/**
* Constructor from Asn1Sequence.
* <p/>
* The sequence is of type CertificatePair:
* <p/>
* <pre>
* CertificatePair ::= SEQUENCE {
* forward [0] Certificate OPTIONAL,
* reverse [1] Certificate OPTIONAL,
* -- at least one of the pair shall be present -- }
* </pre>
*
* @param seq The ASN.1 sequence.
*/
private CertificatePair(
Asn1Sequence seq)
{
if (seq.Count != 1 && seq.Count != 2)
{
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
}
foreach (object obj in seq)
{
Asn1TaggedObject o = Asn1TaggedObject.GetInstance(obj);
if (o.TagNo == 0)
{
forward = X509CertificateStructure.GetInstance(o, true);
}
else if (o.TagNo == 1)
{
reverse = X509CertificateStructure.GetInstance(o, true);
}
else
{
throw new ArgumentException("Bad tag number: " + o.TagNo);
}
}
}
public Certificate(X509CertificateStructure[] certificateList)
{
if (certificateList == null)
throw new ArgumentNullException("certificateList");
this.mCertificateList = certificateList;
}
public CmpCertificate(X509CertificateStructure x509v3PKCert)
{
if (x509v3PKCert.Version != 3)
throw new ArgumentException("only version 3 certificates allowed", "x509v3PKCert");
this.x509v3PKCert = x509v3PKCert;
}
internal CertificateSubject(X509CertificateStructure cert)
{
IList ids = cert.Subject.GetOidList();
IList values = cert.Subject.GetValueList();
for (int index = 0; index < ids.Count; index++)
{
if (X509Name.CN.Equals(ids[index]))
{
CommonName = (string)values[index];
}
else if (X509Name.O.Equals(ids[index]))
{
Organistion = (string)values[index];
}
else if (X509Name.OU.Equals(ids[index]))
{
OrganistionUnit = (string)values[index];
}
else if (X509Name.L.Equals(ids[index]))
{
Location = (string)values[index];
}
else if (X509Name.ST.Equals(ids[index]))
{
State = (string)values[index];
}
else if (X509Name.C.Equals(ids[index]))
{
Country = (string)values[index];
}
}
}
/**
* Parse the ServerCertificate message.
*
* @param inStr The stream where to parse from.
* @return A Certificate object with the certs, the server has sended.
* @throws IOException If something goes wrong during parsing.
*/
internal static Certificate Parse(
Stream inStr)
{
int left = TlsUtilities.ReadUint24(inStr);
if (left == 0)
{
return EmptyChain;
}
IList tmp = Platform.CreateArrayList();
while (left > 0)
{
int size = TlsUtilities.ReadUint24(inStr);
left -= 3 + size;
byte[] buf = new byte[size];
TlsUtilities.ReadFully(buf, inStr);
MemoryStream bis = new MemoryStream(buf, false);
Asn1Object o = Asn1Object.FromStream(bis);
tmp.Add(X509CertificateStructure.GetInstance(o));
if (bis.Position < bis.Length)
{
throw new ArgumentException("Sorry, there is garbage data left after the certificate");
}
}
X509CertificateStructure[] certs = new X509CertificateStructure[tmp.Count];
for (int i = 0; i < tmp.Count; ++i)
{
certs[i] = (X509CertificateStructure)tmp[i];
}
return new Certificate(certs);
}
public static (Org.BouncyCastle.Crypto.Tls.Certificate crtificate, AsymmetricKeyParameter privateKey) CreateSelfSignedTlsCert(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivateKey)
{
const int keyStrength = DEFAULT_KEY_SIZE;
if (issuerPrivateKey == null)
{
issuerPrivateKey = CreatePrivateKeyResource(issuerName);
}
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", issuerPrivateKey, random);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.DnsName, "localhost"), new GeneralName(GeneralName.DnsName, "127.0.0.1") }));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(new List <DerObjectIdentifier>()
{
new DerObjectIdentifier("1.3.6.1.5.5.7.3.1")
}));
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(70);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// self sign certificate
var certificate = certificateGenerator.Generate(signatureFactory);
var chain = new Org.BouncyCastle.Asn1.X509.X509CertificateStructure[] { X509CertificateStructure.GetInstance(certificate.GetEncoded()) };
var tlsCertificate = new Org.BouncyCastle.Crypto.Tls.Certificate(chain);
return(tlsCertificate, subjectKeyPair.Private);
}
public X509CertificateStructure[] GetCertificates()
{
X509CertificateStructure[] result = new X509CertificateStructure[certificates.Count];
for (int i = 0; i < certificates.Count; ++i)
{
result[i] = X509CertificateStructure.GetInstance(certificates[i]);
}
return result;
}
public static Certificate LoadCertificateChain(string[] resources)
{
Org.BouncyCastle.Asn1.X509.X509CertificateStructure[]
chain = new Org.BouncyCastle.Asn1.X509.X509CertificateStructure[resources.Length];
