protected override void Decode() { ASN1 aSN = new ASN1(extnValue.Value); if (aSN.Tag != 48) { throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } for (int i = 0; i < aSN.Count; i++) { switch (aSN[i].Tag) { case 128: notBefore = ASN1Convert.ToDateTime(aSN[i]); break; case 129: notAfter = ASN1Convert.ToDateTime(aSN[i]); break; default: throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } } }
protected override void Decode() { ASN1 asn = new ASN1(this.extnValue.Value); if (asn.Tag != 48) { throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } for (int i = 0; i < asn.Count; i++) { byte tag = asn[i].Tag; if (tag != 128) { if (tag != 129) { throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } this.notAfter = ASN1Convert.ToDateTime(asn[i]); } else { this.notBefore = ASN1Convert.ToDateTime(asn[i]); } } }
protected override void Decode() { ASN1 sequence = new ASN1(extnValue.Value); if (sequence.Tag != 0x30) { throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } for (int i = 0; i < sequence.Count; i++) { switch (sequence [i].Tag) { case 0x80: notBefore = ASN1Convert.ToDateTime(sequence [i]); break; case 0x81: notAfter = ASN1Convert.ToDateTime(sequence [i]); break; default: throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } } }
internal X509CrlEntry(ASN1 entry) { sn = entry[0].Value; Array.Reverse(sn); revocationDate = ASN1Convert.ToDateTime(entry[1]); extensions = new X509ExtensionCollection(entry[2]); }
protected override void Decode() { ASN1 asN1 = new ASN1(this.extnValue.Value); if (asN1.Tag != (byte)48) { throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } for (int index = 0; index < asN1.Count; ++index) { switch (asN1[index].Tag) { case 128: this.notBefore = ASN1Convert.ToDateTime(asN1[index]); break; case 129: this.notAfter = ASN1Convert.ToDateTime(asN1[index]); break; default: throw new ArgumentException("Invalid PrivateKeyUsagePeriod extension"); } } }
protected override void Decode() { ASN1 asn = new ASN1(this.extnValue.Value); if (asn.Tag != 48) { throw new ArgumentException("Invalid KeyAttributesExtension extension"); } int num = 0; if (num < asn.Count) { ASN1 asn2 = asn[num]; if (asn2.Tag == 4) { num++; this.keyId = asn2.Value; } } if (num < asn.Count) { ASN1 asn3 = asn[num]; if (asn3.Tag == 3) { num++; int i = 1; while (i < asn3.Value.Length) { this.kubits = (this.kubits << 8) + (int)asn3.Value[i++]; } } } if (num < asn.Count) { ASN1 asn4 = asn[num]; if (asn4.Tag == 48) { int num2 = 0; if (num2 < asn4.Count) { ASN1 asn5 = asn4[num2]; if (asn5.Tag == 129) { num2++; this.notBefore = ASN1Convert.ToDateTime(asn5); } } if (num2 < asn4.Count) { ASN1 asn6 = asn4[num2]; if (asn6.Tag == 130) { this.notAfter = ASN1Convert.ToDateTime(asn6); } } } } }
public void ConvertDateTimeInvalidButExistingFormat() { string nosecs = "9912312359Z"; ASN1 dt = new ASN1(0x18, Encoding.ASCII.GetBytes(nosecs)); DateTime actual = ASN1Convert.ToDateTime(dt); Assert.AreEqual(DateTimeKind.Utc, actual.Kind, "Kind"); Assert.AreEqual(nosecs, actual.ToUniversalTime().ToString("yyMMddHHmm") + "Z", "DateTime"); }
public void ConvertDateTimeAfter2050() { DateTime expected = DateTime.Now.AddYears(50); ASN1 dt = ASN1Convert.FromDateTime(expected); Assert.AreEqual(0x18, dt.Tag, "GENERALIZEDTIME"); DateTime actual = ASN1Convert.ToDateTime(dt); Assert.AreEqual(DateTimeKind.Utc, actual.Kind, "Kind"); AssertDate(expected, actual.ToLocalTime(), "DateTime"); }
public void ConvertDateTimeAfter2000() { DateTime expected = DateTime.Now; ASN1 dt = ASN1Convert.FromDateTime(expected); Assert.AreEqual(0x17, dt.Tag, "UTCTIME"); DateTime actual = ASN1Convert.ToDateTime(dt); Assert.AreEqual(DateTimeKind.Utc, actual.Kind, "Kind"); AssertDate(expected, actual.ToLocalTime(), "DateTime"); }
public void ConvertDateTimeBefore2000() { DateTime expected = DateTime.Now.AddYears(-50); ASN1 dt = ASN1Convert.FromDateTime(expected); Assert.AreEqual(0x17, dt.Tag, "UTCTIME"); DateTime actual = ASN1Convert.ToDateTime(dt); #if NET_2_0 Assert.AreEqual(DateTimeKind.Utc, actual.Kind, "Kind"); #endif AssertDate(expected, actual, "DateTime"); }
protected override void Decode() { ASN1 asN1_1 = new ASN1(this.extnValue.Value); if (asN1_1.Tag != (byte)48) { throw new ArgumentException("Invalid KeyAttributesExtension extension"); } int index1 = 0; if (index1 < asN1_1.Count) { ASN1 asN1_2 = asN1_1[index1]; if (asN1_2.Tag == (byte)4) { ++index1; this.keyId = asN1_2.Value; } } if (index1 < asN1_1.Count) { ASN1 asN1_2 = asN1_1[index1]; if (asN1_2.Tag == (byte)3) { ++index1; int num = 1; while (num < asN1_2.Value.Length) { this.kubits = (this.kubits << 8) + (int)asN1_2.Value[num++]; } } } if (index1 >= asN1_1.Count) { return; } ASN1 asN1_3 = asN1_1[index1]; if (asN1_3.Tag != (byte)48) { return; } int index2 = 0; if (index2 < asN1_3.Count) { ASN1 time = asN1_3[index2]; if (time.Tag == (byte)129) { ++index2; this.notBefore = ASN1Convert.ToDateTime(time); } } if (index2 >= asN1_3.Count) { return; } ASN1 time1 = asN1_3[index2]; if (time1.Tag != (byte)130) { return; } this.notAfter = ASN1Convert.ToDateTime(time1); }
