public static Certificate Parse(byte[] certBytes)
{
Certificate certificate = new Certificate();
try
{
X509Certificate2 x509 = new X509Certificate2(certBytes);
certificate.EncodedValue = certBytes;
certificate.IsLoaded = true;
certificate.Version = x509.Version;
certificate.BasicConstraints = retrieveBasicContraints(x509);
certificate.KeyUsage = retrieveKeyUsage(x509);
Validity validity = new Validity();
validity.NotBefore = new DateTimeOffset(x509.NotBefore).ToUnixTimeSeconds();
validity.NotAfter = new DateTimeOffset(x509.NotAfter).ToUnixTimeSeconds();
certificate.Validity = validity;
X509CertificateParser x509CertificateParser = new X509CertificateParser();
X509Certificate bouncyCertificate = x509CertificateParser.ReadCertificate(certBytes);
certificate.SerialNumber = new BigInteger(bouncyCertificate.SerialNumber.ToByteArray());
certificate.TbsCertificate = bouncyCertificate.GetTbsCertificate();
certificate.TBSSignatureAlgorithm =
bouncyCertificate.CertificateStructure.TbsCertificate.Signature.GetEncoded();
certificate.SignatureAlgorithm = bouncyCertificate.CertificateStructure.SignatureAlgorithm.GetEncoded();
string publicKeyAlgNameStr = CipherUtilities.GetAlgorithmName(bouncyCertificate.CertificateStructure
.SubjectPublicKeyInfo.AlgorithmID.Algorithm);
if (publicKeyAlgNameStr == null)
{
publicKeyAlgNameStr = x509.PublicKey.Oid.FriendlyName;
}
certificate.PublicKeyAlgName = StringUtil.StringToByteArray(publicKeyAlgNameStr);
certificate.Signature = bouncyCertificate.GetSignature();
certificate.SubjectPublicKeyInfo =
bouncyCertificate.CertificateStructure.SubjectPublicKeyInfo.GetEncoded();
certificate.SubjectKeyIdentifier = retrieveSubjectKeyIdentifier(bouncyCertificate);
certificate.AuthorityKeyIdentifier = retrieveAuthorityKeyIdentifier(bouncyCertificate);
certificate.ExtendedKeyUsage = retrieveExtendedKeyUsageOIDs(bouncyCertificate);
certificate.Issuer = RetrieveIssuerName(bouncyCertificate);
certificate.Subject = RetrieveSubjectName(bouncyCertificate);
certificate.DNsNames = retrieveDnsNames(bouncyCertificate);
return(certificate);
}
catch (Exception e)
{
Console.WriteLine(e);
return(certificate);
}
}
/// <summary>Return the subject of the given cert as an X509Principal.</summary>
public static X509Name GetSubjectX509Principal(
X509Certificate cert)
{
try
{
TbsCertificateStructure tbsCert = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(cert.GetTbsCertificate()));
return(tbsCert.Subject);
}
catch (Exception e)
{
throw new CertificateEncodingException("Could not extract subject", e);
}
}
/// <summary>Return the subject of the given cert as an X509Principal.</summary>
public static X509Name GetSubjectX509Principal(
X509Certificate cert)
{
try
{
TbsCertificateStructure tbsCert = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(cert.GetTbsCertificate()));
return tbsCert.Subject;
}
catch (Exception e)
{
throw new CertificateEncodingException("Could not extract subject", e);
}
}
public static bool IsSignedBy(this X509Certificate thisCertificate, X509Certificate signerCertificate)
{
X509Certificate2 c = new X509Certificate2(thisCertificate.GetTbsCertificate());
X509Certificate2 i = new X509Certificate2(signerCertificate.GetTbsCertificate());
X509Certificate2 c2 = new X509Certificate2(@"c:\temp\der.cer");
X509Certificate2 i2 = new X509Certificate2(@"c:\temp\cader.cer");
/*byte[] pvSubject = thisCertificate.GetTbsCertificate();
byte[] pvIssuer = signerCertificate.GetTbsCertificate();
*/
System.Text.Encoding.ASCII.GetString(c.RawData);
IntPtr pvSubject = c.Handle;
IntPtr pvIssuer = i.Handle;
