summary refs log tree commit diff
path: root/crypto/src/x509/X509V3CertificateGenerator.cs
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-04-04 21:20:26 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-04-04 21:20:26 +0700
commitaa027f072fe8f7871950cd256b2e04f12c1d4551 (patch)
tree47c4bb1a5b813f7cb82a68ed6b87f431d075a97a /crypto/src/x509/X509V3CertificateGenerator.cs
parentAdd constructor from template CRL (diff)
downloadBouncyCastle.NET-ed25519-aa027f072fe8f7871950cd256b2e04f12c1d4551.tar.xz
X509: generation/validation of alternative signatures for certs and CRLs.
Diffstat (limited to '')
-rw-r--r--crypto/src/x509/X509V3CertificateGenerator.cs37
1 files changed, 29 insertions, 8 deletions
diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs
index d5c9ffe92..65e3c9177 100644
--- a/crypto/src/x509/X509V3CertificateGenerator.cs
+++ b/crypto/src/x509/X509V3CertificateGenerator.cs
@@ -290,17 +290,38 @@ namespace Org.BouncyCastle.X509
                 tbsGen.SetExtensions(extGenerator.Generate());
             }
 
-            TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
+            var tbsCertificate = tbsGen.GenerateTbsCertificate();
 
-			IStreamCalculator<IBlockResult> streamCalculator = signatureFactory.CreateCalculator();
-			using (var sigStream = streamCalculator.Stream)
-            {
-				tbsCert.EncodeTo(sigStream, Asn1Encodable.Der);
-			}
+			var signature = X509Utilities.GenerateSignature(signatureFactory, tbsCertificate);
+
+			return new X509Certificate(new X509CertificateStructure(tbsCertificate, sigAlgID, signature));
+        }
+
+        /// <summary>
+        /// Generate a new <see cref="X509Certificate"/> using the provided <see cref="ISignatureFactory"/> and
+        /// containing altSignatureAlgorithm and altSignatureValue extensions based on the passed
+        /// <paramref name="altSignatureFactory"/>.
+        /// </summary>
+        /// <param name="signatureFactory">A <see cref="ISignatureFactory">signature factory</see> with the necessary
+        /// algorithm details.</param>
+		/// <param name="isCritical">Whether the 'alt' extensions should be marked critical.</param>
+        /// <param name="altSignatureFactory">A <see cref="ISignatureFactory">signature factory</see> used to create the
+		/// altSignatureAlgorithm and altSignatureValue extensions.</param>
+        /// <returns>An <see cref="X509Certificate"/>.</returns>
+        public X509Certificate Generate(ISignatureFactory signatureFactory, bool isCritical,
+			ISignatureFactory altSignatureFactory)
+		{
+            tbsGen.SetSignature(null);
+
+            var altSigAlgID = (AlgorithmIdentifier)altSignatureFactory.AlgorithmDetails;
+			extGenerator.AddExtension(X509Extensions.AltSignatureAlgorithm, isCritical, altSigAlgID);
+
+            tbsGen.SetExtensions(extGenerator.Generate());
 
-			var signature = streamCalculator.GetResult().Collect();
+			var altSignature = X509Utilities.GenerateSignature(altSignatureFactory, tbsGen.GeneratePreTbsCertificate());
+			extGenerator.AddExtension(X509Extensions.AltSignatureValue, isCritical, altSignature);
 
-			return new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgID, new DerBitString(signature)));
+			return Generate(signatureFactory);
 		}
 
 		/// <summary>