jellyfin/Emby.Server.Implementations/Cryptography/PKCS7.cs

//
// PKCS7.cs: PKCS #7 - Cryptographic Message Syntax Standard 
//	http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/index.html
//
// Authors:
//	Sebastien Pouliot <sebastien@ximian.com>
//	Daniel Granath <dgranath#gmail.com>
//
// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

using System;
using System.Collections;
using System.Security.Cryptography;

namespace Emby.Server.Core.Cryptography
{

    public sealed class PKCS7 {

		public class Oid {
			// pkcs 1
			public const string rsaEncryption = "1.2.840.113549.1.1.1";
			// pkcs 7
			public const string data = "1.2.840.113549.1.7.1";
			public const string signedData = "1.2.840.113549.1.7.2";
			public const string envelopedData = "1.2.840.113549.1.7.3";
			public const string signedAndEnvelopedData = "1.2.840.113549.1.7.4";
			public const string digestedData = "1.2.840.113549.1.7.5";
			public const string encryptedData = "1.2.840.113549.1.7.6";
			// pkcs 9
			public const string contentType = "1.2.840.113549.1.9.3";
			public const string messageDigest  = "1.2.840.113549.1.9.4";
			public const string signingTime = "1.2.840.113549.1.9.5";
			public const string countersignature = "1.2.840.113549.1.9.6";

			public Oid () 
			{
			}
		}

		private PKCS7 ()
		{
		}

		static public ASN1 Attribute (string oid, ASN1 value) 
		{
			ASN1 attr = new ASN1 (0x30);
			attr.Add (ASN1Convert.FromOid (oid));
			ASN1 aset = attr.Add (new ASN1 (0x31));
			aset.Add (value);
			return attr;
		}

		static public ASN1 AlgorithmIdentifier (string oid)
		{
			ASN1 ai = new ASN1 (0x30);
			ai.Add (ASN1Convert.FromOid (oid));
			ai.Add (new ASN1 (0x05));	// NULL
			return ai;
		}

		static public ASN1 AlgorithmIdentifier (string oid, ASN1 parameters) 
		{
			ASN1 ai = new ASN1 (0x30);
			ai.Add (ASN1Convert.FromOid (oid));
			ai.Add (parameters);
			return ai;
		}

		/*
		 * IssuerAndSerialNumber ::= SEQUENCE {
		 *	issuer Name,
		 *	serialNumber CertificateSerialNumber 
		 * }
		 */
		static public ASN1 IssuerAndSerialNumber (X509Certificate x509) 
		{
			ASN1 issuer = null;
			ASN1 serial = null;
			ASN1 cert = new ASN1 (x509.RawData);
			int tbs = 0;
			bool flag = false;
			while (tbs < cert[0].Count) {
				ASN1 e = cert[0][tbs++];
				if (e.Tag == 0x02)
					serial = e;
				else if (e.Tag == 0x30) {
					if (flag) {
						issuer = e;
						break;
					}
					flag = true;
				}
			}
			ASN1 iasn = new ASN1 (0x30);
			iasn.Add (issuer);
			iasn.Add (serial);
			return iasn;
		}

		/*
		 * ContentInfo ::= SEQUENCE {
		 *	contentType ContentType,
		 *	content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL 
		 * }
		 * ContentType ::= OBJECT IDENTIFIER
		 */
		public class ContentInfo {

			private string contentType;
			private ASN1 content;

			public ContentInfo () 
			{
				content = new ASN1 (0xA0);
			}

			public ContentInfo (string oid) : this ()
			{
				contentType = oid;
			}

			public ContentInfo (byte[] data) 
				: this (new ASN1 (data)) {}

			public ContentInfo (ASN1 asn1) 
			{
				// SEQUENCE with 1 or 2 elements
				if ((asn1.Tag != 0x30) || ((asn1.Count < 1) && (asn1.Count > 2)))
					throw new ArgumentException ("Invalid ASN1");
				if (asn1[0].Tag != 0x06)
					throw new ArgumentException ("Invalid contentType");
				contentType = ASN1Convert.ToOid (asn1[0]);
				if (asn1.Count > 1) {
					if (asn1[1].Tag != 0xA0)
						throw new ArgumentException ("Invalid content");
					content = asn1[1];
				}
			}

			public ASN1 ASN1 {
				get { return GetASN1(); }
			}

			public ASN1 Content {
				get { return content; }
				set { content = value; }
			}

