public MacData(DigestInfo digInfo, byte[] salt, int iterationCount) { this.digInfo = digInfo; this.salt = (byte[])((global::System.Array)salt).Clone(); this.iterationCount = BigInteger.ValueOf(iterationCount); }
public void Save(Stream stream, char[] password, SecureRandom random) { if (stream == null) { throw new ArgumentNullException("stream"); } if (random == null) { throw new ArgumentNullException("random"); } Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (string text in this.keys.Keys) { byte[] array = new byte[20]; random.NextBytes(array); AsymmetricKeyEntry asymmetricKeyEntry = (AsymmetricKeyEntry)this.keys[text]; DerObjectIdentifier oid; Asn1Encodable asn1Encodable; if (password == null) { oid = PkcsObjectIdentifiers.KeyBag; asn1Encodable = PrivateKeyInfoFactory.CreatePrivateKeyInfo(asymmetricKeyEntry.Key); } else { oid = PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag; asn1Encodable = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(this.keyAlgorithm, password, array, 1024, asymmetricKeyEntry.Key); } Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (string text2 in asymmetricKeyEntry.BagAttributeKeys) { Asn1Encodable obj = asymmetricKeyEntry[text2]; if (!text2.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { asn1EncodableVector2.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { new DerObjectIdentifier(text2), new DerSet(obj) }) }); } } asn1EncodableVector2.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(text)) }) }); if (asymmetricKeyEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { X509CertificateEntry certificate = this.GetCertificate(text); AsymmetricKeyParameter publicKey = certificate.Certificate.GetPublicKey(); SubjectKeyIdentifier obj2 = Pkcs12Store.CreateSubjectKeyID(publicKey); asn1EncodableVector2.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(obj2) }) }); } asn1EncodableVector.Add(new Asn1Encodable[] { new SafeBag(oid, asn1Encodable.ToAsn1Object(), new DerSet(asn1EncodableVector2)) }); } byte[] derEncoded = new DerSequence(asn1EncodableVector).GetDerEncoded(); ContentInfo contentInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(derEncoded)); byte[] array2 = new byte[20]; random.NextBytes(array2); Asn1EncodableVector asn1EncodableVector3 = new Asn1EncodableVector(new Asn1Encodable[0]); Pkcs12PbeParams pkcs12PbeParams = new Pkcs12PbeParams(array2, 1024); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(this.certAlgorithm, pkcs12PbeParams.ToAsn1Object()); ISet set = new HashSet(); foreach (string text3 in this.keys.Keys) { X509CertificateEntry certificate2 = this.GetCertificate(text3); CertBag certBag = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(certificate2.Certificate.GetEncoded())); Asn1EncodableVector asn1EncodableVector4 = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (string text4 in certificate2.BagAttributeKeys) { Asn1Encodable obj3 = certificate2[text4]; if (!text4.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { asn1EncodableVector4.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { new DerObjectIdentifier(text4), new DerSet(obj3) }) }); } } asn1EncodableVector4.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(text3)) }) }); if (certificate2[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { AsymmetricKeyParameter publicKey2 = certificate2.Certificate.GetPublicKey(); SubjectKeyIdentifier obj4 = Pkcs12Store.CreateSubjectKeyID(publicKey2); asn1EncodableVector4.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(obj4) }) }); } asn1EncodableVector3.Add(new Asn1Encodable[] { new SafeBag(PkcsObjectIdentifiers.CertBag, certBag.ToAsn1Object(), new DerSet(asn1EncodableVector4)) }); set.Add(certificate2.Certificate); } foreach (string text5 in this.certs.Keys) { X509CertificateEntry x509CertificateEntry = (X509CertificateEntry)this.certs[text5]; if (this.keys[text5] == null) { CertBag certBag2 = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(x509CertificateEntry.Certificate.GetEncoded())); Asn1EncodableVector asn1EncodableVector5 = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (string text6 in x509CertificateEntry.BagAttributeKeys) { if (!text6.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { Asn1Encodable obj5 = x509CertificateEntry[text6]; if (!text6.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { asn1EncodableVector5.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { new DerObjectIdentifier(text6), new DerSet(obj5) }) }); } } } asn1EncodableVector5.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(text5)) }) }); asn1EncodableVector3.Add(new Asn1Encodable[] { new SafeBag(PkcsObjectIdentifiers.CertBag, certBag2.ToAsn1Object(), new DerSet(asn1EncodableVector5)) }); set.Add(x509CertificateEntry.Certificate); } } foreach (Pkcs12Store.CertId key in this.chainCerts.Keys) { X509CertificateEntry x509CertificateEntry2 = (X509CertificateEntry)this.chainCerts[key]; if (!set.Contains(x509CertificateEntry2.Certificate)) { CertBag certBag3 = new CertBag(PkcsObjectIdentifiers.X509Certificate, new DerOctetString(x509CertificateEntry2.Certificate.GetEncoded())); Asn1EncodableVector asn1EncodableVector6 = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (string text7 in x509CertificateEntry2.BagAttributeKeys) { if (!text7.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { asn1EncodableVector6.Add(new Asn1Encodable[] { new DerSequence(new Asn1Encodable[] { new DerObjectIdentifier(text7), new DerSet(x509CertificateEntry2[text7]) }) }); } } asn1EncodableVector3.Add(new Asn1Encodable[] { new SafeBag(PkcsObjectIdentifiers.CertBag, certBag3.ToAsn1Object(), new DerSet(asn1EncodableVector6)) }); } } byte[] derEncoded2 = new DerSequence(asn1EncodableVector3).GetDerEncoded(); ContentInfo contentInfo2; if (password == null) { contentInfo2 = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(derEncoded2)); } else { byte[] str = Pkcs12Store.CryptPbeData(true, algorithmIdentifier, password, false, derEncoded2); EncryptedData encryptedData = new EncryptedData(PkcsObjectIdentifiers.Data, algorithmIdentifier, new BerOctetString(str)); contentInfo2 = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, encryptedData.ToAsn1Object()); } ContentInfo[] info = new ContentInfo[] { contentInfo, contentInfo2 }; byte[] encoded = new AuthenticatedSafe(info).GetEncoded(this.useDerEncoding ? "DER" : "BER"); ContentInfo contentInfo3 = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encoded)); MacData macData = null; if (password != null) { byte[] array3 = new byte[20]; random.NextBytes(array3); byte[] digest = Pkcs12Store.CalculatePbeMac(OiwObjectIdentifiers.IdSha1, array3, 1024, password, false, encoded); AlgorithmIdentifier algID = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance); DigestInfo digInfo = new DigestInfo(algID, digest); macData = new MacData(digInfo, array3, 1024); } Pfx obj6 = new Pfx(contentInfo3, macData); DerOutputStream derOutputStream; if (this.useDerEncoding) { derOutputStream = new DerOutputStream(stream); } else { derOutputStream = new BerOutputStream(stream); } derOutputStream.WriteObject(obj6); }
public override void PerformTest() { Asn1Sequence obj = (Asn1Sequence)Asn1Object.FromByteArray(pkcs12); Pfx bag = new Pfx(obj); ContentInfo info = bag.AuthSafe; MacData mData = bag.MacData; DigestInfo dInfo = mData.Mac; AlgorithmIdentifier algId = dInfo.AlgorithmID; byte[] salt = mData.GetSalt(); int itCount = mData.IterationCount.IntValue; byte[] octets = ((Asn1OctetString)info.Content).GetOctets(); AuthenticatedSafe authSafe = new AuthenticatedSafe( (Asn1Sequence)Asn1Object.FromByteArray(octets)); ContentInfo[] c = authSafe.GetContentInfo(); // // private key section // if (!c[0].ContentType.Equals(PkcsObjectIdentifiers.Data)) { Fail("Failed comparison data test"); } octets = ((Asn1OctetString)c[0].Content).GetOctets(); Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets); SafeBag b = new SafeBag((Asn1Sequence)seq[0]); if (!b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag)) { Fail("Failed comparison shroudedKeyBag test"); } EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(b.BagValue); encInfo = new EncryptedPrivateKeyInfo(encInfo.EncryptionAlgorithm, encInfo.GetEncryptedData()); b = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, encInfo.ToAsn1Object(), b.BagAttributes); byte[] encodedBytes = new DerSequence(b).GetEncoded(); c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(encodedBytes)); // // certificates // if (!c[1].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData)) { Fail("Failed comparison encryptedData test"); } EncryptedData eData = EncryptedData.GetInstance(c[1].Content); c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, eData); // // create an octet stream to represent the BER encoding of authSafe // authSafe = new AuthenticatedSafe(c); info = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(authSafe.GetEncoded())); mData = new MacData(new DigestInfo(algId, dInfo.GetDigest()), salt, itCount); bag = new Pfx(info, mData); // // comparison test // if (!Arrays.AreEqual(bag.GetEncoded(), pkcs12)) { Fail("Failed comparison test"); } }
