internal unsafe SubjectIdentifier(CAPI.CRYPTOAPI_BLOB issuer, CAPI.CRYPTOAPI_BLOB serialNumber)
{
// If serial number is 0, then it is the special SKI encoding or NoSignature
bool isSKIorHashOnly = true;
byte *pb = (byte *)serialNumber.pbData;
for (uint i = 0; i < serialNumber.cbData; i++)
{
if (*pb++ != (byte)0)
{
isSKIorHashOnly = false;
break;
}
}
if (isSKIorHashOnly)
{
byte[] issuerBytes = new byte[issuer.cbData];
Marshal.Copy(issuer.pbData, issuerBytes, 0, issuerBytes.Length);
X500DistinguishedName dummyName = new X500DistinguishedName(issuerBytes);
if (String.Compare(CAPI.DummySignerCommonName, dummyName.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
Reset(SubjectIdentifierType.NoSignature, null);
return;
}
}
if (isSKIorHashOnly)
{
// Decode disguised SKI in issuer field (See WinCrypt.h for more info). Note that some certificates may contain
// an all-zero serial number but not be encoded with an szOID_KEYID_RDN. In order to allow use of signatures created
// using these certificates, we will first try to find the szOID_KEYID_RDN, but if it does not exist, fall back to just
// decoding the incoming issuer and serial number.
m_type = SubjectIdentifierType.SubjectKeyIdentifier;
m_value = String.Empty;
uint cbCertNameInfo = 0;
SafeLocalAllocHandle pbCertNameInfo = SafeLocalAllocHandle.InvalidHandle;
if (CAPI.DecodeObject(new IntPtr(CAPI.X509_NAME),
issuer.pbData,
issuer.cbData,
out pbCertNameInfo,
out cbCertNameInfo))
{
using (pbCertNameInfo) {
checked {
CAPI.CERT_NAME_INFO certNameInfo = (CAPI.CERT_NAME_INFO)Marshal.PtrToStructure(pbCertNameInfo.DangerousGetHandle(), typeof(CAPI.CERT_NAME_INFO));
for (uint i = 0; i < certNameInfo.cRDN; i++)
{
CAPI.CERT_RDN certRdn = (CAPI.CERT_RDN)Marshal.PtrToStructure(new IntPtr((long)certNameInfo.rgRDN + (long)(i * Marshal.SizeOf(typeof(CAPI.CERT_RDN)))), typeof(CAPI.CERT_RDN));
for (uint j = 0; j < certRdn.cRDNAttr; j++)
{
CAPI.CERT_RDN_ATTR certRdnAttr = (CAPI.CERT_RDN_ATTR)Marshal.PtrToStructure(new IntPtr((long)certRdn.rgRDNAttr + (long)(j * Marshal.SizeOf(typeof(CAPI.CERT_RDN_ATTR)))), typeof(CAPI.CERT_RDN_ATTR));
if (String.Compare(CAPI.szOID_KEYID_RDN, certRdnAttr.pszObjId, StringComparison.OrdinalIgnoreCase) == 0)
{
if (certRdnAttr.dwValueType == CAPI.CERT_RDN_OCTET_STRING)
{
byte[] ski = new byte[certRdnAttr.Value.cbData];
Marshal.Copy(certRdnAttr.Value.pbData, ski, 0, ski.Length);
Reset(SubjectIdentifierType.SubjectKeyIdentifier, X509Utils.EncodeHexString(ski));
return;
}
}
}
}
}
}
}
}
CAPI.CERT_ISSUER_SERIAL_NUMBER IssuerAndSerial;
IssuerAndSerial.Issuer = issuer;
IssuerAndSerial.SerialNumber = serialNumber;
X509IssuerSerial issuerSerial = PkcsUtils.DecodeIssuerSerial(IssuerAndSerial);
Reset(SubjectIdentifierType.IssuerAndSerialNumber, issuerSerial);
}
internal SubjectIdentifier(CAPI.CRYPTOAPI_BLOB issuer, CAPI.CRYPTOAPI_BLOB serialNumber)
{
bool flag = true;
byte *numPtr = (byte *)(void *)serialNumber.pbData;
for (uint index = 0U; index < serialNumber.cbData; ++index)
{
if ((int)*numPtr++ != 0)
{
flag = false;
break;
}
}
if (flag)
{
byte[] numArray = new byte[(IntPtr)issuer.cbData];
Marshal.Copy(issuer.pbData, numArray, 0, numArray.Length);
if (string.Compare("CN=Dummy Signer", new X500DistinguishedName(numArray).Name, StringComparison.OrdinalIgnoreCase) == 0)
{
this.Reset(SubjectIdentifierType.NoSignature, (object)null);
return;
}
}
if (flag)
{
this.m_type = SubjectIdentifierType.SubjectKeyIdentifier;
this.m_value = (object)string.Empty;
uint cbDecodedValue = 0U;
SafeLocalAllocHandle decodedValue = SafeLocalAllocHandle.InvalidHandle;
if (!CAPI.DecodeObject(new IntPtr(7L), issuer.pbData, issuer.cbData, out decodedValue, out cbDecodedValue))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
using (decodedValue)
{
CAPI.CERT_NAME_INFO certNameInfo = (CAPI.CERT_NAME_INFO)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPI.CERT_NAME_INFO));
for (uint index1 = 0U; index1 < certNameInfo.cRDN; ++index1)
{
CAPI.CERT_RDN certRdn = (CAPI.CERT_RDN)Marshal.PtrToStructure(new IntPtr((long)certNameInfo.rgRDN + (long)index1 * (long)Marshal.SizeOf(typeof(CAPI.CERT_RDN))), typeof(CAPI.CERT_RDN));
for (uint index2 = 0U; index2 < certRdn.cRDNAttr; ++index2)
{
CAPI.CERT_RDN_ATTR certRdnAttr = (CAPI.CERT_RDN_ATTR)Marshal.PtrToStructure(new IntPtr((long)certRdn.rgRDNAttr + (long)index2 * (long)Marshal.SizeOf(typeof(CAPI.CERT_RDN_ATTR))), typeof(CAPI.CERT_RDN_ATTR));
if (string.Compare("1.3.6.1.4.1.311.10.7.1", certRdnAttr.pszObjId, StringComparison.OrdinalIgnoreCase) == 0 && (int)certRdnAttr.dwValueType == 2)
{
byte[] numArray = new byte[(IntPtr)certRdnAttr.Value.cbData];
Marshal.Copy(certRdnAttr.Value.pbData, numArray, 0, numArray.Length);
this.Reset(SubjectIdentifierType.SubjectKeyIdentifier, (object)X509Utils.EncodeHexString(numArray));
return;
}
}
}
}
throw new CryptographicException(-2146889715);
}
else
{
CAPI.CERT_ISSUER_SERIAL_NUMBER pIssuerAndSerial;
pIssuerAndSerial.Issuer = issuer;
pIssuerAndSerial.SerialNumber = serialNumber;
this.Reset(SubjectIdentifierType.IssuerAndSerialNumber, (object)PkcsUtils.DecodeIssuerSerial(pIssuerAndSerial));
}
}
