diff --git a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
index 58620ea5e..3b952fffa 100644
--- a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
+++ b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
@@ -5,88 +5,133 @@ using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Asn1.X509
{
- /// <remarks>Generator for X.509 extensions</remarks>
- public class X509ExtensionsGenerator
- {
- private IDictionary extensions = Platform.CreateHashtable();
+ /// <remarks>Generator for X.509 extensions</remarks>
+ public class X509ExtensionsGenerator
+ {
+ private IDictionary extensions = Platform.CreateHashtable();
private IList extOrdering = Platform.CreateArrayList();
- /// <summary>Reset the generator</summary>
- public void Reset()
- {
+ private static readonly IDictionary dupsAllowed = Platform.CreateHashtable();
+
+ static X509ExtensionsGenerator()
+ {
+ dupsAllowed.Add(X509Extensions.SubjectAlternativeName, true);
+ dupsAllowed.Add(X509Extensions.IssuerAlternativeName, true);
+ dupsAllowed.Add(X509Extensions.SubjectDirectoryAttributes, true);
+ dupsAllowed.Add(X509Extensions.CertificateIssuer, true);
+
+ }
+
+
+
+ /// <summary>Reset the generator</summary>
+ public void Reset()
+ {
extensions = Platform.CreateHashtable();
extOrdering = Platform.CreateArrayList();
- }
-
- /// <summary>
- /// Add an extension with the given oid and the passed in value to be included
- /// in the OCTET STRING associated with the extension.
- /// </summary>
- /// <param name="oid">OID for the extension.</param>
- /// <param name="critical">True if critical, false otherwise.</param>
- /// <param name="extValue">The ASN.1 object to be included in the extension.</param>
- public void AddExtension(
- DerObjectIdentifier oid,
- bool critical,
- Asn1Encodable extValue)
- {
- byte[] encoded;
- try
- {
- encoded = extValue.GetDerEncoded();
- }
- catch (Exception e)
- {
- throw new ArgumentException("error encoding value: " + e);
- }
-
- this.AddExtension(oid, critical, encoded);
- }
-
- /// <summary>
- /// Add an extension with the given oid and the passed in byte array to be wrapped
- /// in the OCTET STRING associated with the extension.
- /// </summary>
- /// <param name="oid">OID for the extension.</param>
- /// <param name="critical">True if critical, false otherwise.</param>
- /// <param name="extValue">The byte array to be wrapped.</param>
- public void AddExtension(
- DerObjectIdentifier oid,
- bool critical,
- byte[] extValue)
- {
- if (extensions.Contains(oid))
- {
- throw new ArgumentException("extension " + oid + " already added");
- }
-
- extOrdering.Add(oid);
- extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue)));
- }
-
- /// <summary>Return true if there are no extension present in this generator.</summary>
- /// <returns>True if empty, false otherwise</returns>
- public bool IsEmpty
- {
- get { return extOrdering.Count < 1; }
- }
-
- /// <summary>Generate an X509Extensions object based on the current state of the generator.</summary>
- /// <returns>An <c>X509Extensions</c> object</returns>
- public X509Extensions Generate()
- {
- return new X509Extensions(extOrdering, extensions);
- }
-
- internal void AddExtension(DerObjectIdentifier oid, X509Extension x509Extension)
+ }
+
+ /// <summary>
+ /// Add an extension with the given oid and the passed in value to be included
+ /// in the OCTET STRING associated with the extension.
+ /// </summary>
+ /// <param name="oid">OID for the extension.</param>
+ /// <param name="critical">True if critical, false otherwise.</param>
+ /// <param name="extValue">The ASN.1 object to be included in the extension.</param>
+ public void AddExtension(
+ DerObjectIdentifier oid,
+ bool critical,
+ Asn1Encodable extValue)
+ {
+ byte[] encoded;
+ try
+ {
+ encoded = extValue.GetDerEncoded();
+ }
+ catch (Exception e)
+ {
+ throw new ArgumentException("error encoding value: " + e);
+ }
+
+ this.AddExtension(oid, critical, encoded);
+ }
+
+ /// <summary>
+ /// Add an extension with the given oid and the passed in byte array to be wrapped
+ /// in the OCTET STRING associated with the extension.
