internal TbsCertificateStructure(
Asn1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq[0] is Asn1TaggedObject)
{
version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
}
else
{
seqStart = -1; // field 0 is missing!
version = new DerInteger(0);
}
bool isV1 = false;
bool isV2 = false;
if (version.Value.Equals(BigInteger.Zero))
{
isV1 = true;
}
else if (version.Value.Equals(BigInteger.One))
{
isV2 = true;
}
else if (!version.Value.Equals(BigInteger.Two))
{
throw new ArgumentException("version number not recognised");
}
serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);
signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
issuer = X509Name.GetInstance(seq[seqStart + 3]);
//
// before and after dates
//
Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];
startDate = Time.GetInstance(dates[0]);
endDate = Time.GetInstance(dates[1]);
subject = X509Name.GetInstance(seq[seqStart + 5]);
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);
int extras = seq.Count - (seqStart + 6) - 1;
if (extras != 0 && isV1)
{
throw new ArgumentException("version 1 certificate contains extra data");
}
while (extras > 0)
{
Asn1TaggedObject extra = Asn1TaggedObject.GetInstance(seq[seqStart + 6 + extras]);
switch (extra.TagNo)
{
case 1:
{
issuerUniqueID = DerBitString.GetInstance(extra, false);
break;
}
case 2:
{
subjectUniqueID = DerBitString.GetInstance(extra, false);
break;
}
case 3:
{
if (isV2)
{
throw new ArgumentException("version 2 certificate cannot contain extensions");
}
extensions = X509Extensions.GetInstance(Asn1Sequence.GetInstance(extra, true));
break;
}
default:
{
throw new ArgumentException("Unknown tag encountered in structure: " + extra.TagNo);
}
}
extras--;
}
}
/**
* Calculates the keyIdentifier using a SHA1 hash over the BIT STRING
* from SubjectPublicKeyInfo as defined in RFC3280.
*
* @param spki the subject public key info.
*/
public SubjectKeyIdentifier(
SubjectPublicKeyInfo spki)
{
this.keyIdentifier = GetDigest(spki);
}
public void SetSubjectPublicKeyInfo(
SubjectPublicKeyInfo pubKeyInfo)
{
this.subjectPublicKeyInfo = pubKeyInfo;
}
/**
* Return a RFC 3280 type 1 key identifier. As in:
* <pre>
* (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the
* value of the BIT STRING subjectPublicKey (excluding the tag,
* length, and number of unused bits).
* </pre>
* @param keyInfo the key info object containing the subjectPublicKey field.
* @return the key identifier.
*/
public static SubjectKeyIdentifier CreateSha1KeyIdentifier(
SubjectPublicKeyInfo keyInfo)
{
return(new SubjectKeyIdentifier(keyInfo));
}
/**
*
* Calulates the keyidentifier using a SHA1 hash over the BIT STRING
* from SubjectPublicKeyInfo as defined in RFC2459.
*
* Example of making a AuthorityKeyIdentifier:
* <pre>
* SubjectPublicKeyInfo apki = new SubjectPublicKeyInfo((ASN1Sequence)new ASN1InputStream(
* publicKey.getEncoded()).readObject());
* AuthorityKeyIdentifier aki = new AuthorityKeyIdentifier(apki);
* </pre>
*
**/
public AuthorityKeyIdentifier(
SubjectPublicKeyInfo spki)
: this(spki, null, null)
{
}