internal byte[][] Encode()
{
return(DerEncoder.ConstructSegmentedSequence(
HashAlgorithm.Encode(),
DerEncoder.SegmentedEncodeOctetString(CertificateHash),
IssuerSerial.Encode()));
}
private static byte[][] ParseRdn(
byte[][] encodedOid,
char[] chars,
int valueStart,
int valueEnd,
bool ia5String)
{
byte[][] encodedValue;
int length = valueEnd - valueStart;
if (ia5String)
{
// An email address with an invalid value will throw.
encodedValue = DerEncoder.SegmentedEncodeIA5String(chars, valueStart, length);
}
else if (DerEncoder.IsValidPrintableString(chars, valueStart, length))
{
encodedValue = DerEncoder.SegmentedEncodePrintableString(chars, valueStart, length);
}
else
{
encodedValue = DerEncoder.SegmentedEncodeUtf8String(chars, valueStart, length);
}
return(DerEncoder.ConstructSegmentedSet(
DerEncoder.ConstructSegmentedSequence(
encodedOid,
encodedValue)));
}
internal byte[][] Encode()
{
// Per RFC 5280 section 4.1.2.2 (https://tools.ietf.org/html/rfc5280#section-4.1.2.2)
// serial number must be an unsigned integer.
return(DerEncoder.ConstructSegmentedSequence(
DerEncoder.ConstructSegmentedSequence(GeneralNames.First().Encode()),
DerEncoder.SegmentedEncodeUnsignedInteger(SerialNumber)));
}
public byte[] Encode()
{
var entries = new List <byte[][]>(Certificates.Count);
foreach (var essCertIdV2 in Certificates)
{
entries.Add(essCertIdV2.Encode());
}
return(DerEncoder.ConstructSequence(DerEncoder.ConstructSegmentedSequence(entries)));
}
internal static byte[][] SegmentedEncodeSubjectPublicKeyInfo(this PublicKey publicKey)
{
if (publicKey == null)
{
throw new ArgumentNullException(nameof(publicKey));
}
if (publicKey.Oid == null ||
string.IsNullOrEmpty(publicKey.Oid.Value) ||
publicKey.EncodedKeyValue == null)
{
throw new CryptographicException(SR.Cryptography_InvalidPublicKey_Object);
}
// SubjectPublicKeyInfo::= SEQUENCE {
// algorithm AlgorithmIdentifier,
// subjectPublicKey BIT STRING
// }
//
// AlgorithmIdentifier::= SEQUENCE {
// algorithm OBJECT IDENTIFIER,
// parameters ANY DEFINED BY algorithm OPTIONAL
// }
byte[][] algorithmIdentifier;
if (publicKey.EncodedParameters == null)
{
algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(publicKey.Oid));
}
else
{
DerSequenceReader validator =
DerSequenceReader.CreateForPayload(publicKey.EncodedParameters.RawData);
validator.ValidateAndSkipDerValue();
if (validator.HasData)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(publicKey.Oid),
publicKey.EncodedParameters.RawData.WrapAsSegmentedForSequence());
}
return(DerEncoder.ConstructSegmentedSequence(
algorithmIdentifier,
DerEncoder.SegmentedEncodeBitString(
publicKey.EncodedKeyValue.RawData)));
}
internal static byte[][] SegmentedEncodedX509Extension(this X509Extension extension)
{
if (extension.Critical)
{
return(DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(extension.Oid),
DerEncoder.SegmentedEncodeBoolean(extension.Critical),
DerEncoder.SegmentedEncodeOctetString(extension.RawData)));
}
return(DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(extension.Oid),
DerEncoder.SegmentedEncodeOctetString(extension.RawData)));
}
internal static byte[][] SegmentedEncodeAttributeSet(this IEnumerable <X501Attribute> attributes)
{
List <byte[][]> encodedAttributes = new List <byte[][]>();
foreach (X501Attribute attribute in attributes)
{
encodedAttributes.Add(
DerEncoder.ConstructSegmentedSequence(
DerEncoder.SegmentedEncodeOid(attribute.Oid),
DerEncoder.ConstructSegmentedPresortedSet(
attribute.RawData.WrapAsSegmentedForSequence())));
}
return(DerEncoder.ConstructSegmentedSet(encodedAttributes.ToArray()));
}
// ESSCertIDv2::= SEQUENCE {
// hashAlgorithm AlgorithmIdentifier
// DEFAULT {algorithm id-sha256 },
// certHash Hash,
// issuerSerial IssuerSerial OPTIONAL
// }
private static byte[][] CreateESSCertIDv2Entry(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
{
// Get hash Oid
var hashAlgorithmOid = hashAlgorithm.ConvertToOidString();
var entry = GetESSCertIDv2Entry(cert, hashAlgorithm);
return(DerEncoder.ConstructSegmentedSequence(new List <byte[][]>()
{
// AlgorithmIdentifier
DerEncoder.SegmentedEncodeOid(hashAlgorithmOid),
// Hash
DerEncoder.SegmentedEncodeOctetString(entry.Value)
}));
}
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
// The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive
// of the DER structural bytes.
//SubjectPublicKeyInfo::= SEQUENCE {
// algorithm AlgorithmIdentifier{ { SupportedAlgorithms} },
// subjectPublicKey BIT STRING,
// ... }
//
//AlgorithmIdentifier{ ALGORITHM: SupportedAlgorithms} ::= SEQUENCE {
// algorithm ALGORITHM.&id({ SupportedAlgorithms}),
// parameters ALGORITHM.&Type({ SupportedAlgorithms}
// { @algorithm}) OPTIONAL,
// ... }
//
//ALGORITHM::= CLASS {
// &Type OPTIONAL,
// &id OBJECT IDENTIFIER UNIQUE }
//WITH SYNTAX {
// [&Type]
//IDENTIFIED BY &id }
// key.EncodedKeyValue corresponds to SubjectPublicKeyInfo.subjectPublicKey, except it
// has had the BIT STRING envelope removed.
//
// key.EncodedParameters corresponds to AlgorithmIdentifier.Parameters precisely
// (DER NULL for RSA, DER Constructed SEQUENCE for DSA)
byte[] empty = Array.Empty <byte>();
byte[][] algorithmOid = DerEncoder.SegmentedEncodeOid(key.Oid);
// Because ConstructSegmentedSequence doesn't look to see that it really is tag+length+value (but does check
// that the array has length 3), just hide the joined TLV triplet in the last element.
byte[][] segmentedParameters = { empty, empty, key.EncodedParameters.RawData };
byte[][] algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(algorithmOid, segmentedParameters);
byte[][] subjectPublicKey = DerEncoder.SegmentedEncodeBitString(key.EncodedKeyValue.RawData);
using (SHA1 hash = SHA1.Create())
{
return(hash.ComputeHash(
DerEncoder.ConstructSequence(
algorithmIdentifier,
subjectPublicKey)));
}
}
internal byte[][] Encode()
{
return(DerEncoder.ConstructSegmentedSequence(DerEncoder.SegmentedEncodeOid(Algorithm)));
}