public TimeStampRequest Generate(
string digestAlgorithmOid,
byte[] digest,
IBigInteger nonce)
{
if (digestAlgorithmOid == null)
{
throw new ArgumentException("No digest algorithm specified");
}
DerObjectIdentifier digestAlgOid = new DerObjectIdentifier(digestAlgorithmOid);
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOid, DerNull.Instance);
MessageImprint messageImprint = new MessageImprint(algID, digest);
X509Extensions ext = null;
if (extOrdering.Count != 0)
{
ext = new X509Extensions(extOrdering, extensions);
}
DerInteger derNonce = nonce == null
? null
: new DerInteger(nonce);
return new TimeStampRequest(
new TimeStampReq(messageImprint, reqPolicy, derNonce, certReq, ext));
}
private ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DerGeneralizedTime thisUpdate,
DerGeneralizedTime nextUpdate,
X509Extensions extensions)
{
this.certId = certId;
if (certStatus == null)
{
this.certStatus = new CertStatus();
}
else if (certStatus is UnknownStatus)
{
this.certStatus = new CertStatus(2, DerNull.Instance);
}
else
{
RevokedStatus rs = (RevokedStatus) certStatus;
CrlReason revocationReason = rs.HasRevocationReason
? new CrlReason(rs.RevocationReason)
: null;
this.certStatus = new CertStatus(
new RevokedInfo(new DerGeneralizedTime(rs.RevocationTime), revocationReason));
}
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.extensions = extensions;
}
private RevDetails(Asn1Sequence seq)
{
certDetails = CertTemplate.GetInstance(seq[0]);
crlEntryDetails = seq.Count <= 1
? null
: X509Extensions.GetInstance(seq[1]);
}
public RequestObject(
CertificateID certId,
X509Extensions extensions)
{
this.certId = certId;
this.extensions = extensions;
}
private AttributeCertificateInfo(
Asn1Sequence seq)
{
if (seq.Count < 7 || seq.Count > 9)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
this.version = DerInteger.GetInstance(seq[0]);
this.holder = Holder.GetInstance(seq[1]);
this.issuer = AttCertIssuer.GetInstance(seq[2]);
this.signature = AlgorithmIdentifier.GetInstance(seq[3]);
this.serialNumber = DerInteger.GetInstance(seq[4]);
this.attrCertValidityPeriod = AttCertValidityPeriod.GetInstance(seq[5]);
this.attributes = Asn1Sequence.GetInstance(seq[6]);
for (int i = 7; i < seq.Count; i++)
{
Asn1Encodable obj = (Asn1Encodable) seq[i];
if (obj is DerBitString)
{
this.issuerUniqueID = DerBitString.GetInstance(seq[i]);
}
else if (obj is Asn1Sequence || obj is X509Extensions)
{
this.extensions = X509Extensions.GetInstance(seq[i]);
}
}
}
/* public X509Certificate2 FindRootCertificate(X509Certificate2 serverX509Certificate2, IDictionary<string, X509Certificate2> rootCertificateDirectory)
* {
* bool rootCertificateFound = false;
* X509Certificate2 desiredRootX509Certificate2 = null;
* // Find the desired root certificate
* X509Chain x509Chain = new X509Chain();
* x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
* x509Chain.Build(serverX509Certificate2);
*
* // Iterate though the chain, to validate if it contain a valid root vertificate
* X509ChainElementCollection x509ChainElementCollection = x509Chain.ChainElements;
* X509ChainElementEnumerator enumerator = x509ChainElementCollection.GetEnumerator();
* X509ChainElement x509ChainElement;
* X509Certificate2 x509Certificate2 = null;
* string x509CertificateThumbprint;
* // At this point, the certificate is not valid, until a
* // it is proved that it has a valid root certificate
* while (rootCertificateFound == false && enumerator.MoveNext())
* {
* x509ChainElement = enumerator.Current;
* x509Certificate2 = x509ChainElement.Certificate;
* x509CertificateThumbprint = x509Certificate2.Thumbprint.ToLowerInvariant();
* if (rootCertificateDirectory.ContainsKey(x509CertificateThumbprint))
* {
* // The current chain element is in the trusted rootCertificateDirectory
