public AttributeCertificateInfo(
ASN1Sequence seq)
{
this.version = DERInteger.getInstance(seq.getObjectAt(0));
this.holder = Holder.getInstance(seq.getObjectAt(1));
this.issuer = AttCertIssuer.getInstance(seq.getObjectAt(2));
this.signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(3));
this.serialNumber = DERInteger.getInstance(seq.getObjectAt(4));
this.attrCertValidityPeriod = AttCertValidityPeriod.getInstance(seq.getObjectAt(5));
this.attributes = ASN1Sequence.getInstance(seq.getObjectAt(6));
for (int i = 7; i < seq.size(); i++)
{
ASN1Encodable obj = (ASN1Encodable)seq.getObjectAt(i);
if (obj is DERBitString)
{
this.issuerUniqueID = DERBitString.getInstance(seq.getObjectAt(i));
}
else if (obj is ASN1Sequence || obj is X509Extensions)
{
this.extensions = X509Extensions.getInstance(seq.getObjectAt(i));
}
}
}
public CertificationRequest(
ASN1Sequence seq)
{
reqInfo = CertificationRequestInfo.getInstance(seq.getObjectAt(0));
sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1));
sigBits = (DERBitString)seq.getObjectAt(2);
}
public Signature(
AlgorithmIdentifier signatureAlgorithm,
DERBitString signature)
{
this.signatureAlgorithm = signatureAlgorithm;
this.signature = signature;
}
public TBSCertificateStructure(
ASN1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq.getObjectAt(0) is DERTaggedObject)
{
version = DERInteger.getInstance(seq.getObjectAt(0));
}
else
{
seqStart = -1; // field 0 is missing!
version = new DERInteger(0);
}
serialNumber = DERInteger.getInstance(seq.getObjectAt(seqStart + 1));
signature = AlgorithmIdentifier.getInstance(seq.getObjectAt(seqStart + 2));
issuer = X509Name.getInstance(seq.getObjectAt(seqStart + 3));
//
// before and after dates
//
ASN1Sequence dates = (ASN1Sequence)seq.getObjectAt(seqStart + 4);
startDate = Time.getInstance(dates.getObjectAt(0));
endDate = Time.getInstance(dates.getObjectAt(1));
subject = X509Name.getInstance(seq.getObjectAt(seqStart + 5));
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(seq.getObjectAt(seqStart + 6));
for (int extras = seq.size() - (seqStart + 6) - 1; extras > 0; extras--)
{
DERTaggedObject extra = (DERTaggedObject)seq.getObjectAt(seqStart + 6 + extras);
switch ((int)extra.getTagNo())
{
case 1:
issuerUniqueId = DERBitString.getInstance(extra, false);
break;
case 2:
subjectUniqueId = DERBitString.getInstance(extra, false);
break;
case 3:
extensions = X509Extensions.getInstance(extra);
break;
}
}
}
public AttributeCertificate(
ASN1Sequence seq)
{
this.acinfo = AttributeCertificateInfo.getInstance(seq.getObjectAt(0));
this.signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1));
this.signatureValue = DERBitString.getInstance(seq.getObjectAt(2));
}
public OriginatorPublicKey(
AlgorithmIdentifier algorithm,
byte[] publicKey)
{
this.algorithm = algorithm;
this.publicKey = new DERBitString(publicKey);
}
public SubjectPublicKeyInfo(
AlgorithmIdentifier algId,
ASN1Encodable publicKey)
{
this.keyData = new DERBitString(publicKey);
this.algId = algId;
}
public CertificateList(
ASN1Sequence seq)
{
tbsCertList = TBSCertList.getInstance(seq.getObjectAt(0));
sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1));
sig = (DERBitString)seq.getObjectAt(2);
}
public SubjectPublicKeyInfo(
AlgorithmIdentifier algId,
byte[] publicKey)
{
this.keyData = new DERBitString(publicKey);
this.algId = algId;
}
public AttributeCertificate(
AttributeCertificateInfo acinfo,
AlgorithmIdentifier signatureAlgorithm,
DERBitString signatureValue)
{
this.acinfo = acinfo;
this.signatureAlgorithm = signatureAlgorithm;
this.signatureValue = signatureValue;
}
public CertificationRequest(
CertificationRequestInfo requestInfo,
AlgorithmIdentifier algorithm,
DERBitString signature)
{
this.reqInfo = requestInfo;
this.sigAlgId = algorithm;
this.sigBits = signature;
}
public Signature(
AlgorithmIdentifier signatureAlgorithm,
DERBitString signature,
ASN1Sequence certs)
{
this.signatureAlgorithm = signatureAlgorithm;
this.signature = signature;
this.certs = certs;
}
public SubjectPublicKeyInfo(
ASN1Sequence seq)
{
IEnumerator e = seq.getObjects();
e.MoveNext();
this.algId = AlgorithmIdentifier.getInstance(e.Current);
e.MoveNext();
this.keyData = (DERBitString)e.Current;
}
/// <summary>
/// Instanciate a PKCS10CertificationRequest object with the necessary credentials.