public SignerInfo Generate(DerObjectIdentifier contentType, AlgorithmIdentifier digestAlgorithm, byte[] calculatedDigest) { try { string digestName = Helper.GetDigestAlgName(_digestOID); string signatureName = digestName + "with" + _encName; // AlgorithmIdentifier digAlgId = DigestAlgorithmID; // // byte[] hash = (byte[])outer._messageHashes[Helper.GetDigestAlgName(this._digestOID)]; // outer._digests[_digestOID] = hash.Clone(); byte[] bytesToSign = calculatedDigest; /* RFC 3852 5.4 * The result of the message digest calculation process depends on * whether the signedAttrs field is present. When the field is absent, * the result is just the message digest of the content as described * * above. When the field is present, however, the result is the message * digest of the complete DER encoding of the SignedAttrs value * contained in the signedAttrs field. */ Asn1Set signedAttr = null; if (_sAttr != null) { IDictionary parameters = outer.GetBaseParameters(contentType, digestAlgorithm, calculatedDigest); // Asn1.Cms.AttributeTable signed = _sAttr.GetAttributes(Collections.unmodifiableMap(parameters)); Asn1.Cms.AttributeTable signed = _sAttr.GetAttributes(parameters); if (contentType == null) //counter signature { if (signed != null && signed[CmsAttributes.ContentType] != null) { IDictionary tmpSigned = signed.ToDictionary(); tmpSigned.Remove(CmsAttributes.ContentType); signed = new Asn1.Cms.AttributeTable(tmpSigned); } } signedAttr = outer.GetAttributeSet(signed); // sig must be composed from the DER encoding. bytesToSign = signedAttr.GetEncoded(Asn1Encodable.Der); } else { // Note: Need to use raw signatures here since we have already calculated the digest if (_encName.Equals("RSA")) { DigestInfo dInfo = new DigestInfo(digestAlgorithm, calculatedDigest); bytesToSign = dInfo.GetEncoded(Asn1Encodable.Der); } } _sig.BlockUpdate(bytesToSign, 0, bytesToSign.Length); byte[] sigBytes = _sig.GenerateSignature(); Asn1Set unsignedAttr = null; if (_unsAttr != null) { IDictionary parameters = outer.GetBaseParameters( contentType, digestAlgorithm, calculatedDigest); parameters[CmsAttributeTableParameter.Signature] = sigBytes.Clone(); // Asn1.Cms.AttributeTable unsigned = _unsAttr.getAttributes(Collections.unmodifiableMap(parameters)); Asn1.Cms.AttributeTable unsigned = _unsAttr.GetAttributes(parameters); unsignedAttr = outer.GetAttributeSet(unsigned); } // TODO[RSAPSS] Need the ability to specify non-default parameters Asn1Encodable sigX509Parameters = SignerUtilities.GetDefaultX509Parameters(signatureName); AlgorithmIdentifier digestEncryptionAlgorithm = CmsSignedGenerator.GetEncAlgorithmIdentifier( new DerObjectIdentifier(_encOID), sigX509Parameters); return(new SignerInfo(_signerIdentifier, digestAlgorithm, signedAttr, digestEncryptionAlgorithm, new DerOctetString(sigBytes), unsignedAttr)); } catch (IOException e) { throw new CmsStreamException("encoding error.", e); } catch (SignatureException e) { throw new CmsStreamException("error creating signature.", e); } }
public DigestInfo Digest(Number320 locationAndDomainKey, SimpleBloomFilter<Number160> keyBloomFilter, SimpleBloomFilter<Number160> contentBloomFilter, int limit, bool ascending, bool isBloomFilterAnd) { var digestInfo = new DigestInfo(); var rLock = Lock(locationAndDomainKey); try { var from = new Number640(locationAndDomainKey, Number160.Zero, Number160.Zero); var to = new Number640(locationAndDomainKey, Number160.MaxValue, Number160.MaxValue); var tmp = _backend.SubMap(from, to, limit, ascending); foreach (var kvp in tmp) { if (isBloomFilterAnd) { if (keyBloomFilter == null || keyBloomFilter.Contains(kvp.Key.ContentKey)) { if (contentBloomFilter == null || contentBloomFilter.Contains(kvp.Value.Hash)) { if (!kvp.Value.HasPrepareFlag) { digestInfo.Put(kvp.Key, kvp.Value.BasedOnSet); } } } } else { if (keyBloomFilter == null || !keyBloomFilter.Contains(kvp.Key.ContentKey)) { if (contentBloomFilter == null || !contentBloomFilter.Contains(kvp.Value.Hash)) { if (!kvp.Value.HasPrepareFlag) { digestInfo.Put(kvp.Key, kvp.Value.BasedOnSet); } } } } } return digestInfo; } finally { rLock.Unlock(); } }
public void Load( Stream input, char[] password) { if (input == null) { throw new ArgumentNullException("input"); } Pfx bag = Pfx.GetInstance(Asn1Object.FromStream(input)); ContentInfo info = bag.AuthSafe; bool wrongPkcs12Zero = false; if (bag.MacData != null) // check the mac code { if (password == null) { throw new ArgumentNullException("password", "no password supplied when one expected"); } MacData mData = bag.MacData; DigestInfo dInfo = mData.Mac; AlgorithmIdentifier algId = dInfo.AlgorithmID; byte[] salt = mData.GetSalt(); int itCount = mData.IterationCount.IntValue; byte[] data = Asn1OctetString.GetInstance(info.Content).GetOctets(); byte[] mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, false, data); byte[] dig = dInfo.GetDigest(); if (!Arrays.ConstantTimeAreEqual(mac, dig)) { if (password.Length > 0) { throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); } // Try with incorrect zero length password mac = CalculatePbeMac(algId.Algorithm, salt, itCount, password, true, data); if (!Arrays.ConstantTimeAreEqual(mac, dig)) { throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); } wrongPkcs12Zero = true; } } else if (password != null) { string ignoreProperty = Platform.GetEnvironmentVariable(IgnoreUselessPasswordProperty); bool ignore = ignoreProperty != null && Platform.EqualsIgnoreCase("true", ignoreProperty); if (!ignore) { throw new IOException("password supplied for keystore that does not require one"); } } keys.Clear(); localIds.Clear(); unmarkedKeyEntry = null; IList certBags = Platform.CreateArrayList(); if (info.ContentType.Equals(PkcsObjectIdentifiers.Data)) { Asn1OctetString content = Asn1OctetString.GetInstance(info.Content); AuthenticatedSafe authSafe = AuthenticatedSafe.GetInstance(content.GetOctets()); ContentInfo[] cis = authSafe.GetContentInfo(); foreach (ContentInfo ci in cis) { DerObjectIdentifier oid = ci.ContentType; byte[] octets = null; if (oid.Equals(PkcsObjectIdentifiers.Data)) { octets = Asn1OctetString.GetInstance(ci.Content).GetOctets(); } else if (oid.Equals(PkcsObjectIdentifiers.EncryptedData)) { if (password != null) { EncryptedData d = EncryptedData.GetInstance(ci.Content); octets = CryptPbeData(false, d.EncryptionAlgorithm, password, wrongPkcs12Zero, d.Content.GetOctets()); } } else { // TODO Other data types } if (octets != null) { Asn1Sequence seq = Asn1Sequence.GetInstance(octets); foreach (Asn1Sequence subSeq in seq) { SafeBag b = new SafeBag(subSeq); if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag)) { certBags.Add(b); } else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag)) { LoadPkcs8ShroudedKeyBag(EncryptedPrivateKeyInfo.GetInstance(b.BagValue), b.BagAttributes, password, wrongPkcs12Zero); } else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag)) { LoadKeyBag(PrivateKeyInfo.GetInstance(b.BagValue), b.BagAttributes); } else { // TODO Other bag types } } } } } certs.Clear(); chainCerts.Clear(); keyCerts.Clear(); foreach (SafeBag b in certBags) { CertBag certBag = new CertBag((Asn1Sequence)b.BagValue); byte[] octets = ((Asn1OctetString)certBag.CertValue).GetOctets(); X509Certificate cert = new X509CertificateParser().ReadCertificate(octets); // // set the attributes // IDictionary attributes = Platform.CreateHashtable(); Asn1OctetString localId = null; string alias = null; if (b.BagAttributes != null) { foreach (Asn1Sequence sq in b.BagAttributes) { DerObjectIdentifier aOid = DerObjectIdentifier.GetInstance(sq[0]); Asn1Set attrSet = Asn1Set.GetInstance(sq[1]); if (attrSet.Count > 0) { // TODO We should be adding all attributes in the set Asn1Encodable attr = attrSet[0]; // TODO We might want to "merge" attribute sets with // the same OID - currently, differing values give an error if (attributes.Contains(aOid.Id)) { // OK, but the value has to be the same if (!attributes[aOid.Id].Equals(attr)) { throw new IOException("attempt to add existing attribute with different value"); } } else { attributes.Add(aOid.Id, attr); } if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName)) { alias = ((DerBmpString)attr).GetString(); } else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { localId = (Asn1OctetString)attr; } } } } CertId certId = new CertId(cert.GetPublicKey()); X509CertificateEntry certEntry = new X509CertificateEntry(cert, attributes); chainCerts[certId] = certEntry; if (unmarkedKeyEntry != null) { if (keyCerts.Count == 0) { string name = Hex.ToHexString(certId.Id); keyCerts[name] = certEntry; keys[name] = unmarkedKeyEntry; } else { keys["unmarked"] = unmarkedKeyEntry; } } else { if (localId != null) { string name = Hex.ToHexString(localId.GetOctets()); keyCerts[name] = certEntry; } if (alias != null) { // TODO There may have been more than one alias certs[alias] = certEntry; } } } }
