diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-09-20 18:26:22 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-09-20 18:26:22 +0700 |
| commit | f63eb403a0ad2fc869225ee1cce60e225c11c66c (patch) | |
| tree | f17125b27ac3803f168d16f95fb3b6a78e190bdc | |
| parent | Port of Asn1.Cmp tests from bc-java (diff) | |
| download | BouncyCastle.NET-ed25519-f63eb403a0ad2fc869225ee1cce60e225c11c66c.tar.xz | |
Cmp updates
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContent.cs | 16 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContentBuilder.cs | 37 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateStatus.cs | 12 | ||||
| -rw-r--r-- | crypto/src/cmp/GeneralPkiMessage.cs | 28 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessage.cs | 91 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessageBuilder.cs | 52 | ||||
| -rw-r--r-- | crypto/src/cmp/RevocationDetails.cs | 30 | ||||
| -rw-r--r-- | crypto/src/cmp/RevocationDetailsBuilder.cs | 18 | ||||
| -rw-r--r-- | crypto/test/src/cmp/test/ProtectedMessageTest.cs | 263 |
9 files changed, 236 insertions, 311 deletions
diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs index ad46ca039..ceb34e2c8 100644 --- a/crypto/src/cmp/CertificateConfirmationContent.cs +++ b/crypto/src/cmp/CertificateConfirmationContent.cs @@ -7,33 +7,33 @@ namespace Org.BouncyCastle.Cmp { public class CertificateConfirmationContent { - private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private readonly CertConfirmContent content; + private readonly DefaultDigestAlgorithmIdentifierFinder m_digestAlgFinder; + private readonly CertConfirmContent m_content; public CertificateConfirmationContent(CertConfirmContent content) { - this.content = content; + this.m_content = content; } public CertificateConfirmationContent(CertConfirmContent content, DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) { - this.content = content; - this.digestAlgFinder = digestAlgFinder; + this.m_content = content; + this.m_digestAlgFinder = digestAlgFinder; } public CertConfirmContent ToAsn1Structure() { - return content; + return m_content; } public CertificateStatus[] GetStatusMessages() { - CertStatus[] statusArray = content.ToCertStatusArray(); + CertStatus[] statusArray = m_content.ToCertStatusArray(); CertificateStatus[] ret = new CertificateStatus[statusArray.Length]; for (int i = 0; i != ret.Length; i++) { - ret[i] = new CertificateStatus(digestAlgFinder, statusArray[i]); + ret[i] = new CertificateStatus(m_digestAlgFinder, statusArray[i]); } return ret; diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs index b0647f9a5..fa7e5a897 100644 --- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs +++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs @@ -1,5 +1,4 @@ -using System; -using System.Collections.Generic; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; @@ -11,13 +10,14 @@ using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cmp { - public class CertificateConfirmationContentBuilder + public sealed class CertificateConfirmationContentBuilder { - private static readonly DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); + private static readonly DefaultSignatureAlgorithmIdentifierFinder SigAlgFinder = + new DefaultSignatureAlgorithmIdentifierFinder(); - private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private readonly IList<X509Certificate> acceptedCerts = new List<X509Certificate>(); - private readonly IList<BigInteger> acceptedReqIds = new List<BigInteger>(); + private readonly DefaultDigestAlgorithmIdentifierFinder m_digestAlgFinder; + private readonly IList<X509Certificate> m_acceptedCerts = new List<X509Certificate>(); + private readonly IList<BigInteger> m_acceptedReqIDs = new List<BigInteger>(); public CertificateConfirmationContentBuilder() : this(new DefaultDigestAlgorithmIdentifierFinder()) @@ -26,39 +26,40 @@ namespace Org.BouncyCastle.Cmp public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) { - this.digestAlgFinder = digestAlgFinder; + this.m_digestAlgFinder = digestAlgFinder; } public CertificateConfirmationContentBuilder AddAcceptedCertificate(X509Certificate