public Attribute( DERObjectIdentifier attrType, ASN1Set attrValues) { this.attrType = attrType; this.attrValues = attrValues; }
public EnvelopedData( OriginatorInfo originatorInfo, ASN1Set recipientInfos, EncryptedContentInfo encryptedContentInfo, ASN1Set unprotectedAttrs) { if (originatorInfo != null || unprotectedAttrs != null) { version = new DERInteger(2); } else { version = new DERInteger(0); IEnumerator e = recipientInfos.getObjects(); while (e.MoveNext()) { RecipientInfo ri = RecipientInfo.getInstance(e.Current); if (!ri.getVersion().Equals(version)) { version = new DERInteger(2); break; } } } this.originatorInfo = originatorInfo; this.recipientInfos = recipientInfos; this.encryptedContentInfo = encryptedContentInfo; this.unprotectedAttrs = unprotectedAttrs; }
/** * Constructs an X509 name * @param seq an ASN1 Sequence */ public X509Name(ASN1Sequence seq) { IEnumerator e = seq.getObjects(); while (e.MoveNext()) { ASN1Set sett = (ASN1Set)e.Current; for (int i = 0; i < sett.size(); i++) { ASN1Sequence s = (ASN1Sequence)sett.getObjectAt(i); String id = (String)DefaultSymbols[s.getObjectAt(0)]; if (id == null) { continue; } ArrayList vs = (ArrayList)values[id]; if (vs == null) { vs = new ArrayList(); values[id] = vs; } vs.Add(((DERString)s.getObjectAt(1)).getString()); } } }
public OriginatorInfo( ASN1Sequence seq) { switch (seq.size()) { case 0: // empty break; case 1: ASN1TaggedObject o = (ASN1TaggedObject)seq.getObjectAt(0); switch ((int)o.getTagNo()) { case 0: certs = ASN1Set.getInstance(o, false); break; case 1: crls = ASN1Set.getInstance(o, false); break; default: throw new ArgumentException("Bad tag in OriginatorInfo: " + o.getTagNo()); } break; case 2: certs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(0), false); crls = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(1), false); break; default: throw new ArgumentException("OriginatorInfo too big"); } }
public OriginatorInfo( ASN1Set certs, ASN1Set crls) { this.certs = certs; this.crls = crls; }
public SafeBag( DERObjectIdentifier oid, ASN1Object obj) { this.bagId = oid; this.bagValue = obj; this.bagAttributes = null; }
public SafeBag( DERObjectIdentifier oid, ASN1Object obj, ASN1Set bagAttributes) { this.bagId = oid; this.bagValue = obj; this.bagAttributes = bagAttributes; }
public SafeBag( ASN1Sequence seq) { this.bagId = (DERObjectIdentifier)seq.getObjectAt(0); this.bagValue = ((DERTaggedObject)seq.getObjectAt(1)).getObject(); if (seq.size() == 3) { this.bagAttributes = (ASN1Set)seq.getObjectAt(2); } }
public AttributeTable( ASN1Set s) { for (int i = 0; i != s.size(); i++) { Attribute a = Attribute.getInstance(s.getObjectAt(i)); attributes.Add(a.getAttrType(), a); } }
/// <summary> /// Instanciate a PKCS10CertificationRequest object with the necessary credentials. /// </summary> ///<param name="signatureAlgorithm">Name of Sig Alg.</param> /// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param> /// <param name="key">Public Key to be included in cert reqest.</param> /// <param name="attributes">ASN1Set of Attributes.</param> /// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param> public PKCS10CertificationRequest(String signatureAlgorithm, X509Name subject, AsymmetricKeyParameter key, ASN1Set attributes, AsymmetricKeyParameter signingKey) { DERObjectIdentifier sigOID = SignerUtil.getObjectIdentifier(signatureAlgorithm.ToUpper()); if (sigOID == null) { throw new ArgumentException("Unknown signature type requested"); } if (subject == null) { throw new ArgumentException("subject must not be null"); } if (key == null) { throw new ArgumentException("public key must not be null"); } this.sigAlgId = new AlgorithmIdentifier(sigOID, null); SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(key); this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes); Signer sig = null; // Create appropriate Signature. sig = SignerUtil.getSigner(sigAlgId.getObjectId()); sig.init(true, signingKey); // Encode. MemoryStream mStr = new MemoryStream(); DEROutputStream derOut = new DEROutputStream(mStr); derOut.writeObject(reqInfo); // Sign byte[] b = mStr.ToArray(); sig.update(b, 0, b.Length); // Generate Signature. sigBits = new DERBitString(sig.generateSignature()); }
