diff options
author | David Hook <dgh@bouncycastle.org> | 2015-10-16 09:30:29 +1100 |
---|---|---|
committer | David Hook <dgh@bouncycastle.org> | 2015-10-16 09:30:29 +1100 |
commit | b18da3a6bc82e3b0119edb7184db15ba3bc12c8a (patch) | |
tree | a0e0850341d707010999a6b5317a37eb9ac40242 /crypto/src/x509/X509Crl.cs | |
parent | Close files after reading (diff) | |
download | BouncyCastle.NET-ed25519-b18da3a6bc82e3b0119edb7184db15ba3bc12c8a.tar.xz |
Further work of signature/verification calculators.
Added IBlockResult and IVerifier Added verifier provider verify methods to X.509 PKCS#10 classes.
Diffstat (limited to 'crypto/src/x509/X509Crl.cs')
-rw-r--r-- | crypto/src/x509/X509Crl.cs | 51 |
1 files changed, 37 insertions, 14 deletions
diff --git a/crypto/src/x509/X509Crl.cs b/crypto/src/x509/X509Crl.cs index 7d0e7aa72..1746960fb 100644 --- a/crypto/src/x509/X509Crl.cs +++ b/crypto/src/x509/X509Crl.cs @@ -14,6 +14,7 @@ using Org.BouncyCastle.Utilities.Collections; using Org.BouncyCastle.Utilities.Date; using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.X509.Extension; +using Org.BouncyCastle.Crypto.Operators; namespace Org.BouncyCastle.X509 { @@ -83,24 +84,46 @@ namespace Org.BouncyCastle.X509 public virtual void Verify( AsymmetricKeyParameter publicKey) { - if (!c.SignatureAlgorithm.Equals(c.TbsCertList.Signature)) - { - throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList."); - } + Verify(new Asn1SignatureVerifierProvider(publicKey)); + } - ISigner sig = SignerUtilities.GetSigner(SigAlgName); - sig.Init(false, publicKey); + /// <summary> + /// Verify the CRL's signature using a verifier created using the passed in verifier provider. + /// </summary> + /// <param name="verifierProvider">An appropriate provider for verifying the CRL's signature.</param> + /// <returns>True if the signature is valid.</returns> + /// <exception cref="Exception">If verifier provider is not appropriate or the CRL algorithm is invalid.</exception> + public virtual void Verify( + ISignatureVerifierProvider verifierProvider) + { + CheckSignature(verifierProvider.CreateSignatureVerifier(c.SignatureAlgorithm)); + } - byte[] encoded = this.GetTbsCertList(); - sig.BlockUpdate(encoded, 0, encoded.Length); + protected virtual void CheckSignature( + ISignatureVerifier verifier) + { + if (!c.SignatureAlgorithm.Equals(c.TbsCertList.Signature)) + { + throw new CrlException("Signature algorithm on CertificateList does not match TbsCertList."); + } - if (!sig.VerifySignature(this.GetSignature())) - { - throw new SignatureException("CRL does not verify with supplied public key."); - } - } + Asn1Encodable parameters = c.SignatureAlgorithm.Parameters; + + IStreamCalculator streamCalculator = verifier.CreateCalculator(); + + byte[] b = this.GetTbsCertList(); + + streamCalculator.Stream.Write(b, 0, b.Length); + + streamCalculator.Stream.Close(); + + if (!((IVerifier)streamCalculator.GetResult()).IsVerified(this.GetSignature())) + { + throw new InvalidKeyException("CRL does not verify with supplied public key."); + } + } - public virtual int Version + public virtual int Version { get { return c.Version; } } |