diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-01-31 19:26:09 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2019-01-31 19:26:09 +0700 |
| commit | 65b588a45feb07f27716288ff15f784b5bf73812 (patch) | |
| tree | 41d4d9e5d939e32008460cee18d6fc3dd6857ce0 /crypto/src/cmp | |
| parent | removed unnecessary extra ECGOST3410 class (diff) | |
| download | BouncyCastle.NET-ed25519-65b588a45feb07f27716288ff15f784b5bf73812.tar.xz | |
Fixes and tidying up for release
Diffstat (limited to 'crypto/src/cmp')
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContent.cs | 13 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContentBuilder.cs | 40 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateStatus.cs | 34 | ||||
| -rw-r--r-- | crypto/src/cmp/CmpException.cs | 15 | ||||
| -rw-r--r-- | crypto/src/cmp/GeneralPkiMessage.cs | 27 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessage.cs | 50 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessageBuilder.cs | 36 | ||||
| -rw-r--r-- | crypto/src/cmp/RevocationDetails.cs | 13 | ||||
| -rw-r--r-- | crypto/src/cmp/RevocationDetailsBuilder.cs | 6 |
9 files changed, 112 insertions, 122 deletions
diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs index 13d1dab8e..ad46ca039 100644 --- a/crypto/src/cmp/CertificateConfirmationContent.cs +++ b/crypto/src/cmp/CertificateConfirmationContent.cs @@ -1,15 +1,14 @@ - -using Org.BouncyCastle.Cms; -using Org.BouncyCastle.Asn1.Cmp; +using System; +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Cms; namespace Org.BouncyCastle.Cmp { public class CertificateConfirmationContent { - private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private CertConfirmContent content; - + private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; + private readonly CertConfirmContent content; public CertificateConfirmationContent(CertConfirmContent content) { @@ -38,6 +37,6 @@ namespace Org.BouncyCastle.Cmp } return ret; - } + } } } diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs index 56f5d5ccb..611fa4449 100644 --- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs +++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs @@ -1,4 +1,6 @@ -using System.Collections; +using System; +using System.Collections; + using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; @@ -6,22 +8,24 @@ using Org.BouncyCastle.Cms; using Org.BouncyCastle.Crypto.IO; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cmp { public class CertificateConfirmationContentBuilder { - DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private ArrayList acceptedCerts = new ArrayList(); - private ArrayList acceptedReqIds = new ArrayList(); + private static readonly DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - public CertificateConfirmationContentBuilder() : this(new DefaultDigestAlgorithmIdentifierFinder()) - { + private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; + private readonly IList acceptedCerts = Platform.CreateArrayList(); + private readonly IList acceptedReqIds = Platform.CreateArrayList(); + public CertificateConfirmationContentBuilder() + : this(new DefaultDigestAlgorithmIdentifierFinder()) + { } - + public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) { this.digestAlgFinder = digestAlgFinder; @@ -40,27 +44,19 @@ namespace Org.BouncyCastle.Cmp Asn1EncodableVector v = new Asn1EncodableVector(); for (int i = 0; i != acceptedCerts.Count; i++) { - X509Certificate cert = (X509Certificate) acceptedCerts[i]; - BigInteger reqId = (BigInteger) acceptedReqIds[i]; + X509Certificate cert = (X509Certificate)acceptedCerts[i]; + BigInteger reqId = (BigInteger)acceptedReqIds[i]; - - AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName); + AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName); AlgorithmIdentifier digAlg = digestAlgFinder.find(algorithmIdentifier); - if (digAlg == null) - { + if (null == digAlg) throw new CmpException("cannot find algorithm for digest from signature"); - } - - DigestSink sink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm)); - - sink.Write(cert.GetEncoded()); - byte[] dig = new byte[sink.Digest.GetDigestSize()]; - sink.Digest.DoFinal(dig, 0); + byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded()); - v.Add(new CertStatus(dig,reqId)); + v.Add(new