public CertificationRequestInfo( X509Name subject, SubjectPublicKeyInfo pkInfo, ASN1Set attributes) { this.subject = subject; this.subjectPKInfo = pkInfo; this.attributes = attributes; if ((subject == null) || (version == null) || (subjectPKInfo == null)) { throw new ArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); } }
public DistributionPointName( ASN1TaggedObject obj) { this.type = obj.getTagNo(); if (type == FULL_NAME) { this.name = GeneralNames.getInstance(obj, false); } else { this.name = ASN1Set.getInstance(obj, false); } }
public SignedData( DERInteger _version, ASN1Set _digestAlgorithms, ContentInfo _contentInfo, ASN1Set _certificates, ASN1Set _crls, ASN1Set _signerInfos) { version = _version; digestAlgorithms = _digestAlgorithms; contentInfo = _contentInfo; certificates = _certificates; crls = _crls; signerInfos = _signerInfos; }
public SignedData( ASN1Sequence seq) { IEnumerator e = seq.getObjects(); e.MoveNext(); version = (DERInteger)e.Current; e.MoveNext(); digestAlgorithms = ((ASN1Set)e.Current); e.MoveNext(); contentInfo = ContentInfo.getInstance(e.Current); while (e.MoveNext()) { ASN1Object o = (ASN1Object)e.Current; // // an interesting feature of SignedData is that there appear // to be varying implementations... // for the moment we ignore anything which doesn't fit. // if (o is ASN1TaggedObject) { ASN1TaggedObject tagged = (ASN1TaggedObject)o; switch ((int)tagged.getTagNo()) { case 0: certBer = tagged is BERTaggedObject; certificates = ASN1Set.getInstance(tagged, false); break; case 1: crlsBer = tagged is BERTaggedObject; crls = ASN1Set.getInstance(tagged, false); break; default: throw new ArgumentException("unknown tag value " + tagged.getTagNo()); } } else { signerInfos = (ASN1Set)o; } } }
public SignerInfo( DERInteger version, IssuerAndSerialNumber issuerAndSerialNumber, AlgorithmIdentifier digAlgorithm, ASN1Set authenticatedAttributes, AlgorithmIdentifier digEncryptionAlgorithm, ASN1OctetString encryptedDigest, ASN1Set unauthenticatedAttributes) { this.version = version; this.issuerAndSerialNumber = issuerAndSerialNumber; this.digAlgorithm = digAlgorithm; this.authenticatedAttributes = authenticatedAttributes; this.digEncryptionAlgorithm = digEncryptionAlgorithm; this.encryptedDigest = encryptedDigest; this.unauthenticatedAttributes = unauthenticatedAttributes; }
public SignedData( ASN1Set digestAlgorithms, ContentInfo contentInfo, ASN1Set certificates, ASN1Set crls, ASN1Set signerInfos) { if (contentInfo.getContentType().Equals(CMSObjectIdentifiers.data)) { // // we should also be looking for attribute certificates here, // later. // IEnumerator e = signerInfos.getObjects(); bool v3Found = false; while (e.MoveNext()) { SignerInfo s = SignerInfo.getInstance(e.Current); if (s.getVersion().getValue().intValue() == 3) { v3Found = true; } } if (v3Found) { this.version = new DERInteger(3); } else { this.version = new DERInteger(1); } } else { this.version = new DERInteger(3); } this.digestAlgorithms = digestAlgorithms; this.contentInfo = contentInfo; this.certificates = certificates; this.crls = crls; this.signerInfos = signerInfos; }
