public CertificationRequestInfo(
X509Name subject,
SubjectPublicKeyInfo pkInfo,
Asn1Set attributes)
{
this.subject = subject;
this.subjectPKInfo = pkInfo;
this.attributes = attributes;
if (subject == null || version == null || subjectPKInfo == null)
{
throw new ArgumentException(
"Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
private CertTemplate(Asn1Sequence seq)
{
this.seq = seq;
foreach (Asn1TaggedObject tObj in seq)
{
switch (tObj.TagNo)
{
case 0:
version = DerInteger.GetInstance(tObj, false);
break;
case 1:
serialNumber = DerInteger.GetInstance(tObj, false);
break;
case 2:
signingAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 3:
issuer = X509Name.GetInstance(tObj, true); // CHOICE
break;
case 4:
validity = OptionalValidity.GetInstance(Asn1Sequence.GetInstance(tObj, false));
break;
case 5:
subject = X509Name.GetInstance(tObj, true); // CHOICE
break;
case 6:
publicKey = SubjectPublicKeyInfo.GetInstance(tObj, false);
break;
case 7:
issuerUID = DerBitString.GetInstance(tObj, false);
break;
case 8:
subjectUID = DerBitString.GetInstance(tObj, false);
break;
case 9:
extensions = X509Extensions.GetInstance(tObj, false);
break;
default:
throw new ArgumentException("unknown tag: " + tObj.TagNo, "seq");
}
}
}
private CertificationRequestInfo(
Asn1Sequence seq)
{
version = (DerInteger) seq[0];
subject = X509Name.GetInstance(seq[1]);
subjectPKInfo = SubjectPublicKeyInfo.GetInstance(seq[2]);
//
// some CertificationRequestInfo objects seem to treat this field
// as optional.
//
if (seq.Count > 3)
{
DerTaggedObject tagobj = (DerTaggedObject) seq[3];
attributes = Asn1Set.GetInstance(tagobj, false);
}
if (subject == null || version == null || subjectPKInfo == null)
{
throw new ArgumentException(
"Not all mandatory fields set in CertificationRequestInfo generator.");
}
}
public void SetSubjectPublicKeyInfo(
SubjectPublicKeyInfo pubKeyInfo)
{
this.subjectPublicKeyInfo = pubKeyInfo;
}
internal TbsCertificateStructure(
Asn1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq[0] is DerTaggedObject)
{
version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
}
else
{
seqStart = -1; // field 0 is missing!
version = new DerInteger(0);
}
serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);
signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
issuer = X509Name.GetInstance(seq[seqStart + 3]);
//
// before and after dates
//
Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];
startDate = Time.GetInstance(dates[0]);
endDate = Time.GetInstance(dates[1]);
subject = X509Name.GetInstance(seq[seqStart + 5]);
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);
for (int extras = seq.Count - (seqStart + 6) - 1; extras > 0; extras--)
{
DerTaggedObject extra = (DerTaggedObject) seq[seqStart + 6 + extras];
switch (extra.TagNo)
{
case 1:
issuerUniqueID = DerBitString.GetInstance(extra, false);
break;
case 2:
subjectUniqueID = DerBitString.GetInstance(extra, false);
break;
case 3:
extensions = X509Extensions.GetInstance(extra);
break;
}
}
}
/**
* Return a RFC 3280 type 1 key identifier. As in:
* <pre>
* (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
* value of the BIT STRING subjectPublicKey (excluding the tag,
* length, and number of unused bits).
* </pre>
* @param keyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public static SubjectKeyIdentifier CreateSha1KeyIdentifier(
SubjectPublicKeyInfo keyInfo)
{
return new SubjectKeyIdentifier(keyInfo);
}
/**
* Calculates the keyIdentifier using a SHA1 hash over the BIT STRING
* from SubjectPublicKeyInfo as defined in RFC3280.
*
* @param spki the subject public key info.
