public Asn1Object toASN1Primitive() { Asn1EncodableVector dev = new Asn1EncodableVector(); dev.Add(this.sigPolicyQualifierId); dev.Add(this.sigQualifier); return new DerSequence(dev); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); if (version != null) { v.Add(version); } v.Add(iv); return new DerSequence(v); }
private PkiStatusInfo GetPkiStatusInfo() { Asn1EncodableVector v = new Asn1EncodableVector( new DerInteger((int)status)); if (statusStrings.Count > 0) { v.Add(new PkiFreeText(new DerSequence(statusStrings))); } if (failInfo != 0) { v.Add(new FailInfo(failInfo)); } return new PkiStatusInfo(new DerSequence(v)); }
public static Asn1Set CreateBerSetFromList(List<Asn1Encodable> derObjects) { Asn1EncodableVector v = new Asn1EncodableVector(); foreach (Asn1Encodable d in derObjects) { v.Add(d); } return new BerSet(v); }
/// <summary> /// Write myself to the given stream /// </summary> public void WriteTo(Stream stream, out string md5FingerPrint, out string sha1FingerPrint) { X509Certificate[] cert; AsymmetricKeyEntry privateKey; LoadPfx(out cert, out privateKey); var certsVector = new Asn1EncodableVector(); md5FingerPrint = null; sha1FingerPrint = null; foreach (var c in cert) { var certStream = new MemoryStream(c.GetEncoded()); var certStruct = X509CertificateStructure.GetInstance(new Asn1InputStream(certStream).ReadObject()); certsVector.Add(certStruct); if (md5FingerPrint == null) { var certData = certStream.ToArray(); md5FingerPrint = CreateFingerprint(new MD5Digest(), certData); } if (sha1FingerPrint == null) { var certData = certStream.ToArray(); sha1FingerPrint = CreateFingerprint(new Sha1Digest(), certData); } } var encryptedSignature = GetSignature(signature, privateKey.Key); var signerInfo = new SignerInfo( new DerInteger(1), new IssuerAndSerialNumber(cert[0].IssuerDN, cert[0].SerialNumber), new AlgorithmIdentifier(Oids.SHA1, DerNull.Instance), null, new AlgorithmIdentifier(Oids.RSA, DerNull.Instance), new DerOctetString(encryptedSignature), null); var pkcs7 = new SignedData( new DerInteger(1), new DerSet(new AlgorithmIdentifier(Oids.SHA1, DerNull.Instance)), new ContentInfo(new DerObjectIdentifier(Oids.data), null), new DerSet(certsVector), null, new DerSet(signerInfo)); //var signedData = new ContentInfo(new DERObjectIdentifier(Oids.signedData), pkcs7); var v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(Oids.signedData)); v.Add(new DerTaggedObject(0, pkcs7)); var signedData = new DerSequence(v); // Save var data = signedData.GetEncoded(); stream.Write(data, 0, data.Length); }
public static Asn1EncodableVector FromEnumerable( IEnumerable e) { Asn1EncodableVector v = new Asn1EncodableVector(); foreach (Asn1Encodable obj in e) { v.Add(obj); } return v; }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * ContentInfo ::= Sequence { * contentType ContentType, * content * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(contentType); if (content != null) { v.Add(new BerTaggedObject(0, content)); } return new BerSequence(v); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector seq = new Asn1EncodableVector(qcStatementId); if (qcStatementInfo != null) { seq.Add(qcStatementInfo); } return new DerSequence(seq); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(p, g); if (this.l != null) { v.Add(l); } return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * OcspResponse ::= Sequence { * responseStatus OcspResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(responseStatus); if (responseBytes != null) { v.Add(new DerTaggedObject(true, 0, responseBytes)); } return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * Request ::= Sequence { * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(reqCert); if (singleRequestExtensions != null) { v.Add(new DerTaggedObject(true, 0, singleRequestExtensions)); } return new DerSequence(v); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * OcspRequest ::= Sequence { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(tbsRequest); if (optionalSignature != null) { v.Add(new DerTaggedObject(true, 0, optionalSignature)); } return new DerSequence(v); }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector( bagID, new DerTaggedObject(0, bagValue)); if (bagAttributes != null) { v.Add(bagAttributes); } return new DerSequence(v); }
public static Asn1Set CreateDerSetFromList( IList derObjects) { Asn1EncodableVector v = new Asn1EncodableVector(); foreach (Asn1Encodable ae in derObjects) { v.Add(ae); } return new DerSet(v); }