private void Parse(byte[] data) { try { decoder = new ASN1(data); if (decoder.Tag != 48) { throw new CryptographicException(encoding_error); } if (decoder[0].Tag != 48) { throw new CryptographicException(encoding_error); } ASN1 aSN = decoder[0]; int num = 0; ASN1 aSN2 = decoder[0][num]; version = 1; if (aSN2.Tag == 160 && aSN2.Count > 0) { version += aSN2[0].Value[0]; num++; } ASN1 aSN3 = decoder[0][num++]; if (aSN3.Tag != 2) { throw new CryptographicException(encoding_error); } serialnumber = aSN3.Value; Array.Reverse(serialnumber, 0, serialnumber.Length); num++; issuer = aSN.Element(num++, 48); m_issuername = X501.ToString(issuer); ASN1 aSN4 = aSN.Element(num++, 48); ASN1 time = aSN4[0]; m_from = ASN1Convert.ToDateTime(time); ASN1 time2 = aSN4[1]; m_until = ASN1Convert.ToDateTime(time2); subject = aSN.Element(num++, 48); m_subject = X501.ToString(subject); ASN1 aSN5 = aSN.Element(num++, 48); ASN1 aSN6 = aSN5.Element(0, 48); ASN1 asn = aSN6.Element(0, 6); m_keyalgo = ASN1Convert.ToOid(asn); ASN1 aSN7 = aSN6[1]; m_keyalgoparams = ((aSN6.Count <= 1) ? null : aSN7.GetBytes()); ASN1 aSN8 = aSN5.Element(1, 3); int num7 = aSN8.Length - 1; m_publickey = new byte[num7]; Buffer.BlockCopy(aSN8.Value, 1, m_publickey, 0, num7); byte[] value = decoder[2].Value; signature = new byte[value.Length - 1]; Buffer.BlockCopy(value, 1, signature, 0, signature.Length); aSN6 = decoder[1]; asn = aSN6.Element(0, 6); m_signaturealgo = ASN1Convert.ToOid(asn); aSN7 = aSN6[1]; if (aSN7 != null) { m_signaturealgoparams = aSN7.GetBytes(); } else { m_signaturealgoparams = null; } ASN1 aSN9 = aSN.Element(num, 129); if (aSN9 != null) { num++; issuerUniqueID = aSN9.Value; } ASN1 aSN10 = aSN.Element(num, 130); if (aSN10 != null) { num++; subjectUniqueID = aSN10.Value; } ASN1 aSN11 = aSN.Element(num, 163); if (aSN11 != null && aSN11.Count == 1) { extensions = new X509ExtensionCollection(aSN11[0]); } else { extensions = new X509ExtensionCollection(null); } m_encodedcert = (byte[])data.Clone(); } catch (Exception inner) { throw new CryptographicException(encoding_error, inner); IL_035f :; } }
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature) { // SEQUENCE { // INTEGER 1 if (cs.Version != 1) { return(false); } // SEQUENCE { // SEQUENCE { string contentType = null; ASN1 messageDigest = null; for (int i = 0; i < cs.AuthenticatedAttributes.Count; i++) { // SEQUENCE { // OBJECT IDENTIFIER ASN1 attr = (ASN1)cs.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid(attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid(attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.2.840.113549.1.9.5": // SEQUENCE { // OBJECT IDENTIFIER // signingTime (1 2 840 113549 1 9 5) // SET { // UTCTime '030124013651Z' // } // } timestamp = ASN1Convert.ToDateTime(attr[1][0]); break; default: break; } } if (contentType != PKCS7.Oid.data) { return(false); } // verify message digest if (messageDigest == null) { return(false); } // TODO: must be read from the ASN.1 structure string hashName = null; switch (messageDigest.Length) { case 16: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm ha = HashAlgorithm.Create(hashName); if (!messageDigest.CompareValue(ha.ComputeHash(signature))) { return(false); } // verify signature byte[] counterSignature = cs.Signature; string hashOID = CryptoConfig.MapNameToOID(hashName); // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1(0x31); foreach (ASN1 a in cs.AuthenticatedAttributes) { aa.Add(a); } byte[] p7hash = ha.ComputeHash(aa.GetBytes()); // we need to try all certificates string issuer = cs.IssuerName; byte[] serial = cs.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial(issuer, serial, x509)) { // don't verify if key size don't match if (x509.PublicKey.Length > (counterSignature.Length >> 3)) { RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.RSA; if (rsa.VerifyHash(p7hash, hashOID, counterSignature)) { timestampChain.LoadCertificates(coll); return(timestampChain.Build(x509)); } } } } // no certificate can verify this signature! return(false); }
