr, iterationCount); if (keyLength != null) { v.Add(keyLength); } return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * EncryptedContentInfo ::= Sequence { * contentType ContentType, * contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, * encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL * } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector( contentType, contentEncryptionAlgorithm); if (encryptedContent != null) { v.Add(new BerTaggedObject(false, 0, encryptedContent)); } return new BerSequence(v); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); if (version != null) { v.Add(version); } v.Add(iv); return new DerSequence(v); }
public ExtendedKeyUsage(IEnumerable usages) { var v = new Asn1EncodableVector(); foreach (Asn1Object o in usages) { v.Add(o); _usageTable.Add(o, o); } _seq = new DerSequence(v); }
/** * <pre> * ContentHints ::= SEQUENCE { * contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, * contentType ContentType } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); if (contentDescription != null) { v.Add(contentDescription); } v.Add(contentType); return new DerSequence(v); }
/** * <pre> * CertRepMessage ::= SEQUENCE { * caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate * OPTIONAL, * response SEQUENCE OF CertResponse * } * </pre> * @return a basic ASN.1 object representation. */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); if (caPubs != null) { v.Add(new DerTaggedObject(true, 1, caPubs)); } v.Add(response); return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * OtherInfo ::= Sequence { * keyInfo KeySpecificInfo, * partyAInfo [0] OCTET STRING OPTIONAL, * suppPubInfo [2] OCTET STRING * } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(keyInfo); if (partyAInfo != null) { v.Add(new DerTaggedObject(0, partyAInfo)); } v.Add(new DerTaggedObject(2, suppPubInfo)); return new DerSequence(v); }
public ExtendedKeyUsage( ArrayList usages) { Asn1EncodableVector v = new Asn1EncodableVector(); foreach (Asn1Object o in usages) { v.Add(o); this.usageTable.Add(o, o); } this.seq = new DerSequence(v); }
public static new BerSequence FromVector( Asn1EncodableVector v) { return(v.Count < 1 ? Empty : new BerSequence(v)); }
internal BerSet(Asn1EncodableVector v, bool needsSorting) : base(v, needsSorting) { }
/** * generate an enveloped object that contains an CMS Enveloped Data * object using the given provider and the passed in key generator. */ private CmsAuthenticatedData Generate( CmsProcessable content, string macOid, CipherKeyGenerator keyGen) { AlgorithmIdentifier macAlgId; KeyParameter encKey; Asn1OctetString encContent; Asn1OctetString macResult; try { // FIXME Will this work for macs? byte[] encKeyBytes = keyGen.GenerateKey(); encKey = ParameterUtilities.CreateKeyParameter(macOid, encKeyBytes); Asn1Encodable asn1Params = GenerateAsn1Parameters(macOid, encKeyBytes); ICipherParameters cipherParameters; macAlgId = GetAlgorithmIdentifier( macOid, encKey, asn1Params, out cipherParameters); IMac mac = MacUtilities.GetMac(macOid); // TODO Confirm no ParametersWithRandom needed // FIXME Only passing key at the moment // mac.Init(cipherParameters); mac.Init(encKey); MemoryStream bOut = new MemoryStream(); MacStream mOut = new MacStream(bOut, null, mac); content.Write(mOut); mOut.Close(); bOut.Close(); encContent = new BerOctetString(bOut.ToArray()); byte[] macOctets = MacUtilities.DoFinal(mOut.WriteMac()); macResult = new DerOctetString(macOctets); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } Asn1EncodableVector recipientInfos = new Asn1EncodableVector(); foreach (RecipientInfoGenerator rig in recipientInfoGenerators) { try { recipientInfos.Add(rig.Generate(encKey, rand)); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for algorithm.", e); } catch (GeneralSecurityException e) { throw new CmsException("error making encrypted content.", e); } } ContentInfo eci = new ContentInfo(CmsObjectIdentifiers.Data, encContent); ContentInfo contentInfo = new ContentInfo( CmsObjectIdentifiers.AuthenticatedData, new AuthenticatedData(null, new DerSet(recipientInfos), macAlgId, null, eci, null, macResult, null)); return(new CmsAuthenticatedData(contentInfo)); }
private Stream Open( Stream outStream, AlgorithmIdentifier encAlgID, ICipherParameters cipherParameters, Asn1EncodableVector recipientInfos) { try { // // ContentInfo // BerSequenceGenerator cGen = new BerSequenceGenerator(outStream); cGen.AddObject(CmsObjectIdentifiers.EnvelopedData); // // Encrypted Data // BerSequenceGenerator envGen = new BerSequenceGenerator( cGen.GetRawOutputStream(), 0, true); envGen.AddObject(this.Version); Stream envRaw = envGen.GetRawOutputStream(); Asn1Generator recipGen = _berEncodeRecipientSet ? (Asn1Generator) new BerSetGenerator(envRaw) : new DerSetGenerator(envRaw); foreach (Asn1Encodable ae in recipientInfos) { recipGen.AddObject(ae); } recipGen.Close(); BerSequenceGenerator eiGen = new BerSequenceGenerator(envRaw); eiGen.AddObject(CmsObjectIdentifiers.Data); eiGen.AddObject(encAlgID); Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, false, _bufferSize); IBufferedCipher cipher = CipherUtilities.GetCipher(encAlgID.ObjectID); cipher.Init(true, new ParametersWithRandom(cipherParameters, rand)); CipherStream cOut = new CipherStream(octetOutputStream, null, cipher); return(new CmsEnvelopedDataOutputStream(this, cOut, cGen, envGen, eiGen)); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } }
public override void Close() { _out.Close(); _eiGen.Close(); outer._digests.Clear(); // clear the current preserved digest state if (outer._certs.Count > 0) { Asn1Set certs = CmsUtilities.CreateBerSetFromList(outer._certs); WriteToGenerator(_sigGen, new BerTaggedObject(false, 0, certs)); } if (outer._crls.Count > 0) { Asn1Set crls = CmsUtilities.CreateBerSetFromList(outer._crls); WriteToGenerator(_sigGen, new BerTaggedObject(false, 1, crls)); } // // Calculate the digest hashes // foreach (DictionaryEntry de in outer._messageDigests) { outer._messageHashes.Add(de.Key, DigestUtilities.DoFinal((IDigest)de.Value)); } // TODO If the digest OIDs for precalculated signers weren't mixed in with // the others, we could fill in outer._digests here, instead of SignerInf.ToSignerInfo // // add the precalculated SignerInfo objects. // Asn1EncodableVector signerInfos = new Asn1EncodableVector(); foreach (SignerInformation signer in outer._signers) { signerInfos.Add(signer.ToSignerInfo()); } // // add the SignerInfo objects // foreach (SignerInf signer in outer._signerInfs) { try { signerInfos.Add(signer.ToSignerInfo(_contentOID)); } catch (IOException e) { throw new CmsStreamException("encoding error." + e); } catch (InvalidKeyException e) { throw new CmsStreamException("key inappropriate for signature.", e); } catch (SignatureException e) { throw new CmsStreamException("error creating signature." + e); } catch (CertificateEncodingException e) { throw new CmsStreamException("error creating sid." + e); } catch (SecurityUtilityException e) { throw new CmsStreamException("unknown signature algorithm." + e); } } WriteToGenerator(_sigGen, new DerSet(signerInfos)); _sigGen.Close(); _sGen.Close(); base.Close(); }
/** * create a set containing a vector of objects. */ public BerSet(Asn1EncodableVector elementVector) : base(elementVector, false) { }
private CmsAuthenticatedData Generate(CmsProcessable content, string macOid, CipherKeyGenerator keyGen) { KeyParameter keyParameter; AlgorithmIdentifier algorithmIdentifier; Asn1OctetString content2; Asn1OctetString mac2; try { byte[] array = keyGen.GenerateKey(); keyParameter = ParameterUtilities.CreateKeyParameter(macOid, array); Asn1Encodable asn1Params = this.GenerateAsn1Parameters(macOid, array); ICipherParameters cipherParameters; algorithmIdentifier = this.GetAlgorithmIdentifier(macOid, keyParameter, asn1Params, out cipherParameters); IMac mac = MacUtilities.GetMac(macOid); mac.Init(keyParameter); MemoryStream memoryStream = new MemoryStream(); Stream stream = new TeeOutputStream(memoryStream, new MacOutputStream(mac)); content.Write(stream); stream.Close(); memoryStream.Close(); content2 = new BerOctetString(memoryStream.ToArray()); byte[] str = MacUtilities.DoFinal(mac); mac2 = new DerOctetString(str); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e2) { throw new CmsException("key invalid in message.", e2); } catch (IOException e3) { throw new CmsException("exception decoding algorithm parameters.", e3); } Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (RecipientInfoGenerator recipientInfoGenerator in this.recipientInfoGenerators) { try { asn1EncodableVector.Add(new Asn1Encodable[] { recipientInfoGenerator.Generate(keyParameter, this.rand) }); } catch (InvalidKeyException e4) { throw new CmsException("key inappropriate for algorithm.", e4); } catch (GeneralSecurityException e5) { throw new CmsException("error making encrypted content.", e5); } } ContentInfo encapsulatedContent = new ContentInfo(CmsObjectIdentifiers.Data, content2); ContentInfo contentInfo = new ContentInfo(CmsObjectIdentifiers.AuthenticatedData, new AuthenticatedData(null, new DerSet(asn1EncodableVector), algorithmIdentifier, null, encapsulatedContent, null, mac2, null)); return(new CmsAuthenticatedData(contentInfo)); }
/** * Return a SignerInformationStore containing the counter signatures attached to this * signer. If no counter signatures are present an empty store is returned. */ public SignerInformationStore GetCounterSignatures() { // TODO There are several checks implied by the RFC3852 comments that are missing /* * The countersignature attribute MUST be an unsigned attribute; it MUST * NOT be a signed attribute, an authenticated attribute, an * unauthenticated attribute, or an unprotected attribute. */ Asn1.Cms.AttributeTable unsignedAttributeTable = UnsignedAttributes; if (unsignedAttributeTable == null) { return(new SignerInformationStore(Platform.CreateArrayList(0))); } IList counterSignatures = Platform.CreateArrayList(); /* * The UnsignedAttributes syntax is defined as a SET OF Attributes. The * UnsignedAttributes in a signerInfo may include multiple instances of * the countersignature attribute. */ Asn1EncodableVector allCSAttrs = unsignedAttributeTable.GetAll(CmsAttributes.CounterSignature); foreach (Asn1.Cms.Attribute counterSignatureAttribute in allCSAttrs) { /* * A countersignature attribute can have multiple attribute values. The * syntax is defined as a SET OF AttributeValue, and there MUST be one * or more instances of AttributeValue present. */ Asn1Set values = counterSignatureAttribute.AttrValues; if (values.Count < 1) { // TODO Throw an appropriate exception? } foreach (Asn1Encodable asn1Obj in values) { /* * Countersignature values have the same meaning as SignerInfo values * for ordinary signatures, except that: * * 1. The signedAttributes field MUST NOT contain a content-type * attribute; there is no content type for countersignatures. * * 2. The signedAttributes field MUST contain a message-digest * attribute if it contains any other attributes. * * 3. The input to the message-digesting process is the contents * octets of the DER encoding of the signatureValue field of the * SignerInfo value with which the attribute is associated. */ SignerInfo si = SignerInfo.GetInstance(asn1Obj.ToAsn1Object()); string digestName = CmsSignedHelper.Instance.GetDigestAlgName(si.DigestAlgorithm.Algorithm.Id); counterSignatures.Add(new SignerInformation(si, null, null, new CounterSignatureDigestCalculator(digestName, GetSignature()))); } } return(new SignerInformationStore(counterSignatures)); }
/** * generate a signed object that for a CMS Signed Data * object - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. */ public CmsSignedData Generate( // FIXME Avoid accessing more than once to support CmsProcessableInputStream ICmsTypedData content, bool encapsulate) { // TODO // if (signerInfs.isEmpty()) // { // /* RFC 3852 5.2 // * "In the degenerate case where there are no signers, the // * EncapsulatedContentInfo value being "signed" is irrelevant. In this // * case, the content type within the EncapsulatedContentInfo value being // * "signed" MUST be id-data (as defined in section 4), and the content // * field of the EncapsulatedContentInfo value MUST be omitted." // */ // if (encapsulate) // { // throw new IllegalArgumentException("no signers, encapsulate must be false"); // } // if (!DATA.equals(eContentType)) // { // throw new IllegalArgumentException("no signers, eContentType must be id-data"); // } // } // // if (!DATA.equals(eContentType)) // { // /* RFC 3852 5.3 // * [The 'signedAttrs']... // * field is optional, but it MUST be present if the content type of // * the EncapsulatedContentInfo value being signed is not id-data. // */ // // TODO signedAttrs must be present for all signers // } Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector signerInfos = new Asn1EncodableVector(); _digests.Clear(); // clear the current preserved digest state // // add the precalculated SignerInfo objects. // for (IEnumerator it = _signers.GetEnumerator(); it.MoveNext();) { SignerInformation signer = (SignerInformation)it.Current; digestAlgs.Add(CmsUtilities.fixAlgID(signer.DigestAlgorithmID)); // TODO Verify the content type and calculated digest match the precalculated SignerInfo signerInfos.Add(signer.ToAsn1Structure()); } // // add the SignerInfo objects // DerObjectIdentifier contentTypeOID = content.ContentType; Asn1OctetString octs = null; if (content.GetContent() != null) { MemoryOutputStream bOut = null; if (encapsulate) { bOut = new MemoryOutputStream(); } Stream cOut = CmsUtilities.attachSignersToOutputStream(_signerGens, bOut); // Just in case it's unencapsulated and there are no signers! cOut = CmsUtilities.getSafeOutputStream(cOut); try { content.Write(cOut); cOut.Close(); } catch (IOException e) { throw new CmsException("data processing exception: " + e.Message, e); } if (encapsulate) { octs = new BerOctetString(bOut.ToArray()); } } for (IEnumerator it = _signerGens.GetEnumerator(); it.MoveNext();) { SignerInfoGenerator sGen = (SignerInfoGenerator)it.Current; SignerInfo inf = sGen.Generate(contentTypeOID); digestAlgs.Add(inf.DigestAlgorithm); signerInfos.Add(inf); byte[] calcDigest = sGen.getCalculatedDigest(); if (calcDigest != null) { _digests.Add(inf.DigestAlgorithm.Algorithm.Id, calcDigest); } } Asn1Set certificates = null; if (_certs.Count != 0) { certificates = CmsUtilities.CreateBerSetFromList(_certs); } Asn1Set certrevlist = null; if (_crls.Count != 0) { certrevlist = CmsUtilities.CreateBerSetFromList(_crls); } ContentInfo encInfo = new ContentInfo(contentTypeOID, octs); SignedData sd = new SignedData( new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos)); ContentInfo contentInfo = new ContentInfo( CmsObjectIdentifiers.SignedData, sd); return(new CmsSignedData(content, contentInfo)); }
