summary refs log tree commit diff
path: root/crypto/src/asn1
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-04-04 21:20:26 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-04-04 21:20:26 +0700
commitaa027f072fe8f7871950cd256b2e04f12c1d4551 (patch)
tree47c4bb1a5b813f7cb82a68ed6b87f431d075a97a /crypto/src/asn1
parentAdd constructor from template CRL (diff)
downloadBouncyCastle.NET-ed25519-aa027f072fe8f7871950cd256b2e04f12c1d4551.tar.xz
X509: generation/validation of alternative signatures for certs and CRLs.
Diffstat (limited to 'crypto/src/asn1')
-rw-r--r--crypto/src/asn1/x509/TBSCertList.cs29
-rw-r--r--crypto/src/asn1/x509/TBSCertificateStructure.cs32
-rw-r--r--crypto/src/asn1/x509/V1TBSCertificateGenerator.cs2
-rw-r--r--crypto/src/asn1/x509/V2TBSCertListGenerator.cs66
-rw-r--r--crypto/src/asn1/x509/V3TBSCertificateGenerator.cs104
5 files changed, 111 insertions, 122 deletions
diff --git a/crypto/src/asn1/x509/TBSCertList.cs b/crypto/src/asn1/x509/TBSCertList.cs
index 4cfb44c90..fb8a9907c 100644
--- a/crypto/src/asn1/x509/TBSCertList.cs
+++ b/crypto/src/asn1/x509/TBSCertList.cs
@@ -144,32 +144,21 @@ namespace Org.BouncyCastle.Asn1.X509
 		internal Asn1Sequence			revokedCertificates;
 		internal X509Extensions			crlExtensions;
 
-		public static TbsCertificateList GetInstance(
-            Asn1TaggedObject	obj,
-            bool				explicitly)
+		public static TbsCertificateList GetInstance(object obj)
         {
-            return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
+			if (obj == null)
+				return null;
+			if (obj is TbsCertificateList tbsCertificateList)
+				return tbsCertificateList;
+			return new TbsCertificateList(Asn1Sequence.GetInstance(obj));
         }
 
-		public static TbsCertificateList GetInstance(
-            object obj)
+        public static TbsCertificateList GetInstance(Asn1TaggedObject obj, bool explicitly)
         {
-            TbsCertificateList list = obj as TbsCertificateList;
-
-			if (obj == null || list != null)
-            {
-                return list;
-            }
-
-			if (obj is Asn1Sequence)
-            {
-                return new TbsCertificateList((Asn1Sequence) obj);
-            }
-
-            throw new ArgumentException("unknown object in factory: " + Platform.GetTypeName(obj), "obj");
+            return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
         }
 
-		internal TbsCertificateList(Asn1Sequence seq)
+        private TbsCertificateList(Asn1Sequence seq)
         {
 			if (seq.Count < 3 || seq.Count > 7)
 				throw new ArgumentException("Bad sequence size: " + seq.Count);
diff --git a/crypto/src/asn1/x509/TBSCertificateStructure.cs b/crypto/src/asn1/x509/TBSCertificateStructure.cs
index e1fba2488..e41224f4a 100644
--- a/crypto/src/asn1/x509/TBSCertificateStructure.cs
+++ b/crypto/src/asn1/x509/TBSCertificateStructure.cs
@@ -39,27 +39,21 @@ namespace Org.BouncyCastle.Asn1.X509
 		internal DerBitString            subjectUniqueID;
 		internal X509Extensions          extensions;
 
-		public static TbsCertificateStructure GetInstance(
-			Asn1TaggedObject	obj,
-			bool				explicitly)
-		{
-			return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
-		}
-
-		public static TbsCertificateStructure GetInstance(
-			object obj)
-		{
-			if (obj is TbsCertificateStructure)
-				return (TbsCertificateStructure) obj;
-
-			if (obj != null)
-				return new TbsCertificateStructure(Asn1Sequence.GetInstance(obj));
+        public static TbsCertificateStructure GetInstance(object obj)
+        {
+            if (obj == null)
+                return null;
+            if (obj is TbsCertificateStructure tbsCertificateStructure)
+                return tbsCertificateStructure;
+            return new TbsCertificateStructure(Asn1Sequence.GetInstance(obj));
+        }
 
-			return null;
-		}
+        public static TbsCertificateStructure GetInstance(Asn1TaggedObject obj, bool explicitly)
+        {
+            return GetInstance(Asn1Sequence.GetInstance(obj, explicitly));
+        }
 
-		internal TbsCertificateStructure(
-			Asn1Sequence seq)
+        private TbsCertificateStructure(Asn1Sequence seq)
 		{
 			int seqStart = 0;
 
diff --git a/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs b/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs
index 9cbff1ef0..7c191b263 100644
--- a/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs
+++ b/crypto/src/asn1/x509/V1TBSCertificateGenerator.cs
@@ -94,7 +94,7 @@ namespace Org.BouncyCastle.Asn1.X509
                 throw new InvalidOperationException("not all mandatory fields set in V1 TBScertificate generator");
             }
 
