void m_encode(Oid oid)
{
if (String.IsNullOrWhiteSpace(oid.Value))
{
Initialize(new Asn1Reader(new Byte[] { TAG, 0 }));
Value = new Oid();
return;
}
if (oid.Value.Length > 8096)
{
throw new OverflowException("Oid string is longer than 8kb");
}
if (!validateOidString(oid.Value, out List <UInt64> tokens))
{
throw new InvalidDataException(String.Format(InvalidType, TYPE.ToString()));
}
Value = oid;
Initialize(new Asn1Reader(Asn1Utils.Encode(encode(tokens), TAG)));
}
List <Byte> buildTbsRequest(X500DistinguishedName requester)
{
List <Byte> tbsRequest = new List <Byte>();
if (requester != null)
{
X509AlternativeName requesterName = new X509AlternativeName(X509AlternativeNamesEnum.DirectoryName, requester);
tbsRequest.AddRange(Asn1Utils.Encode(requesterName.RawData, 0xa1));
}
tbsRequest.AddRange(RequestList.Encode());
if (Nonce)
{
_listExtensions.Add(new X509NonceExtension());
Byte[] extensionsbytes = Asn1Utils.Encode(Extensions.Encode(), 162);
tbsRequest.AddRange(extensionsbytes);
NonceValue = _listExtensions[_listExtensions.Count - 1].Format(false).Trim();
}
return(Asn1Utils.Encode(tbsRequest.ToArray(), 48).ToList());
}
/// <summary>
/// Encodes current object to an ASN.1 format.
/// </summary>
/// <returns>ASN.1-encoded byte array that represents current object.</returns>
public Byte[] Encode()
{
var retValue = new List <Byte>();
switch (Type)
{
case SubjectIdentifierType.IssuerAndSerialNumber:
retValue.AddRange(((X509IssuerSerial)Value).RawData);
break;
case SubjectIdentifierType.SubjectKeyIdentifier:
retValue.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(Value.ToString(), EncodingType.HexRaw), 0x80));
break;
default:
throw new ArgumentException("Invalid CMS issuer identifier type.");
}
return(retValue.ToArray());
}
/// <summary>
/// Encodes an array of <see cref="X509PolicyQualifier"/> to an ASN.1-encoded byte array.
/// </summary>
/// <returns>ASN.1-encoded byte array.</returns>
public Byte[] Encode()
{
if (_list.Count == 0)
{
return(null);
}
Int32 index = 1;
List <Byte> rawData = new List <Byte>();
foreach (X509PolicyQualifier qualifier in _list)
{
if (qualifier.Type == X509PolicyQualifierType.UserNotice)
{
qualifier.NoticeNumber = index;
index++;
}
rawData.AddRange(qualifier.Encode());
}
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
void m_initialize(Int32?explicitPolicy, Int32?inhibitPolicy)
{
Oid = _oid;
Critical = true;
List <Byte> rawData = new List <Byte>();
if (explicitPolicy != null)
{
BigInteger integer = new BigInteger((Int32)explicitPolicy);
rawData.AddRange(Asn1Utils.Encode(integer.ToLittleEndianByteArray(), 0x80));
RequireExplicitPolicy = explicitPolicy;
}
if (inhibitPolicy != null)
{
BigInteger integer = new BigInteger((Int32)inhibitPolicy);
rawData.AddRange(Asn1Utils.Encode(integer.ToLittleEndianByteArray(), 0x81));
InhibitPolicyMapping = inhibitPolicy;
}
RawData = Asn1Utils.Encode(rawData.ToArray(), 48);
}
/// <summary>
/// Encodes revocation entry to a ASN.1-encoded byte array.
