summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2022-06-29 20:55:57 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2022-06-29 20:55:57 +0700
commite049cab36e9e68adff298acc24acdaa2551f72ef (patch)
treee772d623791461cba50b1eba3bbd4f833f893ae9
parentAdd Objects class (diff)
downloadBouncyCastle.NET-ed25519-e049cab36e9e68adff298acc24acdaa2551f72ef.tar.xz
Refactoring around Stream signers
-rw-r--r--crypto/src/cmp/ProtectedPkiMessageBuilder.cs6
-rw-r--r--crypto/src/cms/CMSSignedDataGenerator.cs59
-rw-r--r--crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs43
-rw-r--r--crypto/src/ocsp/BasicOCSPRespGenerator.cs21
-rw-r--r--crypto/src/ocsp/OCSPReqGenerator.cs4
-rw-r--r--crypto/src/pkcs/Pkcs10CertificationRequest.cs10
-rw-r--r--crypto/src/x509/X509V1CertificateGenerator.cs35
-rw-r--r--crypto/src/x509/X509V2AttributeCertificateGenerator.cs50
-rw-r--r--crypto/src/x509/X509V2CRLGenerator.cs49
-rw-r--r--crypto/src/x509/X509V3CertificateGenerator.cs13
10 files changed, 128 insertions, 162 deletions
diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
index 269910cc6..6440c3f4e 100644
--- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
+++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -145,11 +145,7 @@ namespace Org.BouncyCastle.Cmp
 
         private byte[] CalculateSignature(IStreamCalculator signer, PkiHeader header, PkiBody body)
         {
-            Asn1EncodableVector avec = new Asn1EncodableVector(2);
-            avec.Add(header);
-            avec.Add(body);
-
-            new DerSequence(avec).EncodeTo(signer.Stream);
+            new DerSequence(header, body).EncodeTo(signer.Stream);
             object result = signer.GetResult();
 
             if (result is DefaultSignatureResult sigResult)
diff --git a/crypto/src/cms/CMSSignedDataGenerator.cs b/crypto/src/cms/CMSSignedDataGenerator.cs
index 596c6a130..3a612a635 100644
--- a/crypto/src/cms/CMSSignedDataGenerator.cs
+++ b/crypto/src/cms/CMSSignedDataGenerator.cs
@@ -131,39 +131,40 @@ namespace Org.BouncyCastle.Cms
                     outer.m_digests.Add(digestOID, (byte[])hash.Clone());
                 }
 
-                IStreamCalculator calculator = sigCalc.CreateCalculator();
-				Stream sigStr = new BufferedStream(calculator.Stream);
-
 				Asn1Set signedAttr = null;
-				if (sAttr != null)
-				{
-					var parameters = outer.GetBaseParameters(contentType, digAlgId, hash);
-
-//					Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(Collections.unmodifiableMap(parameters));
-					Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(parameters);
-
-                    if (contentType == null) //counter signature
-                    {
-                        if (signed != null && signed[CmsAttributes.ContentType] != null)
-                        {
-							signed = signed.Remove(CmsAttributes.ContentType);
-                        }
-                    }
 
-					// TODO Validate proposed signed attributes
-
-					signedAttr = outer.GetAttributeSet(signed);
-
-                    // sig must be composed from the DER encoding.
-                    signedAttr.EncodeTo(sigStr, Asn1Encodable.Der);
-				}
-                else if (content != null)
+				IStreamCalculator calculator = sigCalc.CreateCalculator();
+				using (Stream sigStr = calculator.Stream)
                 {
-					// TODO Use raw signature of the hash value instead
-					content.Write(sigStr);
-                }
+					if (sAttr != null)
+					{
+						var parameters = outer.GetBaseParameters(contentType, digAlgId, hash);
+
+                        //Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(Collections.unmodifiableMap(parameters));
+                        Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(parameters);
+
+						if (contentType == null) //counter signature
+						{
+							if (signed != null && signed[CmsAttributes.ContentType] != null)
+							{
+								signed = signed.Remove(CmsAttributes.ContentType);
+							}
+						}
+
+						// TODO Validate proposed signed attributes
+
+						signedAttr = outer.GetAttributeSet(signed);
+
+						// sig must be composed from the DER encoding.
+						signedAttr.EncodeTo(sigStr, Asn1Encodable.Der);
+					}
+					else if (content != null)
+					{
+						// TODO Use raw signature of the hash value instead
+						content.Write(sigStr);
+					}
+				}
 
