/**
* create a sequence containing a vector of objects.
*/
public DerSequence(Asn1EncodableVector v) : base(v.Count)
{
foreach (Asn1Encodable ae in v)
{
AddObject(ae);
}
}
public static Asn1EncodableVector FromEnumerable(
IEnumerable e)
{
Asn1EncodableVector v = new Asn1EncodableVector();
foreach (Asn1Encodable obj in e)
{
v.Add(obj);
}
return v;
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* OcspRequest ::= Sequence {
* tbsRequest TBSRequest,
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(tbsRequest);
if (optionalSignature != null)
{
v.Add(new DerTaggedObject(true, 0, optionalSignature));
}
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* ServiceLocator ::= Sequence {
* issuer Name,
* locator AuthorityInfoAccessSyntax OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(issuer);
if (locator != null)
{
v.Add(locator);
}
return new DerSequence(v);
}
/**
* <pre>
* CommitmentTypeIndication ::= SEQUENCE {
* commitmentTypeId CommitmentTypeIdentifier,
* commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF
* CommitmentTypeQualifier OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(commitmentTypeId);
if (commitmentTypeQualifier != null)
{
v.Add(commitmentTypeQualifier);
}
return new DerSequence(v);
}
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector seq = new Asn1EncodableVector(qcStatementId);
if (qcStatementInfo != null)
{
seq.Add(qcStatementInfo);
}
return new DerSequence(seq);
}
/**
* <pre>
* MacData ::= SEQUENCE {
* mac DigestInfo,
* macSalt OCTET STRING,
* iterations INTEGER DEFAULT 1
* -- Note: The default is for historic reasons and its use is deprecated. A
* -- higher value, like 1024 is recommended.
* </pre>
* @return the basic DERObject construction.
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(digInfo, new DerOctetString(salt));
if (!iterationCount.Equals(BigInteger.One))
{
v.Add(new DerInteger(iterationCount));
}
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* OcspResponse ::= Sequence {
* responseStatus OcspResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(responseStatus);
if (responseBytes != null)
{
v.Add(new DerTaggedObject(true, 0, responseBytes));
}
return new DerSequence(v);
}
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(p, g);
if (this.l != null)
{
v.Add(l);
}
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* RevokedInfo ::= Sequence {
* revocationTime GeneralizedTime,
* revocationReason [0] EXPLICIT CRLReason OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(revocationTime);
if (revocationReason != null)
{
v.Add(new DerTaggedObject(true, 0, revocationReason));
}
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* ContentInfo ::= Sequence {
* contentType ContentType,
* content
* [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(contentType);
if (content != null)
{
v.Add(new BerTaggedObject(0, content));
}
return new BerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* Request ::= Sequence {
* reqCert CertID,
* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(reqCert);
if (singleRequestExtensions != null)
{
v.Add(new DerTaggedObject(true, 0, singleRequestExtensions));
}
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* EncryptedContentInfo ::= Sequence {
* contentType ContentType,
* contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
* encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
* }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(
contentType, contentEncryptionAlgorithm);
if (encryptedContent != null)
{
v.Add(new BerTaggedObject(false, 0, encryptedContent));
}
return new BerSequence(v);
}
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(
new DerInteger(3), contentInfo);
if (macData != null)
{
v.Add(macData);
}
return new BerSequence(v);
}
internal DerSet(Asn1EncodableVector v, bool needsSorting) : base(v.Count)
{
foreach (Asn1Encodable o in v)
{
AddObject(o);
}
if (needsSorting)
{
Sort();
}
}
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(
bagID, new DerTaggedObject(0, bagValue));
if (bagAttributes != null)
{
v.Add(bagAttributes);
}
return new DerSequence(v);
}
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector();
if (version != null)
{
v.Add(version);
}
v.Add(iv);
return new DerSequence(v);
}
public TimeStampResponseGenerator(
TimeStampTokenGenerator tokenGenerator,
IList acceptedAlgorithms,
IList acceptedPolicies,
IList acceptedExtensions)
{
this.tokenGenerator = tokenGenerator;
this.acceptedAlgorithms = acceptedAlgorithms;
this.acceptedPolicies = acceptedPolicies;
this.acceptedExtensions = acceptedExtensions;
statusStrings = new Asn1EncodableVector();
}
/**
* Return an ASN1 set from a tagged object. There is a special
* case here, if an object appears to have been explicitly tagged on
* reading but we were expecting it to be implicitly tagged in the
* normal course of events it indicates that we lost the surrounding
* set - so we need to add it back (this will happen if the tagged
* object is a sequence that contains other sequences). If you are
* dealing with implicitly tagged sets you really <b>should</b>
* be using this method.
