public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(42);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(43, alertCause);
IL_003d :;
}
if (mTlsSigner == null)
{
try
{
mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)mServerPublicKey);
}
catch (InvalidCastException alertCause2)
{
throw new TlsFatalAlert(46, alertCause2);
IL_0072 :;
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!mTlsSigner.IsValidPublicKey(mServerPublicKey))
{
throw new TlsFatalAlert(46);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 128);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(AbstractCertificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.decode_error);
}
Certificate realCertificate = serverCertificate as Certificate;
X509CertificateStructure x509Cert = null;
if (realCertificate != null)
{
x509Cert = realCertificate.GetCertificateAt(0);
}
SubjectPublicKeyInfo keyInfo = serverCertificate.SubjectPublicKeyInfo();
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
// Sanity check the PublicKeyFactory
if (this.mServerPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey);
if (x509Cert != null)
{
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
}
base.ProcessServerCertificate(serverCertificate);
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
//IL_0058: Expected O, but got Unknown
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(42);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (global::System.Exception alertCause)
{
throw new TlsFatalAlert(43, alertCause);
}
if (mTlsSigner == null)
{
try
{
mECAgreePublicKey = TlsEccUtilities.ValidateECPublicKey((ECPublicKeyParameters)mServerPublicKey);
}
catch (InvalidCastException val)
{
InvalidCastException alertCause2 = val;
throw new TlsFatalAlert(46, (global::System.Exception)(object) alertCause2);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!mTlsSigner.IsValidPublicKey(mServerPublicKey))
{
throw new TlsFatalAlert(46);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 128);
}
base.ProcessServerCertificate(serverCertificate);
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
if (mCertificateRequest == null)
{
throw new InvalidOperationException();
}
DigitallySigned digitallySigned = DigitallySigned.Parse(Context, buf);
TlsProtocol.AssertEmpty(buf);
try
{
SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
byte[] hash;
if (TlsUtilities.IsTlsV12(Context))
{
TlsUtilities.VerifySupportedSignatureAlgorithm(mCertificateRequest.SupportedSignatureAlgorithms, algorithm);
hash = mPrepareFinishHash.GetFinalHash(algorithm.Hash);
}
else
{
hash = mSecurityParameters.SessionHash;
}
X509CertificateStructure certificateAt = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(algorithm, digitallySigned.Signature, publicKey, hash))
{
throw new TlsFatalAlert(51);
}
}
catch (TlsFatalAlert tlsFatalAlert)
{
throw tlsFatalAlert;
}
catch (Exception alertCause)
{
throw new TlsFatalAlert(51, alertCause);
}
}
public X509Certificate(X509CertificateStructure c)
{
this.c = c;
try
{
Asn1OctetString extensionValue = GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (extensionValue != null)
{
basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue));
}
}
catch (Exception arg)
{
throw new CertificateParsingException("cannot construct BasicConstraints: " + arg);
IL_004c :;
}
try
{
Asn1OctetString extensionValue2 = GetExtensionValue(new DerObjectIdentifier("2.5.29.15"));
if (extensionValue2 != null)
{
DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2));
byte[] bytes = instance.GetBytes();
int num = bytes.Length * 8 - instance.PadBits;
keyUsage = new bool[(num >= 9) ? num : 9];
for (int i = 0; i != num; i++)