/// </summary>
/// <returns>ASN.1-encoded byte array</returns>
public Byte[] Encode()
{
if (String.IsNullOrEmpty(SerialNumber))
{
throw new UninitializedObjectException();
}
List <Byte> rawData = new List <Byte>(AsnFormatter.StringToBinary(SerialNumber, EncodingType.HexAny));
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), (Byte)Asn1Type.INTEGER));
rawData.AddRange(Asn1Utils.EncodeDateTime(RevocationDate));
if (ReasonCode != 0)
{
Byte[] reasonEnum = new Byte[] { 10, 1, (Byte)ReasonCode };
X509ExtensionCollection exts = new X509ExtensionCollection();
X509Extension CRlReasonCode = new X509Extension("2.5.29.21", reasonEnum, false);
exts.Add(CRlReasonCode);
rawData.AddRange(Crypt32Managed.EncodeX509Extensions(exts));
}
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
/// <summary>
/// Encodes current extension to ASN.1-encoded byte array.
/// </summary>
/// <param name="extension">Extension to encode.</param>
/// <exception cref="ArgumentNullException"><strong>extension</strong> parameter is null.</exception>
/// <exception cref="UninitializedObjectException">Extension object is not properly initialized.</exception>
/// <returns></returns>
public static Byte[] Encode(this X509Extension extension)
{
if (extension == null)
{
throw new ArgumentNullException(nameof(extension));
}
if (String.IsNullOrEmpty(extension.Oid.Value))
{
throw new UninitializedObjectException();
}
List <Byte> rawData = new List <Byte>(Asn1Utils.EncodeObjectIdentifier(extension.Oid));
if (extension.Critical)
{
rawData.AddRange(Asn1Utils.EncodeBoolean(true));
}
rawData.AddRange(Asn1Utils.Encode(extension.RawData, (Byte)Asn1Type.OCTET_STRING));
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
/// <summary>
/// Hashes current blob in <see cref="ToBeSignedData"/> member, constructs algorithm identifier
/// (usually, with "NoSign" suffix) and attaches hash value in the signature section.
/// </summary>
/// <param name="hashAlgorithm">Hash algorithm to use for hashing.</param>
/// <exception cref="ArgumentException">
/// Hash algorithm is not valid or cannot be mapped to respective signature algorithm.
/// </exception>
/// <exception cref="ArgumentNullException">
/// <strong>hashAlgorithm</strong> parameter is null.
/// </exception>
public void Hash(Oid2 hashAlgorithm)
{
if (hashAlgorithm == null)
{
throw new ArgumentNullException(nameof(hashAlgorithm));
}
Oid2 transofrmedOid = Oid2.MapHashToSignatureOid(hashAlgorithm);
using (var hasher = HashAlgorithm.Create(hashAlgorithm.FriendlyName)) {
if (hasher == null)
{
throw new ArgumentException("Specified hash algorithm is not valid hashing algorithm");
}
List <Byte> signature = hasher.ComputeHash(ToBeSignedData).ToList();
signature.Insert(0, 0);
Signature = new Asn1BitString(Asn1Utils.Encode(signature.ToArray(), (Byte)Asn1Type.BIT_STRING));
}
SignatureAlgorithm = new AlgorithmIdentifier(transofrmedOid.ToOid(), Asn1Utils.EncodeNull());
BlobType = ContentBlobType.SignedBlob;
}
void m_initialize(X509Certificate2 cert)
{
List <Byte> rawData = new List <Byte>();
rawData.AddRange(cert.IssuerName.RawData);
if (cert.Extensions.Count > 0)
{
foreach (X509Extension item in cert.Extensions.Cast <X509Extension>().Where(item => item.Oid.Value == "1.3.6.1.5.5.7.1.1"))
{
AIARaw = item.RawData;
rawData.AddRange(item.RawData);
m_extracturls(cert);
}
}
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), 48));
IssuerName = cert.Issuer;
Critical = false;
Oid = _oid;
RawData = rawData.ToArray();
}
void initializeFromAsn(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
HashingAlgorithm = new AlgorithmIdentifier(Asn1Utils.Encode(asn.GetPayload(), 48)).AlgorithmId;
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.OCTET_STRING);
