diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-06-29 20:55:57 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-06-29 20:55:57 +0700 |
| commit | e049cab36e9e68adff298acc24acdaa2551f72ef (patch) | |
| tree | e772d623791461cba50b1eba3bbd4f833f893ae9 | |
| parent | Add Objects class (diff) | |
| download | BouncyCastle.NET-ed25519-e049cab36e9e68adff298acc24acdaa2551f72ef.tar.xz | |
Refactoring around Stream signers
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessageBuilder.cs | 6 | ||||
| -rw-r--r-- | crypto/src/cms/CMSSignedDataGenerator.cs | 59 | ||||
| -rw-r--r-- | crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs | 43 | ||||
| -rw-r--r-- | crypto/src/ocsp/BasicOCSPRespGenerator.cs | 21 | ||||
| -rw-r--r-- | crypto/src/ocsp/OCSPReqGenerator.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pkcs/Pkcs10CertificationRequest.cs | 10 | ||||
| -rw-r--r-- | crypto/src/x509/X509V1CertificateGenerator.cs | 35 | ||||
| -rw-r--r-- | crypto/src/x509/X509V2AttributeCertificateGenerator.cs | 50 | ||||
| -rw-r--r-- | crypto/src/x509/X509V2CRLGenerator.cs | 49 | ||||
| -rw-r--r-- | crypto/src/x509/X509V3CertificateGenerator.cs | 13 |
10 files changed, 128 insertions, 162 deletions
diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs index 269910cc6..6440c3f4e 100644 --- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -145,11 +145,7 @@ namespace Org.BouncyCastle.Cmp private byte[] CalculateSignature(IStreamCalculator signer, PkiHeader header, PkiBody body) { - Asn1EncodableVector avec = new Asn1EncodableVector(2); - avec.Add(header); - avec.Add(body); - - new DerSequence(avec).EncodeTo(signer.Stream); + new DerSequence(header, body).EncodeTo(signer.Stream); object result = signer.GetResult(); if (result is DefaultSignatureResult sigResult) diff --git a/crypto/src/cms/CMSSignedDataGenerator.cs b/crypto/src/cms/CMSSignedDataGenerator.cs index 596c6a130..3a612a635 100644 --- a/crypto/src/cms/CMSSignedDataGenerator.cs +++ b/crypto/src/cms/CMSSignedDataGenerator.cs @@ -131,39 +131,40 @@ namespace Org.BouncyCastle.Cms outer.m_digests.Add(digestOID, (byte[])hash.Clone()); } - IStreamCalculator calculator = sigCalc.CreateCalculator(); - Stream sigStr = new BufferedStream(calculator.Stream); - Asn1Set signedAttr = null; - if (sAttr != null) - { - var parameters = outer.GetBaseParameters(contentType, digAlgId, hash); - -// Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(Collections.unmodifiableMap(parameters)); - Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(parameters); - - if (contentType == null) //counter signature - { - if (signed != null && signed[CmsAttributes.ContentType] != null) - { - signed = signed.Remove(CmsAttributes.ContentType); - } - } - // TODO Validate proposed signed attributes - - signedAttr = outer.GetAttributeSet(signed); - - // sig must be composed from the DER encoding. - signedAttr.EncodeTo(sigStr, Asn1Encodable.Der); - } - else if (content != null) + IStreamCalculator calculator = sigCalc.CreateCalculator(); + using (Stream sigStr = calculator.Stream) { - // TODO Use raw signature of the hash value instead - content.Write(sigStr); - } + if (sAttr != null) + { + var parameters = outer.GetBaseParameters(contentType, digAlgId, hash); + + //Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(Collections.unmodifiableMap(parameters)); + Asn1.Cms.AttributeTable signed = sAttr.GetAttributes(parameters); + + if (contentType == null) //counter signature + { + if (signed != null && signed[CmsAttributes.ContentType] != null) + { + signed = signed.Remove(CmsAttributes.ContentType); + } + } + + // TODO Validate proposed signed attributes + + signedAttr = outer.GetAttributeSet(signed); + + // sig must be composed from the DER encoding. + signedAttr.EncodeTo(sigStr, Asn1Encodable.Der); + } + else if (content != null) + { + // TODO Use raw signature of the hash value instead + content.Write(sigStr); + } + } - Platform.Dispose(sigStr); byte[] sigBytes = ((IBlockResult)calculator.GetResult()).Collect(); Asn1Set unsignedAttr = null; diff --git a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs index b7a3ae01a..50c2ea65c 100644 --- a/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs +++ b/crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs @@ -1,4 +1,5 @@ using System; +using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Crmf; @@ -58,32 +59,30 @@ namespace Org.BouncyCastle.Crmf } PopoSigningKeyInput popo; - byte[] b; - IStreamCalculator calc = signer.CreateCalculator(); - if (_certRequest != null) - { - popo = null; - b = _certRequest.GetDerEncoded(); - calc.Stream.Write(b, 0, b.Length); - } - else if (_name != null) - { - popo = new PopoSigningKeyInput(_name, _pubKeyInfo); - b = popo.GetDerEncoded(); - calc.Stream.Write(b, 0, b.Length); - } - else + IStreamCalculator calc = signer.CreateCalculator(); + using (Stream sigStream = calc.Stream) { - popo = new PopoSigningKeyInput(_publicKeyMAC, _pubKeyInfo); - b = popo.GetDerEncoded(); - calc.Stream.Write(b, 0, b.Length); + if (_certRequest != null) + { + popo = null; + _certRequest.EncodeTo(sigStream, Asn1Encodable.Der); + } + else if (_name != null) + { + popo = new PopoSigningKeyInput(_name, _pubKeyInfo); + popo.EncodeTo(sigStream, Asn1Encodable.Der); + } + else + { + popo = new PopoSigningKeyInput(_publicKeyMAC, _pubKeyInfo); + popo.EncodeTo(sigStream, Asn1Encodable.Der); + } } - calc.Stream.Flush(); - Platform.Dispose(calc.Stream); - DefaultSignatureResult res = (DefaultSignatureResult)calc.GetResult(); - return new PopoSigningKey(popo, (AlgorithmIdentifier)signer.AlgorithmDetails, new DerBitString(res.Collect())); + var signature = ((IBlockResult)calc.GetResult()).Collect(); + + return new PopoSigningKey(popo, (AlgorithmIdentifier)signer.AlgorithmDetails, new DerBitString(signature)); } } } diff --git a/crypto/src/ocsp/BasicOCSPRespGenerator.cs b/crypto/src/ocsp/BasicOCSPRespGenerator.cs index 147bd7839..d4ec3df80 100644 --- a/crypto/src/ocsp/BasicOCSPRespGenerator.cs +++ b/crypto/src/ocsp/BasicOCSPRespGenerator.cs @@ -206,20 +206,19 @@ namespace Org.BouncyCastle.Ocsp } } - ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions); - DerBitString bitSig = null; + ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), + new DerSequence(responses), responseExtensions); + DerBitString bitSig; try { IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); + using (Stream sigStream = streamCalculator.Stream) + { + tbsResp.EncodeTo(sigStream, Asn1Encodable.Der); + } - byte[] encoded = tbsResp.GetDerEncoded(); - - streamCalculator.Stream.Write(encoded, 0, encoded.Length); - - Platform.Dispose(streamCalculator.Stream); - - bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()); + bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()); } catch (Exception e) { @@ -236,9 +235,7 @@ namespace Org.BouncyCastle.Ocsp { for (int i = 0; i != chain.Length; i++) { - v.Add( - X509CertificateStructure.GetInstance( - Asn1Object.FromByteArray(chain[i].GetEncoded()))); + v.Add(chain[i].CertificateStructure); } } catch (IOException e) diff --git a/crypto/src/ocsp/OCSPReqGenerator.cs b/crypto/src/ocsp/OCSPReqGenerator.cs index 52890ae30..dda1625e5 100644 --- a/crypto/src/ocsp/OCSPReqGenerator.cs +++ b/crypto/src/ocsp/OCSPReqGenerator.cs @@ -165,9 +165,7 @@ namespace Org.BouncyCastle.Ocsp { for (int i = 0; i != chain.Length; i++) { - v.Add( - X509CertificateStructure.GetInstance( - Asn1Object.FromByteArray(chain[i].GetEncoded()))); + v.Add(chain[i].CertificateStructure); } } catch (IOException e) diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs index d462fb4db..be4cbb570 100644 --- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs +++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs @@ -282,12 +282,10 @@ namespace Org.BouncyCastle.Pkcs this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes); IStreamCalculator streamCalculator = signatureFactory.CreateCalculator(); - - byte[] reqInfoData = reqInfo.GetDerEncoded(); - - streamCalculator.Stream.Write(reqInfoData, 0, reqInfoData.Length); - - Platform.Dispose(streamCalculator.Stream); + using (Stream sigStream = streamCalculator.Stream) + { + reqInfo.EncodeTo(sigStream, Der); + } // Generate Signature. sigBits = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()); diff --git a/crypto/src/x509/X509V1CertificateGenerator.cs