protected override ASN1 ToBeSigned(string oid)
{
// TBSCertificate
ASN1 tbsCert = new ASN1(0x30);
if (version > 1)
{
// TBSCertificate / [0] Version DEFAULT v1,
byte[] ver = { (byte)(version - 1) };
ASN1 v = tbsCert.Add(new ASN1(0xA0));
v.Add(new ASN1(0x02, ver));
}
// TBSCertificate / CertificateSerialNumber,
tbsCert.Add(new ASN1(0x02, sn));
// TBSCertificate / AlgorithmIdentifier,
tbsCert.Add(PKCS7.AlgorithmIdentifier(oid));
// TBSCertificate / Name
tbsCert.Add(X501.FromString(issuer));
// TBSCertificate / Validity
ASN1 validity = tbsCert.Add(new ASN1(0x30));
// TBSCertificate / Validity / Time
validity.Add(ASN1Convert.FromDateTime(notBefore));
// TBSCertificate / Validity / Time
validity.Add(ASN1Convert.FromDateTime(notAfter));
// TBSCertificate / Name
tbsCert.Add(X501.FromString(subject));
// TBSCertificate / SubjectPublicKeyInfo
tbsCert.Add(SubjectPublicKeyInfo());
if (version > 1)
{
// TBSCertificate / [1] IMPLICIT UniqueIdentifier OPTIONAL
if (issuerUniqueID != null)
{
tbsCert.Add(new ASN1(0xA1, UniqueIdentifier(issuerUniqueID)));
}
// TBSCertificate / [2] IMPLICIT UniqueIdentifier OPTIONAL
if (subjectUniqueID != null)
{
tbsCert.Add(new ASN1(0xA1, UniqueIdentifier(subjectUniqueID)));
}
// TBSCertificate / [3] Extensions OPTIONAL
if ((version > 2) && (extensions.Count > 0))
{
tbsCert.Add(new ASN1(0xA3, extensions.GetBytes()));
}
}
return(tbsCert);
}
private byte[] Build(ASN1 tbs, string hashoid, byte[] signature)
{
ASN1 builder = new ASN1(0x30);
builder.Add(tbs);
builder.Add(PKCS7.AlgorithmIdentifier(hashoid));
// first byte of BITSTRING is the number of unused bits in the first byte
byte[] bitstring = new byte [signature.Length + 1];
Buffer.BlockCopy(signature, 0, bitstring, 1, signature.Length);
builder.Add(new ASN1(0x03, bitstring));
return(builder.GetBytes());
}
/* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
private ASN1 SubjectPublicKeyInfo()
{
ASN1 keyInfo = new ASN1(0x30);
if (aa is RSA)
{
keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.113549.1.1.1"));
RSAParameters p = (aa as RSA).ExportParameters(false);
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
*/
ASN1 key = new ASN1(0x30);
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Modulus));
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Exponent));
keyInfo.Add(new ASN1(UniqueIdentifier(key.GetBytes())));
}
else if (aa is DSA)
{
DSAParameters p = (aa as DSA).ExportParameters(false);
/* Dss-Parms ::= SEQUENCE {
* p INTEGER,
* q INTEGER,
* g INTEGER }
*/
ASN1 param = new ASN1(0x30);
param.Add(ASN1Convert.FromUnsignedBigInteger(p.P));
param.Add(ASN1Convert.FromUnsignedBigInteger(p.Q));
param.Add(ASN1Convert.FromUnsignedBigInteger(p.G));
keyInfo.Add(PKCS7.AlgorithmIdentifier("1.2.840.10040.4.1", param));
ASN1 key = keyInfo.Add(new ASN1(0x03));
// DSAPublicKey ::= INTEGER -- public key, y
key.Add(ASN1Convert.FromUnsignedBigInteger(p.Y));
}
else
{
throw new NotSupportedException("Unknown Asymmetric Algorithm " + aa.ToString());
}
return(keyInfo);
}
internal ASN1 GetASN1()
{
if ((key == null) || (hashAlgorithm == null))
{
return(null);
}
byte[] ver = { version };
ASN1 signerInfo = new ASN1(0x30);
// version Version -> Version ::= INTEGER
signerInfo.Add(new ASN1(0x02, ver));
// issuerAndSerialNumber IssuerAndSerialNumber,
signerInfo.Add(PKCS7.IssuerAndSerialNumber(x509));
// digestAlgorithm DigestAlgorithmIdentifier,
string hashOid = CryptoConfig.MapNameToOID(hashAlgorithm);
signerInfo.Add(AlgorithmIdentifier(hashOid));
// authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
ASN1 aa = null;
if (authenticatedAttributes.Count > 0)
{
aa = signerInfo.Add(new ASN1(0xA0));
authenticatedAttributes.Sort(new SortedSet());
foreach (ASN1 attr in authenticatedAttributes)
{
aa.Add(attr);
}
}
// digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
if (key is RSA)
{
signerInfo.Add(AlgorithmIdentifier(PKCS7.Oid.rsaEncryption));
if (aa != null)
{
// Calculate the signature here; otherwise it must be set from SignedData
RSAPKCS1SignatureFormatter r = new RSAPKCS1SignatureFormatter(key);
r.SetHashAlgorithm(hashAlgorithm);
byte[] tbs = aa.GetBytes();
tbs [0] = 0x31; // not 0xA0 for signature
HashAlgorithm ha = HashAlgorithm.Create(hashAlgorithm);
byte[] tbsHash = ha.ComputeHash(tbs);
signature = r.CreateSignature(tbsHash);
}
}
else if (key is DSA)
{
throw new NotImplementedException("not yet");
}
else
{
throw new CryptographicException("Unknown assymetric algorithm");
}
// encryptedDigest EncryptedDigest,
signerInfo.Add(new ASN1(0x04, signature));
// unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
if (unauthenticatedAttributes.Count > 0)
{
ASN1 ua = signerInfo.Add(new ASN1(0xA1));
unauthenticatedAttributes.Sort(new SortedSet());
foreach (ASN1 attr in unauthenticatedAttributes)
{
ua.Add(attr);
}
}
return(signerInfo);
}