// issuerNameHash
IssuerNameId = AsnFormatter.BinaryToString(asn.GetPayload()).Trim();
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.OCTET_STRING);
// issuerKeyId
IssuerKeyId = AsnFormatter.BinaryToString(asn.GetPayload()).Trim();
asn.MoveNextCurrentLevelAndExpectTags((Byte)Asn1Type.INTEGER);
// serialnumber
serialNumber = asn.GetPayload();
IsReadOnly = true;
}
void m_initialize(X509Certificate2 cert)
{
List <Byte> rawData = new List <Byte>();
rawData.AddRange(cert.IssuerName.RawData);
if (cert.Extensions.Count > 0)
{
X509Extension ext = cert.Extensions[X509CertExtensions.X509AuthorityInformationAccess];
if (ext != null)
{
AIARaw = ext.RawData;
rawData.AddRange(ext.RawData);
m_extracturls(cert);
}
}
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), 48));
IssuerName = cert.Issuer;
Critical = false;
Oid = _oid;
RawData = rawData.ToArray();
}
void encodeIpAddress(String value) {
if (value == null) {
rawData = new Byte[] { 135, 0 };
} else {
Boolean ipv4 = value.Contains('.');
List<Byte> bytes = new List<Byte>();
String[] tokens = value.Split('/');
value = tokens[0];
String netMask = String.Empty;
try {
bytes.AddRange(IPAddress.Parse(value).GetAddressBytes());
} catch {
throw new ArgumentException("The specified value is not valid IPv4 or IPv6 address.");
}
if (tokens.Length == 2) {
netMask = "/" + tokens[1];
Byte maskLength = Convert.ToByte(tokens[1]);
if (ipv4 && maskLength > 32) {
throw new ArgumentException("The IPv4 netmask value is invalid.");
}
if (!ipv4 && maskLength > 128) {
throw new ArgumentException("The IPv6 netmask value is invalid.");
}
if (ipv4) {
Int32 bits = 32 - maskLength;
Int32 mask = ~(0 | ((Int32)Math.Pow(2, bits) - 1));
bytes.AddRange(BitConverter.GetBytes(mask).Reverse());
} else {
// ipv6
Int32 maskBits = maskLength;
Int32 shiftBits = 128 - maskBits;
BigInteger mask = ((BigInteger)Math.Pow(2, maskBits) - 1) << shiftBits;
bytes.AddRange(mask.ToLittleEndianByteArray().Skip(1).Take(16).ToArray());
}
}
Value = IPAddress.Parse(value) + netMask;
rawData = Asn1Utils.Encode(bytes.ToArray(), 135);
}
}
void m_initialize(IEnumerable <String> urls, Int32?syncDeltaTime, Boolean critical)
{
Oid = _oid;
Critical = critical;
DeltaSyncTimeInSeconds = syncDeltaTime;
List <Byte> rawData = new List <Byte>();
if (DeltaSyncTimeInSeconds != null)
{
rawData.AddRange(new Asn1Integer(DeltaSyncTimeInSeconds.Value).RawData);
}
Uri[] uris = urls.Select(url => new Uri(url)).ToArray();
CrossCertDistributionPoints = new X509AlternativeNameCollection();
foreach (Uri url in uris)
{
CrossCertDistributionPoints.Add(new X509AlternativeName(X509AlternativeNamesEnum.URL, url));
}
CrossCertDistributionPoints.Close();
rawData.AddRange(Asn1Utils.Encode(CrossCertDistributionPoints.Encode(), 48));
RawData = rawData.ToArray();
}
void signRequest(X509Certificate2 signerCert)
{
List <Byte> tbsRequest = buildTbsRequest(signerCert.SubjectName);
Byte[] signature = MessageSignature.SignMessage(signerCert, tbsRequest.ToArray(), signatureAlgID);
SignerCertificate = signerCert;
if (includeFullSigChain)
{
buildSignerCertChain();
}
else
{
_signerChain.Add(signerCert);
}
AlgorithmIdentifier algId = new AlgorithmIdentifier(signatureAlgID);
List <Byte> signatureInfo = new List <Byte>(algId.RawData);
signatureInfo.AddRange(new Asn1BitString(signature, false).RawData);
signatureInfo.AddRange(Asn1Utils.Encode(_signerChain.Encode(), 0xa0));
tbsRequest.AddRange(Asn1Utils.Encode(Asn1Utils.Encode(signatureInfo.ToArray(), 48), 0xa0));
RawData = Asn1Utils.Encode(tbsRequest.ToArray(), 48);
IsReadOnly = true;
}
/// <summary>
/// Encodes current object to a DER-encoded byte array. Returned array is used to construct initial OCSP Request structure.
