/**
* for when the public key is an encoded object - if the bitstring
* can't be decoded this routine throws an IOException.
*
* @exception IOException - if the bit string doesn't represent a DER
* encoded object.
*/
public ASN1Object getPublicKey()
{
MemoryStream bIn = new MemoryStream(keyData.getBytes());
ASN1InputStream dIn = new ASN1InputStream(bIn);
return(dIn.readObject());
}
/// <summary>
/// Convert to DER Sequence.
/// </summary>
/// <param name="bytes"></param>
/// <returns></returns>
private static ASN1Sequence toDERSequence(byte[] bytes)
{
MemoryStream bIn = new MemoryStream(bytes);
ASN1InputStream dIn = new ASN1InputStream(bIn);
return((ASN1Sequence)dIn.readObject());
}
/**
* Get the "subject" from the TBSCertificate bytes that are passed in
* @param enc A TBSCertificate in a byte array
* @return a DERObject
*/
private static ASN1Object GetSubject(byte[] enc)
{
ASN1InputStream inp = new ASN1InputStream(new MemoryStream(enc));
ASN1Sequence seq = (ASN1Sequence)inp.readObject();
return((ASN1Object)seq.getObjectAt(seq.getObjectAt(0) is DERTaggedObject ? 5 : 4));
}
/**
* Convert an inline encoded hex string rendition of an ASN.1
* object back into its corresponding ASN.1 object.
*
* @param str the hex encoded object
* @param off the index at which the encoding starts
* @return the decoded object
*/
protected ASN1Object convertHexEncoded(
string str,
int off)
{
str = str.ToLower();
byte[] data = new byte[str.Length / 2];
for (int index = 0; index != data.Length; index++)
{
char left = str[(index * 2) + off];
char right = str[(index * 2) + off + 1];
if (left < 'a')
{
data[index] = (byte)((left - '0') << 4);
}
else
{
data[index] = (byte)((left - 'a' + 10) << 4);
}
if (right < 'a')
{
data[index] |= (byte)(right - '0');
}
else
{
data[index] |= (byte)(right - 'a' + 10);
}
}
ASN1InputStream aIn = new ASN1InputStream(
new MemoryStream(data));
return(aIn.readObject());
}
public PrivateKeyInfo(
ASN1Sequence seq)
{
IEnumerator e = seq.getObjects();
e.MoveNext();
BigInteger version = ((DERInteger)e.Current).getValue();
if (version.intValue() != 0)
{
throw new ArgumentException("wrong version for private key info");
}
e.MoveNext();
algId = new AlgorithmIdentifier((ASN1Sequence)e.Current);
try
{
e.MoveNext();
MemoryStream bIn = new MemoryStream(((ASN1OctetString)e.Current).getOctets());
ASN1InputStream aIn = new ASN1InputStream(bIn);
privKey = aIn.readObject();
}
catch (IOException)
{
throw new ArgumentException("Error recoverying private key from sequence");
}
}
public static void main(string[] args)
{
FileStream fIn = new FileStream(args[0], FileMode.Open);
ASN1InputStream bIn = new ASN1InputStream(fIn);
object obj = null;
while ((obj = bIn.readObject()) != null)
{
Console.WriteLine(ASN1Dump.dumpAsString(obj));
}
}
private ASN1Object makeObj(byte[] encoding)
{
if (encoding == null)
{
return(null);
}
MemoryStream bIn = new MemoryStream(encoding);
ASN1InputStream aIn = new ASN1InputStream(bIn);
return(aIn.readObject());
}
private BigInteger[] derDecode(byte[] encoding)
{
MemoryStream bIn = new MemoryStream(encoding);
ASN1InputStream dIn = new ASN1InputStream(bIn);
ASN1Sequence s = (ASN1Sequence)dIn.readObject();
BigInteger[] sig = new BigInteger[2];
sig[0] = ((DERInteger)s.getObjectAt(0)).getValue();
sig[1] = ((DERInteger)s.getObjectAt(1)).getValue();
return(sig);
}
private DigestInfo derDecode(byte[] encoding)
{
if ((int)encoding[0] != ((int)ASN1Tags.CONSTRUCTED | (int)ASN1Tags.SEQUENCE))
{
throw new IOException("not a digest info object");
}
MemoryStream bIn = new MemoryStream(encoding);
ASN1InputStream aIn = new ASN1InputStream(bIn);
return(new DigestInfo((ASN1Sequence)aIn.readObject()));
}
private X509Certificate readPKCS7Certificate()
{
ASN1InputStream dIn = new ASN1InputStream(inStr);
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
if (seq.size() > 1 && seq.getObjectAt(0) is DERObjectIdentifier)
{
if (seq.getObjectAt(0).Equals(PKCSObjectIdentifiers.signedData))
{
sData = new SignedData(ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(1), true));
return(new X509Certificate(ASN1Sequence.getInstance(sData.getCertificates().getObjectAt(sDataObjectCount++))));
}
}
return(new X509Certificate(ASN1Sequence.getInstance(seq)));
}
/// <summary>
/// Get a key usage guidlines.