public void Save( Stream stream, char[] password, SecureRandom random) { if (stream == null) { throw new ArgumentNullException("stream"); } if (password == null) { throw new ArgumentNullException("password"); } if (random == null) { throw new ArgumentNullException("random"); } // // handle the key // Asn1EncodableVector keyS = new Asn1EncodableVector(); foreach (string name in keys.Keys) { byte[] kSalt = new byte[SaltSize]; random.NextBytes(kSalt); AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name]; EncryptedPrivateKeyInfo kInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo( keyAlgorithm, password, kSalt, MinIterations, privKey.Key); Asn1EncodableVector kName = new Asn1EncodableVector(); foreach (string oid in privKey.BagAttributeKeys) { Asn1Encodable entry = privKey[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } kName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'name' //if (privKey[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { kName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name)))); } // // make sure we have a local key-id // if (privKey[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { X509CertificateEntry ct = GetCertificate(name); AsymmetricKeyParameter pubKey = ct.Certificate.GetPublicKey(); SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey); kName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID))); } SafeBag kBag = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, kInfo.ToAsn1Object(), new DerSet(kName)); keyS.Add(kBag); } byte[] derEncodedBytes = new DerSequence(keyS).GetDerEncoded(); BerOctetString keyString = new BerOctetString(derEncodedBytes); // // certificate processing // byte[] cSalt = new byte[SaltSize]; random.NextBytes(cSalt); Asn1EncodableVector certSeq = new Asn1EncodableVector(); Pkcs12PbeParams cParams = new Pkcs12PbeParams(cSalt, MinIterations); AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object()); ISet doneCerts = new HashSet(); foreach (string name in keys.Keys) { X509CertificateEntry certEntry = GetCertificate(name); CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(certEntry.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in certEntry.BagAttributeKeys) { Asn1Encodable entry = certEntry[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'name' //if (certEntry[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(name)))); } // // make sure we have a local key-id // if (certEntry[PkcsObjectIdentifiers.Pkcs9AtLocalKeyID] == null) { AsymmetricKeyParameter pubKey = certEntry.Certificate.GetPublicKey(); SubjectKeyIdentifier subjectKeyID = CreateSubjectKeyID(pubKey); fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtLocalKeyID, new DerSet(subjectKeyID))); } SafeBag sBag = new SafeBag( PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)); certSeq.Add(sBag); doneCerts.Add(certEntry.Certificate); } foreach (string certId in certs.Keys) { X509CertificateEntry cert = (X509CertificateEntry)certs[certId]; if (keys[certId] != null) { continue; } CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in cert.BagAttributeKeys) { // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { continue; } Asn1Encodable entry = cert[oid]; // NB: Ignore any existing FriendlyName if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(entry))); } // // make sure we are using the local alias on store // // NB: We always set the FriendlyName based on 'certId' //if (cert[PkcsObjectIdentifiers.Pkcs9AtFriendlyName] == null) { fName.Add( new DerSequence( PkcsObjectIdentifiers.Pkcs9AtFriendlyName, new DerSet(new DerBmpString(certId)))); } SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)); certSeq.Add(sBag); doneCerts.Add(cert.Certificate); } foreach (CertId certId in chainCerts.Keys) { X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId]; if (doneCerts.Contains(cert.Certificate)) { continue; } CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, new DerOctetString(cert.Certificate.GetEncoded())); Asn1EncodableVector fName = new Asn1EncodableVector(); foreach (string oid in cert.BagAttributeKeys) { // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID.Id)) { continue; } fName.Add( new DerSequence( new DerObjectIdentifier(oid), new DerSet(cert[oid]))); } SafeBag sBag = new SafeBag(PkcsObjectIdentifiers.CertBag, cBag.ToAsn1Object(), new DerSet(fName)); certSeq.Add(sBag); } derEncodedBytes = new DerSequence(certSeq).GetDerEncoded(); byte[] certBytes = CryptPbeData(true, cAlgId, password, false, derEncodedBytes); EncryptedData cInfo = new EncryptedData(PkcsObjectIdentifiers.Data, cAlgId, new BerOctetString(certBytes)); ContentInfo[] info = new ContentInfo[] { new ContentInfo(PkcsObjectIdentifiers.Data, keyString), new ContentInfo(PkcsObjectIdentifiers.EncryptedData, cInfo.ToAsn1Object()) }; byte[] data = new AuthenticatedSafe(info).GetEncoded( useDerEncoding ? Asn1Encodable.Der : Asn1Encodable.Ber); ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(data)); // // create the mac // byte[] mSalt = new byte[20]; random.NextBytes(mSalt); byte[] mac = CalculatePbeMac(OiwObjectIdentifiers.IdSha1, mSalt, MinIterations, password, false, data); AlgorithmIdentifier algId = new AlgorithmIdentifier( OiwObjectIdentifiers.IdSha1, DerNull.Instance); DigestInfo dInfo = new DigestInfo(algId, mac); MacData mData = new MacData(dInfo, mSalt, MinIterations); // // output the Pfx // Pfx pfx = new Pfx(mainInfo, mData); DerOutputStream derOut; if (useDerEncoding) { derOut = new DerOutputStream(stream); } else { derOut = new BerOutputStream(stream); } derOut.WriteObject(pfx); }
public LinkedCertificate(DigestInfo digest, GeneralName certLocation) : this(digest, certLocation, null, null) { }
private async Task <ImageResultInfo> ReportImageStatusAsync(IMcrStatusClient statusClient, DigestInfo digestInfo) { string qualifiedDigest = GetQualifiedDigest(digestInfo.Repo.Repo, digestInfo.Digest); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.AppendLine($"Querying image status for '{qualifiedDigest}'"); stringBuilder.AppendLine("Remaining tags:"); digestInfo.RemainingTags.ForEach(tag => stringBuilder.AppendLine(tag)); this.loggerService.WriteMessage(stringBuilder.ToString()); ImageResult imageResult = await statusClient.GetImageResultAsync(digestInfo.Digest); // Find the image statuses that are associated with the repo indicated in the image info. This filter is needed // because MCR's webhook responds to all image pushes in the ACR, even those to staging locations. A queue time filter // is needed in order to filter out onboarding requests from a previous ingestion of the same digests. IEnumerable <ImageStatus> imageStatuses = imageResult.Value .Where(status => status.TargetRepository == digestInfo.Repo.Repo && status.QueueTime >= Options.MinimumQueueTime); if (imageStatuses.Any()) { stringBuilder = new StringBuilder(); stringBuilder.AppendLine(); stringBuilder.AppendLine($"Image status results for '{qualifiedDigest}':"); var statusesByTag = imageStatuses.GroupBy(status => status.Tag); foreach (IGrouping <string, ImageStatus> tagImageStatuses in statusesByTag) { foreach (ImageStatus imageStatus in tagImageStatuses) { stringBuilder.AppendLine( $"Status for tag '{imageStatus.Tag}' with request ID '{imageStatus.OnboardingRequestId}': {imageStatus.OverallStatus}"); switch (imageStatus.OverallStatus) { case StageStatus.Processing: case StageStatus.NotStarted: case StageStatus.Failed: break; case StageStatus.Succeeded: // If we've found at least one successful overall status for the tag, we're done with that tag. digestInfo.RemainingTags.Remove(imageStatus.Tag); break; case StageStatus.NotApplicable: default: throw new NotSupportedException( $"Unexpected image status for digest '{qualifiedDigest}' with tag '{imageStatus.Tag}' and request ID '{imageStatus.OnboardingRequestId}': {imageStatus.OverallStatus}"); } } // If all found statuses for a given tag have failed, we're done with that tag. if (tagImageStatuses.All(status => status.OverallStatus == StageStatus.Failed)) { digestInfo.RemainingTags.Remove(tagImageStatuses.Key); } } this.loggerService.WriteMessage(stringBuilder.ToString()); } return(new ImageResultInfo { ImageResult = imageResult, DigestInfo = digestInfo }); }