-                Platform.Dispose(sigStr);
                 byte[] sigBytes = ((IBlockResult)calculator.GetResult()).Collect();
 
 				Asn1Set unsignedAttr = null;
diff --git a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs
index b7a3ae01a..50c2ea65c 100644
--- a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs
+++ b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs
@@ -1,4 +1,5 @@
 using System;
+using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Crmf;
@@ -58,32 +59,30 @@ namespace Org.BouncyCastle.Crmf
             }
 
             PopoSigningKeyInput popo;
-            byte[] b;
-            IStreamCalculator calc = signer.CreateCalculator();
-            if (_certRequest != null)
-            {
-                popo = null;
-                b = _certRequest.GetDerEncoded();
-                calc.Stream.Write(b, 0, b.Length);
 
-            }
-            else if (_name != null)
-            {
-                popo = new PopoSigningKeyInput(_name, _pubKeyInfo);
-                b = popo.GetDerEncoded();
-                calc.Stream.Write(b, 0, b.Length);
-            }
-            else
+            IStreamCalculator calc = signer.CreateCalculator();
+            using (Stream sigStream = calc.Stream)
             {
-                popo = new PopoSigningKeyInput(_publicKeyMAC, _pubKeyInfo);
-                b = popo.GetDerEncoded();
-                calc.Stream.Write(b, 0, b.Length);
+                if (_certRequest != null)
+                {
+                    popo = null;
+                    _certRequest.EncodeTo(sigStream, Asn1Encodable.Der);
+                }
+                else if (_name != null)
+                {
+                    popo = new PopoSigningKeyInput(_name, _pubKeyInfo);
+                    popo.EncodeTo(sigStream, Asn1Encodable.Der);
+                }
+                else
+                {
+                    popo = new PopoSigningKeyInput(_publicKeyMAC, _pubKeyInfo);
+                    popo.EncodeTo(sigStream, Asn1Encodable.Der);
+                }
             }
 
-            calc.Stream.Flush();
-            Platform.Dispose(calc.Stream);
-            DefaultSignatureResult res = (DefaultSignatureResult)calc.GetResult();
-            return new PopoSigningKey(popo, (AlgorithmIdentifier)signer.AlgorithmDetails, new DerBitString(res.Collect()));
+            var signature = ((IBlockResult)calc.GetResult()).Collect();
+
+            return new PopoSigningKey(popo, (AlgorithmIdentifier)signer.AlgorithmDetails, new DerBitString(signature));
         }
     }
 }
diff --git a/crypto/src/ocsp/BasicOCSPRespGenerator.cs b/crypto/src/ocsp/BasicOCSPRespGenerator.cs
index 147bd7839..d4ec3df80 100644
--- a/crypto/src/ocsp/BasicOCSPRespGenerator.cs
+++ b/crypto/src/ocsp/BasicOCSPRespGenerator.cs
@@ -206,20 +206,19 @@ namespace Org.BouncyCastle.Ocsp
 				}
 			}
 
-			ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions);
-			DerBitString bitSig = null;
+			ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt),
+				new DerSequence(responses), responseExtensions);
+			DerBitString bitSig;
 
 			try
 			{
                 IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
+				using (Stream sigStream = streamCalculator.Stream)
+				{
+					tbsResp.EncodeTo(sigStream, Asn1Encodable.Der);
+				}
 
-				byte[] encoded = tbsResp.GetDerEncoded();
-
-                streamCalculator.Stream.Write(encoded, 0, encoded.Length);
-
-                Platform.Dispose(streamCalculator.Stream);
-
-                bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
+				bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
 			}
 			catch (Exception e)
 			{
@@ -236,9 +235,7 @@ namespace Org.BouncyCastle.Ocsp
 				{
 					for (int i = 0; i != chain.Length; i++)
 					{
-						v.Add(
-							X509CertificateStructure.GetInstance(
-								Asn1Object.FromByteArray(chain[i].GetEncoded())));
+						v.Add(chain[i].CertificateStructure);
 					}
 				}
 				catch (IOException e)
diff --git a/crypto/src/ocsp/OCSPReqGenerator.cs b/crypto/src/ocsp/OCSPReqGenerator.cs
index 52890ae30..dda1625e5 100644
--- a/crypto/src/ocsp/OCSPReqGenerator.cs
+++ b/crypto/src/ocsp/OCSPReqGenerator.cs
@@ -165,9 +165,7 @@ namespace Org.BouncyCastle.Ocsp
 					{
 						for (int i = 0; i != chain.Length; i++)
 						{
-							v.Add(
-								X509CertificateStructure.GetInstance(
-									Asn1Object.FromByteArray(chain[i].GetEncoded())));
+							v.Add(chain[i].CertificateStructure);
 						}
 					}
 					catch (IOException e)
diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
index d462fb4db..be4cbb570 100644
--- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs
+++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
@@ -282,12 +282,10 @@ namespace Org.BouncyCastle.Pkcs
             this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes);
 
             IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
-
-            byte[] reqInfoData = reqInfo.GetDerEncoded();
-
-            streamCalculator.Stream.Write(reqInfoData, 0, reqInfoData.Length);
-
-            Platform.Dispose(streamCalculator.Stream);
+            using (Stream sigStream = streamCalculator.Stream)
+            {
+                reqInfo.EncodeTo(sigStream, Der);
+            }
 
             // Generate Signature.
             sigBits = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
diff --git a/crypto/src/x509/X509V1CertificateGenerator.cs b/crypto/src/x509/X509V1CertificateGenerator.cs
index aae263450..01c155b5d 100644
--- a/crypto/src/x509/X509V1CertificateGenerator.cs
+++ b/crypto/src/x509/X509V1CertificateGenerator.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
@@ -110,35 +111,29 @@ namespace Org.BouncyCastle.X509
 		}
 
 		/// <summary>
-		/// Generate a new X509Certificate using the passed in SignatureCalculator.
+		/// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>.
 		/// </summary>
-		/// <param name="signatureFactory">A signature calculator factory with the necessary algorithm details.</param>
-		/// <returns>An X509Certificate.</returns>
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509Certificate"/>.</returns>
 		public X509Certificate Generate(ISignatureFactory signatureFactory)
 		{
-			tbsGen.SetSignature((AlgorithmIdentifier)signatureFactory.AlgorithmDetails);
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
 
-			TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
-
-            IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			tbsGen.SetSignature(sigAlgID);
 
-            byte[] encoded = tbsCert.GetDerEncoded();
-
-            streamCalculator.Stream.Write(encoded, 0, encoded.Length);
+			TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
 
-            Platform.Dispose(streamCalculator.Stream);
+			IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			using (Stream sigStream = streamCalculator.Stream)
+			{
+				tbsCert.EncodeTo(sigStream, Asn1Encodable.Der);
+			}
 
-            return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureFactory.AlgorithmDetails,
-				((IBlockResult)streamCalculator.GetResult()).Collect());
-		}
+			var signature = ((IBlockResult)streamCalculator.GetResult()).Collect();
 
-		private X509Certificate GenerateJcaObject(
-			TbsCertificateStructure	tbsCert,
-			AlgorithmIdentifier     sigAlg,
-			byte[]					signature)
-		{
 			return new X509Certificate(
-				new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature)));
+				new X509CertificateStructure(tbsCert, sigAlgID, new DerBitString(signature)));
 		}
 
 		/// <summary>
diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
index 2e5c9c863..3e1a58e49 100644
--- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
+++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.IO;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
@@ -99,44 +100,35 @@ namespace Org.BouncyCastle.X509
 			extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue);
 		}
 
-        /// <summary>
-        /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator.
-        /// </summary>
-        /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
-        /// <returns>An IX509AttributeCertificate.</returns>
-        public X509V2AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory)
+		/// <summary>
+		/// Generate a new <see cref="X509V2AttributeCertificate"/> using the provided <see cref="ISignatureFactory"/>.
+		/// </summary>
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509V2AttributeCertificate"/>.</returns>
+		public X509V2AttributeCertificate Generate(ISignatureFactory signatureFactory)
         {
-            if (!extGenerator.IsEmpty)
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
+
+			acInfoGen.SetSignature(sigAlgID);
+
+			if (!extGenerator.IsEmpty)
 			{
 				acInfoGen.SetExtensions(extGenerator.Generate());
 			}
 
-            AlgorithmIdentifier sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails;
-
-            acInfoGen.SetSignature(sigAlgID);
-
             AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo();
 