internal Asn1EncodableVector BuildEncodableVector() { Asn1EncodableVector v = new Asn1EncodableVector(); Asn1Object o; while ((o = ReadObject()) != null) { v.Add(o); } return v; }
public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector( new DerInteger(3), contentInfo); if (macData != null) { v.Add(macData); } return new BerSequence(v); }
/** * <pre> * CommitmentTypeIndication ::= SEQUENCE { * commitmentTypeId CommitmentTypeIdentifier, * commitmentTypeQualifier SEQUENCE SIZE (1..MAX) OF * CommitmentTypeQualifier OPTIONAL } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(commitmentTypeId); if (commitmentTypeQualifier != null) { v.Add(commitmentTypeQualifier); } return new DerSequence(v); }
/** * Return an ASN1 set from a tagged object. There is a special * case here, if an object appears to have been explicitly tagged on * reading but we were expecting it to be implicitly tagged in the * normal course of events it indicates that we lost the surrounding * set - so we need to add it back (this will happen if the tagged * object is a sequence that contains other sequences). If you are * dealing with implicitly tagged sets you really <b>should</b> * be using this method. * * @param obj the tagged object. * @param explicitly true if the object is meant to be explicitly tagged * false otherwise. * @exception ArgumentException if the tagged object cannot * be converted. */ public static Asn1Set GetInstance( Asn1TaggedObject obj, bool explicitly) { Asn1Object inner = obj.GetObject(); if (explicitly) { if (!obj.IsExplicit()) throw new ArgumentException("object implicit - explicit expected."); return (Asn1Set) inner; } // // constructed object which appears to be explicitly tagged // and it's really implicit means we have to add the // surrounding sequence. // if (obj.IsExplicit()) { return new DerSet(inner); } if (inner is Asn1Set) { return (Asn1Set) inner; } // // in this case the parser returns a sequence, convert it // into a set. // if (inner is Asn1Sequence) { Asn1EncodableVector v = new Asn1EncodableVector(); Asn1Sequence s = (Asn1Sequence) inner; foreach (Asn1Encodable ae in s) { v.Add(ae); } // TODO Should be able to construct set directly from sequence? return new DerSet(v, false); } throw new ArgumentException("Unknown object in GetInstance: " + obj.GetType().FullName, "obj"); }
public ECPrivateKeyStructure( BigInteger key, DerBitString publicKey, Asn1Encodable parameters) { if (key == null) throw new ArgumentNullException("key"); Asn1EncodableVector v = new Asn1EncodableVector( new DerInteger(1), new DerOctetString(key.ToByteArrayUnsigned())); if (parameters != null) { v.Add(new DerTaggedObject(true, 0, parameters)); } if (publicKey != null) { v.Add(new DerTaggedObject(true, 1, publicKey)); } this.seq = new DerSequence(v); }
internal Asn1EncodableVector ReadVector() { IAsn1Convertible obj = ReadObject(); if (null == obj) { return(new Asn1EncodableVector(0)); } Asn1EncodableVector v = new Asn1EncodableVector(); do { v.Add(obj.ToAsn1Object()); }while ((obj = ReadObject()) != null); return(v); }
public static Asn1Set GetInstance(Asn1TaggedObject obj, bool explicitly) { Asn1Object obj2 = obj.GetObject(); if (explicitly) { if (!obj.IsExplicit()) { throw new ArgumentException("object implicit - explicit expected."); } return((Asn1Set)obj2); } if (obj.IsExplicit()) { return(new DerSet(obj2)); } if (obj2 is Asn1Set) { return((Asn1Set)obj2); } if (!(obj2 is Asn1Sequence)) { throw new ArgumentException("Unknown object in GetInstance: " + Platform.GetTypeName(obj), "obj"); } Asn1EncodableVector v = new Asn1EncodableVector(Array.Empty <Asn1Encodable>()); IEnumerator enumerator = ((Asn1Sequence)obj2).GetEnumerator(); try { while (enumerator.MoveNext()) { Asn1Encodable current = (Asn1Encodable)enumerator.Current; Asn1Encodable[] objs = new Asn1Encodable[] { current }; v.Add(objs); } } finally { if (enumerator is IDisposable disposable) { IDisposable disposable; disposable.Dispose(); } } return(new DerSet(v, false)); }
internal virtual Asn1EncodableVector ReadVector(DefiniteLengthInputStream dIn) { if (dIn.Remaining < 1) { return(new Asn1EncodableVector(0)); } Asn1InputStream subStream = new Asn1InputStream(dIn); Asn1EncodableVector v = new Asn1EncodableVector(); Asn1Object o; while ((o = subStream.ReadObject()) != null) { v.Add(o); } return(v); }
