diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-04 21:20:26 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-04 21:20:26 +0700 |
commit | aa027f072fe8f7871950cd256b2e04f12c1d4551 (patch) | |
tree | 47c4bb1a5b813f7cb82a68ed6b87f431d075a97a /crypto/src/asn1 | |
parent | Add constructor from template CRL (diff) | |
download | BouncyCastle.NET-ed25519-aa027f072fe8f7871950cd256b2e04f12c1d4551.tar.xz |
X509: generation/validation of alternative signatures for certs and CRLs.
Diffstat (limited to 'crypto/src/asn1')
-rw-r--r-- | crypto/src/asn1/x509/TBSCertList.cs | 29 | ||||
-rw-r--r-- | crypto/src/asn1/x509/TBSCertificateStructure.cs | 32 | ||||
-rw-r--r-- | crypto/src/asn1/x509/V1TBSCertificateGenerator.cs | 2 | ||||
-rw-r--r-- | crypto/src/asn1/x509/V2TBSCertListGenerator.cs | 66 | ||||
-rw-r--r-- | crypto/src/asn1/x509/V3TBSCertificateGenerator.cs | 104 |
5 files changed, 111 insertions, 122 deletions
diff --git a/crypto/src/asn1/x509/TBSCertList.cs b/crypto/src/asn1/x509/TBSCertList.cs index 4cfb44c90..fb8a9907c 100644 --- a/crypto/src/asn1/x509/TBSCertList.cs +++ b/crypto/src/asn1/x509/TBSCertList.cs @@ -144,32 +144,21 @@ namespace Org.BouncyCastle.Asn1.X509 internal Asn1Sequence revokedCertificates; internal X509Extensions crlExtensions; - public static TbsCertificateList GetInstance( - Asn1TaggedObject obj, - bool explicitly) + public static TbsCertificateList GetInstance(object obj) { - return GetInstance(Asn1Sequence.GetInstance(obj, explicitly)); + if (obj == null) + return null; + if (obj is TbsCertificateList tbsCertificateList) + return tbsCertificateList; + return new TbsCertificateList(Asn1Sequence.GetInstance(obj)); } - public static TbsCertificateList GetInstance( - object obj) + public static TbsCertificateList GetInstance(Asn1TaggedObject obj, bool explicitly) { - TbsCertificateList list = obj as TbsCertificateList; - - if (obj == null || list != null) - { - return list; - } - - if (obj is Asn1Sequence) - { - return new TbsCertificateList((Asn1Sequence) obj); - } - - throw new ArgumentException("unknown object in factory: " + Platform.GetTypeName(obj), "obj"); + return GetInstance(Asn1Sequence.GetInstance(obj, explicitly)); } - internal TbsCertificateList(Asn1Sequence seq) + private TbsCertificateList(Asn1Sequence seq) { if (seq.Count < 3 || seq.Count > 7) throw new ArgumentException("Bad sequence size: " + seq.Count); diff --git a/crypto/src/asn1/x509/TBSCertificateStructure.cs b/crypto/src/asn1/x509/TBSCertificateStructure.cs index e1fba2488..e41224f4a 100644 --- a/crypto/src/asn1/x509/TBSCertificateStructure.cs +++ b/crypto/src/asn1/x509/TBSCertificateStructure.cs @@ -39,27 +39,21 @@ namespace Org.BouncyCastle.Asn1.X509 internal DerBitString subjectUniqueID; internal X509Extensions extensions; - public static TbsCertificateStructure GetInstance( - Asn1TaggedObject obj, - bool explicitly) - { - return GetInstance(Asn1Sequence.GetInstance(obj, explicitly)); - } - - public static TbsCertificateStructure GetInstance( - object obj) - { - if (obj is TbsCertificateStructure) - return (TbsCertificateStructure) obj; - - if (obj != null) - return new TbsCertificateStructure(Asn1Sequence.GetInstance(obj)); + public static TbsCertificateStructure GetInstance(object obj) + { + if (obj == null) + return null; + if (obj is TbsCertificateStructure tbsCertificateStructure) + return tbsCertificateStructure; + return new TbsCertificateStructure(Asn1Sequence.GetInstance(obj)); + } - return null; - } + public static TbsCertificateStructure GetInstance(Asn1TaggedObject obj, bool explicitly) + { + return GetInstance(Asn1Sequence.GetInstance(obj, explicitly)); + } - internal TbsCertificateStructure( - Asn1Sequence seq) + private TbsCertificateStructure(Asn1Sequence seq) { int seqStart = 0; diff --git a/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs b/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs index 