| static private DecodeX509SubjectKeyIdentifierExtension ( byte encoded ) : byte[] | ||
| encoded | byte | |
| return | byte[] | |
public void FindBySubjectKeyIdentifier(byte[] keyIdentifier)
{
FindCore(
cert =>
{
X509Extension ext = FindExtension(cert, Oids.SubjectKeyIdentifier);
if (ext == null)
{
return(false);
}
// The extension exposes the value as a hexadecimal string, or we can decode here.
// Enough parsing has gone on, let's decode.
byte[] certKeyId = OpenSslX509Encoder.DecodeX509SubjectKeyIdentifierExtension(ext.RawData);
return(keyIdentifier.ContentsEqual(certKeyId));
});
}
public void FindBySubjectKeyIdentifier(byte[] keyIdentifier)
{
FindCore(
cert =>
{
X509Extension ext = FindExtension(cert, Oids.SubjectKeyIdentifier);
byte[] certKeyId;
if (ext != null)
{
// The extension exposes the value as a hexadecimal string, or we can decode here.
// Enough parsing has gone on, let's decode.
certKeyId = OpenSslX509Encoder.DecodeX509SubjectKeyIdentifierExtension(ext.RawData);
}
else
{
// The Desktop/Windows version of this method use CertGetCertificateContextProperty
// with a property ID of CERT_KEY_IDENTIFIER_PROP_ID.
//
// MSDN says that when there's no extension, this method takes the SHA-1 of the
// SubjectPublicKeyInfo block, and returns that.
//
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa376079%28v=vs.85%29.aspx
OpenSslX509CertificateReader certPal = (OpenSslX509CertificateReader)cert.Pal;
using (HashAlgorithm hash = SHA1.Create())
{
byte[] publicKeyInfoBytes = Interop.Crypto.OpenSslEncode(
Interop.Crypto.GetX509SubjectPublicKeyInfoDerSize,
Interop.Crypto.EncodeX509SubjectPublicKeyInfo,
certPal.SafeHandle);
certKeyId = hash.ComputeHash(publicKeyInfoBytes);
}
}
return(keyIdentifier.ContentsEqual(certKeyId));
});
}