[System.Security.SecuritySafeCritical] // auto-generated
public override byte[] CreateSignature(byte[] rgbHash)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash));
}
else
{
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Create the signature by applying the private key to the padded buffer we just created.
return(_rsaKey.DecryptValue(pad));
}
}
public override byte[] CreateSignature(byte[] rgbHash)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (this._strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (this._rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
if (this._rsaKey is RSACryptoServiceProvider)
{
int algIdFromOid = X509Utils.GetAlgIdFromOid(this._strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)this._rsaKey).SignHash(rgbHash, algIdFromOid));
}
if (this.OverridesSignHash)
{
HashAlgorithmName hashAlgorithm = Utils.OidToHashAlgorithmName(this._strOID);
return(this._rsaKey.SignHash(rgbHash, hashAlgorithm, RSASignaturePadding.Pkcs1));
}
byte[] rgb = Utils.RsaPkcs1Padding(this._rsaKey, CryptoConfig.EncodeOID(this._strOID), rgbHash);
return(this._rsaKey.DecryptValue(rgb));
}
/// <summary>
/// Initializes a new instance of the Oid2 class using the specified Oid friendly name or value, OID registration group and search conditions.
/// </summary>
/// <param name="oid">Specifies the object identifier friendly name or value to search.</param>
/// <param name="group">Specifies the OID registration group to search.</param>
/// <param name="searchInDirectory">Specifies whether to search for an object identifier in Active Directory. If the machine is not
/// domain-joined, an OID is searched by using local registration information.</param>
public Oid2(String oid, OidGroupEnum group, Boolean searchInDirectory)
{
try {
CryptoConfig.EncodeOID(oid);
searchBy = "ByValue";
} catch { searchBy = "ByName"; }
if (Environment.OSVersion.Version.Major >= 6)
{
_cng = true;
}
if (searchInDirectory)
{
if (ActiveDirectory.Ping())
{
initializeDS(oid, group);
}
else
{
initializeLocal(oid, group);
}
}
else
{
initializeLocal(oid, group);
}
}
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
if (this._strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (this._rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
if (this._rsaKey is RSACryptoServiceProvider)
{
int algIdFromOid = X509Utils.GetAlgIdFromOid(this._strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)this._rsaKey).VerifyHash(rgbHash, algIdFromOid, rgbSignature));
}
if (this.OverridesVerifyHash)
{
HashAlgorithmName hashAlgorithm = Utils.OidToHashAlgorithmName(this._strOID);
return(this._rsaKey.VerifyHash(rgbHash, rgbSignature, hashAlgorithm, RSASignaturePadding.Pkcs1));
}
byte[] rhs = Utils.RsaPkcs1Padding(this._rsaKey, CryptoConfig.EncodeOID(this._strOID), rgbHash);
return(Utils.CompareBigIntArrays(this._rsaKey.EncryptValue(rgbSignature), rhs));
}
[System.Security.SecuritySafeCritical] // auto-generated
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, calgHash, rgbSignature));
}
else
{
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Apply the public key to the signature data to get back the padded buffer actually signed.
// Compare the two buffers to see if they match; ignoring any leading zeros
return(Utils.CompareBigIntArrays(_rsaKey.EncryptValue(rgbSignature), pad));
}
}
/// <summary>
/// Gets all registrations for the specified OID value.
/// </summary>
/// <param name="value">OID value to search. If the OID name is passed, it is converted to a best OID value
/// match and performs OID search by it's value.</param>
/// <param name="searchInDirectory">
/// Specifies whether to search for an object identifier in Active Directory. If the machine is not
/// domain-joined, an OID is searched by using local registration information.
/// </param>
/// <exception cref="ArgumentException">
/// The <strong>value</strong> parameter contains unresolvable object identifier friendly name.
/// </exception>
/// <returns>An array of OID registrations.</returns>
/// <remarks>
/// If registration information is found in Active Directory, <strong>DistinguishedName</strong> parameter contains
/// directory path to a OID registration entry.
/// </remarks>
public static Oid2[] GetAllOids(String value, Boolean searchInDirectory)
{
String oidvalue;
try {
CryptoConfig.EncodeOID(value);
oidvalue = value;
} catch {
Oid oid = new Oid(value);
if (String.IsNullOrEmpty(oid.Value))
{
throw new ArgumentException("Specified OID value is not recognized.", "value");
}
oidvalue = oid.Value;
}
return(new[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }.Select(@group => new Oid2(oidvalue, (OidGroupEnum)@group, searchInDirectory)).Where(obj => !String.IsNullOrEmpty(obj.Value)).ToArray());
}
[System.Security.SecuritySafeCritical] // auto-generated
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
// This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but
// not from OidToHashAlgorithmName.