public override void HandleResponse(Message.Message requestMessage, PeerConnection peerConnection, bool sign, IResponder responder) { if (requestMessage.KeyList.Count < 2) { throw new ArgumentException("At least location and domain keys are needed."); } if (!(requestMessage.Type == Message.Message.MessageType.Request1 || requestMessage.Type == Message.Message.MessageType.Request2 || requestMessage.Type == Message.Message.MessageType.Request3 || requestMessage.Type == Message.Message.MessageType.Request4) && (requestMessage.Command == Rpc.Commands.Neighbor.GetNr())) { throw new ArgumentException("Message content is wrong for this handler."); } Number160 locationKey = requestMessage.Key(0); Number160 domainKey = requestMessage.Key(1); var neighbors = GetNeighbors(locationKey, NeighborSize); if (neighbors == null) { // return empty neighbor set var response = CreateResponseMessage(requestMessage, Message.Message.MessageType.NotFound); response.SetNeighborSet(new NeighborSet(-1, new Collection<PeerAddress>())); responder.Response(response); return; } // create response message and set neighbors var responseMessage = CreateResponseMessage(requestMessage, Message.Message.MessageType.Ok); Logger.Debug("Found the following neighbors: {0}.", Convenient.ToString(neighbors)); var neighborSet = new NeighborSet(NeighborLimit, neighbors); responseMessage.SetNeighborSet(neighborSet); Number160 contentKey = requestMessage.Key(2); var keyBloomFilter = requestMessage.BloomFilter(0); var contentBloomFilter = requestMessage.BloomFilter(1); var keyCollection = requestMessage.KeyCollection(0); // it is important to set an integer if a value is present bool isDigest = requestMessage.Type != Message.Message.MessageType.Request1; if (isDigest) { if (requestMessage.Type == Message.Message.MessageType.Request2) { DigestInfo digestInfo; if (PeerBean.DigestStorage == null) { // no storage to search digestInfo = new DigestInfo(); } else if (contentKey != null && locationKey != null && domainKey != null) { var locationAndDomainKey = new Number320(locationKey, domainKey); var from = new Number640(locationAndDomainKey, contentKey, Number160.Zero); var to = new Number640(locationAndDomainKey, contentKey, Number160.MaxValue); digestInfo = PeerBean.DigestStorage.Digest(from, to, -1, true); } else if ((keyBloomFilter != null || contentBloomFilter != null) && locationKey != null && domainKey != null) { var locationAndDomainKey = new Number320(locationKey, domainKey); digestInfo = PeerBean.DigestStorage.Digest(locationAndDomainKey, keyBloomFilter, contentBloomFilter, -1, true, true); } else if (keyCollection != null && keyCollection.Keys.Count == 2) { var enumerator = keyCollection.Keys.GetEnumerator(); var from = enumerator.MoveNext() ? enumerator.Current : null; // TODO works correctly? var to = enumerator.MoveNext() ? enumerator.Current : null; digestInfo = PeerBean.DigestStorage.Digest(from, to, -1, true); } else if (locationKey != null && domainKey != null) { var locationAndDomainKey = new Number320(locationKey, domainKey); var from = new Number640(locationAndDomainKey, Number160.Zero, Number160.Zero); var to = new Number640(locationAndDomainKey, Number160.MaxValue, Number160.MaxValue); digestInfo = PeerBean.DigestStorage.Digest(from, to, -1, true); } else { Logger.Warn("Did not search for anything."); digestInfo = new DigestInfo(); } responseMessage.SetIntValue(digestInfo.Size); responseMessage.SetKey(digestInfo.KeyDigest); responseMessage.SetKey(digestInfo.ContentDigest); } else if (requestMessage.Type == Message.Message.MessageType.Request3) { DigestInfo digestInfo; if (PeerBean.DigestTracker == null) { // no tracker to search digestInfo = new DigestInfo(); } else { digestInfo = PeerBean.DigestTracker.Digest(locationKey, domainKey, contentKey); if (digestInfo.Size == 0) { Logger.Debug("No entry found on peer {0}.", requestMessage.Recipient); } } responseMessage.SetIntValue(digestInfo.Size); } else if (requestMessage.Type == Message.Message.MessageType.Request4) { lock (PeerBean.PeerStatusListeners) { foreach (var listener in PeerBean.PeerStatusListeners) { listener.PeerFailed(requestMessage.Sender, new PeerException(PeerException.AbortCauseEnum.Shutdown, "shutdown")); } } } } responder.Response(responseMessage); }
public MacData(DigestInfo mac, OctetString macSalt) : base(mac, macSalt, new DerInteger(1)) { }
public void save(Stream stream, char[] password, SecureRandom random) { if (password == null) { throw new ArgumentException("No password supplied for PKCS12Store."); } ContentInfo[] c = new ContentInfo[2]; // // handle the key // ASN1EncodableVector keyS = new ASN1EncodableVector(); IEnumerator ks = keys.Keys.GetEnumerator(); while (ks.MoveNext()) { byte[] kSalt = new byte[saltSize]; random.nextBytes(kSalt); String name = (String)ks.Current; AsymmetricKeyEntry privKey = (AsymmetricKeyEntry)keys[name]; EncryptedPrivateKeyInfo kInfo = EncryptedPrivateKeyInfoFactory.createEncryptedPrivateKeyInfo(keyAlgorithm, password, kSalt, minIterations, privKey.getKey()); ASN1EncodableVector kName = new ASN1EncodableVector(); IEnumerator e = privKey.getBagAttributeKeys(); while (e.MoveNext()) { String oid = (String)e.Current; ASN1EncodableVector kSeq = new ASN1EncodableVector(); kSeq.add(new DERObjectIdentifier(oid)); kSeq.add(new DERSet(privKey.getBagAttribute(new DERObjectIdentifier(oid)))); kName.add(new DERSequence(kSeq)); } // // make sure we have a local key-id // if (privKey.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId) == null) { ASN1EncodableVector kSeq = new ASN1EncodableVector(); X509CertificateEntry ct = getCertificate(name); kSeq.add(PKCSObjectIdentifiers.pkcs_9_at_localKeyId); kSeq.add(new DERSet(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(ct.getCertificate().getPublicKey())))); kName.add(new DERSequence(kSeq)); } // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString)privKey.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName); if (nm == null || !nm.getString().Equals(name)) { ASN1EncodableVector kSeq = new ASN1EncodableVector(); kSeq.add(PKCSObjectIdentifiers.pkcs_9_at_friendlyName); kSeq.add(new DERSet(new DERBMPString(name))); kName.add(new DERSequence(kSeq)); } SafeBag kBag = new SafeBag(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag, kInfo.toASN1Object(), new DERSet(kName)); keyS.add(kBag); } MemoryStream bOut = new MemoryStream(); DEROutputStream dOut = new DEROutputStream(bOut); dOut.writeObject(new DERSequence(keyS)); BEROctetString keyString = new BEROctetString(bOut.ToArray()); // // certficate processing // byte[] cSalt = new byte[saltSize]; random.nextBytes(cSalt); ASN1EncodableVector certSeq = new ASN1EncodableVector(); PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, minIterations); AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.toASN1Object()); Hashtable doneCerts = new Hashtable(); IEnumerator cs = keys.Keys.GetEnumerator(); while (cs.MoveNext()) { try { String name = (String)cs.Current; X509CertificateEntry cert = getCertificate(name); CertBag cBag = new CertBag( PKCSObjectIdentifiers.x509certType, new DEROctetString(cert.getCertificate().getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); IEnumerator e = cert.getBagAttributeKeys(); while (e.MoveNext()) { String oid = (String)e.Current; ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(new DERObjectIdentifier(oid)); fSeq.add(new DERSet(cert.getBagAttribute(new DERObjectIdentifier(oid)))); fName.add(new DERSequence(fSeq)); } // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString)cert.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName); if (nm == null || !nm.getString().Equals(name)) { ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(PKCSObjectIdentifiers.pkcs_9_at_friendlyName); fSeq.add(new DERSet(new DERBMPString(name))); fName.add(new DERSequence(fSeq)); } // // make sure we have a local key-id // if (cert.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId) == null) { ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(PKCSObjectIdentifiers.pkcs_9_at_localKeyId); fSeq.add(new DERSet(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getCertificate().getPublicKey())))); fName.add(new DERSequence(fSeq)); } SafeBag sBag = new SafeBag(PKCSObjectIdentifiers.certBag, cBag.toASN1Object(), new DERSet(fName)); certSeq.add(sBag); doneCerts.Add(cert, cert); } catch (Exception e) { throw new Exception("Error encoding certificate: " + e.Message); } } cs = certs.Keys.GetEnumerator(); while (cs.MoveNext()) { try { String certId = (String)cs.Current; X509CertificateEntry cert = (X509CertificateEntry)certs[certId]; if (keys[certId] != null) { continue; } CertBag cBag = new CertBag( PKCSObjectIdentifiers.x509certType, new DEROctetString(cert.getCertificate().getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); IEnumerator e = cert.getBagAttributeKeys(); while (e.MoveNext()) { String oid = (String)e.Current; ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(new DERObjectIdentifier(oid)); fSeq.add(new DERSet(cert.getBagAttribute(new DERObjectIdentifier(oid)))); fName.add(new DERSequence(fSeq)); } // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString)cert.getBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName); if (nm == null || !nm.getString().Equals(certId)) { ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(PKCSObjectIdentifiers.pkcs_9_at_friendlyName); fSeq.add(new DERSet(new DERBMPString(certId))); fName.add(new DERSequence(fSeq)); } SafeBag sBag = new SafeBag(PKCSObjectIdentifiers.certBag, cBag.toASN1Object(), new DERSet(fName)); certSeq.add(sBag); doneCerts.Add(cert, cert); } catch (Exception e) { throw new Exception("Error encoding certificate: " + e.Message); } } cs = chainCerts.Keys.GetEnumerator(); while (cs.MoveNext()) { try { CertId certId = (CertId)cs.Current; X509CertificateEntry cert = (X509CertificateEntry)chainCerts[certId]; if (doneCerts[cert] != null) { continue; } CertBag cBag = new CertBag( PKCSObjectIdentifiers.x509certType, new DEROctetString(cert.getCertificate().getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); IEnumerator e = cert.getBagAttributeKeys(); while (e.MoveNext()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.Current; ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(oid); fSeq.add(new DERSet(cert.getBagAttribute(oid))); fName.add(new DERSequence(fSeq)); } SafeBag sBag = new SafeBag(PKCSObjectIdentifiers.certBag, cBag.toASN1Object(), new