/// </summary>
/// <returns>Returns a DER-encoded byte array.</returns>
/// <value>System.Byte[]</value>
public Byte[] Encode()
{
if (!String.IsNullOrEmpty(SerialNumber))
{
if (issuerPublicKey != null)
{
initializeFromCertAndIssuer();
}
// algorithm identifier
var rawData = new List <Byte>(Asn1Utils.EncodeObjectIdentifier(hashAlgorithm));
rawData.AddRange(Asn1Utils.EncodeNull());
rawData = new List <Byte>(Asn1Utils.Encode(rawData.ToArray(), 48));
// IssuerNameId
rawData.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(IssuerNameId, EncodingType.HexRaw), 4));
// IssuerKeyId
rawData.AddRange(Asn1Utils.Encode(AsnFormatter.StringToBinary(IssuerKeyId, EncodingType.HexRaw), 4));
// SerialNumber
rawData.AddRange(Asn1Utils.Encode(serialNumber, 2));
IsReadOnly = true;
return(Asn1Utils.Encode(rawData.ToArray(), 48));
}
throw new UninitializedObjectException();
}
void initializeFromCert(X509Certificate2 issuer, AuthorityKeyIdentifierFlags flags, Boolean critical)
{
Oid = _oid;
Critical = critical;
IncludedComponents = AuthorityKeyIdentifierFlags.None;
// TODO rawData is not used
List <Byte> rawData = new List <Byte>();
if ((flags & AuthorityKeyIdentifierFlags.KeyIdentifier) > 0)
{
using (var hasher = SHA1.Create()) {
var hashbytes = hasher.ComputeHash(issuer.PublicKey.EncodedKeyValue.RawData);
KeyIdentifier = AsnFormatter.BinaryToString(hashbytes, EncodingType.HexRaw, EncodingFormat.NOCRLF);
rawData.AddRange(Asn1Utils.Encode(hashbytes, 0x80));
}
IncludedComponents |= AuthorityKeyIdentifierFlags.KeyIdentifier;
}
if ((flags & AuthorityKeyIdentifierFlags.AlternativeNames) > 0)
{
X509Extension san = issuer.Extensions[X509ExtensionOid.SubjectAlternativeNames];
Debug.Assert(san != null, "san != null");
AsnEncodedData encoded = new AsnEncodedData(san.RawData);
var sanExt = new X509SubjectAlternativeNamesExtension(encoded, false);
IssuerNames = sanExt.AlternativeNames;
IssuerNames.Close();
Asn1Reader asn = new Asn1Reader(san.RawData);
rawData.AddRange(Asn1Utils.Encode(asn.GetPayload(), 0x81));
IncludedComponents |= AuthorityKeyIdentifierFlags.AlternativeNames;
}
if ((flags & AuthorityKeyIdentifierFlags.SerialNumber) > 0)
{
SerialNumber = issuer.SerialNumber;
rawData.AddRange(Asn1Utils.Encode(issuer.GetSerialNumber().Reverse().ToArray(), 0x82));
IncludedComponents |= AuthorityKeyIdentifierFlags.SerialNumber;
}
RawData = Asn1Utils.Encode(rawData.ToArray(), 48);
}
// here we use reduced encoding, that is, use minimum required bytes to encode extension value.
