diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-04 21:20:26 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-04 21:20:26 +0700 |
commit | aa027f072fe8f7871950cd256b2e04f12c1d4551 (patch) | |
tree | 47c4bb1a5b813f7cb82a68ed6b87f431d075a97a /crypto/src/x509/X509V2CRLGenerator.cs | |
parent | Add constructor from template CRL (diff) | |
download | BouncyCastle.NET-ed25519-aa027f072fe8f7871950cd256b2e04f12c1d4551.tar.xz |
X509: generation/validation of alternative signatures for certs and CRLs.
Diffstat (limited to 'crypto/src/x509/X509V2CRLGenerator.cs')
-rw-r--r-- | crypto/src/x509/X509V2CRLGenerator.cs | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs index d7c72d673..358dc63de 100644 --- a/crypto/src/x509/X509V2CRLGenerator.cs +++ b/crypto/src/x509/X509V2CRLGenerator.cs @@ -217,18 +217,38 @@ namespace Org.BouncyCastle.X509 tbsGen.SetExtensions(extGenerator.Generate()); } - TbsCertificateList tbsCertList = tbsGen.GenerateTbsCertList(); + var tbsCertList = tbsGen.GenerateTbsCertList(); - IStreamCalculator<IBlockResult> streamCalculator = signatureFactory.CreateCalculator(); - using (var sigStream = streamCalculator.Stream) - { - tbsCertList.EncodeTo(sigStream, Asn1Encodable.Der); - } + var signature = X509Utilities.GenerateSignature(signatureFactory, tbsCertList); + + return new X509Crl(CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, signature))); + } + + /// <summary> + /// Generate a new <see cref="X509Crl"/> using the provided <see cref="ISignatureFactory"/> and + /// containing altSignatureAlgorithm and altSignatureValue extensions based on the passed + /// <paramref name="altSignatureFactory"/>. + /// </summary> + /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary + /// algorithm details.</param> + /// <param name="isCritical">Whether the 'alt' extensions should be marked critical.</param> + /// <param name="altSignatureFactory">A <see cref="ISignatureFactory">signature factory</see> used to create the + /// altSignatureAlgorithm and altSignatureValue extensions.</param> + /// <returns>An <see cref="X509Certificate"/>.</returns> + public X509Crl Generate(ISignatureFactory signatureFactory, bool isCritical, + ISignatureFactory altSignatureFactory) + { + tbsGen.SetSignature(null); + + var altSigAlgID = (AlgorithmIdentifier)altSignatureFactory.AlgorithmDetails; + extGenerator.AddExtension(X509Extensions.AltSignatureAlgorithm, isCritical, altSigAlgID); + + tbsGen.SetExtensions(extGenerator.Generate()); - var signature = streamCalculator.GetResult().Collect(); + var altSignature = X509Utilities.GenerateSignature(altSignatureFactory, tbsGen.GeneratePreTbsCertList()); + extGenerator.AddExtension(X509Extensions.AltSignatureValue, isCritical, altSignature); - return new X509Crl( - CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, new DerBitString(signature)))); + return Generate(signatureFactory); } /// <summary> |