public OriginatorInfo(
Asn1Sequence seq)
{
switch (seq.Count)
{
case 0: // empty
break;
case 1:
Asn1TaggedObject o = (Asn1TaggedObject) seq[0];
switch (o.TagNo)
{
case 0 :
certs = Asn1Set.GetInstance(o, false);
break;
case 1 :
crls = Asn1Set.GetInstance(o, false);
break;
default:
throw new ArgumentException("Bad tag in OriginatorInfo: " + o.TagNo);
}
break;
case 2:
certs = Asn1Set.GetInstance((Asn1TaggedObject) seq[0], false);
crls = Asn1Set.GetInstance((Asn1TaggedObject) seq[1], false);
break;
default:
throw new ArgumentException("OriginatorInfo too big");
}
}
public CmsEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
EnvelopedData envData = EnvelopedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = envData.RecipientInfos;
//
// read the encrypted content info
//
EncryptedContentInfo encInfo = envData.EncryptedContentInfo;
this.encAlg = encInfo.ContentEncryptionAlgorithm;
ICmsReadable readable = new CmsProcessableByteArray(encInfo.EncryptedContent.GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsEnvelopedSecureReadable(
this.encAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.unprotectedAttributes = envData.UnprotectedAttrs;
}
public CmsAuthenticatedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthenticatedData authData = AuthenticatedData.GetInstance(contentInfo.Content);
//
// read the recipients
//
Asn1Set recipientInfos = authData.RecipientInfos;
this.macAlg = authData.MacAlgorithm;
//
// read the authenticated content info
//
ContentInfo encInfo = authData.EncapsulatedContentInfo;
ICmsReadable readable = new CmsProcessableByteArray(
Asn1OctetString.GetInstance(encInfo.Content).GetOctets());
CmsSecureReadable secureReadable = new CmsEnvelopedHelper.CmsAuthenticatedSecureReadable(
this.macAlg, readable);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
this.authAttrs = authData.AuthAttrs;
this.mac = authData.Mac.GetOctets();
this.unauthAttrs = authData.UnauthAttrs;
}
public EnvelopedData(
OriginatorInfo originatorInfo,
Asn1Set recipientInfos,
EncryptedContentInfo encryptedContentInfo,
Asn1Set unprotectedAttrs)
{
if (originatorInfo != null || unprotectedAttrs != null)
{
version = new DerInteger(2);
}
else
{
version = new DerInteger(0);
foreach (object o in recipientInfos)
{
RecipientInfo ri = RecipientInfo.GetInstance(o);
if (!ri.Version.Equals(version))
{
version = new DerInteger(2);
break;
}
}
}
this.originatorInfo = originatorInfo;
this.recipientInfos = recipientInfos;
this.encryptedContentInfo = encryptedContentInfo;
this.unprotectedAttrs = unprotectedAttrs;
}
public CmsAuthEnvelopedData(
ContentInfo contentInfo)
{
this.contentInfo = contentInfo;
AuthEnvelopedData authEnvData = AuthEnvelopedData.GetInstance(contentInfo.Content);
this.originator = authEnvData.OriginatorInfo;
//
// read the recipients
//
Asn1Set recipientInfos = authEnvData.RecipientInfos;
//
// read the auth-encrypted content info
//
EncryptedContentInfo authEncInfo = authEnvData.AuthEncryptedContentInfo;
this.authEncAlg = authEncInfo.ContentEncryptionAlgorithm;
CmsSecureReadable secureReadable = new AuthEnvelopedSecureReadable(this);
//
// build the RecipientInformationStore
//
this.recipientInfoStore = CmsEnvelopedHelper.BuildRecipientInformationStore(
recipientInfos, secureReadable);
// FIXME These need to be passed to the AEAD cipher as AAD (Additional Authenticated Data)
this.authAttrs = authEnvData.AuthAttrs;
this.mac = authEnvData.Mac.GetOctets();
this.unauthAttrs = authEnvData.UnauthAttrs;
}
public OriginatorInfo(
Asn1Set certs,
Asn1Set crls)
{
this.certs = certs;