private BasicOcspResp GenerateResponse(ISignatureFactory signatureCalculator, X509Certificate[] chain, global::System.DateTime producedAt) { //IL_016c: Expected O, but got Unknown AlgorithmIdentifier algorithmIdentifier = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails; DerObjectIdentifier algorithm = algorithmIdentifier.Algorithm; Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(); global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)list).GetEnumerator(); try { while (enumerator.MoveNext()) { ResponseObject responseObject = (ResponseObject)enumerator.get_Current(); try { asn1EncodableVector.Add(responseObject.ToResponse()); } catch (global::System.Exception e) { throw new OcspException("exception creating Request", e); } } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } ResponseData responseData = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(asn1EncodableVector), responseExtensions); DerBitString derBitString = null; try { IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] derEncoded = responseData.GetDerEncoded(); streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length); Platform.Dispose(streamCalculator.Stream); derBitString = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()); } catch (global::System.Exception ex) { throw new OcspException(string.Concat((object)"exception processing TBSRequest: ", (object)ex), ex); } AlgorithmIdentifier sigAlgID = OcspUtilities.GetSigAlgID(algorithm); DerSequence certs = null; if (chain != null && chain.Length > 0) { Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(); try { for (int i = 0; i != chain.Length; i++) { asn1EncodableVector2.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(chain[i].GetEncoded()))); } } catch (IOException val) { IOException e2 = val; throw new OcspException("error processing certs", (global::System.Exception)(object) e2); } catch (CertificateEncodingException e3) { throw new OcspException("error encoding certs", e3); } certs = new DerSequence(asn1EncodableVector2); } return(new BasicOcspResp(new BasicOcspResponse(responseData, sigAlgID, derBitString, certs))); }
public void Save( Stream stream, char[] password, SecureRandom random) { if (stream == null) { throw new ArgumentNullException("stream"); } if (random == null) { throw new ArgumentNullException("random"); } // // handle the keys // Asn1EncodableVector keyBags = new Asn1EncodableVector(); foreach (string name in keys.Keys) { byte[] kSalt = new byte[SaltSize]; random.NextBytes(kSalt); AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name]; DerObjectIdentifier bagOid; Asn1Encodable bagData; if (password == null) { bagOid = PkcsObjectIdentifiers.KeyBag; bagData = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey.Key); } else { bagOid = PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag; if (keyPrfAlgorithm != null) { bagData = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo( keyAlgorithm, keyPrfAlgorithm, password, kSalt, MinIterations, random, privKey.Key); } else { bagData = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo( keyAlgorithm, password, kSalt, MinIterations, privKey.Key); } } Asn1EncodableVector kName = new Asn1EncodableVector(); foreach (string oid in privKey.BagAttributeKeys) { Asn1Encodable entry = privKey[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } kName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'name' //if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { kName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name)))); } // // make sure we have a local key-id // if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { X509CertificateEntry ct = GetCertificate(name); AsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey(); SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey); kName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID))); } keyBags.Add(new SafeBag(bagOid, bagData.ToAsn1Object(), new DerSet(kName))); } byte[] keyBagsEncoding = new DerSequence(keyBags).GetDerEncoded(); ContentInfo keysInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(keyBagsEncoding)); // // certificate processing // byte[] cSalt = new byte[SaltSize]; random.NextBytes(cSalt); Asn1EncodableVector certBags = new Asn1EncodableVector(); Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, MinIterations); AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object()); ISet doneCerts = new HashSet(); foreach (string name in keys.Keys) { X509CertificateEntry certEntry = GetCertificate(name); CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(certEntry.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in certEntry.BagAttributeKeys) { Asn1Encodable entry = certEntry[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'name' //if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name)))); } // // make sure we have a local key-id // if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { AsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey(); SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey); fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID))); } certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName))); doneCerts.Add(certEntry.Certificate); } foreach (string certId in certs.Keys) { X509CertificateEntry cert = (X509CertificateEntry)certs[certId]; if (keys[certId] != null) { continue; } CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in cert.BagAttributeKeys) { // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { continue; } Asn1Encodable entry = cert[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'certId' //if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(certId)))); } certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName))); doneCerts.Add(cert.Certificate); } foreach (CertId certId in chainCerts.Keys) { X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId]; if (doneCerts.Contains(cert.Certificate)) { continue; } CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in cert.BagAttributeKeys) { // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(cert[oid]))); } certBags.Add(new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName))); } byte[] certBagsEncoding = new DerSequence(certBags).GetDerEncoded(); ContentInfo certsInfo; if (password == null || certAlgorithm == null) { certsInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(certBagsEncoding)); } else { byte[] certBytes = CryptPbeData(true, cAlgId, password, false, certBagsEncoding); EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes)); certsInfo = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object()); } ContentInfo[] info = new ContentInfo[] { keysInfo, certsInfo }; byte[] data = new AuthenticatedSafe(info).GetEncoded( useDerEncoding ? Asn1Encodable.Der : Asn1Encodable.Ber); ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data)); // // create the mac // MacData macData = null; if (password != null) { byte[] mSalt = new byte[20]; random.NextBytes(mSalt); byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1, mSalt, MinIterations, password, false, data); AlgorithmIdentifier algId = new AlgorithmIdentifier( OiwObjectIdentifiers.IdSha1, DerNull.Instance); DigestInfo dInfo = new DigestInfo(algId, mac); macData = new MacData(dInfo, mSalt, MinIterations); } // // output the Pfx // Pfx pfx = new Pfx(mainInfo, macData); DerOutputStream derOut; if (useDerEncoding) { derOut = new DerOutputStream(stream); } else { derOut = new BerOutputStream(stream); } derOut.WriteObject(pfx); }
public static new BerSet FromVector(Asn1EncodableVector elementVector) { return(elementVector.Count < 1 ? Empty : new BerSet(elementVector)); }
internal BerSet(Asn1EncodableVector elementVector, bool needsSorting) : base(elementVector, needsSorting) { }
/** * create a sequence containing a vector of objects. */ public BerSequence(Asn1EncodableVector elementVector) : base(elementVector) { }
internal static new BerSet FromVector( Asn1EncodableVector v, bool needsSorting) { return(v.Count < 1 ? Empty : new BerSet(v, needsSorting)); }
private BasicOcspResp GenerateResponse( ISignatureFactory signatureCalculator, X509Certificate[] chain, DateTime producedAt) { AlgorithmIdentifier signingAlgID = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails; DerObjectIdentifier signingAlgorithm = signingAlgID.Algorithm; Asn1EncodableVector responses = new Asn1EncodableVector(); foreach (ResponseObject respObj in list) { try { responses.Add(respObj.ToResponse()); } catch (Exception e) { throw new OcspException("exception creating Request", e); } } ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions); DerBitString bitSig = null; try { IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] encoded = tbsResp.GetDerEncoded(); streamCalculator.Stream.Write(encoded, 0, encoded.Length); Platform.Dispose(streamCalculator.Stream); bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()); } catch (Exception e) { throw new OcspException("exception processing TBSRequest: " + e, e); } AlgorithmIdentifier sigAlgId = OcspUtilities.GetSigAlgID(signingAlgorithm); DerSequence chainSeq = null; if (chain != null && chain.Length > 0) { Asn1EncodableVector v = new Asn1EncodableVector(); try { for (int i = 0; i != chain.Length; i++) { v.Add( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray(chain[i].GetEncoded()))); } } catch (IOException e) { throw new OcspException("error processing certs", e); } catch (CertificateEncodingException e) { throw new OcspException("error encoding certs", e); } chainSeq = new DerSequence(v); } return(new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, chainSeq))); }
internal static new BerSet FromVector(Asn1EncodableVector elementVector, bool needsSorting) { return(elementVector.Count < 1 ? Empty : new BerSet(elementVector, needsSorting)); }
public BerApplicationSpecific(int tagNo, Asn1EncodableVector vec) : base(tagNo, vec) { }
/** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. * @param out stream the CMS object is to be written to. * @param signedContentType OID for data to be signed. * @param encapsulate true if data should be encapsulated. * @param dataOutputStream output stream to copy the data being signed to. */ public Stream Open( Stream outStream, string signedContentType, bool encapsulate, Stream dataOutputStream) { if (outStream == null) { throw new ArgumentNullException("outStream"); } if (!outStream.CanWrite) { throw new ArgumentException("Expected writeable stream", "outStream"); } if (dataOutputStream != null && !dataOutputStream.CanWrite) { throw new ArgumentException("Expected writeable stream", "dataOutputStream"); } _messageDigestsLocked = true; // // ContentInfo // BerSequenceGenerator sGen = new