9cbff1ef0..7c191b263 100644 --- a/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs +++ b/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs @@ -94,7 +94,7 @@ namespace Org.BouncyCastle.Asn1.X509 throw new InvalidOperationException("not all mandatory fields set in V1 TBScertificate generator"); } - return new TbsCertificateStructure( + return TbsCertificateStructure.GetInstance( new DerSequence( //version, - not required as default value serialNumber, diff --git a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs index bf016c22d..d744ed664 100644 --- a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs +++ b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs @@ -40,40 +40,34 @@ namespace Org.BouncyCastle.Asn1.X509 { } - public void SetSignature( - AlgorithmIdentifier signature) + public void SetSignature(AlgorithmIdentifier signature) { this.signature = signature; } - public void SetIssuer( - X509Name issuer) + public void SetIssuer(X509Name issuer) { this.issuer = issuer; } - public void SetThisUpdate( - Asn1UtcTime thisUpdate) + public void SetThisUpdate(Asn1UtcTime thisUpdate) { this.thisUpdate = new Time(thisUpdate); } - public void SetNextUpdate( - Asn1UtcTime nextUpdate) + public void SetNextUpdate(Asn1UtcTime nextUpdate) { this.nextUpdate = (nextUpdate != null) ? new Time(nextUpdate) : null; } - public void SetThisUpdate( - Time thisUpdate) + public void SetThisUpdate(Time thisUpdate) { this.thisUpdate = thisUpdate; } - public void SetNextUpdate( - Time nextUpdate) + public void SetNextUpdate(Time nextUpdate) { this.nextUpdate = nextUpdate; } @@ -154,39 +148,49 @@ namespace Org.BouncyCastle.Asn1.X509 AddCrlEntry(new DerSequence(v)); } - public void SetExtensions( - X509Extensions extensions) + public void SetExtensions(X509Extensions extensions) { this.extensions = extensions; } - public TbsCertificateList GenerateTbsCertList() + public Asn1Sequence GeneratePreTbsCertList() + { + if (signature != null) + throw new InvalidOperationException("signature should not be set in PreTBSCertList generator"); + + if ((issuer == null) || (thisUpdate == null)) + throw new InvalidOperationException("Not all mandatory fields set in V2 PreTBSCertList generator"); + + return GenerateTbsCertificateStructure(); + } + + public TbsCertificateList GenerateTbsCertList() { if ((signature == null) || (issuer == null) || (thisUpdate == null)) - { throw new InvalidOperationException("Not all mandatory fields set in V2 TbsCertList generator."); - } - Asn1EncodableVector v = new Asn1EncodableVector( - version, signature, issuer, thisUpdate); + return TbsCertificateList.GetInstance(GenerateTbsCertificateStructure()); + } - if (nextUpdate != null) - { - v.Add(nextUpdate); - } + private Asn1Sequence GenerateTbsCertificateStructure() + { + Asn1EncodableVector v = new Asn1EncodableVector(7); - // Add CRLEntries if they exist - if (crlEntries != null) - { - v.Add(new DerSequence(crlEntries.ToArray())); - } + v.Add(version); + v.AddOptional(signature); + v.Add(issuer); + v.Add(thisUpdate); + v.AddOptional(nextUpdate); - if (extensions != null) + // Add CRLEntries if they exist + if (crlEntries != null && crlEntries.Count > 0) { - v.Add(new DerTaggedObject(0, extensions)); + v.Add(new DerSequence(crlEntries.ToArray())); } - return new TbsCertificateList(new DerSequence(v)); + v.AddOptionalTagged(true, 0, extensions); + + return new DerSequence(v); } } } diff --git a/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs b/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs index 544582ddb..f58e4a7ab 100644 --- a/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs +++ b/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs @@ -39,74 +39,62 @@ namespace Org.BouncyCastle.Asn1.X509 { } - public void SetSerialNumber( - DerInteger serialNumber) + public void SetSerialNumber(DerInteger serialNumber) { this.serialNumber = serialNumber; } - public