/** * Constructor from ASN1Sequence * * the principal will be a list of constructed sets, each containing an (OID, String) pair. */ public X509Name( ASN1Sequence seq) { this.seq = seq; IEnumerator e = seq.getObjects(); while (e.MoveNext()) { ASN1Set set = (ASN1Set)e.Current; for (int i = 0; i < set.size(); i++) { ASN1Sequence s = (ASN1Sequence)set.getObjectAt(i); ordering.Add(s.getObjectAt(0)); values.Add(((DERString)s.getObjectAt(1)).getString()); added.Add(i != 0); } } }
public SignerInfo( ASN1Sequence seq) { IEnumerator e = seq.getObjects(); e.MoveNext(); version = (DERInteger)e.Current; e.MoveNext(); issuerAndSerialNumber = IssuerAndSerialNumber.getInstance(e.Current); e.MoveNext(); digAlgorithm = AlgorithmIdentifier.getInstance(e.Current); e.MoveNext(); object obj = e.Current; if (obj is ASN1TaggedObject) { authenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)obj, false); e.MoveNext(); digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(e.Current); } else { authenticatedAttributes = null; digEncryptionAlgorithm = AlgorithmIdentifier.getInstance(obj); } e.MoveNext(); encryptedDigest = DEROctetString.getInstance(e.Current); if (e.MoveNext()) { unauthenticatedAttributes = ASN1Set.getInstance((ASN1TaggedObject)e.Current, false); } else { unauthenticatedAttributes = null; } }
public CertificationRequestInfo( ASN1Sequence seq) { version = (DERInteger)seq.getObjectAt(0); subject = X509Name.getInstance(seq.getObjectAt(1)); subjectPKInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(2)); // // some CertificationRequestInfo objects seem to treat this field // as optional. // if (seq.size() > 3) { DERTaggedObject tagobj = (DERTaggedObject)seq.getObjectAt(3); attributes = ASN1Set.getInstance(tagobj, false); } if ((subject == null) || (version == null) || (subjectPKInfo == null)) { throw new ArgumentException("Not all mandatory fields set in CertificationRequestInfo generator."); } }
public SignerInfo( SignerIdentifier sid, AlgorithmIdentifier digAlgorithm, ASN1Set authenticatedAttributes, AlgorithmIdentifier digEncryptionAlgorithm, ASN1OctetString encryptedDigest, ASN1Set unauthenticatedAttributes) { if (sid.isTagged()) { this.version = new DERInteger(3); } else { this.version = new DERInteger(1); } this.sid = sid; this.digAlgorithm = digAlgorithm; this.authenticatedAttributes = authenticatedAttributes; this.digEncryptionAlgorithm = digEncryptionAlgorithm; this.encryptedDigest = encryptedDigest; this.unauthenticatedAttributes = unauthenticatedAttributes; }
public EnvelopedData( ASN1Sequence seq) { int index = 0; version = (DERInteger)seq.getObjectAt(index++); Object tmp = seq.getObjectAt(index++); if (tmp is ASN1TaggedObject) { originatorInfo = OriginatorInfo.getInstance((ASN1TaggedObject)tmp, false); tmp = seq.getObjectAt(index++); } recipientInfos = ASN1Set.getInstance(tmp); encryptedContentInfo = EncryptedContentInfo.getInstance(seq.getObjectAt(index++)); if (seq.size() > index) { unprotectedAttrs = ASN1Set.getInstance((ASN1TaggedObject)seq.getObjectAt(index), false); } }
/** * Verifies a signature using the sub-filter adbe.pkcs7.detached or * adbe.pkcs7.sha1. * @param contentsKey the /Contents key * @param provider the provider or <code>null</code> for the default provider * @throws SecurityException on error * @throws CRLException on error * @throws InvalidKeyException on error * @throws CertificateException on error * @throws NoSuchProviderException on error * @throws NoSuchAlgorithmException on error */ public PdfPKCS7(byte[] contentsKey) { ASN1InputStream din = new ASN1InputStream(new MemoryStream(contentsKey)); // // Basic checks to make sure it's a PKCS#7 SignedData Object // ASN1Object pkcs; try { pkcs = din.readObject(); } catch { throw new ArgumentException("can't decode PKCS7SignedData object"); } if (!