public X509SubjectKeyIdentifierExtension(PublicKey key, bool critical)
{
Contract.Requires(key.EncodedKeyValue != null);
Contract.Requires(key.EncodedKeyValue.RawData != null);
Contract.Requires(key.EncodedParameters != null);
Contract.Requires(key.EncodedParameters.RawData != null);
Contract.Ensures(key.EncodedParameters.RawData != null);
}
public override void Reset()
{
_lazyRawData = null;
_lazySignatureAlgorithm = null;
_lazyVersion = 0;
_lazySubjectName = null;
_lazyIssuerName = null;
_lazyPublicKey = null;
_lazyPrivateKey = null;
_lazyExtensions = null;
base.Reset();
}
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
// The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive
// of the DER structural bytes.
//SubjectPublicKeyInfo::= SEQUENCE {
// algorithm AlgorithmIdentifier{ { SupportedAlgorithms} },
// subjectPublicKey BIT STRING,
// ... }
//
//AlgorithmIdentifier{ ALGORITHM: SupportedAlgorithms} ::= SEQUENCE {
// algorithm ALGORITHM.&id({ SupportedAlgorithms}),
// parameters ALGORITHM.&Type({ SupportedAlgorithms}
// { @algorithm}) OPTIONAL,
// ... }
//
//ALGORITHM::= CLASS {
// &Type OPTIONAL,
// &id OBJECT IDENTIFIER UNIQUE }
//WITH SYNTAX {
// [&Type]
//IDENTIFIED BY &id }
// key.EncodedKeyValue corresponds to SubjectPublicKeyInfo.subjectPublicKey, except it
// has had the BIT STRING envelope removed.
//
// key.EncodedParameters corresponds to AlgorithmIdentifier.Parameters precisely
// (DER NULL for RSA, DER Constructed SEQUENCE for DSA)
byte[] empty = Array.Empty<byte>();
byte[][] algorithmOid = DerEncoder.SegmentedEncodeOid(key.Oid);
// Because ConstructSegmentedSequence doesn't look to see that it really is tag+length+value (but does check
// that the array has length 3), just hide the joined TLV triplet in the last element.
byte[][] segmentedParameters = { empty, empty, key.EncodedParameters.RawData };
byte[][] algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(algorithmOid, segmentedParameters);
byte[][] subjectPublicKey = DerEncoder.SegmentedEncodeBitString(key.EncodedKeyValue.RawData);
using (SHA1 hash = SHA1.Create())
{
return hash.ComputeHash(
DerEncoder.ConstructSequence(
algorithmIdentifier,
subjectPublicKey));
}
}
public void Constructor_Dsa_WeirdParameters ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual ("00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F", BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
private static byte[] ExportPublicKey(PublicKey key)
{
// From: http://pstaev.blogspot.fr/2010/08/convert-rsa-public-key-from-xml-to-pem.html
byte[] oid = { 0x30, 0xD, 0x6, 0x9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0xD, 0x1, 0x1, 0x1, 0x5, 0x0 }; // Object ID for RSA
//Transform the public key to PEM Base64 Format
List<byte> binaryPublicKey = key.EncodedKeyValue.RawData.ToList();
binaryPublicKey.Insert(0, 0x0); // Add NULL value
CalculateAndAppendLength(ref binaryPublicKey);
binaryPublicKey.Insert(0, 0x3);
binaryPublicKey.InsertRange(0, oid);
CalculateAndAppendLength(ref binaryPublicKey);
binaryPublicKey.Insert(0, 0x30);
return binaryPublicKey.ToArray();
}
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
{
throw new NotImplementedException();
}
private static byte[] EncodeExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm)
{
if (key == null)
throw new ArgumentNullException(nameof(key));
byte[] subjectKeyIdentifier = GenerateSubjectKeyIdentifierFromPublicKey(key, algorithm);
return EncodeExtension(subjectKeyIdentifier);
}
public X509SubjectKeyIdentifierExtension(PublicKey key, bool critical)
: this(key, X509SubjectKeyIdentifierHashAlgorithm.Sha1, critical)
{
}
// Construct CERT_PUBLIC_KEY_INFO2 in unmanged memory from given encoded blobs.
