/* public X509Certificate2 FindRootCertificate(X509Certificate2 serverX509Certificate2, IDictionary<string, X509Certificate2> rootCertificateDirectory) * { * bool rootCertificateFound = false; * X509Certificate2 desiredRootX509Certificate2 = null; * // Find the desired root certificate * X509Chain x509Chain = new X509Chain(); * x509Chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; * x509Chain.Build(serverX509Certificate2); * * // Iterate though the chain, to validate if it contain a valid root vertificate * X509ChainElementCollection x509ChainElementCollection = x509Chain.ChainElements; * X509ChainElementEnumerator enumerator = x509ChainElementCollection.GetEnumerator(); * X509ChainElement x509ChainElement; * X509Certificate2 x509Certificate2 = null; * string x509CertificateThumbprint; * // At this point, the certificate is not valid, until a * // it is proved that it has a valid root certificate * while (rootCertificateFound == false && enumerator.MoveNext()) * { * x509ChainElement = enumerator.Current; * x509Certificate2 = x509ChainElement.Certificate; * x509CertificateThumbprint = x509Certificate2.Thumbprint.ToLowerInvariant(); * if (rootCertificateDirectory.ContainsKey(x509CertificateThumbprint)) * { * // The current chain element is in the trusted rootCertificateDirectory * rootCertificateFound = true; * * // now the loop will break, as we have found a trusted root certificate * } * } * * if (rootCertificateFound) * { * // root certificate is found * desiredRootX509Certificate2 = x509Certificate2; * } * * return desiredRootX509Certificate2; * }*/ public List <string> GetAuthorityInformationAccessOcspUrl(X509Certificate2 x509Certificate2) { List <string> ocspUrls = new List <string>(); try { // DanID test code shows how to do it Org.BouncyCastle.Asn1.X509.X509Extensions x509Extensions = this.GetX509Extensions(x509Certificate2); Org.BouncyCastle.Asn1.X509.X509Extension x509Extension = x509Extensions.GetExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityInfoAccess); if (x509Extension == null) { // The desired info does not exist // Meaning the certificate does not contain ocsp urls } else { Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess authorityInformationAccess = Org.BouncyCastle.Asn1.X509.AuthorityInformationAccess.GetInstance(x509Extension.GetParsedValue()); Org.BouncyCastle.Asn1.X509.AccessDescription[] accessDescription = authorityInformationAccess.GetAccessDescriptions(); string ocspUrl = this.GetAccessDescriptionUrlForOid(AccessDescription.IdADOcsp, accessDescription); ocspUrls.Add(ocspUrl); } } catch (Exception e) { throw new Exception("Error parsing AIA.", e); } return(ocspUrls); }
public static ExtendedKeyUsage retrieveExtendedKeyUsageOIDs(X509Certificate x509Certificate) { ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(); X509Extension x509Extension = x509Certificate.CertificateStructure.TbsCertificate.Extensions.GetExtension(new DerObjectIdentifier(OIDS.OID_EXTENDED_KEY_USAGE_EXTENSION)); if (x509Extension != null) { Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage extendedKeyUsageExtension = Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage.GetInstance(x509Extension); extendedKeyUsage.HasExtendedKeyUsageExtension = true; extendedKeyUsage.IsCritical = x509Extension.IsCritical; IList allUsages = extendedKeyUsageExtension.GetAllUsages(); extendedKeyUsage.Count = allUsages.Count; List <byte[]> purposeOidList = new List <byte[]>(allUsages.Count); foreach (DerObjectIdentifier derObjectIdentifier in allUsages) { purposeOidList.Add(StringUtil.StringToByteArray(derObjectIdentifier.Id)); } extendedKeyUsage.Oids = purposeOidList.ToArray(); } else { extendedKeyUsage.HasExtendedKeyUsageExtension = false; } return(extendedKeyUsage); }