DERSet(fName)); certSeq.add(sBag); } catch (Exception e) { throw new Exception("Error encoding certificate: " + e.Message); } } bOut = new MemoryStream(); dOut = new DEROutputStream(bOut); dOut.writeObject(new DERSequence(certSeq)); dOut.Close(); byte[] certBytes = encryptData(new AlgorithmIdentifier(certAlgorithm, cParams), bOut.ToArray(), password); EncryptedData cInfo = new EncryptedData(PKCSObjectIdentifiers.data, cAlgId, new BEROctetString(certBytes)); c[0] = new ContentInfo(PKCSObjectIdentifiers.data, keyString); c[1] = new ContentInfo(PKCSObjectIdentifiers.encryptedData, cInfo.toASN1Object()); AuthenticatedSafe auth = new AuthenticatedSafe(c); bOut = new MemoryStream(); BEROutputStream berOut = new BEROutputStream(bOut); berOut.writeObject(auth); byte[] pkg = bOut.ToArray(); ContentInfo mainInfo = new ContentInfo(PKCSObjectIdentifiers.data, new BEROctetString(pkg)); // // create the mac // byte[] mSalt = new byte[20]; int itCount = minIterations; random.nextBytes(mSalt); byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); MacData mData = null; try { ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(OIWObjectIdentifiers.id_SHA1, mSalt, itCount); CipherParameters keyParameters = PBEUtil.generateCipherParameters(OIWObjectIdentifiers.id_SHA1, password, parameters); Mac mac = (Mac)PBEUtil.createEngine(OIWObjectIdentifiers.id_SHA1); mac.init(keyParameters); mac.update(data, 0, data.Length); byte[] res = new byte[mac.getMacSize()]; mac.doFinal(res, 0); AlgorithmIdentifier algId = new AlgorithmIdentifier(OIWObjectIdentifiers.id_SHA1, new DERNull()); DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mSalt, itCount); } catch (Exception e) { throw new Exception("error constructing MAC: " + e.Message); } // // output the Pfx // Pfx pfx = new Pfx(mainInfo, mData); berOut = new BEROutputStream(stream); berOut.writeObject(pfx); }
public PKCS12Store( Stream input, char[] password) { if (password == null) { throw new ArgumentException("No password supplied for PKCS12Store."); } ASN1InputStream bIn = new ASN1InputStream(input); ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); Pfx bag = new Pfx(obj); ContentInfo info = bag.getAuthSafe(); ArrayList chain = new ArrayList(); bool unmarkedKey = false; if (bag.getMacData() != null) // check the mac code { MemoryStream bOut = new MemoryStream(); BEROutputStream berOut = new BEROutputStream(bOut); MacData mData = bag.getMacData(); DigestInfo dInfo = mData.getMac(); AlgorithmIdentifier algId = dInfo.getAlgorithmId(); byte[] salt = mData.getSalt(); int itCount = mData.getIterationCount().intValue(); berOut.writeObject(info); byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); try { ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(algId.getObjectId(), mData.getSalt(), mData.getIterationCount().intValue()); CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, parameters); Mac mac = (Mac)PBEUtil.createEngine(algId.getObjectId()); mac.init(keyParameters); mac.update(data, 0, data.Length); byte[] res = new byte[mac.getMacSize()]; mac.doFinal(res, 0); byte[] dig = dInfo.getDigest(); if (res.Length != dig.Length) { throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file."); } for (int i = 0; i != res.Length; i++) { if (res[i] != dig[i]) { throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file."); } } } catch (Exception e) { throw new Exception("error constructing MAC: " + e.Message); } } keys = new Hashtable(); localIds = new Hashtable(); if (info.getContentType().Equals(PKCSObjectIdentifiers.data)) { bIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)info.getContent()).getOctets())); AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject()); ContentInfo[] c = authSafe.getContentInfo(); for (int i = 0; i != c.Length; i++) { if (c[i].getContentType().Equals(PKCSObjectIdentifiers.data)) { ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)c[i].getContent()).getOctets())); ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); for (int j = 0; j != seq.size(); j++) { SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) { EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo); // // set the attributes on the key // Hashtable attributes = new Hashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); String alias = null; ASN1OctetString localId = null; if (b.getBagAttributes() != null) { IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); ASN1Encodable attr = null; if (attrSet.size() > 0) { attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); } if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.Add(alias, pkcs12Key); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } } if (localId != null) { String name = byteArrayToString(Hex.encode(localId.getOctets())); if (alias == null) { keys.Add(name, pkcs12Key); } else { localIds.Add(alias, name); } } else { unmarkedKey = true; keys.Add("unmarked", privKey); } } else if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag)) { chain.Add(b); } else { Console.WriteLine("extra " + b.getBagId()); Console.WriteLine("extra " + ASN1Dump.dumpAsString(b)); } } } else if (c[i].getContentType().Equals(PKCSObjectIdentifiers.encryptedData)) { EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent()); ASN1Sequence seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password); for (int j = 0; j != seq.size(); j++) { SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag)) { chain.Add(b); } else if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) { EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo); // // set the attributes on the key // Hashtable attributes = new Hashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); String alias = null; ASN1OctetString localId = null; IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); ASN1Encodable attr = null; if (attrSet.size() > 0) { attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); } if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.Add(alias, pkcs12Key); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } String name = byteArrayToString(Hex.encode(localId.getOctets())); if (alias == null) { keys.Add(name, pkcs12Key); } else { localIds.Add(alias, name); } } else if (b.getBagId().Equals(PKCSObjectIdentifiers.keyBag)) { PrivateKeyInfo pIn = PrivateKeyInfo.getInstance(b.getBagValue()); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(pIn); // // set the attributes on the key // String alias = null; ASN1OctetString localId = null; Hashtable attributes = new Hashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); ASN1Encodable attr = null; if (attrSet.size() > 0) { attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); } if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.Add(alias, pkcs12Key); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } String name = byteArrayToString(Hex.encode(localId.getOctets())); if (alias == null) { keys.Add(name, pkcs12Key); } else { localIds.Add(alias, name); } } else { Console.WriteLine("extra " + b.getBagId()); Console.WriteLine("extra " + ASN1Dump.dumpAsString(b)); } } } else { Console.WriteLine("extra " + c[i].getContentType().getId()); Console.WriteLine("extra " + ASN1Dump.dumpAsString(c[i].getContent())); } } } certs = new Hashtable(); chainCerts = new Hashtable(); keyCerts = new Hashtable(); for (int i = 0; i != chain.Count; i++) { SafeBag b = (SafeBag)chain[i]; CertBag cb = new CertBag((ASN1Sequence)b.getBagValue()); X509Certificate cert = new X509Certificate(((ASN1OctetString)cb.getCertValue()).getOctets()); // // set the attributes // Hashtable attributes = new Hashtable(); X509CertificateEntry pkcs12cert = new X509CertificateEntry(cert, attributes); ASN1OctetString localId = null; String alias = null; if (b.getBagAttributes() != null) { IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); if (attrSet.size() > 0) { ASN1Encodable attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } } } chainCerts.Add(new CertId(cert.getPublicKey()), pkcs12cert); if (unmarkedKey) { if (keyCerts.Count == 0) { String name = byteArrayToString(Hex.encode(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getPublicKey())).getKeyIdentifier())); keyCerts.Add(name, pkcs12cert); keys.Add(name, keys["unmarked"]); keys.Remove("unmarked"); } } else { if (alias == null) { if (localId != null) { String name = byteArrayToString(Hex.encode(localId.getOctets())); keyCerts.Add(name, pkcs12cert); } } else { certs.Add(alias, pkcs12cert); } } } }
public MacData(DigestInfo digInfo, byte[] salt, int iterationCount) { this.digInfo = digInfo; this.salt = (byte[])salt.Clone(); this.iterationCount = BigInteger.ValueOf((long)iterationCount); }