/// </summary>
/// <returns>A DER it string or null if they are not specified.</returns>
public KeyUsage getKeyUsage()
{
byte[] bytes = this.getExtensionBytes("2.5.29.15");
if (bytes != null)
{
try
{
ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(bytes));
return(new KeyUsage(DERBitString.getInstance(dIn.readObject())));
}
catch
{
throw new Exception("error processing key usage extension");
}
}
return(null);
}
public static PrivateKeyInfo createPrivateKeyInfo(
char[] passPhrase,
EncryptedPrivateKeyInfo encInfo)
{
CipherParameters keyParameters = PBEUtil.generateCipherParameters(encInfo.getEncryptionAlgorithm().getObjectId(), passPhrase, encInfo.getEncryptionAlgorithm().getParameters());
Object engine = PBEUtil.createEngine(encInfo.getEncryptionAlgorithm().getObjectId());
byte[] encoding = null;
if (engine is BufferedBlockCipher)
{
BufferedBlockCipher cipher = (BufferedBlockCipher)engine;
cipher.init(false, keyParameters);
byte[] keyBytes = encInfo.getEncryptedData();
int encLen = cipher.getOutputSize(keyBytes.Length);
encoding = new byte[encLen];
int off = cipher.processBytes(keyBytes, 0, keyBytes.Length, encoding, 0);
cipher.doFinal(encoding, off);
}
else if (engine is StreamCipher)
{
StreamCipher cipher = (StreamCipher)engine;
cipher.init(false, keyParameters);
byte[] keyBytes = encInfo.getEncryptedData();
encoding = new byte[keyBytes.Length];
cipher.processBytes(keyBytes, 0, keyBytes.Length, encoding, 0);
}
ASN1InputStream aIn = new ASN1InputStream(new MemoryStream(encoding));
return(PrivateKeyInfo.getInstance(aIn.readObject()));
}
ASN1Sequence decryptData(
AlgorithmIdentifier algId,
byte[] data,
char[] password)
{
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(algId.getParameters());
CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, pbeParams);
byte[] encoding = null;
Object engine = PBEUtil.createEngine(algId.getObjectId());
if (engine is BufferedBlockCipher)
{
BufferedBlockCipher cipher = (BufferedBlockCipher)engine;
cipher.init(false, keyParameters);
int encLen = cipher.getOutputSize(data.Length);
encoding = new byte[encLen];
int off = cipher.processBytes(data, 0, data.Length, encoding, 0);
cipher.doFinal(encoding, off);
}
else if (engine is StreamCipher)
{
StreamCipher cipher = (StreamCipher)engine;
cipher.init(false, keyParameters);
encoding = new byte[data.Length];
cipher.processBytes(data, 0, data.Length, encoding, 0);
}
ASN1InputStream bIn = new ASN1InputStream(new MemoryStream(encoding));
return((ASN1Sequence)bIn.readObject());
}
/**
* Verifies a signature using the sub-filter adbe.x509.rsa_sha1.
* @param contentsKey the /Contents key
* @param certsKey the /Cert key
* @param provider the provider or <code>null</code> for the default provider
* @throws SecurityException on error
* @throws CRLException on error
* @throws InvalidKeyException on error
* @throws CertificateException on error
* @throws NoSuchProviderException on error
* @throws NoSuchAlgorithmException on error
* @throws IOException on error
*/
public PdfPKCS7(byte[] contentsKey, byte[] certsKey)
{
X509CertificateParser cf = new X509CertificateParser(certsKey);
certs = new ArrayList();
signCert = cf.ReadCertificate();
certs.Add(signCert);
while (true)
{
X509Certificate cc = cf.ReadCertificate();
if (cc == null)
{
break;
}
certs.Add(cc);
}
crls = new ArrayList();
ASN1InputStream inp = new ASN1InputStream(new MemoryStream(contentsKey));
digest = ((DEROctetString)inp.readObject()).getOctets();
sig = SignerUtil.getSigner("SHA1withRSA");
sig.init(false, signCert.getPublicKey());
}
public Object getResponseObject()
{
ResponseBytes rb = this.resp.getResponseBytes();
if (rb == null)
{
return(null);
}
if (rb.getResponseType().Equals(OCSPObjectIdentifiers.id_pkix_ocsp_basic))
{
try
{
ASN1InputStream aIn = new ASN1InputStream(new MemoryStream(rb.getResponse().getOctets()));
return(new BasicOCSPResp(BasicOCSPResponse.getInstance(aIn.readObject())));
}
catch (Exception e)
{
throw new OCSPException("problem decoding object: " + e, e);
}
}
return(rb.getResponse());
}
/**
* Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes
* in the signerInfo can also be set. If either of the parameters is <CODE>null</CODE>, none will be used.