* rootCertificateFound = true;
*
* // now the loop will break, as we have found a trusted root certificate
* }
* }
*
* if (rootCertificateFound)
* {
* // root certificate is found
* desiredRootX509Certificate2 = x509Certificate2;
* }
*
* return desiredRootX509Certificate2;
* }*/
public List <string> GetAuthorityInformationAccessOcspUrl(X509Certificate2 x509Certificate2)
{
List <string> ocspUrls = new List <string>();
try
{
// DanID test code shows how to do it
Org.BouncyCastle.Asn1.X509.X509Extensions x509Extensions = this.GetX509Extensions(x509Certificate2);
Org.BouncyCastle.Asn1.X509.X509Extension x509Extension = x509Extensions.GetExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityInfoAccess);
if (x509Extension == null)
{
// The desired info does not exist
// Meaning the certificate does not contain ocsp urls
}
else
{
Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess authorityInformationAccess = Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess.GetInstance(x509Extension.GetParsedValue());
Org.BouncyCastle.Asn1.X509.AccessDescription[] accessDescription = authorityInformationAccess.GetAccessDescriptions();
string ocspUrl = this.GetAccessDescriptionUrlForOid(AccessDescription.IdADOcsp, accessDescription);
ocspUrls.Add(ocspUrl);
}
}
catch (Exception e)
{
throw new Exception("Error parsing AIA.", e);
}
return(ocspUrls);
}
public SingleResponse(
Asn1Sequence seq)
{
this.certID = CertID.GetInstance(seq[0]);
this.certStatus = CertStatus.GetInstance(seq[1]);
this.thisUpdate = (DerGeneralizedTime)seq[2];
if (seq.Count > 4)
{
this.nextUpdate = DerGeneralizedTime.GetInstance(
(Asn1TaggedObject) seq[3], true);
this.singleExtensions = X509Extensions.GetInstance(
(Asn1TaggedObject) seq[4], true);
}
else if (seq.Count > 3)
{
Asn1TaggedObject o = (Asn1TaggedObject) seq[3];
if (o.TagNo == 0)
{
this.nextUpdate = DerGeneralizedTime.GetInstance(o, true);
}
else
{
this.singleExtensions = X509Extensions.GetInstance(o, true);
}
}
}
public ResponseData(
ResponderID responderID,
DerGeneralizedTime producedAt,
Asn1Sequence responses,
X509Extensions responseExtensions)
: this(V1, responderID, producedAt, responses, responseExtensions)
{
}
public ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DateTime thisUpdate,
X509Extensions extensions)
: this(certId, certStatus, new DerGeneralizedTime(thisUpdate), null, extensions)
{
}
private RevDetails(Asn1Sequence seq)
{
certDetails = CertTemplate.GetInstance(seq[0]);
if (seq.Count > 1)
{
crlEntryDetails = X509Extensions.GetInstance(seq[1]);
}
}
public Request(
CertID reqCert,
X509Extensions singleRequestExtensions)
{
if (reqCert == null)
throw new ArgumentNullException("reqCert");
this.reqCert = reqCert;
this.singleRequestExtensions = singleRequestExtensions;
}
public TbsRequest(
GeneralName requestorName,
Asn1Sequence requestList,
X509Extensions requestExtensions)
{
this.version = V1;
this.requestorName = requestorName;
this.requestList = requestList;
this.requestExtensions = requestExtensions;
}
private Request(
Asn1Sequence seq)
{
reqCert = CertID.GetInstance(seq[0]);
if (seq.Count == 2)
{
singleRequestExtensions = X509Extensions.GetInstance(
(Asn1TaggedObject)seq[1], true);
}
}
private RevAnnContent(Asn1Sequence seq)
{
status = PkiStatusEncodable.GetInstance(seq[0]);
certId = CertId.GetInstance(seq[1]);
willBeRevokedAt = DerGeneralizedTime.GetInstance(seq[2]);
badSinceDate = DerGeneralizedTime.GetInstance(seq[3]);
if (seq.Count > 4)
{
crlDetails = X509Extensions.GetInstance(seq[4]);
}
}
public SingleResponse(
CertID certID,
CertStatus certStatus,
DerGeneralizedTime thisUpdate,
DerGeneralizedTime nextUpdate,
X509Extensions singleExtensions)
{
this.certID = certID;
this.certStatus = certStatus;