*/
public SubjectKeyIdentifier(
SubjectPublicKeyInfo spki)
{
this.keyIdentifier = GetDigest(spki);
}
private static byte[] GetDigest(
SubjectPublicKeyInfo spki)
{
IDigest digest = new Sha1Digest();
byte[] resBuf = new byte[digest.GetDigestSize()];
byte[] bytes = spki.PublicKeyData.GetBytes();
digest.BlockUpdate(bytes, 0, bytes.Length);
digest.DoFinal(resBuf, 0);
return resBuf;
}
/**
* Return a RFC 3280 type 2 key identifier. As in:
* <pre>
* (2) The keyIdentifier is composed of a four bit type field with
* the value 0100 followed by the least significant 60 bits of the
* SHA-1 hash of the value of the BIT STRING subjectPublicKey.
* </pre>
* @param keyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public static SubjectKeyIdentifier CreateTruncatedSha1KeyIdentifier(
SubjectPublicKeyInfo keyInfo)
{
byte[] dig = GetDigest(keyInfo);
byte[] id = new byte[8];
Array.Copy(dig, dig.Length - 8, id, 0, id.Length);
id[0] &= 0x0f;
id[0] |= 0x40;
return new SubjectKeyIdentifier(id);
}
public void SetSubjectPublicKeyInfo(
SubjectPublicKeyInfo pubKeyInfo)
{
this.subjectPublicKeyInfo = pubKeyInfo;
}
public virtual CertTemplateBuilder SetPublicKey(SubjectPublicKeyInfo spki)
{
publicKey = spki;
return this;
}
public static AsymmetricKeyParameter CreateKey(
SubjectPublicKeyInfo keyInfo)
{
AlgorithmIdentifier algID = keyInfo.AlgorithmID;
DerObjectIdentifier algOid = algID.ObjectID;
// TODO See RSAUtil.isRsaOid in Java build
if (algOid.Equals(PkcsObjectIdentifiers.RsaEncryption)
|| algOid.Equals(X509ObjectIdentifiers.IdEARsa)
|| algOid.Equals(PkcsObjectIdentifiers.IdRsassaPss)
|| algOid.Equals(PkcsObjectIdentifiers.IdRsaesOaep))
{
RsaPublicKeyStructure pubKey = RsaPublicKeyStructure.GetInstance(
keyInfo.GetPublicKey());
return new RsaKeyParameters(false, pubKey.Modulus, pubKey.PublicExponent);
}
else if (algOid.Equals(X9ObjectIdentifiers.DHPublicNumber))
{
Asn1Sequence seq = Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object());
DHPublicKey dhPublicKey = DHPublicKey.GetInstance(keyInfo.GetPublicKey());
BigInteger y = dhPublicKey.Y.Value;
if (IsPkcsDHParam(seq))
return ReadPkcsDHParam(algOid, y, seq);
DHDomainParameters dhParams = DHDomainParameters.GetInstance(seq);
BigInteger p = dhParams.P.Value;
BigInteger g = dhParams.G.Value;
BigInteger q = dhParams.Q.Value;
BigInteger j = null;
if (dhParams.J != null)
{
j = dhParams.J.Value;
}
DHValidationParameters validation = null;
DHValidationParms dhValidationParms = dhParams.ValidationParms;
if (dhValidationParms != null)
{
byte[] seed = dhValidationParms.Seed.GetBytes();
BigInteger pgenCounter = dhValidationParms.PgenCounter.Value;
// TODO Check pgenCounter size?