public static SubjectKeyIdentifier retrieveSubjectKeyIdentifier(X509Certificate x509Certificate) { SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifier(); X509Extension x509Extension = x509Certificate.CertificateStructure.TbsCertificate.Extensions.GetExtension( new DerObjectIdentifier(OIDS.OID_SUBJECT_KEY_IDENTIFIER_EXTENSION)); if (x509Extension != null) { Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier subjectKeyIdentifierExtension = Org.BouncyCastle.Asn1.X509.SubjectKeyIdentifier.GetInstance(x509Extension); subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = true; subjectKeyIdentifier.IsCritical = x509Extension.IsCritical; subjectKeyIdentifier.keyIdentifier = subjectKeyIdentifierExtension.GetKeyIdentifier(); //todo: add issuer and serial fields. } else { subjectKeyIdentifier.HasSubjectKeyIdentifierExtension = false; } return(subjectKeyIdentifier); }
public void AddExtension( string oid, bool critical, byte[] value) { DerObjectIdentifier derOid = new DerObjectIdentifier(oid); extensions[derOid] = new X509Extension(critical, new DerOctetString(value)); extOrdering.Add(derOid); }
/// <sumary>Convert the value of the passed in extension to an object.</sumary> /// <param name="ext">The extension to parse.</param> /// <returns>The object the value string contains.</returns> /// <exception cref="ArgumentException">If conversion is not possible.</exception> public static Asn1Object ConvertValueToObject( X509Extension ext) { try { return Asn1Object.FromByteArray(ext.Value.GetOctets()); } catch (Exception e) { throw new ArgumentException("can't convert extension", e); } }
private static X509Extensions CreateExtension() { byte[] nonce = new byte[16]; Hashtable exts = new Hashtable(); BigInteger nc = BigInteger.ValueOf(DateTime.Now.Ticks); X509Extension nonceext = new X509Extension(false, new DerOctetString(nc.ToByteArray())); exts.Add(OcspObjectIdentifiers.PkixOcspNonce, nonceext); return(new X509Extensions(exts)); }
/// <sumary>Convert the value of the passed in extension to an object.</sumary> /// <param name="ext">The extension to parse.</param> /// <returns>The object the value string contains.</returns> /// <exception cref="ArgumentException">If conversion is not possible.</exception> public static Asn1Object ConvertValueToObject( X509Extension ext) { try { return Asn1Object.FromByteArray(ext.Value.GetOctets()); } catch (Exception e) { // MASC 20070307. CF compatibility patch throw new ArgumentException("can't convert extension:ext", e); } }
/// <summary> /// Call to request a certificate /// </summary> /// <param name="csr">Certificate signing request</param> /// <param name="effectiveDate">Effective date of certificate</param> /// <param name="expirationDate">Expiration date of certificate</param> /// <param name="ca">Signing authority</param> /// <param name="asn1Set">Extensions</param> /// <exception cref="InvalidParameterException">Thrown if <paramref name="ca"/> is null</exception> /// <returns>Certificate signed by <paramref name="ca"/></returns> public static X509Certificate2 RequestCertificate(Pkcs10CertificationRequest csr, DateTime effectiveDate, DateTime expirationDate, X509Certificate2 ca, Asn1Set asn1Set) { AsymmetricKeyParameter keyParameter = null; if (ca == null) { throw new InvalidParameterException("ca can not be null"); } keyParameter = TransformRSAPrivateKey((RSACryptoServiceProvider)ca.PrivateKey); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(CreateSerialNumber()); certGen.SetIssuerDN(new X509Name(ca.Subject)); certGen.SetNotBefore(effectiveDate.ToUniversalTime()); certGen.SetNotAfter(expirationDate.ToUniversalTime()); certGen.SetSubjectDN(csr.GetCertificationRequestInfo().Subject); certGen.SetPublicKey(csr.GetPublicKey()); certGen.SetSignatureAlgorithm(SIGNATURE_ALGORITHM); CertificationRequestInfo info = csr.GetCertificationRequestInfo(); if (asn1Set != null) { // Iterate through each extension and add it to the certificate for (int i = 0; i < asn1Set.Count; i++) { AttributePkcs attr = AttributePkcs.GetInstance(asn1Set[i]); if (attr != null && attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest)) { X509Extensions extensions = X509Extensions.GetInstance(attr.AttrValues[0]); foreach (DerObjectIdentifier extOid in extensions.ExtensionOids) { Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions.GetExtension(extOid); certGen.AddExtension(extOid, ext.IsCritical, ext.GetParsedValue()); } } } } Org.BouncyCastle.X509.X509Certificate bcCert = certGen.Generate(keyParameter); return(new X509Certificate2(bcCert.GetEncoded())); }