internal SignerInfo ToSignerInfo( DerObjectIdentifier contentType) { string digestName = Helper.GetDigestAlgName(_digestOID); string encName = Helper.GetEncryptionAlgName(_encOID); string signatureName = digestName + "with" + encName; AlgorithmIdentifier digAlgId = DigestAlgorithmID; byte[] hash = (byte[])outer._messageHashes[Helper.GetDigestAlgName(this._digestOID)]; outer._digests[_digestOID] = hash.Clone(); byte[] bytesToSign = hash; ISigner sig; /* RFC 3852 5.4 * The result of the message digest calculation process depends on * whether the signedAttrs field is present. When the field is absent, * the result is just the message digest of the content as described * * above. When the field is present, however, the result is the message * digest of the complete DER encoding of the SignedAttrs value * contained in the signedAttrs field. */ Asn1Set signedAttr = null; if (_sAttr != null) { IDictionary parameters = outer.GetBaseParameters(contentType, digAlgId, hash); // Asn1.Cms.AttributeTable signed = _sAttr.GetAttributes(Collections.unmodifiableMap(parameters)); Asn1.Cms.AttributeTable signed = _sAttr.GetAttributes(parameters); // TODO Handle countersignatures (see CMSSignedDataGenerator) signedAttr = outer.GetAttributeSet(signed); // sig must be composed from the DER encoding. bytesToSign = signedAttr.GetEncoded(Asn1Encodable.Der); sig = Helper.GetSignatureInstance(signatureName); } else { // Note: Need to use raw signatures here since we have already calculated the digest if (encName.Equals("RSA")) { DigestInfo dInfo = new DigestInfo(digAlgId, hash); bytesToSign = dInfo.GetEncoded(Asn1Encodable.Der); sig = Helper.GetSignatureInstance("RSA"); } else if (encName.Equals("DSA")) { sig = Helper.GetSignatureInstance("NONEwithDSA"); } // TODO Add support for raw PSS // else if (encName.equals("RSAandMGF1")) // { // sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEWITHRSAPSS", _sigProvider); // try // { // // Init the params this way to avoid having a 'raw' version of each PSS algorithm // Signature sig2 = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, _sigProvider); // PSSParameterSpec spec = (PSSParameterSpec)sig2.getParameters().getParameterSpec(PSSParameterSpec.class); // sig.setParameter(spec); // } // catch (Exception e) // { // throw new SignatureException("algorithm: " + encName + " could not be configured."); // } // } else { throw new SignatureException("algorithm: " + encName + " not supported in base signatures."); } } sig.Init(true, new ParametersWithRandom(_key, outer.rand)); sig.BlockUpdate(bytesToSign, 0, bytesToSign.Length); byte[] sigBytes = sig.GenerateSignature(); Asn1Set unsignedAttr = null; if (_unsAttr != null) { IDictionary parameters = outer.GetBaseParameters(contentType, digAlgId, hash); parameters[CmsAttributeTableParameter.Signature] = sigBytes.Clone(); // Asn1.Cms.AttributeTable unsigned = _unsAttr.getAttributes(Collections.unmodifiableMap(parameters)); Asn1.Cms.AttributeTable unsigned = _unsAttr.GetAttributes(parameters); unsignedAttr = outer.GetAttributeSet(unsigned); } // TODO[RSAPSS] Need the ability to specify non-default parameters Asn1Encodable sigX509Parameters = SignerUtilities.GetDefaultX509Parameters(signatureName); AlgorithmIdentifier encAlgId = CmsSignedGenerator.GetEncAlgorithmIdentifier( new DerObjectIdentifier(_encOID), sigX509Parameters); return(new SignerInfo(_signerIdentifier, digAlgId, signedAttr, encAlgId, new DerOctetString(sigBytes), unsignedAttr)); }
public bool EvaluateSuccess(PeerAddress remotePeer, DigestInfo digestBean, ICollection<PeerAddress> newNeighbors, bool last, Number160 locationKey) { bool finished; lock (this) { FilterPeers(newNeighbors, _alreadyAsked, _queueToAsk, locationKey); if (EvaluateDirectHits(remotePeer, DirectHits, digestBean, MaxDirectHits)) { // stop immediately Logger.Debug("Enough direct hits found: {0}.", DirectHits); finished = true; IsStopCreatingNewFutures = true; } else if ((++_nrSuccess) > MaxSucess) { // wait until pending tasks are finished Logger.Debug("Max success reached: {0}.", _nrSuccess); finished = last; IsStopCreatingNewFutures = true; } else if (EvaluateInformation(newNeighbors, _queueToAsk, _alreadyAsked, MaxNoNewInfo)) { // wait until pending tasks are finished Logger.Debug("No new information for the {0} time.", MaxNoNewInfo); finished = last; IsStopCreatingNewFutures = true; } else { // continue finished = false; IsStopCreatingNewFutures = false; } } return finished; }
private void RoutingRec(RoutingBuilder routingBuilder, RoutingMechanism routingMechanism, Message.Message.MessageType type, ChannelCreator channelCreator) { var randomSearch = routingBuilder.LocationKey == null; var active = 0; for (var i = 0; i < routingMechanism.Parallel; i++) { if (routingMechanism.GetTcsResponse(i) == null && !routingMechanism.IsStopCreatingNewFutures) { PeerAddress next; if (randomSearch) { next = routingMechanism.PollRandomInQueueToAsk(_rnd); } else { next = routingMechanism.PollFirstInQueueToAsk(); } if (next != null) { routingMechanism.AddToAlreadyAsked(next); active++; // If we search for a random peer, then the peer should // return the address farest away. var locationKey2 = randomSearch ? next.PeerId.Xor(Number160.MaxValue) : routingBuilder.LocationKey; routingBuilder.LocationKey = locationKey2; // routing is per default UDP, don't show warning if the other TCP/UDP is used // TODO find .NET-specific way to show sanity check warning routingMechanism.SetTcsResponse(i, _neighbors.CloseNeighborsTcs(next, routingBuilder.SearchValues(), type, channelCreator, routingBuilder)); Logger.Debug("Get close neighbours: {0} on {1}.", next, i); } } else if (routingMechanism.GetTcsResponse(i) != null) { Logger.Debug("Activity on {0}.", i); active++; } } if (active == 0) { Logger.Debug("No activity, closing."); routingMechanism.SetNeighbors(routingBuilder); routingMechanism.Cancel(); return; } // .NET-specific: // TODO move to TcsForkJoin as separate c'tor? var extractedTasks = new Task<Message.Message>[routingMechanism.TcsResponses.Length]; for (int i = 0; i < routingMechanism.TcsResponses.Length; i++) { extractedTasks[i] = routingMechanism.GetTcsResponse(i) != null ? routingMechanism.GetTcsResponse(i).Task : null; } var volatileArray = new VolatileReferenceArray<Task<Message.Message>>(extractedTasks); bool last = active == 1; var tcsForkJoin = new TcsForkJoin<Task<Message.Message>>(1, false, volatileArray); tcsForkJoin.Task.ContinueWith(tfj => { bool finished; if (!tfj.IsFaulted) { var lastResponse = tcsForkJoin.Last.Result; var remotePeer = lastResponse.Sender; routingMechanism.AddPotentialHits(remotePeer); var newNeighbors = lastResponse.NeighborsSet(0).Neighbors; var resultSize = lastResponse.IntAt(0); var keyDigest = lastResponse.Key(0); var contentDigest = lastResponse.Key(1); var digestBean = new DigestInfo(keyDigest, contentDigest, resultSize); Logger.Debug("Peer ({0}) {1} reported {2} in message {3}.", (digestBean.Size > 0 ? "direct" : "none"), remotePeer, newNeighbors.Count, lastResponse); finished = routingMechanism.EvaluateSuccess(remotePeer, digestBean, newNeighbors, last, routingBuilder.LocationKey); Logger.Debug("Routing finished {0} / {1}.", finished, routingMechanism.IsStopCreatingNewFutures); } else { // if it failed but the failed is the closest one, it is good to try again, // since the peer might just be busy Logger.Debug("Routing error {0}.", tfj.Exception); finished = routingMechanism.EvaluateFailed(); routingMechanism.IsStopCreatingNewFutures = finished; } if (finished) { Logger.Debug("Routing finished. Direct hits: {0}. Potential hits: {1}.", routingMechanism.DirectHits.Count, routingMechanism.PotentialHits.Count); routingMechanism.SetNeighbors(routingBuilder); routingMechanism.Cancel(); // stop all operations, as we are finished, no need to go further } else { RoutingRec(routingBuilder, routingMechanism, type, channelCreator); } }); }
/// <summary> /// For Get() requests we can finish earlier if we found the data we were looking for. /// This checks if we reached the end of our search. /// </summary> /// <param name="remotePeer">The remote peer that gave us this digest information.</param> /// <param name="directHits">The result dictionary that will store how many peers reported that data is there.</param> /// <param name="digestBean">The digest information coming from the remote peer.</param> /// <param name="maxDirectHits">The max. number of direct hits. E.g., finding the value we were looking for /// before we can stop.</param> /// <returns>True, if we can stop. False, if we should continue.</returns> private static bool EvaluateDirectHits(PeerAddress remotePeer, IDictionary<PeerAddress, DigestInfo> directHits, DigestInfo digestBean, int maxDirectHits) { if (digestBean.Size > 0) { directHits.Add(remotePeer, digestBean); if (directHits.Count >= maxDirectHits) { return true; } } return false; }