{
keyUsage[i] = ((bytes[i / 8] & (128 >> i % 8)) != 0);
}
}
else
{
keyUsage = null;
}
}
catch (Exception arg2)
{
throw new CertificateParsingException("cannot construct KeyUsage: " + arg2);
IL_0108 :;
}
}
private CscaMasterList(Asn1Sequence seq)
{
//IL_0022: Unknown result type (might be due to invalid IL or missing references)
//IL_0046: Unknown result type (might be due to invalid IL or missing references)
if (seq == null || seq.Count == 0)
{
throw new ArgumentException("null or empty sequence passed.");
}
if (seq.Count != 2)
{
throw new ArgumentException(string.Concat((object)"Incorrect sequence size: ", (object)seq.Count));
}
version = DerInteger.GetInstance(seq[0]);
Asn1Set instance = Asn1Set.GetInstance(seq[1]);
certList = new X509CertificateStructure[instance.Count];
for (int i = 0; i < certList.Length; i++)
{
certList[i] = X509CertificateStructure.GetInstance(instance[i]);
}
}
public static string ComputeSHA256(byte[] certificate)
{
// Load ASN.1 encoded certificate structure
var certAsn1 = Asn1Object.FromByteArray(certificate);
var certStruct = X509CertificateStructure.GetInstance(certAsn1);
// Extract SPKI and DER-encode it
var spki = certStruct.SubjectPublicKeyInfo;
var spkiDer = spki.GetDerEncoded();
// Compute spki fingerprint (sha256)
string spkiFingerprint;
using (var digester = SHA256.Create())
{
var digest = digester.ComputeHash(spkiDer);
spkiFingerprint = Convert.ToBase64String(digest);
}
return($"sha256/{spkiFingerprint}");
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(0x2a);
}
X509CertificateStructure certificateAt = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo subjectPublicKeyInfo = certificateAt.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(subjectPublicKeyInfo);
}
catch (Exception exception)
{
throw new TlsFatalAlert(0x2b, exception);
}
if (this.mTlsSigner == null)
{
try
{
this.mDHAgreePublicKey = TlsDHUtilities.ValidateDHPublicKey((DHPublicKeyParameters)this.mServerPublicKey);
this.mDHParameters = this.ValidateDHParameters(this.mDHAgreePublicKey.Parameters);
}
catch (InvalidCastException exception2)
{
throw new TlsFatalAlert(0x2e, exception2);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 8);
}
else
{
if (!this.mTlsSigner.IsValidPublicKey(this.mServerPublicKey))
{
throw new TlsFatalAlert(0x2e);
}
TlsUtilities.ValidateKeyUsage(certificateAt, 0x80);
}
base.ProcessServerCertificate(serverCertificate);
}
public HeaderStructure(Asn1Sequence seq)
{
if (seq?.Count > 0 && seq[0] is Asn1Sequence seq2)
{
foreach (Asn1TaggedObject tag in seq2.OfType <Asn1TaggedObject>())
{
switch (tag.TagNo)
{
case 5:
byte[] cert = (tag.GetObject() as Asn1OctetString)?.GetOctets();
Certificate = X509CertificateStructure.GetInstance(cert);
break;
case 6:
cert = (tag.GetObject() as Asn1OctetString)?.GetOctets();
Certificate2 = X509CertificateStructure.GetInstance(cert);
break;
case 10:
PublicX = Asn1OctetString.GetInstance(tag.GetObject())?.GetOctets();
break;
}
}
Asn1Sequence seq3 = seq2?.OfType <Asn1Sequence>().FirstOrDefault();
PrivateKeyParameters = KeyParameters.GetInstance(seq3);
Attributes = seq2?.OfType <DerBitString>().FirstOrDefault();
}
if (seq?.Count > 1)
{
HMACKey = (seq[1] as Asn1OctetString)?.GetOctets();
}
if (HMACKey == null || Attributes == null || PrivateKeyParameters == null || PublicX == null)
{
throw new CryptographicException("Ошибка в данных header.key.");
}
}
public X509Certificate(X509CertificateStructure c)
{
this.c = c;
try
{
Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (extensionValue != null)
{
this.basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue));
}
}
catch (Exception arg)
{