(pkcs is ASN1Sequence)) { throw new ArgumentException("Not a valid PKCS#7 object - not a sequence"); } ASN1Sequence signedData = (ASN1Sequence)pkcs; DERObjectIdentifier objId = (DERObjectIdentifier)signedData.getObjectAt(0); if (!objId.getId().Equals(ID_PKCS7_SIGNED_DATA)) { throw new ArgumentException("Not a valid PKCS#7 object - not signed data"); } ASN1Sequence content = (ASN1Sequence)((DERTaggedObject)signedData.getObjectAt(1)).getObject(); // the positions that we care are: // 0 - version // 1 - digestAlgorithms // 2 - possible ID_PKCS7_DATA // (the certificates and crls are taken out by other means) // last - signerInfos // the version version = ((DERInteger)content.getObjectAt(0)).getValue().intValue(); // the digestAlgorithms digestalgos = new Hashtable(); IEnumerator e = ((ASN1Set)content.getObjectAt(1)).getObjects(); while (e.MoveNext()) { ASN1Sequence s = (ASN1Sequence)e.Current; DERObjectIdentifier o = (DERObjectIdentifier)s.getObjectAt(0); digestalgos[o.getId()] = null; } // the certificates and crls X509CertificateParser cf = new X509CertificateParser(contentsKey); certs = new ArrayList(); while (true) { X509Certificate cc = cf.ReadCertificate(); if (cc == null) { break; } certs.Add(cc); } crls = new ArrayList(); // the possible ID_PKCS7_DATA ASN1Sequence rsaData = (ASN1Sequence)content.getObjectAt(2); if (rsaData.size() > 1) { DEROctetString rsaDataContent = (DEROctetString)((DERTaggedObject)rsaData.getObjectAt(1)).getObject(); RSAdata = rsaDataContent.getOctets(); } // the signerInfos int next = 3; while (content.getObjectAt(next) is DERTaggedObject) { ++next; } ASN1Set signerInfos = (ASN1Set)content.getObjectAt(next); if (signerInfos.size() != 1) { throw new ArgumentException("This PKCS#7 object has multiple SignerInfos - only one is supported at this time"); } ASN1Sequence signerInfo = (ASN1Sequence)signerInfos.getObjectAt(0); // the positions that we care are // 0 - version // 1 - the signing certificate serial number // 2 - the digest algorithm // 3 or 4 - digestEncryptionAlgorithm // 4 or 5 - encryptedDigest signerversion = ((DERInteger)signerInfo.getObjectAt(0)).getValue().intValue(); // Get the signing certificate ASN1Sequence issuerAndSerialNumber = (ASN1Sequence)signerInfo.getObjectAt(1); BigInteger serialNumber = ((DERInteger)issuerAndSerialNumber.getObjectAt(1)).getValue(); foreach (X509Certificate cert in certs) { if (serialNumber.Equals(cert.getSerialNumber())) { signCert = cert; break; } } if (signCert == null) { throw new ArgumentException("Can't find signing certificate with serial " + serialNumber.ToString(16)); } digestAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(2)).getObjectAt(0)).getId(); next = 3; if (signerInfo.getObjectAt(next) is ASN1TaggedObject) { ASN1TaggedObject tagsig = (ASN1TaggedObject)signerInfo.getObjectAt(next); ASN1Sequence sseq = (ASN1Sequence)tagsig.getObject(); MemoryStream bOut = new MemoryStream(); ASN1OutputStream dout = new ASN1OutputStream(bOut); try { ASN1EncodableVector attribute = new ASN1EncodableVector(); for (int k = 0; k < sseq.size(); ++k) { attribute.add(sseq.getObjectAt(k)); } dout.writeObject(new DERSet(attribute)); dout.Close(); } catch (IOException) {} sigAttr = bOut.ToArray(); for (int k = 0; k < sseq.size(); ++k) { ASN1Sequence seq2 = (ASN1Sequence)sseq.getObjectAt(k); if (((DERObjectIdentifier)seq2.getObjectAt(0)).getId().Equals(ID_MESSAGE_DIGEST)) { ASN1Set sset = (ASN1Set)seq2.getObjectAt(1); digestAttr = ((DEROctetString)sset.getObjectAt(0)).getOctets(); break; } } if (digestAttr == null) { throw new ArgumentException("Authenticated attribute is missing the digest."); } ++next; } digestEncryptionAlgorithm = ((DERObjectIdentifier)((ASN1Sequence)signerInfo.getObjectAt(next++)).getObjectAt(0)).getId(); digest = ((DEROctetString)signerInfo.getObjectAt(next)).getOctets(); if (RSAdata != null || digestAttr != null) { messageDigest = GetHashClass(); } sig = SignerUtil.getSigner(GetDigestAlgorithm()); sig.init(false, signCert.getPublicKey()); }
