Exemplo n.º 1
0
        /// <summary>
        /// Gets sanitized DS object name from certificate's subject.
        /// </summary>
        /// <param name="fromCert">Specifies the certificate to use for DS name generation.</param>
        /// <returns>Sanitized name of DS object.</returns>
        /// <remarks>
        /// Default method implementation checks if specified certificate is CA certificate. If true, subject name
        /// is used to generate DS object name, otherwise issuer name is used to generate DS object name.
        /// </remarks>
        protected virtual String GetContainerName(X509Certificate2 fromCert)
        {
            X500DistinguishedName fullSubject;

            // get the name to be used as the name in DS. If certificate subject is end entity,
            // use issuer name (first attribute), if subject is CA, use subject name (first attrbiute).
            if (fromCert.Version == 3)
            {
                // attempt to retrieve Basic Constraints extension
                X509Extension ext = fromCert.Extensions[X509CertExtensions.X509BasicConstraints];
                // if Basic Constraints is absent, pick issuer name
                if (ext == null)
                {
                    fullSubject = fromCert.IssuerName;
                }
                else
                {
                    // if Basic Constraints is presented, check if isCA attribute.
                    // if isCA = TRUE, use subject name, otherwise use issuer name
                    var bc = (X509BasicConstraintsExtension)CryptographyUtils.ConvertExtension(ext);
                    fullSubject = bc.CertificateAuthority
                        ? fromCert.SubjectName
                        : fromCert.IssuerName;
                }
            }
            else
            {
                // V1 certificates are threated as end entity, so pick up issuer name.
                fullSubject = fromCert.IssuerName;
            }
            return(generateContainerName(fullSubject));
        }
Exemplo n.º 2
0
        /// <summary>
        /// Decodes an ASN.1-encoded byte array that represents complete X509Extension object to an instance of
        /// <see cref="X509Extension"/> instance.
        /// </summary>
        /// <param name="rawData">ASN.1-encoded byte array that represents requested object.</param>
        /// <returns>Decoded <see cref="X509Extension"/> object.</returns>
        /// <exception cref="ArgumentNullException"><strong>rawData</strong> parameter is null reference.</exception>
        /// <exception cref="Asn1InvalidTagException">Byte array do not represent requested object.</exception>
        public static X509Extension DecodeX509Extension(Byte[] rawData)
        {
            if (rawData == null)
            {
                throw new ArgumentNullException(nameof(rawData));
            }
            Asn1Reader asn = new Asn1Reader(rawData);

            if (asn.Tag != 48)
            {
                throw new Asn1InvalidTagException(asn.Offset);
            }
            asn.MoveNext();
            if (asn.Tag != (Byte)Asn1Type.OBJECT_IDENTIFIER)
            {
                throw new Asn1InvalidTagException(asn.Offset);
            }
            Oid     oid      = new Asn1ObjectIdentifier(asn).Value;
            Boolean critical = false;

            asn.MoveNext();
            if (asn.Tag == (Byte)Asn1Type.BOOLEAN)
            {
                critical = Asn1Utils.DecodeBoolean(asn.GetTagRawData());
                asn.MoveNext();
            }
            if (asn.Tag != (Byte)Asn1Type.OCTET_STRING)
            {
                throw new Asn1InvalidTagException(asn.Offset);
            }
            return(CryptographyUtils.ConvertExtension(new X509Extension(oid, asn.GetPayload(), critical)));
        }
Exemplo n.º 3
0
 void processExtensions()
 {
     foreach (X509Extension extension in Extensions)
     {
         if (_excludedExtensions.Contains(extension.Oid.Value))
         {
             continue;
         }
         _extensions.Add(CryptographyUtils.ConvertExtension(extension));
     }
     finalExtensions = new X509ExtensionCollection();
     foreach (var extension in _extensions)
     {
         finalExtensions.Add(extension);
     }
 }
Exemplo n.º 4
0
        void m_generateextensions(X509Certificate2 cert)
        {
            List <Byte> sext = new List <Byte>();
            Oid         oid  = new Oid("1.3.6.1.5.5.7.48.1.7");