* @param secondDigest the digest in the authenticatedAttributes
* @param signingTime the signing time in the authenticatedAttributes
* @return the bytes for the PKCS7SignedData object
*/
public byte[] GetEncodedPKCS7(byte[] secondDigest, DateTime signingTime)
{
if (externalDigest != null)
{
digest = externalDigest;
if (RSAdata != null)
{
RSAdata = externalRSAdata;
}
}
else if (externalRSAdata != null && RSAdata != null)
{
RSAdata = externalRSAdata;
sig.update(RSAdata, 0, RSAdata.Length);
digest = sig.generateSignature();
}
else
{
if (RSAdata != null)
{
RSAdata = new byte[messageDigest.getDigestSize()];
messageDigest.doFinal(RSAdata, 0);
sig.update(RSAdata, 0, RSAdata.Length);
}
digest = sig.generateSignature();
}
// Create the set of Hash algorithms
ASN1EncodableVector digestAlgorithms = new ASN1EncodableVector();
foreach (string dal in digestalgos.Keys)
{
ASN1EncodableVector algos = new ASN1EncodableVector();
algos.add(new DERObjectIdentifier(dal));
algos.add(new DERNull());
digestAlgorithms.add(new DERSequence(algos));
}
// Create the contentInfo.
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_PKCS7_DATA));
if (RSAdata != null)
{
v.add(new DERTaggedObject(0, new DEROctetString(RSAdata)));
}
DERSequence contentinfo = new DERSequence(v);
// Get all the certificates
//
v = new ASN1EncodableVector();
foreach (X509Certificate xcert in certs)
{
ASN1InputStream tempstream = new ASN1InputStream(new MemoryStream(xcert.getEncoded()));
v.add(tempstream.readObject());
}
DERSet dercertificates = new DERSet(v);
// Create signerinfo structure.
//
ASN1EncodableVector signerinfo = new ASN1EncodableVector();
// Add the signerInfo version
//
signerinfo.add(new DERInteger(signerversion));
v = new ASN1EncodableVector();
v.add(GetIssuer(signCert.getTBSCertificate()));
v.add(new DERInteger(signCert.getSerialNumber()));
signerinfo.add(new DERSequence(v));
// Add the digestAlgorithm
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(digestAlgorithm));
v.add(new DERNull());
signerinfo.add(new DERSequence(v));
// add the authenticated attribute if present
if (secondDigest != null /*&& signingTime != null*/)
{
ASN1EncodableVector attribute = new ASN1EncodableVector();
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_CONTENT_TYPE));
v.add(new DERSet(new DERObjectIdentifier(ID_PKCS7_DATA)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_SIGNING_TIME));
v.add(new DERSet(new DERUTCTime(signingTime)));
attribute.add(new DERSequence(v));
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(ID_MESSAGE_DIGEST));
v.add(new DERSet(new DEROctetString(secondDigest)));
attribute.add(new DERSequence(v));
signerinfo.add(new DERTaggedObject(false, 0, new DERSet(attribute)));
}
// Add the digestEncryptionAlgorithm
v = new ASN1EncodableVector();
v.add(new DERObjectIdentifier(digestEncryptionAlgorithm));
v.add(new DERNull());
signerinfo.add(new DERSequence(v));
// Add the digest
signerinfo.add(new DEROctetString(digest));
// Finally build the body out of all the components above
ASN1EncodableVector body = new ASN1EncodableVector();
body.add(new DERInteger(version));
body.add(new DERSet(digestAlgorithms));
body.add(contentinfo);
body.add(new DERTaggedObject(false, 0, dercertificates));
// if (crls.Count > 0) {
// v = new ASN1EncodableVector();
// for (Iterator i = crls.iterator();i.hasNext();) {
// ASN1InputStream t = new ASN1InputStream(new ByteArrayInputStream((((X509CRL)i.next()).getEncoded())));
// v.add(t.readObject());
// }
// DERSet dercrls = new DERSet(v);
// body.add(new DERTaggedObject(false, 1, dercrls));
// }
// Only allow one signerInfo
body.add(new DERSet(new DERSequence(signerinfo)));
// Now we have the body, wrap it in it's PKCS7Signed shell
// and return it
//
ASN1EncodableVector whole = new ASN1EncodableVector();
whole.add(new DERObjectIdentifier(ID_PKCS7_SIGNED_DATA));
whole.add(new DERTaggedObject(0, new DERSequence(body)));
MemoryStream bOut = new MemoryStream();
ASN1OutputStream dout = new ASN1OutputStream(bOut);
dout.writeObject(new DERSequence(whole));
dout.Close();
return(bOut.ToArray());
}