void SetSignature( - AlgorithmIdentifier signature) + public void SetSignature(AlgorithmIdentifier signature) { this.signature = signature; } - public void SetIssuer( - X509Name issuer) + public void SetIssuer(X509Name issuer) { this.issuer = issuer; } - public void SetStartDate( - Asn1UtcTime startDate) + public void SetStartDate(Asn1UtcTime startDate) { this.startDate = new Time(startDate); } - public void SetStartDate( - Time startDate) + public void SetStartDate(Time startDate) { this.startDate = startDate; } - public void SetEndDate( - Asn1UtcTime endDate) + public void SetEndDate(Asn1UtcTime endDate) { this.endDate = new Time(endDate); } - public void SetEndDate( - Time endDate) + public void SetEndDate(Time endDate) { this.endDate = endDate; } - public void SetSubject( - X509Name subject) + public void SetSubject(X509Name subject) { this.subject = subject; } - public void SetIssuerUniqueID( - DerBitString uniqueID) + public void SetIssuerUniqueID(DerBitString uniqueID) { this.issuerUniqueID = uniqueID; } - public void SetSubjectUniqueID( - DerBitString uniqueID) + public void SetSubjectUniqueID(DerBitString uniqueID) { this.subjectUniqueID = uniqueID; } - public void SetSubjectPublicKeyInfo( - SubjectPublicKeyInfo pubKeyInfo) + public void SetSubjectPublicKeyInfo(SubjectPublicKeyInfo pubKeyInfo) { this.subjectPublicKeyInfo = pubKeyInfo; } - public void SetExtensions( - X509Extensions extensions) + public void SetExtensions(X509Extensions extensions) { this.extensions = extensions; @@ -121,48 +109,62 @@ namespace Org.BouncyCastle.Asn1.X509 } } - public TbsCertificateStructure GenerateTbsCertificate() + public Asn1Sequence GeneratePreTbsCertificate() { - if ((serialNumber == null) || (signature == null) + if (signature != null) + throw new InvalidOperationException("signature field should not be set in PreTBSCertificate"); + + if ((serialNumber == null) || (issuer == null) || (startDate == null) || (endDate == null) - || (subject == null && !altNamePresentAndCritical) - || (subjectPublicKeyInfo == null)) + || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) { throw new InvalidOperationException("not all mandatory fields set in V3 TBScertificate generator"); } - DerSequence validity = new DerSequence(startDate, endDate); // before and after dates + return GenerateTbsStructure(); + } - Asn1EncodableVector v = new Asn1EncodableVector( - version, serialNumber, signature, issuer, validity); + public TbsCertificateStructure GenerateTbsCertificate() + { + if ((serialNumber == null) || (signature == null) + || (issuer == null) || (startDate == null) || (endDate == null) + || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null)) + { + throw new InvalidOperationException("not all mandatory fields set in V3 TBScertificate generator"); + } - if (subject != null) - { - v.Add(subject); - } - else - { - v.Add(DerSequence.Empty); - } + return TbsCertificateStructure.GetInstance(GenerateTbsStructure()); + } - v.Add(subjectPublicKeyInfo); + private Asn1Sequence GenerateTbsStructure() + { + Asn1EncodableVector v = new Asn1EncodableVector(10); - if (issuerUniqueID != null) - { - v.Add(new DerTaggedObject(false, 1, issuerUniqueID)); - } + v.Add(version); + v.Add(serialNumber); + v.AddOptional(signature); + v.Add(issuer); - if (subjectUniqueID != null) - { - v.Add(new DerTaggedObject(false, 2, subjectUniqueID)); - } + // + // before and after dates + // + v.Add(new DerSequence(startDate, endDate)); - if (extensions != null) + if (subject != null) { - v.Add(new DerTaggedObject(3, extensions)); + v.Add(subject); } + else + { + v.Add(DerSequence.Empty); + } + + v.Add(subjectPublicKeyInfo); + v.AddOptionalTagged(false, 1, issuerUniqueID); + v.AddOptionalTagged(false, 2, subjectUniqueID); + v.AddOptionalTagged(true, 3, extensions); - return new TbsCertificateStructure(new DerSequence(v)); + return new DerSequence(v); } } } |