BerSequenceGenerator(outStream); sGen.AddObject(CmsObjectIdentifiers.SignedData); // // Signed Data // BerSequenceGenerator sigGen = new BerSequenceGenerator( sGen.GetRawOutputStream(), 0, true); sigGen.AddObject(CalculateVersion(signedContentType)); Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); foreach (string digestOid in _messageDigestOids) { digestAlgs.Add( new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); } { byte[] tmp = new DerSet(digestAlgs).GetEncoded(); sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); } BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(new DerObjectIdentifier(signedContentType)); Stream digStream; if (encapsulate) { BerOctetStringGenerator octGen = new BerOctetStringGenerator( eiGen.GetRawOutputStream(), 0, true); digStream = octGen.GetOctetOutputStream(_bufferSize); if (dataOutputStream != null) { digStream = new TeeOutputStream(dataOutputStream, digStream); } } else { if (dataOutputStream != null) { digStream = dataOutputStream; } else { digStream = new NullOutputStream(); } } foreach (IDigest d in _messageDigests.Values) { digStream = new DigestStream(digStream, null, d); } return(new CmsSignedDataOutputStream(this, digStream, signedContentType, sGen, sigGen, eiGen)); }
/** * Returns the encoded form of this certification path, using * the specified encoding. * * @param encoding the name of the encoding to use * @return the encoded bytes * @exception CertificateEncodingException if an encoding error * occurs or the encoding requested is not supported * */ public virtual byte[] GetEncoded( string encoding) { if (String.Compare(encoding, "PkiPath", true) == 0) { Asn1EncodableVector v = new Asn1EncodableVector(); for (int i = certificates.Count - 1; i >= 0; i--) { v.Add(ToAsn1Object((X509Certificate)certificates[i])); } return(ToDerEncoded(new DerSequence(v))); } else if (String.Compare(encoding, "PKCS7", true) == 0) { Asn1.Pkcs.ContentInfo encInfo = new Asn1.Pkcs.ContentInfo( PkcsObjectIdentifiers.Data, null); Asn1EncodableVector v = new Asn1EncodableVector(); for (int i = 0; i != certificates.Count; i++) { v.Add(ToAsn1Object((X509Certificate)certificates[i])); } Asn1.Pkcs.SignedData sd = new Asn1.Pkcs.SignedData( new DerInteger(1), new DerSet(), encInfo, new DerSet(v), null, new DerSet()); return(ToDerEncoded(new Asn1.Pkcs.ContentInfo(PkcsObjectIdentifiers.SignedData, sd))); } else if (String.Compare(encoding, "PEM", true) == 0) { MemoryStream bOut = new MemoryStream(); PemWriter pWrt = new PemWriter(new StreamWriter(bOut)); try { for (int i = 0; i != certificates.Count; i++) { pWrt.WriteObject(certificates[i]); } pWrt.Writer.Close(); } catch (Exception) { throw new CertificateEncodingException("can't encode certificate for PEM encoded path"); } return(bOut.ToArray()); } else { throw new CertificateEncodingException("unsupported encoding: " + encoding); } }
public Attributes(Asn1EncodableVector v) { attributes = new BerSet(v); }
protected Stream Open( Stream outStr, AlgorithmIdentifier macAlgId, ICipherParameters cipherParameters, Asn1EncodableVector recipientInfos) { try { // // ContentInfo // BerSequenceGenerator cGen = new BerSequenceGenerator(outStr); cGen.AddObject(CmsObjectIdentifiers.AuthenticatedData); // // Authenticated Data // BerSequenceGenerator authGen = new BerSequenceGenerator( cGen.GetRawOutputStream(), 0, true); authGen.AddObject(new DerInteger(AuthenticatedData.CalculateVersion(null))); Stream authRaw = authGen.GetRawOutputStream(); Asn1Generator recipGen = _berEncodeRecipientSet ? (Asn1Generator) new BerSetGenerator(authRaw) : new DerSetGenerator(authRaw); foreach (Asn1Encodable ae in recipientInfos) { recipGen.AddObject(ae); } recipGen.Close(); authGen.AddObject(macAlgId); BerSequenceGenerator eiGen = new BerSequenceGenerator(authRaw); eiGen.AddObject(CmsObjectIdentifiers.Data); Stream octetOutputStream = CmsUtilities.CreateBerOctetOutputStream( eiGen.GetRawOutputStream(), 0, false, _bufferSize); IMac mac = MacUtilities.GetMac(macAlgId.ObjectID); // TODO Confirm no ParametersWithRandom needed mac.Init(cipherParameters); Stream mOut = new TeeOutputStream(octetOutputStream, new MacOutputStream(mac)); return(new CmsAuthenticatedDataOutputStream(mOut, mac, cGen, authGen, eiGen)); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } }
/** * generate a signed object that for a CMS Signed Data * object - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. */ public CmsSignedData Generate( string signedContentType, // FIXME Avoid accessing more than once to support CmsProcessableInputStream CmsProcessable content, bool encapsulate) { Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector signerInfos = new Asn1EncodableVector(); _digests.Clear(); // clear the current preserved digest state // // add the precalculated SignerInfo objects. // foreach (SignerInformation signer in _signers) { digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); // TODO Verify the content type and calculated digest match the precalculated SignerInfo signerInfos.Add(signer.ToSignerInfo()); } // // add the SignerInfo objects // bool isCounterSignature = (signedContentType == null); DerObjectIdentifier