public X509CertificateEntry[] getCertificateChain(
String alias)
{
if (alias == null)
{
throw new ArgumentException("null alias passed to getCertificateChain.");
}
X509CertificateEntry c = getCertificate(alias);
if (c != null)
{
ArrayList cs = new ArrayList();
while (c != null)
{
X509Certificate x509c = c.getCertificate();
X509CertificateEntry nextC = null;
X509Extension ext = x509c.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (ext != null)
{
ASN1InputStream aIn = new ASN1InputStream(new MemoryStream(ext.getValue().getOctets()));
AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence)aIn.readObject());
if (id.getKeyIdentifier() != null)
{
nextC = (X509CertificateEntry)chainCerts[new CertId(id.getKeyIdentifier())];
}
}
if (nextC == null)
{
//
// no authority key id, try the Issuer DN
//
X509Name i = x509c.getIssuerDN();
X509Name s = x509c.getSubjectDN();
if (!i.Equals(s))
{
IEnumerator e = chainCerts.Keys.GetEnumerator();
while (e.MoveNext())
{
X509Certificate crt = ((X509CertificateEntry)chainCerts[e.Current]).getCertificate();
X509Name sub = crt.getSubjectDN();
if (sub.Equals(i))
{
try
{
x509c.verify(crt.getPublicKey());
nextC = ((X509CertificateEntry)chainCerts[e.Current]);
break;
}
catch
{
// continue
}
}
}
}
}
cs.Add(c);
if (nextC != c) // self signed - end of the chain
{
c = nextC;
}
else
{
c = null;
}
}
X509CertificateEntry[] certChain = new X509CertificateEntry[cs.Count];
for (int i = 0; i != certChain.Length; i++)
{
certChain[i] = (X509CertificateEntry)cs[i];
}
return(certChain);
}
return(null);
}
/**
* Verifies a signature using the sub-filter adbe.pkcs7.detached or
* adbe.pkcs7.sha1.
* @param contentsKey the /Contents key
* @param provider the provider or <code>null</code> for the default provider
* @throws SecurityException on error
* @throws CRLException on error
* @throws InvalidKeyException on error
* @throws CertificateException on error
* @throws NoSuchProviderException on error
* @throws NoSuchAlgorithmException on error
*/
public PdfPKCS7(byte[] contentsKey)
{
ASN1InputStream din = new ASN1InputStream(new MemoryStream(contentsKey));
//
// Basic checks to make sure it's a PKCS#7 SignedData Object
//
ASN1Object pkcs;
try {
pkcs = din.readObject();
}
catch {
throw new ArgumentException("can't decode PKCS7SignedData object");
}
if (!(pkcs is ASN1Sequence))
{
throw new ArgumentException("Not a valid PKCS#7 object - not a sequence");
}
ASN1Sequence signedData = (ASN1Sequence)pkcs;
DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0);
if (!objId.getId().Equals(ID_PKCS7_SIGNED_DATA))
{
throw new ArgumentException("Not a valid PKCS#7 object - not signed data");
}
ASN1Sequence content = (ASN1Sequence)((DERTaggedObject)signedData.getObjectAt(1)).getObject();
// the positions that we care are:
// 0 - version
// 1 - digestAlgorithms
// 2 - possible ID_PKCS7_DATA
// (the certificates and crls are taken out by other means)
// last - signerInfos
// the version
version = ((DERInteger)content.getObjectAt(0)).getValue().intValue();
// the digestAlgorithms
digestalgos = new Hashtable();
IEnumerator e = ((ASN1Set)content.getObjectAt(1)).getObjects();
while (e.MoveNext())
{
ASN1Sequence s = (ASN1Sequence)e.Current;
DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0);
digestalgos[o.getId()] = null;
}
// the certificates and crls
X509CertificateParser cf = new X509CertificateParser(contentsKey);
certs = new ArrayList();
while (true)
{
X509Certificate cc = cf.ReadCertificate();
if (cc == null)
{
break;
}
certs.Add(cc);
}
crls = new ArrayList();
// the possible ID_PKCS7_DATA
ASN1Sequence rsaData = (ASN1Sequence)content.getObjectAt(2);
if (rsaData.size() > 1)
{
DEROctetString rsaDataContent = (DEROctetString)((DERTaggedObject)rsaData.getObjectAt(1)).getObject();
RSAdata = rsaDataContent.getOctets();
}
// the signerInfos
int next = 3;
while (content.getObjectAt(next) is DERTaggedObject)
{
++next;
}
ASN1Set signerInfos = (ASN1Set)content.getObjectAt(next);
if (signerInfos.size() != 1)
{
throw new ArgumentException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time");
}
ASN1Sequence signerInfo = (ASN1Sequence)signerInfos.getObjectAt(0);