            sext.AddRange(cert.IssuerName.RawData);
            if (cert.Extensions.Count > 0)
            {
                foreach (X509Extension ext in cert.Extensions.Cast <X509Extension>().Where(ext => ext.Oid.Value == "1.3.6.1.5.5.7.1.1"))
                {
                    sext.AddRange(ext.RawData);
                }
            }
            sext = new List <Byte>(Asn1Utils.Encode(sext.ToArray(), 48));
            _listExtensions.Add(CryptographyUtils.ConvertExtension(new X509Extension(oid, sext.ToArray(), false)));
        }
Exemplo n.º 5
0
        void m_generateextensions(X509Certificate2 cert)
        {
            List <Byte> sext = new List <Byte>();
            Oid         oid  = new Oid(X509CertExtensions.X509ServiceLocator);

            sext.AddRange(cert.IssuerName.RawData);
            if (cert.Extensions.Count > 0)
            {
                X509Extension ext = cert.Extensions[X509CertExtensions.X509AuthorityInformationAccess];
                if (ext != null)
                {
                    sext.AddRange(ext.RawData);
                }
            }
            sext = new List <Byte>(Asn1Utils.Encode(sext.ToArray(), 48));
            _listExtensions.Add(CryptographyUtils.ConvertExtension(new X509Extension(oid, sext.ToArray(), false)));
        }
Exemplo n.º 6
0
        /// <summary>
        /// Converts generic X.509 extension objects to specialized certificate extension objects
        /// inherited from <see cref="X509Extension"/> class that provide extension-specific information.
        /// </summary>
        /// <param name="cert">Certificate.</param>
        /// <exception cref="ArgumentNullException">
        /// <strong>cert</strong> parameter is null reference.
        /// </exception>
        /// <returns>A collection of certificate extensions</returns>
        /// <remarks>
        /// This method can transform the following X.509 certificate extensions:
        /// <list type="bullet">
        /// <item><description><see cref="X509CertificateTemplateExtension"/></description></item>
        /// <item><description><see cref="X509ApplicationPoliciesExtension"/></description></item>
        /// <item><description><see cref="X509ApplicationPolicyMappingsExtension"/></description></item>
        /// <item><description><see cref="X509ApplicationPolicyConstraintsExtension"/></description></item>
        /// <item><description><see cref="X509AuthorityInformationAccessExtension"/></description></item>
        /// <item><description><see cref="X509NonceExtension"/></description></item>
        /// <item><description><see cref="X509CRLReferenceExtension"/></description></item>
        /// <item><description><see cref="X509ArchiveCutoffExtension"/></description></item>
        /// <item><description><see cref="X509ServiceLocatorExtension"/></description></item>
        /// <item><description><see cref="X509SubjectKeyIdentifierExtension"/></description></item>
        /// <item><description><see cref="X509KeyUsageExtension"/></description></item>
        /// <item><description><see cref="X509SubjectAlternativeNamesExtension"/></description></item>
        /// <item><description><see cref="X509IssuerAlternativeNamesExtension"/></description></item>
        /// <item><description><see cref="X509BasicConstraintsExtension"/></description></item>
        /// <item><description><see cref="X509CRLNumberExtension"/></description></item>
        /// <item><description><see cref="X509NameConstraintsExtension"/></description></item>
        /// <item><description><see cref="X509CRLDistributionPointsExtension"/></description></item>
        /// <item><description><see cref="X509CertificatePoliciesExtension"/></description></item>
        /// <item><description><see cref="X509CertificatePolicyMappingsExtension"/></description></item>
        /// <item><description><see cref="X509AuthorityKeyIdentifierExtension"/></description></item>
        /// <item><description><see cref="X509CertificatePolicyConstraintsExtension"/></description></item>
        /// <item><description><see cref="X509EnhancedKeyUsageExtension"/></description></item>
        /// <item><description><see cref="X509FreshestCRLExtension"/></description></item>
        /// </list>
        /// Non-supported extensions will be returned as an <see cref="X509Extension"/> object.
        /// </remarks>
        public static X509ExtensionCollection ResolveExtensions(this X509Certificate2 cert)
        {
            if (cert == null)
            {
                throw new ArgumentNullException(nameof(cert));
            }
            if (cert.Extensions.Count == 0)
            {
                return(cert.Extensions);
            }
            X509ExtensionCollection extensions = new X509ExtensionCollection();

