using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.CryptoPro; using Org.BouncyCastle.Asn1.Nist; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; using System; using System.Collections.Generic; using System.IO; namespace Org.BouncyCastle.X509 { internal static class X509Utilities { private static readonly Dictionary<string, DerObjectIdentifier> m_algorithms; static X509Utilities() { m_algorithms = new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase); m_algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption); m_algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption); m_algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption); m_algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption); m_algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); m_algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); m_algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); m_algorithms.Add("SHA-1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); m_algorithms.Add("SHA224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); m_algorithms.Add("SHA-224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); m_algorithms.Add("SHA224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); m_algorithms.Add("SHA-224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); m_algorithms.Add("SHA256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); m_algorithms.Add("SHA-256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); m_algorithms.Add("SHA256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); m_algorithms.Add("SHA-256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); m_algorithms.Add("SHA384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); m_algorithms.Add("SHA-384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); m_algorithms.Add("SHA384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); m_algorithms.Add("SHA-384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); m_algorithms.Add("SHA512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); m_algorithms.Add("SHA-512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); m_algorithms.Add("SHA512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); m_algorithms.Add("SHA-512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); m_algorithms.Add("SHA512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); m_algorithms.Add("SHA-512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); m_algorithms.Add("SHA512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); m_algorithms.Add("SHA-512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); m_algorithms.Add("SHA512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); m_algorithms.Add("SHA-512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); m_algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); m_algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); m_algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); m_algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); m_algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); m_algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); m_algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); m_algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); m_algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); m_algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); m_algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); m_algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); m_algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); m_algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1); m_algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1); m_algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224); m_algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256); m_algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384); m_algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512); m_algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1); m_algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1); m_algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224); m_algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256); m_algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384); m_algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512); m_algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); m_algorithms.Add("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); m_algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); m_algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); m_algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); } internal static bool AreEquivalentAlgorithms(AlgorithmIdentifier id1, AlgorithmIdentifier id2) { if (!id1.Algorithm.Equals(id2.Algorithm)) return false; if (HasAbsentParameters(id1) && HasAbsentParameters(id2)) return true; return object.Equals(id1.Parameters, id2.Parameters); } internal static byte[] CalculateDigest(AlgorithmIdentifier digestAlgorithm, Asn1Encodable asn1Encodable) { return CalculateResult(new DefaultDigestCalculator(DigestUtilities.GetDigest(digestAlgorithm.Algorithm)), asn1Encodable).Collect(); } internal static byte[] CalculateDigest(IDigestFactory digestFactory, byte[] buf) { return CalculateDigest(digestFactory, buf, 0, buf.Length); } internal static byte[] CalculateDigest(IDigestFactory digestFactory, byte[] buf, int off, int len) { return CalculateResult(digestFactory.CreateCalculator(), buf, off, len).Collect(); } internal static byte[] CalculateDigest(IDigestFactory digestFactory, ReadOnlySpan<byte> buf) { return CalculateResult(digestFactory.CreateCalculator(), buf).Collect(); } internal static byte[] CalculateDigest(IDigestFactory digestFactory, Asn1Encodable asn1Encodable) { return CalculateResult(digestFactory.CreateCalculator(), asn1Encodable).Collect(); } internal static TResult CalculateResult<TResult>(IStreamCalculator<TResult> streamCalculator, byte[] buf, int off, int len) { using (Stream stream = streamCalculator.Stream) stream.Write(buf, off, len); return streamCalculator.GetResult(); } internal static TResult CalculateResult<TResult>(IStreamCalculator<TResult> streamCalculator, ReadOnlySpan<byte> buf) { using (Stream stream = streamCalculator.Stream) stream.Write(buf); return streamCalculator.GetResult(); } internal static TResult CalculateResult<TResult>(IStreamCalculator<TResult> streamCalculator, Asn1Encodable asn1Encodable) { using (Stream output = streamCalculator.Stream) asn1Encodable.EncodeTo(output, "DER"); return streamCalculator.GetResult(); } internal unsafe static DerBitString CollectDerBitString(IBlockResult result) { int maxResultLength = result.GetMaxResultLength(); Span<byte> span; if (maxResultLength <= 512) { int num = maxResultLength; span = new Span<byte>(stackalloc byte[(int)(uint)num], num); } else span = new byte[maxResultLength]; Span<byte> span2 = span; int length = result.Collect(span2); span2 = span2.Slice(0, length); return new DerBitString(span2); } internal static IssuerSerial CreateIssuerSerial(X509Certificate certificate) { return CreateIssuerSerial(certificate.CertificateStructure); } internal static IssuerSerial CreateIssuerSerial(X509CertificateStructure certificate) { return new IssuerSerial(certificate.Issuer, certificate.SerialNumber); } internal static DerBitString GenerateBitString(IStreamCalculator<IBlockResult> streamCalculator, Asn1Encodable asn1Encodable) { return CollectDerBitString(CalculateResult(streamCalculator, asn1Encodable)); } internal static DerBitString GenerateDigest(IDigestFactory digestFactory, Asn1Encodable asn1Encodable) { return GenerateBitString(digestFactory.CreateCalculator(), asn1Encodable); } internal static DerBitString GenerateMac(IMacFactory macFactory, Asn1Encodable asn1Encodable) { return GenerateBitString(macFactory.CreateCalculator(), asn1Encodable); } internal static DerBitString GenerateSignature(ISignatureFactory signatureFactory, Asn1Encodable asn1Encodable) { return GenerateBitString(signatureFactory.CreateCalculator(), asn1Encodable); } internal static IEnumerable<string> GetAlgNames() { return CollectionUtilities.Proxy(m_algorithms.Keys); } internal static bool HasAbsentParameters(AlgorithmIdentifier algID) { return IsAbsentParameters(algID.Parameters); } internal static bool IsAbsentParameters(Asn1Encodable parameters) { if (parameters != null) return DerNull.Instance.Equals(parameters); return true; } internal static bool VerifyMac(IMacFactory macFactory, Asn1Encodable asn1Encodable, DerBitString expected) { return Arrays.FixedTimeEquals(CalculateResult(macFactory.CreateCalculator(), asn1Encodable).Collect(), expected.GetOctetsSpan()); } internal static bool VerifySignature(IVerifierFactory verifierFactory, Asn1Encodable asn1Encodable, DerBitString signature) { return CalculateResult(verifierFactory.CreateCalculator(), asn1Encodable).IsVerified(signature.GetOctets()); } } }