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.singleExtensions = singleExtensions;
}
public ResponseData(
DerInteger version,
ResponderID responderID,
DerGeneralizedTime producedAt,
Asn1Sequence responses,
X509Extensions responseExtensions)
{
this.version = version;
this.responderID = responderID;
this.producedAt = producedAt;
this.responses = responses;
this.responseExtensions = responseExtensions;
}
public TimeStampReq(
MessageImprint messageImprint,
DerObjectIdentifier tsaPolicy,
DerInteger nonce,
DerBoolean certReq,
X509Extensions extensions)
{
// default
this.version = new DerInteger(1);
this.messageImprint = messageImprint;
this.tsaPolicy = tsaPolicy;
this.nonce = nonce;
this.certReq = certReq;
this.extensions = extensions;
}
public CrlEntry(
Asn1Sequence seq)
{
if (seq.Count < 2 || seq.Count > 3)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
this.seq = seq;
userCertificate = DerInteger.GetInstance(seq[0]);
revocationDate = Time.GetInstance(seq[1]);
if (seq.Count == 3)
{
crlEntryExtensions = X509Extensions.GetInstance(seq[2]);
}
}
private CertTemplate(Asn1Sequence seq)
{
this.seq = seq;
foreach (Asn1TaggedObject tObj in seq)
{
switch (tObj.TagNo)
{
case 0:
version = DerInteger.GetInstance(tObj, false);
break;
case 1:
serialNumber = DerInteger.GetInstance(tObj, false);
break;
case 2:
signingAlg = AlgorithmIdentifier.GetInstance(tObj, false);
break;
case 3:
issuer = X509Name.GetInstance(tObj, true); // CHOICE
break;
case 4:
validity = OptionalValidity.GetInstance(Asn1Sequence.GetInstance(tObj, false));
break;
case 5:
subject = X509Name.GetInstance(tObj, true); // CHOICE
break;
case 6:
publicKey = SubjectPublicKeyInfo.GetInstance(tObj, false);
break;
case 7:
issuerUID = DerBitString.GetInstance(tObj, false);
break;
case 8:
subjectUID = DerBitString.GetInstance(tObj, false);
break;
case 9:
extensions = X509Extensions.GetInstance(tObj, false);
break;
default:
throw new ArgumentException("unknown tag: " + tObj.TagNo, "seq");
}
}
}
private TimeStampReq(
Asn1Sequence seq)
{
int nbObjects = seq.Count;
int seqStart = 0;
// version
version = DerInteger.GetInstance(seq[seqStart++]);
// messageImprint
messageImprint = MessageImprint.GetInstance(seq[seqStart++]);
for (int opt = seqStart; opt < nbObjects; opt++)
{
// tsaPolicy
if (seq[opt] is DerObjectIdentifier)
{
tsaPolicy = DerObjectIdentifier.GetInstance(seq[opt]);
}
// nonce
else if (seq[opt] is DerInteger)
{
nonce = DerInteger.GetInstance(seq[opt]);
}
// certReq
else if (seq[opt] is DerBoolean)
{
certReq = DerBoolean.GetInstance(seq[opt]);
}
// extensions
else if (seq[opt] is Asn1TaggedObject)
{
Asn1TaggedObject tagged = (Asn1TaggedObject) seq[opt];
if (tagged.TagNo == 0)
{
extensions = X509Extensions.GetInstance(tagged, false);
}
}
}
}
private TbsRequest(
Asn1Sequence seq)
{
int index = 0;
Asn1Encodable enc = seq[0];
if (enc is Asn1TaggedObject)
{
Asn1TaggedObject o = (Asn1TaggedObject) enc;
if (o.TagNo == 0)
{
version = DerInteger.GetInstance(o, true);
index++;
}
else
{
version = V1;
}
}
else
{
version = V1;
}
if (seq[index] is Asn1TaggedObject)
{
requestorName = GeneralName.GetInstance((Asn1TaggedObject) seq[index++], true);
}
requestList = (Asn1Sequence) seq[index++];
if (seq.Count == (index + 1))
{
requestExtensions = X509Extensions.GetInstance((Asn1TaggedObject) seq[index], true);
}
}
public RevDetails(CertTemplate certDetails, X509Extensions crlEntryDetails)
{
this.crlEntryDetails = crlEntryDetails;
}
/**
* @param responderIDList
* an {@link IList} of {@link ResponderID}, specifying the list of trusted OCSP
* responders. An empty list has the special meaning that the responders are
* implicitly known to the server - e.g., by prior arrangement.
* @param requestExtensions
* OCSP request extensions. A null value means that there are no extensions.