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature) { if (cs.Version == 1) { string str = null; ASN1 asn = null; for (int i = 0; i < cs.AuthenticatedAttributes.Count; i++) { ASN1 asn2 = (ASN1)cs.AuthenticatedAttributes[i]; string key = ASN1Convert.ToOid(asn2[0]); if (key != null) { if (__f__switch_map3 == null) { Dictionary <string, int> dictionary = new Dictionary <string, int>(3) { { "1.2.840.113549.1.9.3", 0 }, { "1.2.840.113549.1.9.4", 1 }, { "1.2.840.113549.1.9.5", 2 } }; __f__switch_map3 = dictionary; } if (__f__switch_map3.TryGetValue(key, out int num2)) { switch (num2) { case 0: str = ASN1Convert.ToOid(asn2[1][0]); break; case 1: asn = asn2[1][0]; break; case 2: this.timestamp = ASN1Convert.ToDateTime(asn2[1][0]); break; } } } } if (str != "1.2.840.113549.1.7.1") { return(false); } if (asn == null) { return(false); } string hashName = null; switch (asn.Length) { case 0x10: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm hash = HashAlgorithm.Create(hashName); if (asn.CompareValue(hash.ComputeHash(signature))) { byte[] buffer = cs.Signature; ASN1 asn3 = new ASN1(0x31); IEnumerator enumerator = cs.AuthenticatedAttributes.GetEnumerator(); try { while (enumerator.MoveNext()) { ASN1 current = (ASN1)enumerator.Current; asn3.Add(current); } } finally { if (enumerator is IDisposable disposable) { disposable.Dispose(); } } byte[] hashValue = hash.ComputeHash(asn3.GetBytes()); string issuerName = cs.IssuerName; byte[] serialNumber = cs.SerialNumber; X509CertificateCollection.X509CertificateEnumerator enumerator2 = this.coll.GetEnumerator(); try { while (enumerator2.MoveNext()) { X509Certificate current = enumerator2.Current; if (this.CompareIssuerSerial(issuerName, serialNumber, current) && (current.PublicKey.Length > buffer.Length)) { RSACryptoServiceProvider rSA = (RSACryptoServiceProvider)current.RSA; RSAManaged rsa = new RSAManaged(); rsa.ImportParameters(rSA.ExportParameters(false)); if (PKCS1.Verify_v15(rsa, hash, hashValue, buffer, true)) { this.timestampChain.LoadCertificates(this.coll); return(this.timestampChain.Build(current)); } } } } finally { if (enumerator2 is IDisposable disposable2) { disposable2.Dispose(); } } } } return(false); }
static int Main(string[] args) { if (args.Length == 0) { Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile"); return(0); } OTFile f = new OTFile(); Table_DSIG tDSIG = null; string filename = null; verbose = 0; for (int i = 0; i < args.Length; i++) { if ("-v" == args[i]) { verbose++; } else { filename = args[i]; } } if (!f.open(filename)) { Console.WriteLine("Error: Cannot open {0} as font file", filename); return(0); } TTCHeader ttc = null; if (f.IsCollection()) { ttc = f.GetTTCHeader(); if (f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG") { MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength); tDSIG = (Table_DSIG)f.GetTableManager().CreateTableObject(ttc.DsigTag, buf); } for (uint i = 0; i < f.GetNumFonts(); i++) { OTFont fn = f.GetFont(i); Table_DSIG memDSIG = (Table_DSIG)fn.GetTable("DSIG"); if (memDSIG != null) { Console.WriteLine("Warning: DSIG in member font"); break; } } } else { OTFont fn = f.GetFont(0); tDSIG = (Table_DSIG)fn.GetTable("DSIG"); } Console.WriteLine("{0} DSIG table: {1}", filename, (tDSIG == null) ? "Absent" : "Present"); if (tDSIG == null) { return(0); } if (f.IsCollection() && ttc.version != 0x00020000) { Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8")); } if (tDSIG.usNumSigs != 1) { Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs); } for (uint v = 0; v < tDSIG.usNumSigs; v++) { Table_DSIG.SignatureBlock sgb; try { sgb = tDSIG.GetSignatureBlock(v); } catch (IndexOutOfRangeException) { Console.WriteLine("Error: Out of Range SignatureBlock {0}", v); break; } SignedCms cms = new SignedCms(); try { cms.Decode(sgb.bSignature); } catch (Exception e) { if (e is NullReferenceException || /* Mono */ e is CryptographicException /* .Net2 */) { Console.WriteLine("Error: Malformed Signature"); break; } Console.WriteLine("Error: Malformed Signature (Unexpected Case 1)"); throw; } if (cms.SignerInfos.Count > 1) { Console.WriteLine("#SignerInfos: {0}", cms.SignerInfos.Count); } foreach (var si in cms.SignerInfos) { Console.WriteLine(si.Certificate); if (Type.GetType("Mono.Runtime") == null) { foreach (var ua in si.UnsignedAttributes) { foreach (var asnd in ua.Values) { try { ASN1 vv = new ASN1(asnd.RawData); ASN1 t = new ASN1(vv[3][1][1].Value); Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime(t)); } catch (Exception) { /* Nothing to do */ } } } } } Console.WriteLine("#Certificates: {0}", cms.Certificates.Count); #if HAVE_MONO_X509 certs = new Mono.Security.X509.X509CertificateCollection(); //Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain (); #endif foreach (var x509 in cms.Certificates) { #if HAVE_MONO_X509 certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData)); #endif if (verbose > 0) { Console.WriteLine(x509); } else { Console.WriteLine(x509.Subject); } } ; #if HAVE_MONO_X509 Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData); Mono.Security.X509.X509Certificate parent = x; while (x != null) // Self-signed is fine - the font bundled CA is self-signed. { parent = x; // last valid x = FindCertificateParent(x); if (x != null && x.Equals(parent)) { break; } } #endif // Windows 10/.net 4.6.x throws here ASN1 spc; try { spc = new ASN1(cms.ContentInfo.Content); } catch (Exception e) { if (e is IndexOutOfRangeException) { Console.WriteLine("Error: Malformed Signature (Win10/.net 4.6.x)"); break; } Console.WriteLine("Error: Malformed Signature (Unexpected Case 2)"); throw; } ASN1 playload_oid = null; ASN1 oid = null; ASN1 digest = null; ASN1 obsolete = null; if (Type.GetType("Mono.Runtime") == null) { // DotNet is much saner! playload_oid = spc[0][0]; obsolete = spc[0][1][0]; oid = spc[1][0][0]; digest = spc[1][1]; } else { playload_oid = spc[0]; obsolete = spc[1][0]; oid = spc[2][0][0]; digest = spc[2][1]; } string algo = ASN1Convert.ToOid(oid); string algoname = (new Oid(algo)).FriendlyName; Console.WriteLine("Digest Algorithm: {0}", algoname); byte[] Value = digest.Value; StringBuilder hexLine_sig = new StringBuilder(); for (int i = 0; i < Value.Length; i++) { hexLine_sig.AppendFormat("{0} ", Value [i].ToString("X2")); } hexLine_sig.AppendFormat(Environment.NewLine); switch (algoname) { case "md5": hash = HashAlgorithm.Create("MD5"); break; case "sha1": hash = HashAlgorithm.Create("SHA1"); break; default: throw new NotImplementedException("Unknown HashAlgorithm: " + algoname); } byte[] cdigest; if (f.IsCollection()) { cdigest = get_TTC_digest(f); } else { cdigest = get_TTF_digest(f); } StringBuilder hexLine = new StringBuilder(); for (int i = 0; i < cdigest.Length; i++) { hexLine.AppendFormat("{0} ", cdigest [i].ToString("X2")); } hexLine.AppendFormat(Environment.NewLine); Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig); Console.WriteLine("Calculated Digest:\t{0}", hexLine); string root_thumb = ""; #if HAVE_MONO_X509 root_thumb = (new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint; Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName); Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned); #endif Console.WriteLine("ChainEnd: {0}", root_thumb); bool trusted = false; try { string root_id = trusted_roots[root_thumb]; Console.WriteLine("RootID: {0}", root_id); trusted = true; } catch (KeyNotFoundException) {} Console.WriteLine("Trusted: {0}", trusted); } return(0); }
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature) { if (cs.Version != 1) { return(false); } string a = null; ASN1 aSN = null; for (int i = 0; i < cs.AuthenticatedAttributes.Count; i++) { ASN1 aSN2 = (ASN1)cs.AuthenticatedAttributes[i]; switch (ASN1Convert.ToOid(aSN2[0])) { case "1.2.840.113549.1.9.3": a = ASN1Convert.ToOid(aSN2[1][0]); break; case "1.2.840.113549.1.9.4": aSN = aSN2[1][0]; break; case "1.2.840.113549.1.9.5": timestamp = ASN1Convert.ToDateTime(aSN2[1][0]); break; } } if (a != "1.2.840.113549.1.7.1") { return(false); } if (aSN == null) { return(false); } string hashName = null; switch (aSN.Length) { case 16: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm hashAlgorithm = HashAlgorithm.Create(hashName); if (!aSN.CompareValue(hashAlgorithm.ComputeHash(signature))) { return(false); } byte[] signature2 = cs.Signature; ASN1 aSN3 = new ASN1(49); foreach (ASN1 authenticatedAttribute in cs.AuthenticatedAttributes) { aSN3.Add(authenticatedAttribute); } byte[] hashValue = hashAlgorithm.ComputeHash(aSN3.GetBytes()); string issuerName = cs.IssuerName; byte[] serialNumber = cs.SerialNumber; foreach (X509Certificate item in coll) { if (CompareIssuerSerial(issuerName, serialNumber, item) && item.PublicKey.Length > signature2.Length) { RSACryptoServiceProvider rSACryptoServiceProvider = (RSACryptoServiceProvider)item.RSA; RSAManaged rSAManaged = new RSAManaged(); rSAManaged.ImportParameters(rSACryptoServiceProvider.ExportParameters(includePrivateParameters: false)); if (PKCS1.Verify_v15(rSAManaged, hashAlgorithm, hashValue, signature2, tryNonStandardEncoding: true)) { timestampChain.LoadCertificates(coll); return(timestampChain.Build(item)); } } } return(false); }
public void ConvertToDate_Null() { ASN1Convert.ToDateTime(null); }
private bool VerifyCounterSignature(PKCS7.SignerInfo cs, byte[] signature) { if (cs.Version != 1) { return(false); } string a = null; ASN1 asn = null; int i = 0; while (i < cs.AuthenticatedAttributes.Count) { ASN1 asn2 = (ASN1)cs.AuthenticatedAttributes[i]; string text = ASN1Convert.ToOid(asn2[0]); string text2 = text; switch (text2) { case "1.2.840.113549.1.9.3": a = ASN1Convert.ToOid(asn2[1][0]); break; case "1.2.840.113549.1.9.4": asn = asn2[1][0]; break; case "1.2.840.113549.1.9.5": this.timestamp = ASN1Convert.ToDateTime(asn2[1][0]); break; } IL_FC: i++; continue; goto IL_FC; } if (a != "1.2.840.113549.1.7.1") { return(false); } if (asn == null) { return(false); } string hashName = null; int length = asn.Length; if (length != 16) { if (length == 20) { hashName = "SHA1"; } } else { hashName = "MD5"; } HashAlgorithm hashAlgorithm = HashAlgorithm.Create(hashName); if (!asn.CompareValue(hashAlgorithm.ComputeHash(signature))) { return(false); } byte[] signature2 = cs.Signature; ASN1 asn3 = new ASN1(49); foreach (object obj in cs.AuthenticatedAttributes) { ASN1 asn4 = (ASN1)obj; asn3.Add(asn4); } byte[] hashValue = hashAlgorithm.ComputeHash(asn3.GetBytes()); string issuerName = cs.IssuerName; byte[] serialNumber = cs.SerialNumber; foreach (X509Certificate x509Certificate in this.coll) { if (this.CompareIssuerSerial(issuerName, serialNumber, x509Certificate) && x509Certificate.PublicKey.Length > signature2.Length) { RSACryptoServiceProvider rsacryptoServiceProvider = (RSACryptoServiceProvider)x509Certificate.RSA; RSAManaged rsamanaged = new RSAManaged(); rsamanaged.ImportParameters(rsacryptoServiceProvider.ExportParameters(false)); if (PKCS1.Verify_v15(rsamanaged, hashAlgorithm, hashValue, signature2, true)) { this.timestampChain.LoadCertificates(this.coll); return(this.timestampChain.Build(x509Certificate)); } } } return(false); }
private void Parse(byte[] crl) { string e = "Input data cannot be coded as a valid CRL."; try { // CertificateList ::= SEQUENCE { ASN1 encodedCRL = new ASN1(encoded); if ((encodedCRL.Tag != 0x30) || (encodedCRL.Count != 3)) { throw new CryptographicException(e); } // CertificateList / TBSCertList, ASN1 toBeSigned = encodedCRL [0]; if ((toBeSigned.Tag != 0x30) || (toBeSigned.Count < 3)) { throw new CryptographicException(e); } int n = 0; // CertificateList / TBSCertList / Version OPTIONAL, -- if present, MUST be v2 if (toBeSigned [n].Tag == 0x02) { version = (byte)(toBeSigned [n++].Value [0] + 1); } else { version = 1; // DEFAULT } // CertificateList / TBSCertList / AlgorithmIdentifier, signatureOID = ASN1Convert.ToOid(toBeSigned [n++][0]); // CertificateList / TBSCertList / Name, issuer = X501.ToString(toBeSigned [n++]); // CertificateList / TBSCertList / Time, thisUpdate = ASN1Convert.ToDateTime(toBeSigned [n++]); // CertificateList / TBSCertList / Time OPTIONAL, ASN1 next = toBeSigned [n++]; if ((next.Tag == 0x17) || (next.Tag == 0x18)) { nextUpdate = ASN1Convert.ToDateTime(next); next = toBeSigned [n++]; } // CertificateList / TBSCertList / revokedCertificates SEQUENCE OF SEQUENCE { entries = new ArrayList(); // this is OPTIONAL so it may not be present if no entries exists if ((next != null) && (next.Tag == 0x30)) { ASN1 revokedCertificates = next; for (int i = 0; i < revokedCertificates.Count; i++) { entries.Add(new X509CrlEntry(revokedCertificates [i])); } } else { n--; } // CertificateList / TBSCertList / crlExtensions [0] Extensions OPTIONAL } ASN1 extns = toBeSigned [n]; if ((extns != null) && (extns.Tag == 0xA0) && (extns.Count == 1)) { extensions = new X509ExtensionCollection(extns [0]); } else { extensions = new X509ExtensionCollection(null); // result in a read only object } // CertificateList / AlgorithmIdentifier string signatureAlgorithm = ASN1Convert.ToOid(encodedCRL [1][0]); if (signatureOID != signatureAlgorithm) { throw new CryptographicException(e + " [Non-matching signature algorithms in CRL]"); } // CertificateList / BIT STRING byte[] bitstring = encodedCRL [2].Value; // first byte contains unused bits in first byte signature = new byte [bitstring.Length - 1]; Buffer.BlockCopy(bitstring, 1, signature, 0, signature.Length); } catch { throw new CryptographicException(e); } }
private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature) { // SEQUENCE { // INTEGER 1 if (cs.Version != 1) return false; // SEQUENCE { // SEQUENCE { string contentType = null; ASN1 messageDigest = null; for (int i=0; i < cs.AuthenticatedAttributes.Count; i++) { // SEQUENCE { // OBJECT IDENTIFIER ASN1 attr = (ASN1) cs.AuthenticatedAttributes [i]; string oid = ASN1Convert.ToOid (attr[0]); switch (oid) { case "1.2.840.113549.1.9.3": // contentType contentType = ASN1Convert.ToOid (attr[1][0]); break; case "1.2.840.113549.1.9.4": // messageDigest messageDigest = attr[1][0]; break; case "1.2.840.113549.1.9.5": // SEQUENCE { // OBJECT IDENTIFIER // signingTime (1 2 840 113549 1 9 5) // SET { // UTCTime '030124013651Z' // } // } timestamp = ASN1Convert.ToDateTime (attr[1][0]); break; default: break; } } if (contentType != PKCS7.Oid.data) return false; // verify message digest if (messageDigest == null) return false; // TODO: must be read from the ASN.1 structure string hashName = null; switch (messageDigest.Length) { case 16: hashName = "MD5"; break; case 20: hashName = "SHA1"; break; } HashAlgorithm ha = HashAlgorithm.Create (hashName); if (!messageDigest.CompareValue (ha.ComputeHash (signature))) return false; // verify signature byte[] counterSignature = cs.Signature; // change to SET OF (not [0]) as per PKCS #7 1.5 ASN1 aa = new ASN1 (0x31); foreach (ASN1 a in cs.AuthenticatedAttributes) aa.Add (a); byte[] p7hash = ha.ComputeHash (aa.GetBytes ()); // we need to try all certificates string issuer = cs.IssuerName; byte[] serial = cs.SerialNumber; foreach (X509Certificate x509 in coll) { if (CompareIssuerSerial (issuer, serial, x509)) { if (x509.PublicKey.Length > counterSignature.Length) { RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA; // we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service // and this means copying stuff into our own RSAManaged to get the required flexibility RSAManaged rsam = new RSAManaged (); rsam.ImportParameters (rsa.ExportParameters (false)); if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true)) { timestampChain.LoadCertificates (coll); return (timestampChain.Build (x509)); } } } } // no certificate can verify this signature! return false; }