CertStatus(digest, reqId)); } return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)), diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs index 92a94ea05..0f1d9af9b 100644 --- a/crypto/src/cmp/CertificateStatus.cs +++ b/crypto/src/cmp/CertificateStatus.cs @@ -1,4 +1,6 @@ -using Org.BouncyCastle.Asn1.Cmp; +using System; + +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Cms; using Org.BouncyCastle.Crypto.IO; @@ -11,9 +13,10 @@ namespace Org.BouncyCastle.Cmp { public class CertificateStatus { - private DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private CertStatus certStatus; + private static readonly DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); + + private readonly DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; + private readonly CertStatus certStatus; public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus) { @@ -21,10 +24,10 @@ namespace Org.BouncyCastle.Cmp this.certStatus = certStatus; } - public PkiStatusInfo PkiStatusInfo - { - get { return certStatus.StatusInfo; } - } + public PkiStatusInfo PkiStatusInfo + { + get { return certStatus.StatusInfo; } + } public BigInteger CertRequestId { @@ -33,19 +36,12 @@ namespace Org.BouncyCastle.Cmp public bool IsVerified(X509Certificate cert) { + AlgorithmIdentifier digAlg = digestAlgFinder.find(sigAlgFinder.Find(cert.SigAlgName)); + if (null == digAlg) + throw new CmpException("cannot find algorithm for digest from signature " + cert.SigAlgName); - AlgorithmIdentifier digAlg = digestAlgFinder.find( sigAlgFinder.Find(cert.SigAlgName)); - if (digAlg == null) - { - throw new CmpException("cannot find algorithm for digest from signature "+cert.SigAlgName); - } - - DigestSink digestSink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm)); - - digestSink.Write(cert.GetEncoded()); + byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded()); - byte[] digest = new byte[digestSink.Digest.GetDigestSize()]; - digestSink.Digest.DoFinal(digest, 0); return Arrays.ConstantTimeAreEqual(certStatus.CertHash.GetOctets(), digest); } } diff --git a/crypto/src/cmp/CmpException.cs b/crypto/src/cmp/CmpException.cs index 2f50f7780..6594e8f2a 100644 --- a/crypto/src/cmp/CmpException.cs +++ b/crypto/src/cmp/CmpException.cs @@ -1,24 +1,21 @@ using System; -using System.Runtime.Serialization; - namespace Org.BouncyCastle.Cmp { - public class CmpException : Exception + public class CmpException + : Exception { public CmpException() { } - public CmpException(string message) : base(message) - { - } - - public CmpException(string message, Exception innerException) : base(message, innerException) + public CmpException(string message) + : base(message) { } - protected CmpException(SerializationInfo info, StreamingContext context) : base(info, context) + public CmpException(string message, Exception innerException) + : base(message, innerException) { } } diff --git a/crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/cmp/GeneralPkiMessage.cs index ad55a8005..9b12ee77b 100644 --- a/crypto/src/cmp/GeneralPkiMessage.cs +++ b/crypto/src/cmp/GeneralPkiMessage.cs @@ -1,20 +1,24 @@ -namespace Org.BouncyCastle.Asn1.Cmp +using System; + +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cmp; + +namespace Org.BouncyCastle.Cmp { - public class GeneralPKIMessage + public class GeneralPkiMessage { private readonly PkiMessage pkiMessage; - private static PkiMessage parseBytes(byte[] encoding) + private static PkiMessage ParseBytes(byte[] encoding) { return PkiMessage.GetInstance(Asn1Object.FromByteArray(encoding)); } - /// <summary> /// Wrap a PKIMessage ASN.1 structure. /// </summary> /// <param name="pkiMessage">PKI message.