public static AuthorityKeyIdentifier retrieveAuthorityKeyIdentifier(X509Certificate x509Certificate) { AuthorityKeyIdentifier authorityKeyIdentifier = new AuthorityKeyIdentifier(); X509Extension x509Extension = x509Certificate.CertificateStructure.TbsCertificate.Extensions.GetExtension(new DerObjectIdentifier(OIDS.OID_AUTHORITY_KEY_IDENTIFIER_EXTENSION)); if (x509Extension != null) { Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier authorityKeyIdentifierExtension = Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier.GetInstance(x509Extension); authorityKeyIdentifier.HasAuthorityKeyIdentifier = true; authorityKeyIdentifier.IsCritical = x509Extension.IsCritical; authorityKeyIdentifier.keyIdentifier = authorityKeyIdentifierExtension.GetKeyIdentifier(); //todo: add issuer and serial fields. } else { authorityKeyIdentifier.HasAuthorityKeyIdentifier = false; } return(authorityKeyIdentifier); }
// previous code found to cause a NullPointerException private void nullPointerTest() { IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA"); keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024)); IAsymmetricCipherKeyPair pair = keyGen.GenerateKeyPair(); IList oids = new ArrayList(); IList values = new ArrayList(); oids.Add(X509Extensions.BasicConstraints); values.Add(new X509Extension(true, new DerOctetString(new BasicConstraints(true)))); oids.Add(X509Extensions.KeyUsage); values.Add(new X509Extension(true, new DerOctetString( new KeyUsage(KeyUsage.KeyCertSign | KeyUsage.CrlSign)))); SubjectKeyIdentifier subjectKeyIdentifier = new SubjectKeyIdentifierStructure(pair.Public); X509Extension ski = new X509Extension(false, new DerOctetString(subjectKeyIdentifier)); oids.Add(X509Extensions.SubjectKeyIdentifier); values.Add(ski); AttributePkcs attribute = new AttributePkcs(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest, new DerSet(new X509Extensions(oids, values))); Pkcs10CertificationRequest p1 = new Pkcs10CertificationRequest( "SHA1WithRSA", new X509Name("cn=csr"), pair.Public, new DerSet(attribute), pair.Private); Pkcs10CertificationRequest p2 = new Pkcs10CertificationRequest( "SHA1WithRSA", new X509Name("cn=csr"), pair.Public, new DerSet(attribute), pair.Private); if (!p1.Equals(p2)) { Fail("cert request comparison failed"); } }
/// <summary> /// Enroll certificate file base on request /// </summary> /// <param name="cerRequest"></param> /// <param name="rootCert"></param> /// <param name="issuerKeyPair"></param> /// <param name="startDate"></param> /// <param name="endDate"></param> /// <returns></returns> private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate( Pkcs10CertificationRequest cerRequest, Org.BouncyCastle.X509.X509Certificate rootCert, AsymmetricCipherKeyPair issuerKeyPair, DateTime startDate, DateTime endDate) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(rootCert.SubjectDN); certGen.SetNotBefore(startDate); certGen.SetNotAfter(endDate); CertificationRequestInfo info = cerRequest.GetCertificationRequestInfo(); certGen.SetSubjectDN(info.Subject); certGen.SetPublicKey(cerRequest.GetPublicKey()); AlgorithmIdentifier sigAlg = cerRequest.SignatureAlgorithm; string algName = GetAlgorithmName(sigAlg.Algorithm.Id); certGen.SetSignatureAlgorithm(algName); // Add certificate extensions Asn1Set attributes = cerRequest.GetCertificationRequestInfo().Attributes; if (attributes != null) { for (int i = 0; i != attributes.Count; i++) { AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]); if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest)) { X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]); foreach (DerObjectIdentifier oid in extensions1.ExtensionOids) { Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid); certGen.AddExtension(oid, ext.IsCritical, ext.GetParsedValue()); } } } } Org.BouncyCastle.X509.X509Certificate issuedCert = null; try { issuedCert = certGen.Generate(issuerKeyPair.Private); tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Certificate file sucessfully generated." + "\n", Foreground = System.Windows.Media.Brushes.Green }); })); } catch (Exception