/// </summary>
///<param name="signatureAlgorithm">Name of Sig Alg.</param>
/// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param>
/// <param name="key">Public Key to be included in cert reqest.</param>
/// <param name="attributes">ASN1Set of Attributes.</param>
/// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param>
public PKCS10CertificationRequest(String signatureAlgorithm,
X509Name subject,
AsymmetricKeyParameter key,
ASN1Set attributes,
AsymmetricKeyParameter signingKey)
{
DERObjectIdentifier sigOID = SignerUtil.getObjectIdentifier(signatureAlgorithm.ToUpper());
if (sigOID == null)
{
throw new ArgumentException("Unknown signature type requested");
}
if (subject == null)
{
throw new ArgumentException("subject must not be null");
}
if (key == null)
{
throw new ArgumentException("public key must not be null");
}
this.sigAlgId = new AlgorithmIdentifier(sigOID, null);
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(key);
this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
Signer sig = null;
// Create appropriate Signature.
sig = SignerUtil.getSigner(sigAlgId.getObjectId());
sig.init(true, signingKey);
// Encode.
MemoryStream mStr = new MemoryStream();
DEROutputStream derOut = new DEROutputStream(mStr);
derOut.writeObject(reqInfo);
// Sign
byte[] b = mStr.ToArray();
sig.update(b, 0, b.Length);
// Generate Signature.
sigBits = new DERBitString(sig.generateSignature());
}
public BasicOCSPResponse(
ResponseData tbsResponseData,
AlgorithmIdentifier signatureAlgorithm,
DERBitString signature,
ASN1Sequence certs)
{
this.tbsResponseData = tbsResponseData;
this.signatureAlgorithm = signatureAlgorithm;
this.signature = signature;
this.certs = certs;
}
public IssuerSerial(
ASN1Sequence seq)
{
issuer = GeneralNames.getInstance(seq.getObjectAt(0));
serial = (DERInteger)seq.getObjectAt(1);
if (seq.size() == 3)
{
issuerUID = (DERBitString)seq.getObjectAt(2);
}
}
public Signature(
ASN1Sequence seq)
{
signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0));
signature = (DERBitString)seq.getObjectAt(1);
if (seq.size() == 3)
{
certs = ASN1Sequence.getInstance(
(ASN1TaggedObject)seq.getObjectAt(2), true);
}
}
public BasicOCSPResponse(
ASN1Sequence seq)
{
this.tbsResponseData = ResponseData.getInstance(seq.getObjectAt(0));
this.signatureAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1));
this.signature = (DERBitString)seq.getObjectAt(2);
if (seq.size() > 3)
{
this.certs = ASN1Sequence.getInstance((ASN1TaggedObject)seq.getObjectAt(3), true);
}
}
internal PKCS10CertificationRequest(ASN1Sequence seq)
{
try
{
this.reqInfo = CertificationRequestInfo.getInstance(seq.getObjectAt(0));
this.sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1));
this.sigBits = (DERBitString)seq.getObjectAt(2);
}
catch (Exception ex)
{
throw new ArgumentException("Create From ASN1Sequence: " + ex.Message);
}
}
public ObjectDigestInfo(ASN1Sequence seq)
{
digestedObjectType = DEREnumerated.getInstance(seq.getObjectAt(0));
int offset = 0;
if (seq.size() == 4)
{
otherObjectTypeID = DERObjectIdentifier.getInstance(seq.getObjectAt(1));
offset++;
}
digestAlgorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(1 + offset));
objectDigest = new DERBitString(seq.getObjectAt(2 + offset));
}
public X509CertificateStructure(
ASN1Sequence seq)
{
this.seq = seq;
//
// correct x509 certficate
//
if (seq.size() == 3)
{
tbsCert = TBSCertificateStructure.getInstance(seq.getObjectAt(0));
sigAlgId = AlgorithmIdentifier.getInstance(seq.getObjectAt(1));
sig = (DERBitString)seq.getObjectAt(2);
}
}
/// <summary>
/// Get a key usage guidlines.
