private SubjectDirectoryAttributes(Asn1Sequence seq)
{
attributes = Platform.CreateArrayList();
foreach (object item in seq)
{
Asn1Sequence instance = Asn1Sequence.GetInstance(item);
attributes.Add(AttributeX509.GetInstance(instance));
}
}
public AttributeTable(Asn1Set s)
{
attributes = Platform.CreateHashtable(s.Count);
for (int i = 0; i != s.Count; i++)
{
AttributeX509 instance = AttributeX509.GetInstance(s[i]);
attributes.Add(instance.AttrType, instance);
}
}
public AttributeTable(Asn1EncodableVector v)
{
attributes = Platform.CreateHashtable(v.Count);
for (int i = 0; i != v.Count; i++)
{
AttributeX509 instance = AttributeX509.GetInstance(v[i]);
attributes.Add(instance.AttrType, instance);
}
}
/// <summary>Add an attribute.</summary>
public void AddAttribute(
X509Attribute attribute)
{
acInfoGen.AddAttribute(AttributeX509.GetInstance(attribute.ToAsn1Object()));
}
/**
* @param at an object representing an attribute.
*/
internal X509Attribute(
Asn1Encodable at)
{
this.attr = AttributeX509.GetInstance(at);
}
public PkiCertificateSigningRequest(PkiEncodingFormat format, byte[] encoded,
PkiHashAlgorithm hashAlgorithm)
{
Pkcs10CertificationRequest pkcs10;
switch (format)
{
case PkiEncodingFormat.Pem:
var encodedString = Encoding.UTF8.GetString(encoded);
using (var sr = new StringReader(encodedString))
{
var pemReader = new PemReader(sr);
pkcs10 = pemReader.ReadObject() as Pkcs10CertificationRequest;
if (pkcs10 == null)
{
throw new Exception("invalid PEM object is not PKCS#10 archive");
}
}
break;
case PkiEncodingFormat.Der:
pkcs10 = new Pkcs10CertificationRequest(encoded);
break;
default:
throw new NotSupportedException();
}
var info = pkcs10.GetCertificationRequestInfo();
var nativePublicKey = pkcs10.GetPublicKey();
var rsaKey = nativePublicKey as RsaKeyParameters;
var ecdsaKey = nativePublicKey as ECPublicKeyParameters;
if (rsaKey != null)
{
PublicKey = new PkiKey(nativePublicKey, PkiAsymmetricAlgorithm.Rsa);
}
else if (ecdsaKey != null)
{
PublicKey = new PkiKey(nativePublicKey, PkiAsymmetricAlgorithm.Ecdsa);
}
else
{
throw new NotSupportedException("unsupported asymmetric algorithm key");
}
SubjectName = info.Subject.ToString();
HashAlgorithm = hashAlgorithm;
// // // Based on:
// // // http://forum.rebex.net/4284/pkcs10-certificate-request-example-provided-castle-working
// // var extGen = new X509ExtensionsGenerator();
// // foreach (var ext in CertificateExtensions)
// // {
// // extGen.AddExtension(ext.Identifier, ext.IsCritical, ext.Value);
// // }
// // var attr = new AttributeX509(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest,
// // new DerSet(extGen.Generate()));
// Based on:
// http://unitstep.net/blog/2008/10/27/extracting-x509-extensions-from-a-csr-using-the-bouncy-castle-apis/
// https://stackoverflow.com/q/24448909/5428506
foreach (var attr in info.Attributes.ToArray())
{
if (attr is DerSequence derSeq && derSeq.Count == 2)
{
var attrX509 = AttributeX509.GetInstance(attr);
if (object.Equals(attrX509.AttrType, PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
{
// The `Extension Request` attribute is present.
// The X509Extensions are contained as a value of the ASN.1 Set.
// Assume that it is the first value of the set.
if (attrX509.AttrValues.Count >= 1)
{
var csrExts = X509Extensions.GetInstance(attrX509.AttrValues[0]);
foreach (var extOid in csrExts.GetExtensionOids())
{
if (object.Equals(extOid, X509Extensions.SubjectAlternativeName))
{
var ext = csrExts.GetExtension(extOid);
var extVal = ext.Value;
var der = extVal.GetDerEncoded();
// The ext value, which is an ASN.1 Octet String, **MIGHT** be tagged with
// a leading indicator that it's an Octet String and its length, so we want
// to remove it if that's the case to extract the GeneralNames collection
if (der.Length > 2 && der[0] == 4 && der[1] == der.Length - 2)
{
der = der.Skip(2).ToArray();
}
var asn1obj = Asn1Object.FromByteArray(der);
var gnames = GeneralNames.GetInstance(asn1obj);
CertificateExtensions.Add(new PkiCertificateExtension
{
Identifier = extOid,
IsCritical = ext.IsCritical,
Value = gnames,
});
}
}
// No need to search any more.
break;
}
}
}
}
}
public void CheckAttributeCertificate(
int id,
byte[] cert)
{
Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(cert);
string dump = Asn1Dump.DumpAsString(seq);
AttributeCertificate obj = AttributeCertificate.GetInstance(seq);
AttributeCertificateInfo acInfo = obj.ACInfo;
// Version
if (!(acInfo.Version.Equals(new DerInteger(1))) &&
(!(acInfo.Version.Equals(new DerInteger(2)))))
{
Fail("failed AC Version test for id " + id);
}
// Holder
Holder h = acInfo.Holder;
if (h == null)
{
Fail("failed AC Holder test, it's null, for id " + id);
}
// Issuer
AttCertIssuer aci = acInfo.Issuer;
if (aci == null)
{
Fail("failed AC Issuer test, it's null, for id " + id);
}
// Signature
AlgorithmIdentifier sig = acInfo.Signature;
if (sig == null)
{
Fail("failed AC Signature test for id " + id);
}
// Serial
DerInteger serial = acInfo.SerialNumber;
// Validity
AttCertValidityPeriod validity = acInfo.AttrCertValidityPeriod;
if (validity == null)
{
Fail("failed AC AttCertValidityPeriod test for id " + id);
}
// Attributes
Asn1Sequence attribSeq = acInfo.Attributes;
AttributeX509[] att = new AttributeX509[attribSeq.Count];
for (int i = 0; i < attribSeq.Count; i++)
{
att[i] = AttributeX509.GetInstance(attribSeq[i]);
}
// IssuerUniqueId
// TODO, how to best test?
// X509 Extensions
X509Extensions ext = acInfo.Extensions;
if (ext != null)
{
foreach (DerObjectIdentifier oid in ext.ExtensionOids)
{
X509Extension extVal = ext.GetExtension(oid);
}
}
}