ex) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } try { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Check if generated certificate file is valid, plase wait ..." + "\n", Foreground = System.Windows.Media.Brushes.Black }); })); issuedCert.CheckValidity(DateTime.UtcNow); Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Generate certificate file is valid." + "\n", Foreground = System.Windows.Media.Brushes.Black }); })); } catch (Exception ex) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } try { tbOutputMessageBox.Inlines.Add(new Run { Text = "Verify generated certificate file, plase wait ..." + "\n", Foreground = System.Windows.Media.Brushes.Black }); issuedCert.Verify(issuerKeyPair.Public); Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Generate certificate file verification is OK." + "\n", Foreground = System.Windows.Media.Brushes.Green }); })); } catch (Exception ex) { Application.Current.Dispatcher.Invoke(new Action(() => { tbOutputMessageBox.Inlines.Add(new Run { Text = "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n", Foreground = System.Windows.Media.Brushes.Red }); })); } return(issuedCert); }
public override bool Equals(object obj) { X509Extension x509Extension = obj as X509Extension; return(x509Extension != null && this.Value.Equals(x509Extension.Value) && this.IsCritical == x509Extension.IsCritical); }
/// <summary> /// Enroll certificate file base on request /// </summary> /// <param name="csr"></param> /// <param name="rootCert"></param> /// <param name="issuerKeyPair"></param> /// <param name="startDate"></param> /// <param name="endDate"></param> /// <returns></returns> private Org.BouncyCastle.X509.X509Certificate GenerateSignedCertificate( Pkcs10CertificationRequest csr, Org.BouncyCastle.X509.X509Certificate rootCert, AsymmetricCipherKeyPair issuerKeyPair, DateTime startDate, DateTime endDate) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); //List<ExtensionsItem> extensions = null; certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(rootCert.SubjectDN); certGen.SetNotBefore(startDate); certGen.SetNotAfter(endDate); CertificationRequestInfo info = csr.GetCertificationRequestInfo(); certGen.SetSubjectDN(info.Subject); certGen.SetPublicKey(csr.GetPublicKey()); var sigAlg = csr.Signature; var sigAlg1 = csr.SignatureAlgorithm; certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); // Add certificate extensions Asn1Set attributes = csr.GetCertificationRequestInfo().Attributes; if (attributes != null) { for (int i = 0; i != attributes.Count; i++) { AttributePkcs attr = AttributePkcs.GetInstance(attributes[i]); if (attr.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest)) { X509Extensions extensions1 = X509Extensions.GetInstance(attr.AttrValues[0]); foreach (DerObjectIdentifier oid in extensions1.ExtensionOids) { Org.BouncyCastle.Asn1.X509.X509Extension ext = extensions1.GetExtension(oid); // !!! NOT working !!! //certGen.AddExtension(oid, ext.IsCritical, ext.Value); //OK certGen.AddExtension(oid, ext.IsCritical, ext.Value, true); } } } } Org.BouncyCastle.X509.X509Certificate issuedCert = null; try { issuedCert = certGen.Generate(issuerKeyPair.Private); tbOutputMessageBox.Text += "Certificate file sucessfully generated." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generate certificate file." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; } try { tbOutputMessageBox.Text += "Check if generated certificate file is valid, plase wait ..." + "\n"; issuedCert.CheckValidity(DateTime.UtcNow); tbOutputMessageBox.Text += "Generate certificate file is valid." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generated certificate file is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; } try { tbOutputMessageBox.Text += "Verify generated certificate file, plase wait ..." + "\n"; issuedCert.Verify(issuerKeyPair.Public); tbOutputMessageBox.Text += "Generate certificate file verification is OK." + "\n"; } catch (Exception ex) { Brush bckForeground = tbOutputMessageBox.Foreground; tbOutputMessageBox.Foreground = new SolidColorBrush(Colors.Red); tbOutputMessageBox.Text += "Error, generated certificate file verification is INVALID." + "\n" + "ERROR: " + ex.GetHashCode().ToString() + " " + ex.Message + "\n"; tbOutputMessageBox.Foreground = bckForeground; } return(issuedCert); }
