diff options
| author | Megan Woods <megan@flygfisk.com> | 2019-01-15 14:55:39 +1100 |
|---|---|---|
| committer | Megan Woods <megan@flygfisk.com> | 2019-01-15 14:55:39 +1100 |
| commit | 6614f7fda643ebb09a1c21979a067fab17c3ab6c (patch) | |
| tree | fffaf374910dd8eb533fe23139d896fe8d42fbdd /crypto/src/cmp | |
| parent | first cut on Pkcs8 (diff) | |
| download | BouncyCastle.NET-ed25519-6614f7fda643ebb09a1c21979a067fab17c3ab6c.tar.xz | |
Updated C# doc.
Removed EJBCA EnrollmentTest as it s not viable to produce an example on .Net Framework 2.0
Diffstat (limited to 'crypto/src/cmp')
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContent.cs | 4 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContentBuilder.cs | 5 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateStatus.cs | 5 | ||||
| -rw-r--r-- | crypto/src/cmp/CmpException.cs | 3 | ||||
| -rw-r--r-- | crypto/src/cmp/GeneralPkiMessage.cs | 25 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessage.cs | 81 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessageBuilder.cs | 2 |
7 files changed, 81 insertions, 44 deletions
diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs index 882bd2091..13d1dab8e 100644 --- a/crypto/src/cmp/CertificateConfirmationContent.cs +++ b/crypto/src/cmp/CertificateConfirmationContent.cs @@ -1,6 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Text; + using Org.BouncyCastle.Cms; using Org.BouncyCastle.Asn1.Cmp; diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs index 126484917..56f5d5ccb 100644 --- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs +++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs @@ -1,7 +1,4 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.Text; +using System.Collections; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs index e8c3546dd..92a94ea05 100644 --- a/crypto/src/cmp/CertificateStatus.cs +++ b/crypto/src/cmp/CertificateStatus.cs @@ -1,7 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Text; -using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Cms; using Org.BouncyCastle.Crypto.IO; diff --git a/crypto/src/cmp/CmpException.cs b/crypto/src/cmp/CmpException.cs index 7ecdf5af8..2f50f7780 100644 --- a/crypto/src/cmp/CmpException.cs +++ b/crypto/src/cmp/CmpException.cs @@ -1,7 +1,6 @@ using System; -using System.Collections.Generic; using System.Runtime.Serialization; -using System.Text; + namespace Org.BouncyCastle.Cmp { diff --git a/crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/cmp/GeneralPkiMessage.cs index d91b8ef7e..ad55a8005 100644 --- a/crypto/src/cmp/GeneralPkiMessage.cs +++ b/crypto/src/cmp/GeneralPkiMessage.cs @@ -1,8 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Text; - -namespace Org.BouncyCastle.Asn1.Cmp +namespace Org.BouncyCastle.Asn1.Cmp { public class GeneralPKIMessage { @@ -13,17 +9,28 @@ namespace Org.BouncyCastle.Asn1.Cmp return PkiMessage.GetInstance(Asn1Object.FromByteArray(encoding)); } + + /// <summary> + /// Wrap a PKIMessage ASN.1 structure. + /// </summary> + /// <param name="pkiMessage">PKI message.</param> public GeneralPKIMessage(PkiMessage pkiMessage) { this.pkiMessage = pkiMessage; } + /// <summary> + /// Create a PKIMessage from the passed in bytes. + /// </summary> + /// <param name="encoding">BER/DER encoding of the PKIMessage</param> public GeneralPKIMessage(byte[] encoding) : this(parseBytes(encoding)) { } - public PkiHeader Header { - get { + public PkiHeader Header + { + get + { return pkiMessage.Header; } } @@ -36,6 +43,10 @@ namespace Org.BouncyCastle.Asn1.Cmp } } + /// <summary> + /// Return true if this message has protection bits on it. A return value of true + /// indicates the message can be used to construct a ProtectedPKIMessage. + /// </summary> public bool HasProtection { get { return pkiMessage.Protection != null; } diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs index 159f08722..d3cf4a524 100644 --- a/crypto/src/cmp/ProtectedPkiMessage.cs +++ b/crypto/src/cmp/ProtectedPkiMessage.cs @@ -1,30 +1,30 @@ using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.X509; using System; -using System.Collections.Generic; -using System.Text; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Crmf; -using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Paddings; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; + using Org.BouncyCastle.Crmf; namespace Org.BouncyCastle.Cmp { - + /// <summary> + /// Wrapper for a PKIMessage with protection attached to it. + /// </summary> public class ProtectedPkiMessage { private PkiMessage pkiMessage; - + /// <summary> + /// Wrap a general message. + /// </summary> + /// <exception cref="ArgumentException">If the general message does not have protection.