public Attribute( ASN1Sequence seq) { attrType = (DERObjectIdentifier)seq.getObjectAt(0); attrValues = (ASN1Set)seq.getObjectAt(1); }
public PKCS12Store( Stream input, char[] password) { if (password == null) { throw new ArgumentException("No password supplied for PKCS12Store."); } ASN1InputStream bIn = new ASN1InputStream(input); ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); Pfx bag = new Pfx(obj); ContentInfo info = bag.getAuthSafe(); ArrayList chain = new ArrayList(); bool unmarkedKey = false; if (bag.getMacData() != null) // check the mac code { MemoryStream bOut = new MemoryStream(); BEROutputStream berOut = new BEROutputStream(bOut); MacData mData = bag.getMacData(); DigestInfo dInfo = mData.getMac(); AlgorithmIdentifier algId = dInfo.getAlgorithmId(); byte[] salt = mData.getSalt(); int itCount = mData.getIterationCount().intValue(); berOut.writeObject(info); byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); try { ASN1Encodable parameters = PBEUtil.generateAlgorithmParameters(algId.getObjectId(), mData.getSalt(), mData.getIterationCount().intValue()); CipherParameters keyParameters = PBEUtil.generateCipherParameters(algId.getObjectId(), password, parameters); Mac mac = (Mac)PBEUtil.createEngine(algId.getObjectId()); mac.init(keyParameters); mac.update(data, 0, data.Length); byte[] res = new byte[mac.getMacSize()]; mac.doFinal(res, 0); byte[] dig = dInfo.getDigest(); if (res.Length != dig.Length) { throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file."); } for (int i = 0; i != res.Length; i++) { if (res[i] != dig[i]) { throw new Exception("PKCS12 key store mac invalid - wrong password or corrupted file."); } } } catch (Exception e) { throw new Exception("error constructing MAC: " + e.Message); } } keys = new Hashtable(); localIds = new Hashtable(); if (info.getContentType().Equals(PKCSObjectIdentifiers.data)) { bIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)info.getContent()).getOctets())); AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject()); ContentInfo[] c = authSafe.getContentInfo(); for (int i = 0; i != c.Length; i++) { if (c[i].getContentType().Equals(PKCSObjectIdentifiers.data)) { ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(((ASN1OctetString)c[i].getContent()).getOctets())); ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); for (int j = 0; j != seq.size(); j++) { SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) { EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo); // // set the attributes on the key // Hashtable attributes = new Hashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); String alias = null; ASN1OctetString localId = null; if (b.getBagAttributes() != null) { IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); ASN1Encodable attr = null; if (attrSet.size() > 0) { attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); } if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.Add(alias, pkcs12Key); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } } if (localId != null) { String name = byteArrayToString(Hex.encode(localId.getOctets())); if (alias == null) { keys.Add(name, pkcs12Key); } else { localIds.Add(alias, name); } } else { unmarkedKey = true; keys.Add("unmarked", privKey); } } else if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag)) { chain.Add(b); } else { Console.WriteLine("extra " + b.getBagId()); Console.WriteLine("extra " + ASN1Dump.dumpAsString(b)); } } } else if (c[i].getContentType().Equals(PKCSObjectIdentifiers.encryptedData)) { EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent()); ASN1Sequence seq = decryptData(d.getEncryptionAlgorithm(), d.getContent().getOctets(), password); for (int j = 0; j != seq.size(); j++) { SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); if (b.getBagId().Equals(PKCSObjectIdentifiers.certBag)) { chain.Add(b); } else if (b.getBagId().Equals(PKCSObjectIdentifiers.pkcs8ShroudedKeyBag)) { EncryptedPrivateKeyInfo eIn = EncryptedPrivateKeyInfo.getInstance(b.getBagValue()); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.createPrivateKeyInfo(password, eIn); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privInfo); // // set the attributes on the key // Hashtable attributes = new Hashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); String alias = null; ASN1OctetString localId = null; IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); ASN1Encodable attr = null; if (attrSet.size() > 0) { attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); } if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.Add(alias, pkcs12Key); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } String name = byteArrayToString(Hex.encode(localId.getOctets())); if (alias == null) { keys.Add(name, pkcs12Key); } else { localIds.Add(alias, name); } } else if (b.getBagId().Equals(PKCSObjectIdentifiers.keyBag)) { PrivateKeyInfo pIn = PrivateKeyInfo.getInstance(b.getBagValue()); AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(pIn); // // set the attributes on the key // String alias = null; ASN1OctetString localId = null; Hashtable attributes = new Hashtable(); AsymmetricKeyEntry pkcs12Key = new AsymmetricKeyEntry(privKey, attributes); IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); ASN1Encodable attr = null; if (attrSet.size() > 0) { attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); } if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.Add(alias, pkcs12Key); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } String name = byteArrayToString(Hex.encode(localId.getOctets())); if (alias == null) { keys.Add(name, pkcs12Key); } else { localIds.Add(alias, name); } } else { Console.WriteLine("extra " + b.getBagId()); Console.WriteLine("extra " + ASN1Dump.dumpAsString(b)); } } } else { Console.WriteLine("extra " + c[i].getContentType().getId()); Console.WriteLine("extra " + ASN1Dump.dumpAsString(c[i].getContent())); } } } certs = new Hashtable(); chainCerts = new Hashtable(); keyCerts = new Hashtable(); for (int i = 0; i != chain.Count; i++) { SafeBag b = (SafeBag)chain[i]; CertBag cb = new CertBag((ASN1Sequence)b.getBagValue()); X509Certificate cert = new X509Certificate(((ASN1OctetString)cb.getCertValue()).getOctets()); // // set the attributes // Hashtable attributes = new Hashtable(); X509CertificateEntry pkcs12cert = new X509CertificateEntry(cert, attributes); ASN1OctetString localId = null; String alias = null; if (b.getBagAttributes() != null) { IEnumerator e = b.getBagAttributes().getObjects(); while (e.MoveNext()) { ASN1Sequence sq = (ASN1Sequence)e.Current; DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); if (attrSet.size() > 0) { ASN1Encodable attr = attrSet.getObjectAt(0); attributes.Add(aOid.getId(), attr); if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); } else if (aOid.Equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } } } chainCerts.Add(new CertId(cert.getPublicKey()), pkcs12cert); if (unmarkedKey) { if (keyCerts.Count == 0) { String name = byteArrayToString(Hex.encode(new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(cert.getPublicKey())).getKeyIdentifier())); keyCerts.Add(name, pkcs12cert); keys.Add(name, keys["unmarked"]); keys.Remove("unmarked"); } } else { if (alias == null) { if (localId != null) { String name = byteArrayToString(Hex.encode(localId.getOctets())); keyCerts.Add(name, pkcs12cert); } } else { certs.Add(alias, pkcs12cert); } } } }