/** * return the parsed value of the extension represented by the object identifier * passed in. * * @return the parsed value of the extension if it's present, null otherwise. */ public Asn1Encodable GetExtensionParsedValue(DerObjectIdentifier oid) { X509Extension ext = GetExtension(oid); return(ext == null ? null : ext.GetParsedValue()); }
public void GenerateUsingCsr() { var root = File.ReadAllBytes(@"root.pfx"); X509KeyUsageExtension var = new X509KeyUsageExtension( X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.DecipherOnly | X509KeyUsageFlags.KeyCertSign, true); var x509RootCert = new X509Certificate2(root, "airwatch", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet); var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var cert = new X509V3CertificateGenerator(); var csr = string.Empty; var textReader = new StringReader(csr); var reader = new Org.BouncyCastle.OpenSsl.PemReader(textReader); var csrRequestObject = reader.ReadObject() as Pkcs10CertificationRequest; if (csrRequestObject != null) { var csrInfo = csrRequestObject.GetCertificationRequestInfo(); csrInfo.SubjectPublicKeyInfo.GetPublicKey(); cert.SetPublicKey(PublicKeyFactory.CreateKey(csrInfo.SubjectPublicKeyInfo)); } cert.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage((int)0)); var asn1EncodableVector = new Asn1EncodableVector { new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.1") }; var derSeq = new DerSequence(asn1EncodableVector); cert.AddExtension(X509Extensions.AuthorityInfoAccess, false, derSeq); cert.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true)); var privatekey = x509RootCert.PrivateKey as RSACryptoServiceProvider; var ss = privatekey.ExportParameters(true); IRsa rsa = new RsaCoreEngine(); rsa.Init(true, new RsaKeyParameters(true, new BigInteger(1, ss.Modulus), new BigInteger(1, ss.Exponent))); //var signer = new RsaDigestSigner(rsa, new Sha512Digest(), // new AlgorithmIdentifier(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.1"))); //(signingKeyPair, properties.SignatureAlgorithm); X509Extension extension = new X509Extension(false, new DerOctetString(new AuthorityKeyIdentifierStructure(new X509Certificate(X509CertificateStructure.GetInstance(root))))); cert.AddExtension(X509Extensions.CertificateIssuer, true, new AuthorityKeyIdentifierStructure(new X509Certificate(X509CertificateStructure.GetInstance(root)))); var serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); cert.SetSerialNumber(serialNumber); var subjectDN = new X509Name("CN=test"); cert.SetIssuerDN(subjectDN); cert.SetSubjectDN(subjectDN); var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(10); cert.SetNotBefore(notBefore); cert.SetNotAfter(notAfter); const int strength = 2048; var keyGenerationParameters = new KeyGenerationParameters(random, strength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); cert.SetPublicKey(subjectKeyPair.Public); cert.SetSignatureAlgorithm("SHA256withRSA"); var certificate = cert.Generate(subjectKeyPair.Private, random); var certexp = new X509Certificate2(certificate.GetEncoded(), "1234"); certexp.Extensions.Add(var); var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); store.Add(certexp); File.WriteAllBytes(@"C:\cmstest\test.pfx", certexp .Export(X509ContentType.Pfx, "1234")); }
private static Dictionary <DerObjectIdentifier, X509Extension> GetExtensionsWithoutPoisonAndSct(X509Extensions extensions, X509Extension replacementX509Authority) { var result = new Dictionary <DerObjectIdentifier, X509Extension>(); foreach (DerObjectIdentifier oid in extensions.GetExtensionOids()) { if (oid.Id != Constants.PoisonOid && oid.Id != Constants.SctCertificateOid) { if (oid.Id == Constants.X509AuthorityKeyIdentifier && replacementX509Authority != null) { result.Add(oid, replacementX509Authority); } else { result.Add(oid, extensions.GetExtension(oid)); } } } return(result); }
public Asn1Encodable GetParsedValue() { return(X509Extension.ConvertValueToObject(this)); }