public void Load( Stream input, char[] password) { if (input == null) { throw new ArgumentNullException("input"); } if (password == null) { throw new ArgumentNullException("password"); } Asn1Sequence obj = (Asn1Sequence)Asn1Object.FromStream(input); Pfx bag = new Pfx(obj); ContentInfo info = bag.AuthSafe; bool unmarkedKey = false; bool wrongPkcs12Zero = false; if (bag.MacData != null) // check the mac code { MacData mData = bag.MacData; DigestInfo dInfo = mData.Mac; AlgorithmIdentifier algId = dInfo.AlgorithmID; byte[] salt = mData.GetSalt(); int itCount = mData.IterationCount.IntValue; byte[] data = ((Asn1OctetString)info.Content).GetOctets(); byte[] mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, false, data); byte[] dig = dInfo.GetDigest(); if (!Arrays.ConstantTimeAreEqual(mac, dig)) { if (password.Length > 0) { throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); } // Try with incorrect zero length password mac = CalculatePbeMac(algId.ObjectID, salt, itCount, password, true, data); if (!Arrays.ConstantTimeAreEqual(mac, dig)) { throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); } wrongPkcs12Zero = true; } } keys.Clear(); localIds.Clear(); IList chain = Platform.CreateArrayList(); if (info.ContentType.Equals(PkcsObjectIdentifiers.Data)) { byte[] octs = ((Asn1OctetString)info.Content).GetOctets(); AuthenticatedSafe authSafe = new AuthenticatedSafe( (Asn1Sequence)Asn1OctetString.FromByteArray(octs)); ContentInfo[] cis = authSafe.GetContentInfo(); foreach (ContentInfo ci in cis) { DerObjectIdentifier oid = ci.ContentType; if (oid.Equals(PkcsObjectIdentifiers.Data)) { byte[] octets = ((Asn1OctetString)ci.Content).GetOctets(); Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets); foreach (Asn1Sequence subSeq in seq) { SafeBag b = new SafeBag(subSeq); if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag)) { EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo( password, wrongPkcs12Zero, eIn); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo); // // set the attributes on the key // IDictionary attributes = Platform.CreateHashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); string alias = null; Asn1OctetString localId = null; if (b.BagAttributes != null) { foreach (Asn1Sequence sq in b.BagAttributes) { DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0]; Asn1Set attrSet = (Asn1Set)sq[1]; Asn1Encodable attr = null; if (attrSet.Count > 0) { // TODO We should be adding all attributes in the set attr = attrSet[0]; // TODO We might want to "merge" attribute sets with // the same OID - currently, differing values give an error if (attributes.Contains(aOid.Id)) { // OK, but the value has to be the same if (!attributes[aOid.Id].Equals(attr)) { throw new IOException("attempt to add existing attribute with different value"); } } else { attributes.Add(aOid.Id, attr); } if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName)) { alias = ((DerBmpString)attr).GetString(); // TODO Do these in a separate loop, just collect aliases here keys[alias] = pkcs12Key; } else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { localId = (Asn1OctetString)attr; } } } } if (localId != null) { string name = Hex.ToHexString(localId.GetOctets()); if (alias == null) { keys[name] = pkcs12Key; } else { // TODO There may have been more than one alias localIds[alias] = name; } } else { unmarkedKey = true; keys["unmarked"] = pkcs12Key; } } else if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag)) { chain.Add(b); } else { Console.WriteLine("extra " + b.BagID); Console.WriteLine("extra " + Asn1Dump.DumpAsString(b)); } } } else if (oid.Equals(PkcsObjectIdentifiers.EncryptedData)) { EncryptedData d = EncryptedData.GetInstance(ci.Content); byte[] octets = CryptPbeData(false, d.EncryptionAlgorithm, password, wrongPkcs12Zero, d.Content.GetOctets()); Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(octets); foreach (Asn1Sequence subSeq in seq) { SafeBag b = new SafeBag(subSeq); if (b.BagID.Equals(PkcsObjectIdentifiers.CertBag)) { chain.Add(b); } else if (b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag)) { EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.GetInstance(b.BagValue); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo( password, wrongPkcs12Zero, eIn); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo); // // set the attributes on the key // IDictionary attributes = Platform.CreateHashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); string alias = null; Asn1OctetString localId = null; foreach (Asn1Sequence sq in b.BagAttributes) { DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0]; Asn1Set attrSet = (Asn1Set)sq[1]; Asn1Encodable attr = null; if (attrSet.Count > 0) { // TODO We should be adding all attributes in the set attr = attrSet[0]; // TODO We might want to "merge" attribute sets with // the same OID - currently, differing values give an error if (attributes.Contains(aOid.Id)) { // OK, but the value has to be the same if (!attributes[aOid.Id].Equals(attr)) { throw new IOException("attempt to add existing attribute with different value"); } } else { attributes.Add(aOid.Id, attr); } if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName)) { alias = ((DerBmpString)attr).GetString(); // TODO Do these in a separate loop, just collect aliases here keys[alias] = pkcs12Key; } else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { localId = (Asn1OctetString)attr; } } } // TODO Should we be checking localIds != null here // as for PkcsObjectIdentifiers.Data version above? string name = Hex.ToHexString(localId.GetOctets()); if (alias == null) { keys[name] = pkcs12Key; } else { // TODO There may have been more than one alias localIds[alias] = name; } } else if (b.BagID.Equals(PkcsObjectIdentifiers.KeyBag)) { PrivateKeyInfo privKeyInfo = PrivateKeyInfo.GetInstance(b.BagValue); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo); // // set the attributes on the key // string alias = null; Asn1OctetString localId = null; IDictionary attributes = Platform.CreateHashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); foreach (Asn1Sequence sq in b.BagAttributes) { DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0]; Asn1Set attrSet = (Asn1Set)sq[1]; Asn1Encodable attr = null; if (attrSet.Count > 0) { // TODO We should be adding all attributes in the set attr = attrSet[0]; // TODO We might want to "merge" attribute sets with // the same OID - currently, differing values give an error if (attributes.Contains(aOid.Id)) { // OK, but the value has to be the same if (!attributes[aOid.Id].Equals(attr)) { throw new IOException("attempt to add existing attribute with different value"); } } else { attributes.Add(aOid.Id, attr); } if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName)) { alias = ((DerBmpString)attr).GetString(); // TODO Do these in a separate loop, just collect aliases here keys[alias] = pkcs12Key; } else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { localId = (Asn1OctetString)attr; } } } // TODO Should we be checking localIds != null here // as for PkcsObjectIdentifiers.Data version above? string name = Hex.ToHexString(localId.GetOctets()); if (alias == null) { keys[name] = pkcs12Key; } else { // TODO There may have been more than one alias localIds[alias] = name; } } else { Console.WriteLine("extra " + b.BagID); Console.WriteLine("extra " + Asn1Dump.DumpAsString(b)); } } } else { Console.WriteLine("extra " + oid); Console.WriteLine("extra " + Asn1Dump.DumpAsString(ci.Content)); } } } certs.Clear(); chainCerts.Clear(); keyCerts.Clear(); foreach (SafeBag b in chain) { CertBag cb = new CertBag((Asn1Sequence)b.BagValue); byte[] octets = ((Asn1OctetString)cb.CertValue).GetOctets(); X509Certificate cert = new X509CertificateParser().ReadCertificate(octets); // // set the attributes // IDictionary attributes = Platform.CreateHashtable(); Asn1OctetString localId = null; string alias = null; if (b.BagAttributes != null) { foreach (Asn1Sequence sq in b.BagAttributes) { DerObjectIdentifier aOid = (DerObjectIdentifier)sq[0]; Asn1Set attrSet = (Asn1Set)sq[1]; if (attrSet.Count > 0) { // TODO We should be adding all attributes in the set Asn1Encodable attr = attrSet[0]; // TODO We might want to "merge" attribute sets with // the same OID - currently, differing values give an error if (attributes.Contains(aOid.Id)) { // OK, but the value has to be the same if (!attributes[aOid.Id].Equals(attr)) { throw new IOException("attempt to add existing attribute with different value"); } } else { attributes.Add(aOid.Id, attr); } if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName)) { alias = ((DerBmpString)attr).GetString(); } else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { localId = (Asn1OctetString)attr; } } } } CertId certId = new CertId(cert.GetPublicKey()); X509CertificateEntry pkcs12Cert = new X509CertificateEntry(cert, attributes); chainCerts[certId] = pkcs12Cert; if (unmarkedKey) { if (keyCerts.Count == 0) { string name = Hex.ToHexString(certId.Id); keyCerts[name] = pkcs12Cert; object temp = keys["unmarked"]; keys.Remove("unmarked"); keys[name] = temp; } } else { if (localId != null) { string name = Hex.ToHexString(localId.GetOctets()); keyCerts[name] = pkcs12Cert; } if (alias != null) { // TODO There may have been more than one alias certs[alias] = pkcs12Cert; } } } }
private async Task <ImageResultInfo> ReportImageStatusWithContinuationAsync(IMcrStatusClient statusClient, DigestInfo digestInfo) { return(await(await ReportImageStatusAsync(statusClient, digestInfo) .ContinueWith(async task => { if (task.IsCompletedSuccessfully) { if (task.Result.DigestInfo.RemainingTags.Any()) { await Task.Delay(Options.RequeryDelay); return await ReportImageStatusWithContinuationAsync(statusClient, digestInfo); } else { return task.Result; } } else if (task.IsFaulted) { throw task.Exception; } return null; }))); }