// the positions that we care are
// 0 - version
// 1 - the signing certificate serial number
// 2 - the digest algorithm
// 3 or 4 - digestEncryptionAlgorithm
// 4 or 5 - encryptedDigest
signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue();
// Get the signing certificate
ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1);
BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue();
foreach (X509Certificate cert in certs)
{
if (serialNumber.Equals(cert.getSerialNumber()))
{
signCert = cert;
break;
}
}
if (signCert == null)
{
throw new ArgumentException("Can't find signing certificate with serial " + serialNumber.ToString(16));
}
digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId();
next = 3;
if (signerInfo.getObjectAt(next) is ASN1TaggedObject)
{
ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next);
ASN1Sequence sseq = (ASN1Sequence)tagsig.getObject();
MemoryStream bOut = new MemoryStream();
ASN1OutputStream dout = new ASN1OutputStream(bOut);
try {
ASN1EncodableVector attribute = new ASN1EncodableVector();
for (int k = 0; k < sseq.size(); ++k)
{
attribute.add(sseq.getObjectAt(k));
}
dout.writeObject(new DERSet(attribute));
dout.Close();
}
catch (IOException) {}
sigAttr = bOut.ToArray();
for (int k = 0; k < sseq.size(); ++k)
{
ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k);
if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().Equals(ID_MESSAGE_DIGEST))
{
ASN1Set sset = (ASN1Set)seq2.getObjectAt(1);
digestAttr = ((DEROctetString)sset.getObjectAt(0)).getOctets();
break;
}
}
if (digestAttr == null)
{
throw new ArgumentException("Authenticated attribute is missing the digest.");
}
++next;
}
digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId();
digest = ((DEROctetString)signerInfo.getObjectAt(next)).getOctets();
if (RSAdata != null || digestAttr != null)
{
messageDigest = GetHashClass();
}
sig = SignerUtil.getSigner(GetDigestAlgorithm());
sig.init(false, signCert.getPublicKey());
}
public PKCS12Store(
Stream input,
char[] password)
{
if (password == null)
{
throw new ArgumentException("No password supplied for PKCS12Store.");
}
ASN1InputStream bIn = new ASN1InputStream(input);
ASN1Sequence obj = (ASN1Sequence)bIn.readObject();
Pfx bag = new Pfx(obj);
ContentInfo info = bag.getAuthSafe();
ArrayList chain = new ArrayList();
bool unmarkedKey = false;
if (bag.getMacData() != null) // check the mac code
{
MemoryStream bOut = new MemoryStream();
BEROutputStream berOut = new BEROutputStream(bOut);
MacData mData = bag.getMacData();
DigestInfo dInfo = mData.getMac();
AlgorithmIdentifier algId = dInfo.getAlgorithmId();
byte[] salt = mData.getSalt();
int itCount = mData.getIterationCount().intValue();
berOut.writeObject(info);
byte[] data = ((ASN1OctetString)info.getContent()).getOctets();
try
{
ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(algId.getObjectId(), mData.getSalt(), mData.getIterationCount().intValue());
CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, parameters);
Mac mac = (Mac)PBEUtil.createEngine(algId.getObjectId());
mac.init(keyParameters);
mac.update(data, 0, data.Length);
byte[] res = new byte[mac.getMacSize()];
mac.doFinal(res, 0);
byte[] dig = dInfo.getDigest();
if (res.Length != dig.Length)
{
throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
for (int i = 0; i != res.Length; i++)
{
if (res[i] != dig[i])
{
throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file.");
}
}
}
catch (Exception e)
{
throw new Exception("error constructing MAC: " + e.Message);
}
}
keys = new Hashtable();
localIds = new Hashtable();
if (info.getContentType().Equals(PKCSObjectIdentifiers.data))
{
bIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)info.getContent()).getOctets()));
AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject());
ContentInfo[] c = authSafe.getContentInfo();
for (int i = 0; i != c.Length; i++)
{
if (c[i].getContentType().Equals(PKCSObjectIdentifiers.data))
{
ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)c[i].getContent()).getOctets()));
ASN1Sequence seq = (ASN1Sequence)dIn.readObject();
