You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
211 lines
10 KiB
211 lines
10 KiB
8 months ago
|
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||
|
|
#pragma warning disable
|
||
|
|
using System;
|
||
|
|
using System.Collections;
|
||
|
|
using System.IO;
|
||
|
|
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.CryptoPro;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Nist;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Oiw;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.TeleTrust;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X9;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||
|
|
|
||
|
|
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.X509
|
||
|
|
{
|
||
|
|
internal class X509Utilities
|
||
|
|
{
|
||
|
|
private static readonly IDictionary algorithms = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
|
||
|
|
private static readonly IDictionary exParams = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
|
||
|
|
private static readonly ISet noParams = new HashSet();
|
||
|
|
|
||
|
|
static X509Utilities()
|
||
|
|
{
|
||
|
|
algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption);
|
||
|
|
algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption);
|
||
|
|
algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption);
|
||
|
|
algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
|
||
|
|
algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
|
||
|
|
algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
|
||
|
|
algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
|
||
|
|
algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
|
||
|
|
algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
|
||
|
|
algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1);
|
||
|
|
algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1);
|
||
|
|
algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224);
|
||
|
|
algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256);
|
||
|
|
algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384);
|
||
|
|
algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512);
|
||
|
|
algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1);
|
||
|
|
algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1);
|
||
|
|
algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224);
|
||
|
|
algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256);
|
||
|
|
algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384);
|
||
|
|
algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512);
|
||
|
|
algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
|
||
|
|
algorithms.Add("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
|
||
|
|
algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
|
||
|
|
//
|
||
|
|
// According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
|
||
|
|
// The parameters field SHALL be NULL for RSA based signature algorithms.
|
||
|
|
//
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
|
||
|
|
noParams.Add(OiwObjectIdentifiers.DsaWithSha1);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha224);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha256);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha384);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha512);
|
||
|
|
|
||
|
|
//
|
||
|
|
// RFC 4491
|
||
|
|
//
|
||
|
|
noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
|
||
|
|
noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
|
||
|
|
//
|
||
|
|
// explicit params
|
||
|
|
//
|
||
|
|
AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
|
||
|
|
exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
|
||
|
|
exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
|
||
|
|
exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
|
||
|
|
exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
|
||
|
|
exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64));
|
||
|
|
}
|
||
|
|
|
||
|
|
private static RsassaPssParameters CreatePssParams(
|
||
|
|
AlgorithmIdentifier hashAlgId,
|
||
|
|
int saltSize)
|
||
|
|
{
|
||
|
|
return new RsassaPssParameters(
|
||
|
|
hashAlgId,
|
||
|
|
new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
|
||
|
|
new DerInteger(saltSize),
|
||
|
|
new DerInteger(1));
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static DerObjectIdentifier GetAlgorithmOid(
|
||
|
|
string algorithmName)
|
||
|
|
{
|
||
|
|
algorithmName = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithmName);
|
||
|
|
|
||
|
|
if (algorithms.Contains(algorithmName))
|
||
|
|
{
|
||
|
|
return (DerObjectIdentifier) algorithms[algorithmName];
|
||
|
|
}
|
||
|
|
|
||
|
|
return new DerObjectIdentifier(algorithmName);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static AlgorithmIdentifier GetSigAlgID(
|
||
|
|
DerObjectIdentifier sigOid,
|
||
|
|
string algorithmName)
|
||
|
|
{
|
||
|
|
if (noParams.Contains(sigOid))
|
||
|
|
{
|
||
|
|
return new AlgorithmIdentifier(sigOid);
|
||
|
|
}
|
||
|
|
|
||
|
|
algorithmName = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithmName);
|
||
|
|
|
||
|
|
if (exParams.Contains(algorithmName))
|
||
|
|
{
|
||
|
|
return new AlgorithmIdentifier(sigOid, (Asn1Encodable) exParams[algorithmName]);
|
||
|
|
}
|
||
|
|
|
||
|
|
return new AlgorithmIdentifier(sigOid, DerNull.Instance);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static IEnumerable GetAlgNames()
|
||
|
|
{
|
||
|
|
return new EnumerableProxy(algorithms.Keys);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static byte[] GetSignatureForObject(
|
||
|
|
DerObjectIdentifier sigOid, // TODO Redundant now?
|
||
|
|
string sigName,
|
||
|
|
AsymmetricKeyParameter privateKey,
|
||
|
|
SecureRandom random,
|
||
|
|
Asn1Encodable ae)
|
||
|
|
{
|
||
|
|
if (sigOid == null)
|
||
|
|
throw new ArgumentNullException("sigOid");
|
||
|
|
|
||
|
|
ISigner sig = SignerUtilities.GetSigner(sigName);
|
||
|
|
|
||
|
|
if (random != null)
|
||
|
|
{
|
||
|
|
sig.Init(true, new ParametersWithRandom(privateKey, random));
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
sig.Init(true, privateKey);
|
||
|
|
}
|
||
|
|
|
||
|
|
byte[] encoded = ae.GetDerEncoded();
|
||
|
|
sig.BlockUpdate(encoded, 0, encoded.Length);
|
||
|
|
|
||
|
|
return sig.GenerateSignature();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
#pragma warning restore
|
||
|
|
#endif
|