public static void SerializeChoice_Third()
{
DirectoryStringClass directoryString = new DirectoryStringClass
{
PrintableString = "Printable",
};
using (AsnWriter writer = AsnSerializer.Serialize(directoryString, AsnEncodingRules.DER))
{
Assert.Equal("13095072696E7461626C65", writer.Encode().ByteArrayToHex());
}
}
public static void SerializeChoice_First()
{
DirectoryStringClass directoryString = new DirectoryStringClass
{
Utf8String = "UTF8",
};
using (AsnWriter writer = AsnSerializer.Serialize(directoryString, AsnEncodingRules.DER))
{
Assert.Equal("0C0455544638", writer.Encode().ByteArrayToHex());
}
}
public static void SerializeChoice_Second()
{
DirectoryStringClass directoryString = new DirectoryStringClass
{
BmpString = "BMP",
};
using (AsnWriter writer = AsnSerializer.Serialize(directoryString, AsnEncodingRules.DER))
{
Assert.Equal("1E060042004D0050", writer.Encode().ByteArrayToHex());
}
}
public static void SerializeChoice_WithinChoice6()
{
var hybrid = new FlexibleStringStructHybrid
{
Ascii = "IA5",
};
using (AsnWriter writer = AsnSerializer.Serialize(hybrid, AsnEncodingRules.DER))
{
Assert.Equal("1603494135", writer.Encode().ByteArrayToHex());
}
}
public static void WriteOptionals(string expectedHex, bool hasUtf8, bool hasIa5)
{
var data = new OptionalValues
{
Utf8String = hasUtf8 ? "UTF8" : null,
IA5String = hasIa5 ? "IA5" : null,
};
AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER);
Assert.Equal(expectedHex, writer.Encode().ByteArrayToHex());
}
public static void SerializeExplicitValue()
{
var data = new ExplicitValueStruct
{
ExplicitInt = 3,
ImplicitInt = 0x17,
};
AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER);
Assert.Equal("3008A003020103020117", writer.Encode().ByteArrayToHex());
}
public static void SerializeNamedBitList()
{
var flagsContainer = new NamedBitListModeVariants
{
DefaultMode = SomeFlagsEnum.BitEleven | SomeFlagsEnum.BitTwo | SomeFlagsEnum.BitFourteen
};
using (AsnWriter writer = AsnSerializer.Serialize(flagsContainer, AsnEncodingRules.DER))
{
Assert.Equal("30050303012012", writer.Encode().ByteArrayToHex());
}
}
public static void WriteNegativeIntegers()
{
BigIntegers bigIntegers = new BigIntegers
{
First = -273,
Second = new byte[] { 0xFE, 0xED, 0xF0, 0x0D },
};
using (AsnWriter writer = AsnSerializer.Serialize(bigIntegers, AsnEncodingRules.DER))
{
Assert.Equal("300A0202FEEF0204FEEDF00D", writer.EncodeAsSpan().ByteArrayToHex());
}
}
public static void SerializeDefaultValue_AsNonDefault()
{
var extension = new X509DeserializeTests.Extension
{
ExtnId = "2.5.29.15",
Critical = true,
ExtnValue = new byte[] { 0x03, 0x02, 0x05, 0xA0 },
};
AsnWriter writer = AsnSerializer.Serialize(extension, AsnEncodingRules.DER);
Assert.Equal("300E0603551D0F0101FF0404030205A0", writer.Encode().ByteArrayToHex());
}
public static void SerializeDefaultValue_AsDefault()
{
var extension = new X509DeserializeTests.Extension
{
ExtnId = "2.5.29.19",
Critical = false,
ExtnValue = new byte[] { 0x30, 0x00 },
};
AsnWriter writer = AsnSerializer.Serialize(extension, AsnEncodingRules.DER);
Assert.Equal("30090603551D1304023000", writer.Encode().ByteArrayToHex());
}
public static void SerializeChoice_WithinChoice5()
{
var hybrid = new FlexibleStringStructHybrid
{
DirectoryString = new DirectoryStringClass
{
Utf8String = "Marco",
},
};
AsnWriter writer = AsnSerializer.Serialize(hybrid, AsnEncodingRules.DER);
Assert.Equal("0C054D6172636F", writer.Encode().ByteArrayToHex());
}
public static void SerializeChoice_WithinChoice4()
{
var hybrid = new FlexibleStringStructHybrid
{
DirectoryString = new DirectoryStringClass
{
BmpString = "Polo",
},
};
AsnWriter writer = AsnSerializer.Serialize(hybrid, AsnEncodingRules.DER);
Assert.Equal("1E080050006F006C006F", writer.Encode().ByteArrayToHex());
}
private void AddGeneralName(GeneralNameAsn generalName)
{
try
{
// Verify that the general name can be serialized and store it.