internal Asn1EncodableVector ReadVector() { Asn1EncodableVector v = new Asn1EncodableVector(); try { IAsn1Convertible obj; while ((obj = ReadObject()) != null) { v.Add(obj.ToAsn1Object()); } } catch (IOException e) { throw new InvalidOperationException(e.Message, e); } return v; }
internal Asn1EncodableVector ReadVector() { Asn1EncodableVector v = new Asn1EncodableVector(); try { IAsn1Convertible obj; while ((obj = ReadObject()) != null) { v.Add(obj.ToAsn1Object()); } } catch (IOException e) { throw new InvalidOperationException(e.Message, e); } return(v); }
private void Parse() { lock (this) { if (null != encoded) { Asn1EncodableVector v = new Asn1EncodableVector(); Asn1InputStream e = new LazyAsn1InputStream(encoded); Asn1Object o; while ((o = e.ReadObject()) != null) { v.Add(o); } this.elements = v.TakeElements(); this.encoded = null; } } }
public static Asn1Set GetInstance(Asn1TaggedObject obj, bool explicitly) { Asn1Object @object = obj.GetObject(); if (explicitly) { if (!obj.IsExplicit()) { throw new ArgumentException("object implicit - explicit expected."); } return((Asn1Set)@object); } else { if (obj.IsExplicit()) { return(new DerSet(@object)); } if (@object is Asn1Set) { return((Asn1Set)@object); } if (@object is Asn1Sequence) { Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]); Asn1Sequence asn1Sequence = (Asn1Sequence)@object; foreach (Asn1Encodable asn1Encodable in asn1Sequence) { asn1EncodableVector.Add(new Asn1Encodable[] { asn1Encodable }); } return(new DerSet(asn1EncodableVector, false)); } throw new ArgumentException("Unknown object in GetInstance: " + obj.GetType().FullName, "obj"); } }
public static Asn1EncodableVector FromEnumerable(global::System.Collections.IEnumerable e) { Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(); global::System.Collections.IEnumerator enumerator = e.GetEnumerator(); try { while (enumerator.MoveNext()) { Asn1Encodable asn1Encodable = (Asn1Encodable)enumerator.get_Current(); asn1EncodableVector.Add(asn1Encodable); } return(asn1EncodableVector); } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } }
public static Asn1EncodableVector FromEnumerable(IEnumerable e) { Asn1EncodableVector vector = new Asn1EncodableVector(Array.Empty <Asn1Encodable>()); IEnumerator enumerator = e.GetEnumerator(); try { while (enumerator.MoveNext()) { Asn1Encodable current = (Asn1Encodable)enumerator.Current; Asn1Encodable[] objs = new Asn1Encodable[] { current }; vector.Add(objs); } } finally { if (enumerator is IDisposable disposable) { IDisposable disposable; disposable.Dispose(); } } return(vector); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * PasswordRecipientInfo ::= Sequence { * version CMSVersion, -- Always set to 0 * keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier * OPTIONAL, * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, * encryptedKey EncryptedKey } * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector(version); if (keyDerivationAlgorithm != null) { v.Add(new DerTaggedObject(false, 0, keyDerivationAlgorithm)); } v.Add(keyEncryptionAlgorithm, encryptedKey); return new DerSequence(v); }
/** * If the complete CRL includes an issuing distribution point (IDP) CRL * extension check the following: * <p> * (i) If the distribution point name is present in the IDP CRL extension * and the distribution field is present in the DP, then verify that one of * the names in the IDP matches one of the names in the DP. If the * distribution point name is present in the IDP CRL extension and the * distribution field is omitted from the DP, then verify that one of the * names in the IDP matches one of the names in the cRLIssuer field of the * DP. * </p> * <p> * (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL * extension, verify that the certificate does not include the basic * constraints extension with the cA boolean asserted. * </p> * <p> * (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL * extension, verify that the certificate includes the basic constraints * extension with the cA boolean asserted. * </p> * <p> * (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted. * </p> * * @param dp The distribution point. * @param cert The certificate. * @param crl The CRL. * @throws AnnotatedException if one of the conditions is not met or an error occurs. */ internal static void ProcessCrlB2( DistributionPoint dp, object cert, X509Crl crl) { IssuingDistributionPoint idp = null; try { idp = IssuingDistributionPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, X509Extensions.IssuingDistributionPoint)); } catch (Exception e) { throw new Exception("0 Issuing distribution point extension could not be decoded.", e); } // (b) (2) (i) // distribution point name is present if (idp != null) { if (idp.DistributionPoint != null) { // make list of names DistributionPointName dpName = IssuingDistributionPoint.GetInstance(idp).DistributionPoint; IList names = Platform.CreateArrayList(); if (dpName.PointType == DistributionPointName.FullName) { GeneralName[] genNames = GeneralNames.GetInstance(dpName.Name).GetNames(); for (int j = 0; j < genNames.Length; j++) { names.Add(genNames[j]); } } if (dpName.PointType == DistributionPointName.NameRelativeToCrlIssuer) { Asn1EncodableVector vec = new Asn1EncodableVector(); try { IEnumerator e = Asn1Sequence.GetInstance( Asn1Sequence.FromByteArray(crl.IssuerDN.GetEncoded())).GetEnumerator(); while (e.MoveNext()) { vec.Add((Asn1Encodable)e.Current); } } catch (IOException e) { throw new Exception("Could not read CRL issuer.", e); } vec.Add(dpName.Name); names.Add(new GeneralName(X509Name.GetInstance(new DerSequence(vec)))); } bool matches = false; // verify that one of the names in the IDP matches one // of the names in the DP. if (dp.DistributionPointName != null) { dpName = dp.DistributionPointName; GeneralName[] genNames = null; if (dpName.PointType == DistributionPointName.FullName) { genNames = GeneralNames.GetInstance(dpName.Name).GetNames(); } if (dpName.PointType == DistributionPointName.NameRelativeToCrlIssuer) { if (dp.CrlIssuer != null) { genNames = dp.CrlIssuer.GetNames(); } else { genNames = new GeneralName[1]; try { genNames[0] = new GeneralName( PkixCertPathValidatorUtilities.GetIssuerPrincipal(cert)); } catch (IOException e) { throw new Exception("Could not read certificate issuer.", e); } } for (int j = 0; j < genNames.Length; j++) { IEnumerator e = Asn1Sequence.GetInstance(genNames[j].Name.ToAsn1Object()).GetEnumerator(); Asn1EncodableVector vec = new Asn1EncodableVector(); while (e.MoveNext()) { vec.Add((Asn1Encodable)e.Current); } vec.Add(dpName.Name); genNames[j] = new GeneralName(X509Name.GetInstance(new DerSequence(vec))); } } if (genNames != null) { for (int j = 0; j < genNames.Length; j++) { if (names.Contains(genNames[j])) { matches = true; break; } } } if (!matches) { throw new Exception( "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point."); } } // verify that one of the names in // the IDP matches one of the names in the cRLIssuer field of // the DP else { if (dp.CrlIssuer == null) { throw new Exception("Either the cRLIssuer or the distributionPoint field must " + "be contained in DistributionPoint."); } GeneralName[] genNames = dp.CrlIssuer.GetNames(); for (int j = 0; j < genNames.Length; j++) { if (names.Contains(genNames[j])) { matches = true; break; } } if (!matches) { throw new Exception( "No match for certificate CRL issuing distribution point name to cRLIssuer CRL distribution point."); } } } BasicConstraints bc = null; try { bc = BasicConstraints.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue( (IX509Extension)cert, X509Extensions.BasicConstraints)); } catch (Exception e) { throw new Exception("Basic constraints extension could not be decoded.", e); } //if (cert is X509Certificate) { // (b) (2) (ii) if (idp.OnlyContainsUserCerts && ((bc != null) && bc.IsCA())) { throw new Exception("CA Cert CRL only contains user certificates."); } // (b) (2) (iii) if (idp.OnlyContainsCACerts && (bc == null || !bc.IsCA())) { throw new Exception("End CRL only contains CA certificates."); } } // (b) (2) (iv) if (idp.OnlyContainsAttributeCerts) { throw new Exception("onlyContainsAttributeCerts boolean is asserted."); } } }
/** * generate an enveloped object that contains an CMS Enveloped Data * object using the given provider and the passed in key generator. * @throws java.io.IOException */ private Stream Open( Stream outStr, string macOid, CipherKeyGenerator keyGen) { // FIXME Will this work for macs? byte[] encKeyBytes = keyGen.GenerateKey(); KeyParameter encKey = ParameterUtilities.CreateKeyParameter(macOid, encKeyBytes); Asn1Encodable asn1Params = GenerateAsn1Parameters(macOid, encKeyBytes); ICipherParameters cipherParameters; AlgorithmIdentifier macAlgId = GetAlgorithmIdentifier( macOid, encKey, asn1Params, out cipherParameters); Asn1EncodableVector recipientInfos = new Asn1EncodableVector(); foreach (RecipientInfoGenerator rig in recipientInfoGenerators) { try { recipientInfos.Add(rig.Generate(encKey, rand)); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for algorithm.", e); } catch (GeneralSecurityException e) { throw new CmsException("error making encrypted content.", e); } } // FIXME Only passing key at the moment // return Open(outStr, macAlgId, cipherParameters, recipientInfos); return Open(outStr, macAlgId, encKey, recipientInfos); }