throw new CertificateParsingException("cannot construct BasicConstraints: " + arg);
}
try
{
Asn1OctetString extensionValue2 = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15"));
if (extensionValue2 != null)
{
DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2));
byte[] bytes = instance.GetBytes();
int num = bytes.Length * 8 - instance.PadBits;
this.keyUsage = new bool[(num < 9) ? 9 : num];
for (int num2 = 0; num2 != num; num2++)
{
this.keyUsage[num2] = (((int)bytes[num2 / 8] & 128 >> num2 % 8) != 0);
}
}
else
{
this.keyUsage = null;
}
}
catch (Exception arg2)
{
throw new CertificateParsingException("cannot construct KeyUsage: " + arg2);
}
}
public X509Certificate(X509CertificateStructure c)
{
this.c = c;
try
{
Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (extensionValue != null)
{
this.basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue));
}
}
catch (Exception exception)
{
throw new CertificateParsingException("cannot construct BasicConstraints: " + exception);
}
try
{
Asn1OctetString extensionValue = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15"));
if (extensionValue != null)
{
DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue));
byte[] bytes = instance.GetBytes();
int num = (bytes.Length * 8) - instance.PadBits;
this.keyUsage = new bool[(num >= 9) ? num : 9];
for (int i = 0; i != num; i++)
{
this.keyUsage[i] = (bytes[i / 8] & (((int)0x80) >> (i % 8))) != 0;
}
}
else
{
this.keyUsage = null;
}
}
catch (Exception exception2)
{
throw new CertificateParsingException("cannot construct KeyUsage: " + exception2);
}
}
public X509Certificate(X509CertificateStructure c)
{
this.c = c;
try
{
Asn1OctetString extensionValue = GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (extensionValue != null)
{
basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue));
}
}
catch (global::System.Exception ex)
{
throw new CertificateParsingException(string.Concat((object)"cannot construct BasicConstraints: ", (object)ex));
}
try
{
Asn1OctetString extensionValue2 = GetExtensionValue(new DerObjectIdentifier("2.5.29.15"));
if (extensionValue2 != null)
{
DerBitString instance = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2));
byte[] bytes = instance.GetBytes();
int num = bytes.Length * 8 - instance.PadBits;
keyUsage = new bool[(num < 9) ? 9 : num];
for (int i = 0; i != num; i++)
{
keyUsage[i] = (bytes[i / 8] & (128 >> i % 8)) != 0;
}
}
else
{
keyUsage = null;
}
}
catch (global::System.Exception ex2)
{
throw new CertificateParsingException(string.Concat((object)"cannot construct KeyUsage: ", (object)ex2));
}
}
/// <summary>
/// Get a signature block that java will load a JAR with
/// </summary>
/// <param name="sfFileData">The data to sign</param>
/// <returns>The signature block (including certificate) for the data passed in</returns>
private byte[] SignIt(byte[] sfFileData)
{
AsymmetricKeyParameter privateKey = null;
var cert = LoadCert(_pemData, out privateKey);
//create things needed to make the CmsSignedDataGenerator work
var certStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(new List <X509Certificate>()
{
cert
}));
CmsSignedDataGenerator dataGen = new CmsSignedDataGenerator();
dataGen.AddCertificates(certStore);
dataGen.AddSigner(privateKey, cert, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha256);
//content is detached- i.e. not included in the signature block itself
CmsProcessableByteArray detachedContent = new CmsProcessableByteArray(sfFileData);
var signedContent = dataGen.Generate(detachedContent, false);
//do lots of stuff to get things in the proper ASN.1 structure for java to parse it properly. much trial and error.