*
* @param obj the tagged object.
* @param explicitly true if the object is meant to be explicitly tagged
* false otherwise.
* @exception ArgumentException if the tagged object cannot
* be converted.
*/
public static Asn1Set GetInstance(
Asn1TaggedObject obj,
bool explicitly)
{
Asn1Object inner = obj.GetObject();
if (explicitly)
{
if (!obj.IsExplicit())
throw new ArgumentException("object implicit - explicit expected.");
return (Asn1Set) inner;
}
//
// constructed object which appears to be explicitly tagged
// and it's really implicit means we have to add the
// surrounding sequence.
//
if (obj.IsExplicit())
{
return new DerSet(inner);
}
if (inner is Asn1Set)
{
return (Asn1Set) inner;
}
//
// in this case the parser returns a sequence, convert it
// into a set.
//
if (inner is Asn1Sequence)
{
Asn1EncodableVector v = new Asn1EncodableVector();
Asn1Sequence s = (Asn1Sequence) inner;
foreach (Asn1Encodable ae in s)
{
v.Add(ae);
}
// TODO Should be able to construct set directly from sequence?
return new DerSet(v, false);
}
throw new ArgumentException("Unknown object in GetInstance: " + obj.GetType().FullName, "obj");
}
private PkiStatusInfo GetPkiStatusInfo()
{
Asn1EncodableVector v = new Asn1EncodableVector(
new DerInteger((int)status));
if (statusStrings.Count > 0)
{
v.Add(new PkiFreeText(new DerSequence(statusStrings)));
}
if (failInfo != 0)
{
v.Add(new FailInfo(failInfo));
}
return new PkiStatusInfo(new DerSequence(v));
}
public DerExternal(
Asn1EncodableVector vector)
{
int offset = 0;
Asn1Object enc = GetObjFromVector(vector, offset);
if (enc is DerObjectIdentifier)
{
directReference = (DerObjectIdentifier)enc;
offset++;
enc = GetObjFromVector(vector, offset);
}
if (enc is DerInteger)
{
indirectReference = (DerInteger) enc;
offset++;
enc = GetObjFromVector(vector, offset);
}
if (!(enc is DerTaggedObject))
{
dataValueDescriptor = (Asn1Object) enc;
offset++;
enc = GetObjFromVector(vector, offset);
}
if (!(enc is DerTaggedObject))
{
throw new InvalidOperationException(
"No tagged object found in vector. Structure doesn't seem to be of type External");
}
if (vector.Count != offset + 1)
throw new ArgumentException("input vector too large", "vector");
if (!(enc is DerTaggedObject))
throw new ArgumentException("No tagged object found in vector. Structure doesn't seem to be of type External", "vector");
DerTaggedObject obj = (DerTaggedObject)enc;
// Use property accessor to include check on value
Encoding = obj.TagNo;
if (encoding < 0 || encoding > 2)
throw new InvalidOperationException("invalid encoding value");
externalContent = obj.GetObject();
}
public DerApplicationSpecific(
int tagNo,
Asn1EncodableVector vec)
{
this.tag = tagNo;
this.isConstructed = true;
MemoryStream bOut = new MemoryStream();
for (int i = 0; i != vec.Count; i++)
{
try
{
byte[] bs = vec[i].GetEncoded();
bOut.Write(bs, 0, bs.Length);
}
catch (IOException e)
{
throw new InvalidOperationException("malformed object", e);
}
}
this.octets = bOut.ToArray();
}
public ECPrivateKeyStructure(
BigInteger key,
DerBitString publicKey,
Asn1Encodable parameters)
{
if (key == null)
throw new ArgumentNullException("key");
Asn1EncodableVector v = new Asn1EncodableVector(
new DerInteger(1),
new DerOctetString(key.ToByteArrayUnsigned()));
if (parameters != null)
{
v.Add(new DerTaggedObject(true, 0, parameters));
}
if (publicKey != null)
{
v.Add(new DerTaggedObject(true, 1, publicKey));
}
this.seq = new DerSequence(v);
}
/**
* @param v - a vector of objects making up the set.