for (int i = 0; i < resources.Length; ++i)
{
chain[i] = LoadCertificateResource(resources[i]);
}
return(new Certificate(chain));
}
public static Certificate LoadCertificateChain(X509Certificate2[] certificates)
{
var chain = new Org.BouncyCastle.Asn1.X509.X509CertificateStructure[certificates.Length];
for (int i = 0; i < certificates.Length; i++)
{
chain[i] = LoadCertificateResource(certificates[i]);
}
return(new Certificate(chain));
}
public X509Certificate(
X509CertificateStructure c)
{
this.c = c;
try
{
Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
}
}
catch (Exception e)
{
throw new CertificateParsingException("cannot construct BasicConstraints: " + e);
}
try
{
Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15"));
if (str != null)
{
DerBitString bits = DerBitString.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
byte[] bytes = bits.GetBytes();
int length = (bytes.Length * 8) - bits.PadBits;
keyUsage = new bool[(length < 9) ? 9 : length];
for (int i = 0; i != length; i++)
{
// keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
keyUsage[i] = (bytes[i / 8] & (0x80 >> (i % 8))) != 0;
}
}
else
{
keyUsage = null;
}
}
catch (Exception e)
{
throw new CertificateParsingException("cannot construct KeyUsage: " + e);
}
}
internal static string Fingerprint(X509CertificateStructure c)
{
byte[] der = c.GetEncoded();
byte[] sha1 = Sha256DigestOf(der);
byte[] hexBytes = Hex.Encode(sha1);
string hex = Encoding.ASCII.GetString(hexBytes).ToUpper(CultureInfo.InvariantCulture);
StringBuilder fp = new StringBuilder();
int i = 0;
fp.Append(hex.Substring(i, 2));
while ((i += 2) < hex.Length)
{
fp.Append(':');
fp.Append(hex.Substring(i, 2));
}
return fp.ToString();
}
public static RTCDtlsFingerprint Fingerprint(string hashAlgorithm, Org.BouncyCastle.Asn1.X509.X509CertificateStructure c)
{
if (!IsHashSupported(hashAlgorithm))
{
throw new ApplicationException($"Hash algorithm {hashAlgorithm} is not supported for DTLS fingerprints.");
}
IDigest digestAlgorithm = DigestUtilities.GetDigest(hashAlgorithm.ToString());
byte[] der = c.GetEncoded();
byte[] hash = DigestOf(digestAlgorithm, der);
return(new RTCDtlsFingerprint
{
algorithm = digestAlgorithm.AlgorithmName.ToLower(),
value = hash.HexStr(':')
});
}
private void checkConstruction(
RequestedCertificate requested,
RequestedCertificate.Choice type,
byte[] certOctets,
X509CertificateStructure cert)
{
checkValues(requested, type, certOctets, cert);
requested = RequestedCertificate.GetInstance(requested);
checkValues(requested, type, certOctets, cert);
Asn1InputStream aIn = new Asn1InputStream(requested.ToAsn1Object().GetEncoded());
object obj = aIn.ReadObject();
requested = RequestedCertificate.GetInstance(obj);
checkValues(requested, type, certOctets, cert);
}
private CertificatePair(Asn1Sequence seq)
{
if (seq.Count != 1 && seq.Count != 2)
{
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
}
foreach (object current in seq)
{
Asn1TaggedObject instance = Asn1TaggedObject.GetInstance(current);
if (instance.TagNo == 0)
{
this.forward = X509CertificateStructure.GetInstance(instance, true);
}
else
{
if (instance.TagNo != 1)
{
throw new ArgumentException("Bad tag number: " + instance.TagNo);
}
this.reverse = X509CertificateStructure.GetInstance(instance, true);
}
}
}
private CertificatePair(Asn1Sequence seq)
{
//IL_0032: Unknown result type (might be due to invalid IL or missing references)
//IL_0093: Unknown result type (might be due to invalid IL or missing references)
if (seq.Count != 1 && seq.Count != 2)
{
throw new ArgumentException(string.Concat((object)"Bad sequence size: ", (object)seq.Count), "seq");
}
global::System.Collections.IEnumerator enumerator = seq.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
object current = enumerator.get_Current();
Asn1TaggedObject instance = Asn1TaggedObject.GetInstance(current);
if (instance.TagNo == 0)
{
forward = X509CertificateStructure.GetInstance(instance, explicitly: true);
continue;
}
if (instance.TagNo == 1)
{
reverse = X509CertificateStructure.GetInstance(instance, explicitly: true);
continue;
}
throw new ArgumentException(string.Concat((object)"Bad tag number: ", (object)instance.TagNo));
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
protected virtual X509Certificate CreateX509Certificate(
X509CertificateStructure c)
{
return new X509Certificate(c);
}
/**
* Private constructure from an cert array.
