Exemplo n.º 1
0
 internal byte[][] Encode()
 {
     return(DerEncoder.ConstructSegmentedSequence(
                HashAlgorithm.Encode(),
                DerEncoder.SegmentedEncodeOctetString(CertificateHash),
                IssuerSerial.Encode()));
 }
Exemplo n.º 2
0
        private static byte[][] ParseRdn(
            byte[][] encodedOid,
            char[] chars,
            int valueStart,
            int valueEnd,
            bool ia5String)
        {
            byte[][] encodedValue;

            int length = valueEnd - valueStart;

            if (ia5String)
            {
                // An email address with an invalid value will throw.
                encodedValue = DerEncoder.SegmentedEncodeIA5String(chars, valueStart, length);
            }
            else if (DerEncoder.IsValidPrintableString(chars, valueStart, length))
            {
                encodedValue = DerEncoder.SegmentedEncodePrintableString(chars, valueStart, length);
            }
            else
            {
                encodedValue = DerEncoder.SegmentedEncodeUtf8String(chars, valueStart, length);
            }

            return(DerEncoder.ConstructSegmentedSet(
                       DerEncoder.ConstructSegmentedSequence(
                           encodedOid,
                           encodedValue)));
        }
Exemplo n.º 3
0
 internal byte[][] Encode()
 {
     // Per RFC 5280 section 4.1.2.2 (https://tools.ietf.org/html/rfc5280#section-4.1.2.2)
     // serial number must be an unsigned integer.
     return(DerEncoder.ConstructSegmentedSequence(
                DerEncoder.ConstructSegmentedSequence(GeneralNames.First().Encode()),
                DerEncoder.SegmentedEncodeUnsignedInteger(SerialNumber)));
 }
        public byte[] Encode()
        {
            var entries = new List <byte[][]>(Certificates.Count);

            foreach (var essCertIdV2 in Certificates)
            {
                entries.Add(essCertIdV2.Encode());
            }

            return(DerEncoder.ConstructSequence(DerEncoder.ConstructSegmentedSequence(entries)));
        }
Exemplo n.º 5
0
        internal static byte[][] SegmentedEncodeSubjectPublicKeyInfo(this PublicKey publicKey)
        {
            if (publicKey == null)
            {
                throw new ArgumentNullException(nameof(publicKey));
            }

            if (publicKey.Oid == null ||
                string.IsNullOrEmpty(publicKey.Oid.Value) ||
                publicKey.EncodedKeyValue == null)
            {
                throw new CryptographicException(SR.Cryptography_InvalidPublicKey_Object);
            }

            // SubjectPublicKeyInfo::= SEQUENCE  {
            //   algorithm AlgorithmIdentifier,
            //   subjectPublicKey     BIT STRING
            // }
            //
            // AlgorithmIdentifier::= SEQUENCE  {
            //   algorithm OBJECT IDENTIFIER,
            //   parameters ANY DEFINED BY algorithm OPTIONAL
            // }

            byte[][] algorithmIdentifier;

            if (publicKey.EncodedParameters == null)
            {
                algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(
                    DerEncoder.SegmentedEncodeOid(publicKey.Oid));
            }
            else
            {
                DerSequenceReader validator =
                    DerSequenceReader.CreateForPayload(publicKey.EncodedParameters.RawData);

                validator.ValidateAndSkipDerValue();

                if (validator.HasData)
                {
                    throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
                }

                algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(
                    DerEncoder.SegmentedEncodeOid(publicKey.Oid),
                    publicKey.EncodedParameters.RawData.WrapAsSegmentedForSequence());
            }

            return(DerEncoder.ConstructSegmentedSequence(
                       algorithmIdentifier,
                       DerEncoder.SegmentedEncodeBitString(
                           publicKey.EncodedKeyValue.RawData)));
        }
Exemplo n.º 6
0
        internal static byte[][] SegmentedEncodedX509Extension(this X509Extension extension)
        {
            if (extension.Critical)
            {
                return(DerEncoder.ConstructSegmentedSequence(
                           DerEncoder.SegmentedEncodeOid(extension.Oid),
                           DerEncoder.SegmentedEncodeBoolean(extension.Critical),
                           DerEncoder.SegmentedEncodeOctetString(extension.RawData)));
            }