private static byte[] BuildOCSPResponse(byte[] BasicOCSPResponse) { DerOctetString doctet = new DerOctetString(BasicOCSPResponse); Asn1EncodableVector v2 = new Asn1EncodableVector(); v2.Add(OcspObjectIdentifiers.PkixOcspBasic); v2.Add(doctet); DerEnumerated den = new DerEnumerated(0); Asn1EncodableVector v3 = new Asn1EncodableVector(); v3.Add(den); v3.Add(new DerTaggedObject(true, 0, new DerSequence(v2))); DerSequence seq = new DerSequence(v3); return seq.GetEncoded(); }
private DerSet GetAuthenticatedAttributeSet(byte[] secondDigest, DateTime signingTime, byte[] ocsp) { Asn1EncodableVector attribute = new Asn1EncodableVector(); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_CONTENT_TYPE)); v.Add(new DerSet(new DerObjectIdentifier(ID_PKCS7_DATA))); attribute.Add(new DerSequence(v)); v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_SIGNING_TIME)); v.Add(new DerSet(new DerUtcTime(signingTime))); attribute.Add(new DerSequence(v)); v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_MESSAGE_DIGEST)); v.Add(new DerSet(new DerOctetString(secondDigest))); attribute.Add(new DerSequence(v)); if (ocsp != null) { v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_ADBE_REVOCATION)); DerOctetString doctet = new DerOctetString(ocsp); Asn1EncodableVector vo1 = new Asn1EncodableVector(); Asn1EncodableVector v2 = new Asn1EncodableVector(); v2.Add(OcspObjectIdentifiers.PkixOcspBasic); v2.Add(doctet); DerEnumerated den = new DerEnumerated(0); Asn1EncodableVector v3 = new Asn1EncodableVector(); v3.Add(den); v3.Add(new DerTaggedObject(true, 0, new DerSequence(v2))); vo1.Add(new DerSequence(v3)); v.Add(new DerSet(new DerSequence(new DerTaggedObject(true, 1, new DerSequence(vo1))))); attribute.Add(new DerSequence(v)); } return new DerSet(attribute); }
/** * Added by Aiken Sam, 2006-11-15, modifed by Martin Brunecky 07/12/2007 * to start with the timeStampToken (signedData 1.2.840.113549.1.7.2). * Token is the TSA response without response status, which is usually * handled by the (vendor supplied) TSA request/response interface). * @param timeStampToken byte[] - time stamp token, DER encoded signedData * @return ASN1EncodableVector * @throws IOException */ private Asn1EncodableVector BuildUnauthenticatedAttributes(byte[] timeStampToken) { if (timeStampToken == null) return null; // @todo: move this together with the rest of the defintions String ID_TIME_STAMP_TOKEN = "1.2.840.113549.1.9.16.2.14"; // RFC 3161 id-aa-timeStampToken Asn1InputStream tempstream = new Asn1InputStream(new MemoryStream(timeStampToken)); Asn1EncodableVector unauthAttributes = new Asn1EncodableVector(); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_TIME_STAMP_TOKEN)); // id-aa-timeStampToken Asn1Sequence seq = (Asn1Sequence) tempstream.ReadObject(); v.Add(new DerSet(seq)); unauthAttributes.Add(new DerSequence(v)); return unauthAttributes; }
/** * Gets the bytes for the PKCS7SignedData object. Optionally the authenticatedAttributes * in the signerInfo can also be set, OR a time-stamp-authority client * may be provided. * @param secondDigest the digest in the authenticatedAttributes * @param signingTime the signing time in the authenticatedAttributes * @param tsaClient TSAClient - null or an optional time stamp authority client * @return byte[] the bytes for the PKCS7SignedData object * @since 2.1.6 */ public byte[] GetEncodedPKCS7(byte[] secondDigest, DateTime signingTime, ITSAClient tsaClient, byte[] ocsp) { if (externalDigest != null) { digest = externalDigest; if (RSAdata != null) RSAdata = externalRSAdata; } else if (externalRSAdata != null && RSAdata != null) { RSAdata = externalRSAdata; sig.BlockUpdate(RSAdata, 0, RSAdata.Length); digest = sig.GenerateSignature(); } else { if (RSAdata != null) { RSAdata = new byte[messageDigest.GetDigestSize()]; messageDigest.DoFinal(RSAdata, 0); sig.BlockUpdate(RSAdata, 0, RSAdata.Length); } digest = sig.GenerateSignature(); } // Create the set of Hash algorithms Asn1EncodableVector digestAlgorithms = new Asn1EncodableVector(); foreach (string dal in digestalgos.Keys) { Asn1EncodableVector algos = new Asn1EncodableVector(); algos.Add(new DerObjectIdentifier(dal)); algos.Add(DerNull.Instance); digestAlgorithms.Add(new DerSequence(algos)); } // Create the contentInfo. Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(ID_PKCS7_DATA)); if (RSAdata != null) v.Add(new DerTaggedObject(0, new DerOctetString(RSAdata))); DerSequence contentinfo = new DerSequence(v); // Get all the certificates // v = new Asn1EncodableVector(); foreach (X509Certificate xcert in certs) { Asn1InputStream tempstream = new Asn1InputStream(new MemoryStream(xcert.GetEncoded())); v.Add(tempstream.ReadObject()); } DerSet dercertificates = new DerSet(v); // Create signerinfo structure. // Asn1EncodableVector signerinfo = new Asn1EncodableVector(); // Add the signerInfo version // signerinfo.Add(new DerInteger(signerversion)); v = new Asn1EncodableVector(); v.Add(GetIssuer(signCert.GetTbsCertificate())); v.Add(new DerInteger(signCert.SerialNumber)); signerinfo.Add(new DerSequence(v)); // Add the digestAlgorithm v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(digestAlgorithm)); v.Add(DerNull.Instance); signerinfo.Add(new DerSequence(v)); // add the authenticated attribute if present if (secondDigest != null /*&& signingTime != null*/) { signerinfo.Add(new DerTaggedObject(false, 0, GetAuthenticatedAttributeSet(secondDigest, signingTime, ocsp))); } // Add the digestEncryptionAlgorithm v = new Asn1EncodableVector(); v.Add(new DerObjectIdentifier(digestEncryptionAlgorithm)); v.Add(DerNull.Instance); signerinfo.Add(new DerSequence(v)); // Add the digest signerinfo.Add(new DerOctetString(digest)); // When requested, go get and add the timestamp. May throw an exception. // Added by Martin Brunecky, 07/12/2007 folowing Aiken Sam, 2006-11-15 // Sam found Adobe expects time-stamped SHA1-1 of the encrypted digest if (tsaClient != null) { byte[] tsImprint = new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(digest); byte[] tsToken = tsaClient.GetTimeStampToken(this, tsImprint); if (tsToken != null) { Asn1EncodableVector unauthAttributes = BuildUnauthenticatedAttributes(tsToken); if (unauthAttributes != null) { signerinfo.Add(new DerTaggedObject(false, 1, new DerSet(unauthAttributes))); } } } // Finally build the body out of all the components above Asn1EncodableVector body = new Asn1EncodableVector(); body.Add(new DerInteger(version)); body.Add(new DerSet(digestAlgorithms)); body.Add(contentinfo); body.Add(new DerTaggedObject(false, 0, dercertificates)); // if (crls.Count > 0) { // v = new Asn1EncodableVector(); // for (Iterator i = crls.Iterator();i.HasNext();) { // Asn1InputStream t = new Asn1InputStream(new ByteArrayInputStream((((X509CRL)i.Next()).GetEncoded()))); // v.Add(t.ReadObject()); // } // DERSet dercrls = new DERSet(v); // body.Add(new DERTaggedObject(false, 1, dercrls)); // } // Only allow one signerInfo body.Add(new DerSet(new DerSequence(signerinfo))); // Now we have the body, wrap it in it's PKCS7Signed shell // and return it // Asn1EncodableVector whole = new Asn1EncodableVector(); whole.Add(new DerObjectIdentifier(ID_PKCS7_SIGNED_DATA)); whole.Add(new DerTaggedObject(0, new DerSequence(body))); MemoryStream bOut = new MemoryStream(); Asn1OutputStream dout = new Asn1OutputStream(bOut); dout.WriteObject(new DerSequence(whole)); dout.Close(); return bOut.ToArray(); }
public override void Close() { _out.Close(); _eiGen.Close(); outer._digests.Clear(); // clear the current preserved digest state if (outer._certs.Count > 0) { Asn1Set certs = CmsUtilities.CreateBerSetFromList(outer._certs); WriteToGenerator(_sigGen, new BerTaggedObject(false, 0, certs)); } if (outer._crls.Count > 0) { Asn1Set crls = CmsUtilities.CreateBerSetFromList(outer._crls); WriteToGenerator(_sigGen, new BerTaggedObject(false, 1, crls)); } // // Calculate the digest hashes // foreach (DictionaryEntry de in outer._messageDigests) { outer._messageHashes.Add(de.Key, DigestUtilities.DoFinal((IDigest)de.Value)); } // TODO If the digest OIDs for precalculated signers weren't mixed in with // the others, we could fill in outer._digests here, instead of SignerInf.ToSignerInfo // // add the precalculated SignerInfo objects. // Asn1EncodableVector signerInfos = new Asn1EncodableVector(); foreach (SignerInformation signer in outer._signers) { signerInfos.Add(signer.ToSignerInfo()); } // // add the SignerInfo objects // foreach (SignerInf signer in outer._signerInfs) { try { signerInfos.Add(signer.ToSignerInfo(_contentOID)); } catch (IOException e) { throw new IOException("encoding error." + e); } catch (SignatureException e) { throw new IOException("error creating signature." + e); } catch (CertificateEncodingException e) { throw new IOException("error creating sid." + e); } } WriteToGenerator(_sigGen, new DerSet(signerInfos)); _sigGen.Close(); _sGen.Close(); base.Close(); }