+ /// </summary>
+ /// <param name="oid">OID for the extension.</param>
+ /// <param name="critical">True if critical, false otherwise.</param>
+ /// <param name="extValue">The byte array to be wrapped.</param>
+ public void AddExtension(
+ DerObjectIdentifier oid,
+ bool critical,
+ byte[] extValue)
+ {
+ if (extensions.Contains(oid))
+ {
+ if (dupsAllowed.Contains(oid))
+ {
+ X509Extension existingExtension = (X509Extension)extensions[oid];
+
+ Asn1Sequence seq1 = Asn1Sequence.GetInstance(DerOctetString.GetInstance(existingExtension.Value).GetOctets());
+ Asn1EncodableVector items = Asn1EncodableVector.FromEnumerable(seq1);
+ Asn1Sequence seq2 = Asn1Sequence.GetInstance(extValue);
+
+ foreach (Asn1Encodable enc in seq2)
+ {
+ items.Add(enc);
+ }
+
+ extensions[oid] = new X509Extension(existingExtension.IsCritical, new DerOctetString(new DerSequence(items).GetEncoded()));
+
+ }
+ else
+ {
+ throw new ArgumentException("extension " + oid + " already added");
+ }
+ }
+ else
+ {
+ extOrdering.Add(oid);
+ extensions.Add(oid, new X509Extension(critical, new DerOctetString(extValue)));
+ }
+ }
+
+ public void AddExtensions(X509Extensions extensions)
+ {
+ foreach (DerObjectIdentifier ident in extensions.ExtensionOids)
+ {
+ X509Extension ext = extensions.GetExtension(ident);
+ AddExtension(ident, ext.critical, ext.Value.GetOctets());
+ }
+ }
+
+
+
+ /// <summary>Return true if there are no extension present in this generator.</summary>
+ /// <returns>True if empty, false otherwise</returns>
+ public bool IsEmpty
+ {
+ get { return extOrdering.Count < 1; }
+ }
+
+ /// <summary>Generate an X509Extensions object based on the current state of the generator.</summary>
+ /// <returns>An <c>X509Extensions</c> object</returns>
+ public X509Extensions Generate()
+ {
+ return new X509Extensions(extOrdering, extensions);
+ }
+
+ internal void AddExtension(DerObjectIdentifier oid, X509Extension x509Extension)
{
if (extensions.Contains(oid))
- {
- throw new ArgumentException ("extension " + oid + " already added");
- }
+ {
+ throw new ArgumentException("extension " + oid + " already added");
+ }
- extOrdering.Add(oid);
- extensions.Add(oid, x509Extension);
+ extOrdering.Add(oid);
+ extensions.Add(oid, x509Extension);
}
}
}
diff --git a/crypto/src/pkcs/Pkcs10CertificationRequest.cs b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
index f422e0332..28b6ddb5b 100644
--- a/crypto/src/pkcs/Pkcs10CertificationRequest.cs
+++ b/crypto/src/pkcs/Pkcs10CertificationRequest.cs
@@ -16,50 +16,51 @@ using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.Crypto.Operators;
+using Org.BouncyCastle.Asn1.Utilities;
namespace Org.BouncyCastle.Pkcs
{
- /// <remarks>
- /// A class for verifying and creating Pkcs10 Certification requests.
- /// </remarks>
- /// <code>
- /// CertificationRequest ::= Sequence {
- /// certificationRequestInfo CertificationRequestInfo,
- /// signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
- /// signature BIT STRING
- /// }
- ///
- /// CertificationRequestInfo ::= Sequence {
- /// version Integer { v1(0) } (v1,...),
- /// subject Name,
- /// subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
- /// attributes [0] Attributes{{ CRIAttributes }}
- /// }
- ///
- /// Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
- ///
- /// Attr { ATTRIBUTE:IOSet } ::= Sequence {
- /// type ATTRIBUTE.&id({IOSet}),
- /// values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
- /// }
- /// </code>
- /// see <a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2132"/>
- public class Pkcs10CertificationRequest
- : CertificationRequest
- {
- protected static readonly IDictionary algorithms = Platform.CreateHashtable();
+ /// <remarks>
+ /// A class for verifying and creating Pkcs10 Certification requests.