-			return new TbsCertificateStructure(
+			return TbsCertificateStructure.GetInstance(
 				new DerSequence(
 					//version, - not required as default value
 					serialNumber,
diff --git a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs
index bf016c22d..d744ed664 100644
--- a/crypto/src/asn1/x509/V2TBSCertListGenerator.cs
+++ b/crypto/src/asn1/x509/V2TBSCertListGenerator.cs
@@ -40,40 +40,34 @@ namespace Org.BouncyCastle.Asn1.X509
         {
         }
 
-		public void SetSignature(
-            AlgorithmIdentifier signature)
+		public void SetSignature(AlgorithmIdentifier signature)
         {
             this.signature = signature;
         }
 
-		public void SetIssuer(
-            X509Name issuer)
+		public void SetIssuer(X509Name issuer)
         {
             this.issuer = issuer;
         }
 
-		public void SetThisUpdate(
-            Asn1UtcTime thisUpdate)
+		public void SetThisUpdate(Asn1UtcTime thisUpdate)
         {
             this.thisUpdate = new Time(thisUpdate);
         }
 
-		public void SetNextUpdate(
-            Asn1UtcTime nextUpdate)
+		public void SetNextUpdate(Asn1UtcTime nextUpdate)
         {
             this.nextUpdate = (nextUpdate != null)
 				?	new Time(nextUpdate)
 				:	null;
         }
 
-		public void SetThisUpdate(
-            Time thisUpdate)
+		public void SetThisUpdate(Time thisUpdate)
         {
             this.thisUpdate = thisUpdate;
         }
 
-		public void SetNextUpdate(
-            Time nextUpdate)
+		public void SetNextUpdate(Time nextUpdate)
         {
             this.nextUpdate = nextUpdate;
         }
@@ -154,39 +148,49 @@ namespace Org.BouncyCastle.Asn1.X509
 			AddCrlEntry(new DerSequence(v));
 		}
 
-		public void SetExtensions(
-            X509Extensions extensions)
+		public void SetExtensions(X509Extensions extensions)
         {
             this.extensions = extensions;
         }
 
-		public TbsCertificateList GenerateTbsCertList()
+        public Asn1Sequence GeneratePreTbsCertList()
+        {
+            if (signature != null)
+                throw new InvalidOperationException("signature should not be set in PreTBSCertList generator");
+
+            if ((issuer == null) || (thisUpdate == null))
+                throw new InvalidOperationException("Not all mandatory fields set in V2 PreTBSCertList generator");
+
+            return GenerateTbsCertificateStructure();
+        }
+
+        public TbsCertificateList GenerateTbsCertList()
         {
             if ((signature == null) || (issuer == null) || (thisUpdate == null))
-            {
                 throw new InvalidOperationException("Not all mandatory fields set in V2 TbsCertList generator.");
-            }
 
-			Asn1EncodableVector v = new Asn1EncodableVector(
-				version, signature, issuer, thisUpdate);
+            return TbsCertificateList.GetInstance(GenerateTbsCertificateStructure());
+        }
 
-			if (nextUpdate != null)
-            {
-                v.Add(nextUpdate);
-            }
+        private Asn1Sequence GenerateTbsCertificateStructure()
+        {
+            Asn1EncodableVector v = new Asn1EncodableVector(7);
 
-			// Add CRLEntries if they exist
-            if (crlEntries != null)
-            {
-				v.Add(new DerSequence(crlEntries.ToArray()));
-            }
+            v.Add(version);
+            v.AddOptional(signature);
+            v.Add(issuer);
+            v.Add(thisUpdate);
+            v.AddOptional(nextUpdate);
 
-			if (extensions != null)
+            // Add CRLEntries if they exist
+            if (crlEntries != null && crlEntries.Count > 0)
             {
-                v.Add(new DerTaggedObject(0, extensions));
+                v.Add(new DerSequence(crlEntries.ToArray()));
             }
 
-			return new TbsCertificateList(new DerSequence(v));
+            v.AddOptionalTagged(true, 0, extensions);
+
+            return new DerSequence(v);
         }
     }
 }
diff --git a/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs b/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs
index 544582ddb..f58e4a7ab 100644
--- a/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs
+++ b/crypto/src/asn1/x509/V3TBSCertificateGenerator.cs
@@ -39,74 +39,62 @@ namespace Org.BouncyCastle.Asn1.X509
         {
         }
 
-		public void SetSerialNumber(
-            DerInteger serialNumber)
+		public void SetSerialNumber(DerInteger serialNumber)
         {
             this.serialNumber = serialNumber;
         }
 
-		public void SetSignature(
-            AlgorithmIdentifier signature)
+		public void SetSignature(AlgorithmIdentifier signature)
         {
             this.signature = signature;
         }
 