/** * Produce an object suitable for an Asn1OutputStream. * <pre> * SignerInfo ::= Sequence { * version Version, * SignerIdentifier sid, * digestAlgorithm DigestAlgorithmIdentifier, * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, * encryptedDigest EncryptedDigest, * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL * } * * EncryptedDigest ::= OCTET STRING * * DigestAlgorithmIdentifier ::= AlgorithmIdentifier * * DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier * </pre> */ public override Asn1Object ToAsn1Object() { Asn1EncodableVector v = new Asn1EncodableVector( version, sid, digAlgorithm); if (authenticatedAttributes != null) { v.Add(new DerTaggedObject(false, 0, authenticatedAttributes)); } v.Add(digEncryptionAlgorithm, encryptedDigest); if (unauthenticatedAttributes != null) { v.Add(new DerTaggedObject(false, 1, unauthenticatedAttributes)); } return new DerSequence(v); }
public Asn1Object ReadObject() { int tag = ReadByte(); if (tag == -1) { if (eofFound) { throw new EndOfStreamException("attempt to read past end of file."); } eofFound = true; return(null); } int tagNo = 0; if ((tag & Asn1Tags.Tagged) != 0 || (tag & Asn1Tags.Application) != 0) { tagNo = ReadTagNumber(tag); } int length = ReadLength(); if (length < 0) // indefinite length method { switch (tag) { case Asn1Tags.Null: return(BerNull.Instance); case Asn1Tags.Sequence | Asn1Tags.Constructed: { Asn1EncodableVector v = BuildEncodableVector(EndOfStream); return(new BerSequence(v)); } case Asn1Tags.Set | Asn1Tags.Constructed: { Asn1EncodableVector v = BuildEncodableVector(EndOfStream); return(new BerSet(v, false)); } case Asn1Tags.OctetString | Asn1Tags.Constructed: return(BuildConstructedOctetString(EndOfStream)); default: { // // with tagged object tag number is bottom 5 bits // if ((tag & (int)Asn1Tags.Tagged) != 0) { // // simple type - implicit... return an octet string // if ((tag & (int)Asn1Tags.Constructed) == 0) { byte[] bytes = ReadIndefiniteLengthFully(); return(new BerTaggedObject(false, tagNo, new DerOctetString(bytes))); } // // either constructed or explicitly tagged // Asn1Object dObj = ReadObject(); if (dObj == EndOfStream) // empty tag! { return(new DerTaggedObject(tagNo)); } Asn1Object next = ReadObject(); // // explicitly tagged (probably!) - if it isn't we'd have to // tell from the context // if (next == EndOfStream) { return(new BerTaggedObject(tagNo, dObj)); } // // another implicit object, we'll create a sequence... // Asn1EncodableVector v = new Asn1EncodableVector(dObj); do { v.Add(next); next = ReadObject(); }while (next != EndOfStream); return(new BerTaggedObject(false, tagNo, new BerSequence(v))); } throw new IOException("unknown Ber object encountered"); } } } else { if (tag == 0 && length == 0) // end of contents marker. { return(EndOfStream); } byte[] bytes = new byte[length]; ReadFully(bytes); return(BuildObject(tag, tagNo, bytes)); } }
/** * generate a signed object that for a CMS Signed Data * object - if encapsulate is true a copy * of the message will be included in the signature. The content type * is set according to the OID represented by the string signedContentType. */ public CmsSignedData Generate( string signedContentType, // FIXME Avoid accessing more than once to support CmsProcessableInputStream CmsProcessable content, bool encapsulate) { Asn1EncodableVector digestAlgs = new Asn1EncodableVector(); Asn1EncodableVector signerInfos = new Asn1EncodableVector(); _digests.Clear(); // clear the current preserved digest state // // add the precalculated SignerInfo objects. // foreach (SignerInformation signer in _signers) { digestAlgs.Add(Helper.FixAlgID(signer.DigestAlgorithmID)); // TODO Verify the content type and calculated digest match the precalculated SignerInfo signerInfos.Add(signer.ToSignerInfo()); } // // add the