b/crypto/src/x509/X509V1CertificateGenerator.cs index aae263450..01c155b5d 100644 --- a/crypto/src/x509/X509V1CertificateGenerator.cs +++ b/crypto/src/x509/X509V1CertificateGenerator.cs @@ -1,5 +1,6 @@ using System; using System.Collections.Generic; +using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; @@ -110,35 +111,29 @@ namespace Org.BouncyCastle.X509 } /// <summary> - /// Generate a new X509Certificate using the passed in SignatureCalculator. + /// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>. /// </summary> - /// <param name="signatureFactory">A signature calculator factory with the necessary algorithm details.</param> - /// <returns>An X509Certificate.</returns> + /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary + /// algorithm details.</param> + /// <returns>An <see cref="X509Certificate"/>.</returns> public X509Certificate Generate(ISignatureFactory signatureFactory) { - tbsGen.SetSignature((AlgorithmIdentifier)signatureFactory.AlgorithmDetails); + var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails; - TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); - - IStreamCalculator streamCalculator = signatureFactory.CreateCalculator(); + tbsGen.SetSignature(sigAlgID); - byte[] encoded = tbsCert.GetDerEncoded(); - - streamCalculator.Stream.Write(encoded, 0, encoded.Length); + TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); - Platform.Dispose(streamCalculator.Stream); + IStreamCalculator streamCalculator = signatureFactory.CreateCalculator(); + using (Stream sigStream = streamCalculator.Stream) + { + tbsCert.EncodeTo(sigStream, Asn1Encodable.Der); + } - return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureFactory.AlgorithmDetails, - ((IBlockResult)streamCalculator.GetResult()).Collect()); - } + var signature = ((IBlockResult)streamCalculator.GetResult()).Collect(); - private X509Certificate GenerateJcaObject( - TbsCertificateStructure tbsCert, - AlgorithmIdentifier sigAlg, - byte[] signature) - { return new X509Certificate( - new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature))); + new X509CertificateStructure(tbsCert, sigAlgID, new DerBitString(signature))); } /// <summary> diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs index 2e5c9c863..3e1a58e49 100644 --- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs +++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs @@ -1,5 +1,6 @@ using System; using System.Collections.Generic; +using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; @@ -99,44 +100,35 @@ namespace Org.BouncyCastle.X509 extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue); } - /// <summary> - /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator. - /// </summary> - /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param> - /// <returns>An IX509AttributeCertificate.</returns> - public X509V2AttributeCertificate Generate(ISignatureFactory signatureCalculatorFactory) + /// <summary> + /// Generate a new <see cref="X509V2AttributeCertificate"/> using the provided <see cref="ISignatureFactory"/>. + /// </summary> + /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary + /// algorithm details.</param> + /// <returns>An <see cref="X509V2AttributeCertificate"/>.</returns> + public X509V2AttributeCertificate Generate(ISignatureFactory signatureFactory) { - if (!extGenerator.IsEmpty) + var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails; + + acInfoGen.SetSignature(sigAlgID); + + if (!extGenerator.IsEmpty) { acInfoGen.SetExtensions(extGenerator.Generate()); } - AlgorithmIdentifier sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails; - - acInfoGen.SetSignature(sigAlgID); - AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo(); - byte[] encoded = acInfo.GetDerEncoded(); - - IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator(); - - streamCalculator.Stream.Write(encoded, 0, encoded.Length); - - Platform.Dispose(streamCalculator.Stream); - - try + IStreamCalculator streamCalculator = signatureFactory.CreateCalculator(); + using (Stream sigStream = streamCalculator.Stream) { - DerBitString signatureValue = new DerBitString(((IBlockResult)streamCalculator.GetResult()).Collect()); - - return