diff options
| author | Megan Woods <megan@flygfisk.com> | 2019-01-15 14:55:39 +1100 |
|---|---|---|
| committer | Megan Woods <megan@flygfisk.com> | 2019-01-15 14:55:39 +1100 |
| commit | 6614f7fda643ebb09a1c21979a067fab17c3ab6c (patch) | |
| tree | fffaf374910dd8eb533fe23139d896fe8d42fbdd /crypto/src/cmp/ProtectedPkiMessage.cs | |
| parent | first cut on Pkcs8 (diff) | |
| download | BouncyCastle.NET-ed25519-6614f7fda643ebb09a1c21979a067fab17c3ab6c.tar.xz | |
Updated C# doc.
Removed EJBCA EnrollmentTest as it s not viable to produce an example on .Net Framework 2.0
Diffstat (limited to 'crypto/src/cmp/ProtectedPkiMessage.cs')
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessage.cs | 81 |
1 files changed, 59 insertions, 22 deletions
diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs index 159f08722..d3cf4a524 100644 --- a/crypto/src/cmp/ProtectedPkiMessage.cs +++ b/crypto/src/cmp/ProtectedPkiMessage.cs @@ -1,30 +1,30 @@ using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.X509; using System; -using System.Collections.Generic; -using System.Text; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Crmf; -using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Paddings; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; + using Org.BouncyCastle.Crmf; namespace Org.BouncyCastle.Cmp { - + /// <summary> + /// Wrapper for a PKIMessage with protection attached to it. + /// </summary> public class ProtectedPkiMessage { private PkiMessage pkiMessage; - + /// <summary> + /// Wrap a general message. + /// </summary> + /// <exception cref="ArgumentException">If the general message does not have protection.</exception> + /// <param name="pkiMessage">The General message</param> public ProtectedPkiMessage(GeneralPKIMessage pkiMessage) { - + if (!pkiMessage.HasProtection) { throw new ArgumentException("pki message not protected"); @@ -32,7 +32,12 @@ namespace Org.BouncyCastle.Cmp this.pkiMessage = pkiMessage.ToAsn1Structure(); } - + + /// <summary> + /// Wrap a PKI message. + /// </summary> + /// <exception cref="ArgumentException">If the PKI message does not have protection.</exception> + /// <param name="pkiMessage">The PKI message</param> public ProtectedPkiMessage(PkiMessage pkiMessage) { if (pkiMessage.Header.ProtectionAlg == null) @@ -43,13 +48,33 @@ namespace Org.BouncyCastle.Cmp this.pkiMessage = pkiMessage; } + /// <summary> + /// Message header + /// </summary> public PkiHeader Header { get { return pkiMessage.Header; } } + + /// <summary> + /// Message Body + /// </summary> public PkiBody Body { get { return pkiMessage.Body; } } + /// <summary> + /// Return the underlying ASN.1 structure contained in this object. + /// </summary> + /// <returns>PKI Message structure</returns> public PkiMessage ToAsn1Message() { return pkiMessage; } + /// <summary> + /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[]) + /// to verify the message if this method returns true. + /// </summary> + /// <returns>true if protection MAC PBE based, false otherwise.</returns> public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } } + /// <summary> + /// Return the extra certificates associated with this message. + /// </summary> + /// <returns>an array of extra certificates, zero length if none present.</returns> public X509Certificate[] GetCertificates() { CmpCertificate[] certs = pkiMessage.GetExtraCerts(); @@ -60,7 +85,7 @@ namespace Org.BouncyCastle.Cmp } X509Certificate[] res = new X509Certificate[certs.Length]; - for (int t=0; t<certs.Length;t++) + for (int t = 0; t < certs.Length; t++) { res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded())); } @@ -68,6 +93,11 @@ namespace Org.BouncyCastle.Cmp return res; } + /// <summary> + /// Verify a message with a public key based signature attached. + /// </summary> + /// <param name="verifierFactory">a factory of signature verifiers.</param> + /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns> public bool Verify(IVerifierFactory verifierFactory) { IStreamCalculator streamCalculator = verifierFactory.CreateCalculator(); @@ -79,18 +109,25 @@ namespace Org.BouncyCastle.Cmp private Object Process(IStreamCalculator streamCalculator) { - Asn1EncodableVector avec = new Asn1EncodableVector(); - avec.Add(pkiMessage.Header); - avec.Add(pkiMessage.Body); - byte[] enc = new DerSequence(avec).GetDerEncoded(); - - streamCalculator.Stream.Write(enc,0,enc.Length); - streamCalculator.Stream.Flush(); - streamCalculator.Stream.Close(); - - return streamCalculator.GetResult(); + Asn1EncodableVector avec = new Asn1EncodableVector(); + avec.Add(pkiMessage.Header); + avec.Add(pkiMessage.Body); + byte[] enc = new DerSequence(avec).GetDerEncoded(); + + streamCalculator.Stream.Write(enc, 0, enc.Length); + streamCalculator.Stream.Flush(); + streamCalculator.Stream.Close(); + + return streamCalculator.GetResult(); } + /// <summary> + /// Verify a message with password based MAC protection. + /// </summary> + /// <param name="pkMacBuilder">MAC builder that can be used to construct the appropriate MacCalculator</param> + /// <param name="password">the MAC password</param> + /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns> + /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception> public bool Verify(PKMacBuilder pkMacBuilder, char[] password) { if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm)) |