You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
210 lines
10 KiB
210 lines
10 KiB
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR) |
|
#pragma warning disable |
|
using System; |
|
using System.Collections; |
|
using System.IO; |
|
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.CryptoPro; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Nist; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Oiw; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.TeleTrust; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X9; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities; |
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections; |
|
|
|
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.X509 |
|
{ |
|
internal class X509Utilities |
|
{ |
|
private static readonly IDictionary algorithms = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable(); |
|
private static readonly IDictionary exParams = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable(); |
|
private static readonly ISet noParams = new HashSet(); |
|
|
|
static X509Utilities() |
|
{ |
|
algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption); |
|
algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption); |
|
algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption); |
|
algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption); |
|
algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); |
|
algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); |
|
algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); |
|
algorithms.Add("SHA-1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); |
|
algorithms.Add("SHA224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); |
|
algorithms.Add("SHA-224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); |
|
algorithms.Add("SHA224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); |
|
algorithms.Add("SHA-224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); |
|
algorithms.Add("SHA256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); |
|
algorithms.Add("SHA-256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); |
|
algorithms.Add("SHA256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); |
|
algorithms.Add("SHA-256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); |
|
algorithms.Add("SHA384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); |
|
algorithms.Add("SHA-384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); |
|
algorithms.Add("SHA384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); |
|
algorithms.Add("SHA-384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); |
|
algorithms.Add("SHA512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); |
|
algorithms.Add("SHA-512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); |
|
algorithms.Add("SHA512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); |
|
algorithms.Add("SHA-512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); |
|
algorithms.Add("SHA512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); |
|
algorithms.Add("SHA-512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); |
|
algorithms.Add("SHA512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); |
|
algorithms.Add("SHA-512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); |
|
algorithms.Add("SHA512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); |
|
algorithms.Add("SHA-512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); |
|
algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); |
|
algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); |
|
algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); |
|
algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); |
|
algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); |
|
algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); |
|
algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); |
|
algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); |
|
algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); |
|
algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); |
|
algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); |
|
algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); |
|
algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); |
|
algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1); |
|
algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1); |
|
algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224); |
|
algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256); |
|
algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384); |
|
algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512); |
|
algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1); |
|
algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1); |
|
algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224); |
|
algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256); |
|
algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384); |
|
algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512); |
|
algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); |
|
algorithms.Add("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); |
|
algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); |
|
algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); |
|
algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); |
|
|
|
// |
|
// According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. |
|
// The parameters field SHALL be NULL for RSA based signature algorithms. |
|
// |
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1); |
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224); |
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256); |
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384); |
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512); |
|
noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1); |
|
noParams.Add(OiwObjectIdentifiers.DsaWithSha1); |
|
noParams.Add(NistObjectIdentifiers.DsaWithSha224); |
|
noParams.Add(NistObjectIdentifiers.DsaWithSha256); |
|
noParams.Add(NistObjectIdentifiers.DsaWithSha384); |
|
noParams.Add(NistObjectIdentifiers.DsaWithSha512); |
|
|
|
// |
|
// RFC 4491 |
|
// |
|
noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); |
|
noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); |
|
|
|
// |
|
// explicit params |
|
// |
|
AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance); |
|
exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20)); |
|
|
|
AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance); |
|
exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28)); |
|
|
|
AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance); |
|
exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32)); |
|
|
|
AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance); |
|
exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48)); |
|
|
|
AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance); |
|
exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64)); |
|
} |
|
|
|
private static RsassaPssParameters CreatePssParams( |
|
AlgorithmIdentifier hashAlgId, |
|
int saltSize) |
|
{ |
|
return new RsassaPssParameters( |
|
hashAlgId, |
|
new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId), |
|
new DerInteger(saltSize), |
|
new DerInteger(1)); |
|
} |
|
|
|
internal static DerObjectIdentifier GetAlgorithmOid( |
|
string algorithmName) |
|
{ |
|
algorithmName = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithmName); |
|
|
|
if (algorithms.Contains(algorithmName)) |
|
{ |
|
return (DerObjectIdentifier) algorithms[algorithmName]; |
|
} |
|
|
|
return new DerObjectIdentifier(algorithmName); |
|
} |
|
|
|
internal static AlgorithmIdentifier GetSigAlgID( |
|
DerObjectIdentifier sigOid, |
|
string algorithmName) |
|
{ |
|
if (noParams.Contains(sigOid)) |
|
{ |
|
return new AlgorithmIdentifier(sigOid); |
|
} |
|
|
|
algorithmName = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithmName); |
|
|
|
if (exParams.Contains(algorithmName)) |
|
{ |
|
return new AlgorithmIdentifier(sigOid, (Asn1Encodable) exParams[algorithmName]); |
|
} |
|
|
|
return new AlgorithmIdentifier(sigOid, DerNull.Instance); |
|
} |
|
|
|
internal static IEnumerable GetAlgNames() |
|
{ |
|
return new EnumerableProxy(algorithms.Keys); |
|
} |
|
|
|
internal static byte[] GetSignatureForObject( |
|
DerObjectIdentifier sigOid, // TODO Redundant now? |
|
string sigName, |
|
AsymmetricKeyParameter privateKey, |
|
SecureRandom random, |
|
Asn1Encodable ae) |
|
{ |
|
if (sigOid == null) |
|
throw new ArgumentNullException("sigOid"); |
|
|
|
ISigner sig = SignerUtilities.GetSigner(sigName); |
|
|
|
if (random != null) |
|
{ |
|
sig.Init(true, new ParametersWithRandom(privateKey, random)); |
|
} |
|
else |
|
{ |
|
sig.Init(true, privateKey); |
|
} |
|
|
|
byte[] encoded = ae.GetDerEncoded(); |
|
sig.BlockUpdate(encoded, 0, encoded.Length); |
|
|
|
return sig.GenerateSignature(); |
|
} |
|
} |
|
} |
|
#pragma warning restore |
|
#endif
|
|
|