private void Parse(byte[] data) { try { this.decoder = new ASN1(data); if (this.decoder.Tag != 48) { throw new CryptographicException(X509Certificate.encoding_error); } if (this.decoder[0].Tag != 48) { throw new CryptographicException(X509Certificate.encoding_error); } ASN1 asn = this.decoder[0]; int num = 0; ASN1 asn2 = this.decoder[0][num]; this.version = 1; if (asn2.Tag == 160 && asn2.Count > 0) { this.version += (int)asn2[0].Value[0]; num++; } ASN1 asn3 = this.decoder[0][num++]; if (asn3.Tag != 2) { throw new CryptographicException(X509Certificate.encoding_error); } this.serialnumber = asn3.Value; Array.Reverse(this.serialnumber, 0, this.serialnumber.Length); num++; this.issuer = asn.Element(num++, 48); this.m_issuername = X501.ToString(this.issuer); ASN1 asn4 = asn.Element(num++, 48); ASN1 time = asn4[0]; this.m_from = ASN1Convert.ToDateTime(time); ASN1 time2 = asn4[1]; this.m_until = ASN1Convert.ToDateTime(time2); this.subject = asn.Element(num++, 48); this.m_subject = X501.ToString(this.subject); ASN1 asn5 = asn.Element(num++, 48); ASN1 asn6 = asn5.Element(0, 48); ASN1 asn7 = asn6.Element(0, 6); this.m_keyalgo = ASN1Convert.ToOid(asn7); ASN1 asn8 = asn6[1]; this.m_keyalgoparams = ((asn6.Count <= 1) ? null : asn8.GetBytes()); ASN1 asn9 = asn5.Element(1, 3); int num2 = asn9.Length - 1; this.m_publickey = new byte[num2]; Buffer.BlockCopy(asn9.Value, 1, this.m_publickey, 0, num2); byte[] value = this.decoder[2].Value; this.signature = new byte[value.Length - 1]; Buffer.BlockCopy(value, 1, this.signature, 0, this.signature.Length); asn6 = this.decoder[1]; asn7 = asn6.Element(0, 6); this.m_signaturealgo = ASN1Convert.ToOid(asn7); asn8 = asn6[1]; if (asn8 != null) { this.m_signaturealgoparams = asn8.GetBytes(); } else { this.m_signaturealgoparams = null; } ASN1 asn10 = asn.Element(num, 129); if (asn10 != null) { num++; this.issuerUniqueID = asn10.Value; } ASN1 asn11 = asn.Element(num, 130); if (asn11 != null) { num++; this.subjectUniqueID = asn11.Value; } ASN1 asn12 = asn.Element(num, 163); if (asn12 != null && asn12.Count == 1) { this.extensions = new X509ExtensionCollection(asn12[0]); } else { this.extensions = new X509ExtensionCollection(null); } this.m_encodedcert = (byte[])data.Clone(); } catch (Exception inner) { throw new CryptographicException(X509Certificate.encoding_error, inner); } }
private void Parse(byte[] crl) { string message = "Input data cannot be coded as a valid CRL."; try { ASN1 asn = new ASN1(this.encoded); if ((asn.Tag != 0x30) || (asn.Count != 3)) { throw new CryptographicException(message); } ASN1 asn2 = asn[0]; if ((asn2.Tag != 0x30) || (asn2.Count < 3)) { throw new CryptographicException(message); } int num = 0; if (asn2[num].Tag == 2) { this.version = (byte)(asn2[num++].Value[0] + 1); } else { this.version = 1; } this.signatureOID = ASN1Convert.ToOid(asn2[num++][0]); this.issuer = X501.ToString(asn2[num++]); this.thisUpdate = ASN1Convert.ToDateTime(asn2[num++]); ASN1 time = asn2[num++]; if ((time.Tag == 0x17) || (time.Tag == 0x18)) { this.nextUpdate = ASN1Convert.ToDateTime(time); time = asn2[num++]; } this.entries = new ArrayList(); if ((time != null) && (time.Tag == 0x30)) { ASN1 asn4 = time; for (int i = 0; i < asn4.Count; i++) { this.entries.Add(new X509CrlEntry(asn4[i])); } } else { num--; } ASN1 asn5 = asn2[num]; if (((asn5 != null) && (asn5.Tag == 160)) && (asn5.Count == 1)) { this.extensions = new X509ExtensionCollection(asn5[0]); } else { this.extensions = new X509ExtensionCollection(null); } string str2 = ASN1Convert.ToOid(asn[1][0]); if (this.signatureOID != str2) { throw new CryptographicException(message + " [Non-matching signature algorithms in CRL]"); } byte[] src = asn[2].Value; this.signature = new byte[src.Length - 1]; Buffer.BlockCopy(src, 1, this.signature, 0, this.signature.Length); } catch { throw new CryptographicException(message); } }