+ /// </remarks>
+ /// <code>
+ /// CertificationRequest ::= Sequence {
+ /// certificationRequestInfo CertificationRequestInfo,
+ /// signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
+ /// signature BIT STRING
+ /// }
+ ///
+ /// CertificationRequestInfo ::= Sequence {
+ /// version Integer { v1(0) } (v1,...),
+ /// subject Name,
+ /// subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
+ /// attributes [0] Attributes{{ CRIAttributes }}
+ /// }
+ ///
+ /// Attributes { ATTRIBUTE:IOSet } ::= Set OF Attr{{ IOSet }}
+ ///
+ /// Attr { ATTRIBUTE:IOSet } ::= Sequence {
+ /// type ATTRIBUTE.&id({IOSet}),
+ /// values Set SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
+ /// }
+ /// </code>
+ /// see <a href="http://www.rsasecurity.com/rsalabs/node.asp?id=2132"/>
+ public class Pkcs10CertificationRequest
+ : CertificationRequest
+ {
+ protected static readonly IDictionary algorithms = Platform.CreateHashtable();
protected static readonly IDictionary exParams = Platform.CreateHashtable();
protected static readonly IDictionary keyAlgorithms = Platform.CreateHashtable();
protected static readonly IDictionary oids = Platform.CreateHashtable();
- protected static readonly ISet noParams = new HashSet();
-
- static Pkcs10CertificationRequest()
- {
- algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption);
- algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption);
- algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption);
- algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption);
- algorithms.Add("RSAWITHMD5", PkcsObjectIdentifiers.MD5WithRsaEncryption);
+ protected static readonly ISet noParams = new HashSet();
+
+ static Pkcs10CertificationRequest()
+ {
+ algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption);
+ algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption);
+ algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption);
+ algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption);
+ algorithms.Add("RSAWITHMD5", PkcsObjectIdentifiers.MD5WithRsaEncryption);
algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
@@ -89,38 +90,38 @@ namespace Org.BouncyCastle.Pkcs
algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
- algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
- algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
- algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
- algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
- algorithms.Add("RSAWITHSHA1", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
- algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
- algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
- algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
- algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
- algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
- algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
- algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1);
- algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1);
- algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224);
- algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256);
- algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384);
- algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512);
- algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1);
- algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224);
- algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256);
- algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384);
- algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512);
- algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1);
- algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
- algorithms.Add("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
- algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
- algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
- algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
-
- //
- // reverse mappings
- //
+ algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
+ algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
+ algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
+ algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
+ algorithms.Add("RSAWITHSHA1", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
+ algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
+ algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
+ algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
+ algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
+ algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
+ algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
+ algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1);
+ algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1);
+ algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224);
+ algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256);
+ algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384);
+ algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512);
+ algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1);
+ algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224);
+ algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256);
+ algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384);
+ algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512);
+ algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1);
+ algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
+ algorithms.Add("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
+ algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+ algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+ algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+
+ //
+ // reverse mappings
+ //
oids.Add(PkcsObjectIdentifiers.Sha1WithRsaEncryption, "SHA1WITHRSA");
oids.Add(PkcsObjectIdentifiers.Sha224WithRsaEncryption, "SHA224WITHRSA");
oids.Add(PkcsObjectIdentifiers.Sha256WithRsaEncryption, "SHA256WITHRSA");
@@ -145,82 +146,82 @@ namespace Org.BouncyCastle.Pkcs
oids.Add(NistObjectIdentifiers.DsaWithSha224, "SHA224WITHDSA");
oids.Add(NistObjectIdentifiers.DsaWithSha256, "SHA256WITHDSA");
- //
- // key types
- //
- keyAlgorithms.Add(PkcsObjectIdentifiers.RsaEncryption, "RSA");
- keyAlgorithms.Add(X9ObjectIdentifiers.IdDsa, "DSA");
-
- //
- // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
- // The parameters field SHALL be NULL for RSA based signature algorithms.
- //
- noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
- noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
- noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
- noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
- noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
- noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
+ //
+ // key types
+ //
+ keyAlgorithms.Add(PkcsObjectIdentifiers.RsaEncryption, "RSA");
+ keyAlgorithms.Add(X9ObjectIdentifiers.IdDsa, "DSA");
+
+ //
+ // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
+ // The parameters field SHALL be NULL for RSA based signature algorithms.