var signerInfos = signedContent.GetSignerInfos();
var signer = signerInfos.GetSigners().Cast <SignerInformation>().First();
SignerInfo signerInfo = signer.ToSignerInfo();
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(new AlgorithmIdentifier(new DerObjectIdentifier("2.16.840.1.101.3.4.2.1"), DerNull.Instance));
ContentInfo encapContentInfo = new ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.1"), null);
Asn1EncodableVector asnVector = new Asn1EncodableVector();
asnVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
Asn1EncodableVector signersVector = new Asn1EncodableVector();
signersVector.Add(signerInfo.ToAsn1Object());
SignedData signedData = new SignedData(new DerSet(digestAlgorithmsVector), encapContentInfo, new BerSet(asnVector), null, new DerSet(signersVector));
ContentInfo contentInfo = new ContentInfo(new DerObjectIdentifier("1.2.840.113549.1.7.2"), signedData);
return(contentInfo.GetDerEncoded());
}
public static global::System.Collections.IList GetCertificatesFromStore(IX509Store certStore)
{
try
{
global::System.Collections.IList list = Platform.CreateArrayList();
if (certStore != null)
{
{
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)certStore.GetMatches(null)).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
X509Certificate x509Certificate = (X509Certificate)enumerator.get_Current();
list.Add((object)X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(x509Certificate.GetEncoded())));
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
}
return(list);
}
catch (CertificateEncodingException e)
{
throw new CmsException("error encoding certs", e);
}
catch (global::System.Exception e2)
{
throw new CmsException("error processing certs", e2);
}
}
public virtual void ProcessServerCertificate(Certificate serverCertificate)
{
if (keyExchange != KeyExchangeAlgorithm.RSA_PSK)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
X509CertificateStructure x509Cert = serverCertificate.certs[0];
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
// catch (RuntimeException)
catch (Exception)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate);
}
// Sanity check the PublicKeyFactory
if (this.serverPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey);
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
// TODO
/*
* Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the
* signing algorithm for the certificate must be the same as the algorithm for the
* certificate key."
*/
}
internal CertificateSubject(X509CertificateStructure cert)
{
if (cert == null)
{
throw new ArgumentNullException(nameof(cert));
}
var ids = cert.Subject.GetOidList();
var values = cert.Subject.GetValueList();
for (var index = 0; index < ids.Count; index++)
{
if (X509Name.CN.Equals(ids[index]))
{
this.CommonName = (string)values[index];
}
else if (X509Name.O.Equals(ids[index]))
{
this.Organistion = (string)values[index];
}
else if (X509Name.OU.Equals(ids[index]))
{
this.OrganistionUnit = (string)values[index];
}
else if (X509Name.L.Equals(ids[index]))
{
this.Location = (string)values[index];
}
else if (X509Name.ST.Equals(ids[index]))
{
this.State = (string)values[index];
}
else if (X509Name.C.Equals(ids[index]))
{
this.Country = (string)values[index];
}
}
}
private CertificatePair(Asn1Sequence seq)
{
if (seq.Count != 1 && seq.Count != 2)
{
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
}
foreach (object item in seq)
{
Asn1TaggedObject instance = Asn1TaggedObject.GetInstance(item);
if (instance.TagNo == 0)
{
forward = X509CertificateStructure.GetInstance(instance, explicitly: true);
}
else
{
if (instance.TagNo != 1)
{
throw new ArgumentException("Bad tag number: " + instance.TagNo);
}
reverse = X509CertificateStructure.GetInstance(instance, explicitly: true);
}
}
}
private CscaMasterList(
Asn1Sequence seq)
{
if (seq == null || seq.Count == 0)
{
throw new ArgumentException("null or empty sequence passed.");
}
if (seq.Count != 2)
{
throw new ArgumentException("Incorrect sequence size: " + seq.Count);
}
this.version = DerInteger.GetInstance(seq[0]);
Asn1Set certSet = Asn1Set.GetInstance(seq[1]);
this.certList = new X509CertificateStructure[certSet.Count];
for (int i = 0; i < certList.Length; i++)
{
certList[i] = X509CertificateStructure.GetInstance(certSet[i]);
}
}
public void testSignSimpleEcdsaExternal()