			public string ContentType {
				get { return contentType; }
				set { contentType = value; }
			}

			internal ASN1 GetASN1 () 
			{
				// ContentInfo ::= SEQUENCE {
				ASN1 contentInfo = new ASN1 (0x30);
				// contentType ContentType, -> ContentType ::= OBJECT IDENTIFIER
				contentInfo.Add (ASN1Convert.FromOid (contentType));
				// content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL 
				if ((content != null) && (content.Count > 0))
					contentInfo.Add (content);
				return contentInfo;
			}

			public byte[] GetBytes () 
			{
				return GetASN1 ().GetBytes ();
			}
		}

		/*
		 * EncryptedData ::= SEQUENCE {
		 *	version		INTEGER {edVer0(0)} (edVer0),
		 *	 encryptedContentInfo  EncryptedContentInfo
		 * }
		 */
		public class EncryptedData {
			private byte _version;
			private ContentInfo _content;
			private ContentInfo _encryptionAlgorithm;
			private byte[] _encrypted;

			public EncryptedData () 
			{
				_version = 0;
			}

			public EncryptedData (byte[] data) 
				: this (new ASN1 (data))
			{
			}

			public EncryptedData (ASN1 asn1) : this () 
			{
				if ((asn1.Tag != 0x30) || (asn1.Count < 2))
					throw new ArgumentException ("Invalid EncryptedData");

				if (asn1 [0].Tag != 0x02)
					throw new ArgumentException ("Invalid version");
				_version = asn1 [0].Value [0];

				ASN1 encryptedContentInfo = asn1 [1];
				if (encryptedContentInfo.Tag != 0x30)
					throw new ArgumentException ("missing EncryptedContentInfo");

				ASN1 contentType = encryptedContentInfo [0];
				if (contentType.Tag != 0x06)
					throw new ArgumentException ("missing EncryptedContentInfo.ContentType");
				_content = new ContentInfo (ASN1Convert.ToOid (contentType));

				ASN1 contentEncryptionAlgorithm = encryptedContentInfo [1];
				if (contentEncryptionAlgorithm.Tag != 0x30)
					throw new ArgumentException ("missing EncryptedContentInfo.ContentEncryptionAlgorithmIdentifier");
				_encryptionAlgorithm = new ContentInfo (ASN1Convert.ToOid (contentEncryptionAlgorithm [0]));
				_encryptionAlgorithm.Content = contentEncryptionAlgorithm [1];
				
				ASN1 encryptedContent = encryptedContentInfo [2];
				if (encryptedContent.Tag != 0x80)
					throw new ArgumentException ("missing EncryptedContentInfo.EncryptedContent");
				_encrypted = encryptedContent.Value;
			}

			public ASN1 ASN1 {
				get { return GetASN1(); }
			}

			public ContentInfo ContentInfo {
				get { return _content; }
			}

			public ContentInfo EncryptionAlgorithm {
				get { return _encryptionAlgorithm; }
			}

			public byte[] EncryptedContent {
				get {
					if (_encrypted == null)
						return null;
					return (byte[]) _encrypted.Clone ();
				}
			}

			public byte Version {
				get { return _version; }
				set { _version = value; }
			}

			// methods

			internal ASN1 GetASN1 () 
			{
				return null;
			}

			public byte[] GetBytes () 
			{
				return GetASN1 ().GetBytes ();
			}
		}

		/*
		 * EnvelopedData ::= SEQUENCE {
		 *	version Version,
		 *	recipientInfos RecipientInfos,
		 *	encryptedContentInfo EncryptedContentInfo 
		 * }
		 * 
		 * RecipientInfos ::= SET OF RecipientInfo
		 * 
		 * EncryptedContentInfo ::= SEQUENCE {
		 *	contentType ContentType,
		 *	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
		 *	encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL 
		 * }
		 * 
		 * EncryptedContent ::= OCTET STRING
		 * 
		 */
		public class EnvelopedData {
			private byte _version;
			private ContentInfo _content;
			private ContentInfo _encryptionAlgorithm;
			private ArrayList _recipientInfos;
			private byte[] _encrypted;

			public EnvelopedData () 
			{
				_version = 0;
				_content = new ContentInfo ();
				_encryptionAlgorithm = new ContentInfo ();
				_recipientInfos = new ArrayList ();
			}

			public EnvelopedData (byte[] data) 
				: this (new ASN1 (data))
			{
			}

			public EnvelopedData (ASN1 asn1) : this ()
			{
				if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 3))
					throw new ArgumentException ("Invalid EnvelopedData");

				if (asn1[0][0].Tag != 0x02)
					throw new ArgumentException ("Invalid version");
				_version = asn1[0][0].Value[0];