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, calgHash, rgbSignature));
}
else if (OverridesVerifyHash)
{
HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID);
return(_rsaKey.VerifyHash(rgbHash, rgbSignature, hashAlgorithmName, RSASignaturePadding.Pkcs1));
}
else
{
// Fallback compat path for 3rd-party RSA classes that don't override VerifyHash()
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Apply the public key to the signature data to get back the padded buffer actually signed.
// Compare the two buffers to see if they match; ignoring any leading zeros
return(Utils.CompareBigIntArrays(_rsaKey.EncryptValue(rgbSignature), pad));
}
}
/// <summary>
/// Registers object identifier in the OID database, either, local or in Active Directory.
/// </summary>
/// <param name="value">An object identifier value to register.</param>
/// <param name="friendlyName">A friendly name associated with the object identifier.</param>
/// <param name="group">Specifies the OID group where specified object identifier should be registered.</param>
/// <param name="writeInDirectory">Specifies, whether object is registered locally or in Active Directory.</param>
/// <param name="localeId">
/// Specifies the locale ID. This parameter can be used to provide localized friendly name. This parameter can
/// be used only when <strong>writeInDirectory</strong> is set to <strong>True</strong> in other cases it is
/// silently ignored.
/// </param>
/// <param name="cpsUrl">
/// Specifies the URL to a <i>certificate practice statement</i> (<strong>CPS</strong>) location.
/// </param>
/// <exception cref="ArgumentNullException">
/// <strong>value</strong> and/or <strong>friendlyName</strong> is null or empty.
/// </exception>
/// <exception cref="ArgumentException">
/// Specified OID group is not supported. See <strong>Remarks</strong> section for more details.
/// </exception>
/// <exception cref="InvalidDataException"><strong>value</strong> parameter is not object idnetifier value.</exception>
/// <exception cref="NotSupportedException">
/// A caller chose OID registration in Active Directory, however, the current computer is not a member of any
/// Active Directory domain.
/// </exception>
/// <exception cref="InvalidOperationException">
/// An object identifier is already registered.
/// </exception>
/// <remarks>
/// <para>
/// <strong>Permissions:</strong> for this method to succeed, the caller must be a member of the local
/// administrators group (if <strong>writeInDirectory</strong> is set to <strong>False</strong>) or
/// be a member of <strong>Enterprise Admins</strong> group or has delegated write permissions on the
/// <strong>OID</strong> container in Active Directory. OID container location is
/// <i>CN=OID, CN=Public Key Services, CN=Services,CN=Configuration, {Configuration naming context}</i>.
/// </para>
/// <para>
/// A newly registered OID is not resolvable by an application immediately. You may need to restart an application
/// to allow new OID lookup.
/// </para>
/// <para>
/// When <strong>writeInDirectory</strong> is set to <strong>True</strong>, <strong>group</strong> parameter
/// is limited only to one of the following value: <strong>ApplicationPolicy</strong>,<strong>IssuancePolicy</strong>
/// and <strong>CertificateTemplate</strong>. Other OID groups are not allowed to be stored in Active Directory.
/// </para>
/// </remarks>
/// <returns>Registered object identifier.</returns>
public static Oid2 Register(String value, String friendlyName, OidGroupEnum group, Boolean writeInDirectory, CultureInfo localeId, String cpsUrl = null)
{
if (String.IsNullOrEmpty(value))
{
throw new ArgumentNullException("value");
}
if (String.IsNullOrEmpty(friendlyName))
{
throw new ArgumentNullException("friendlyName");
}
try { CryptoConfig.EncodeOID(value); } catch { throw new InvalidDataException("The value is not valid OID string."); }
String cn = null;
if (writeInDirectory)
{
if (!ActiveDirectory.Ping())
{
throw new NotSupportedException("Workgroup environment is not supported.");
}
if (!String.IsNullOrEmpty((new Oid2(value, group, true)).DistinguishedName))
{
throw new InvalidOperationException("The object already exist.");
}
List <Int32> exclude = new List <Int32>(new[] { 0, 1, 2, 3, 4, 5, 6, 9, 10 });
if (exclude.Contains((Int32)group))
{
throw new ArgumentException("The OID group is not valid.");
}
registerDS(new Oid(value, friendlyName), group, localeId, cpsUrl);
cn = "CN=" + computeOidHash(value) + ",CN=OID," + ActiveDirectory.ConfigContext;
}
else
{
registerLocal(new Oid(value, friendlyName), group);
}
return(new Oid2 {
FriendlyName = friendlyName,
Value = value,
OidGroup = group,
DistinguishedName = cn
});
}
public override byte[] CreateSignature(byte[] rgbHash)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (this._strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (this._rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
if (this._rsaKey is RSACryptoServiceProvider)
{
return(((RSACryptoServiceProvider)this._rsaKey).SignHash(rgbHash, this._strOID));
}
byte[] rgb = Utils.RsaPkcs1Padding(this._rsaKey, CryptoConfig.EncodeOID(this._strOID), rgbHash);
return(this._rsaKey.DecryptValue(rgb));
}
[System.Security.SecuritySafeCritical] // auto-generated
public override byte[] CreateSignature(byte[] rgbHash)
{
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
Contract.EndContractBlock();
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
// Two cases here -- if we are talking to the CSP version or if we are talking to some other RSA provider.