*
* @param certs The certs the chain should contain.
*/
private Certificate(
X509CertificateStructure[] certs)
{
this.certs = certs;
}
/**
* Parse a {@link Certificate} from a {@link Stream}.
*
* @param input the {@link Stream} to parse from.
* @return a {@link Certificate} object.
* @throws IOException
*/
public static Certificate Parse(Stream input)
{
int totalLength = TlsUtilities.ReadUint24(input);
if (totalLength == 0)
{
return EmptyChain;
}
byte[] certListData = TlsUtilities.ReadFully(totalLength, input);
MemoryStream buf = new MemoryStream(certListData, false);
IList certificate_list = Platform.CreateArrayList();
while (buf.Position < buf.Length)
{
byte[] derEncoding = TlsUtilities.ReadOpaque24(buf);
Asn1Object asn1Cert = TlsUtilities.ReadDerObject(derEncoding);
certificate_list.Add(X509CertificateStructure.GetInstance(asn1Cert));
}
X509CertificateStructure[] certificateList = new X509CertificateStructure[certificate_list.Count];
for (int i = 0; i < certificate_list.Count; ++i)
{
certificateList[i] = (X509CertificateStructure)certificate_list[i];
}
return new Certificate(certificateList);
}
public CertificatePair(X509CertificateStructure forward, X509CertificateStructure reverse)
{
this.forward = forward;
this.reverse = reverse;
}
private static X509CertificateStructure[] CopyCertList(X509CertificateStructure[] orig)
{
return (X509CertificateStructure[])orig.Clone();
}
public CscaMasterList(
X509CertificateStructure[] certStructs)
{
certList = CopyCertList(certStructs);
}
public X509TestPublicKeyCertificate(X509CertificateStructure in_Cert)
: base(in_Cert)
{
}
public static X509CertificateStructure GetInstance(Asn1TaggedObject obj, bool explicitly)
{
return(X509CertificateStructure.GetInstance(Asn1Sequence.GetInstance(obj, explicitly)));
}
protected virtual X509CertificateStructure CorruptCertificateSignature(X509CertificateStructure cert)
{
Asn1EncodableVector v = new Asn1EncodableVector();
v.Add(cert.TbsCertificate);
v.Add(cert.SignatureAlgorithm);
v.Add(CorruptBitString(cert.Signature));
return X509CertificateStructure.GetInstance(new DerSequence(v));
}
/// <exception cref="System.IO.IOException"></exception>
//private IDictionary<DerObjectIdentifier, Asn1Encodable> ExtendUnsignedAttributes(IDictionary
// <DerObjectIdentifier, Asn1Encodable> unsignedAttrs, X509Certificate signingCertificate
// , DateTime signingDate, CertificateSource optionalCertificateSource)
private IDictionary ExtendUnsignedAttributes(IDictionary unsignedAttrs
, X509Certificate signingCertificate, DateTime signingDate
, CertificateSource optionalCertificateSource)
{
ValidationContext validationContext = certificateVerifier.ValidateCertificate(signingCertificate
, signingDate, optionalCertificateSource, null, null);
try
{
IList<X509CertificateStructure> certificateValues = new AList<X509CertificateStructure
>();
AList<CertificateList> crlValues = new AList<CertificateList>();
AList<BasicOcspResponse> ocspValues = new AList<BasicOcspResponse>();
foreach (CertificateAndContext c in validationContext.GetNeededCertificates())
{
if (!c.Equals(signingCertificate))
{
certificateValues.AddItem(X509CertificateStructure.GetInstance(((Asn1Sequence)Asn1Object.FromByteArray
(c.GetCertificate().GetEncoded()))));
}
}
foreach (X509Crl relatedcrl in validationContext.GetNeededCRL())
{
crlValues.AddItem(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(((X509Crl
)relatedcrl).GetEncoded())));
}
foreach (BasicOcspResp relatedocspresp in validationContext.GetNeededOCSPResp())
{
ocspValues.AddItem((BasicOcspResponse.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(
relatedocspresp.GetEncoded()))));
}
CertificateList[] crlValuesArray = new CertificateList[crlValues.Count];
BasicOcspResponse[] ocspValuesArray = new BasicOcspResponse[ocspValues.Count];
RevocationValues revocationValues = new RevocationValues(Sharpen.Collections.ToArray
(crlValues, crlValuesArray), Sharpen.Collections.ToArray(ocspValues, ocspValuesArray
), null);
//unsignedAttrs.Put(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new Attribute
unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new BcCms.Attribute
(PkcsObjectIdentifiers.IdAAEtsRevocationValues, new DerSet(revocationValues))
);
X509CertificateStructure[] certValuesArray = new X509CertificateStructure[certificateValues
.Count];
//unsignedAttrs.Put(PkcsObjectIdentifiers.IdAAEtsCertValues, new Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(Sharpen.Collections.ToArray(certificateValues
unsignedAttrs.Add(PkcsObjectIdentifiers.IdAAEtsCertValues, new BcCms.Attribute(PkcsObjectIdentifiers.IdAAEtsCertValues, new DerSet(new DerSequence(Sharpen.Collections.ToArray(certificateValues
, certValuesArray)))));
}
catch (CertificateEncodingException e)
{
throw new RuntimeException(e);
}
catch (CrlException e)
{
throw new RuntimeException(e);
}
return unsignedAttrs;
}
private void checkValues(
RequestedCertificate requested,
RequestedCertificate.Choice type,
byte[] certOctets,
X509CertificateStructure cert)
{
checkMandatoryField("certType", (int) type, (int) requested.Type);
if (requested.Type == RequestedCertificate.Choice.Certificate)
{
checkMandatoryField("certificate", cert.GetEncoded(), requested.GetCertificateBytes());
}
else
{
checkMandatoryField("certificateOctets", certOctets, requested.GetCertificateBytes());
}
}
/// <summary>
/// Create an System.Security.Cryptography.X509Certificate from an X509Certificate Structure.
/// </summary>
/// <param name="x509Struct"></param>
/// <returns>A System.Security.Cryptography.X509Certificate.</returns>
public static SystemX509.X509Certificate ToX509Certificate(
X509CertificateStructure x509Struct)
{
return new SystemX509.X509Certificate(x509Struct.GetDerEncoded());
}
private void ValidateKeyUsage(X509CertificateStructure c, int keyUsageBits)
{
X509Extensions exts = c.TbsCertificate.Extensions;
if (exts != null)
{
X509Extension ext = exts.GetExtension(X509Extensions.KeyUsage);
if (ext != null)
{
DerBitString ku = KeyUsage.GetInstance(ext);
int bits = ku.GetBytes()[0];
if ((bits & keyUsageBits) != keyUsageBits)
{
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_certificate_unknown);
}
}
}
}
/**
* Constructor from a given details.
* <p/>
* Only one parameter can be given. All other must be <code>null</code>.
*
* @param certificate Given as Certificate
*/
public RequestedCertificate(
X509CertificateStructure certificate)
{
this.cert = certificate;
}
/**
* Private constructor from a cert array.
*
* @param certs The certs the chain should contain.
*/
public Certificate(X509CertificateStructure[] certs)
{
this.certs = certs;
}
/**
* Constructor from a given details.
*
* @param forward Certificates issued to this CA.
* @param reverse Certificates issued by this CA to other CAs.
*/
public CertificatePair(
X509CertificateStructure forward,
X509CertificateStructure reverse)
{
this.forward = forward;
this.reverse = reverse;
}
/// <summary>Return true.</summary>
public bool IsValid(
X509CertificateStructure[] certs)
{
return true;
}
internal static void ValidateKeyUsage(X509CertificateStructure c, int keyUsageBits)
{
X509Extensions exts = c.TbsCertificate.Extensions;
if (exts != null)
{
X509Extension ext = exts.GetExtension(X509Extensions.KeyUsage);
if (ext != null)
{
DerBitString ku = KeyUsage.GetInstance(ext);
int bits = ku.GetBytes()[0];
if ((bits & keyUsageBits) != keyUsageBits)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
}
}
}
/**
* Private constructor from a cert array.
*
* @param certs The certs the chain should contain.
*/
public Certificate(X509CertificateStructure[] certs)
{
if (certs == null)
throw new ArgumentNullException("certs");
this.certs = certs;
}
internal static Certificate LoadCertificateChain(string[] resources)
{
X509CertificateStructure[] chain = new X509CertificateStructure[resources.Length];
for (int i = 0; i < resources.Length; ++i)
{
chain[i] = LoadCertificateResource(resources[i]);
}
return new Certificate(chain);
}
/// <summary>Return true.</summary>
public bool IsValid(Uri targetUri, X509CertificateStructure[] certs)
{
return true;
}