private static unsafe SafeLocalAllocHandle EncodePublicKey (PublicKey key) {
SafeLocalAllocHandle publicKeyInfo = SafeLocalAllocHandle.InvalidHandle;
CAPI.CERT_PUBLIC_KEY_INFO2 * pPublicKeyInfo = null;
string objId = key.Oid.Value;
byte[] encodedParameters = key.EncodedParameters.RawData;
byte[] encodedKeyValue = key.EncodedKeyValue.RawData;
uint cbPublicKeyInfo = (uint) (Marshal.SizeOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO2)) +
X509Utils.AlignedLength((uint) (objId.Length + 1)) +
X509Utils.AlignedLength((uint) encodedParameters.Length) +
encodedKeyValue.Length);
publicKeyInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbPublicKeyInfo));
pPublicKeyInfo = (CAPI.CERT_PUBLIC_KEY_INFO2 *) publicKeyInfo.DangerousGetHandle();
IntPtr pszObjId = new IntPtr((long) pPublicKeyInfo + Marshal.SizeOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO2)));
IntPtr pbParameters = new IntPtr((long) pszObjId + X509Utils.AlignedLength(((uint) (objId.Length + 1))));
IntPtr pbPublicKey = new IntPtr((long) pbParameters + X509Utils.AlignedLength((uint) encodedParameters.Length));
pPublicKeyInfo->Algorithm.pszObjId = pszObjId;
byte[] szObjId = new byte[objId.Length + 1];
Encoding.ASCII.GetBytes(objId, 0, objId.Length, szObjId, 0);
Marshal.Copy(szObjId, 0, pszObjId, szObjId.Length);
if (encodedParameters.Length > 0) {
pPublicKeyInfo->Algorithm.Parameters.cbData = (uint) encodedParameters.Length;
pPublicKeyInfo->Algorithm.Parameters.pbData = pbParameters;
Marshal.Copy(encodedParameters, 0, pbParameters, encodedParameters.Length);
}
pPublicKeyInfo->PublicKey.cbData = (uint) encodedKeyValue.Length;
pPublicKeyInfo->PublicKey.pbData = pbPublicKey;
Marshal.Copy(encodedKeyValue, 0, pbPublicKey, encodedKeyValue.Length);
return publicKeyInfo;
}
public override void Reset ()
{
_serial = null;
_publicKey = null;
base.Reset ();
}
public override void Reset ()
{
if (x509 != null) {
x509.Dispose ();
x509 = null;
}
if (nativePrivateKey != null) {
nativePrivateKey = null;
}
subjectName = null;
issuerName = null;
archived = false;
publicKey = null;
intermediateCerts = null;
if (fallback != null)
fallback.Reset ();
}
public X509SubjectKeyIdentifierExtension(PublicKey key, bool critical)
: this(key, X509SubjectKeyIdentifierHashAlgorithm.Sha1, critical)
{
}
public void Constructor_Dsa_EmptyParameters_Key ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[0]), // same as NULL (0x05, 0x00)
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
public override bool Verify(byte[] data, byte[] signature, SctHashAlgorithm algorithm)
{
var publicKey = new PublicKey(new Oid(KnownOids.X509Algorithms.RSA), new AsnEncodedData(_key), AsnNull);
var rsa = publicKey.Key as RSACryptoServiceProvider;
if (rsa == null)
{
return false;
}
return rsa.VerifyData(data, SctHashAlgorithmToOid(algorithm), signature);
}
public void Constructor_Dsa_EmptyParameters ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[0]), // same as NULL (0x05, 0x00)
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (String.Empty, BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
public void Constructor_Dsa_FromScratch ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (dsa_params),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk.Key as DSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
public void Constructor_Dsa_FromCertificate ()
{
PublicKey pk1 = x509b.PublicKey;
PublicKey pk2 = new PublicKey (pk1.Oid, pk1.EncodedParameters, pk1.EncodedKeyValue);
Assert.AreEqual (dsaOid.Value, pk2.Oid.Value, "Oid.Value");
Assert.AreEqual (dsaOid.Value, pk2.EncodedParameters.Oid.Value, "EncodedParameters.Oid.Value");
Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk2.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.AreEqual (dsaOid.Value, pk2.EncodedKeyValue.Oid.Value, "EncodedKeyValue.Oid.Value");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk2.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (dsa_public_key_xml, pk2.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk2.Key as DSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
/// <summary>
/// Verify a signature with a given certificate. It is assumed that
/// the signature is made from a SHA1 hash of the data.
