1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
using System;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Ocsp;
using Org.BouncyCastle.Asn1.Oiw;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Ocsp
{
public class CertificateID
: IEquatable<CertificateID>
{
[Obsolete("Use 'OiwObjectIdentifiers.IdSha1.Id' instead")]
public const string HashSha1 = "1.3.14.3.2.26";
public static readonly AlgorithmIdentifier DigestSha1 = new AlgorithmIdentifier(
OiwObjectIdentifiers.IdSha1, DerNull.Instance);
private readonly CertID m_id;
public CertificateID(CertID id)
{
m_id = id ?? throw new ArgumentNullException(nameof(id));
}
/**
* create from an issuer certificate and the serial number of the
* certificate it signed.
* @exception OcspException if any problems occur creating the id fields.
*/
[Obsolete("Will be removed")]
public CertificateID(string hashAlgorithm, X509Certificate issuerCert, BigInteger serialNumber)
{
AlgorithmIdentifier digestAlgorithm = new AlgorithmIdentifier(
new DerObjectIdentifier(hashAlgorithm), DerNull.Instance);
m_id = CreateCertID(digestAlgorithm, issuerCert, new DerInteger(serialNumber));
}
public CertificateID(AlgorithmIdentifier digestAlgorithm, X509Certificate issuerCert, BigInteger serialNumber)
{
m_id = CreateCertID(digestAlgorithm, issuerCert, new DerInteger(serialNumber));
}
public CertificateID(IDigestFactory digestFactory, X509Certificate issuerCert, BigInteger serialNumber)
{
m_id = CreateCertID(digestFactory, issuerCert, new DerInteger(serialNumber));
}
public string HashAlgOid => m_id.HashAlgorithm.Algorithm.Id;
public byte[] GetIssuerNameHash() => m_id.IssuerNameHash.GetOctets();
public byte[] GetIssuerKeyHash() => m_id.IssuerKeyHash.GetOctets();
/**
* return the serial number for the certificate associated
* with this request.
*/
public BigInteger SerialNumber => m_id.SerialNumber.Value;
public bool MatchesIssuer(X509Certificate issuerCert)
{
return CreateCertID(m_id.HashAlgorithm, issuerCert, m_id.SerialNumber).Equals(m_id);
}
public bool MatchesIssuer(IDigestFactory digestFactory, X509Certificate issuerCert)
{
if (!m_id.HashAlgorithm.Equals(digestFactory.AlgorithmDetails))
throw new ArgumentException("digest factory does not match required digest algorithm");
return CreateCertID(digestFactory, issuerCert, m_id.SerialNumber).Equals(m_id);
}
public CertID ToAsn1Object() => m_id;
public bool Equals(CertificateID other) => this == other || m_id.Equals(other?.m_id);
public override bool Equals(object obj) => Equals(obj as CertificateID);
public override int GetHashCode() => m_id.GetHashCode();
/**
* Create a new CertificateID for a new serial number derived from a previous one
* calculated for the same CA certificate.
*
* @param original the previously calculated CertificateID for the CA.
* @param newSerialNumber the serial number for the new certificate of interest.
*
* @return a new CertificateID for newSerialNumber
*/
public static CertificateID DeriveCertificateID(CertificateID original, BigInteger newSerialNumber)
{
CertID originalID = original.ToAsn1Object();
return new CertificateID(new CertID(originalID.HashAlgorithm, originalID.IssuerNameHash,
originalID.IssuerKeyHash, new DerInteger(newSerialNumber)));
}
private static CertID CreateCertID(AlgorithmIdentifier digestAlgorithm, X509Certificate issuerCert,
DerInteger serialNumber)
{
try
{
X509Name issuerName = issuerCert.SubjectDN;
byte[] issuerNameHash = X509Utilities.CalculateDigest(digestAlgorithm, issuerName);
byte[] issuerKey = issuerCert.SubjectPublicKeyInfo.PublicKey.GetBytes();
byte[] issuerKeyHash = DigestUtilities.CalculateDigest(digestAlgorithm.Algorithm, issuerKey);
return new CertID(digestAlgorithm, new DerOctetString(issuerNameHash),
new DerOctetString(issuerKeyHash), serialNumber);
}
catch (Exception e)
{
throw new OcspException("problem creating ID: " + e, e);
}
}
private static CertID CreateCertID(IDigestFactory digestFactory, X509Certificate issuerCert,
DerInteger serialNumber)
{
try
{
X509Name issuerName = issuerCert.SubjectDN;
byte[] issuerNameHash = X509Utilities.CalculateDigest(digestFactory, issuerName);
byte[] issuerKey = issuerCert.SubjectPublicKeyInfo.PublicKey.GetBytes();
byte[] issuerKeyHash = X509Utilities.CalculateDigest(digestFactory, issuerKey, 0, issuerKey.Length);
return new CertID((AlgorithmIdentifier)digestFactory.AlgorithmDetails,
new DerOctetString(issuerNameHash), new DerOctetString(issuerKeyHash), serialNumber);
}
catch (Exception e)
{
throw new OcspException("problem creating ID: " + e, e);
}
}
}
}
|
