summary refs log tree commit diff
path: root/crypto/src/x509/X509V2CRLGenerator.cs
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-04-04 21:20:26 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-04-04 21:20:26 +0700
commitaa027f072fe8f7871950cd256b2e04f12c1d4551 (patch)
tree47c4bb1a5b813f7cb82a68ed6b87f431d075a97a /crypto/src/x509/X509V2CRLGenerator.cs
parentAdd constructor from template CRL (diff)
downloadBouncyCastle.NET-ed25519-aa027f072fe8f7871950cd256b2e04f12c1d4551.tar.xz
X509: generation/validation of alternative signatures for certs and CRLs.
Diffstat (limited to 'crypto/src/x509/X509V2CRLGenerator.cs')
-rw-r--r--crypto/src/x509/X509V2CRLGenerator.cs38


1 files changed, 29 insertions, 9 deletions
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs
index d7c72d673..358dc63de 100644
--- a/crypto/src/x509/X509V2CRLGenerator.cs
+++ b/crypto/src/x509/X509V2CRLGenerator.cs
@@ -217,18 +217,38 @@ namespace Org.BouncyCastle.X509
 				tbsGen.SetExtensions(extGenerator.Generate());
 			}
 
-			TbsCertificateList tbsCertList = tbsGen.GenerateTbsCertList();
+			var tbsCertList = tbsGen.GenerateTbsCertList();
 
-            IStreamCalculator<IBlockResult> streamCalculator = signatureFactory.CreateCalculator();
-			using (var sigStream = streamCalculator.Stream)
-			{
-				tbsCertList.EncodeTo(sigStream, Asn1Encodable.Der);
-			}
+			var signature = X509Utilities.GenerateSignature(signatureFactory, tbsCertList);
+
+			return new X509Crl(CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, signature)));
+		}
+
+        /// <summary>
+        /// Generate a new <see cref="X509Crl"/> using the provided <see cref="ISignatureFactory"/> and
+        /// containing altSignatureAlgorithm and altSignatureValue extensions based on the passed
+        /// <paramref name="altSignatureFactory"/>.
+        /// </summary>
+        /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+        /// algorithm details.</param>
+        /// <param name="isCritical">Whether the 'alt' extensions should be marked critical.</param>
+        /// <param name="altSignatureFactory">A <see cref="ISignatureFactory">signature factory</see> used to create the
+        /// altSignatureAlgorithm and altSignatureValue extensions.</param>
+        /// <returns>An <see cref="X509Certificate"/>.</returns>
+        public X509Crl Generate(ISignatureFactory signatureFactory, bool isCritical,
+            ISignatureFactory altSignatureFactory)
+		{
+            tbsGen.SetSignature(null);
+
+            var altSigAlgID = (AlgorithmIdentifier)altSignatureFactory.AlgorithmDetails;
+            extGenerator.AddExtension(X509Extensions.AltSignatureAlgorithm, isCritical, altSigAlgID);
+
+            tbsGen.SetExtensions(extGenerator.Generate());
 
-			var signature = streamCalculator.GetResult().Collect();
+            var altSignature = X509Utilities.GenerateSignature(altSignatureFactory, tbsGen.GeneratePreTbsCertList());
+            extGenerator.AddExtension(X509Extensions.AltSignatureValue, isCritical, altSignature);
 
-			return new X509Crl(
-				CertificateList.GetInstance(new DerSequence(tbsCertList, sigAlgID, new DerBitString(signature))));
+            return Generate(signatureFactory);
 		}
 
 		/// <summary>

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 09:33:28 +0000