X509V2AttributeCertificate.cs :  » PDF » iTextSharp » Org » BouncyCastle » X509 » C# / CSharp Open Source

using System;
using System.Collections;
using System.IO;

using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Security.Certificates;

namespace Org.BouncyCastle.X509{
  /// <summary>An implementation of a version 2 X.509 Attribute Certificate.</summary>
  public class X509V2AttributeCertificate
    : X509ExtensionBase, IX509AttributeCertificate
  {
    private readonly AttributeCertificate cert;
    private readonly DateTime notBefore;
    private readonly DateTime notAfter;

    public X509V2AttributeCertificate(
      Stream encIn)
      : this(new Asn1InputStream(encIn))
    {
    }

    public X509V2AttributeCertificate(
      byte[] encoded)
      : this(new Asn1InputStream(encoded))
    {
    }

    internal X509V2AttributeCertificate(
      Asn1InputStream ais)
      : this(AttributeCertificate.GetInstance(ais.ReadObject()))
    {
    }

    internal X509V2AttributeCertificate(
      AttributeCertificate cert)
    {
      this.cert = cert;

      try
      {
        this.notAfter = cert.ACInfo.AttrCertValidityPeriod.NotAfterTime.ToDateTime();
        this.notBefore = cert.ACInfo.AttrCertValidityPeriod.NotBeforeTime.ToDateTime();
      }
      catch (Exception e)
      {
        throw new IOException("invalid data structure in certificate!", e);
      }
    }

    public virtual int Version
    {
      get { return cert.ACInfo.Version.Value.IntValue + 1; }
    }

    public virtual BigInteger SerialNumber
    {
      get { return cert.ACInfo.SerialNumber.Value; }
    }

    public virtual AttributeCertificateHolder Holder
    {
      get
      {
        return new AttributeCertificateHolder((Asn1Sequence)cert.ACInfo.Holder.ToAsn1Object());
      }
    }

    public virtual AttributeCertificateIssuer Issuer
    {
      get
      {
        return new AttributeCertificateIssuer(cert.ACInfo.Issuer);
      }
    }

    public virtual DateTime NotBefore
    {
      get { return notBefore; }
    }

    public virtual DateTime NotAfter
    {
      get { return notAfter; }
    }

    public virtual bool[] GetIssuerUniqueID()
    {
      DerBitString id = cert.ACInfo.IssuerUniqueID;

      if (id != null)
      {
        byte[] bytes = id.GetBytes();
        bool[] boolId = new bool[bytes.Length * 8 - id.PadBits];

        for (int i = 0; i != boolId.Length; i++)
        {
          //boolId[i] = (bytes[i / 8] & (0x80 >>> (i % 8))) != 0;
          boolId[i] = (bytes[i / 8] & (0x80 >> (i % 8))) != 0;
        }

        return boolId;
      }

      return null;
    }

    public virtual bool IsValidNow
    {
      get { return IsValid(DateTime.UtcNow); }
    }

    public virtual bool IsValid(
      DateTime date)
    {
      return date.CompareTo(NotBefore) >= 0 && date.CompareTo(NotAfter) <= 0;
    }

    public virtual void CheckValidity()
    {
      this.CheckValidity(DateTime.UtcNow);
    }

    public virtual void CheckValidity(
      DateTime date)
    {
      if (date.CompareTo(NotAfter) > 0)
        throw new CertificateExpiredException("certificate expired on " + NotAfter);
      if (date.CompareTo(NotBefore) < 0)
        throw new CertificateNotYetValidException("certificate not valid until " + NotBefore);
    }

    public virtual byte[] GetSignature()
    {
      return cert.SignatureValue.GetBytes();
    }

    public virtual void Verify(
      AsymmetricKeyParameter publicKey)
    {
      if (!cert.SignatureAlgorithm.Equals(cert.ACInfo.Signature))
      {
        throw new CertificateException("Signature algorithm in certificate info not same as outer certificate");
      }

      ISigner signature = SignerUtilities.GetSigner(cert.SignatureAlgorithm.ObjectID.Id);

      signature.Init(false, publicKey);

      try
      {
        byte[] b = cert.ACInfo.GetEncoded();
        signature.BlockUpdate(b, 0, b.Length);
      }
      catch (IOException e)
      {
        throw new SignatureException("Exception encoding certificate info object", e);
      }

      if (!signature.VerifySignature(this.GetSignature()))
      {
        throw new InvalidKeyException("Public key presented not for certificate signature");
      }
    }

    public virtual byte[] GetEncoded()
    {
      return cert.GetEncoded();
    }

    protected override X509Extensions GetX509Extensions()
    {
      return cert.ACInfo.Extensions;
    }

    public virtual X509Attribute[] GetAttributes()
    {
      Asn1Sequence seq = cert.ACInfo.Attributes;
      X509Attribute[] attrs = new X509Attribute[seq.Count];

      for (int i = 0; i != seq.Count; i++)
      {
        attrs[i] = new X509Attribute((Asn1Encodable)seq[i]);
      }

      return attrs;
    }

    public virtual X509Attribute[] GetAttributes(
      string oid)
    {
      Asn1Sequence seq = cert.ACInfo.Attributes;
      ArrayList list = new ArrayList();

      for (int i = 0; i != seq.Count; i++)
      {
        X509Attribute attr = new X509Attribute((Asn1Encodable)seq[i]);
        if (attr.Oid.Equals(oid))
        {
          list.Add(attr);
        }
      }

      if (list.Count < 1)
      {
        return null;
      }

      return (X509Attribute[]) list.ToArray(typeof(X509Attribute));
    }

    public override bool Equals(
      object obj)
    {
      if (obj == this)
        return true;

      X509V2AttributeCertificate other = obj as X509V2AttributeCertificate;

      if (other == null)
        return false;

      return cert.Equals(other.cert);

      // NB: May prefer this implementation of Equals if more than one certificate implementation in play
      //return Arrays.AreEqual(this.GetEncoded(), other.GetEncoded());
    }

    public override int GetHashCode()
    {
      return cert.GetHashCode();
    }
  }
}