*/
public DerSet(Asn1EncodableVector v) : this(v, true)
{
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* KekIdentifier ::= Sequence {
* keyIdentifier OCTET STRING,
* date GeneralizedTime OPTIONAL,
* other OtherKeyAttribute OPTIONAL
* }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(keyIdentifier);
v.AddOptional(date, other);
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* KeyAgreeRecipientInfo ::= Sequence {
* version CMSVersion, -- always set to 3
* originator [0] EXPLICIT OriginatorIdentifierOrKey,
* ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
* keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
* recipientEncryptedKeys RecipientEncryptedKeys
* }
*
* UserKeyingMaterial ::= OCTET STRING
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(
version, new DerTaggedObject(true, 0, originator));
if (ukm != null)
{
v.Add(new DerTaggedObject(true, 1, ukm));
}
v.Add(keyEncryptionAlgorithm, recipientEncryptedKeys);
return new DerSequence(v);
}
public static DerSequence FromVector(Asn1EncodableVector v)
{
return(v.Count < 1 ? Empty : new DerSequence(v));
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
AsymmetricKeyParameter senderPublicKey = senderKeyPair.Public;
ICipherParameters senderPrivateParams = senderKeyPair.Private;
OriginatorIdentifierOrKey originator;
try
{
originator = new OriginatorIdentifierOrKey(
CreateOriginatorPublicKey(senderPublicKey));
}
catch (IOException e)
{
throw new InvalidKeyException("cannot extract originator public key: " + e);
}
Asn1OctetString ukm = null;
if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
{
try
{
IAsymmetricCipherKeyPairGenerator ephemKPG =
GeneratorUtilities.GetKeyPairGenerator(keyAgreementOID);
ephemKPG.Init(
((ECPublicKeyParameters)senderPublicKey).CreateKeyGenerationParameters(random));
AsymmetricCipherKeyPair ephemKP = ephemKPG.GenerateKeyPair();
ukm = new DerOctetString(
new MQVuserKeyingMaterial(
CreateOriginatorPublicKey(ephemKP.Public), null));
senderPrivateParams = new MqvPrivateParameters(
(ECPrivateKeyParameters)senderPrivateParams,
(ECPrivateKeyParameters)ephemKP.Private,
(ECPublicKeyParameters)ephemKP.Public);
}
catch (IOException e)
{
throw new InvalidKeyException("cannot extract MQV ephemeral public key: " + e);
}
catch (SecurityUtilityException e)
{
throw new InvalidKeyException("cannot determine MQV ephemeral key pair parameters from public key: " + e);
}
}
DerSequence paramSeq = new DerSequence(
keyEncryptionOID,
DerNull.Instance);
AlgorithmIdentifier keyEncAlg = new AlgorithmIdentifier(keyAgreementOID, paramSeq);
Asn1EncodableVector recipientEncryptedKeys = new Asn1EncodableVector();
foreach (X509Certificate recipientCert in recipientCerts)
{
TbsCertificateStructure tbsCert;
try
{
tbsCert = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(recipientCert.GetTbsCertificate()));
}
catch (Exception)
{
throw new ArgumentException("can't extract TBS structure from certificate");
}
// TODO Should there be a SubjectKeyIdentifier-based alternative?