/// </summary>
/// <returns>A DER it string or null if they are not specified.</returns>
public KeyUsage getKeyUsage()
{
byte[] bytes = this.getExtensionBytes("2.5.29.15");
if (bytes != null)
{
try
{
ASN1InputStream dIn = new ASN1InputStream(new MemoryStream(bytes));
return(new KeyUsage(DERBitString.getInstance(dIn.readObject())));
}
catch
{
throw new Exception("error processing key usage extension");
}
}
return(null);
}
public DistributionPoint(
ASN1Sequence seq)
{
for (int i = 0; i != seq.size(); i++)
{
ASN1TaggedObject t = (ASN1TaggedObject)seq.getObjectAt(i);
switch ((int)t.getTagNo())
{
case 0:
distributionPoint = DistributionPointName.getInstance(t, true);
break;
case 1:
reasons = new ReasonFlags(DERBitString.getInstance(t, false));
break;
case 2:
cRLIssuer = GeneralNames.getInstance(t, false);
break;
}
}
}
public static AsymmetricKeyParameter CreateKey(SubjectPublicKeyInfo keyInfo)
{
AlgorithmIdentifier algId = keyInfo.getAlgorithmId();
if (algId.getObjectId().Equals(PKCSObjectIdentifiers.rsaEncryption) ||
algId.getObjectId().Equals(X509ObjectIdentifiers.id_ea_rsa))
{
RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure((ASN1Sequence)keyInfo.getPublicKey());
return(new RSAKeyParameters(false, pubKey.getModulus(), pubKey.getPublicExponent()));
}
else if (algId.getObjectId().Equals(PKCSObjectIdentifiers.dhKeyAgreement) ||
algId.getObjectId().Equals(X9ObjectIdentifiers.dhpublicnumber))
{
DHParameter para = new DHParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
DERInteger derY = (DERInteger)keyInfo.getPublicKey();
return(new DHPublicKeyParameters(derY.getValue(), new DHParameters(para.getP(), para.getG())));
}
else if (algId.getObjectId().Equals(OIWObjectIdentifiers.elGamalAlgorithm))
{
ElGamalParameter para = new ElGamalParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
DERInteger derY = (DERInteger)keyInfo.getPublicKey();
return(new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(para.getP(), para.getG())));
}
else if (algId.getObjectId().Equals(X9ObjectIdentifiers.id_dsa) ||
algId.getObjectId().Equals(OIWObjectIdentifiers.dsaWithSHA1))
{
DSAParameter para = new DSAParameter((ASN1Sequence)keyInfo.getAlgorithmId().getParameters());
DERInteger derY = (DERInteger)keyInfo.getPublicKey();
return(new DSAPublicKeyParameters(derY.getValue(), new DSAParameters(para.getP(), para.getQ(), para.getG())));
}
else if (algId.getObjectId().Equals(X9ObjectIdentifiers.id_ecPublicKey))
{
X962Parameters para = new X962Parameters((ASN1Object)keyInfo.getAlgorithmId().getParameters());
ECDomainParameters dParams = null;
if (para.isNamedCurve())
{
DERObjectIdentifier oid = (DERObjectIdentifier)para.getParameters();
X9ECParameters ecP = X962NamedCurves.getByOID(oid);
dParams = new ECDomainParameters(
ecP.getCurve(),
ecP.getG(),
ecP.getN(),
ecP.getH(),
ecP.getSeed());
}
else
{
X9ECParameters ecP = new X9ECParameters((ASN1Sequence)para.getParameters().toASN1Object());
dParams = new ECDomainParameters(
ecP.getCurve(),
ecP.getG(),
ecP.getN(),
ecP.getH(),
ecP.getSeed());
}
DERBitString bits = keyInfo.getPublicKeyData();
byte[] data = bits.getBytes();
ASN1OctetString key = new DEROctetString(data);
X9ECPoint derQ = new X9ECPoint(dParams.getCurve(), key);
return(new ECPublicKeyParameters(derQ.getPoint(), dParams));
}
else
{
throw new Exception("algorithm identifier in key not recognised");
}
}
public OriginatorPublicKey(
ASN1Sequence seq)
{
algorithm = AlgorithmIdentifier.getInstance(seq.getObjectAt(0));
publicKey = (DERBitString)seq.getObjectAt(1);
}
public KeyUsage(DERBitString usage) : base(usage.getBytes(), usage.getPadBits())
{
}
public ReasonFlags(
DERBitString reasons)
: base(reasons.getBytes(), reasons.getPadBits())
{
}
/// <summary>
///
/// </summary>
/// <param name="signingAlgorithm">The OID of the signing algorithm.</param>