using (AsnWriter writer = AsnSerializer.Serialize(generalName, AsnEncodingRules.DER))
{
_encodedNames.Add(writer.Encode());
}
}
catch (EncoderFallbackException)
{
throw new CryptographicException(SR.Cryptography_Invalid_IA5String);
}
}
internal byte[] ToPkcs10Request(X509SignatureGenerator signatureGenerator, HashAlgorithmName hashAlgorithm)
{
// State validation should be runtime checks if/when this becomes public API
Debug.Assert(signatureGenerator != null);
Debug.Assert(Subject != null);
Debug.Assert(PublicKey != null);
byte[] signatureAlgorithm = signatureGenerator.GetSignatureAlgorithmIdentifier(hashAlgorithm);
AlgorithmIdentifierAsn signatureAlgorithmAsn;
// Deserialization also does validation of the value (except for Parameters, which have to be validated separately).
signatureAlgorithmAsn = AsnSerializer.Deserialize <AlgorithmIdentifierAsn>(signatureAlgorithm, AsnEncodingRules.DER);
if (signatureAlgorithmAsn.Parameters.HasValue)
{
Helpers.ValidateDer(signatureAlgorithmAsn.Parameters.Value);
}
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn();
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = PublicKey.Oid, Parameters = PublicKey.EncodedParameters.RawData
};
spki.SubjectPublicKey = PublicKey.EncodedKeyValue.RawData;
CertificationRequestInfoAsn requestInfo = new CertificationRequestInfoAsn
{
Version = 0,
Subject = this.Subject.RawData,
SubjectPublicKeyInfo = spki,
Attributes = Attributes.Select(e => new X501AttributeAsn(e)).ToArray(),
};
using (AsnWriter writer = AsnSerializer.Serialize(requestInfo, AsnEncodingRules.DER))
{
byte[] encodedRequestInfo = writer.Encode();
CertificationRequestAsn certificationRequest = new CertificationRequestAsn
{
CertificationRequestInfo = requestInfo,
SignatureAlgorithm = signatureAlgorithmAsn,
SignatureValue = signatureGenerator.SignData(encodedRequestInfo, hashAlgorithm),
};
using (AsnWriter signedWriter = AsnSerializer.Serialize(certificationRequest, AsnEncodingRules.DER))
{
return(signedWriter.Encode());
}
}
}
/// <summary>
/// Create a timestamp request using a pre-computed hash value.
/// </summary>
/// <param name="hash">The pre-computed hash value to be timestamped.</param>
/// <param name="hashAlgorithmId">
/// The Object Identifier (OID) for the hash algorithm which produced <paramref name="hash"/>.
/// </param>
/// <param name="requestedPolicyId">
/// The Object Identifier (OID) for a timestamp policy the Timestamp Authority (TSA) should use,
/// or <c>null</c> to express no preference.
/// </param>
/// <param name="nonce">
/// An optional nonce (number used once) to uniquely identify this request to pair it with the response.
/// The value is interpreted as an unsigned big-endian integer and may be normalized to the encoding format.
/// </param>
/// <param name="requestSignerCertificates">
/// Indicates whether the Timestamp Authority (TSA) must (<c>true</c>) or must not (<c>false</c>) include
/// the signing certificate in the issued timestamp token.
/// </param>
/// <param name="extensions">RFC3161 extensions to present with the request.</param>
/// <returns>
/// An <see cref="Rfc3161TimestampRequest"/> representing the chosen values.