*/
public OcspStatusRequest(IList responderIDList, X509Extensions requestExtensions)
{
this.mResponderIDList = responderIDList;
this.mRequestExtensions = requestExtensions;
}
/**
* Add a CRL entry with extensions.
**/
public void AddCrlEntry(
IBigInteger userCertificate,
DateTime revocationDate,
X509Extensions extensions)
{
tbsGen.AddCrlEntry(new DerInteger(userCertificate), new Time(revocationDate), extensions);
}
public static AuthorityKeyIdentifier FromExtensions(X509Extensions extensions)
{
return(GetInstance(X509Extensions.GetExtensionParsedValue(extensions, X509Extensions.AuthorityKeyIdentifier)));
}
public static X509Extension GetExtension(X509Extensions extensions, DerObjectIdentifier oid)
{
return(null == extensions ? null : extensions.GetExtension(oid));
}
internal TbsCertificateList(
Asn1Sequence seq)
{
if (seq.Count < 3 || seq.Count > 7)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
int seqPos = 0;
this.seq = seq;
if (seq[seqPos] is DerInteger)
{
version = DerInteger.GetInstance(seq[seqPos++]);
}
else
{
version = new DerInteger(0);
}
signature = AlgorithmIdentifier.GetInstance(seq[seqPos++]);
issuer = X509Name.GetInstance(seq[seqPos++]);
thisUpdate = Time.GetInstance(seq[seqPos++]);
if (seqPos < seq.Count
&& (seq[seqPos] is DerUtcTime
|| seq[seqPos] is DerGeneralizedTime
|| seq[seqPos] is Time))
{
nextUpdate = Time.GetInstance(seq[seqPos++]);
}
if (seqPos < seq.Count
&& !(seq[seqPos] is DerTaggedObject))
{
revokedCertificates = Asn1Sequence.GetInstance(seq[seqPos++]);
}
if (seqPos < seq.Count
&& seq[seqPos] is DerTaggedObject)
{
crlExtensions = X509Extensions.GetInstance(seq[seqPos]);
}
}
private ResponseData(
Asn1Sequence seq)
{
int index = 0;
Asn1Encodable enc = seq[0];
if (enc is Asn1TaggedObject)
{
Asn1TaggedObject o = (Asn1TaggedObject)enc;
if (o.TagNo == 0)
{
this.versionPresent = true;
this.version = DerInteger.GetInstance(o, true);
index++;
}
else
{
this.version = V1;
}
}
else
{
this.version = V1;
}
this.responderID = ResponderID.GetInstance(seq[index++]);
this.producedAt = (DerGeneralizedTime)seq[index++];
this.responses = (Asn1Sequence)seq[index++];
if (seq.Count > index)
{
this.responseExtensions = X509Extensions.GetInstance(
(Asn1TaggedObject)seq[index], true);
}
}
private void checkCrlCreation3()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 768, 25));
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
DateTime now = DateTime.UtcNow;
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
crlGen.SetIssuerDN(new X509Name("CN=Test CA"));
crlGen.SetThisUpdate(now);
crlGen.SetNextUpdate(now.AddSeconds(100));
crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
IList extOids = new ArrayList();
IList extValues = new ArrayList();
CrlReason crlReason = new CrlReason(CrlReason.PrivilegeWithdrawn);
try
{
extOids.Add(X509Extensions.ReasonCode);
extValues.Add(new X509Extension(false, new DerOctetString(crlReason.GetEncoded())));
}
catch (IOException e)
{
throw new ArgumentException("error encoding reason: " + e);
}
X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
crlGen.AddCrlEntry(BigInteger.One, now, entryExtensions);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
X509Crl crl = crlGen.Generate(pair.Private);
if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
{
Fail("failed CRL issuer test");
}
Asn1OctetString authExt = crl.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);
if (authExt == null)
{
Fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CrlEntry entry = crl.GetRevokedCertificate(BigInteger.One);
if (entry == null)
{
Fail("failed to find CRL entry");
}
if (!entry.SerialNumber.Equals(BigInteger.One))
{
Fail("CRL cert serial number does not match");
}
if (!entry.HasExtensions)
{
Fail("CRL entry extension not found");
}
Asn1OctetString ext = entry.GetExtensionValue(X509Extensions.ReasonCode);
if (ext != null)
{
DerEnumerated reasonCode = (DerEnumerated)X509ExtensionUtilities.FromExtensionValue(ext);
if (reasonCode.Value.IntValue != CrlReason.PrivilegeWithdrawn)
{
Fail("CRL entry reasonCode wrong");
}
}
else
{
Fail("CRL entry reasonCode not found");
}
//
// check loading of existing CRL
//
crlGen = new X509V2CrlGenerator();
now = DateTime.UtcNow;
crlGen.SetIssuerDN(new X509Name("CN=Test CA"));
crlGen.SetThisUpdate(now);
crlGen.SetNextUpdate(now.AddSeconds(100));
crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
crlGen.AddCrl(crl);