/// </summary>
/// <param name="data">Signed data</param>
/// <param name="signature">Signature to be verified</param>
/// <param name="certificate">Certificate containing the public key used to verify the code</param>
/// <returns>True if the verification succeeds</returns>
public bool Verify(byte[] data, byte[] signature, byte[] certificate)
{
try
{
X509Certificate2 x509Certificate;
// create certificate object from byte 'file'
x509Certificate = new X509Certificate2(certificate);
String algo = x509Certificate.GetKeyAlgorithm();
if (String.Compare(algo, "1.2.840.113549.1.1.1") == 0) //rsaEncryption
{
// use public key from certificate during verification
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509Certificate.PublicKey.Key;
// verify signature. assume that the data was SHA1 hashed.
return(rsa.VerifyData(data, "SHA1", signature));
}
else if (String.Compare(algo, "1.2.840.10045.2.1") == 0) //EC Public Key
{
// use public key from certificate during verification
PublicKey publicKey = x509Certificate.PublicKey;
// Offset(dec) ENCODING ASN.1 Syntax
// 00 06 05 -- OBJECT_ID LENGTH
// 02 2B 81 04 00 22 Secp384r1(1 3 132 0 34)
byte[] EncodedParamsCurve = publicKey.EncodedParameters.RawData;
// Offset(dec) ENCODING ASN.1 Syntax
// 00 04 compression byte
// 01 { 48 bytes} --X coordinate
// 49: { 48 bytes} --Y coordinate
byte[] EncodedParamsPoint = publicKey.EncodedKeyValue.RawData;
byte[] KeyParams = new byte[5];
byte[] Secp384r1 = { 0x2B, 0x81, 0x04, 0x00, 0x22 };
byte[] KeyValue_X = new byte[48];
byte[] KeyValue_Y = new byte[48];
Array.Copy(EncodedParamsCurve, 0x02, KeyParams, 0, 5);
ECParameters parameters = new ECParameters();
//check if the curve is Secp384r1(1 3 132 0 34)
if (System.Collections.StructuralComparisons.StructuralEqualityComparer.Equals(KeyParams, Secp384r1))
{
//Fill in parameters named curve:
//Create a named curve using the specified Oid object.
System.Security.Cryptography.Oid cardP384oid = new Oid("ECDSA_P384");
parameters.Curve = ECCurve.CreateFromOid(cardP384oid);
Array.Copy(EncodedParamsPoint, 0x01, KeyValue_X, 0, 48);
Array.Copy(EncodedParamsPoint, 0x31, KeyValue_Y, 0, 48);
//Fill in parameters public key (Q)
System.Security.Cryptography.ECPoint Q;
Q.X = KeyValue_X;
Q.Y = KeyValue_Y;
parameters.Q = Q;
}
else
{
//not supported, cannot verify, exit
return(false);
}
ECDsa dsa = ECDsa.Create(parameters);
// verify signature. assume that the data was SHA384 hashed.