/// </returns>
/// <seealso cref="Encode"/>
/// <seealso cref="TryEncode"/>
public static Rfc3161TimestampRequest CreateFromHash(
ReadOnlyMemory <byte> hash,
Oid hashAlgorithmId,
Oid requestedPolicyId = null,
ReadOnlyMemory <byte>?nonce = null,
bool requestSignerCertificates = false,
X509ExtensionCollection extensions = null)
{
var req = new Rfc3161TimeStampReq
{
Version = 1,
MessageImprint = new MessageImprint
{
HashAlgorithm =
{
Algorithm = hashAlgorithmId,
Parameters = AlgorithmIdentifierAsn.ExplicitDerNull,
},
HashedMessage = hash,
},
ReqPolicy = requestedPolicyId,
CertReq = requestSignerCertificates,
Nonce = nonce,
};
if (extensions != null)
{
req.Extensions =
extensions.OfType <X509Extension>().Select(e => new X509ExtensionAsn(e)).ToArray();
}
// The RFC implies DER (see TryParse), and DER is the most widely understood given that
// CER isn't specified.
const AsnEncodingRules ruleSet = AsnEncodingRules.DER;
AsnWriter writer = AsnSerializer.Serialize(req, ruleSet);
byte[] encodedBytes = writer.Encode();
// Make sure everything normalizes
req = AsnSerializer.Deserialize <Rfc3161TimeStampReq>(encodedBytes, ruleSet);
return(new Rfc3161TimestampRequest
{
_encodedBytes = writer.Encode(),
_parsedData = req,
});
}
public ReadOnlyMemory <byte>?GetTimestampAuthorityName()
{
if (_tsaNameBytes == null)
{
GeneralName?tsaName = _parsedData.Tsa;
if (tsaName == null)
{
return(null);
}
_tsaNameBytes = AsnSerializer.Serialize(tsaName.Value, AsnEncodingRules.DER).Encode();
Debug.Assert(_tsaNameBytes.HasValue);
}
return(_tsaNameBytes.Value);
}
public static void SerializeAlgorithmIdentifier()
{
AlgorithmIdentifier identifier = new AlgorithmIdentifier
{
Algorithm = new Oid("2.16.840.1.101.3.4.2.1", "SHA-2-256"),
Parameters = new byte[] { 5, 0 },
};
AsnWriter writer = AsnSerializer.Serialize(identifier, AsnEncodingRules.DER);
const string ExpectedHex =
"300D" +
"0609608648016503040201" +
"0500";
Assert.Equal(ExpectedHex, writer.Encode().ByteArrayToHex());
}
private byte[] EncryptContent(
ContentInfo contentInfo,
AlgorithmIdentifier contentEncryptionAlgorithm,
out byte[] cek,
out byte[] parameterBytes)
{
using (SymmetricAlgorithm alg = OpenAlgorithm(contentEncryptionAlgorithm))
using (ICryptoTransform encryptor = alg.CreateEncryptor())
{
cek = alg.Key;
if (alg is RC2)
{
Rc2CbcParameters rc2Params = new Rc2CbcParameters(alg.IV, alg.KeySize);
using (AsnWriter writer = AsnSerializer.Serialize(rc2Params, AsnEncodingRules.DER))
{
parameterBytes = writer.Encode();
}
}
else
{
parameterBytes = EncodeOctetString(alg.IV);
}
byte[] toEncrypt = contentInfo.Content;
if (contentInfo.ContentType.Value == Oids.Pkcs7Data)
{
toEncrypt = EncodeOctetString(toEncrypt);
return(encryptor.OneShot(toEncrypt));
}
else
{
if (contentInfo.Content.Length == 0)
{
return(encryptor.OneShot(contentInfo.Content));
}
else
{
AsnReader reader = new AsnReader(contentInfo.Content, AsnEncodingRules.BER);
return(encryptor.OneShot(reader.PeekContentBytes().ToArray()));
}
}
}
}
public virtual byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
// The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive
// of the DER structural bytes.
