/// <summary>
/// Gets sanitized DS object name from certificate's subject.
/// </summary>
/// <param name="fromCert">Specifies the certificate to use for DS name generation.</param>
/// <returns>Sanitized name of DS object.</returns>
/// <remarks>
/// Default method implementation checks if specified certificate is CA certificate. If true, subject name
/// is used to generate DS object name, otherwise issuer name is used to generate DS object name.
/// </remarks>
protected virtual String GetContainerName(X509Certificate2 fromCert)
{
X500DistinguishedName fullSubject;
// get the name to be used as the name in DS. If certificate subject is end entity,
// use issuer name (first attribute), if subject is CA, use subject name (first attrbiute).
if (fromCert.Version == 3)
{
// attempt to retrieve Basic Constraints extension
X509Extension ext = fromCert.Extensions[X509CertExtensions.X509BasicConstraints];
// if Basic Constraints is absent, pick issuer name
if (ext == null)
{
fullSubject = fromCert.IssuerName;
}
else
{
// if Basic Constraints is presented, check if isCA attribute.
// if isCA = TRUE, use subject name, otherwise use issuer name
var bc = (X509BasicConstraintsExtension)CryptographyUtils.ConvertExtension(ext);
fullSubject = bc.CertificateAuthority
? fromCert.SubjectName
: fromCert.IssuerName;
}
}
else
{
// V1 certificates are threated as end entity, so pick up issuer name.
fullSubject = fromCert.IssuerName;
}
return(generateContainerName(fullSubject));
}
/// <summary>
/// Decodes an ASN.1-encoded byte array that represents complete X509Extension object to an instance of
/// <see cref="X509Extension"/> instance.
/// </summary>
/// <param name="rawData">ASN.1-encoded byte array that represents requested object.</param>
/// <returns>Decoded <see cref="X509Extension"/> object.</returns>
/// <exception cref="ArgumentNullException"><strong>rawData</strong> parameter is null reference.</exception>
/// <exception cref="Asn1InvalidTagException">Byte array do not represent requested object.</exception>
public static X509Extension DecodeX509Extension(Byte[] rawData)
{
if (rawData == null)
{
throw new ArgumentNullException(nameof(rawData));
}
Asn1Reader asn = new Asn1Reader(rawData);
if (asn.Tag != 48)
{
throw new Asn1InvalidTagException(asn.Offset);
}
asn.MoveNext();
if (asn.Tag != (Byte)Asn1Type.OBJECT_IDENTIFIER)
{
throw new Asn1InvalidTagException(asn.Offset);
}
Oid oid = new Asn1ObjectIdentifier(asn).Value;
Boolean critical = false;
asn.MoveNext();
if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
{
critical = Asn1Utils.DecodeBoolean(asn.GetTagRawData());
asn.MoveNext();
}
if (asn.Tag != (Byte)Asn1Type.OCTET_STRING)
{
throw new Asn1InvalidTagException(asn.Offset);
}
return(CryptographyUtils.ConvertExtension(new X509Extension(oid, asn.GetPayload(), critical)));
}
void processExtensions()
{
foreach (X509Extension extension in Extensions)
{
if (_excludedExtensions.Contains(extension.Oid.Value))
{
continue;
}
_extensions.Add(CryptographyUtils.ConvertExtension(extension));
}
finalExtensions = new X509ExtensionCollection();
foreach (var extension in _extensions)
{
finalExtensions.Add(extension);
}
}
void m_generateextensions(X509Certificate2 cert)
{
List <Byte> sext = new List <Byte>();
Oid oid = new Oid("1.3.6.1.5.5.7.48.1.7");
sext.AddRange(cert.IssuerName.RawData);
if (cert.Extensions.Count > 0)
{
foreach (X509Extension ext in cert.Extensions.Cast <X509Extension>().Where(ext => ext.Oid.Value == "1.3.6.1.5.5.7.1.1"))
{
sext.AddRange(ext.RawData);
}
}
sext = new List <Byte>(Asn1Utils.Encode(sext.ToArray(), 48));
_listExtensions.Add(CryptographyUtils.ConvertExtension(new X509Extension(oid, sext.ToArray(), false)));
}
void m_generateextensions(X509Certificate2 cert)
{
List <Byte> sext = new List <Byte>();
Oid oid = new Oid(X509CertExtensions.X509ServiceLocator);
sext.AddRange(cert.IssuerName.RawData);
if (cert.Extensions.Count > 0)
{
X509Extension ext = cert.Extensions[X509CertExtensions.X509AuthorityInformationAccess];
if (ext != null)
{
sext.AddRange(ext.RawData);
}
}
sext = new List <Byte>(Asn1Utils.Encode(sext.ToArray(), 48));
_listExtensions.Add(CryptographyUtils.ConvertExtension(new X509Extension(oid, sext.ToArray(), false)));
}
/// <summary>
/// Converts generic X.509 extension objects to specialized certificate extension objects
/// inherited from <see cref="X509Extension"/> class that provide extension-specific information.
/// </summary>
/// <param name="cert">Certificate.</param>
/// <exception cref="ArgumentNullException">
/// <strong>cert</strong> parameter is null reference.