{
string testFileName = @"..\..\..\resources\circles.pdf";
string keyId = "alias/SigningExamples-ECC_NIST_P256";
Func <System.Collections.Generic.List <string>, string> selector = list => list.Find(name => name.StartsWith("ECDSA_SHA_256"));
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate2 = CertificateUtils.generateSelfSignedCertificate(
keyId,
"CN=AWS KMS PDF Signing Test ECDSA,OU=mkl tests,O=mkl",
selector
);
X509Certificate certificate = new X509Certificate(X509CertificateStructure.GetInstance(certificate2.RawData));
AwsKmsSignatureContainer signature = new AwsKmsSignatureContainer(certificate, keyId, selector);
using (PdfReader pdfReader = new PdfReader(testFileName))
using (FileStream result = File.Create("circles-aws-kms-signed-simple-ECDSA-External.pdf"))
{
PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode());
pdfSigner.SignExternalContainer(signature, 8192);
}
}
public static IList GetCertificatesFromStore(IX509Store certStore)
{
try
{
IList list = Platform.CreateArrayList();
if (certStore != null)
{
foreach (X509Certificate match in certStore.GetMatches(null))
{
list.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(match.GetEncoded())));
}
}
return(list);
}
catch (CertificateEncodingException e)
{
throw new CmsException("error encoding certs", e);
}
catch (Exception e2)
{
throw new CmsException("error processing certs", e2);
}
}
public static Certificate Parse(Stream input)
{
int length = TlsUtilities.ReadUint24(input);
if (length == 0)
{
return(EmptyChain);
}
MemoryStream stream = new MemoryStream(TlsUtilities.ReadFully(length, input), false);
IList list = Platform.CreateArrayList();
while (stream.Position < stream.Length)
{
Asn1Object obj2 = TlsUtilities.ReadDerObject(TlsUtilities.ReadOpaque24(stream));
list.Add(X509CertificateStructure.GetInstance(obj2));
}
X509CertificateStructure[] certificateList = new X509CertificateStructure[list.Count];
for (int i = 0; i < list.Count; i++)
{
certificateList[i] = (X509CertificateStructure)list[i];
}
return(new Certificate(certificateList));
}
public void testSignSimpleRsa()
{
string testFileName = @"..\..\..\resources\circles.pdf";
string keyId = "alias/SigningExamples-RSA_2048";
Func <System.Collections.Generic.List <string>, string> selector = list => list.Find(name => name.StartsWith("RSASSA_PKCS1_V1_5"));
AwsKmsSignature signature = new AwsKmsSignature(keyId, selector);
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate2 = CertificateUtils.generateSelfSignedCertificate(
keyId,
"CN=AWS KMS PDF Signing Test RSA,OU=mkl tests,O=mkl",
selector
);
X509Certificate certificate = new X509Certificate(X509CertificateStructure.GetInstance(certificate2.RawData));
using (PdfReader pdfReader = new PdfReader(testFileName))
using (FileStream result = File.Create("circles-aws-kms-signed-simple-RSA.pdf"))
{
PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode());
pdfSigner.SignDetached(signature, new X509Certificate[] { certificate }, null, null, null, 0, CryptoStandard.CMS);
}
}
public byte[] GetEncoded()
{
try
{
X509CertificateStructure f = null, r = null;
if (forward != null)
{
f = X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(forward.GetEncoded()));
if (f == null)
{
throw new CertificateEncodingException("unable to get encoding for forward");
}
}
if (reverse != null)
{
r = X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(reverse.GetEncoded()));
if (r == null)
{
throw new CertificateEncodingException("unable to get encoding for reverse");
}
}
return(new CertificatePair(f, r).GetDerEncoded());
}
catch (Exception e)
{
// TODO
// throw new ExtCertificateEncodingException(e.toString(), e);
throw new CertificateEncodingException(e.Message, e);
}
}
public override void NotifyClientCertificate(AbstractCertificate clientCertificateIn)
{
Certificate clientCertificate = clientCertificateIn as Certificate;
bool isEmpty = (clientCertificate == null || clientCertificate.IsEmpty);
if (isEmpty != (mConfig.clientAuth == TlsTestConfig.CLIENT_AUTH_NONE))
{
throw new InvalidOperationException();
}
if (isEmpty && (mConfig.serverCertReq == TlsTestConfig.SERVER_CERT_REQ_MANDATORY))
{
throw new TlsFatalAlert(AlertDescription.handshake_failure);
}
X509CertificateStructure[] chain = clientCertificate.GetCertificateList();
// TODO Cache test resources?