certHolder, BigInteger certReqId) { - acceptedCerts.Add(certHolder); - acceptedReqIds.Add(certReqId); + m_acceptedCerts.Add(certHolder); + m_acceptedReqIDs.Add(certReqId); return this; } public CertificateConfirmationContent Build() { Asn1EncodableVector v = new Asn1EncodableVector(); - for (int i = 0; i != acceptedCerts.Count; i++) + for (int i = 0; i != m_acceptedCerts.Count; i++) { - X509Certificate cert = acceptedCerts[i]; - BigInteger reqId = acceptedReqIds[i]; + X509Certificate cert = m_acceptedCerts[i]; + BigInteger reqID = m_acceptedReqIDs[i]; + AlgorithmIdentifier algorithmIdentifier = SigAlgFinder.Find(cert.SigAlgName); + if (null == algorithmIdentifier) + throw new CmpException("cannot find algorithm identifier for signature name"); - AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName); - - AlgorithmIdentifier digAlg = digestAlgFinder.Find(algorithmIdentifier); + AlgorithmIdentifier digAlg = m_digestAlgFinder.Find(algorithmIdentifier); if (null == digAlg) throw new CmpException("cannot find algorithm for digest from signature"); byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded()); - v.Add(new CertStatus(digest, reqId)); + v.Add(new CertStatus(digest, reqID)); } return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)), - digestAlgFinder); + m_digestAlgFinder); } } } diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs index 2e3afe3b6..e697f73bc 100644 --- a/crypto/src/cmp/CertificateStatus.cs +++ b/crypto/src/cmp/CertificateStatus.cs @@ -24,17 +24,11 @@ namespace Org.BouncyCastle.Cmp this.certStatus = certStatus; } - public PkiStatusInfo PkiStatusInfo - { - get { return certStatus.StatusInfo; } - } + public virtual PkiStatusInfo StatusInfo => certStatus.StatusInfo; - public BigInteger CertRequestId - { - get { return certStatus.CertReqID.Value; } - } + public virtual BigInteger CertRequestID => certStatus.CertReqID.Value; - public bool IsVerified(X509Certificate cert) + public virtual bool IsVerified(X509Certificate cert) { AlgorithmIdentifier digAlg = digestAlgFinder.Find(sigAlgFinder.Find(cert.SigAlgName)); if (null == digAlg) diff --git a/crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/cmp/GeneralPkiMessage.cs index 9b12ee77b..d52161f6c 100644 --- a/crypto/src/cmp/GeneralPkiMessage.cs +++ b/crypto/src/cmp/GeneralPkiMessage.cs @@ -1,13 +1,11 @@ -using System; - -using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; namespace Org.BouncyCastle.Cmp { public class GeneralPkiMessage { - private readonly PkiMessage pkiMessage; + private readonly PkiMessage m_pkiMessage; private static PkiMessage ParseBytes(byte[] encoding) { @@ -20,7 +18,7 @@ namespace Org.BouncyCastle.Cmp /// <param name="pkiMessage">PKI message.</param> public GeneralPkiMessage(PkiMessage pkiMessage) { - this.pkiMessage = pkiMessage; + this.m_pkiMessage = pkiMessage; } /// <summary> @@ -32,28 +30,16 @@ namespace Org.BouncyCastle.Cmp { } - public PkiHeader Header - { - get { return pkiMessage.Header; } - } + public virtual PkiHeader Header => m_pkiMessage.Header; - public PkiBody Body - { - get { return pkiMessage.Body; } - } + public virtual PkiBody Body => m_pkiMessage.Body; /// <summary> /// Return true if this message has protection bits on it. A return value of true /// indicates the message can be used to construct a ProtectedPKIMessage. /// </summary> - public bool HasProtection - { - get { return pkiMessage.Protection != null; } - } + public virtual bool HasProtection => m_pkiMessage.Protection != null; - public PkiMessage ToAsn1Structure() - { - return pkiMessage; - } + public virtual PkiMessage ToAsn1Structure() => m_pkiMessage; } } diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs index 738fd8ab3..f99672cc7 100644 --- a/crypto/src/cmp/ProtectedPkiMessage.cs +++ b/crypto/src/cmp/ProtectedPkiMessage.cs @@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Cmp /// </summary> public class ProtectedPkiMessage { - private readonly PkiMessage pkiMessage; + private readonly PkiMessage m_pkiMessage; /// <summary> /// Wrap a general message. @@ -25,11 +25,12 @@ namespace Org.BouncyCastle.Cmp public ProtectedPkiMessage(GeneralPkiMessage