/**
* Constructor from Asn1Sequence.
* <p/>
* The sequence is of type CertificatePair:
* <p/>
* <pre>
* CertificatePair ::= SEQUENCE {
* forward [0] Certificate OPTIONAL,
* reverse [1] Certificate OPTIONAL,
* -- at least one of the pair shall be present -- }
* </pre>
*
* @param seq The ASN.1 sequence.
*/
private CertificatePair(
Asn1Sequence seq)
{
if (seq.Count != 1 && seq.Count != 2)
{
throw new ArgumentException("Bad sequence size: " + seq.Count, "seq");
}
foreach (object obj in seq)
{
Asn1TaggedObject o = Asn1TaggedObject.GetInstance(obj);
if (o.TagNo == 0)
{
forward = X509CertificateStructure.GetInstance(o, true);
}
else if (o.TagNo == 1)
{
reverse = X509CertificateStructure.GetInstance(o, true);
}
else
{
throw new ArgumentException("Bad tag number: " + o.TagNo);
}
}
}
public CmpCertificate(X509CertificateStructure x509v3PKCert)
{
if (x509v3PKCert.Version != 3)
throw new ArgumentException("only version 3 certificates allowed", "x509v3PKCert");
this.x509v3PKCert = x509v3PKCert;
}
/**
* Parse the ServerCertificate message.
*
* @param inStr The stream where to parse from.
* @return A Certificate object with the certs, the server has sended.
* @throws IOException If something goes wrong during parsing.
*/
internal static Certificate Parse(
Stream inStr)
{
int left = TlsUtilities.ReadUint24(inStr);
if (left == 0)
{
return EmptyChain;
}
IList tmp = Platform.CreateArrayList();
while (left > 0)
{
int size = TlsUtilities.ReadUint24(inStr);
left -= 3 + size;
byte[] buf = new byte[size];
TlsUtilities.ReadFully(buf, inStr);
MemoryStream bis = new MemoryStream(buf, false);
Asn1Object o = Asn1Object.FromStream(bis);
tmp.Add(X509CertificateStructure.GetInstance(o));
if (bis.Position < bis.Length)
{
throw new ArgumentException("Sorry, there is garbage data left after the certificate");
}
}
X509CertificateStructure[] certs = new X509CertificateStructure[tmp.Count];
for (int i = 0; i < tmp.Count; ++i)
{
certs[i] = (X509CertificateStructure)tmp[i];
}
return new Certificate(certs);
}
public X509CertificateStructure[] GetCertificates()
{
X509CertificateStructure[] result = new X509CertificateStructure[certificates.Count];
for (int i = 0; i < certificates.Count; ++i)
{
result[i] = X509CertificateStructure.GetInstance(certificates[i]);
}
return result;
}
public X509Certificate(
X509CertificateStructure c)
{
this.c = c;
try
{
Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19"));
if (str != null)
{
basicConstraints = BasicConstraints.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
}
}
catch (Exception e)
{
throw new CertificateParsingException("cannot construct BasicConstraints: " + e);
}
try
{
Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15"));
if (str != null)
{
DerBitString bits = DerBitString.GetInstance(
X509ExtensionUtilities.FromExtensionValue(str));
byte[] bytes = bits.GetBytes();
int length = (bytes.Length * 8) - bits.PadBits;
keyUsage = new bool[(length < 9) ? 9 : length];
for (int i = 0; i != length; i++)
{
// keyUsage[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
keyUsage[i] = (bytes[i / 8] & (0x80 >> (i % 8))) != 0;
}
}
else
{
keyUsage = null;
}
}
catch (Exception e)
{
throw new CertificateParsingException("cannot construct KeyUsage: " + e);
}
}
/// <summary>
/// Create an System.Security.Cryptography.X509Certificate from an X509Certificate Structure.
/// </summary>
/// <param name="x509Struct"></param>
/// <returns>A System.Security.Cryptography.X509Certificate.</returns>
public static X509Certificate ToX509Certificate(X509CertificateStructure x509Struct)
{
return new X509Certificate(x509Struct.GetDerEncoded());
}
/**
* Constructor from a given details.
*
* @param forward Certificates issued to this CA.
* @param reverse Certificates issued by this CA to other CAs.
*/
public CertificatePair(
X509CertificateStructure forward,
X509CertificateStructure reverse)
{
this.forward = forward;
this.reverse = reverse;
}
/// <summary>Return true.</summary>
public bool IsValid(
X509CertificateStructure[] certs)
{
return true;
}
protected virtual X509Certificate CreateX509Certificate(
X509CertificateStructure c)
{
return new X509Certificate(c);
}
private static X509CertificateStructure[] CopyCertList(X509CertificateStructure[] orig)
{
return (X509CertificateStructure[])orig.Clone();
}
public CscaMasterList(
X509CertificateStructure[] certStructs)
{
certList = CopyCertList(certStructs);
}
internal static void ValidateKeyUsage(X509CertificateStructure c, int keyUsageBits)
{
X509Extensions exts = c.TbsCertificate.Extensions;
if (exts != null)
{
X509Extension ext = exts.GetExtension(X509Extensions.KeyUsage);
if (ext != null)
{
DerBitString ku = KeyUsage.GetInstance(ext);
int bits = ku.GetBytes()[0];
if ((bits & keyUsageBits) != keyUsageBits)
{
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
}
}
}
/**
* Private constructor from a cert array.
*
* @param certs The certs the chain should contain.
*/
public Certificate(X509CertificateStructure[] certs)
{
if (certs == null)
throw new ArgumentNullException("certs");
this.certs = certs;
}
/**
* Constructor from a given details.
* <p/>
* Only one parameter can be given. All other must be <code>null</code>.
*
* @param certificate Given as Certificate
*/
public RequestedCertificate(
X509CertificateStructure certificate)
{
this.cert = certificate;
}