SubjectPublicKeyInfoAsn spki = new SubjectPublicKeyInfoAsn();
spki.Algorithm = new AlgorithmIdentifierAsn {
Algorithm = key.Oid, Parameters = key.EncodedParameters.RawData
};
spki.SubjectPublicKey = key.EncodedKeyValue.RawData;
using (AsnWriter writer = AsnSerializer.Serialize(spki, AsnEncodingRules.DER))
using (SHA1 hash = SHA1.Create())
{
return(hash.ComputeHash(writer.Encode()));
}
}
public virtual byte[] EncodeX509BasicConstraints2Extension(
bool certificateAuthority,
bool hasPathLengthConstraint,
int pathLengthConstraint)
{
BasicConstraintsAsn constraints = new BasicConstraintsAsn();
constraints.CA = certificateAuthority;
if (hasPathLengthConstraint)
{
constraints.PathLengthConstraint = pathLengthConstraint;
}
using (AsnWriter writer = AsnSerializer.Serialize(constraints, AsnEncodingRules.DER))
{
return(writer.Encode());
}
}
public static void WriteAnyValueWithExpectedTag()
{
byte[] anyValue = "3003010100".HexToByteArray();
var data = new AnyWithExpectedTag
{
Id = "0.0",
Data = anyValue,
};
AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER);
Assert.Equal("30080601003003010100", writer.Encode().ByteArrayToHex());
anyValue[0] = 0xA0;
Assert.Throws <CryptographicException>(() => AsnSerializer.Serialize(data, AsnEncodingRules.DER));
}
public static void SerializeExplicitDefaultValue(int version, string expectedHex)
{
ExplicitDefaultAsn data = new ExplicitDefaultAsn {
Version = version
};
byte[] encoded;
using (AsnWriter writer = AsnSerializer.Serialize(data, AsnEncodingRules.DER))
{
encoded = writer.Encode();
Assert.Equal(expectedHex, encoded.ByteArrayToHex());
}
// Deserialize the data back.
data = AsnSerializer.Deserialize <ExplicitDefaultAsn>(encoded, AsnEncodingRules.DER);
Assert.Equal(version, data.Version);
}
internal static byte[] EncodeContentInfo <T>(
T value,
string contentType,
AsnEncodingRules ruleSet = AsnEncodingRules.DER)
{
using (AsnWriter innerWriter = AsnSerializer.Serialize(value, ruleSet))
{
ContentInfoAsn content = new ContentInfoAsn
{
ContentType = contentType,
Content = innerWriter.Encode(),
};
using (AsnWriter outerWriter = AsnSerializer.Serialize(content, ruleSet))
{
return(outerWriter.Encode());
}
}
}
public void SealWithoutIntegrity()
{
if (IsSealed)
{
throw new InvalidOperationException(SR.Cryptography_Pkcs12_PfxIsSealed);
}
ContentInfoAsn[] contents = _contents?.ToArray() ?? Array.Empty <ContentInfoAsn>();
using (AsnWriter contentsWriter = AsnSerializer.Serialize(contents, AsnEncodingRules.BER))
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.BER))
{
// https://tools.ietf.org/html/rfc7292#section-4
//
// PFX ::= SEQUENCE {
// version INTEGER {v3(3)}(v3,...),
// authSafe ContentInfo,
// macData MacData OPTIONAL
// }
writer.PushSequence();
writer.WriteInteger(3);
writer.PushSequence();
{
writer.WriteObjectIdentifier(Oids.Pkcs7Data);
Asn1Tag contextSpecific0 = new Asn1Tag(TagClass.ContextSpecific, 0);
writer.PushSequence(contextSpecific0);
{
writer.WriteOctetString(contentsWriter.EncodeAsSpan());
writer.PopSequence(contextSpecific0);
}
writer.PopSequence();
}
writer.PopSequence();
_sealedData = writer.Encode();
}
}
private static byte[] EncodeAttribute(IEnumerable <X509Extension> extensions)
{
if (extensions == null)
{
throw new ArgumentNullException(nameof(extensions));
}
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSequence();
foreach (X509Extension e in extensions)
{
AsnSerializer.Serialize(new X509ExtensionAsn(e), writer);
}
writer.PopSequence();
return(writer.Encode());
}
}
internal CertificateData(byte[] rawData)
{
#if DEBUG
try
{
#endif
RawData = rawData;
certificate = AsnSerializer.Deserialize <CertificateAsn>(rawData, AsnEncodingRules.DER);
certificate.TbsCertificate.ValidateVersion();
Issuer = new X500DistinguishedName(certificate.TbsCertificate.Issuer.ToArray());
Subject = new X500DistinguishedName(certificate.TbsCertificate.Subject.ToArray());
using (AsnWriter writer = AsnSerializer.Serialize(certificate.TbsCertificate.SubjectPublicKeyInfo, AsnEncodingRules.DER))
{
SubjectPublicKeyInfo = writer.Encode();
}
Extensions = new List <X509Extension>();
if (certificate.TbsCertificate.Extensions != null)
{
foreach (X509ExtensionAsn rawExtension in certificate.TbsCertificate.Extensions)
{
X509Extension extension = new X509Extension(
rawExtension.ExtnId,
rawExtension.ExtnValue.ToArray(),
rawExtension.Critical);
Extensions.Add(extension);
}
}
#if DEBUG
}
catch (Exception e)
{
throw new CryptographicException(
$"Error in reading certificate:{Environment.NewLine}{PemPrintCert(rawData)}",
e);
}
#endif
}
public void ComputeCounterSignature(CmsSigner signer)
{
if (_parentSignerInfo != null)
{
throw new CryptographicException(SR.Cryptography_Cms_NoCounterCounterSigner);
}
if (signer == null)
{
throw new ArgumentNullException(nameof(signer));
}
signer.CheckCertificateValue();
int myIdx = _document.SignerInfos.FindIndexForSigner(this);
if (myIdx < 0)
{
throw new CryptographicException(SR.Cryptography_Cms_SignerNotFound);
}
// Make sure that we're using the most up-to-date version of this that we can.