void m_initialize(UInt16 caVersion, UInt16 keyVersion)
{
Oid = new Oid(X509CertExtensions.X509CAVersion);
CACertificateVersion = caVersion;
CAKeyVersion = keyVersion;
// max 2 bytes
List <Byte> certBytes = BitConverter.GetBytes((UInt16)CACertificateVersion).ToList();
if (BitConverter.IsLittleEndian)
{
certBytes.Reverse();
}
if (keyVersion == 0)
{
if (CACertificateVersion == 0)
{
RawData = RawData = new Byte[] { 2, 1, 0 };
}
else
{
// truncate leading zero bytes. Only if key index is zero.
RawData = Asn1Utils.Encode(certBytes.SkipWhile(x => x == 0).ToArray(), (Byte)Asn1Type.INTEGER);
}
}
else
{
List <Byte> keyBytes = BitConverter.GetBytes((UInt16)CAKeyVersion).ToList();
if (BitConverter.IsLittleEndian)
{
keyBytes.Reverse();
}
// truncate leading zero bytes for key, cert bytes must be 2 bytes long.
keyBytes = keyBytes.SkipWhile(x => x == 0).ToList();
keyBytes.AddRange(certBytes);
RawData = Asn1Utils.Encode(keyBytes.ToArray(), (Byte)Asn1Type.INTEGER);
}
}
void m_encode(String inputString)
{
Value = inputString;
Initialize(new Asn1Reader(Asn1Utils.Encode(Encoding.UTF32.GetBytes(inputString).Reverse().ToArray(), TAG)));
}
void m_decode(Byte[] rawData)
{
Asn1Reader asn = new Asn1Reader(rawData);
asn.MoveNext();
if (asn.PayloadLength == 0)
{
return;
}
do
{
Byte[] altNames;
switch (asn.Tag)
{
case 0xA0:
Asn1Reader distName = new Asn1Reader(asn.GetPayload());
do
{
switch (distName.Tag)
{
case 0xA0:
// full name
altNames = Asn1Utils.Encode(distName.GetPayload(), 48);
FullName = new X509AlternativeNameCollection();
FullName.Decode(altNames);
break;
case 0xA1:
// relative to issuer name
Byte[] relativeName = Asn1Utils.Encode(distName.GetPayload(), 48);
RelativeToIssuerName = new X500DistinguishedName(relativeName);
break;
default:
throw new InvalidDataException("The data is invalid");
}
} while (distName.MoveNextCurrentLevel());
break;
case 0xA1:
// reasons
Asn1BitString bs = new Asn1BitString(asn.GetPayload());
if (bs.Value[0] == 0)
{
Reasons = X509RevocationReasons.Unspecified;
break;
}
Byte mask = 1;
do
{
if ((bs.Value[0] & mask) > 0)
{
switch (mask)
{
case 1: Reasons += (Int32)X509RevocationReasons.AACompromise; break;
case 2: Reasons += (Int32)X509RevocationReasons.PrivilegeWithdrawn; break;
case 4: Reasons += (Int32)X509RevocationReasons.CertificateHold; break;
case 8: Reasons += (Int32)X509RevocationReasons.CeaseOfOperation; break;
case 16: Reasons += (Int32)X509RevocationReasons.Superseded; break;
case 32: Reasons += (Int32)X509RevocationReasons.ChangeOfAffiliation; break;
case 64: Reasons += (Int32)X509RevocationReasons.CACompromise; break;
case 128: Reasons += (Int32)X509RevocationReasons.KeyCompromise; break;
}
}
mask <<= 1;
} while (mask != 128);
break;
case 0xA2:
// crl issuer
altNames = Asn1Utils.Encode(asn.GetPayload(), 48);