private bool VerifyDigest( byte[] digest, AsymmetricKeyParameter key, byte[] signature) { string algorithm = Helper.GetEncryptionAlgName(this.EncryptionAlgOid); try { if (algorithm.Equals("RSA")) { IBufferedCipher c = CmsEnvelopedHelper.Instance.CreateAsymmetricCipher("RSA/ECB/PKCS1Padding"); c.Init(false, key); byte[] decrypt = c.DoFinal(signature); DigestInfo digInfo = DerDecode(decrypt); if (!digInfo.AlgorithmID.ObjectID.Equals(digestAlgorithm.ObjectID)) { return(false); } if (!IsNull(digInfo.AlgorithmID.Parameters)) { return(false); } byte[] sigHash = digInfo.GetDigest(); return(Arrays.ConstantTimeAreEqual(digest, sigHash)); } else if (algorithm.Equals("DSA")) { ISigner sig = SignerUtilities.GetSigner("NONEwithDSA"); sig.Init(false, key); sig.BlockUpdate(digest, 0, digest.Length); return(sig.VerifySignature(signature)); } else { throw new CmsException("algorithm: " + algorithm + " not supported in base signatures."); } } catch (SecurityUtilityException e) { throw e; } catch (GeneralSecurityException e) { throw new CmsException("Exception processing signature: " + e, e); } catch (IOException e) { throw new CmsException("Exception decoding signature: " + e, e); } }
private bool ShouldProcessImageStatus(ImageStatus imageStatus, DigestInfo digestInfo) => // Find the image statuses that are associated with the repo indicated in the image info. This filter is needed // because MCR's webhook responds to all image pushes in the ACR, even those to staging locations. A queue time filter // is needed in order to filter out onboarding requests from a previous ingestion of the same digests. imageStatus.TargetRepository == digestInfo.Repo && imageStatus.QueueTime >= Options.MinimumQueueTime;
public DigestInfo Digest(Number640 from, Number640 to, int limit, bool ascending) { var digestInfo = new DigestInfo(); var rLock = RangeLock.Lock(from, to); try { var tmp = _backend.SubMap(from, to, limit, ascending); foreach (var kvp in tmp) { if (!kvp.Value.HasPrepareFlag) { digestInfo.Put(kvp.Key, kvp.Value.BasedOnSet); } } return digestInfo; } finally { rLock.Unlock(); } }
private async Task <ImageResultInfo> ReportImageStatusAsync(IMcrStatusClient statusClient, DigestInfo digestInfo) { string qualifiedDigest = GetQualifiedDigest(digestInfo.Repo, digestInfo.Digest); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.AppendLine($"Querying image status for '{qualifiedDigest}'"); stringBuilder.AppendLine("Remaining tags:"); digestInfo.RemainingTags.ForEach(tag => stringBuilder.AppendLine(tag)); _loggerService.WriteMessage(stringBuilder.ToString()); ImageResult imageResult = await statusClient.GetImageResultAsync(digestInfo.Digest); IEnumerable <ImageStatus> imageStatuses = imageResult.Value .Where(status => ShouldProcessImageStatus(status, digestInfo)); if (imageStatuses.Any()) { stringBuilder = new StringBuilder(); stringBuilder.AppendLine(); stringBuilder.AppendLine($"Image status results for '{qualifiedDigest}':"); IEnumerable <IGrouping <string, ImageStatus> > statusesByTag = imageStatuses.GroupBy(status => status.Tag); foreach (IGrouping <string, ImageStatus> tagImageStatuses in statusesByTag) { foreach (ImageStatus imageStatus in tagImageStatuses) { stringBuilder.AppendLine( $"Status for tag '{imageStatus.Tag}' with request ID '{imageStatus.OnboardingRequestId}': {imageStatus.OverallStatus}"); switch (imageStatus.OverallStatus) { case StageStatus.Processing: case StageStatus.NotStarted: case StageStatus.Failed: break; case StageStatus.Succeeded: // If we've found at least one successful overall status for the tag, we're done with that tag. digestInfo.RemainingTags.Remove(imageStatus.Tag); break; case StageStatus.NotApplicable: default: throw new NotSupportedException( $"Unexpected image status for digest '{qualifiedDigest}' with tag '{imageStatus.Tag}' and request ID '{imageStatus.OnboardingRequestId}': {imageStatus.OverallStatus}"); } } // If all found statuses for a given tag have failed, we're done with that tag. if (tagImageStatuses.All(status => status.OverallStatus == StageStatus.Failed)) { digestInfo.RemainingTags.Remove(tagImageStatuses.Key); } } _loggerService.WriteMessage(stringBuilder.ToString()); } return(new ImageResultInfo { ImageResult = imageResult, DigestInfo = digestInfo }); }
public DigestInfo Digest(ICollection<Number640> number640Collection) { var digestInfo = new DigestInfo(); foreach (var num640 in number640Collection) { var rangeLock = Lock(num640); try { if (_backend.Contains(num640)) { var data = GetInternal(num640); if (data != null) { digestInfo.Put(num640, data.BasedOnSet); } } } finally { rangeLock.Unlock(); } } return digestInfo; }
public void Load(Stream input, char[] password) { if (input == null) { throw new ArgumentNullException("input"); } Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromStream(input); Pfx pfx = new Pfx(seq); ContentInfo authSafe = pfx.AuthSafe; bool wrongPkcs12Zero = false; if (password != null && pfx.MacData != null) { MacData macData = pfx.MacData; DigestInfo mac = macData.Mac; AlgorithmIdentifier algorithmID = mac.AlgorithmID; byte[] salt = macData.GetSalt(); int intValue = macData.IterationCount.IntValue; byte[] octets = ((Asn1OctetString)authSafe.Content).GetOctets(); byte[] a = Pkcs12Store.CalculatePbeMac(algorithmID.ObjectID, salt, intValue, password, false, octets); byte[] digest = mac.GetDigest(); if (!Arrays.ConstantTimeAreEqual(a, digest)) { if (password.Length > 0) { throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); } a = Pkcs12Store.CalculatePbeMac(algorithmID.ObjectID, salt, intValue, password, true, octets); if (!Arrays.ConstantTimeAreEqual(a, digest)) { throw new IOException("PKCS12 key store MAC invalid - wrong password or corrupted file."); } wrongPkcs12Zero = true; } } this.keys.Clear(); this.localIds.Clear(); this.unmarkedKeyEntry = null; IList list = Platform.CreateArrayList(); if (authSafe.ContentType.Equals(PkcsObjectIdentifiers.Data)) { byte[] octets2 = ((Asn1OctetString)authSafe.Content).GetOctets(); AuthenticatedSafe authenticatedSafe = new AuthenticatedSafe((Asn1Sequence)Asn1Object.FromByteArray(octets2)); ContentInfo[] contentInfo = authenticatedSafe.GetContentInfo(); ContentInfo[] array = contentInfo; for (int i = 0; i < array.Length; i++) { ContentInfo contentInfo2 = array[i]; DerObjectIdentifier contentType = contentInfo2.ContentType; byte[] array2 = null; if (contentType.Equals(PkcsObjectIdentifiers.Data)) { array2 = ((Asn1OctetString)contentInfo2.Content).GetOctets(); } else if (contentType.Equals(PkcsObjectIdentifiers.EncryptedData) && password != null) { EncryptedData instance = EncryptedData.GetInstance(contentInfo2.Content); array2 = Pkcs12Store.CryptPbeData(false, instance.EncryptionAlgorithm, password, wrongPkcs12Zero, instance.Content.GetOctets()); } if (array2 != null) { Asn1Sequence asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(array2); foreach (Asn1Sequence seq2 in asn1Sequence) { SafeBag safeBag = new SafeBag(seq2); if (safeBag.BagID.Equals(PkcsObjectIdentifiers.CertBag)) { list.Add(safeBag); } else if (safeBag.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag)) { this.LoadPkcs8ShroudedKeyBag(EncryptedPrivateKeyInfo.GetInstance(safeBag.BagValue), safeBag.BagAttributes, password, wrongPkcs12Zero); } else if (safeBag.BagID.Equals(PkcsObjectIdentifiers.KeyBag)) { this.LoadKeyBag(PrivateKeyInfo.GetInstance(safeBag.BagValue), safeBag.BagAttributes); } } } } } this.certs.Clear(); this.chainCerts.Clear(); this.keyCerts.Clear(); foreach (SafeBag safeBag2 in list) { CertBag certBag = new CertBag((Asn1Sequence)safeBag2.BagValue); byte[] octets3 = ((Asn1OctetString)certBag.CertValue).GetOctets(); X509Certificate x509Certificate = new X509CertificateParser().ReadCertificate(octets3); IDictionary dictionary = Platform.CreateHashtable(); Asn1OctetString asn1OctetString = null; string text = null; if (safeBag2.BagAttributes != null) { foreach (Asn1Sequence asn1Sequence2 in safeBag2.BagAttributes) { DerObjectIdentifier instance2 = DerObjectIdentifier.GetInstance(asn1Sequence2[0]); Asn1Set instance3 = Asn1Set.GetInstance(asn1Sequence2[1]); if (instance3.Count > 0) { Asn1Encodable asn1Encodable = instance3[0]; if (dictionary.Contains(instance2.Id)) { if (!dictionary[instance2.Id].Equals(asn1Encodable)) { throw new IOException("attempt to add existing attribute with different value"); } } else { dictionary.Add(instance2.Id, asn1Encodable); } if (instance2.Equals(PkcsObjectIdentifiers.Pkcs9AtFriendlyName)) { text = ((DerBmpString)asn1Encodable).GetString(); } else if (instance2.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { asn1OctetString = (Asn1OctetString)asn1Encodable; } } } } Pkcs12Store.CertId certId = new Pkcs12Store.CertId(x509Certificate.GetPublicKey()); X509CertificateEntry value = new X509CertificateEntry(x509Certificate, dictionary); this.chainCerts[certId] = value; if (this.unmarkedKeyEntry != null) { if (this.keyCerts.Count == 0) { string text2 = Hex.ToHexString(certId.Id); this.keyCerts[text2] = value; this.keys[text2] = this.unmarkedKeyEntry; } } else { if (asn1OctetString != null) { string key = Hex.ToHexString(asn1OctetString.GetOctets()); this.keyCerts[key] = value; } if (text != null) { this.certs[text] = value; } } } }