pkiMessage) { if (!pkiMessage.HasProtection) - throw new ArgumentException("pki message not protected"); + throw new ArgumentException("GeneralPkiMessage not protected"); - this.pkiMessage = pkiMessage.ToAsn1Structure(); + this.m_pkiMessage = pkiMessage.ToAsn1Structure(); } + // TODO[cmp] Make internal? (Has test that uses it) /// <summary> /// Wrap a PKI message. /// </summary> @@ -38,63 +39,49 @@ namespace Org.BouncyCastle.Cmp public ProtectedPkiMessage(PkiMessage pkiMessage) { if (null == pkiMessage.Header.ProtectionAlg) - throw new ArgumentException("pki message not protected"); + throw new ArgumentException("PkiMessage not protected"); - this.pkiMessage = pkiMessage; + this.m_pkiMessage = pkiMessage; } - /// <summary> - /// Message header - /// </summary> - public PkiHeader Header - { - get { return pkiMessage.Header; } - } + /// <summary>Message header</summary> + public virtual PkiHeader Header => m_pkiMessage.Header; - /// <summary> - /// Message Body - /// </summary> - public PkiBody Body - { - get { return pkiMessage.Body; } - } + /// <summary>Message body</summary> + public virtual PkiBody Body => m_pkiMessage.Body; /// <summary> /// Return the underlying ASN.1 structure contained in this object. /// </summary> - /// <returns>PKI Message structure</returns> - public PkiMessage ToAsn1Message() - { - return pkiMessage; - } + /// <returns>PkiMessage structure</returns> + public virtual PkiMessage ToAsn1Message() => m_pkiMessage; /// <summary> /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[]) /// to verify the message if this method returns true. /// </summary> /// <returns>true if protection MAC PBE based, false otherwise.</returns> - public bool HasPasswordBasedMacProtected + public virtual bool HasPasswordBasedMacProtected { - get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } + get { return CmpObjectIdentifiers.passwordBasedMac.Equals(Header.ProtectionAlg.Algorithm); } } /// <summary> /// Return the extra certificates associated with this message. /// </summary> /// <returns>an array of extra certificates, zero length if none present.</returns> - public X509Certificate[] GetCertificates() + public virtual X509Certificate[] GetCertificates() { - CmpCertificate[] certs = pkiMessage.GetExtraCerts(); + CmpCertificate[] certs = m_pkiMessage.GetExtraCerts(); if (null == certs) return new X509Certificate[0]; - X509Certificate[] res = new X509Certificate[certs.Length]; + X509Certificate[] result = new X509Certificate[certs.Length]; for (int t = 0; t < certs.Length; t++) { - res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded())); + result[t] = new X509Certificate(certs[t].X509v3PKCert); } - - return res; + return result; } /// <summary> @@ -102,27 +89,13 @@ namespace Org.BouncyCastle.Cmp /// </summary> /// <param name="verifierFactory">a factory of signature verifiers.</param> /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns> - public bool Verify(IVerifierFactory verifierFactory) + public virtual bool Verify(IVerifierFactory verifierFactory) { IStreamCalculator<IVerifier> streamCalculator = verifierFactory.CreateCalculator(); IVerifier result = Process(streamCalculator); - return result.IsVerified(pkiMessage.Protection.GetBytes()); - } - - private TResult Process<TResult>(IStreamCalculator<TResult> streamCalculator) - { - Asn1EncodableVector avec = new Asn1EncodableVector(); - avec.Add(pkiMessage.Header); - avec.Add(pkiMessage.Body); - byte[] enc = new DerSequence(avec).GetDerEncoded(); - - streamCalculator.Stream.Write(enc, 0, enc.Length); - streamCalculator.Stream.Flush(); - Platform.Dispose(streamCalculator.Stream); - - return streamCalculator.GetResult(); + return result.IsVerified(m_pkiMessage.Protection.GetBytes()); } /// <summary> @@ -132,18 +105,32 @@ namespace Org.BouncyCastle.Cmp /// <param name="password">the MAC password</param> /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns> /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception> - public bool Verify(PKMacBuilder pkMacBuilder, char[] password) + public virtual bool Verify(PKMacBuilder pkMacBuilder, char[] password) { - if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm)) + if (!CmpObjectIdentifiers.passwordBasedMac.Equals(m_pkiMessage.Header.ProtectionAlg.Algorithm)) throw new InvalidOperationException("protection algorithm is not mac based"); - PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters); + PbmParameter parameter = PbmParameter.GetInstance(m_pkiMessage.Header.ProtectionAlg.Parameters); pkMacBuilder.SetParameters(parameter); IBlockResult result = Process(pkMacBuilder.Build(password).CreateCalculator()); - return Arrays.ConstantTimeAreEqual(result.Collect(), this.pkiMessage.Protection.GetBytes()); + return Arrays.ConstantTimeAreEqual(result.Collect(), m_pkiMessage.Protection.GetBytes()); + } + + private TResult Process<TResult>(IStreamCalculator<TResult> streamCalculator) + { + Asn1EncodableVector avec = new Asn1EncodableVector(); + avec.Add(m_pkiMessage.Header); + avec.Add(m_pkiMessage.Body); + byte[] enc = new DerSequence(avec).GetDerEncoded(); + + streamCalculator.Stream.Write(enc, 0, enc.Length); + streamCalculator.Stream.Flush(); + Platform.Dispose(streamCalculator.Stream); + + return streamCalculator.GetResult(); } } } diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs index 8573d1fc8..837eb177f 100644 --- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -5,17 +5,16 @@ using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cmp { - public class ProtectedPkiMessageBuilder + public sealed class ProtectedPkiMessageBuilder { - private PkiHeaderBuilder hdrBuilBuilder; + private readonly PkiHeaderBuilder m_hdrBuilder; private PkiBody body; - private List<InfoTypeAndValue> generalInfos = new List<InfoTypeAndValue>(); - private List<X509Certificate> extraCerts = new List<X509Certificate>(); + private readonly List<InfoTypeAndValue> generalInfos = new List<InfoTypeAndValue>(); + private readonly List<X509Certificate> extraCerts = new List<X509Certificate>(); public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient) : this(PkiHeader.CMP_2000, sender, recipient) @@ -24,18 +23,18 @@ namespace Org.BouncyCastle.Cmp public ProtectedPkiMessageBuilder(int pvno, GeneralName sender, GeneralName recipient) { - hdrBuilBuilder = new PkiHeaderBuilder(pvno, sender, recipient); + m_hdrBuilder = new PkiHeaderBuilder(pvno, sender, recipient); } public ProtectedPkiMessageBuilder SetTransactionId(byte[] tid) { - hdrBuilBuilder.SetTransactionID(tid); + m_hdrBuilder.SetTransactionID(tid); return this; } public ProtectedPkiMessageBuilder SetFreeText(PkiFreeText freeText) { - hdrBuilBuilder.SetFreeText(freeText); + m_hdrBuilder.SetFreeText(freeText); return this; } @@ -47,31 +46,31 @@ namespace Org.BouncyCastle.Cmp public ProtectedPkiMessageBuilder SetMessageTime(DerGeneralizedTime generalizedTime) { - hdrBuilBuilder.SetMessageTime(generalizedTime); + m_hdrBuilder.SetMessageTime(generalizedTime); return this; } public ProtectedPkiMessageBuilder SetRecipKID(byte[] id) { - hdrBuilBuilder.SetRecipKID(id); + m_hdrBuilder.SetRecipKID(id); return this; } public ProtectedPkiMessageBuilder SetRecipNonce(byte[] nonce) { - hdrBuilBuilder.SetRecipNonce(nonce); + m_hdrBuilder.SetRecipNonce(nonce); return this; } public ProtectedPkiMessageBuilder SetSenderKID(byte[] id) { - hdrBuilBuilder.SetSenderKID(id); + m_hdrBuilder.SetSenderKID(id); return this; } public ProtectedPkiMessageBuilder SetSenderNonce(byte[] nonce) { - hdrBuilBuilder.SetSenderNonce(nonce); + m_hdrBuilder.SetSenderNonce(nonce); return this; } @@ -94,35 +93,37 @@ namespace Org.BouncyCastle.Cmp IStreamCalculator<IBlockResult> calculator = signatureFactory.CreateCalculator(); - if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier)) - { + if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier algorithmDetails)) throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier"); - } - FinalizeHeader((AlgorithmIdentifier)signatureFactory.AlgorithmDetails); - PkiHeader header = hdrBuilBuilder.Build(); + FinalizeHeader(algorithmDetails); + PkiHeader header = m_hdrBuilder.Build(); DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); return FinalizeMessage(header, protection); } - public ProtectedPkiMessage Build(IMacFactory factory) + public ProtectedPkiMessage Build(IMacFactory macFactory) { if (null == body) throw new InvalidOperationException("body must be set before building"); - IStreamCalculator<IBlockResult> calculator = factory.CreateCalculator(); - FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); - PkiHeader header = hdrBuilBuilder.Build(); + IStreamCalculator<IBlockResult> calculator = macFactory.CreateCalculator(); + + if (!