1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
using System;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Ocsp;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Ocsp
{
public class CertificateID
{
public const string HashSha1 = "1.3.14.3.2.26";
private readonly CertID id;
public CertificateID(
CertID id)
{
if (id == null)
throw new ArgumentNullException("id");
this.id = id;
}
/**
* create from an issuer certificate and the serial number of the
* certificate it signed.
* @exception OcspException if any problems occur creating the id fields.
*/
public CertificateID(
string hashAlgorithm,
X509Certificate issuerCert,
BigInteger serialNumber)
{
AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
new DerObjectIdentifier(hashAlgorithm), DerNull.Instance);
this.id = CreateCertID(hashAlg, issuerCert, new DerInteger(serialNumber));
}
public string HashAlgOid
{
get { return id.HashAlgorithm.Algorithm.Id; }
}
public byte[] GetIssuerNameHash()
{
return id.IssuerNameHash.GetOctets();
}
public byte[] GetIssuerKeyHash()
{
return id.IssuerKeyHash.GetOctets();
}
/**
* return the serial number for the certificate associated
* with this request.
*/
public BigInteger SerialNumber
{
get { return id.SerialNumber.Value; }
}
public bool MatchesIssuer(
X509Certificate issuerCert)
{
return CreateCertID(id.HashAlgorithm, issuerCert, id.SerialNumber).Equals(id);
}
public CertID ToAsn1Object()
{
return id;
}
public override bool Equals(
object obj)
{
if (obj == this)
return true;
CertificateID other = obj as CertificateID;
if (other == null)
return false;
return id.ToAsn1Object().Equals(other.id.ToAsn1Object());
}
public override int GetHashCode()
{
return id.ToAsn1Object().GetHashCode();
}
/**
* Create a new CertificateID for a new serial number derived from a previous one
* calculated for the same CA certificate.
*
* @param original the previously calculated CertificateID for the CA.
* @param newSerialNumber the serial number for the new certificate of interest.
*
* @return a new CertificateID for newSerialNumber
*/
public static CertificateID DeriveCertificateID(CertificateID original, BigInteger newSerialNumber)
{
return new CertificateID(new CertID(original.id.HashAlgorithm, original.id.IssuerNameHash,
original.id.IssuerKeyHash, new DerInteger(newSerialNumber)));
}
private static CertID CreateCertID(
AlgorithmIdentifier hashAlg,
X509Certificate issuerCert,
DerInteger serialNumber)
{
try
{
string hashAlgorithm = hashAlg.Algorithm.Id;
X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert);
byte[] issuerNameHash = DigestUtilities.CalculateDigest(
hashAlgorithm, issuerName.GetEncoded());
AsymmetricKeyParameter issuerKey = issuerCert.GetPublicKey();
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey);
byte[] issuerKeyHash = DigestUtilities.CalculateDigest(
hashAlgorithm, info.PublicKey.GetBytes());
return new CertID(hashAlg, new DerOctetString(issuerNameHash),
new DerOctetString(issuerKeyHash), serialNumber);
}
catch (Exception e)
{
throw new OcspException("problem creating ID: " + e, e);
}
}
}
}
|