            foreach (var ext in cert.Extensions)
            {
                extensions.Add(CryptographyUtils.ConvertExtension(ext));
            }
            return(extensions);
        }
Exemplo n.º 7
0
        void decodeTbsResponse(Asn1Reader tbsResponseData)
        {
            tbsResponseData.MoveNext();
            if (tbsResponseData.Tag == 160)
            {
                //Asn1Reader aversion = new Asn1Reader(tbsResponseData.RawData, tbsResponseData.PayloadStartOffset);
                Asn1Reader aversion = new Asn1Reader(tbsResponseData);
                aversion.MoveNext();
                Version = aversion.GetPayload()[0] + 1;
                tbsResponseData.MoveNextCurrentLevel();
            }
            else
            {
                Version = 1;
            }
            //responderID
            switch (tbsResponseData.Tag)
            {
            case 161:
                ResponderNameId = new X500DistinguishedName(tbsResponseData.GetPayload());
                tbsResponseData.MoveNextCurrentLevel();
                break;

            case 162:
                tbsResponseData.MoveNext();
                StringBuilder SB = new StringBuilder();
                foreach (Byte element in tbsResponseData.GetPayload())
                {
                    SB.Append(element.ToString("X2"));
                }
                ResponderKeyId = SB.ToString();
                tbsResponseData.MoveNext();
                break;

            default:
                throw new Exception("Invalid tag at responderID. Expected 161 (byName) or 162 (byKey).");
            }
            //tbsResponseData.MoveNextCurrentLevel();
            ProducedAt = Asn1Utils.DecodeGeneralizedTime(tbsResponseData.GetTagRawData());
            if (DateTime.Now < ProducedAt.AddMinutes(-10))
            {
                ResponseErrorInformation += (Int32)OCSPResponseComplianceError.ResponseNotTimeValid;
            }
            //responses
            tbsResponseData.MoveNext();
            //single response
            Asn1Reader responses = new Asn1Reader(tbsResponseData.GetTagRawData());

            responses.MoveNext();
            Int32 Offset;

            Responses = new OCSPSingleResponseCollection();
            do
            {
                Asn1Reader response = new Asn1Reader(responses);
                Offset = response.NextCurrentLevelOffset;
                Responses.Add(new OCSPSingleResponse(response));
                if (Request != null)
                {
                    foreach (OCSPSingleResponse item in Responses)
                    {
                        Boolean certidmatch = Request.RequestList.Any(x => x.CertId.Equals(item.CertId));
                        if (!certidmatch)
                        {
                            ResponseErrorInformation += (Int32)OCSPResponseComplianceError.CertIdMismatch;
                        }
                    }
                }
            } while (Offset != 0);
            if (tbsResponseData.NextCurrentLevelOffset != 0)
            {
                tbsResponseData.MoveNextCurrentLevel();
                if (tbsResponseData.Tag == 161)
                {
                    X509ExtensionCollection exts = new X509ExtensionCollection();
                    exts.Decode(tbsResponseData.GetPayload());
                    foreach (X509Extension item in exts)
                    {
                        _listExtensions.Add(CryptographyUtils.ConvertExtension(item));
                        if (_listExtensions[_listExtensions.Count - 1].Oid.Value == X509CertExtensions.X509OcspNonce)
                        {
                            NonceReceived = true;
                            NonceValue    = _listExtensions[_listExtensions.Count - 1].Format(false);
                        }
                    }
                }
                else
                {
                    throw new Exception("Unexpected tag at responseExtensions. Expected 161.");
                }
            }
        }