(macFactory.AlgorithmDetails is AlgorithmIdentifier algorithmDetails)) + throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier"); + + FinalizeHeader(algorithmDetails); + PkiHeader header = m_hdrBuilder.Build(); DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); return FinalizeMessage(header, protection); } private void FinalizeHeader(AlgorithmIdentifier algorithmIdentifier) { - hdrBuilBuilder.SetProtectionAlg(algorithmIdentifier); + m_hdrBuilder.SetProtectionAlg(algorithmIdentifier); if (generalInfos.Count > 0) { - hdrBuilBuilder.SetGeneralInfo(generalInfos.ToArray()); + m_hdrBuilder.SetGeneralInfo(generalInfos.ToArray()); } } @@ -134,8 +135,7 @@ namespace Org.BouncyCastle.Cmp CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count]; for (int i = 0; i < cmpCertificates.Length; i++) { - byte[] cert = extraCerts[i].GetEncoded(); - cmpCertificates[i] = CmpCertificate.GetInstance(Asn1Object.FromByteArray(cert)); + cmpCertificates[i] = new CmpCertificate(extraCerts[i].CertificateStructure); } return new ProtectedPkiMessage(new PkiMessage(header, body, protection, cmpCertificates)); diff --git a/crypto/src/cmp/RevocationDetails.cs b/crypto/src/cmp/RevocationDetails.cs index 2d3f9a5eb..6060c6575 100644 --- a/crypto/src/cmp/RevocationDetails.cs +++ b/crypto/src/cmp/RevocationDetails.cs @@ -1,38 +1,24 @@ -using System; - -using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Math; namespace Org.BouncyCastle.Cmp { - public class RevocationDetails + public struct RevocationDetails { - private readonly RevDetails revDetails; + private readonly RevDetails m_revDetails; public RevocationDetails(RevDetails revDetails) { - this.revDetails = revDetails; + m_revDetails = revDetails; } - public X509Name Subject - { - get { return revDetails.CertDetails.Subject; } - } + public X509Name Subject => m_revDetails.CertDetails.Subject; - public X509Name Issuer - { - get { return revDetails.CertDetails.Issuer; } - } + public X509Name Issuer => m_revDetails.CertDetails.Issuer; - public BigInteger SerialNumber - { - get { return revDetails.CertDetails.SerialNumber.Value; } - } + public BigInteger SerialNumber => m_revDetails.CertDetails.SerialNumber.Value; - public RevDetails ToASN1Structure() - { - return revDetails; - } + public RevDetails ToASN1Structure() => m_revDetails; } } diff --git a/crypto/src/cmp/RevocationDetailsBuilder.cs b/crypto/src/cmp/RevocationDetailsBuilder.cs index b3be01242..086bf9c11 100644 --- a/crypto/src/cmp/RevocationDetailsBuilder.cs +++ b/crypto/src/cmp/RevocationDetailsBuilder.cs @@ -1,6 +1,4 @@ -using System; - -using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Asn1.X509; @@ -8,15 +6,15 @@ using Org.BouncyCastle.Math; namespace Org.BouncyCastle.Cmp { - public class RevocationDetailsBuilder + public sealed class RevocationDetailsBuilder { - private readonly CertTemplateBuilder _templateBuilder = new CertTemplateBuilder(); + private readonly CertTemplateBuilder m_templateBuilder = new CertTemplateBuilder(); public RevocationDetailsBuilder SetPublicKey(SubjectPublicKeyInfo publicKey) { if (publicKey != null) { - _templateBuilder.SetPublicKey(publicKey); + m_templateBuilder.SetPublicKey(publicKey); } return this; @@ -26,7 +24,7 @@ namespace Org.BouncyCastle.Cmp { if (issuer != null) { - _templateBuilder.SetIssuer(issuer); + m_templateBuilder.SetIssuer(issuer); } return this; @@ -36,7 +34,7 @@ namespace Org.BouncyCastle.Cmp { if (serialNumber != null) { - _templateBuilder.SetSerialNumber(new DerInteger(serialNumber)); + m_templateBuilder.SetSerialNumber(new DerInteger(serialNumber)); } return this; @@ -46,7 +44,7 @@ namespace Org.BouncyCastle.Cmp { if (subject != null) { - _templateBuilder.SetSubject(subject); + m_templateBuilder.SetSubject(subject); } return