if (_rsaKey is RSACryptoServiceProvider)
{
// This path is kept around for desktop compat: in case someone is using this with a hash algorithm that's known to GetAlgIdFromOid but
// not from OidToHashAlgorithmName.
int calgHash = X509Utils.GetAlgIdFromOid(_strOID, OidGroup.HashAlgorithm);
return(((RSACryptoServiceProvider)_rsaKey).SignHash(rgbHash, calgHash));
}
else if (OverridesSignHash)
{
HashAlgorithmName hashAlgorithmName = Utils.OidToHashAlgorithmName(_strOID);
return(_rsaKey.SignHash(rgbHash, hashAlgorithmName, RSASignaturePadding.Pkcs1));
}
else
{
// Fallback compat path for 3rd-party RSA classes that don't override SignHash()
byte[] pad = Utils.RsaPkcs1Padding(_rsaKey, CryptoConfig.EncodeOID(_strOID), rgbHash);
// Create the signature by applying the private key to the padded buffer we just created.
return(_rsaKey.DecryptValue(pad));
}
}
/// <include file='doc\RSAPKCS1SignatureDeformatter.uex' path='docs/doc[@for="RSAPKCS1SignatureDeformatter.VerifySignature"]/*' />
public override bool VerifySignature(byte[] rgbHash, byte[] rgbSignature)
{
bool f;
if (_strOID == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingOID"));
}
if (_rsaKey == null)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_MissingKey"));
}
if (rgbHash == null)
{
throw new ArgumentNullException("rgbHash");
}
if (rgbSignature == null)
{
throw new ArgumentNullException("rgbSignature");
}
//
// Two cases here -- if we are talking to the CSP version or
// if we are talking to some other RSA provider.
//
if (_rsaKey is RSACryptoServiceProvider)
{
f = ((RSACryptoServiceProvider)_rsaKey).VerifyHash(rgbHash, _strOID, rgbSignature);
}
else
{
int cb = _rsaKey.KeySize / 8;
int cb1;
int i;
byte[] rgbInput = new byte[cb];
byte[] rgbOid = CryptoConfig.EncodeOID(_strOID);
int lenOid = rgbOid.Length;
byte[] rgbOut;
//
// We want to pad this to the following format:
//
// 00 || 01 || FF ... FF || 00 || prefix || Data
//
// We want basically to ASN 1 encode the OID + hash:
// STRUCTURE {
// STRUCTURE {
// OID <hash algorithm OID>
// NULL (0x05 0x00) // this is actually an ANY and contains the parameters of the algorithm specified by the OID, I think
// }
// OCTET STRING <hashvalue>
// }
//
// Get the correct prefix
byte[] rgbPrefix = new byte[lenOid + 8 + rgbHash.Length];
rgbPrefix[0] = 0x30; // a structure follows
int tmp = rgbPrefix.Length - 2;
rgbPrefix[1] = (byte)tmp;
rgbPrefix[2] = 0x30;
tmp = rgbOid.Length + 2;
rgbPrefix[3] = (byte)tmp;
Buffer.InternalBlockCopy(rgbOid, 0, rgbPrefix, 4, lenOid);
rgbPrefix[4 + lenOid] = 0x05;
rgbPrefix[4 + lenOid + 1] = 0x00;
rgbPrefix[4 + lenOid + 2] = 0x04; // an octet string follows
rgbPrefix[4 + lenOid + 3] = (byte)rgbHash.Length;
Buffer.InternalBlockCopy(rgbHash, 0, rgbPrefix, lenOid + 8, rgbHash.Length);
// Construct the whole array
cb1 = cb - rgbHash.Length - rgbPrefix.Length;
if (cb1 <= 2)
{
throw new CryptographicUnexpectedOperationException(Environment.GetResourceString("Cryptography_InvalidOID"));
}
rgbInput[0] = 0;
rgbInput[1] = 1;
for (i = 2; i < cb1 - 1; i++)
{
rgbInput[i] = 0xff;
}
rgbInput[cb1 - 1] = 0;
Buffer.InternalBlockCopy(rgbPrefix, 0, rgbInput, cb1, rgbPrefix.Length);
Buffer.InternalBlockCopy(rgbHash, 0, rgbInput, cb1 + rgbPrefix.Length, rgbHash.Length);
//
// Apply the public key to the signature data to get back
// the padded buffer actually signed.
//
rgbOut = _rsaKey.EncryptValue(rgbSignature);
//
// Compare the two buffers to see if they match
//
f = rgbOut.Equals(rgbInput);
}
return(f);
}