for (int j = 0; j != seq.size(); j++)
{
SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
String alias = null;
ASN1OctetString localId = null;
if (b.getBagAttributes() != null)
{
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
}
if (localId != null)
{
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else
{
unmarkedKey = true;
keys.Add("unmarked", privKey);
}
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
{
chain.Add(b);
}
else
{
Console.WriteLine("extra " + b.getBagId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
}
}
}
else if (c[i].getContentType().Equals(PKCSObjectIdentifiers.encryptedData))
{
EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent());
ASN1Sequence seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password);
for (int j = 0; j != seq.size(); j++)
{
SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j));
if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag))
{
chain.Add(b);
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag))
{
EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue());
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn);
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo);
//
// set the attributes on the key
//
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
String alias = null;
ASN1OctetString localId = null;
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else if (b.getBagId().Equals(PKCSObjectIdentifiers.keyBag))
{
PrivateKeyInfo pIn = PrivateKeyInfo.getInstance(b.getBagValue());
AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(pIn);
//
// set the attributes on the key
//
String alias = null;
ASN1OctetString localId = null;
Hashtable attributes = new Hashtable();
AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes);
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
ASN1Encodable attr = null;
if (attrSet.size() > 0)
{
attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
}
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
keys.Add(alias, pkcs12Key);
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
String name = byteArrayToString(Hex.encode(localId.getOctets()));
if (alias == null)
{
keys.Add(name, pkcs12Key);
}
else
{
localIds.Add(alias, name);
}
}
else
{
Console.WriteLine("extra " + b.getBagId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(b));
}
}
}
else
{
Console.WriteLine("extra " + c[i].getContentType().getId());
Console.WriteLine("extra " + ASN1Dump.dumpAsString(c[i].getContent()));
}
}
}
certs = new Hashtable();
chainCerts = new Hashtable();
keyCerts = new Hashtable();
for (int i = 0; i != chain.Count; i++)
{
SafeBag b = (SafeBag)chain[i];
CertBag cb = new CertBag((ASN1Sequence)b.getBagValue());
X509Certificate cert = new X509Certificate(((ASN1OctetString)cb.getCertValue()).getOctets());
//
// set the attributes
//
Hashtable attributes = new Hashtable();
X509CertificateEntry pkcs12cert = new X509CertificateEntry(cert, attributes);
ASN1OctetString localId = null;
String alias = null;
if (b.getBagAttributes() != null)
{
IEnumerator e = b.getBagAttributes().getObjects();
while (e.MoveNext())
{
ASN1Sequence sq = (ASN1Sequence)e.Current;
DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0);
ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1);
if (attrSet.size() > 0)
{
ASN1Encodable attr = attrSet.getObjectAt(0);
attributes.Add(aOid.getId(), attr);
if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName))
{
alias = ((DERBMPString)attr).getString();
}
else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId))
{
localId = (ASN1OctetString)attr;
}
}
}
}
chainCerts.Add(new CertId(cert.getPublicKey()), pkcs12cert);
if (unmarkedKey)
{
if (keyCerts.Count == 0)
{
String name = byteArrayToString(Hex.encode(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getPublicKey())).getKeyIdentifier()));
keyCerts.Add(name, pkcs12cert);
keys.Add(name, keys["unmarked"]);
keys.Remove("unmarked");
}
}
else
{
if (alias == null)
{
if (localId != null)
{
String name = byteArrayToString(Hex.encode(localId.getOctets()));
keyCerts.Add(name, pkcs12cert);
}
}
else
{
certs.Add(alias, pkcs12cert);
}
}
}
}