crlGen.AddCrlEntry(BigInteger.Two, now, entryExtensions);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
X509Crl newCrl = crlGen.Generate(pair.Private);
int count = 0;
bool oneFound = false;
bool twoFound = false;
foreach (X509CrlEntry crlEnt in newCrl.GetRevokedCertificates())
{
if (crlEnt.SerialNumber.IntValue == 1)
{
oneFound = true;
}
else if (crlEnt.SerialNumber.IntValue == 2)
{
twoFound = true;
}
count++;
}
if (count != 2)
{
Fail("wrong number of CRLs found");
}
if (!oneFound || !twoFound)
{
Fail("wrong CRLs found in copied list");
}
//
// check factory read back
//
X509Crl readCrl = new X509CrlParser().ReadCrl(newCrl.GetEncoded());
if (readCrl == null)
{
Fail("crl not returned!");
}
// ICollection col = cFact.generateCRLs(new ByteArrayInputStream(newCrl.getEncoded()));
ICollection col = new X509CrlParser().ReadCrls(newCrl.GetEncoded());
if (col.Count != 1)
{
Fail("wrong number of CRLs found in collection");
}
}
public static GeneralNames FromExtensions(X509Extensions extensions, DerObjectIdentifier extOid)
{
return(GetInstance(X509Extensions.GetExtensionParsedValue(extensions, extOid)));
}
public static Asn1Encodable GetExtensionParsedValue(X509Extensions extensions, DerObjectIdentifier oid)
{
return(null == extensions ? null : extensions.GetExtensionParsedValue(oid));
}
public void SetExtensions(X509Extensions extensions)
{
this.extensions = extensions;
}
public static CrlDistPoint FromExtensions(X509Extensions extensions)
{
return(GetInstance(X509Extensions.GetExtensionParsedValue(extensions, X509Extensions.CrlDistributionPoints)));
}
public static AuthorityInformationAccess FromExtensions(X509Extensions extensions)
{
return(GetInstance(X509Extensions.GetExtensionParsedValue(extensions, X509Extensions.AuthorityInfoAccess)));
}
public void SetExtensions(
X509Extensions extensions)
{
this.extensions = extensions;
}
public bool Equivalent(
X509Extensions other)
{
if (extensions.Count != other.extensions.Count)
return false;
foreach (DerObjectIdentifier oid in extensions.Keys)
{
if (!extensions[oid].Equals(other.extensions[oid]))
return false;
}
return true;
}
private void checkCrlCreation2()
{
IAsymmetricCipherKeyPairGenerator kpGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
kpGen.Init(
new RsaKeyGenerationParameters(
BigInteger.ValueOf(0x10001), new SecureRandom(), 768, 25));
X509V2CrlGenerator crlGen = new X509V2CrlGenerator();
DateTime now = DateTime.UtcNow;
AsymmetricCipherKeyPair pair = kpGen.GenerateKeyPair();
crlGen.SetIssuerDN(new X509Name("CN=Test CA"));
crlGen.SetThisUpdate(now);
crlGen.SetNextUpdate(now.AddSeconds(100));
crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
IList extOids = new ArrayList();
IList extValues = new ArrayList();
CrlReason crlReason = new CrlReason(CrlReason.PrivilegeWithdrawn);
try
{
extOids.Add(X509Extensions.ReasonCode);
extValues.Add(new X509Extension(false, new DerOctetString(crlReason.GetEncoded())));
}
catch (IOException e)
{
throw new ArgumentException("error encoding reason: " + e);
}
X509Extensions entryExtensions = new X509Extensions(extOids, extValues);
crlGen.AddCrlEntry(BigInteger.One, now, entryExtensions);
crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
X509Crl crl = crlGen.Generate(pair.Private);
if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
{
Fail("failed CRL issuer test");
}
Asn1OctetString authExt = crl.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier);
if (authExt == null)
{
Fail("failed to find CRL extension");
}
AuthorityKeyIdentifier authId = new AuthorityKeyIdentifierStructure(authExt);
X509CrlEntry entry = crl.GetRevokedCertificate(BigInteger.One);
if (entry == null)
{
Fail("failed to find CRL entry");
}
if (!entry.SerialNumber.Equals(BigInteger.One))
{
Fail("CRL cert serial number does not match");
}
if (!entry.HasExtensions)
{
Fail("CRL entry extension not found");
}
Asn1OctetString ext = entry.GetExtensionValue(X509Extensions.ReasonCode);
if (ext != null)
{
DerEnumerated reasonCode = (DerEnumerated)X509ExtensionUtilities.FromExtensionValue(ext);
if (reasonCode.Value.IntValue != CrlReason.PrivilegeWithdrawn)
{
Fail("CRL entry reasonCode wrong");
}
}
else
{
Fail("CRL entry reasonCode not found");
}
}
internal TbsCertificateStructure(
Asn1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq[0] is DerTaggedObject)
{
version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
}
else
{
seqStart = -1; // field 0 is missing!