int res = SspiProvider.CryptVerifyCertificateSignatureEx(IntPtr.Zero, X509_ASN_ENCODING,
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT, pvSubject,
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, pvIssuer, 0,
IntPtr.Zero);
Marshal.GetLastWin32Error();
CmsSigner signer = new CmsSigner(i);
SignedCms signedMessage = new SignedCms();
// deserialize PKCS #7 byte array
signedMessage.Decode(thisCertificate.GetTbsCertificate());
Log.Write("Veryfy old");
Log.Write("EndVeryfy old");
Log.Write("Get signer's public key");
var publicKey = signerCertificate.GetPublicKey();
Log.Write("Got signer's public key");
try
{
Log.Write("Veryfy signature");
//TODO: log errors
thisCertificate.Verify(publicKey);
Log.Write("Verified");
}
catch (CertificateException)
{
return false;
}
catch (InvalidKeyException)
{
return false;
}
return true;
}
private static void CheckCertificateValidity(X509Certificate cert)
{
cert.CheckValidity();
var caCert = (X509Certificate)RootCertificates.GetRootCertGOST();
var gst = new Gost3410DigestSigner(new ECGost3410Signer(), new Gost3411_2012_256Digest());
gst.Init(false, caCert.GetPublicKey());
var tbsCertificate = cert.GetTbsCertificate();
gst.BlockUpdate(tbsCertificate, 0, tbsCertificate.Length);
var t = gst.VerifySignature(cert.GetSignature());
if (!t)
{
throw new CryptographicException("Cannot verify signature");
}
}
/**
* Get the subject fields from an X509 Certificate
* @param cert an X509Certificate
* @return an X509Name
*/
public static X509Name GetSubjectFields(X509Certificate cert) {
return new X509Name((Asn1Sequence)GetSubject(cert.GetTbsCertificate()));
}
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) {
Asn1InputStream asn1inputstream =
new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate()));
TbsCertificateStructure tbscertificatestructure =
TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject());
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID;
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerandserialnumber =
new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(
tbscertificatestructure.Issuer,
tbscertificatestructure.SerialNumber.Value);
IBufferedCipher cipher = CipherUtilities.GetCipher(algorithmidentifier.ObjectID);
cipher.Init(true, x509certificate.GetPublicKey());
byte[] outp = new byte[10000];
int len = cipher.DoFinal(abyte0, outp, 0);
byte[] abyte1 = new byte[len];
System.Array.Copy(outp, 0, abyte1, 0, len);
DerOctetString deroctetstring = new DerOctetString(abyte1);
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return new KeyTransRecipientInfo( recipId, algorithmidentifier, deroctetstring);
}
internal static TbsCertificateStructure GetTbsCertificateStructure(X509Certificate cert)
{
return TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetTbsCertificate()));
}
internal RecipientInf(
X509Certificate cert)
{
this.cert = cert;
this.pubKey = cert.GetPublicKey();
try
{
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(cert.GetTbsCertificate()));
keyEncAlg = tbs.SubjectPublicKeyInfo.AlgorithmID;
}
// catch (IOException e)
catch (Exception)
{
throw new ArgumentException("can't extract key algorithm from this cert");
}
// catch (CertificateEncodingException)
// {
// throw new ArgumentException("can't extract tbs structure from this cert");
// }
}
public static X509Name GetIssuerX509Principal(X509Certificate cert)
{
try
{
TbsCertificateStructure instance = TbsCertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetTbsCertificate()));
return(instance.Issuer);
}
catch (global::System.Exception e)
{
throw new CertificateEncodingException("Could not extract issuer", e);
}
}