SignerInfo objects // bool isCounterSignature = (signedContentType == null); DerObjectIdentifier contentTypeOid = isCounterSignature ? null : new DerObjectIdentifier(signedContentType); foreach (SignerInf signer in signerInfs) { try { digestAlgs.Add(signer.DigestAlgorithmID); signerInfos.Add(signer.ToSignerInfo(contentTypeOid, content, rand)); } catch (IOException e) { throw new CmsException("encoding error.", e); } catch (InvalidKeyException e) { throw new CmsException("key inappropriate for signature.", e); } catch (SignatureException e) { throw new CmsException("error creating signature.", e); } catch (CertificateEncodingException e) { throw new CmsException("error creating sid.", e); } } Asn1Set certificates = null; if (_certs.Count != 0) { certificates = CmsUtilities.CreateBerSetFromList(_certs); } Asn1Set certrevlist = null; if (_crls.Count != 0) { certrevlist = CmsUtilities.CreateBerSetFromList(_crls); } Asn1OctetString octs = null; if (encapsulate) { MemoryStream bOut = new MemoryStream(); if (content != null) { try { content.Write(bOut); } catch (IOException e) { throw new CmsException("encapsulation error.", e); } } octs = new BerOctetString(bOut.ToArray()); } ContentInfo encInfo = new ContentInfo(contentTypeOid, octs); SignedData sd = new SignedData( new DerSet(digestAlgs), encInfo, certificates, certrevlist, new DerSet(signerInfos)); ContentInfo contentInfo = new ContentInfo(CmsObjectIdentifiers.SignedData, sd); return new CmsSignedData(content, contentInfo); }
/** * build an object given its tag and a byte stream to construct it * from. */ internal Asn1Object BuildObject( int tag, int tagNo, byte[] bytes) { if ((tag & Asn1Tags.Application) != 0) { return(new DerApplicationSpecific(tagNo, bytes)); } switch (tag) { case Asn1Tags.Null: return(DerNull.Instance); case Asn1Tags.Sequence | Asn1Tags.Constructed: { Asn1EncodableVector v = BuildDerEncodableVector(bytes); return(new DerSequence(v)); } case Asn1Tags.Set | Asn1Tags.Constructed: { Asn1EncodableVector v = BuildDerEncodableVector(bytes); return(new DerSet(v, false)); } case Asn1Tags.Boolean: return(new DerBoolean(bytes)); case Asn1Tags.Integer: return(new DerInteger(bytes)); case Asn1Tags.Enumerated: return(new DerEnumerated(bytes)); case Asn1Tags.ObjectIdentifier: return(new DerObjectIdentifier(bytes)); case Asn1Tags.BitString: { int padBits = bytes[0]; byte[] data = new byte[bytes.Length - 1]; Array.Copy(bytes, 1, data, 0, bytes.Length - 1); return(new DerBitString(data, padBits)); } case Asn1Tags.NumericString: return(new DerNumericString(bytes)); case Asn1Tags.Utf8String: return(new DerUtf8String(bytes)); case Asn1Tags.PrintableString: return(new DerPrintableString(bytes)); case Asn1Tags.IA5String: return(new DerIA5String(bytes)); case Asn1Tags.T61String: return(new DerT61String(bytes)); case Asn1Tags.VisibleString: return(new DerVisibleString(bytes)); case Asn1Tags.GeneralString: return(new DerGeneralString(bytes)); case Asn1Tags.UniversalString: return(new DerUniversalString(bytes)); case Asn1Tags.BmpString: return(new DerBmpString(bytes)); case Asn1Tags.OctetString: return(new DerOctetString(bytes)); case Asn1Tags.OctetString | Asn1Tags.Constructed: return(BuildDerConstructedOctetString(bytes)); case Asn1Tags.UtcTime: return(new DerUtcTime(bytes)); case Asn1Tags.GeneralizedTime: return(new DerGeneralizedTime(bytes)); default: { // // with tagged object tag number is bottom 5 bits // if ((tag & (int)Asn1Tags.Tagged) != 0) { bool isImplicit = ((tag & (int)Asn1Tags.Constructed) == 0); if (bytes.Length == 0) // empty tag! { Asn1Encodable ae = isImplicit ? (Asn1Encodable)DerNull.Instance : new DerSequence(); return(new DerTaggedObject(false, tagNo, ae)); } // // simple type - implicit... return an octet string // if (isImplicit) { return(new DerTaggedObject(false, tagNo, new DerOctetString(bytes))); } Asn1InputStream aIn = new Asn1InputStream(bytes); Asn1Encodable dObj = aIn.ReadObject(); // explicitly tagged (probably!) - if it isn't we'd have to // tell from the context //if (aIn.available() == 0) if (aIn.Position == bytes.Length) //FIXME? { return(new DerTaggedObject(tagNo, dObj)); } // // another implicit object, we'll create a sequence... // Asn1EncodableVector v = new Asn1EncodableVector(); while (dObj != null) { v.Add(dObj); dObj = aIn.ReadObject(); } return(new DerTaggedObject(false, tagNo, new DerSequence(v))); } return(new DerUnknownTag(tag, bytes)); } } }