return(dsa.VerifyData(data, signature, HashAlgorithmName.SHA384));
}
else
{
return(true);
}
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
return(false);
}
}
public override string ToString(bool verbose)
{
if (verbose == false || Pal == null)
{
return(ToString());
}
StringBuilder sb = new StringBuilder();
// Version
sb.AppendLine("[Version]");
sb.Append(" V");
sb.Append(Version);
// Subject
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Subject]");
sb.Append(" ");
sb.Append(SubjectName.Name);
string simpleName = GetNameInfo(X509NameType.SimpleName, false);
if (simpleName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Simple Name: ");
sb.Append(simpleName);
}
string emailName = GetNameInfo(X509NameType.EmailName, false);
if (emailName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Email Name: ");
sb.Append(emailName);
}
string upnName = GetNameInfo(X509NameType.UpnName, false);
if (upnName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("UPN Name: ");
sb.Append(upnName);
}
string dnsName = GetNameInfo(X509NameType.DnsName, false);
if (dnsName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("DNS Name: ");
sb.Append(dnsName);
}
// Issuer
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Issuer]");
sb.Append(" ");
sb.Append(IssuerName.Name);
simpleName = GetNameInfo(X509NameType.SimpleName, true);
if (simpleName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Simple Name: ");
sb.Append(simpleName);
}
emailName = GetNameInfo(X509NameType.EmailName, true);
if (emailName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Email Name: ");
sb.Append(emailName);
}
upnName = GetNameInfo(X509NameType.UpnName, true);
if (upnName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("UPN Name: ");
sb.Append(upnName);
}
dnsName = GetNameInfo(X509NameType.DnsName, true);
if (dnsName.Length > 0)
{
sb.AppendLine();
sb.Append(" ");
sb.Append("DNS Name: ");
sb.Append(dnsName);
}
// Serial Number
sb.AppendLine();
sb.AppendLine();
sb.AppendLine("[Serial Number]");
sb.Append(" ");
sb.AppendLine(SerialNumber);
// NotBefore
sb.AppendLine();
sb.AppendLine("[Not Before]");
sb.Append(" ");
sb.AppendLine(FormatDate(NotBefore));
// NotAfter
sb.AppendLine();
sb.AppendLine("[Not After]");
sb.Append(" ");
sb.AppendLine(FormatDate(NotAfter));
// Thumbprint
sb.AppendLine();
sb.AppendLine("[Thumbprint]");
sb.Append(" ");
sb.AppendLine(Thumbprint);
// Signature Algorithm
sb.AppendLine();
sb.AppendLine("[Signature Algorithm]");
sb.Append(" ");
sb.Append(SignatureAlgorithm.FriendlyName);
sb.Append('(');
sb.Append(SignatureAlgorithm.Value);
sb.AppendLine(")");
// Public Key
sb.AppendLine();
sb.Append("[Public Key]");
// It could throw if it's some user-defined CryptoServiceProvider
try
{
PublicKey pubKey = PublicKey;
sb.AppendLine();
sb.Append(" ");
sb.Append("Algorithm: ");
sb.Append(pubKey.Oid.FriendlyName);
// So far, we only support RSACryptoServiceProvider & DSACryptoServiceProvider Keys
try
{
sb.AppendLine();
sb.Append(" ");
sb.Append("Length: ");
using (RSA pubRsa = this.GetRSAPublicKey())
{
if (pubRsa != null)
{
sb.Append(pubRsa.KeySize);
}
}
}
catch (NotSupportedException)
{
}
sb.AppendLine();
sb.Append(" ");
sb.Append("Key Blob: ");
sb.AppendLine(pubKey.EncodedKeyValue.Format(true));
sb.Append(" ");
sb.Append("Parameters: ");
sb.Append(pubKey.EncodedParameters.Format(true));
}
catch (CryptographicException)
{
}
// Private key
Pal.AppendPrivateKeyInfo(sb);
// Extensions
X509ExtensionCollection extensions = Extensions;
if (extensions.Count > 0)
{
sb.AppendLine();
sb.AppendLine();
sb.Append("[Extensions]");
foreach (X509Extension extension in extensions)
{
try
{
sb.AppendLine();
sb.Append("* ");
sb.Append(extension.Oid.FriendlyName);
sb.Append('(');
sb.Append(extension.Oid.Value);
sb.Append("):");
sb.AppendLine();
sb.Append(" ");
sb.Append(extension.Format(true));
}
catch (CryptographicException)
{
}
}
}
sb.AppendLine();
return(sb.ToString());
}
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
throw new NotImplementedException();
}
public void Constructor_Dsa_WeirdParameters_Key ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
{
if (key == null)
throw new ArgumentNullException ("key");