</param> - public GeneralPKIMessage(PkiMessage pkiMessage) + public GeneralPkiMessage(PkiMessage pkiMessage) { this.pkiMessage = pkiMessage; } @@ -23,24 +27,19 @@ /// Create a PKIMessage from the passed in bytes. /// </summary> /// <param name="encoding">BER/DER encoding of the PKIMessage</param> - public GeneralPKIMessage(byte[] encoding) : this(parseBytes(encoding)) + public GeneralPkiMessage(byte[] encoding) + : this(ParseBytes(encoding)) { } public PkiHeader Header { - get - { - return pkiMessage.Header; - } + get { return pkiMessage.Header; } } public PkiBody Body { - get - { - return pkiMessage.Body; - } + get { return pkiMessage.Body; } } /// <summary> diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs index d3cf4a524..bb5b5dc14 100644 --- a/crypto/src/cmp/ProtectedPkiMessage.cs +++ b/crypto/src/cmp/ProtectedPkiMessage.cs @@ -1,12 +1,12 @@ -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.X509; -using System; +using System; + using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Crmf; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Utilities; - -using Org.BouncyCastle.Crmf; +using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cmp { @@ -15,20 +15,17 @@ namespace Org.BouncyCastle.Cmp /// </summary> public class ProtectedPkiMessage { - private PkiMessage pkiMessage; + private readonly PkiMessage pkiMessage; /// <summary> /// Wrap a general message. /// </summary> /// <exception cref="ArgumentException">If the general message does not have protection.</exception> /// <param name="pkiMessage">The General message</param> - public ProtectedPkiMessage(GeneralPKIMessage pkiMessage) + public ProtectedPkiMessage(GeneralPkiMessage pkiMessage) { - if (!pkiMessage.HasProtection) - { throw new ArgumentException("pki message not protected"); - } this.pkiMessage = pkiMessage.ToAsn1Structure(); } @@ -40,10 +37,8 @@ namespace Org.BouncyCastle.Cmp /// <param name="pkiMessage">The PKI message</param> public ProtectedPkiMessage(PkiMessage pkiMessage) { - if (pkiMessage.Header.ProtectionAlg == null) - { + if (null == pkiMessage.Header.ProtectionAlg) throw new ArgumentException("pki message not protected"); - } this.pkiMessage = pkiMessage; } @@ -51,25 +46,37 @@ namespace Org.BouncyCastle.Cmp /// <summary> /// Message header /// </summary> - public PkiHeader Header { get { return pkiMessage.Header; } } + public PkiHeader Header + { + get { return pkiMessage.Header; } + } /// <summary> /// Message Body /// </summary> - public PkiBody Body { get { return pkiMessage.Body; } } + public PkiBody Body + { + get { return pkiMessage.Body; } + } /// <summary> /// Return the underlying ASN.1 structure contained in this object. /// </summary> /// <returns>PKI Message structure</returns> - public PkiMessage ToAsn1Message() { return pkiMessage; } + public PkiMessage ToAsn1Message() + { + return pkiMessage; + } /// <summary> /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[]) /// to verify the message if this method returns true. /// </summary> /// <returns>true if protection MAC PBE based, false otherwise.</returns> - public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } } + public bool HasPasswordBasedMacProtected + { + get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } + } /// <summary> /// Return the extra certificates associated with this message. @@ -78,11 +85,8 @@ namespace Org.BouncyCastle.Cmp public X509Certificate[] GetCertificates() { CmpCertificate[] certs = pkiMessage.GetExtraCerts(); - - if (certs == null) - { + if (null == certs) return new X509Certificate[0]; - } X509Certificate[] res = new X509Certificate[certs.Length]; for (int t = 0; t < certs.Length; t++) @@ -107,7 +111,7 @@ namespace Org.BouncyCastle.Cmp return result.IsVerified(pkiMessage.Protection.GetBytes()); } - private Object Process(IStreamCalculator streamCalculator) + private object Process(IStreamCalculator streamCalculator) { Asn1EncodableVector avec = new Asn1EncodableVector(); avec.Add(pkiMessage.Header); @@ -131,9 +135,7 @@ namespace Org.BouncyCastle.Cmp public bool Verify(PKMacBuilder pkMacBuilder, char[] password) { if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm)) - { throw new InvalidOperationException("protection algorithm is not mac based"); - } PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters); diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs index 3ee223ba8..8ce0d48dc 100644 --- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -1,10 +1,12 @@ using System; using System.Collections; + using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509; namespace Org.BouncyCastle.Cmp @@ -13,15 +15,14 @@ namespace Org.BouncyCastle.Cmp { private PkiHeaderBuilder hdrBuilBuilder; private PkiBody body; - private ArrayList generalInfos = new ArrayList(); - private ArrayList extraCerts = new ArrayList(); + private IList generalInfos = Platform.CreateArrayList(); + private IList extraCerts = Platform.CreateArrayList(); - public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient) : this(PkiHeader.CMP_2000, sender, - recipient) + public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient) + : this(PkiHeader.CMP_2000, sender, recipient) { } - public ProtectedPkiMessageBuilder(int pvno, GeneralName sender, GeneralName recipient) { hdrBuilBuilder = new PkiHeaderBuilder(pvno, sender, recipient); @@ -96,22 +97,21 @@ namespace Org.BouncyCastle.Cmp throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier"); } - FinalizeHeader((AlgorithmIdentifier) signatureFactory.AlgorithmDetails); + FinalizeHeader((AlgorithmIdentifier)signatureFactory.AlgorithmDetails); PkiHeader header = hdrBuilBuilder.Build(); DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); return FinalizeMessage(header, protection); } public ProtectedPkiMessage Build(IMacFactory factory) - { - IStreamCalculator calculator = factory.CreateCalculator(); - FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); - PkiHeader header = hdrBuilBuilder.Build(); - DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); - return FinalizeMessage(header, protection); + { + IStreamCalculator calculator = factory.CreateCalculator(); + FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); + PkiHeader header = hdrBuilBuilder.Build(); + DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); + return FinalizeMessage(header, protection); } - private void FinalizeHeader(AlgorithmIdentifier algorithmIdentifier) { hdrBuilBuilder.SetProtectionAlg(algorithmIdentifier); @@ -120,7 +120,7 @@ namespace Org.BouncyCastle.Cmp InfoTypeAndValue[] genInfos = new InfoTypeAndValue[generalInfos.Count]; for (int t = 0; t < genInfos.Length; t++) { - genInfos[t] = (InfoTypeAndValue) generalInfos[t]; + genInfos[t] = (InfoTypeAndValue)generalInfos[t]; } hdrBuilBuilder.SetGeneralInfo(genInfos); @@ -134,7 +134,7 @@ namespace Org.BouncyCastle.Cmp CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count]; for (int i = 0; i < cmpCertificates.Length; i++) { - byte[] cert = ((X509Certificate) extraCerts[i]).GetEncoded(); + byte[] cert = ((X509Certificate)extraCerts[i]).GetEncoded(); cmpCertificates[i] = CmpCertificate.GetInstance((Asn1Sequence.FromByteArray(cert))); } @@ -151,7 +151,7 @@ namespace Org.BouncyCastle.Cmp avec.Add(body); byte[] encoded = new DerSequence(avec).GetEncoded(); signer.Stream.Write(encoded, 0, encoded.Length); - Object result = signer.GetResult(); + object result = signer.GetResult(); if (result is DefaultSignatureResult) { @@ -163,10 +163,10 @@ namespace Org.BouncyCastle.Cmp } else if (result is byte[]) { - return (byte[]) result; + return (byte[])result; } throw new InvalidOperationException("result is not byte[] or DefaultSignatureResult"); } } -} \ No newline at end of file +} diff --git a/crypto/src/cmp/RevocationDetails.cs b/crypto/src/cmp/RevocationDetails.cs index 6e1cb34c3..2d3f9a5eb 100644 --- a/crypto/src/cmp/RevocationDetails.cs +++ b/crypto/src/cmp/RevocationDetails.cs @@ -1,4 +1,6 @@ -using Org.BouncyCastle.Asn1.Cmp; +using System; + +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Math; @@ -6,7 +8,7 @@ namespace Org.BouncyCastle.Cmp { public class RevocationDetails { - private RevDetails revDetails; + private readonly RevDetails revDetails; public RevocationDetails(RevDetails revDetails) { @@ -25,10 +27,7 @@ namespace Org.BouncyCastle.Cmp public BigInteger SerialNumber { - get - { - return revDetails.CertDetails.SerialNumber.Value; // getCertDetails().getSerialNumber().getValue(); - } + get { return revDetails.CertDetails.SerialNumber.Value; } } public RevDetails ToASN1Structure() @@ -36,4 +35,4 @@ namespace Org.BouncyCastle.Cmp return revDetails; } } -} \ No newline at end of file +} diff --git a/crypto/src/cmp/RevocationDetailsBuilder.cs b/crypto/src/cmp/RevocationDetailsBuilder.cs index 464c0bb13..b3be01242 100644 --- a/crypto/src/cmp/RevocationDetailsBuilder.cs +++ b/crypto/src/cmp/RevocationDetailsBuilder.cs @@ -1,4 +1,6 @@ -using Org.BouncyCastle.Asn1; +using System; + +using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Asn1.X509; @@ -50,7 +52,7 @@ namespace Org.BouncyCastle.Cmp return this; } - public RevocationDetails build() + public RevocationDetails Build() { return new RevocationDetails(new RevDetails(_templateBuilder.Build())); } |