contentTypeOid = isCounterSignature ? null : new DerObjectIdentifier(signedContentType); foreach (SignerInf signer in signerInfs) { try { digestAlgs.Add(signer.DigestAlgorithmID); signerInfos.Add(signer.ToSignerInfo(contentTypeOid, content, rand)); } catch (IOException e) { throw new CmsException("encoding error.", e); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for signature.", e); } catch (SignatureException e) { throw new CmsException("error creating signature.", e); } catch (CertificateEncodingException e) { throw new CmsException("error creating sid.", e); } } Asn1Set certificates = null; if (_certs.Count != 0) { certificates = CmsUtilities.CreateBerSetFromList(_certs); } Asn1Set certrevlist = null; if (_crls.Count != 0) { certrevlist = CmsUtilities.CreateBerSetFromList(_crls); } Asn1OctetString octs = null; if (encapsulate) { MemoryStream bOut = new MemoryStream(); if (content != null) { try { content.Write(bOut); } catch (IOException e) { throw new CmsException("encapsulation error.", e); } } octs = new BerOctetString(bOut.ToArray()); } ContentInfo encInfo = new ContentInfo(contentTypeOid, octs); SignedData sd = new SignedData( new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos)); ContentInfo contentInfo = new ContentInfo(CmsObjectIdentifiers.SignedData, sd); return(new CmsSignedData(content, contentInfo)); }
public BerSet(Asn1EncodableVector v) : base(v, needsSorting: false) { }
/** * create a set containing a vector of objects. */ public BerSet(Asn1EncodableVector v) : base(v, false) { }
/// <summary> /// Generate an enveloped object that contains a CMS Enveloped Data /// object using the passed in key generator. /// </summary> private CmsEnvelopedData Generate( CmsProcessable content, string encryptionOid, CipherKeyGenerator keyGen) { AlgorithmIdentifier encAlgId = null; KeyParameter encKey; Asn1OctetString encContent; try { byte[] encKeyBytes = keyGen.GenerateKey(); encKey = ParameterUtilities.CreateKeyParameter(encryptionOid, encKeyBytes); Asn1Encodable asn1Params = GenerateAsn1Parameters(encryptionOid, encKeyBytes); ICipherParameters cipherParameters; encAlgId = GetAlgorithmIdentifier( encryptionOid, encKey, asn1Params, out cipherParameters); IBufferedCipher cipher = CipherUtilities.GetCipher(encryptionOid); cipher.Init(true, new ParametersWithRandom(cipherParameters, rand)); MemoryStream bOut = new MemoryStream(); CipherStream cOut = new CipherStream(bOut, null, cipher); content.Write(cOut); Platform.Dispose(cOut); encContent = new BerOctetString(bOut.ToArray()); } catch (SecurityUtilityException e) { throw new CmsException("couldn't create cipher.", e); } catch (InvalidKeyException e) { throw new CmsException("key invalid in message.", e); } catch (IOException e) { throw new CmsException("exception decoding algorithm parameters.", e); } Asn1EncodableVector recipientInfos = new Asn1EncodableVector(); foreach (RecipientInfoGenerator rig in recipientInfoGenerators) { try { recipientInfos.Add(rig.Generate(encKey, rand)); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for algorithm.", e); } catch (GeneralSecurityException e) { throw new CmsException("error making encrypted content.", e); } } EncryptedContentInfo eci = new EncryptedContentInfo( CmsObjectIdentifiers.Data, encAlgId, encContent); Asn1Set unprotectedAttrSet = null; if (unprotectedAttributeGenerator != null) { AttributeTable attrTable = unprotectedAttributeGenerator.GetAttributes(Platform.CreateHashtable()); unprotectedAttrSet = new BerSet(attrTable.ToAsn1EncodableVector()); } ContentInfo contentInfo = new ContentInfo( CmsObjectIdentifiers.EnvelopedData, new EnvelopedData(null, new DerSet(recipientInfos), eci, unprotectedAttrSet)); return(new CmsEnvelopedData(contentInfo)); }
/** * generate a signed object that for a CMS Signed Data * object using the given provider - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. * @param out stream the CMS object is to be written to. * @param signedContentType OID for data to be signed. * @param encapsulate true if data should be encapsulated. * @param dataOutputStream output stream to copy the data being signed to. */ public Stream Open( Stream outStream, string signedContentType, bool encapsulate, Stream dataOutputStream) { if (outStream == null) { throw new ArgumentNullException("outStream"); } if (!outStream.CanWrite) { throw new ArgumentException("Expected writeable stream", "outStream"); } if (dataOutputStream != null && !dataOutputStream.CanWrite) { throw new ArgumentException("Expected writeable stream", "dataOutputStream"); } _messageDigestsLocked = true; // // ContentInfo // BerSequenceGenerator sGen = new BerSequenceGenerator(outStream); sGen.AddObject(CmsObjectIdentifiers.SignedData); // // Signed Data // BerSequenceGenerator sigGen = new BerSequenceGenerator( sGen.GetRawOutputStream(), 0, true); bool isCounterSignature = (signedContentType == null); DerObjectIdentifier contentTypeOid = isCounterSignature ? null : new DerObjectIdentifier(signedContentType); sigGen.AddObject(CalculateVersion(contentTypeOid)); Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); foreach (string