this; @@ -54,7 +52,7 @@ namespace Org.BouncyCastle.Cmp public RevocationDetails Build() { - return new RevocationDetails(new RevDetails(_templateBuilder.Build())); + return new RevocationDetails(new RevDetails(m_templateBuilder.Build())); } } } \ No newline at end of file diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs index b66e11bac..7f6001d81 100644 --- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs +++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs @@ -22,7 +22,8 @@ using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cmp.Tests { [TestFixture] - public class ProtectedMessageTest : SimpleTest + public class ProtectedMessageTest + : SimpleTest { public override string Name { @@ -39,87 +40,57 @@ namespace Org.BouncyCastle.Cmp.Tests TestSampleCr(); } - // [Test] - // public void TestServerSideKey() - // { - // RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - // rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - // AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - // - // TestCertBuilder builder = new TestCertBuilder() - // { - // Issuer = new X509Name("CN=Test"), - // Subject = new X509Name("CN=Test"), - // NotBefore = DateTime.UtcNow.AddDays(-1), - // NotAfter = DateTime.UtcNow.AddDays(1), - // PublicKey = rsaKeyPair.Public, - // SignatureAlgorithm = "MD5WithRSAEncryption" - // }; - // - // builder.AddAttribute(X509Name.C, "Foo"); - // X509Certificate cert = builder.Build(rsaKeyPair.Private); - // - // GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - // GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - // - // - // - // } + //[Test] + //public void TestServerSideKey() + //{ + // RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); + // rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 512, 100)); + // AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); + + // TestCertBuilder builder = new TestCertBuilder() + // { + // Issuer = new X509Name("CN=Test"), + // Subject = new X509Name("CN=Test"), + // NotBefore = DateTime.UtcNow.AddDays(-1), + // NotAfter = DateTime.UtcNow.AddDays(1), + // PublicKey = rsaKeyPair.Public, + // SignatureAlgorithm = "MD5WithRSAEncryption", + // }; + // builder.AddAttribute(X509Name.C, "Foo"); + // X509Certificate cert = builder.Build(rsaKeyPair.Private); + + // GeneralName sender = new GeneralName(new X509Name("CN=Sender")); + // GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); + //} [Test] public void TestNotBeforeNotAfter() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 512, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - DoNotBeforeNotAfterTest(rsaKeyPair, MakeUtcDateTime(1, 1, 1, 0, 0, 1), MakeUtcDateTime(1, 1, 1, 0, 0, 10)); - DoNotBeforeNotAfterTest(rsaKeyPair, null, MakeUtcDateTime(1, 1, 1, 0, 0, 10)); - DoNotBeforeNotAfterTest(rsaKeyPair, MakeUtcDateTime(1, 1, 1, 0, 0, 1), null); - } - - private void DoNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime? notBefore, DateTime? notAfter) - { - CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One) - .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)) - .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); - - builder.SetValidity(notBefore, notAfter); - CertificateRequestMessage msg = builder.Build(); - - if (notBefore != null) - { - IsTrue("NotBefore did not match", notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime())); - } - else - { - Assert.IsNull(msg.GetCertTemplate().Validity.NotBefore); - } - - if (notAfter != null) - { - IsTrue("NotAfter did not match", notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime())); - } - else - { - Assert.IsNull(msg.GetCertTemplate().Validity.NotAfter); - } + ImplNotBeforeNotAfterTest(rsaKeyPair, MakeUtcDateTime(1, 1, 1, 0, 0, 1), MakeUtcDateTime(1, 1, 1, 0, 0, 10)); + ImplNotBeforeNotAfterTest(rsaKeyPair, null, MakeUtcDateTime(1, 1, 1, 0, 0, 10)); + ImplNotBeforeNotAfterTest(rsaKeyPair, MakeUtcDateTime(1, 1, 1, 0, 0, 1), null); } [Test] public void TestSubsequentMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 512, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - TestCertBuilder builder = new