/**
* Constructs an X509 name
* @param seq an ASN1 Sequence
*/
public X509Name(ASN1Sequence seq)
{
IEnumerator e = seq.getObjects();
while (e.MoveNext())
{
ASN1Set sett = (ASN1Set)e.Current;
for (int i = 0; i < sett.size(); i++)
{
ASN1Sequence s = (ASN1Sequence)sett.getObjectAt(i);
String id = (String)DefaultSymbols[s.getObjectAt(0)];
if (id == null)
{
continue;
}
ArrayList vs = (ArrayList)values[id];
if (vs == null)
{
vs = new ArrayList();
values[id] = vs;
}
vs.Add(((DERString)s.getObjectAt(1)).getString());
}
}
}
public AttributeTable(
ASN1Set s)
{
for (int i = 0; i != s.size(); i++)
{
Attribute a = Attribute.getInstance(s.getObjectAt(i));
attributes.Add(a.getAttrType(), a);
}
}
/**
* Constructor from ASN1Sequence
*
* the principal will be a list of constructed sets, each containing an (OID, String) pair.
*/
public X509Name(
ASN1Sequence seq)
{
this.seq = seq;
IEnumerator e = seq.getObjects();
while (e.MoveNext())
{
ASN1Set set = (ASN1Set)e.Current;
for (int i = 0; i < set.size(); i++)
{
ASN1Sequence s = (ASN1Sequence)set.getObjectAt(i);
ordering.Add(s.getObjectAt(0));
values.Add(((DERString)s.getObjectAt(1)).getString());
added.Add(i != 0);
}
}
}
/**
* Verifies a signature using the sub-filter adbe.pkcs7.detached or
* adbe.pkcs7.sha1.
* @param contentsKey the /Contents key
* @param provider the provider or <code>null</code> for the default provider
* @throws SecurityException on error
* @throws CRLException on error
* @throws InvalidKeyException on error
* @throws CertificateException on error
* @throws NoSuchProviderException on error
* @throws NoSuchAlgorithmException on error
*/
public PdfPKCS7(byte[] contentsKey)
{
ASN1InputStream din = new ASN1InputStream(new MemoryStream(contentsKey));
//
// Basic checks to make sure it's a PKCS#7 SignedData Object
//
ASN1Object pkcs;
try {
pkcs = din.readObject();
}
catch {
throw new ArgumentException("can't decode PKCS7SignedData object");
}
if (!(pkcs is ASN1Sequence))
{
throw new ArgumentException("Not a valid PKCS#7 object - not a sequence");
}
ASN1Sequence signedData = (ASN1Sequence)pkcs;
DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0);
if (!objId.getId().Equals(ID_PKCS7_SIGNED_DATA))
{
throw new ArgumentException("Not a valid PKCS#7 object - not signed data");
}
ASN1Sequence content = (ASN1Sequence)((DERTaggedObject)signedData.getObjectAt(1)).getObject();
// the positions that we care are:
// 0 - version
// 1 - digestAlgorithms
// 2 - possible ID_PKCS7_DATA
// (the certificates and crls are taken out by other means)
// last - signerInfos
// the version
version = ((DERInteger)content.getObjectAt(0)).getValue().intValue();
// the digestAlgorithms
digestalgos = new Hashtable();
IEnumerator e = ((ASN1Set)content.getObjectAt(1)).getObjects();
while (e.MoveNext())
{
ASN1Sequence s = (ASN1Sequence)e.Current;
DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0);
digestalgos[o.getId()] = null;
}
// the certificates and crls
X509CertificateParser cf = new X509CertificateParser(contentsKey);
certs = new ArrayList();
while (true)
{
X509Certificate cc = cf.ReadCertificate();
if (cc == null)
{
break;
}
certs.Add(cc);
}
crls = new ArrayList();
// the possible ID_PKCS7_DATA
ASN1Sequence rsaData = (ASN1Sequence)content.getObjectAt(2);
if (rsaData.size() > 1)
{
DEROctetString rsaDataContent = (DEROctetString)((DERTaggedObject)rsaData.getObjectAt(1)).getObject();
RSAdata = rsaDataContent.getOctets();
}
// the signerInfos
int next = 3;
while (content.getObjectAt(next) is DERTaggedObject)
{
++next;
}
ASN1Set signerInfos = (ASN1Set)content.getObjectAt(next);
if (signerInfos.size() != 1)
{
throw new ArgumentException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
}
ASN1Sequence signerInfo = (ASN1Sequence)signerInfos.getObjectAt(0);
// the positions that we care are
// 0 - version
// 1 - the signing certificate serial number
// 2 - the digest algorithm
// 3 or 4 - digestEncryptionAlgorithm
// 4 or 5 - encryptedDigest
signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue();
// Get the signing certificate
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1);
BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue();
foreach (X509Certificate cert in certs)
{
if (serialNumber.Equals(cert.getSerialNumber()))
{
signCert = cert;
break;
}
}
if (signCert == null)
{
throw new ArgumentException("Can't find signing certificate with serial " + serialNumber.ToString(16));
}
digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
next = 3;
if (signerInfo.getObjectAt(next) is ASN1TaggedObject)
{
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Sequence sseq = (ASN1Sequence)tagsig.getObject();
MemoryStream bOut = new MemoryStream();
ASN1OutputStream dout = new ASN1OutputStream(bOut);
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
for (int k = 0; k < sseq.size(); ++k)
{
attribute.add(sseq.getObjectAt(k));
}
dout.writeObject(new DERSet(attribute));
dout.Close();
}
catch (IOException) {}
sigAttr = bOut.ToArray();
for (int k = 0; k < sseq.size(); ++k)
{
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().Equals(ID_MESSAGE_DIGEST))
{
ASN1Set sset = (ASN1Set)seq2.getObjectAt(1);
digestAttr = ((DEROctetString)sset.getObjectAt(0)).getOctets();
break;
}
}
if (digestAttr == null)
{