version = new DerInteger(0);
}
bool isV1 = false;
bool isV2 = false;
if (version.Value.Equals(BigInteger.Zero))
{
isV1 = true;
}
else if (version.Value.Equals(BigInteger.One))
{
isV2 = true;
}
else if (!version.Value.Equals(BigInteger.Two))
{
throw new ArgumentException("version number not recognised");
}
serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);
signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
issuer = X509Name.GetInstance(seq[seqStart + 3]);
//
// before and after dates
//
Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];
startDate = Time.GetInstance(dates[0]);
endDate = Time.GetInstance(dates[1]);
subject = X509Name.GetInstance(seq[seqStart + 5]);
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);
int extras = seq.Count - (seqStart + 6) - 1;
if (extras != 0 && isV1)
{
throw new ArgumentException("version 1 certificate contains extra data");
}
while (extras > 0)
{
DerTaggedObject extra = (DerTaggedObject)seq[seqStart + 6 + extras];
switch (extra.TagNo)
{
case 1:
{
issuerUniqueID = DerBitString.GetInstance(extra, false);
break;
}
case 2:
{
subjectUniqueID = DerBitString.GetInstance(extra, false);
break;
}
case 3:
{
if (isV2)
{
throw new ArgumentException("version 2 certificate cannot contain extensions");
}
extensions = X509Extensions.GetInstance(Asn1Sequence.GetInstance(extra, true));
break;
}
default:
{
throw new ArgumentException("Unknown tag encountered in structure: " + extra.TagNo);
}
}
extras--;
}
}
internal TbsCertificateStructure(
Asn1Sequence seq)
{
int seqStart = 0;
this.seq = seq;
//
// some certficates don't include a version number - we assume v1
//
if (seq[0] is DerTaggedObject)
{
version = DerInteger.GetInstance((Asn1TaggedObject)seq[0], true);
}
else
{
seqStart = -1; // field 0 is missing!
version = new DerInteger(0);
}
serialNumber = DerInteger.GetInstance(seq[seqStart + 1]);
signature = AlgorithmIdentifier.GetInstance(seq[seqStart + 2]);
issuer = X509Name.GetInstance(seq[seqStart + 3]);
//
// before and after dates
//
Asn1Sequence dates = (Asn1Sequence)seq[seqStart + 4];
startDate = Time.GetInstance(dates[0]);
endDate = Time.GetInstance(dates[1]);
subject = X509Name.GetInstance(seq[seqStart + 5]);
//
// public key info.
//
subjectPublicKeyInfo = SubjectPublicKeyInfo.GetInstance(seq[seqStart + 6]);
for (int extras = seq.Count - (seqStart + 6) - 1; extras > 0; extras--)
{
DerTaggedObject extra = (DerTaggedObject) seq[seqStart + 6 + extras];
switch (extra.TagNo)
{
case 1:
issuerUniqueID = DerBitString.GetInstance(extra, false);
break;
case 2:
subjectUniqueID = DerBitString.GetInstance(extra, false);
break;
case 3:
extensions = X509Extensions.GetInstance(extra);
break;
}
}
}
public static SubjectKeyIdentifier FromExtensions(X509Extensions extensions)
{
return(GetInstance(X509Extensions.GetExtensionParsedValue(extensions, X509Extensions.SubjectKeyIdentifier)));
}