CRLIssuer = new X509AlternativeNameCollection();
CRLIssuer.Decode(altNames);
break;
default:
throw new InvalidDataException("The data is invalid.");
}
} while (asn.MoveNextCurrentLevel());
RawData = rawData;
}
void m_encode(String inputString)
{
Value = inputString;
Init(new Asn1Reader(Asn1Utils.Encode(Encoding.UTF32.GetBytes(inputString), tag)));
}
void m_encode(DateTime time, TimeZoneInfo zone, Boolean preciseTime)
{
tagValue = time;
zoneInfo = zone;
Init(new Asn1Reader(Asn1Utils.Encode(DateTimeUtils.Encode(time, zone, false, preciseTime), tag)));
}
void m_encode(DateTime time, TimeZoneInfo zone, Boolean preciseTime)
{
Value = time;
ZoneInfo = zone;
Initialize(new Asn1Reader(Asn1Utils.Encode(DateTimeUtils.Encode(time, zone, true, preciseTime), TAG)));
}
public static Byte[] EncodeGeneric(Byte tag, String value, Byte unusedBits)
{
switch (tag)
{
case (Byte)Asn1Type.BOOLEAN:
return(new Asn1Boolean(Boolean.Parse(value)).RawData);
case (Byte)Asn1Type.INTEGER:
return(new Asn1Integer(BigInteger.Parse(value)).RawData);
case (Byte)Asn1Type.BIT_STRING:
return(new Asn1BitString(HexUtility.HexToBinary(value), unusedBits).RawData);
case (Byte)Asn1Type.OCTET_STRING:
return(new Asn1OctetString(HexUtility.HexToBinary(value), false).RawData);
case (Byte)Asn1Type.NULL:
return(new Asn1Null().RawData);
case (Byte)Asn1Type.OBJECT_IDENTIFIER:
return(new Asn1ObjectIdentifier(value).RawData);
case (Byte)Asn1Type.ENUMERATED:
return(new Asn1Enumerated(UInt64.Parse(value)).RawData);
case (Byte)Asn1Type.UTF8String:
return(new Asn1UTF8String(value).RawData);
case (Byte)Asn1Type.NumericString:
return(new Asn1NumericString(value).RawData);
case (Byte)Asn1Type.TeletexString:
return(new Asn1TeletexString(value).RawData);
case (Byte)Asn1Type.VideotexString:
return(Asn1Utils.Encode(Encoding.ASCII.GetBytes(value), tag));
case (Byte)Asn1Type.PrintableString:
return(new Asn1PrintableString(value).RawData);
case (Byte)Asn1Type.IA5String:
return(new Asn1IA5String(value).RawData);
case (Byte)Asn1Type.UTCTime:
return(EncodeUTCTime(DateTime.ParseExact(value, "MM/dd/yyyy HH:mm:ss", CultureInfo.InvariantCulture)));
case (Byte)Asn1Type.GeneralizedTime:
return(EncodeGeneralizedTime(DateTime.ParseExact(value, "MM/dd/yyyy HH:mm:ss", CultureInfo.InvariantCulture)));
//case (Byte)ASN1Tags.GraphicString
case (Byte)Asn1Type.VisibleString:
return(new Asn1VisibleString(value).RawData);
case (Byte)Asn1Type.GeneralString:
return(Asn1Utils.Encode(Encoding.UTF8.GetBytes(value), tag));
case (Byte)Asn1Type.UniversalString:
return(new Asn1UniversalString(value).RawData);
case (Byte)Asn1Type.BMPString:
return(new Asn1BMPString(value).RawData);
default:
if ((tag & (Byte)Asn1Type.TAG_MASK) == 6)
{
return(Asn1Utils.Encode(Encoding.UTF8.GetBytes(value), tag));
}
return(Asn1Utils.Encode(HexUtility.HexToBinary(value), tag));