				// recipientInfos

				ASN1 recipientInfos = asn1 [0][1];
				if (recipientInfos.Tag != 0x31)
					throw new ArgumentException ("missing RecipientInfos");
				for (int i=0; i < recipientInfos.Count; i++) {
					ASN1 recipientInfo = recipientInfos [i];
					_recipientInfos.Add (new RecipientInfo (recipientInfo));
				}

				ASN1 encryptedContentInfo = asn1[0][2];
				if (encryptedContentInfo.Tag != 0x30)
					throw new ArgumentException ("missing EncryptedContentInfo");

				ASN1 contentType = encryptedContentInfo [0];
				if (contentType.Tag != 0x06)
					throw new ArgumentException ("missing EncryptedContentInfo.ContentType");
				_content = new ContentInfo (ASN1Convert.ToOid (contentType));

				ASN1 contentEncryptionAlgorithm = encryptedContentInfo [1];
				if (contentEncryptionAlgorithm.Tag != 0x30)
					throw new ArgumentException ("missing EncryptedContentInfo.ContentEncryptionAlgorithmIdentifier");
				_encryptionAlgorithm = new ContentInfo (ASN1Convert.ToOid (contentEncryptionAlgorithm [0]));
				_encryptionAlgorithm.Content = contentEncryptionAlgorithm [1];
				
				ASN1 encryptedContent = encryptedContentInfo [2];
				if (encryptedContent.Tag != 0x80)
					throw new ArgumentException ("missing EncryptedContentInfo.EncryptedContent");
				_encrypted = encryptedContent.Value;
			}

			public ArrayList RecipientInfos {
				  get { return _recipientInfos; }
			}

			public ASN1 ASN1 {
				get { return GetASN1(); }
			}

			public ContentInfo ContentInfo {
				get { return _content; }
			}

			public ContentInfo EncryptionAlgorithm {
				get { return _encryptionAlgorithm; }
			}

			public byte[] EncryptedContent {
				get { 
					if (_encrypted == null)
						return null;
					return (byte[]) _encrypted.Clone ();
				}
			}

			public byte Version {
				get { return _version; }
				set { _version = value; }
			}

			internal ASN1 GetASN1 () 
			{
				// SignedData ::= SEQUENCE {
				ASN1 signedData = new ASN1 (0x30);
				// version Version -> Version ::= INTEGER
/*				byte[] ver = { _version };
				signedData.Add (new ASN1 (0x02, ver));
				// digestAlgorithms DigestAlgorithmIdentifiers -> DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
				ASN1 digestAlgorithms = signedData.Add (new ASN1 (0x31));
				if (hashAlgorithm != null) {
					string hashOid = CryptoConfig.MapNameToOid (hashAlgorithm);
					digestAlgorithms.Add (AlgorithmIdentifier (hashOid));
				}

				// contentInfo ContentInfo,
				ASN1 ci = contentInfo.ASN1;
				signedData.Add (ci);
				if ((mda == null) && (hashAlgorithm != null)) {
					// automatically add the messageDigest authenticated attribute
					HashAlgorithm ha = HashAlgorithm.Create (hashAlgorithm);
					byte[] idcHash = ha.ComputeHash (ci[1][0].Value);
					ASN1 md = new ASN1 (0x30);
					mda = Attribute (messageDigest, md.Add (new ASN1 (0x04, idcHash)));
					signerInfo.AuthenticatedAttributes.Add (mda);
				}

				// certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
				if (certs.Count > 0) {
					ASN1 a0 = signedData.Add (new ASN1 (0xA0));
					foreach (X509Certificate x in certs)
						a0.Add (new ASN1 (x.RawData));
				}
				// crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
				if (crls.Count > 0) {
					ASN1 a1 = signedData.Add (new ASN1 (0xA1));
					foreach (byte[] crl in crls)
						a1.Add (new ASN1 (crl));
				}
				// signerInfos SignerInfos -> SignerInfos ::= SET OF SignerInfo
				ASN1 signerInfos = signedData.Add (new ASN1 (0x31));
				if (signerInfo.Key != null)
					signerInfos.Add (signerInfo.ASN1);*/
				return signedData;
			}

			public byte[] GetBytes () {
				return GetASN1 ().GetBytes ();
			}
		}

		/* RecipientInfo ::= SEQUENCE {
		 *	version Version,
		 *	issuerAndSerialNumber IssuerAndSerialNumber,
		 *	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
		 *	encryptedKey EncryptedKey 
		 * }
		 * 
		 * KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
		 * 
		 * EncryptedKey ::= OCTET STRING
		 */
		public class RecipientInfo {

			private int _version;
			private string _oid;
			private byte[] _key;
			private byte[] _ski;
			private string _issuer;
			private byte[] _serial;

			public RecipientInfo () {}

			public RecipientInfo (ASN1 data) 
			{
				if (data.Tag != 0x30)
					throw new ArgumentException ("Invalid RecipientInfo");
				
				ASN1 version = data [0];
				if (version.Tag != 0x02)
					throw new ArgumentException ("missing Version");
				_version = version.Value [0];

				// issuerAndSerialNumber IssuerAndSerialNumber
				ASN1 subjectIdentifierType = data [1];
				if ((subjectIdentifierType.Tag == 0x80) && (_version == 3)) {
					_ski = subjectIdentifierType.Value;
				}
				else {
					_issuer = X501.ToString (subjectIdentifierType [0]);
					_serial = subjectIdentifierType [1].Value;
				}

				ASN1 keyEncryptionAlgorithm = data [2];
				_oid = ASN1Convert.ToOid (keyEncryptionAlgorithm [0]);

				ASN1 encryptedKey = data [3];
				_key = encryptedKey.Value;
			}

			public string Oid {
				get { return _oid; }
			}

			public byte[] Key {
				get { 
					if (_key == null)
						return null;
                                        return (byte[]) _key.Clone ();
				}
			}

			public byte[] SubjectKeyIdentifier {
				get { 
					if (_ski == null)
						return null;
					return (byte[]) _ski.Clone ();
				}
			}

			public string Issuer {
				get { return _issuer; }
			}

			public byte[] Serial {
				get { 
					if (_serial == null)
						return null;
					return (byte[]) _serial.Clone ();
				}
			}

			public int Version {
				get { return _version; }
			}
		}

		/*
		 * SignedData ::= SEQUENCE {
		 *	version Version,
		 *	digestAlgorithms DigestAlgorithmIdentifiers,
		 *	contentInfo ContentInfo,
		 *	certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
		 *	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
		 *	signerInfos SignerInfos 
		 * }
		 */
		public class SignedData {
			private byte version;
			private string hashAlgorithm;
			private ContentInfo contentInfo;
			private X509CertificateCollection certs;
			private ArrayList crls;
			private SignerInfo signerInfo;
			private bool mda;
			private bool signed;

			public SignedData () 
			{
				version = 1;
				contentInfo = new ContentInfo ();
				certs = new X509CertificateCollection ();
				crls = new ArrayList ();
				signerInfo = new SignerInfo ();
				mda = true;
				signed = false;
			}

			public SignedData (byte[] data) 
				: this (new ASN1 (data)) 
			{
			}

			public SignedData (ASN1 asn1) 
			{
				if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 4))
					throw new ArgumentException ("Invalid SignedData");

				if (asn1[0][0].Tag != 0x02)
					throw new ArgumentException ("Invalid version");
				version = asn1[0][0].Value[0];

				contentInfo = new ContentInfo (asn1[0][2]);

				int n = 3;
				certs = new X509CertificateCollection ();
				if (asn1[0][n].Tag == 0xA0) {
					for (int i=0; i < asn1[0][n].Count; i++)
						certs.Add (new X509Certificate (asn1[0][n][i].GetBytes ()));
					n++;
				}

				crls = new ArrayList ();
				if (asn1[0][n].Tag == 0xA1) {
					for (int i=0; i < asn1[0][n].Count; i++)
						crls.Add (asn1[0][n][i].GetBytes ());
					n++;
				}

				if (asn1[0][n].Count > 0)
					signerInfo = new SignerInfo (asn1[0][n]);
				else
					signerInfo = new SignerInfo ();