IssuerAndSerialNumber issuerSerial = new IssuerAndSerialNumber(
tbsCert.Issuer, tbsCert.SerialNumber.Value);
KeyAgreeRecipientIdentifier karid = new KeyAgreeRecipientIdentifier(issuerSerial);
ICipherParameters recipientPublicParams = recipientCert.GetPublicKey();
if (keyAgreementOID.Id.Equals(CmsEnvelopedGenerator.ECMqvSha1Kdf))
{
recipientPublicParams = new MqvPublicParameters(
(ECPublicKeyParameters)recipientPublicParams,
(ECPublicKeyParameters)recipientPublicParams);
}
// Use key agreement to choose a wrap key for this recipient
IBasicAgreement keyAgreement = AgreementUtilities.GetBasicAgreementWithKdf(
keyAgreementOID, keyEncryptionOID.Id);
keyAgreement.Init(new ParametersWithRandom(senderPrivateParams, random));
BigInteger agreedValue = keyAgreement.CalculateAgreement(recipientPublicParams);
int keyEncryptionKeySize = GeneratorUtilities.GetDefaultKeySize(keyEncryptionOID) / 8;
byte[] keyEncryptionKeyBytes = X9IntegerConverter.IntegerToBytes(agreedValue, keyEncryptionKeySize);
KeyParameter keyEncryptionKey = ParameterUtilities.CreateKeyParameter(
keyEncryptionOID, keyEncryptionKeyBytes);
// Wrap the content encryption key with the agreement key
IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionOID.Id);
keyWrapper.Init(true, new ParametersWithRandom(keyEncryptionKey, random));
byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
Asn1OctetString encryptedKey = new DerOctetString(encryptedKeyBytes);
recipientEncryptedKeys.Add(new RecipientEncryptedKey(karid, encryptedKey));
}
return new RecipientInfo(new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg,
new DerSequence(recipientEncryptedKeys)));
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* OriginatorInfo ::= Sequence {
* certs [0] IMPLICIT CertificateSet OPTIONAL,
* crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
* }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector();
if (certs != null)
{
v.Add(new DerTaggedObject(false, 0, certs));
}
if (crls != null)
{
v.Add(new DerTaggedObject(false, 1, crls));
}
return new DerSequence(v);
}
/**
*
* <pre>
*
* IetfAttrSyntax ::= Sequence {
* policyAuthority [0] GeneralNames OPTIONAL,
* values Sequence OF CHOICE {
* octets OCTET STRING,
* oid OBJECT IDENTIFIER,
* string UTF8String
* }
* }
*
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector();
if (policyAuthority != null)
{
v.Add(new DerTaggedObject(0, policyAuthority));
}
v.Add(new DerSequence(values));
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
* <pre>
* BasicConstraints := Sequence {
* cA Boolean DEFAULT FALSE,
* pathLenConstraint Integer (0..MAX) OPTIONAL
* }
* </pre>
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector();
if (cA != null)
{
v.Add(cA);
}
if (pathLenConstraint != null) // yes some people actually do this when cA is false...
{
v.Add(pathLenConstraint);
}
return new DerSequence(v);
}
/**
* Produce an object suitable for an Asn1OutputStream.
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector();
if (keyidentifier != null)
{
v.Add(new DerTaggedObject(false, 0, keyidentifier));
}
if (certissuer != null)
{
v.Add(new DerTaggedObject(false, 1, certissuer));
}
if (certserno != null)
{
v.Add(new DerTaggedObject(false, 2, certserno));
}
return new DerSequence(v);
}
internal static DerSet FromVector(Asn1EncodableVector v, bool needsSorting)
{
return(v.Count < 1 ? Empty : new DerSet(v, needsSorting));
}