this.crls = crls;
}
public Attribute(
DerObjectIdentifier attrType,
Asn1Set attrValues)
{
this.attrType = attrType;
this.attrValues = attrValues;
}
public SafeBag(
DerObjectIdentifier oid,
Asn1Object obj)
{
this.bagID = oid;
this.bagValue = obj;
this.bagAttributes = null;
}
private AttributePkcs(
Asn1Sequence seq)
{
if (seq.Count != 2)
throw new ArgumentException("Wrong number of elements in sequence", "seq");
attrType = DerObjectIdentifier.GetInstance(seq[0]);
attrValues = Asn1Set.GetInstance(seq[1]);
}
private AttributeX509(
Asn1Sequence seq)
{
if (seq.Count != 2)
throw new ArgumentException("Bad sequence size: " + seq.Count);
attrType = DerObjectIdentifier.GetInstance(seq[0]);
attrValues = Asn1Set.GetInstance(seq[1]);
}
public SafeBag(
DerObjectIdentifier oid,
Asn1Object obj,
Asn1Set bagAttributes)
{
this.bagID = oid;
this.bagValue = obj;
this.bagAttributes = bagAttributes;
}
public Pkcs10CertificationRequestDelaySigned(
string signatureAlgorithm,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes,
AsymmetricKeyParameter signingKey)
: base(signatureAlgorithm, subject, publicKey, attributes, signingKey)
{
}
public SafeBag(
Asn1Sequence seq)
{
this.bagID = (DerObjectIdentifier) seq[0];
this.bagValue = ((DerTaggedObject) seq[1]).GetObject();
if (seq.Count == 3)
{
this.bagAttributes = (Asn1Set) seq[2];
}
}
public SignedData(
DerInteger _version,
Asn1Set _digestAlgorithms,
ContentInfo _contentInfo,
Asn1Set _certificates,
Asn1Set _crls,
Asn1Set _signerInfos)
{
version = _version;
digestAlgorithms = _digestAlgorithms;
contentInfo = _contentInfo;
certificates = _certificates;
crls = _crls;
signerInfos = _signerInfos;
}
public SignedData(
Asn1Set digestAlgorithms,
ContentInfo contentInfo,
Asn1Set certificates,
Asn1Set crls,
Asn1Set signerInfos)
{
this.version = CalculateVersion(contentInfo.ContentType, certificates, crls, signerInfos);
this.digestAlgorithms = digestAlgorithms;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.crls = crls;
this.signerInfos = signerInfos;
this.crlsBer = crls is BerSet;
this.certsBer = certificates is BerSet;
}
public SignerInfo(
DerInteger version,
IssuerAndSerialNumber issuerAndSerialNumber,
AlgorithmIdentifier digAlgorithm,
Asn1Set authenticatedAttributes,
AlgorithmIdentifier digEncryptionAlgorithm,
Asn1OctetString encryptedDigest,
Asn1Set unauthenticatedAttributes)
{
this.version = version;
this.issuerAndSerialNumber = issuerAndSerialNumber;
this.digAlgorithm = digAlgorithm;
this.authenticatedAttributes = authenticatedAttributes;
this.digEncryptionAlgorithm = digEncryptionAlgorithm;
this.encryptedDigest = encryptedDigest;
this.unauthenticatedAttributes = unauthenticatedAttributes;
}
private X509Crl ReadDerCrl(
Asn1InputStream dIn)
{
Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
if (seq.Count > 1 && seq[0] is DerObjectIdentifier)
{
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData))
{
sCrlData = SignedData.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject) seq[1], true)).Crls;
return GetCrl();
}
}
return CreateX509Crl(CertificateList.GetInstance(seq));
}
private SignedData(
Asn1Sequence seq)
{
IEnumerator e = seq.GetEnumerator();
e.MoveNext();
version = (DerInteger) e.Current;
e.MoveNext();
digestAlgorithms = (Asn1Set) e.Current;
e.MoveNext();
contentInfo = ContentInfo.GetInstance(e.Current);
while (e.MoveNext())
{
Asn1Object o = (Asn1Object) e.Current;
//
// an interesting feature of SignedData is that there appear to be varying implementations...
// for the moment we ignore anything which doesn't fit.