				// Exchange hash algorithm Oid from SignerInfo
				if (signerInfo.HashName != null) {
					HashName = OidToName(signerInfo.HashName);
				}
				
				// Check if SignerInfo has authenticated attributes
				mda = (signerInfo.AuthenticatedAttributes.Count > 0);
			}

			public ASN1 ASN1 {
				get { return GetASN1(); }
			}

			public X509CertificateCollection Certificates {
				get { return certs; }
			}

			public ContentInfo ContentInfo {
				get { return contentInfo; }
			}

			public ArrayList Crls {
				get { return crls; }
			}

			public string HashName {
				get { return hashAlgorithm; }
				// todo add validation
				set { 
					hashAlgorithm = value; 
					signerInfo.HashName = value;
				}
			}

			public SignerInfo SignerInfo {
				get { return signerInfo; }
			}

			public byte Version {
				get { return version; }
				set { version = value; }
			}

			public bool UseAuthenticatedAttributes {
				get { return mda; }
				set { mda = value; }
			}

			public bool VerifySignature (AsymmetricAlgorithm aa)
			{
				if (aa == null) {
					return false;
				}

				RSAPKCS1SignatureDeformatter r = new RSAPKCS1SignatureDeformatter (aa);
				r.SetHashAlgorithm (hashAlgorithm);
				HashAlgorithm ha = HashAlgorithm.Create (hashAlgorithm);

				byte[] signature = signerInfo.Signature;
				byte[] hash = null;

				if (mda) {
					ASN1 asn = new ASN1 (0x31);
					foreach (ASN1 attr in signerInfo.AuthenticatedAttributes)
						asn.Add (attr);

					hash = ha.ComputeHash (asn.GetBytes ());
				} else {
					hash = ha.ComputeHash (contentInfo.Content[0].Value);
				}

				if (hash != null && signature != null) {
					return r.VerifySignature (hash, signature);
				}
				return false;
			}

			internal string OidToName (string oid)
			{
				switch (oid) {
				case "1.3.14.3.2.26" :
					return "SHA1";
				case "1.2.840.113549.2.2" :
					return "MD2";
				case "1.2.840.113549.2.5" :
					return "MD5";
				case "2.16.840.1.101.3.4.1" :
					return "SHA256";
				case "2.16.840.1.101.3.4.2" :
					return "SHA384";
				case "2.16.840.1.101.3.4.3" :
					return "SHA512";
				default :
					break;
				}
				// Unknown Oid
				return oid;
			}

			internal ASN1 GetASN1 () 
			{
				// SignedData ::= SEQUENCE {
				ASN1 signedData = new ASN1 (0x30);
				// version Version -> Version ::= INTEGER
				byte[] ver = { version };
				signedData.Add (new ASN1 (0x02, ver));
				// digestAlgorithms DigestAlgorithmIdentifiers -> DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
				ASN1 digestAlgorithms = signedData.Add (new ASN1 (0x31));
				if (hashAlgorithm != null) {
					string hashOid = CryptoConfig.MapNameToOID (hashAlgorithm);
					digestAlgorithms.Add (AlgorithmIdentifier (hashOid));
				}

				// contentInfo ContentInfo,
				ASN1 ci = contentInfo.ASN1;
				signedData.Add (ci);
				if (!signed && (hashAlgorithm != null)) {
					if (mda) {
						// Use authenticated attributes for signature
						
						// Automatically add the contentType authenticated attribute
						ASN1 ctattr = Attribute (Oid.contentType, ci[0]);
						signerInfo.AuthenticatedAttributes.Add (ctattr);
						
						// Automatically add the messageDigest authenticated attribute
						HashAlgorithm ha = HashAlgorithm.Create (hashAlgorithm);
						byte[] idcHash = ha.ComputeHash (ci[1][0].Value);
						ASN1 md = new ASN1 (0x30);
						ASN1 mdattr = Attribute (Oid.messageDigest, md.Add (new ASN1 (0x04, idcHash)));
						signerInfo.AuthenticatedAttributes.Add (mdattr);
					} else {
						// Don't use authenticated attributes for signature -- signature is content
						RSAPKCS1SignatureFormatter r = new RSAPKCS1SignatureFormatter (signerInfo.Key);
						r.SetHashAlgorithm (hashAlgorithm);
						HashAlgorithm ha = HashAlgorithm.Create (hashAlgorithm);
						byte[] sig = ha.ComputeHash (ci[1][0].Value);
						signerInfo.Signature = r.CreateSignature (sig);
					}
					signed = true;
				}

				// certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
				if (certs.Count > 0) {
					ASN1 a0 = signedData.Add (new ASN1 (0xA0));
					foreach (X509Certificate x in certs)
						a0.Add (new ASN1 (x.RawData));
				}
				// crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
				if (crls.Count > 0) {
					ASN1 a1 = signedData.Add (new ASN1 (0xA1));
					foreach (byte[] crl in crls)
						a1.Add (new ASN1 (crl));
				}
				// signerInfos SignerInfos -> SignerInfos ::= SET OF SignerInfo
				ASN1 signerInfos = signedData.Add (new ASN1 (0x31));
				if (signerInfo.Key != null)
					signerInfos.Add (signerInfo.ASN1);
				return signedData;
			}

			public byte[] GetBytes () 
			{
				return GetASN1 ().GetBytes ();
			}
		}

		/*
		 * SignerInfo ::= SEQUENCE {
		 *	version Version,
		 * 	issuerAndSerialNumber IssuerAndSerialNumber,
		 * 	digestAlgorithm DigestAlgorithmIdentifier,
		 * 	authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
		 * 	digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
		 * 	encryptedDigest EncryptedDigest,
		 * 	unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL 
		 * }
		 * 
		 * For version == 3 issuerAndSerialNumber may be replaced by ...
		 */
		public class SignerInfo {

			private byte version;
			private X509Certificate x509;
			private string hashAlgorithm;
			private AsymmetricAlgorithm key;
			private ArrayList authenticatedAttributes;
			private ArrayList unauthenticatedAttributes;
			private byte[] signature;
			private string issuer;
			private byte[] serial;
			private byte[] ski;

			public SignerInfo () 
			{
				version = 1;
				authenticatedAttributes = new ArrayList ();
				unauthenticatedAttributes = new ArrayList ();
			}

			public SignerInfo (byte[] data) 
				: this (new ASN1 (data)) {}

			// TODO: INCOMPLETE
			public SignerInfo (ASN1 asn1) : this () 
			{
				if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 5))
					throw new ArgumentException ("Invalid SignedData");

				// version Version
				if (asn1[0][0].Tag != 0x02)
					throw new ArgumentException ("Invalid version");
				version = asn1[0][0].Value[0];

				// issuerAndSerialNumber IssuerAndSerialNumber
				ASN1 subjectIdentifierType = asn1 [0][1];
				if ((subjectIdentifierType.Tag == 0x80) && (version == 3)) {
					ski = subjectIdentifierType.Value;
				}
				else {
					issuer = X501.ToString (subjectIdentifierType [0]);
					serial = subjectIdentifierType [1].Value;
				}

				// digestAlgorithm DigestAlgorithmIdentifier
				ASN1 digestAlgorithm = asn1 [0][2];
				hashAlgorithm = ASN1Convert.ToOid (digestAlgorithm [0]);

				// authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL
				int n = 3;
				ASN1 authAttributes = asn1 [0][n];
				if (authAttributes.Tag == 0xA0) {
					n++;
					for (int i=0; i < authAttributes.Count; i++)
						authenticatedAttributes.Add (authAttributes [i]);
				}

				// digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier
				n++;
				// ASN1 digestEncryptionAlgorithm = asn1 [0][n++];
				// string digestEncryptionAlgorithmOid = ASN1Convert.ToOid (digestEncryptionAlgorithm [0]);

				// encryptedDigest EncryptedDigest
				ASN1 encryptedDigest = asn1 [0][n++];
				if (encryptedDigest.Tag == 0x04)
					signature = encryptedDigest.Value;

				// unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
				ASN1 unauthAttributes = asn1 [0][n];
				if ((unauthAttributes != null) && (unauthAttributes.Tag == 0xA1)) {
					for (int i=0; i < unauthAttributes.Count; i++)
						unauthenticatedAttributes.Add (unauthAttributes [i]);
				}
			}

			public string IssuerName {
				get { return issuer; }
			}

			public byte[] SerialNumber {
				get { 
					if (serial == null)
						return null;
					return (byte[]) serial.Clone (); 
				}
			}

			public byte[] SubjectKeyIdentifier {
				get { 
					if (ski == null)
						return null;
					return (byte[]) ski.Clone (); 
				}
			}

			public ASN1 ASN1 {
				get { return GetASN1(); }
			}

			public ArrayList AuthenticatedAttributes {
				get { return authenticatedAttributes; }
			}

			public X509Certificate Certificate {
				get { return x509; }
				set { x509 = value; }
			}

			public string HashName {
				get { return hashAlgorithm; }
				set { hashAlgorithm = value; }
			}

			public AsymmetricAlgorithm Key {
				get { return key; }
				set { key = value; }
			}

			public byte[] Signature {
				get { 
					if (signature == null)
						return null;
					return (byte[]) signature.Clone (); 
				}

				set {
					if (value != null) {
						signature = (byte[]) value.Clone ();
					}
				}
			}

			public ArrayList UnauthenticatedAttributes {
				get { return unauthenticatedAttributes; }
			}

			public byte Version {
				get { return version; }
				set { version = value; }
			}

			internal ASN1 GetASN1 () 
			{
				if ((key == null) || (hashAlgorithm == null))
					return null;
				byte[] ver = { version };
				ASN1 signerInfo = new ASN1 (0x30);
				// version Version -> Version ::= INTEGER
				signerInfo.Add (new ASN1 (0x02, ver));
				// issuerAndSerialNumber IssuerAndSerialNumber,
				signerInfo.Add (PKCS7.IssuerAndSerialNumber (x509));
				// digestAlgorithm DigestAlgorithmIdentifier,
				string hashOid = CryptoConfig.MapNameToOID (hashAlgorithm);
				signerInfo.Add (AlgorithmIdentifier (hashOid));
				// authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
				ASN1 aa = null;
				if (authenticatedAttributes.Count > 0) {
					aa = signerInfo.Add (new ASN1 (0xA0));
					authenticatedAttributes.Sort(new SortedSet ());
					foreach (ASN1 attr in authenticatedAttributes)
						aa.Add (attr);
				}
				// digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
				if (key is RSA) {
					signerInfo.Add (AlgorithmIdentifier (PKCS7.Oid.rsaEncryption));

					if (aa != null) {
						// Calculate the signature here; otherwise it must be set from SignedData
						RSAPKCS1SignatureFormatter r = new RSAPKCS1SignatureFormatter (key);
						r.SetHashAlgorithm (hashAlgorithm);
						byte[] tbs = aa.GetBytes ();
						tbs [0] = 0x31; // not 0xA0 for signature
						HashAlgorithm ha = HashAlgorithm.Create (hashAlgorithm);
						byte[] tbsHash = ha.ComputeHash (tbs);
						signature = r.CreateSignature (tbsHash);
					}
				}
				else if (key is DSA) {
					throw new NotImplementedException ("not yet");
				}
				else
					throw new CryptographicException ("Unknown assymetric algorithm");
				// encryptedDigest EncryptedDigest,
				signerInfo.Add (new ASN1 (0x04, signature));
				// unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL 
				if (unauthenticatedAttributes.Count > 0) {
					ASN1 ua = signerInfo.Add (new ASN1 (0xA1));
					unauthenticatedAttributes.Sort(new SortedSet ());
					foreach (ASN1 attr in unauthenticatedAttributes)
						ua.Add (attr);
				}
				return signerInfo;
			}

			public byte[] GetBytes () 
			{
				return GetASN1 ().GetBytes ();
			}
		}

		internal class SortedSet : IComparer {

			public int Compare (object x, object y)
			{
				if (x == null)
					return (y == null) ? 0 : -1;
				else if (y == null)
					return 1;

				ASN1 xx = x as ASN1;
				ASN1 yy = y as ASN1;
				
				if ((xx == null) || (yy == null)) {
					throw new ArgumentException (("Invalid objects."));
				}

				byte[] xb = xx.GetBytes ();
				byte[] yb = yy.GetBytes ();

				for (int i = 0; i < xb.Length; i++) {
					if (i == yb.Length)
						break;

					if (xb[i] == yb[i]) 
						continue;
						
					return (xb[i] < yb[i]) ? -1 : 1; 
				}

				// The arrays are equal up to the shortest of them.
				if (xb.Length > yb.Length)
					return 1;
				else if (xb.Length < yb.Length)
					return -1;

				return 0;
			}
		}
	}
}