-		public void SetIssuer(
-            X509Name issuer)
+		public void SetIssuer(X509Name issuer)
         {
             this.issuer = issuer;
         }
 
-		public void SetStartDate(
-            Asn1UtcTime startDate)
+		public void SetStartDate(Asn1UtcTime startDate)
         {
             this.startDate = new Time(startDate);
         }
 
-		public void SetStartDate(
-            Time startDate)
+		public void SetStartDate(Time startDate)
         {
             this.startDate = startDate;
         }
 
-		public void SetEndDate(
-            Asn1UtcTime endDate)
+		public void SetEndDate(Asn1UtcTime endDate)
         {
             this.endDate = new Time(endDate);
         }
 
-		public void SetEndDate(
-            Time endDate)
+		public void SetEndDate(Time endDate)
         {
             this.endDate = endDate;
         }
 
-		public void SetSubject(
-            X509Name subject)
+		public void SetSubject(X509Name subject)
         {
             this.subject = subject;
         }
 
-		public void SetIssuerUniqueID(
-			DerBitString uniqueID)
+		public void SetIssuerUniqueID(DerBitString uniqueID)
 		{
 			this.issuerUniqueID = uniqueID;
 		}
 
-		public void SetSubjectUniqueID(
-			DerBitString uniqueID)
+		public void SetSubjectUniqueID(DerBitString uniqueID)
 		{
 			this.subjectUniqueID = uniqueID;
 		}
 
-		public void SetSubjectPublicKeyInfo(
-            SubjectPublicKeyInfo pubKeyInfo)
+		public void SetSubjectPublicKeyInfo(SubjectPublicKeyInfo pubKeyInfo)
         {
             this.subjectPublicKeyInfo = pubKeyInfo;
         }
 
-		public void SetExtensions(
-            X509Extensions extensions)
+		public void SetExtensions(X509Extensions extensions)
         {
             this.extensions = extensions;
 
@@ -121,48 +109,62 @@ namespace Org.BouncyCastle.Asn1.X509
 			}
 		}
 
-		public TbsCertificateStructure GenerateTbsCertificate()
+        public Asn1Sequence GeneratePreTbsCertificate()
         {
-            if ((serialNumber == null) || (signature == null)
+            if (signature != null)
+                throw new InvalidOperationException("signature field should not be set in PreTBSCertificate");
+
+            if ((serialNumber == null)
                 || (issuer == null) || (startDate == null) || (endDate == null)
-				|| (subject == null && !altNamePresentAndCritical)
-				|| (subjectPublicKeyInfo == null))
+                || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null))
             {
                 throw new InvalidOperationException("not all mandatory fields set in V3 TBScertificate generator");
             }
 
-			DerSequence validity = new DerSequence(startDate, endDate); // before and after dates
+            return GenerateTbsStructure();
+        }
 
-			Asn1EncodableVector v = new Asn1EncodableVector(
-				version, serialNumber, signature, issuer, validity);
+        public TbsCertificateStructure GenerateTbsCertificate()
+        {
+            if ((serialNumber == null) || (signature == null)
+                || (issuer == null) || (startDate == null) || (endDate == null)
+                || (subject == null && !altNamePresentAndCritical) || (subjectPublicKeyInfo == null))
+            {
+                throw new InvalidOperationException("not all mandatory fields set in V3 TBScertificate generator");
+            }
 
-			if (subject != null)
-			{
-				v.Add(subject);
-			}
-			else
-			{
-				v.Add(DerSequence.Empty);
-			}
+            return TbsCertificateStructure.GetInstance(GenerateTbsStructure());
+        }
 
-			v.Add(subjectPublicKeyInfo);
+        private Asn1Sequence GenerateTbsStructure()
+        {
+            Asn1EncodableVector v = new Asn1EncodableVector(10);
 
-			if (issuerUniqueID != null)
-			{
-				v.Add(new DerTaggedObject(false, 1, issuerUniqueID));
-			}
+            v.Add(version);
+            v.Add(serialNumber);
+            v.AddOptional(signature);
+            v.Add(issuer);
 
-			if (subjectUniqueID != null)
-			{
-				v.Add(new DerTaggedObject(false, 2, subjectUniqueID));
-			}
+            //
+            // before and after dates
+            //
+            v.Add(new DerSequence(startDate, endDate));
 
-			if (extensions != null)
+            if (subject != null)
             {
-                v.Add(new DerTaggedObject(3, extensions));
+                v.Add(subject);
             }
+            else
+            {
+                v.Add(DerSequence.Empty);
+            }
+
+            v.Add(subjectPublicKeyInfo);
+            v.AddOptionalTagged(false, 1, issuerUniqueID);
+            v.AddOptionalTagged(false, 2, subjectUniqueID);
+            v.AddOptionalTagged(true, 3, extensions);
 
-			return new TbsCertificateStructure(new DerSequence(v));
+            return new DerSequence(v);
         }
     }
 }