//
if (o is DerTaggedObject)
{
DerTaggedObject tagged = (DerTaggedObject) o;
switch (tagged.TagNo)
{
case 0:
certificates = Asn1Set.GetInstance(tagged, false);
break;
case 1:
crls = Asn1Set.GetInstance(tagged, false);
break;
default:
throw new ArgumentException("unknown tag value " + tagged.TagNo);
}
}
else
{
signerInfos = (Asn1Set) o;
}
}
}
internal SignerInformation(
SignerInfo info,
DerObjectIdentifier contentType,
CmsProcessable content,
IDigestCalculator digestCalculator)
{
this.info = info;
this.sid = new SignerID();
this.contentType = contentType;
this.isCounterSignature = contentType == null;
try
{
SignerIdentifier s = info.SignerID;
if (s.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(s.ID);
sid.SubjectKeyIdentifier = octs.GetEncoded();
}
else
{
Asn1.Cms.IssuerAndSerialNumber iAnds =
Asn1.Cms.IssuerAndSerialNumber.GetInstance(s.ID);
sid.Issuer = iAnds.Name;
sid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid sid in SignerInfo");
}
this.digestAlgorithm = info.DigestAlgorithm;
this.signedAttributeSet = info.AuthenticatedAttributes;
this.unsignedAttributeSet = info.UnauthenticatedAttributes;
this.encryptionAlgorithm = info.DigestEncryptionAlgorithm;
this.signature = info.EncryptedDigest.GetOctets();
this.content = content;
this.digestCalculator = digestCalculator;
}
private IX509AttributeCertificate ReadDerCertificate(
Asn1InputStream dIn)
{
Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject();
if (seq.Count > 1 && seq[0] is DerObjectIdentifier)
{
if (seq[0].Equals(PkcsObjectIdentifiers.SignedData))
{
sData = SignedData.GetInstance(
Asn1Sequence.GetInstance((Asn1TaggedObject) seq[1], true)).Certificates;
return GetCertificate();
}
}
// return new X509V2AttributeCertificate(seq.getEncoded());
return new X509V2AttributeCertificate(AttributeCertificate.GetInstance(seq));
}
public SignerInfo(
Asn1Sequence seq)
{
IEnumerator e = seq.GetEnumerator();
e.MoveNext();
version = (DerInteger) e.Current;
e.MoveNext();
sid = SignerIdentifier.GetInstance(e.Current);
e.MoveNext();
digAlgorithm = AlgorithmIdentifier.GetInstance(e.Current);
e.MoveNext();
object obj = e.Current;
if (obj is Asn1TaggedObject)
{
authenticatedAttributes = Asn1Set.GetInstance((Asn1TaggedObject) obj, false);
e.MoveNext();
digEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(e.Current);
}
else
{
authenticatedAttributes = null;
digEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(obj);
}
e.MoveNext();
encryptedDigest = DerOctetString.GetInstance(e.Current);
if (e.MoveNext())
{
unauthenticatedAttributes = Asn1Set.GetInstance((Asn1TaggedObject) e.Current, false);
}
else
{
unauthenticatedAttributes = null;
}
}
public EnvelopedData(
Asn1Sequence seq)
{
int index = 0;
version = (DerInteger) seq[index++];
object tmp = seq[index++];
if (tmp is Asn1TaggedObject)
{
originatorInfo = OriginatorInfo.GetInstance((Asn1TaggedObject) tmp, false);
tmp = seq[index++];
}
recipientInfos = Asn1Set.GetInstance(tmp);
encryptedContentInfo = EncryptedContentInfo.GetInstance(seq[index++]);
if (seq.Count > index)
{
unprotectedAttrs = Asn1Set.GetInstance((Asn1TaggedObject) seq[index], false);
}
}
public SignerInfo(
SignerIdentifier sid,
AlgorithmIdentifier digAlgorithm,
Asn1Set authenticatedAttributes,
AlgorithmIdentifier digEncryptionAlgorithm,
Asn1OctetString encryptedDigest,
Asn1Set unauthenticatedAttributes)
{
if (sid.IsTagged)
{
this.version = new DerInteger(3);
}
else
{
this.version = new DerInteger(1);
}
this.sid = sid;
this.digAlgorithm = digAlgorithm;
this.authenticatedAttributes = authenticatedAttributes;
this.digEncryptionAlgorithm = digEncryptionAlgorithm;
this.encryptedDigest = encryptedDigest;
this.unauthenticatedAttributes = unauthenticatedAttributes;
}
private void AddCrlsFromSet(
IList crls,
Asn1Set crlSet)
{
X509CrlParser cf = new X509CrlParser();
foreach (Asn1Encodable ae in crlSet)
{
try
{
// TODO Build CRL directly from ae.ToAsn1Object()?
crls.Add(cf.ReadCrl(ae.GetEncoded()));
}
catch (Exception ex)
{
throw new CmsException("can't re-encode CRL!", ex);
}
}
}
private void AddCertsFromSet(
IList certs,
Asn1Set certSet)
{
X509CertificateParser cf = new X509CertificateParser();
foreach (Asn1Encodable ae in certSet)
{
try
{
Asn1Object obj = ae.ToAsn1Object();
if (obj is Asn1Sequence)
{
// TODO Build certificate directly from sequence?