byte[] pkraw = key.EncodedKeyValue.RawData;
// compute SKI
switch (algorithm) {
// hash of the public key, excluding Tag, Length and unused bits values
case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
_subjectKeyIdentifier = SHA1.Create ().ComputeHash (pkraw);
break;
// 0100 bit pattern followed by the 60 last bit of the hash
case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
byte[] hash = SHA1.Create ().ComputeHash (pkraw);
_subjectKeyIdentifier = new byte [8];
Buffer.BlockCopy (hash, 12, _subjectKeyIdentifier, 0, 8);
_subjectKeyIdentifier [0] = (byte) (0x40 | (_subjectKeyIdentifier [0] & 0x0F));
break;
// hash of the public key, including Tag, Length and unused bits values
case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1:
// CryptoAPI does that hash on the complete subjectPublicKeyInfo (unlike PKIX)
// http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain
ASN1 subjectPublicKeyInfo = new ASN1 (0x30);
ASN1 algo = subjectPublicKeyInfo.Add (new ASN1 (0x30));
algo.Add (new ASN1 (CryptoConfig.EncodeOID (key.Oid.Value)));
algo.Add (new ASN1 (key.EncodedParameters.RawData));
// add an extra byte for the unused bits (none)
byte[] full = new byte [pkraw.Length + 1];
Buffer.BlockCopy (pkraw, 0, full, 1, pkraw.Length);
subjectPublicKeyInfo.Add (new ASN1 (0x03, full));
_subjectKeyIdentifier = SHA1.Create ().ComputeHash (subjectPublicKeyInfo.GetBytes ());
break;
default:
throw new ArgumentException ("algorithm");
}
_oid = new Oid (oid, friendlyName);
base.Critical = critical;
RawData = Encode ();
}
public void Constructor_Dsa_UnknownOid ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (unknownOid.Value),
new AsnEncodedData (dsa_params),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (unknownOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) :
base (CAPI.szOID_SUBJECT_KEY_IDENTIFIER, EncodePublicKey(key, algorithm), critical) {}
public void Constructor_Dsa_UnknownOid_Key ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (unknownOid.Value),
new AsnEncodedData (dsa_params),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
private static unsafe byte[] EncodePublicKey (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm) {
if (key == null)
throw new ArgumentNullException("key");
// Construct CERT_PUBLIC_KEY_INFO2 in unmanged memory from given encoded blobs.
SafeLocalAllocHandle publicKeyInfo = EncodePublicKey(key);
CAPI.CERT_PUBLIC_KEY_INFO2 * pPublicKeyInfo = (CAPI.CERT_PUBLIC_KEY_INFO2 *) publicKeyInfo.DangerousGetHandle();
byte [] buffer = new byte[20];
byte [] identifier = null;
fixed (byte * pBuffer = buffer) {
uint cbData = (uint)buffer.Length;
IntPtr pbData = new IntPtr(pBuffer);
try {
if ((X509SubjectKeyIdentifierHashAlgorithm.Sha1 == algorithm)
|| (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm)) {
//+=================================================================
// (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of
// the value of the BIT STRING subjectPublicKey (excluding the tag,
// length, and number of unused bits).
if (!CAPI.CryptHashCertificate(
IntPtr.Zero, // hCryptProv
CAPI.CALG_SHA1,
0, // dwFlags,
pPublicKeyInfo->PublicKey.pbData,
pPublicKeyInfo->PublicKey.cbData,
pbData,
new IntPtr(&cbData)))
throw new CryptographicException(Marshal.GetHRForLastWin32Error());
}
//+=================================================================
// Microsoft convention: The keyIdentifier is composed of the
// 160-bit SHA-1 hash of the encoded subjectPublicKey BITSTRING
// (including the tag, length, and number of unused bits).
else if (X509SubjectKeyIdentifierHashAlgorithm.CapiSha1 == algorithm) {
if (!CAPI.CryptHashPublicKeyInfo(
IntPtr.Zero, // hCryptProv
CAPI.CALG_SHA1,
0, // dwFlags,
CAPI.X509_ASN_ENCODING,
new IntPtr(pPublicKeyInfo),
pbData,
new IntPtr(&cbData))) {
throw new CryptographicException(Marshal.GetHRForLastWin32Error());
}
} else {
throw new ArgumentException("algorithm");
}
//+=================================================================
// (2) The keyIdentifier is composed of a four bit type field with
// the value 0100 followed by the least significant 60 bits of the
// SHA-1 hash of the value of the BIT STRING subjectPublicKey