if (!isEmpty && !(chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-dsa.pem")) ||
chain[0].Equals(TlsTestUtilities.LoadCertificateResource("x509-client-ecdsa.pem"))))
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
if (TlsTestConfig.DEBUG)
{
Console.WriteLine("TLS server received client certificate chain of length " + chain.Length);
for (int i = 0; i != chain.Length; i++)
{
X509CertificateStructure entry = chain[i];
// TODO Create fingerprint based on certificate signature algorithm digest
Console.WriteLine(" fingerprint:SHA-256 " + TlsTestUtilities.Fingerprint(entry) + " ("
+ entry.Subject + ")");
}
}
}
protected virtual void ReceiveCertificateVerifyMessage(MemoryStream buf)
{
DigitallySigned clientCertificateVerify = DigitallySigned.Parse(Context, buf);
AssertEmpty(buf);
// Verify the CertificateVerify message contains a correct signature.
try
{
byte[] hash;
if (TlsUtilities.IsTlsV12(Context))
{
hash = mPrepareFinishHash.GetFinalHash(clientCertificateVerify.Algorithm.Hash);
}
else
{
hash = mSecurityParameters.SessionHash;
}
X509CertificateStructure x509Cert = mPeerCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey(keyInfo);
TlsSigner tlsSigner = TlsUtilities.CreateTlsSigner((byte)mClientCertificateType);
tlsSigner.Init(Context);
if (!tlsSigner.VerifyRawSignature(clientCertificateVerify.Algorithm,
clientCertificateVerify.Signature, publicKey, hash))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.decrypt_error, e);
}
}
public override void ProcessServerCertificate(Certificate serverCertificate)
{
if (mKeyExchange != KeyExchangeAlgorithm.RSA_PSK)
{
throw new TlsFatalAlert(AlertDescription.unexpected_message);
}
if (serverCertificate.IsEmpty)
{
throw new TlsFatalAlert(AlertDescription.bad_certificate);
}
X509CertificateStructure x509Cert = serverCertificate.GetCertificateAt(0);
SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo;
try
{
this.mServerPublicKey = PublicKeyFactory.CreateKey(keyInfo);
}
catch (Exception e)
{
throw new TlsFatalAlert(AlertDescription.unsupported_certificate, e);
}
// Sanity check the PublicKeyFactory
if (this.mServerPublicKey.IsPrivate)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
this.mRsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.mServerPublicKey);
TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment);
base.ProcessServerCertificate(serverCertificate);
}
/**
* Parse the ServerCertificate message.
*
* @param inStr The stream where to parse from.
* @return A Certificate object with the certs, the server has sended.
* @throws IOException If something goes wrong during parsing.
*/
internal static Certificate Parse(
Stream inStr)
{
X509CertificateStructure[] certs;
int left = TlsUtilities.ReadUint24(inStr);
ArrayList tmp = new ArrayList();
while (left > 0)
{
int size = TlsUtilities.ReadUint24(inStr);
left -= 3 + size;
byte[] buf = new byte[size];
TlsUtilities.ReadFully(buf, inStr);
MemoryStream bis = new MemoryStream(buf, false);
Asn1Object o = Asn1Object.FromStream(bis);
tmp.Add(X509CertificateStructure.GetInstance(o));
if (bis.Position < bis.Length)
{
throw new ArgumentException("Sorry, there is garbage data left after the certificate");
}
}
certs = (X509CertificateStructure[])tmp.ToArray(typeof(X509CertificateStructure));
return(new Certificate(certs));
}
//public List<string> GetAuthorityInformationAccessOcspUrl(Org.BouncyCastle.X509.X509Certificate serverX509Certificate)
//{
// List<string> ocspUrls = new List<string>();
// try
// {
// // "1.3.6.1.5.5.7.1.1"
// Asn1Object asn1Object = this.GetExtensionValue(rootX509Certificate, X509Extensions.AuthorityInfoAccess.Id);
// if (asn1Object == null)
// {
// return null;
// }
// // For a strange reason I cannot acess the aia.AccessDescription[].