// that's were the real job is! private void Parse(byte[] data) { try { decoder = new ASN1(data); // Certificate if (decoder.Tag != 0x30) { throw new CryptographicException(encoding_error); } // Certificate / TBSCertificate if (decoder [0].Tag != 0x30) { throw new CryptographicException(encoding_error); } ASN1 tbsCertificate = decoder [0]; int tbs = 0; // Certificate / TBSCertificate / Version ASN1 v = decoder [0][tbs]; version = 1; // DEFAULT v1 if ((v.Tag == 0xA0) && (v.Count > 0)) { // version (optional) is present only in v2+ certs version += v [0].Value [0]; // zero based tbs++; } // Certificate / TBSCertificate / CertificateSerialNumber ASN1 sn = decoder [0][tbs++]; if (sn.Tag != 0x02) { throw new CryptographicException(encoding_error); } serialnumber = sn.Value; Array.Reverse(serialnumber, 0, serialnumber.Length); // Certificate / TBSCertificate / AlgorithmIdentifier tbs++; // ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30); issuer = tbsCertificate.Element(tbs++, 0x30); m_issuername = X501.ToString(issuer); ASN1 validity = tbsCertificate.Element(tbs++, 0x30); ASN1 notBefore = validity [0]; m_from = ASN1Convert.ToDateTime(notBefore); ASN1 notAfter = validity [1]; m_until = ASN1Convert.ToDateTime(notAfter); subject = tbsCertificate.Element(tbs++, 0x30); m_subject = X501.ToString(subject); ASN1 subjectPublicKeyInfo = tbsCertificate.Element(tbs++, 0x30); ASN1 algorithm = subjectPublicKeyInfo.Element(0, 0x30); ASN1 algo = algorithm.Element(0, 0x06); m_keyalgo = ASN1Convert.ToOid(algo); // parameters ANY DEFINED BY algorithm OPTIONAL // so we dont ask for a specific (Element) type and return DER ASN1 parameters = algorithm [1]; m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes() : null); ASN1 subjectPublicKey = subjectPublicKeyInfo.Element(1, 0x03); // we must drop th first byte (which is the number of unused bits // in the BITSTRING) int n = subjectPublicKey.Length - 1; m_publickey = new byte [n]; Buffer.BlockCopy(subjectPublicKey.Value, 1, m_publickey, 0, n); // signature processing byte[] bitstring = decoder [2].Value; // first byte contains unused bits in first byte signature = new byte [bitstring.Length - 1]; Buffer.BlockCopy(bitstring, 1, signature, 0, signature.Length); algorithm = decoder [1]; algo = algorithm.Element(0, 0x06); m_signaturealgo = ASN1Convert.ToOid(algo); parameters = algorithm [1]; if (parameters != null) { m_signaturealgoparams = parameters.GetBytes(); } else { m_signaturealgoparams = null; } // Certificate / TBSCertificate / issuerUniqueID ASN1 issuerUID = tbsCertificate.Element(tbs, 0x81); if (issuerUID != null) { tbs++; issuerUniqueID = issuerUID.Value; } // Certificate / TBSCertificate / subjectUniqueID ASN1 subjectUID = tbsCertificate.Element(tbs, 0x82); if (subjectUID != null) { tbs++; subjectUniqueID = subjectUID.Value; } // Certificate / TBSCertificate / Extensions ASN1 extns = tbsCertificate.Element(tbs, 0xA3); if ((extns != null) && (extns.Count == 1)) { extensions = new X509ExtensionCollection(extns [0]); } else { extensions = new X509ExtensionCollection(null); } // keep a copy of the original data m_encodedcert = (byte[])data.Clone(); } catch (Exception ex) { throw new CryptographicException(encoding_error, ex); } }
private void Parse(byte[] data) { try { this.decoder = new ASN1(data); if (this.decoder.Tag != 0x30) { throw new CryptographicException(encoding_error); } if (this.decoder[0].Tag != 0x30) { throw new CryptographicException(encoding_error); } ASN1 asn = this.decoder[0]; int index = 0; ASN1 asn2 = this.decoder[0][index]; this.version = 1; if ((asn2.Tag == 160) && (asn2.Count > 0)) { this.version += asn2[0].Value[0]; index++; } ASN1 asn3 = this.decoder[0][index++]; if (asn3.Tag != 2) { throw new CryptographicException(encoding_error); } this.serialnumber = asn3.Value; Array.Reverse(this.serialnumber, 0, this.serialnumber.Length); index++; this.issuer = asn.Element(index++, 0x30); this.m_issuername = X501.ToString(this.issuer); ASN1 asn4 = asn.Element(index++, 0x30); ASN1 time = asn4[0]; this.m_from = ASN1Convert.ToDateTime(time); ASN1 asn6 = asn4[1]; this.m_until = ASN1Convert.ToDateTime(asn6); this.subject = asn.Element(index++, 0x30); this.m_subject = X501.ToString(this.subject); ASN1 asn7 = asn.Element(index++, 0x30); ASN1 asn8 = asn7.Element(0, 0x30); ASN1 asn9 = asn8.Element(0, 6); this.m_keyalgo = ASN1Convert.ToOid(asn9); ASN1 asn10 = asn8[1]; this.m_keyalgoparams = (asn8.Count <= 1) ? null : asn10.GetBytes(); ASN1 asn11 = asn7.Element(1, 3); int count = asn11.Length - 1; this.m_publickey = new byte[count]; Buffer.BlockCopy(asn11.Value, 1, this.m_publickey, 0, count); byte[] src = this.decoder[2].Value; this.signature = new byte[src.Length - 1]; Buffer.BlockCopy(src, 1, this.signature, 0, this.signature.Length); asn8 = this.decoder[1]; asn9 = asn8.Element(0, 6); this.m_signaturealgo = ASN1Convert.ToOid(asn9); asn10 = asn8[1]; if (asn10 != null) { this.m_signaturealgoparams = asn10.GetBytes(); } else { this.m_signaturealgoparams = null; } ASN1 asn12 = asn.Element(index, 0x81); if (asn12 != null) { index++; this.issuerUniqueID = asn12.Value; } ASN1 asn13 = asn.Element(index, 130); if (asn13 != null) { index++; this.subjectUniqueID = asn13.Value; } ASN1 asn14 = asn.Element(index, 0xa3); if ((asn14 != null) && (asn14.Count == 1)) { this.extensions = new X509ExtensionCollection(asn14[0]); } else { this.extensions = new X509ExtensionCollection(null); } this.m_encodedcert = (byte[])data.Clone(); } catch (Exception exception) { throw new CryptographicException(encoding_error, exception); } }