// (excluding the tag, length, and number of unused bit string bits)
if (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm) {
identifier = new byte[8];
Array.Copy(buffer, buffer.Length - 8, identifier, 0, identifier.Length);
identifier[0] &= 0x0f;
identifier[0] |= 0x40;
} else {
identifier = buffer;
// return the meaningful part only
if (buffer.Length > (int)cbData) {
identifier = new byte[cbData];
Array.Copy(buffer, 0, identifier, 0, identifier.Length);
}
}
} finally {
publicKeyInfo.Dispose();
}
}
return EncodeExtension(identifier);
}
public void FixtureSetUp ()
{
pk1 = new X509Certificate2 (Encoding.ASCII.GetBytes (X509Certificate2Test.base64_cert)).PublicKey;
}
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key)
{
unsafe
{
fixed (byte* pszOidValue = key.Oid.ValueAsAscii())
{
byte[] encodedParameters = key.EncodedParameters.RawData;
fixed (byte* pEncodedParameters = encodedParameters)
{
byte[] encodedKeyValue = key.EncodedKeyValue.RawData;
fixed (byte* pEncodedKeyValue = encodedKeyValue)
{
CERT_PUBLIC_KEY_INFO publicKeyInfo = new CERT_PUBLIC_KEY_INFO()
{
Algorithm = new CRYPT_ALGORITHM_IDENTIFIER()
{
pszObjId = new IntPtr(pszOidValue),
Parameters = new CRYPTOAPI_BLOB(encodedParameters.Length, pEncodedParameters),
},
PublicKey = new CRYPT_BIT_BLOB()
{
cbData = encodedKeyValue.Length,
pbData = pEncodedKeyValue,
cUnusedBits = 0,
},
};
int cb = 20;
byte[] buffer = new byte[cb];
if (!Interop.crypt32.CryptHashPublicKeyInfo(IntPtr.Zero, AlgId.CALG_SHA1, 0, CertEncodingType.All, ref publicKeyInfo, buffer, ref cb))
throw Marshal.GetHRForLastWin32Error().ToCryptographicException();;
if (cb < buffer.Length)
{
byte[] newBuffer = new byte[cb];
Array.Copy(buffer, 0, newBuffer, 0, cb);
buffer = newBuffer;
}
return buffer;
}
}
}
}
}
public override void Reset ()
{
_cert = null;
_archived = false;
_extensions = null;
_serial = null;
_publicKey = null;
issuer_name = null;
subject_name = null;
signature_algorithm = null;
if (intermediateCerts != null) {
intermediateCerts.Dispose ();
intermediateCerts = null;
}
}
private static byte[] GenerateSubjectKeyIdentifierFromPublicKey(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm)
{
switch (algorithm)
{
case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
return ComputeSha1(key.EncodedKeyValue.RawData);
case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
{
byte[] sha1 = ComputeSha1(key.EncodedKeyValue.RawData);
// ShortSha1: The keyIdentifier is composed of a four bit type field with
// the value 0100 followed by the least significant 60 bits of the
// SHA-1 hash of the value of the BIT STRING subjectPublicKey
// (excluding the tag, length, and number of unused bit string bits)
byte[] shortSha1 = new byte[8];
Buffer.BlockCopy(sha1, sha1.Length - 8, shortSha1, 0, shortSha1.Length);
shortSha1[0] &= 0x0f;
shortSha1[0] |= 0x40;
return shortSha1;
}
case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1:
return X509Pal.Instance.ComputeCapiSha1OfPublicKey(key);
default:
throw new ArgumentException(SR.Format(SR.Arg_EnumIllegalVal, algorithm), nameof(algorithm));
}
}
public override void Reset () {
m_version = 0;
m_notBefore = DateTime.MinValue;
m_notAfter = DateTime.MinValue;
m_privateKey = null;
m_publicKey = null;
m_extensions = null;
m_signatureAlgorithm = null;
m_subjectName = null;
m_issuerName = null;
if (!m_safeCertContext.IsInvalid) {
// Free the current certificate handle
m_safeCertContext.Dispose();
m_safeCertContext = SafeCertContextHandle.InvalidHandle;
}
base.Reset();
}
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
: base(Oids.SubjectKeyIdentifier, EncodeExtension(key, algorithm), critical)
{
}
internal PublicKey (PublicKey publicKey) {
m_oid = new Oid(publicKey.m_oid);
m_encodedParameters = new AsnEncodedData(publicKey.m_encodedParameters);
m_encodedKeyValue = new AsnEncodedData(publicKey.m_encodedKeyValue);
}
public override void Reset ()
{
_cert = null;
_archived = false;
_extensions = null;
_name = String.Empty;
_serial = null;
_publicKey = null;
issuer_name = null;
subject_name = null;
signature_algorithm = null;
base.Reset ();
}
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
: base(Oids.SubjectKeyIdentifier, EncodeExtension(key, algorithm), critical)
{
}