}
}
public static Byte[] EncodeHex(Byte tag, String hexString, Byte unusedBits)
{
Byte[] hexBytes = AsnFormatter.StringToBinary(hexString, EncodingType.Hex);
return(Asn1Utils.Encode(hexBytes, tag));
}
void m_encode(String inputString)
{
Value = inputString;
Init(new Asn1Reader(Asn1Utils.Encode(Encoding.BigEndianUnicode.GetBytes(inputString), tag)));
}
void m_encode(BigInteger inputInteger)
{
Value = inputInteger;
Init(new Asn1Reader(Asn1Utils.Encode(inputInteger.GetAsnBytes(), tag)));
}
void m_encode(BigInteger inputInteger)
{
Value = Convert.ToUInt64(inputInteger);
Initialize(new Asn1Reader(Asn1Utils.Encode(inputInteger.GetAsnBytes(), TAG)));
}
/// <summary>
///
/// </summary>
public void Encode()
{
RawData = Asn1Utils.Encode(buildTbsRequest(null).ToArray(), 48);
IsReadOnly = true;
}
void m_encode(BigInteger crlNumber)
{
CRLNumber = crlNumber;
RawData = Asn1Utils.Encode(crlNumber.ToLittleEndianByteArray(), (Byte)Asn1Type.INTEGER);
}
void decodeResponse()
{
asn1 = new Asn1Reader(RawData);
if (asn1.Tag != 48)
{
throw new Exception("Response data is not valid ASN.1 encoded data.");
}
//response status
asn1.MoveNext();
if (asn1.Tag != 10)
{
throw new Exception("Unable to decode OCSP Reponse data. The data is invalid.");
}
ResponseStatus = (OCSPResponseStatus)asn1.GetPayload()[0];
if (asn1.NextOffset == 0)
{
return;
}
//responseBytesCS
asn1.MoveNext();
if (asn1.Tag != 160)
{
throw new Exception("Unable to decode Response.");
}
asn1.MoveNext();
asn1.MoveNext();
if (asn1.Tag != 6)
{
throw new Exception("Response type is invalid.");
}
Byte[] oidbytes = Asn1Utils.Encode(asn1.GetPayload(), (Byte)Asn1Type.OBJECT_IDENTIFIER);
decodeResponseType(oidbytes);
asn1.MoveNext();
if (asn1.Tag != 4)
{
throw new Exception("Response is missing.");
}
//BasicOCSPResponse
asn1.MoveNext();
if (asn1.Tag != 48)
{
throw new Exception("tbsResponseData is missing.");
}
asn1.MoveNext();
//tbsResponseData
var a = asn1.GetPayload();
Asn1Reader tbsResponseData = new Asn1Reader(asn1.GetTagRawData());
//decodetbsResponse(tbsResponseData);
//signatureAlgorithm
asn1.MoveNextCurrentLevel();
SignatureAlgorithm = (new AlgorithmIdentifier(Asn1Utils.Encode(asn1.GetPayload(), 48))).AlgorithmId;
//signature
asn1.MoveNextCurrentLevel();
Byte[] signature = asn1.GetPayload().Skip(1).ToArray();
// GenericArray.GetSubArray(asn1.Payload, 1, asn1.Payload.Length - 1);
SignerCertificates = new X509Certificate2Collection();
if (asn1.MoveNext())
{
asn1.MoveNext();
Asn1Reader cert = new Asn1Reader(asn1.GetPayload());
do
{
SignerCertificates.Add(new X509Certificate2(Asn1Utils.Encode(cert.GetPayload(), 48)));
} while (cert.MoveNextCurrentLevel());
verifySigner(SignerCertificates[0], true);
} // optional. Find cert in store.
verifyAll(tbsResponseData, signature, SignatureAlgorithm);
}