            return(DerEncoder.ConstructSegmentedSequence(
                       DerEncoder.SegmentedEncodeOid(extension.Oid),
                       DerEncoder.SegmentedEncodeOctetString(extension.RawData)));
        }
Exemplo n.º 7
0
        internal static byte[][] SegmentedEncodeAttributeSet(this IEnumerable <X501Attribute> attributes)
        {
            List <byte[][]> encodedAttributes = new List <byte[][]>();

            foreach (X501Attribute attribute in attributes)
            {
                encodedAttributes.Add(
                    DerEncoder.ConstructSegmentedSequence(
                        DerEncoder.SegmentedEncodeOid(attribute.Oid),
                        DerEncoder.ConstructSegmentedPresortedSet(
                            attribute.RawData.WrapAsSegmentedForSequence())));
            }

            return(DerEncoder.ConstructSegmentedSet(encodedAttributes.ToArray()));
        }
Exemplo n.º 8
0
        // ESSCertIDv2::=  SEQUENCE {
        //    hashAlgorithm AlgorithmIdentifier
        //           DEFAULT {algorithm id-sha256 },
        //    certHash Hash,
        //    issuerSerial IssuerSerial OPTIONAL
        // }
        private static byte[][] CreateESSCertIDv2Entry(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
        {
            // Get hash Oid
            var hashAlgorithmOid = hashAlgorithm.ConvertToOidString();
            var entry            = GetESSCertIDv2Entry(cert, hashAlgorithm);

            return(DerEncoder.ConstructSegmentedSequence(new List <byte[][]>()
            {
                // AlgorithmIdentifier
                DerEncoder.SegmentedEncodeOid(hashAlgorithmOid),

                // Hash
                DerEncoder.SegmentedEncodeOctetString(entry.Value)
            }));
        }
Exemplo n.º 9
0
        public byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
        {
            // The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive
            // of the DER structural bytes.

            //SubjectPublicKeyInfo::= SEQUENCE {
            //    algorithm AlgorithmIdentifier{ { SupportedAlgorithms} },
            //    subjectPublicKey BIT STRING,
            //    ... }
            //
            //AlgorithmIdentifier{ ALGORITHM: SupportedAlgorithms} ::= SEQUENCE {
            //    algorithm ALGORITHM.&id({ SupportedAlgorithms}),
            //    parameters ALGORITHM.&Type({ SupportedAlgorithms}
            //    { @algorithm}) OPTIONAL,
            //    ... }
            //
            //ALGORITHM::= CLASS {
            //    &Type OPTIONAL,
            //    &id OBJECT IDENTIFIER UNIQUE }
            //WITH SYNTAX {
            //    [&Type]
            //IDENTIFIED BY &id }

            // key.EncodedKeyValue corresponds to SubjectPublicKeyInfo.subjectPublicKey, except it
            // has had the BIT STRING envelope removed.
            //
            // key.EncodedParameters corresponds to AlgorithmIdentifier.Parameters precisely
            // (DER NULL for RSA, DER Constructed SEQUENCE for DSA)

            byte[]   empty        = Array.Empty <byte>();
            byte[][] algorithmOid = DerEncoder.SegmentedEncodeOid(key.Oid);
            // Because ConstructSegmentedSequence doesn't look to see that it really is tag+length+value (but does check
            // that the array has length 3), just hide the joined TLV triplet in the last element.
            byte[][] segmentedParameters = { empty, empty, key.EncodedParameters.RawData };
            byte[][] algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(algorithmOid, segmentedParameters);
            byte[][] subjectPublicKey    = DerEncoder.SegmentedEncodeBitString(key.EncodedKeyValue.RawData);

            using (SHA1 hash = SHA1.Create())
            {
                return(hash.ComputeHash(
                           DerEncoder.ConstructSequence(
                               algorithmIdentifier,
                               subjectPublicKey)));
            }
        }
Exemplo n.º 10
0
 internal byte[][] Encode()
 {
     return(DerEncoder.ConstructSegmentedSequence(DerEncoder.SegmentedEncodeOid(Algorithm)));
 }