TestCertBuilder(); - builder.NotBefore = DateTime.UtcNow.AddDays(-1); - builder.NotAfter = DateTime.UtcNow.AddDays(1); - builder.PublicKey = rsaKeyPair.Public; - builder.SignatureAlgorithm = "Sha1WithRSAEncryption"; - + TestCertBuilder builder = new TestCertBuilder() + { + NotBefore = DateTime.UtcNow.AddDays(-1), + NotAfter = DateTime.UtcNow.AddDays(1), + PublicKey = rsaKeyPair.Public, + SignatureAlgorithm = "Sha1WithRSAEncryption", + }; X509Certificate cert = builder.Build(rsaKeyPair.Private); + GeneralName user = new GeneralName(new X509Name("CN=Test")); CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One) @@ -162,15 +133,16 @@ namespace Org.BouncyCastle.Cmp.Tests public void TestConfirmationMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 512, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - TestCertBuilder builder = new TestCertBuilder(); - builder.NotBefore = DateTime.UtcNow.AddDays(-1); - builder.NotAfter = DateTime.UtcNow.AddDays(1); - builder.PublicKey = rsaKeyPair.Public; - builder.SignatureAlgorithm = "Sha1WithRSAEncryption"; - + TestCertBuilder builder = new TestCertBuilder() + { + NotBefore = DateTime.UtcNow.AddDays(-1), + NotAfter = DateTime.UtcNow.AddDays(1), + PublicKey = rsaKeyPair.Public, + SignatureAlgorithm = "Sha1WithRSAEncryption", + }; builder.AddAttribute(X509Name.C, "Foo"); X509Certificate cert = builder.Build(rsaKeyPair.Private); @@ -190,7 +162,7 @@ namespace Org.BouncyCastle.Cmp.Tests IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); - IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); + IsTrue("PkiMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); IsEquals(sender, msg.Header.Sender); IsEquals(recipient, msg.Header.Recipient); @@ -205,15 +177,16 @@ namespace Org.BouncyCastle.Cmp.Tests public void TestProtectedMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 512, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - TestCertBuilder builder = new TestCertBuilder(); - builder.NotBefore = DateTime.UtcNow.AddDays(-1); - builder.NotAfter = DateTime.UtcNow.AddDays(1); - builder.PublicKey = rsaKeyPair.Public; - builder.SignatureAlgorithm = "Sha1WithRSAEncryption"; - + TestCertBuilder builder = new TestCertBuilder() + { + NotBefore = DateTime.UtcNow.AddDays(-1), + NotAfter = DateTime.UtcNow.AddDays(1), + PublicKey = rsaKeyPair.Public, + SignatureAlgorithm = "Sha1WithRSAEncryption", + }; builder.AddAttribute(X509Name.C, "Foo"); X509Certificate cert = builder.Build(rsaKeyPair.Private); @@ -232,23 +205,24 @@ namespace Org.BouncyCastle.Cmp.Tests IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); - IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); + IsTrue("PkiMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); } [Test] public void TestMacProtectedMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 512, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - TestCertBuilder builder = new TestCertBuilder(); - builder.NotBefore = DateTime.UtcNow.AddDays(-1); - builder.NotAfter = DateTime.UtcNow.AddDays(1); - builder.PublicKey = rsaKeyPair.Public; - builder.SignatureAlgorithm = "Sha1WithRSAEncryption"; - + TestCertBuilder builder = new TestCertBuilder() + { + NotBefore = DateTime.UtcNow.AddDays(-1), + NotAfter = DateTime.UtcNow.AddDays(1), + PublicKey = rsaKeyPair.Public, + SignatureAlgorithm = "Sha1WithRSAEncryption", + }; builder.AddAttribute(X509Name.C, "Foo"); X509Certificate cert = builder.Build(rsaKeyPair.Private); @@ -276,24 +250,24 @@ namespace Org.BouncyCastle.Cmp.Tests // Test with content generated by BC-JAVA version. // - ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode( - "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" + - "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" + - "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" + - "01")); - ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode( - "30820155020100300d06092a864886f70d01010105000482013f3082013b02" + - "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" + - "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" + - "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" + - "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" + - "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" + - "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" + - "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" + - "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" + - "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" + - "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" + - "3fe91d68")); + //ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode( + // "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" + + // "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" + + // "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" + + // "01")); + //ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode( + // "30820155020100300d06092a864886f70d01010105000482013f3082013b02" + + // "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" + + // "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" + + // "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" + + // "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" + + // "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" + + // "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" + + // "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" + + // "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" + + // "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" + + // "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" + + // "3fe91d68")); byte[] ind = Hex.Decode( "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" + @@ -317,54 +291,53 @@ namespace Org.BouncyCastle.Cmp.Tests IsTrue(pkiMsg.Verify(new PKMacBuilder().SetParameters(pbmParameters), "secret".ToCharArray())); } + + private void ImplNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime? notBefore, DateTime? notAfter) + { + CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One) + .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)) + .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); + + builder.SetValidity(notBefore, notAfter); + CertificateRequestMessage msg = builder.Build(); + + if (notBefore != null) + { + IsTrue("NotBefore did not match", notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime())); + } + else + { + Assert.IsNull(msg.GetCertTemplate().Validity.NotBefore); + } + + if (notAfter != null) + { + IsTrue("NotAfter did not match", notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime())); + } + else + { + Assert.IsNull(msg.GetCertTemplate().Validity.NotAfter); + } + } } public class TestCertBuilder { - IDictionary<DerObjectIdentifier, string> attrs = new Dictionary<DerObjectIdentifier, string>(); - IList<DerObjectIdentifier> ord = new List<DerObjectIdentifier>(); - IList<string> values = new List<string>(); + private readonly Dictionary<DerObjectIdentifier, string> attrs = new Dictionary<DerObjectIdentifier, string>(); + private readonly List<DerObjectIdentifier> ord = new List<DerObjectIdentifier>(); + private readonly List<string> values = new List<string>(); - private DateTime notBefore, notAfter; - private AsymmetricKeyParameter publicKey; - private string signatureAlgorithm; - private X509Name issuer, subject; + public DateTime NotBefore { get; set; } - public DateTime NotBefore - { - get { return notBefore; } - set { this.notBefore = value; } - } + public DateTime NotAfter { get; set; } - public DateTime NotAfter - { - get { return notAfter; } - set { this.notAfter = value; } - } + public AsymmetricKeyParameter PublicKey { get; set; } - public AsymmetricKeyParameter PublicKey - { - get { return publicKey; } - set { this.publicKey = value; } - } + public string SignatureAlgorithm { get; set; } - public string SignatureAlgorithm - { - get { return signatureAlgorithm; } - set { this.signatureAlgorithm = value; } - } + public X509Name Issuer { get; set; } - public X509Name Issuer - { - get { return issuer; } - set { this.issuer = value; } - } - - public X509Name Subject - { - get { return subject; } - set { this.subject = value; } - } + public X509Name Subject { get; set; } public TestCertBuilder AddAttribute(DerObjectIdentifier name, string value) { |