-            byte[] encoded = acInfo.GetDerEncoded();
-
-            IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
-
-            streamCalculator.Stream.Write(encoded, 0, encoded.Length);
-
-            Platform.Dispose(streamCalculator.Stream);
-
-            try
+			IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			using (Stream sigStream = streamCalculator.Stream)
 			{
-                DerBitString signatureValue = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect());
-
-                return new X509V2AttributeCertificate(new AttributeCertificate(acInfo, sigAlgID, signatureValue));
-			}
-			catch (Exception e)
-			{
-				// TODO
-//				throw new ExtCertificateEncodingException("constructed invalid certificate", e);
-				throw new CertificateEncodingException("constructed invalid certificate", e);
+				acInfo.EncodeTo(sigStream, Asn1Encodable.Der);
 			}
+
+			var signature = ((IBlockResult)streamCalculator.GetResult()).Collect();
+
+			return new X509V2AttributeCertificate(
+				new AttributeCertificate(acInfo, sigAlgID, new DerBitString(signature)));
 		}
 
 		/// <summary>
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs
index cb316f21b..e386ee8f2 100644
--- a/crypto/src/x509/X509V2CRLGenerator.cs
+++ b/crypto/src/x509/X509V2CRLGenerator.cs
@@ -167,46 +167,35 @@ namespace Org.BouncyCastle.X509
 			extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue));
 		}
 
-        /// <summary>
-        /// Generate a new X509Crl using the passed in SignatureCalculator.
-        /// </summary>
-		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
-        /// <returns>An X509Crl.</returns>
-        public X509Crl Generate(ISignatureFactory signatureCalculatorFactory)
+		/// <summary>
+		/// Generate a new <see cref="X509Crl"/> using the provided <see cref="ISignatureFactory"/>.
+		/// </summary>
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509Crl"/>.</returns>
+		public X509Crl Generate(ISignatureFactory signatureFactory)
         {
-            tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
-
-            TbsCertificateList tbsCertList = GenerateCertList();
-
-            IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
-
-            byte[] encoded = tbsCertList.GetDerEncoded();
-
-            streamCalculator.Stream.Write(encoded, 0, encoded.Length);
-
-            Platform.Dispose(streamCalculator.Stream);
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
 
-            return GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect());
-        }
+			tbsGen.SetSignature(sigAlgID);
 
-        private TbsCertificateList GenerateCertList()
-		{
 			if (!extGenerator.IsEmpty)
 			{
 				tbsGen.SetExtensions(extGenerator.Generate());
 			}
 
-			return tbsGen.GenerateTbsCertList();
-		}
+			TbsCertificateList tbsCertList = tbsGen.GenerateTbsCertList();
+
+            IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
+			using (Stream sigStream = streamCalculator.Stream)
+			{
+				tbsCertList.EncodeTo(sigStream, Asn1Encodable.Der);
+			}
+
+			var signature = ((IBlockResult)streamCalculator.GetResult()).Collect();
 
-		private X509Crl GenerateJcaObject(
-			TbsCertificateList	tbsCrl,
-            AlgorithmIdentifier algId,
-			byte[]				signature)
-		{
 			return new X509Crl(
-				CertificateList.GetInstance(
-					new DerSequence(tbsCrl, algId, new DerBitString(signature))));
+				CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, new DerBitString(signature))));
 		}
 
 		/// <summary>
diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs
index 7930ab23b..50e3fc689 100644
--- a/crypto/src/x509/X509V3CertificateGenerator.cs
+++ b/crypto/src/x509/X509V3CertificateGenerator.cs
@@ -241,13 +241,14 @@ namespace Org.BouncyCastle.X509
 		}
 
 		/// <summary>
-		/// Generate a new X509Certificate using the passed in SignatureCalculator.
+		/// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>.
 		/// </summary>
-		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
-		/// <returns>An X509Certificate.</returns>
-		public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
+		/// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+		/// algorithm details.</param>
+		/// <returns>An <see cref="X509Certificate"/>.</returns>
+		public X509Certificate Generate(ISignatureFactory signatureFactory)
 		{
-			var sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails;
+			var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
 
 			tbsGen.SetSignature(sigAlgID);
 
@@ -258,7 +259,7 @@ namespace Org.BouncyCastle.X509
 
             TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
 
-			IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
+			IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
 			using (Stream sigStream = streamCalculator.Stream)
             {
 				tbsCert.EncodeTo(sigStream, Asn1Encodable.Der);