/// <summary> /// Gets sanitized DS object name from certificate's subject. /// </summary> /// <param name="fromCert">Specifies the certificate to use for DS name generation.</param> /// <returns>Sanitized name of DS object.</returns> /// <remarks> /// Default method implementation checks if specified certificate is CA certificate. If true, subject name /// is used to generate DS object name, otherwise issuer name is used to generate DS object name. /// </remarks> protected virtual String GetContainerName(X509Certificate2 fromCert) { X500DistinguishedName fullSubject; // get the name to be used as the name in DS. If certificate subject is end entity, // use issuer name (first attribute), if subject is CA, use subject name (first attrbiute). if (fromCert.Version == 3) { // attempt to retrieve Basic Constraints extension X509Extension ext = fromCert.Extensions[X509CertExtensions.X509BasicConstraints]; // if Basic Constraints is absent, pick issuer name if (ext == null) { fullSubject = fromCert.IssuerName; } else { // if Basic Constraints is presented, check if isCA attribute. // if isCA = TRUE, use subject name, otherwise use issuer name var bc = (X509BasicConstraintsExtension)CryptographyUtils.ConvertExtension(ext); fullSubject = bc.CertificateAuthority ? fromCert.SubjectName : fromCert.IssuerName; } } else { // V1 certificates are threated as end entity, so pick up issuer name. fullSubject = fromCert.IssuerName; } return(generateContainerName(fullSubject)); }
/// <summary> /// Decodes an ASN.1-encoded byte array that represents complete X509Extension object to an instance of /// <see cref="X509Extension"/> instance. /// </summary> /// <param name="rawData">ASN.1-encoded byte array that represents requested object.</param> /// <returns>Decoded <see cref="X509Extension"/> object.</returns> /// <exception cref="ArgumentNullException"><strong>rawData</strong> parameter is null reference.</exception> /// <exception cref="Asn1InvalidTagException">Byte array do not represent requested object.</exception> public static X509Extension DecodeX509Extension(Byte[] rawData) { if (rawData == null) { throw new ArgumentNullException(nameof(rawData)); } Asn1Reader asn = new Asn1Reader(rawData); if (asn.Tag != 48) { throw new Asn1InvalidTagException(asn.Offset); } asn.MoveNext(); if (asn.Tag != (Byte)Asn1Type.OBJECT_IDENTIFIER) { throw new Asn1InvalidTagException(asn.Offset); } Oid oid = new Asn1ObjectIdentifier(asn).Value; Boolean critical = false; asn.MoveNext(); if (asn.Tag == (Byte)Asn1Type.BOOLEAN) { critical = Asn1Utils.DecodeBoolean(asn.GetTagRawData()); asn.MoveNext(); } if (asn.Tag != (Byte)Asn1Type.OCTET_STRING) { throw new Asn1InvalidTagException(asn.Offset); } return(CryptographyUtils.ConvertExtension(new X509Extension(oid, asn.GetPayload(), critical))); }
void processExtensions() { foreach (X509Extension extension in Extensions) { if (_excludedExtensions.Contains(extension.Oid.Value)) { continue; } _extensions.Add(CryptographyUtils.ConvertExtension(extension)); } finalExtensions = new X509ExtensionCollection(); foreach (var extension in _extensions) { finalExtensions.Add(extension); } }
void m_generateextensions(X509Certificate2 cert) { List <Byte> sext = new List <Byte>(); Oid oid = new Oid("1.3.6.1.5.5.7.48.1.7"); sext.AddRange(cert.IssuerName.RawData); if (cert.Extensions.Count > 0) { foreach (X509Extension ext in cert.Extensions.Cast <X509Extension>().Where(ext => ext.Oid.Value == "1.3.6.1.5.5.7.1.1")) { sext.AddRange(ext.RawData); } } sext = new List <Byte>(Asn1Utils.Encode(sext.ToArray(), 48)); _listExtensions.Add(CryptographyUtils.ConvertExtension(new X509Extension(oid, sext.ToArray(), false))); }
void m_generateextensions(X509Certificate2 cert) { List <Byte> sext = new List <Byte>(); Oid oid = new Oid(X509CertExtensions.X509ServiceLocator); sext.AddRange(cert.IssuerName.RawData); if (cert.Extensions.Count > 0) { X509Extension ext = cert.Extensions[X509CertExtensions.X509AuthorityInformationAccess]; if (ext != null) { sext.AddRange(ext.RawData); } } sext = new List <Byte>(Asn1Utils.Encode(sext.ToArray(), 48)); _listExtensions.Add(CryptographyUtils.ConvertExtension(new X509Extension(oid, sext.ToArray(), false))); }