validation = new DHValidationParameters(seed, pgenCounter.IntValue);
}
return new DHPublicKeyParameters(y, new DHParameters(p, g, q, j, validation));
}
else if (algOid.Equals(PkcsObjectIdentifiers.DhKeyAgreement))
{
Asn1Sequence seq = Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object());
DerInteger derY = (DerInteger) keyInfo.GetPublicKey();
return ReadPkcsDHParam(algOid, derY.Value, seq);
}
else if (algOid.Equals(OiwObjectIdentifiers.ElGamalAlgorithm))
{
ElGamalParameter para = new ElGamalParameter(
Asn1Sequence.GetInstance(algID.Parameters.ToAsn1Object()));
DerInteger derY = (DerInteger) keyInfo.GetPublicKey();
return new ElGamalPublicKeyParameters(
derY.Value,
new ElGamalParameters(para.P, para.G));
}
else if (algOid.Equals(X9ObjectIdentifiers.IdDsa)
|| algOid.Equals(OiwObjectIdentifiers.DsaWithSha1))
{
DerInteger derY = (DerInteger) keyInfo.GetPublicKey();
Asn1Encodable ae = algID.Parameters;
DsaParameters parameters = null;
if (ae != null)
{
DsaParameter para = DsaParameter.GetInstance(ae.ToAsn1Object());
parameters = new DsaParameters(para.P, para.Q, para.G);
}
return new DsaPublicKeyParameters(derY.Value, parameters);
}
else if (algOid.Equals(X9ObjectIdentifiers.IdECPublicKey))
{
X962Parameters para = new X962Parameters(algID.Parameters.ToAsn1Object());
X9ECParameters x9;
if (para.IsNamedCurve)
{
x9 = ECKeyPairGenerator.FindECCurveByOid((DerObjectIdentifier)para.Parameters);
}
else
{
x9 = new X9ECParameters((Asn1Sequence)para.Parameters);
}
Asn1OctetString key = new DerOctetString(keyInfo.PublicKeyData.GetBytes());
X9ECPoint derQ = new X9ECPoint(x9.Curve, key);
ECPoint q = derQ.Point;
if (para.IsNamedCurve)
{
return new ECPublicKeyParameters("EC", q, (DerObjectIdentifier)para.Parameters);
}
ECDomainParameters dParams = new ECDomainParameters(x9.Curve, x9.G, x9.N, x9.H, x9.GetSeed());
return new ECPublicKeyParameters(q, dParams);
}
else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x2001))
{
Gost3410PublicKeyAlgParameters gostParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence) algID.Parameters);
Asn1OctetString key;
try
{
key = (Asn1OctetString) keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = key.GetOctets();
byte[] x = new byte[32];
byte[] y = new byte[32];
for (int i = 0; i != y.Length; i++)
{
x[i] = keyEnc[32 - 1 - i];
}
for (int i = 0; i != x.Length; i++)
{
y[i] = keyEnc[64 - 1 - i];
}
ECDomainParameters ecP = ECGost3410NamedCurves.GetByOid(gostParams.PublicKeyParamSet);
if (ecP == null)
return null;
ECPoint q = ecP.Curve.CreatePoint(new BigInteger(1, x), new BigInteger(1, y));
return new ECPublicKeyParameters("ECGOST3410", q, gostParams.PublicKeyParamSet);
}
else if (algOid.Equals(CryptoProObjectIdentifiers.GostR3410x94))
{
Gost3410PublicKeyAlgParameters algParams = new Gost3410PublicKeyAlgParameters(
(Asn1Sequence) algID.Parameters);
DerOctetString derY;
try
{
derY = (DerOctetString) keyInfo.GetPublicKey();
}
catch (IOException)
{
throw new ArgumentException("invalid info structure in GOST3410 public key");
}
byte[] keyEnc = derY.GetOctets();
byte[] keyBytes = new byte[keyEnc.Length];
for (int i = 0; i != keyEnc.Length; i++)
{
keyBytes[i] = keyEnc[keyEnc.Length - 1 - i]; // was little endian
}
BigInteger y = new BigInteger(1, keyBytes);
return new Gost3410PublicKeyParameters(y, algParams.PublicKeyParamSet);
}
else
{
throw new SecurityUtilityException("algorithm identifier in key not recognised: " + algOid);
}
}