private void Parse(byte[] crl) { string text = "Input data cannot be coded as a valid CRL."; try { ASN1 aSN = new ASN1(encoded); if (aSN.Tag != 48 || aSN.Count != 3) { throw new CryptographicException(text); } ASN1 aSN2 = aSN[0]; if (aSN2.Tag != 48 || aSN2.Count < 3) { throw new CryptographicException(text); } int num = 0; if (aSN2[num].Tag == 2) { version = (byte)(aSN2[num++].Value[0] + 1); } else { version = 1; } signatureOID = ASN1Convert.ToOid(aSN2[num++][0]); issuer = X501.ToString(aSN2[num++]); thisUpdate = ASN1Convert.ToDateTime(aSN2[num++]); ASN1 aSN3 = aSN2[num++]; if (aSN3.Tag == 23 || aSN3.Tag == 24) { nextUpdate = ASN1Convert.ToDateTime(aSN3); aSN3 = aSN2[num++]; } entries = new ArrayList(); if (aSN3 != null && aSN3.Tag == 48) { ASN1 aSN4 = aSN3; for (int i = 0; i < aSN4.Count; i++) { entries.Add(new X509CrlEntry(aSN4[i])); } } else { num--; } ASN1 aSN5 = aSN2[num]; if (aSN5 != null && aSN5.Tag == 160 && aSN5.Count == 1) { extensions = new X509ExtensionCollection(aSN5[0]); } else { extensions = new X509ExtensionCollection(null); } string b = ASN1Convert.ToOid(aSN[1][0]); if (signatureOID != b) { throw new CryptographicException(text + " [Non-matching signature algorithms in CRL]"); } byte[] value = aSN[2].Value; signature = new byte[value.Length - 1]; Buffer.BlockCopy(value, 1, signature, 0, signature.Length); } catch { throw new CryptographicException(text); IL_024f :; } }
private void Parse(byte[] crl) { string text = "Input data cannot be coded as a valid CRL."; try { ASN1 asn = new ASN1(this.encoded); if (asn.Tag != 48 || asn.Count != 3) { throw new CryptographicException(text); } ASN1 asn2 = asn[0]; if (asn2.Tag != 48 || asn2.Count < 3) { throw new CryptographicException(text); } int num = 0; if (asn2[num].Tag == 2) { this.version = asn2[num++].Value[0] + 1; } else { this.version = 1; } this.signatureOID = ASN1Convert.ToOid(asn2[num++][0]); this.issuer = X501.ToString(asn2[num++]); this.thisUpdate = ASN1Convert.ToDateTime(asn2[num++]); ASN1 asn3 = asn2[num++]; if (asn3.Tag == 23 || asn3.Tag == 24) { this.nextUpdate = ASN1Convert.ToDateTime(asn3); asn3 = asn2[num++]; } this.entries = new ArrayList(); if (asn3 != null && asn3.Tag == 48) { ASN1 asn4 = asn3; for (int i = 0; i < asn4.Count; i++) { this.entries.Add(new X509Crl.X509CrlEntry(asn4[i])); } } else { num--; } ASN1 asn5 = asn2[num]; if (asn5 != null && asn5.Tag == 160 && asn5.Count == 1) { this.extensions = new X509ExtensionCollection(asn5[0]); } else { this.extensions = new X509ExtensionCollection(null); } string b = ASN1Convert.ToOid(asn[1][0]); if (this.signatureOID != b) { throw new CryptographicException(text + " [Non-matching signature algorithms in CRL]"); } byte[] value = asn[2].Value; this.signature = new byte[value.Length - 1]; Buffer.BlockCopy(value, 1, this.signature, 0, this.signature.Length); } catch { throw new CryptographicException(text); } }
protected override void Decode() { ASN1 seq = new ASN1(extnValue.Value); if (seq.Tag != 0x30) { throw new ArgumentException("Invalid KeyAttributesExtension extension"); } int n = 0; // check for KeyIdentifier if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x04) { n++; keyId = item.Value; } } // check for KeyUsage if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x03) { n++; int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < item.Value.Length) { kubits = (kubits << 8) + item.Value [i++]; } } } // check for PrivateKeyValidity if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x30) { int i = 0; if (i < item.Count) { ASN1 dt = item [i]; if (dt.Tag == 0x81) { i++; notBefore = ASN1Convert.ToDateTime(dt); } } if (i < item.Count) { ASN1 dt = item [i]; if (dt.Tag == 0x82) { notAfter = ASN1Convert.ToDateTime(dt); } } } } }
protected override void Decode() { ASN1 aSN = new ASN1(extnValue.Value); if (aSN.Tag != 48) { throw new ArgumentException("Invalid KeyAttributesExtension extension"); } int num = 0; if (num < aSN.Count) { ASN1 aSN2 = aSN[num]; if (aSN2.Tag == 4) { num++; keyId = aSN2.Value; } } if (num < aSN.Count) { ASN1 aSN3 = aSN[num]; if (aSN3.Tag == 3) { num++; int num2 = 1; while (num2 < aSN3.Value.Length) { kubits = (kubits << 8) + aSN3.Value[num2++]; } } } if (num >= aSN.Count) { return; } ASN1 aSN4 = aSN[num]; if (aSN4.Tag != 48) { return; } int num4 = 0; if (num4 < aSN4.Count) { ASN1 aSN5 = aSN4[num4]; if (aSN5.Tag == 129) { num4++; notBefore = ASN1Convert.ToDateTime(aSN5); } } if (num4 < aSN4.Count) { ASN1 aSN6 = aSN4[num4]; if (aSN6.Tag == 130) { notAfter = ASN1Convert.ToDateTime(aSN6); } } }