/// <param name="privkey">The signing private key.</param>
/// <param name="chain">An array containing X509Certificate objects, can be null.</param>
/// <param name="producedAt">The time this response is produced at.</param>
/// <param name="random">A SecureRandom instance.</param>
/// <returns></returns>
public BasicOCSPResp generateResponse(
DERObjectIdentifier signingAlgorithm,
AsymmetricKeyParameter privkey,
X509Certificate[] chain,
DateTime producedAt,
SecureRandom random)
{
IEnumerator it = list.GetEnumerator();
ASN1EncodableVector responses = new ASN1EncodableVector();
while (it.MoveNext())
{
try
{
responses.add(((ResponseObject)it.Current).toResponse());
}
catch (Exception e)
{
throw new OCSPException("exception creating Request", e);
}
}
ResponseData tbsResp = new ResponseData(new DERInteger(0), responderID.toASN1Object(), new DERGeneralizedTime(producedAt), new DERSequence(responses), responseExtensions);
Signer sig = null;
try
{
sig = SignerUtil.getSigner(signingAlgorithm);
if (random != null)
{
sig.init(true, new ParametersWithRandom(privkey, random));
}
else
{
sig.init(true, privkey);
}
}
catch (Exception e)
{
throw new OCSPException("exception creating signature: " + e, e);
}
DERBitString bitSig = null;
try
{
MemoryStream bOut = new MemoryStream();
DEROutputStream dOut = new DEROutputStream(bOut);
dOut.writeObject(tbsResp);
byte[] b = bOut.ToArray();
sig.update(b, 0, b.Length);
bitSig = new DERBitString(sig.generateSignature());
}
catch (Exception e)
{
throw new OCSPException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, new DERNull());
if (chain != null && chain.Length > 0)
{
ASN1EncodableVector v = new ASN1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.add(new X509CertificateStructure(
(ASN1Sequence)makeObj(chain[i].getEncoded())));
}
}
catch (IOException e)
{
throw new OCSPException("error processing certs", e);
}
return(new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, new DERSequence(v))));
}
else
{
return(new BasicOCSPResp(new BasicOCSPResponse(tbsResp, sigAlgId, bitSig, null)));
}
}
public void setIssuerUniqueID(
DERBitString issuerUniqueID)
{
this.issuerUniqueID = issuerUniqueID;
}
private OCSPReq generateRequest(DERObjectIdentifier signingAlgorithm,
AsymmetricKeyParameter key,
X509Certificate[] chain,
SecureRandom random)
{
IEnumerator it = list.GetEnumerator();
ASN1EncodableVector requests = new ASN1EncodableVector();
Signature signature = null;
while (it.MoveNext())
{
requests.add(((RequestObject)it.Current).toRequest());
}
TBSRequest tbsReq = new TBSRequest(requestorName, new DERSequence(requests), requestExtensions);
Signer sig = null;
if (signingAlgorithm != null)
{
try {
sig = SignerUtil.getSigner(signingAlgorithm.getId());
if (random != null)
{
sig.init(true, new ParametersWithRandom(key, random));
}
else
{
sig.init(true, key);
}
}
catch (Exception e)
{
throw new OCSPException("exception creating signature: " + e.Message, e);
}
DERBitString bitSig = null;
try
{
MemoryStream bOut = new MemoryStream();
ASN1OutputStream aOut = new ASN1OutputStream(bOut);
aOut.writeObject(tbsReq);
byte[] b = bOut.ToArray();
sig.update(b, 0, b.Length);
bitSig = new DERBitString(sig.generateSignature());
}
catch (Exception e)
{
throw new OCSPException("exception processing TBSRequest: " + e.Message, e);
}
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, new DERNull());
if (chain != null && chain.Length > 0)
{
ASN1EncodableVector v = new ASN1EncodableVector();
try
{
for (int i = 0; i != chain.Length; i++)
{
v.add(new X509CertificateStructure((ASN1Sequence)makeObj(chain[i].getEncoded())));
}
}
catch (Exception e)
{
throw new OCSPException("error processing certs", e);
}
signature = new Signature(sigAlgId, bitSig, new DERSequence(v));
}
else
{
signature = new Signature(sigAlgId, bitSig);
}
}
return(new OCSPReq(new OCSPRequest(tbsReq, signature)));
}