throw new ArgumentException("Authenticated attribute is missing the digest.");
}
++next;
}
digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digest = ((DEROctetString)signerInfo.getObjectAt(next)).getOctets();
if (RSAdata != null || digestAttr != null)
{
messageDigest = GetHashClass();
}
sig = SignerUtil.getSigner(GetDigestAlgorithm());
sig.init(false, signCert.getPublicKey());
}
public PKCS12Store(
Stream input,
char[] password)
{
if (password == null)
{
throw new ArgumentException("No password supplied for PKCS12Store.");
}
ASN1InputStream bIn = new ASN1InputStream(input);
ASN1Sequence obj = (ASN1Sequence)bIn.readObject();
Pfx bag = new Pfx(obj);
ContentInfo info = bag.getAuthSafe();
ArrayList chain = new ArrayList();
bool unmarkedKey = false;
if (bag.getMacData() != null) // check the mac code
{
MemoryStream bOut = new MemoryStream();
BEROutputStream berOut = new BEROutputStream(bOut);
MacData mData = bag.getMacData();
DigestInfo dInfo = mData.getMac();
AlgorithmIdentifier algId = dInfo.getAlgorithmId();
byte[] salt = mData.getSalt();
int itCount = mData.getIterationCount().intValue();
berOut.writeObject(info);
byte[] data = ((ASN1OctetString)info.getContent()).getOctets();
try
{
ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(algId.getObjectId(), mData.getSalt(), mData.getIterationCount().intValue());
CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, parameters);
Mac mac = (Mac)PBEUtil.createEngine(algId.getObjectId());
mac.init(keyParameters);
mac.update(data, 0, data.Length);
byte[] res = new byte[mac.getMacSize()];
mac.doFinal(res, 0);
byte[] dig = dInfo.getDigest();
if (res.Length != dig.Length)
{
throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
for (int i = 0; i != res.Length; i++)
{
if (res[i] != dig[i])
{
throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
}
}
catch (Exception e)
{
throw new Exception("error constructing MAC: " + e.Message);
}
}
keys = new Hashtable();
localIds = new Hashtable();
if (info.getContentType().Equals(PKCSObjectIdentifiers.data))
{
bIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)info.getContent()).getOctets()));
AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject());
ContentInfo[] c = authSafe.getContentInfo();
for (int i = 0; i != c.Length; i++)
{
if (c[i].getContentType().Equals(PKCSObjectIdentifiers.data))
{
ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)c[i].getContent()).getOctets()));
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
for (int j = 0; j != seq.size(); j++)
{
SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
String alias = null;
ASN1OctetString localId = null;
if (b.getBagAttributes() != null)
{
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
}
if (localId != null)
{
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else
{
unmarkedKey = true;
keys.Add("unmarked", privKey);
}
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
{
chain.Add(b);
}
else
{
Console.WriteLine("extra " + b.getBagId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
}
}
}
else if (c[i].getContentType().Equals(PKCSObjectIdentifiers.encryptedData))
{
EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent());
ASN1Sequence seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password);
for (int j = 0; j != seq.size(); j++)
{
SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
{
chain.Add(b);
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
String alias = null;
ASN1OctetString localId = null;
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.keyBag))
{
PrivateKeyInfo pIn = PrivateKeyInfo.getInstance(b.getBagValue());
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(pIn);
//
// set the attributes on the key
//
String alias = null;
ASN1OctetString localId = null;
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else
{
Console.WriteLine("extra " + b.getBagId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
}
}
}
else
{
Console.WriteLine("extra " + c[i].getContentType().getId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(c[i].getContent()));
}
}
}
certs = new Hashtable();
chainCerts = new Hashtable();
keyCerts = new Hashtable();
for (int i = 0; i != chain.Count; i++)
{
SafeBag b = (SafeBag)chain[i];
CertBag cb = new CertBag((ASN1Sequence)b.getBagValue());
X509Certificate cert = new X509Certificate(((ASN1OctetString)cb.getCertValue()).getOctets());
//
// set the attributes
//
Hashtable attributes = new Hashtable();
X509CertificateEntry pkcs12cert = new X509CertificateEntry(cert, attributes);
ASN1OctetString localId = null;
String alias = null;
if (b.getBagAttributes() != null)
{
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
if (attrSet.size() > 0)
{
ASN1Encodable attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
}
}
chainCerts.Add(new CertId(cert.getPublicKey()), pkcs12cert);
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
String name = byteArrayToString(Hex.encode(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getPublicKey())).getKeyIdentifier()));
keyCerts.Add(name, pkcs12cert);
keys.Add(name, keys["unmarked"]);
keys.Remove("unmarked");
}
}
else
{
if (alias == null)
{
if (localId != null)
{
String name = byteArrayToString(Hex.encode(localId.getOctets()));
keyCerts.Add(name, pkcs12cert);
}
}
else
{
certs.Add(alias, pkcs12cert);
}
}
}
}