new X509V2AttributeCertificate(new AttributeCertificate(acInfo, sigAlgID, signatureValue)); - } - catch (Exception e) - { - // TODO -// throw new ExtCertificateEncodingException("constructed invalid certificate", e); - throw new CertificateEncodingException("constructed invalid certificate", e); + acInfo.EncodeTo(sigStream, Asn1Encodable.Der); } + + var signature = ((IBlockResult)streamCalculator.GetResult()).Collect(); + + return new X509V2AttributeCertificate( + new AttributeCertificate(acInfo, sigAlgID, new DerBitString(signature))); } /// <summary> diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs index cb316f21b..e386ee8f2 100644 --- a/crypto/src/x509/X509V2CRLGenerator.cs +++ b/crypto/src/x509/X509V2CRLGenerator.cs @@ -167,46 +167,35 @@ namespace Org.BouncyCastle.X509 extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue)); } - /// <summary> - /// Generate a new X509Crl using the passed in SignatureCalculator. - /// </summary> - /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param> - /// <returns>An X509Crl.</returns> - public X509Crl Generate(ISignatureFactory signatureCalculatorFactory) + /// <summary> + /// Generate a new <see cref="X509Crl"/> using the provided <see cref="ISignatureFactory"/>. + /// </summary> + /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary + /// algorithm details.</param> + /// <returns>An <see cref="X509Crl"/>.</returns> + public X509Crl Generate(ISignatureFactory signatureFactory) { - tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails); - - TbsCertificateList tbsCertList = GenerateCertList(); - - IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator(); - - byte[] encoded = tbsCertList.GetDerEncoded(); - - streamCalculator.Stream.Write(encoded, 0, encoded.Length); - - Platform.Dispose(streamCalculator.Stream); + var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails; - return GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()); - } + tbsGen.SetSignature(sigAlgID); - private TbsCertificateList GenerateCertList() - { if (!extGenerator.IsEmpty) { tbsGen.SetExtensions(extGenerator.Generate()); } - return tbsGen.GenerateTbsCertList(); - } + TbsCertificateList tbsCertList = tbsGen.GenerateTbsCertList(); + + IStreamCalculator streamCalculator = signatureFactory.CreateCalculator(); + using (Stream sigStream = streamCalculator.Stream) + { + tbsCertList.EncodeTo(sigStream, Asn1Encodable.Der); + } + + var signature = ((IBlockResult)streamCalculator.GetResult()).Collect(); - private X509Crl GenerateJcaObject( - TbsCertificateList tbsCrl, - AlgorithmIdentifier algId, - byte[] signature) - { return new X509Crl( - CertificateList.GetInstance( - new DerSequence(tbsCrl, algId, new DerBitString(signature)))); + CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, new DerBitString(signature)))); } /// <summary> diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs index 7930ab23b..50e3fc689 100644 --- a/crypto/src/x509/X509V3CertificateGenerator.cs +++ b/crypto/src/x509/X509V3CertificateGenerator.cs @@ -241,13 +241,14 @@ namespace Org.BouncyCastle.X509 } /// <summary> - /// Generate a new X509Certificate using the passed in SignatureCalculator. + /// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/>. /// </summary> - /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param> - /// <returns>An X509Certificate.</returns> - public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory) + /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary + /// algorithm details.</param> + /// <returns>An <see cref="X509Certificate"/>.</returns> + public X509Certificate Generate(ISignatureFactory signatureFactory) { - var sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails; + var sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails; tbsGen.SetSignature(sigAlgID); @@ -258,7 +259,7 @@ namespace Org.BouncyCastle.X509 TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); - IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator(); + IStreamCalculator streamCalculator = signatureFactory.CreateCalculator(); using (Stream sigStream = streamCalculator.Stream) { tbsCert.EncodeTo(sigStream, Asn1Encodable.Der); |