/// <summary> /// Converts generic X.509 extension objects to specialized certificate extension objects /// inherited from <see cref="X509Extension"/> class that provide extension-specific information. /// </summary> /// <param name="cert">Certificate.</param> /// <exception cref="ArgumentNullException"> /// <strong>cert</strong> parameter is null reference. /// </exception> /// <returns>A collection of certificate extensions</returns> /// <remarks> /// This method can transform the following X.509 certificate extensions: /// <list type="bullet"> /// <item><description><see cref="X509CertificateTemplateExtension"/></description></item> /// <item><description><see cref="X509ApplicationPoliciesExtension"/></description></item> /// <item><description><see cref="X509ApplicationPolicyMappingsExtension"/></description></item> /// <item><description><see cref="X509ApplicationPolicyConstraintsExtension"/></description></item> /// <item><description><see cref="X509AuthorityInformationAccessExtension"/></description></item> /// <item><description><see cref="X509NonceExtension"/></description></item> /// <item><description><see cref="X509CRLReferenceExtension"/></description></item> /// <item><description><see cref="X509ArchiveCutoffExtension"/></description></item> /// <item><description><see cref="X509ServiceLocatorExtension"/></description></item> /// <item><description><see cref="X509SubjectKeyIdentifierExtension"/></description></item> /// <item><description><see cref="X509KeyUsageExtension"/></description></item> /// <item><description><see cref="X509SubjectAlternativeNamesExtension"/></description></item> /// <item><description><see cref="X509IssuerAlternativeNamesExtension"/></description></item> /// <item><description><see cref="X509BasicConstraintsExtension"/></description></item> /// <item><description><see cref="X509CRLNumberExtension"/></description></item> /// <item><description><see cref="X509NameConstraintsExtension"/></description></item> /// <item><description><see cref="X509CRLDistributionPointsExtension"/></description></item> /// <item><description><see cref="X509CertificatePoliciesExtension"/></description></item> /// <item><description><see cref="X509CertificatePolicyMappingsExtension"/></description></item> /// <item><description><see cref="X509AuthorityKeyIdentifierExtension"/></description></item> /// <item><description><see cref="X509CertificatePolicyConstraintsExtension"/></description></item> /// <item><description><see cref="X509EnhancedKeyUsageExtension"/></description></item> /// <item><description><see cref="X509FreshestCRLExtension"/></description></item> /// </list> /// Non-supported extensions will be returned as an <see cref="X509Extension"/> object. /// </remarks> public static X509ExtensionCollection ResolveExtensions(this X509Certificate2 cert) { if (cert == null) { throw new ArgumentNullException(nameof(cert)); } if (cert.Extensions.Count == 0) { return(cert.Extensions); } X509ExtensionCollection extensions = new X509ExtensionCollection(); foreach (var ext in cert.Extensions) { extensions.Add(CryptographyUtils.ConvertExtension(ext)); } return(extensions); }
void decodeTbsResponse(Asn1Reader tbsResponseData) { tbsResponseData.MoveNext(); if (tbsResponseData.Tag == 160) { //Asn1Reader aversion = new Asn1Reader(tbsResponseData.RawData, tbsResponseData.PayloadStartOffset); Asn1Reader aversion = new Asn1Reader(tbsResponseData); aversion.MoveNext(); Version = aversion.GetPayload()[0] + 1; tbsResponseData.MoveNextCurrentLevel(); } else { Version = 1; } //responderID switch (tbsResponseData.Tag) { case 161: ResponderNameId = new X500DistinguishedName(tbsResponseData.GetPayload()); tbsResponseData.MoveNextCurrentLevel(); break; case 162: tbsResponseData.MoveNext(); StringBuilder SB = new StringBuilder(); foreach (Byte element in tbsResponseData.GetPayload()) { SB.Append(element.ToString("X2")); } ResponderKeyId = SB.ToString(); tbsResponseData.MoveNext(); break; default: throw new Exception("Invalid tag at responderID. Expected 161 (byName) or 162 (byKey)."); } //tbsResponseData.MoveNextCurrentLevel(); ProducedAt = Asn1Utils.DecodeGeneralizedTime(tbsResponseData.GetTagRawData()); if (DateTime.Now < ProducedAt.AddMinutes(-10)) { ResponseErrorInformation += (Int32)OCSPResponseComplianceError.ResponseNotTimeValid; } //responses tbsResponseData.MoveNext(); //single response Asn1Reader responses = new Asn1Reader(tbsResponseData.GetTagRawData()); responses.MoveNext(); Int32 Offset; Responses = new OCSPSingleResponseCollection(); do { Asn1Reader response = new Asn1Reader(responses); Offset = response.NextCurrentLevelOffset; Responses.Add(new OCSPSingleResponse(response)); if (Request != null) { foreach (OCSPSingleResponse item in Responses) { Boolean certidmatch = Request.RequestList.Any(x => x.CertId.Equals(item.CertId)); if (!certidmatch) { ResponseErrorInformation += (Int32)OCSPResponseComplianceError.CertIdMismatch; } } } } while (Offset != 0); if (tbsResponseData.NextCurrentLevelOffset != 0) { tbsResponseData.MoveNextCurrentLevel(); if (tbsResponseData.Tag == 161) { X509ExtensionCollection exts = new X509ExtensionCollection(); exts.Decode(tbsResponseData.GetPayload()); foreach (X509Extension item in exts) { _listExtensions.Add(CryptographyUtils.ConvertExtension(item)); if (_listExtensions[_listExtensions.Count - 1].Oid.Value == X509CertExtensions.X509OcspNonce) { NonceReceived = true; NonceValue = _listExtensions[_listExtensions.Count - 1].Format(false); } } } else { throw new Exception("Unexpected tag at responseExtensions. Expected 161."); } } }