diff options
| author | mw <megan@cryptoworkshop.com> | 2020-10-27 16:31:51 +1100 |
|---|---|---|
| committer | mw <megan@cryptoworkshop.com> | 2020-10-27 16:31:51 +1100 |
| commit | b290b56d91ab7ee85198b2be77925fca9f037ac8 (patch) | |
| tree | e3b377c06b354a8778d9519e12d93167ee876169 /crypto/src | |
| parent | Added fractional time and new tests (diff) | |
| download | BouncyCastle.NET-ed25519-b290b56d91ab7ee85198b2be77925fca9f037ac8.tar.xz | |
Finished NewTspTests
Diffstat (limited to 'crypto/src')
| -rw-r--r-- | crypto/src/asn1/x509/X509ExtensionsGenerator.cs | 13 | ||||
| -rw-r--r-- | crypto/src/cms/CMSSignedData.cs | 11 | ||||
| -rw-r--r-- | crypto/src/cms/CMSSignedHelper.cs | 20 | ||||
| -rw-r--r-- | crypto/src/tsp/TimeStampResponseGenerator.cs | 63 | ||||
| -rw-r--r-- | crypto/src/tsp/TimeStampToken.cs | 7 | ||||
| -rw-r--r-- | crypto/src/tsp/TimeStampTokenGenerator.cs | 40 |
6 files changed, 145 insertions, 9 deletions
diff --git a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs index d6f567b22..58620ea5e 100644 --- a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs +++ b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs @@ -77,5 +77,16 @@ namespace Org.BouncyCastle.Asn1.X509 { return new X509Extensions(extOrdering, extensions); } - } + + internal void AddExtension(DerObjectIdentifier oid, X509Extension x509Extension) + { + if (extensions.Contains(oid)) + { + throw new ArgumentException ("extension " + oid + " already added"); + } + + extOrdering.Add(oid); + extensions.Add(oid, x509Extension); + } + } } diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs index 8634b2b3a..6028de709 100644 --- a/crypto/src/cms/CMSSignedData.cs +++ b/crypto/src/cms/CMSSignedData.cs @@ -150,11 +150,16 @@ namespace Org.BouncyCastle.Cms get { return signedData.Version.IntValueExact; } } - /** + internal IX509Store GetCertificates() + { + return Helper.GetCertificates(signedData.Certificates); + } + + /** * return the collection of signers that are associated with the * signatures for the message. */ - public SignerInformationStore GetSignerInfos() + public SignerInformationStore GetSignerInfos() { if (signerInfoStore == null) { @@ -217,7 +222,7 @@ namespace Org.BouncyCastle.Cms string type) { if (certificateStore == null) - { + { certificateStore = Helper.CreateCertificateStore(type, signedData.Certificates); } diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs index 6d49a5513..d59b8f39d 100644 --- a/crypto/src/cms/CMSSignedHelper.cs +++ b/crypto/src/cms/CMSSignedHelper.cs @@ -20,6 +20,7 @@ using Org.BouncyCastle.X509; using Org.BouncyCastle.X509.Store; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Utilities.Collections; +using Org.BouncyCastle.Crypto.Tls; namespace Org.BouncyCastle.Cms { @@ -127,7 +128,9 @@ namespace Org.BouncyCastle.Cms ecAlgorithms.Add(CmsSignedGenerator.DigestSha512, EncryptionECDsaWithSha512); } - /** + + + /** * Return the digest algorithm using one of the standard JCA string * representations rather than the algorithm identifier (if possible). */ @@ -422,5 +425,18 @@ namespace Org.BouncyCastle.Cms return encOID; } - } + + public IX509Store GetCertificates(Asn1Set certificates) + { + ArrayList certList = new ArrayList(); + if (certificates != null) + { + foreach (Asn1Encodable enc in certificates) + { + certList.Add(X509CertificateStructure.GetInstance(enc)); + } + } + return new X509CollectionStore(certList); + } + } } diff --git a/crypto/src/tsp/TimeStampResponseGenerator.cs b/crypto/src/tsp/TimeStampResponseGenerator.cs index b596f8d97..69a5c098b 100644 --- a/crypto/src/tsp/TimeStampResponseGenerator.cs +++ b/crypto/src/tsp/TimeStampResponseGenerator.cs @@ -6,6 +6,7 @@ using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Cms; using Org.BouncyCastle.Asn1.Tsp; +using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Math; using Org.BouncyCastle.Utilities.Date; @@ -163,6 +164,68 @@ namespace Org.BouncyCastle.Tsp } } + + public TimeStampResponse GenerateGrantedResponse( + TimeStampRequest request, + BigInteger serialNumber, + DateTimeObject genTime, + String statusString, + X509Extensions additionalExtensions) + { + TimeStampResp resp; + + try + { + if (genTime == null) + throw new TspValidationException("The time source is not available.", + PkiFailureInfo.TimeNotAvailable); + + request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions); + + this.status = PkiStatus.Granted; + this.AddStatusString(statusString); + + PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); + + ContentInfo tstTokenContentInfo; + try + { + TimeStampToken token = tokenGenerator.Generate(request, serialNumber, genTime.Value,additionalExtensions); + byte[] encoded = token.ToCmsSignedData().GetEncoded(); + + tstTokenContentInfo = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded)); + } + catch (IOException e) + { + throw new TspException("Timestamp token received cannot be converted to ContentInfo", e); + } + + resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo); + } + catch (TspValidationException e) + { + status = PkiStatus.Rejection; + + this.SetFailInfoField(e.FailureCode); + this.AddStatusString(e.Message); + + PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo(); + + resp = new TimeStampResp(pkiStatusInfo, null); + } + + try + { + return new TimeStampResponse(resp); + } + catch (IOException e) + { + throw new TspException("created badly formatted response!", e); + } + } + + + class FailInfo : DerBitString { diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs index 0615cbd76..1245589b4 100644 --- a/crypto/src/tsp/TimeStampToken.cs +++ b/crypto/src/tsp/TimeStampToken.cs @@ -146,7 +146,12 @@ namespace Org.BouncyCastle.Tsp return tsToken.GetCrls(type); } - public IX509Store GetAttributeCertificates( + public IX509Store GetCertificates() + { + return tsToken.GetCertificates(); + } + + public IX509Store GetAttributeCertificates( string type) { return tsToken.GetAttributeCertificates(type); diff --git a/crypto/src/tsp/TimeStampTokenGenerator.cs b/crypto/src/tsp/TimeStampTokenGenerator.cs index 5badcfdd0..dad0db63b 100644 --- a/crypto/src/tsp/TimeStampTokenGenerator.cs +++ b/crypto/src/tsp/TimeStampTokenGenerator.cs @@ -253,9 +253,18 @@ namespace Org.BouncyCastle.Tsp //------------------------------------------------------------------------------ public TimeStampToken Generate( + TimeStampRequest request, + BigInteger serialNumber, + DateTime genTime) + { + return Generate(request, serialNumber, genTime, null); + } + + + public TimeStampToken Generate( TimeStampRequest request, BigInteger serialNumber, - DateTime genTime) + DateTime genTime, X509Extensions additionalExtensions) { DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid); @@ -304,6 +313,33 @@ namespace Org.BouncyCastle.Tsp tsaPolicy = new DerObjectIdentifier(request.ReqPolicy); } + + X509Extensions respExtensions = request.Extensions; + if (additionalExtensions != null) + { + X509ExtensionsGenerator extGen = new X509ExtensionsGenerator(); + + if (respExtensions != null) + { + foreach(object oid in respExtensions.ExtensionOids) + { + DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid); + extGen.AddExtension(id, respExtensions.GetExtension(DerObjectIdentifier.GetInstance(id))); + } + } + + foreach (object oid in additionalExtensions.ExtensionOids) + { + DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid); + extGen.AddExtension(id, additionalExtensions.GetExtension(DerObjectIdentifier.GetInstance(id))); + + } + + respExtensions = extGen.Generate(); + } + + + DerGeneralizedTime generalizedTime; if (resolution != Resolution.R_SECONDS) { @@ -316,7 +352,7 @@ namespace Org.BouncyCastle.Tsp TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint, new DerInteger(serialNumber), generalizedTime, accuracy, - derOrdering, nonce, tsa, request.Extensions); + derOrdering, nonce, tsa, respExtensions); try { |