// // Hope it will be fixed in the next version (1.5).
// // mySupply ApS - JLM - Still not working in 1.7
// // AuthorityInformationAccess aia = AuthorityInformationAccess.GetInstance(asn1Object);
// // Switched to manual parse
// Asn1Sequence s = (Asn1Sequence)asn1Object;
// IEnumerator elements = s.GetEnumerator();
// while (elements.MoveNext())
// {
// Asn1Sequence element = (Asn1Sequence)elements.Current;
// DerObjectIdentifier oid = (DerObjectIdentifier)element[0];
// if (oid.Id.Equals("1.3.6.1.5.5.7.48.1")) // Is Ocsp - yes
// {
// Asn1TaggedObject taggedObject = (Asn1TaggedObject)element[1];
// GeneralName gn = (GeneralName)GeneralName.GetInstance(taggedObject);
// ocspUrls.Add(((DerIA5String)DerIA5String.GetInstance(gn.Name)).GetString());
// }
// }
// }
// catch (Exception e)
// {
// throw new Exception("Error parsing AIA.", e);
// }
// return ocspUrls;
//}
private X509Extensions GetX509Extensions(X509Certificate2 certificate)
{
try
{
var inputStream = new Asn1InputStream(certificate.RawData);
var certificateAsAsn1 = inputStream.ReadObject();
var certificateStructure = X509CertificateStructure.GetInstance(certificateAsAsn1);
var toBeSignedPart = certificateStructure.TbsCertificate;
var extensions = toBeSignedPart.Extensions;
if (extensions == null)
{
throw new CheckCertificateOcspUnexpectedException("No X509 extensions found");
}
return(extensions);
}
catch (CheckCertificateOcspUnexpectedException)
{
throw;
}
catch (CertificateEncodingException e)
{
throw new ArgumentException("Error while extracting Access Description", e);
}
}
public override IList <X509Certificate> GetCertificates()
{
IList <X509Certificate> list = new List <X509Certificate>();
if (!onlyExtended)
{
logger.Info(cmsSignedData.GetCertificates("Collection").GetMatches(null).Count + " certificate in collection");
foreach (X509Certificate ch in cmsSignedData.GetCertificates("Collection").GetMatches(null))
{
X509Certificate c = ch;
logger.Info("Certificate for subject " + c.SubjectDN);
if (!list.Contains(c))
{
list.Add(c);
}
}
}
// Add certificates in CAdES-XL certificate-values inside SignerInfo attribute if present
SignerInformation si = BCStaticHelpers.GetSigner(cmsSignedData, signerId);
if (si != null && si.UnsignedAttributes != null && si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues] != null)
{
DerSequence seq = (DerSequence)si.UnsignedAttributes[PkcsObjectIdentifiers.IdAAEtsCertValues].AttrValues[0];
for (int i = 0; i < seq.Count; i++)
{
X509CertificateStructure cs = X509CertificateStructure.GetInstance(seq[i]);
X509Certificate c = new X509Certificate(cs);
if (!list.Contains(c))
{
list.Add(c);
}
}
}
return(list);
}
public VipNetContainerEntry(Asn1Sequence seq, byte[] keyBlock)
{
Version = (DerInteger)seq[0];
KeyInfo = VipNetKeyInfo.GetInstance(seq[1]);
DefenceKeyInfo = VipNetKeyInfo.GetInstance(seq[2]);
KeyBlock = keyBlock;
for (int i = 3; i < seq.Count; ++i)
{
if (seq[i] is Asn1TaggedObject tag)
{
switch (tag.TagNo)
{
case 0:
Certificate = X509CertificateStructure.GetInstance(tag.GetObject());
break;
case 1:
PublicKey = (DerOctetString)tag.GetObject();
break;
}
}
}
}