</exception> + /// <param name="pkiMessage">The General message</param> public ProtectedPkiMessage(GeneralPKIMessage pkiMessage) { - + if (!pkiMessage.HasProtection) { throw new ArgumentException("pki message not protected"); @@ -32,7 +32,12 @@ namespace Org.BouncyCastle.Cmp this.pkiMessage = pkiMessage.ToAsn1Structure(); } - + + /// <summary> + /// Wrap a PKI message. + /// </summary> + /// <exception cref="ArgumentException">If the PKI message does not have protection.</exception> + /// <param name="pkiMessage">The PKI message</param> public ProtectedPkiMessage(PkiMessage pkiMessage) { if (pkiMessage.Header.ProtectionAlg == null) @@ -43,13 +48,33 @@ namespace Org.BouncyCastle.Cmp this.pkiMessage = pkiMessage; } + /// <summary> + /// Message header + /// </summary> public PkiHeader Header { get { return pkiMessage.Header; } } + + /// <summary> + /// Message Body + /// </summary> public PkiBody Body { get { return pkiMessage.Body; } } + /// <summary> + /// Return the underlying ASN.1 structure contained in this object. + /// </summary> + /// <returns>PKI Message structure</returns> public PkiMessage ToAsn1Message() { return pkiMessage; } + /// <summary> + /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[]) + /// to verify the message if this method returns true. + /// </summary> + /// <returns>true if protection MAC PBE based, false otherwise.</returns> public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } } + /// <summary> + /// Return the extra certificates associated with this message. + /// </summary> + /// <returns>an array of extra certificates, zero length if none present.</returns> public X509Certificate[] GetCertificates() { CmpCertificate[] certs = pkiMessage.GetExtraCerts(); @@ -60,7 +85,7 @@ namespace Org.BouncyCastle.Cmp } X509Certificate[] res = new X509Certificate[certs.Length]; - for (int t=0; t<certs.Length;t++) + for (int t = 0; t < certs.Length; t++) { res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded())); } @@ -68,6 +93,11 @@ namespace Org.BouncyCastle.Cmp return res; } + /// <summary> + /// Verify a message with a public key based signature attached. + /// </summary> + /// <param name="verifierFactory">a factory of signature verifiers.</param> + /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns> public bool Verify(IVerifierFactory verifierFactory) { IStreamCalculator streamCalculator = verifierFactory.CreateCalculator(); @@ -79,18 +109,25 @@ namespace Org.BouncyCastle.Cmp private Object Process(IStreamCalculator streamCalculator) { - Asn1EncodableVector avec = new Asn1EncodableVector(); - avec.Add(pkiMessage.Header); - avec.Add(pkiMessage.Body); - byte[] enc = new DerSequence(avec).GetDerEncoded(); - - streamCalculator.Stream.Write(enc,0,enc.Length); - streamCalculator.Stream.Flush(); - streamCalculator.Stream.Close(); - - return streamCalculator.GetResult(); + Asn1EncodableVector avec = new Asn1EncodableVector(); + avec.Add(pkiMessage.Header); + avec.Add(pkiMessage.Body); + byte[] enc = new DerSequence(avec).GetDerEncoded(); + + streamCalculator.Stream.Write(enc, 0, enc.Length); + streamCalculator.Stream.Flush(); + streamCalculator.Stream.Close(); + + return streamCalculator.GetResult(); } + /// <summary> + /// Verify a message with password based MAC protection. + /// </summary> + /// <param name="pkMacBuilder">MAC builder that can be used to construct the appropriate MacCalculator</param> + /// <param name="password">the MAC password</param> + /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns> + /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception> public bool Verify(PKMacBuilder pkMacBuilder, char[] password) { if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm)) diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs index e660f844a..3ee223ba8 100644 --- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -1,13 +1,11 @@ using System; using System.Collections; -using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.X509; -using Org.BouncyCastle.Crmf; namespace Org.BouncyCastle.Cmp { |