SignerInfo effectiveThis = _document.SignerInfos[myIdx];
X509Certificate2Collection chain;
SignerInfoAsn newSignerInfo = signer.Sign(effectiveThis._signature, null, false, out chain);
AttributeAsn newUnsignedAttr;
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSetOf();
AsnSerializer.Serialize(newSignerInfo, writer);
writer.PopSetOf();
newUnsignedAttr = new AttributeAsn
{
AttrType = new Oid(Oids.CounterSigner, Oids.CounterSigner),
AttrValues = writer.Encode(),
};
}
ref SignedDataAsn signedData = ref _document.GetRawData();
public static T[] NormalizeSet <T>(
T[] setItems,
Action <byte[]> encodedValueProcessor = null)
{
AsnSet <T> set = new AsnSet <T>
{
SetData = setItems,
};
AsnWriter writer = AsnSerializer.Serialize(set, AsnEncodingRules.DER);
byte[] normalizedValue = writer.Encode();
set = AsnSerializer.Deserialize <AsnSet <T> >(normalizedValue, AsnEncodingRules.DER);
if (encodedValueProcessor != null)
{
encodedValueProcessor(normalizedValue);
}
return(set.SetData);
}
private static byte[] EncodeBagValue(string certificateType, ReadOnlyMemory <byte> encodedCertificate)
{
// Read to ensure that there is precisely one legally encoded value.
AsnReader reader = new AsnReader(encodedCertificate, AsnEncodingRules.BER);
reader.GetEncodedValue();
reader.ThrowIfNotEmpty();
// No need to copy encodedCertificate here, because it will be copied into the
// return value.
CertBagAsn certBagAsn = new CertBagAsn
{
CertId = certificateType,
CertValue = encodedCertificate,
};
using (AsnWriter writer = AsnSerializer.Serialize(certBagAsn, AsnEncodingRules.BER))
{
return(writer.Encode());
}
}
public byte[] Encode()
{
if (!_hasData)
{
throw new InvalidOperationException(SR.Cryptography_Cms_MessageNotSigned);
}
try
{
return(Helpers.EncodeContentInfo(_signedData, Oids.Pkcs7Signed));
}
catch (CryptographicException)
{
if (Detached)
{
throw;
}
// If we can't write the contents back out then the most likely culprit is an
// indefinite length encoding in the content field. To preserve as much input data
// as possible while still maintaining our expectations of sorting any SET OF values,
// do the following:
// * Write the DER normalized version of the SignedData in detached mode.
// * BER-decode that structure
// * Copy the content field over
// * BER-write the modified structure.
SignedDataAsn copy = _signedData;
copy.EncapContentInfo.Content = null;
Debug.Assert(_signedData.EncapContentInfo.Content != null);
using (AsnWriter detachedWriter = AsnSerializer.Serialize(copy, AsnEncodingRules.DER))
{
copy = AsnSerializer.Deserialize <SignedDataAsn>(detachedWriter.Encode(), AsnEncodingRules.BER);
}
copy.EncapContentInfo.Content = _signedData.EncapContentInfo.Content;
return(Helpers.EncodeContentInfo(copy, Oids.Pkcs7Signed, AsnEncodingRules.BER));
}
}