/// </exception>
/// <returns>A collection of certificate extensions</returns>
/// <remarks>
/// This method can transform the following X.509 certificate extensions:
/// <list type="bullet">
/// <item><description><see cref="X509CertificateTemplateExtension"/></description></item>
/// <item><description><see cref="X509ApplicationPoliciesExtension"/></description></item>
/// <item><description><see cref="X509ApplicationPolicyMappingsExtension"/></description></item>
/// <item><description><see cref="X509ApplicationPolicyConstraintsExtension"/></description></item>
/// <item><description><see cref="X509AuthorityInformationAccessExtension"/></description></item>
/// <item><description><see cref="X509NonceExtension"/></description></item>
/// <item><description><see cref="X509CRLReferenceExtension"/></description></item>
/// <item><description><see cref="X509ArchiveCutoffExtension"/></description></item>
/// <item><description><see cref="X509ServiceLocatorExtension"/></description></item>
/// <item><description><see cref="X509SubjectKeyIdentifierExtension"/></description></item>
/// <item><description><see cref="X509KeyUsageExtension"/></description></item>
/// <item><description><see cref="X509SubjectAlternativeNamesExtension"/></description></item>
/// <item><description><see cref="X509IssuerAlternativeNamesExtension"/></description></item>
/// <item><description><see cref="X509BasicConstraintsExtension"/></description></item>
/// <item><description><see cref="X509CRLNumberExtension"/></description></item>
/// <item><description><see cref="X509NameConstraintsExtension"/></description></item>
/// <item><description><see cref="X509CRLDistributionPointsExtension"/></description></item>
/// <item><description><see cref="X509CertificatePoliciesExtension"/></description></item>
/// <item><description><see cref="X509CertificatePolicyMappingsExtension"/></description></item>
/// <item><description><see cref="X509AuthorityKeyIdentifierExtension"/></description></item>
/// <item><description><see cref="X509CertificatePolicyConstraintsExtension"/></description></item>
/// <item><description><see cref="X509EnhancedKeyUsageExtension"/></description></item>
/// <item><description><see cref="X509FreshestCRLExtension"/></description></item>
/// </list>
/// Non-supported extensions will be returned as an <see cref="X509Extension"/> object.
/// </remarks>
public static X509ExtensionCollection ResolveExtensions(this X509Certificate2 cert)
{
if (cert == null)
{
throw new ArgumentNullException(nameof(cert));
}
if (cert.Extensions.Count == 0)
{
return(cert.Extensions);
}
X509ExtensionCollection extensions = new X509ExtensionCollection();
foreach (var ext in cert.Extensions)
{
extensions.Add(CryptographyUtils.ConvertExtension(ext));
}
return(extensions);
}
void decodeTbsResponse(Asn1Reader tbsResponseData)
{
tbsResponseData.MoveNext();
if (tbsResponseData.Tag == 160)
{
//Asn1Reader aversion = new Asn1Reader(tbsResponseData.RawData, tbsResponseData.PayloadStartOffset);
Asn1Reader aversion = new Asn1Reader(tbsResponseData);
aversion.MoveNext();
Version = aversion.GetPayload()[0] + 1;
tbsResponseData.MoveNextCurrentLevel();
}
else
{
Version = 1;
}
//responderID
switch (tbsResponseData.Tag)
{
case 161:
ResponderNameId = new X500DistinguishedName(tbsResponseData.GetPayload());
tbsResponseData.MoveNextCurrentLevel();
break;
case 162:
tbsResponseData.MoveNext();
StringBuilder SB = new StringBuilder();
foreach (Byte element in tbsResponseData.GetPayload())
{
SB.Append(element.ToString("X2"));
}
ResponderKeyId = SB.ToString();
tbsResponseData.MoveNext();
break;
default:
throw new Exception("Invalid tag at responderID. Expected 161 (byName) or 162 (byKey).");
}
//tbsResponseData.MoveNextCurrentLevel();
ProducedAt = Asn1Utils.DecodeGeneralizedTime(tbsResponseData.GetTagRawData());
if (DateTime.Now < ProducedAt.AddMinutes(-10))
{
ResponseErrorInformation += (Int32)OCSPResponseComplianceError.ResponseNotTimeValid;
}
//responses
tbsResponseData.MoveNext();
//single response
Asn1Reader responses = new Asn1Reader(tbsResponseData.GetTagRawData());
responses.MoveNext();
Int32 Offset;
Responses = new OCSPSingleResponseCollection();
do
{
Asn1Reader response = new Asn1Reader(responses);
Offset = response.NextCurrentLevelOffset;
Responses.Add(new OCSPSingleResponse(response));
if (Request != null)
{
foreach (OCSPSingleResponse item in Responses)
{
Boolean certidmatch = Request.RequestList.Any(x => x.CertId.Equals(item.CertId));
if (!certidmatch)
{
ResponseErrorInformation += (Int32)OCSPResponseComplianceError.CertIdMismatch;
}
}
}
} while (Offset != 0);
if (tbsResponseData.NextCurrentLevelOffset != 0)
{
tbsResponseData.MoveNextCurrentLevel();
if (tbsResponseData.Tag == 161)
{
X509ExtensionCollection exts = new X509ExtensionCollection();
exts.Decode(tbsResponseData.GetPayload());
foreach (X509Extension item in exts)
{
_listExtensions.Add(CryptographyUtils.ConvertExtension(item));
if (_listExtensions[_listExtensions.Count - 1].Oid.Value == X509CertExtensions.X509OcspNonce)
{
NonceReceived = true;
NonceValue = _listExtensions[_listExtensions.Count - 1].Format(false);
}
}
}
else
{
throw new Exception("Unexpected tag at responseExtensions. Expected 161.");
}
}
}
