diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs
index 03dd2327e..a7fdd35a9 100644
--- a/crypto/src/cmp/ProtectedPkiMessage.cs
+++ b/crypto/src/cmp/ProtectedPkiMessage.cs
@@ -5,7 +5,6 @@ using Org.BouncyCastle.Asn1.Cmp;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crmf;
using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Cmp
@@ -83,8 +82,7 @@ namespace Org.BouncyCastle.Cmp
if (null == certs)
return new X509Certificate[0];
- return Array.ConvertAll<CmpCertificate, X509Certificate>(certs,
- cmpCertificate => new X509Certificate(cmpCertificate.X509v3PKCert));
+ return Array.ConvertAll(certs, cmpCertificate => new X509Certificate(cmpCertificate.X509v3PKCert));
}
/// <summary>
@@ -92,14 +90,8 @@ namespace Org.BouncyCastle.Cmp
/// </summary>
/// <param name="verifierFactory">a factory of signature verifiers.</param>
/// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns>
- public virtual bool Verify(IVerifierFactory verifierFactory)
- {
- IStreamCalculator<IVerifier> streamCalculator = verifierFactory.CreateCalculator();
-
- IVerifier result = Process(streamCalculator);
-
- return result.IsVerified(m_pkiMessage.Protection.GetBytes());
- }
+ public virtual bool Verify(IVerifierFactory verifierFactory) =>
+ X509Utilities.VerifySignature(verifierFactory, CreateProtected(), m_pkiMessage.Protection);
/// <summary>
/// Verify a message with password based MAC protection.
@@ -120,32 +112,26 @@ namespace Org.BouncyCastle.Cmp
var macFactory = pkMacBuilder.Build(password);
- IBlockResult result = Process(macFactory.CreateCalculator());
-
- return Arrays.FixedTimeEquals(result.Collect(), m_pkiMessage.Protection.GetBytes());
+ return X509Utilities.VerifyMac(macFactory, CreateProtected(), m_pkiMessage.Protection);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
public virtual bool Verify(PKMacBuilder pkMacBuilder, ReadOnlySpan<char> password)
{
- if (!CmpObjectIdentifiers.passwordBasedMac.Equals(m_pkiMessage.Header.ProtectionAlg.Algorithm))
+ var protectionAlgorithm = m_pkiMessage.Header.ProtectionAlg;
+
+ if (!CmpObjectIdentifiers.passwordBasedMac.Equals(protectionAlgorithm.Algorithm))
throw new InvalidOperationException("protection algorithm is not mac based");
- PbmParameter parameter = PbmParameter.GetInstance(m_pkiMessage.Header.ProtectionAlg.Parameters);
+ PbmParameter parameter = PbmParameter.GetInstance(protectionAlgorithm.Parameters);
pkMacBuilder.SetParameters(parameter);
var macFactory = pkMacBuilder.Build(password);
- IBlockResult result = Process(macFactory.CreateCalculator());
-
- return Arrays.FixedTimeEquals(result.Collect(), m_pkiMessage.Protection.GetBytes());
+ return X509Utilities.VerifyMac(macFactory, CreateProtected(), m_pkiMessage.Protection);
}
#endif
- private TResult Process<TResult>(IStreamCalculator<TResult> streamCalculator)
- {
- var asn1Encodable = new DerSequence(m_pkiMessage.Header, m_pkiMessage.Body);
- return X509Utilities.CalculateResult(streamCalculator, asn1Encodable);
- }
+ private DerSequence CreateProtected() => new DerSequence(m_pkiMessage.Header, m_pkiMessage.Body);
}
}
diff --git a/crypto/src/x509/X509Utilities.cs b/crypto/src/x509/X509Utilities.cs
index 3ab6b926c..45fa75916 100644
--- a/crypto/src/x509/X509Utilities.cs
+++ b/crypto/src/x509/X509Utilities.cs
@@ -10,6 +10,7 @@ using Org.BouncyCastle.Asn1.TeleTrust;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.Collections;
namespace Org.BouncyCastle.X509
@@ -204,6 +205,13 @@ namespace Org.BouncyCastle.X509
return GenerateBitString(signatureFactory.CreateCalculator(), asn1Encodable);
}
+ internal static bool VerifyMac(IMacFactory macFactory, Asn1Encodable asn1Encodable, DerBitString protection)
+ {
+ var result = CalculateResult(macFactory.CreateCalculator(), asn1Encodable);
+
+ return Arrays.FixedTimeEquals(result.Collect(), protection.GetBytes());
+ }
+
internal static bool VerifySignature(IVerifierFactory verifierFactory, Asn1Encodable asn1Encodable,
DerBitString signature)
{
|