digestOid in _messageDigestOids) { digestAlgs.Add( new AlgorithmIdentifier(new DerObjectIdentifier(digestOid), DerNull.Instance)); } { byte[] tmp = new DerSet(digestAlgs).GetEncoded(); sigGen.GetRawOutputStream().Write(tmp, 0, tmp.Length); } BerSequenceGenerator eiGen = new BerSequenceGenerator(sigGen.GetRawOutputStream()); eiGen.AddObject(contentTypeOid); // If encapsulating, add the data as an octet string in the sequence Stream encapStream = encapsulate ? CmsUtilities.CreateBerOctetOutputStream(eiGen.GetRawOutputStream(), 0, true, _bufferSize) : null; // Also send the data to 'dataOutputStream' if necessary Stream teeStream = GetSafeTeeOutputStream(dataOutputStream, encapStream); // Let all the digests see the data as it is written Stream digStream = AttachDigestsToOutputStream(_messageDigests.Values, teeStream); return(new CmsSignedDataOutputStream(this, digStream, signedContentType, sGen, sigGen, eiGen)); }
/** * create a sequence containing a vector of objects. */ public BerSequence( Asn1EncodableVector v) : base(v) { }
private void DoClose() { Platform.Dispose(_out); // TODO Parent context(s) should really be be closed explicitly _eiGen.Close(); outer._digests.Clear(); // clear the current preserved digest state if (outer._certs.Count > 0) { Asn1Set certs = CmsUtilities.CreateBerSetFromList(outer._certs); WriteToGenerator(_sigGen, new BerTaggedObject(false, 0, certs)); } if (outer._crls.Count > 0) { Asn1Set crls = CmsUtilities.CreateBerSetFromList(outer._crls); WriteToGenerator(_sigGen, new BerTaggedObject(false, 1, crls)); } // // Calculate the digest hashes // foreach (DictionaryEntry de in outer._messageDigests) { outer._messageHashes.Add(de.Key, DigestUtilities.DoFinal((IDigest)de.Value)); } // TODO If the digest OIDs for precalculated signers weren't mixed in with // the others, we could fill in outer._digests here, instead of SignerInfoGenerator.Generate // // collect all the SignerInfo objects // Asn1EncodableVector signerInfos = new Asn1EncodableVector(); // // add the generated SignerInfo objects // { foreach (DigestAndSignerInfoGeneratorHolder holder in outer._signerInfs) { AlgorithmIdentifier digestAlgorithm = holder.DigestAlgorithm; byte[] calculatedDigest = (byte[])outer._messageHashes[ Helper.GetDigestAlgName(holder.digestOID)]; outer._digests[holder.digestOID] = calculatedDigest.Clone(); signerInfos.Add(holder.signerInf.Generate(_contentOID, digestAlgorithm, calculatedDigest)); } } // // add the precalculated SignerInfo objects. // { foreach (SignerInformation signer in outer._signers) { // TODO Verify the content type and calculated digest match the precalculated SignerInfo // if (!signer.ContentType.Equals(_contentOID)) // { // // TODO The precalculated content type did not match - error? // } // // byte[] calculatedDigest = (byte[])outer._digests[signer.DigestAlgOid]; // if (calculatedDigest == null) // { // // TODO We can't confirm this digest because we didn't calculate it - error? // } // else // { // if (!Arrays.AreEqual(signer.GetContentDigest(), calculatedDigest)) // { // // TODO The precalculated digest did not match - error? // } // } signerInfos.Add(signer.ToSignerInfo()); } } WriteToGenerator(_sigGen, new DerSet(signerInfos)); _sigGen.Close(); _sGen.Close(); }
private OcspReq GenerateRequest( DerObjectIdentifier signingAlgorithm, AsymmetricKeyParameter privateKey, X509Certificate[] chain, SecureRandom random) { Asn1EncodableVector requests = new Asn1EncodableVector(); foreach (RequestObject reqObj in list) { try { requests.Add(reqObj.ToRequest()); } catch (Exception e) { throw new OcspException("exception creating Request", e); } } TbsRequest tbsReq = new TbsRequest(requestorName, new DerSequence(requests), requestExtensions); ISigner sig = null; Signature signature = null; if (signingAlgorithm != null) { if (requestorName == null) { throw new OcspException("requestorName must be specified if request is signed."); } try { sig = SignerUtilities.GetSigner(signingAlgorithm.Id); if (random != null) { sig.Init(true, new ParametersWithRandom(privateKey, random)); } else { sig.Init(true, privateKey); } } catch (Exception e) { throw new OcspException("exception creating signature: " + e, e); } DerBitString bitSig = null; try { byte[] encoded = tbsReq.GetEncoded(); sig.BlockUpdate(encoded, 0, encoded.Length); bitSig = new DerBitString(sig.GenerateSignature()); } catch (Exception e) { throw new OcspException("exception processing TBSRequest: " + e, e); } AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DerNull.Instance); if (chain != null && chain.Length > 0) { Asn1EncodableVector v = new Asn1EncodableVector(); try { for (int i = 0; i != chain.Length; i++) { v.Add( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray(chain[i].GetEncoded()))); } } catch (IOException e) { throw new OcspException("error processing certs", e); } catch (CertificateEncodingException e) { throw new OcspException("error encoding certs", e); } signature = new Signature(sigAlgId, bitSig, new DerSequence(v)); } else { signature = new Signature(sigAlgId, bitSig); } } return(new OcspReq(new OcspRequest(tbsReq, signature))); }