certs.Add(cf.ReadCertificate(obj.GetEncoded()));
}
}
catch (Exception ex)
{
throw new CmsException("can't re-encode certificate!", ex);
}
}
}
internal IX509Store CreateCrlStore(
string type,
Asn1Set crlSet)
{
IList crls = Platform.CreateArrayList();
if (crlSet != null)
{
AddCrlsFromSet(crls, crlSet);
}
try
{
return X509StoreFactory.Create(
"CRL/" + type,
new X509CollectionStoreParameters(crls));
}
catch (ArgumentException e)
{
throw new CmsException("can't setup the X509Store", e);
}
}
internal IX509Store CreateAttributeStore(
string type,
Asn1Set certSet)
{
IList certs = Platform.CreateArrayList();
if (certSet != null)
{
foreach (Asn1Encodable ae in certSet)
{
try
{
Asn1Object obj = ae.ToAsn1Object();
if (obj is Asn1TaggedObject)
{
Asn1TaggedObject tagged = (Asn1TaggedObject)obj;
if (tagged.TagNo == 2)
{
certs.Add(
new X509V2AttributeCertificate(
Asn1Sequence.GetInstance(tagged, false).GetEncoded()));
}
}
}
catch (Exception ex)
{
throw new CmsException("can't re-encode attribute certificate!", ex);
}
}
}
try
{
return X509StoreFactory.Create(
"AttributeCertificate/" + type,
new X509CollectionStoreParameters(certs));
}
catch (ArgumentException e)
{
throw new CmsException("can't setup the X509Store", e);
}
}
public Asn1SetParserImpl(
Asn1Set outer)
{
this.outer = outer;
this.max = outer.Count;
}
public Asn1SetParserImpl(
Asn1Set outer)
{
this.outer = outer;
this.max = outer.Count;
}
/// <summary>
/// Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
/// </summary>
///<param name="signatureAlgorithm">Name of Sig Alg.</param>
/// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param>
/// <param name="publicKey">Public Key to be included in cert reqest.</param>
/// <param name="attributes">ASN1Set of Attributes.</param>
/// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param>
public Pkcs10CertificationRequest(
string signatureAlgorithm,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes,
AsymmetricKeyParameter signingKey)
{
if (signatureAlgorithm == null)
throw new ArgumentNullException("signatureAlgorithm");
if (subject == null)
throw new ArgumentNullException("subject");
if (publicKey == null)
throw new ArgumentNullException("publicKey");
if (publicKey.IsPrivate)
throw new ArgumentException("expected public key", "publicKey");
if (!signingKey.IsPrivate)
throw new ArgumentException("key for signing must be private", "signingKey");
// DerObjectIdentifier sigOid = SignerUtilities.GetObjectIdentifier(signatureAlgorithm);
string algorithmName = signatureAlgorithm.ToUpperInvariant();
DerObjectIdentifier sigOid = (DerObjectIdentifier) algorithms[algorithmName];
if (sigOid == null)
{
try
{
sigOid = new DerObjectIdentifier(algorithmName);
}
catch (Exception e)
{
throw new ArgumentException("Unknown signature type requested", e);
}
}
if (noParams.Contains(sigOid))
{
this.sigAlgId = new AlgorithmIdentifier(sigOid);
}
else if (exParams.Contains(algorithmName))
{
this.sigAlgId = new AlgorithmIdentifier(sigOid, (Asn1Encodable) exParams[algorithmName]);
}
else
{
this.sigAlgId = new AlgorithmIdentifier(sigOid, DerNull.Instance);
}
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
ISigner sig = SignerUtilities.GetSigner(signatureAlgorithm);
sig.Init(true, signingKey);
try
{
// Encode.
byte[] b = reqInfo.GetDerEncoded();
sig.BlockUpdate(b, 0, b.Length);
}
catch (Exception e)
{
throw new ArgumentException("exception encoding TBS cert request", e);
}
// Generate Signature.
sigBits = new DerBitString(sig.GenerateSignature());
}
/**
* Generates a certificate object and initializes it with the data
* read from the input stream inStream.
*/
public IX509AttributeCertificate ReadAttrCert(
Stream inStream)
{
if (inStream == null)
throw new ArgumentNullException("inStream");
if (!inStream.CanRead)
throw new ArgumentException("inStream must be read-able", "inStream");
if (currentStream == null)
{
currentStream = inStream;
sData = null;
sDataObjectCount = 0;
}
else if (currentStream != inStream) // reset if input stream has changed
{
currentStream = inStream;
sData = null;
sDataObjectCount = 0;
}
try
{
if (sData != null)
{
if (sDataObjectCount != sData.Count)
{
return GetCertificate();
}
sData = null;
sDataObjectCount = 0;
return null;
}
PushbackStream pis = new PushbackStream(inStream);
int tag = pis.ReadByte();
if (tag < 0)
return null;
pis.Unread(tag);
if (tag != 0x30) // assume ascii PEM encoded.
{
return ReadPemCertificate(pis);
}
return ReadDerCertificate(new Asn1InputStream(pis));
}
catch (Exception e)
{
throw new CertificateException(e.ToString());
}
}