+ //
+ noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
+ noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
+ noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
+ noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
+ noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
+ noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
noParams.Add(OiwObjectIdentifiers.DsaWithSha1);
noParams.Add(NistObjectIdentifiers.DsaWithSha224);
- noParams.Add(NistObjectIdentifiers.DsaWithSha256);
-
- //
- // RFC 4491
- //
- noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
- noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
-
- //
- // explicit params
- //
- AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
- exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20));
-
- AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
- exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28));
-
- AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
- exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32));
-
- AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
- exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48));
-
- AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
- exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64));
- }
-
- private static RsassaPssParameters CreatePssParams(
- AlgorithmIdentifier hashAlgId,
- int saltSize)
- {
- return new RsassaPssParameters(
- hashAlgId,
- new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
- new DerInteger(saltSize),
- new DerInteger(1));
- }
-
- protected Pkcs10CertificationRequest()
- {
- }
-
- public Pkcs10CertificationRequest(
- byte[] encoded)
- : base((Asn1Sequence) Asn1Object.FromByteArray(encoded))
- {
- }
-
- public Pkcs10CertificationRequest(
- Asn1Sequence seq)
- : base(seq)
- {
- }
-
- public Pkcs10CertificationRequest(
- Stream input)
- : base((Asn1Sequence) Asn1Object.FromStream(input))
- {
+ noParams.Add(NistObjectIdentifiers.DsaWithSha256);
+
+ //
+ // RFC 4491
+ //
+ noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
+ noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
+
+ //
+ // explicit params
+ //
+ AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
+ exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20));
+
+ AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
+ exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28));
+
+ AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
+ exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32));
+
+ AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
+ exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48));
+
+ AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
+ exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64));
+ }
+
+ private static RsassaPssParameters CreatePssParams(
+ AlgorithmIdentifier hashAlgId,
+ int saltSize)
+ {
+ return new RsassaPssParameters(
+ hashAlgId,
+ new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
+ new DerInteger(saltSize),
+ new DerInteger(1));
+ }
+
+ protected Pkcs10CertificationRequest()
+ {
+ }
+
+ public Pkcs10CertificationRequest(
+ byte[] encoded)
+ : base((Asn1Sequence)Asn1Object.FromByteArray(encoded))
+ {
+ }
+
+ public Pkcs10CertificationRequest(
+ Asn1Sequence seq)
+ : base(seq)
+ {
+ }
+
+ public Pkcs10CertificationRequest(
+ Stream input)
+ : base((Asn1Sequence)Asn1Object.FromStream(input))
+ {
}
/// <summary>
@@ -232,14 +233,14 @@ namespace Org.BouncyCastle.Pkcs
/// <param name="attributes">ASN1Set of Attributes.</param>
/// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param>
public Pkcs10CertificationRequest(
- string signatureAlgorithm,
- X509Name subject,
- AsymmetricKeyParameter publicKey,
- Asn1Set attributes,
- AsymmetricKeyParameter signingKey)
+ string signatureAlgorithm,
+ X509Name subject,
+ AsymmetricKeyParameter publicKey,
+ Asn1Set attributes,
+ AsymmetricKeyParameter signingKey)
: this(new Asn1SignatureFactory(signatureAlgorithm, signingKey), subject, publicKey, attributes)
- {
- }
+ {
+ }
/// <summary>
/// Instantiate a Pkcs10CertificationRequest object with the necessary credentials.
@@ -286,7 +287,7 @@ namespace Org.BouncyCastle.Pkcs
}
private void Init(
- ISignatureFactory signatureFactory,
+ ISignatureFactory signatureFactory,
X509Name subject,
AsymmetricKeyParameter publicKey,
Asn1Set attributes)
@@ -330,24 +331,24 @@ namespace Org.BouncyCastle.Pkcs
/// </summary>
/// <returns>The public key.</returns>
public AsymmetricKeyParameter GetPublicKey()
- {
- return PublicKeyFactory.CreateKey(reqInfo.SubjectPublicKeyInfo);
- }
-
- /// <summary>
- /// Verify Pkcs10 Cert Request is valid.
- /// </summary>
- /// <returns>true = valid.</returns>
- public bool Verify()
- {
- return Verify(this.GetPublicKey());
- }
-
- public bool Verify(
- AsymmetricKeyParameter publicKey)
- {
+ {
+ return PublicKeyFactory.CreateKey(reqInfo.SubjectPublicKeyInfo);
+ }
+
+ /// <summary>
+ /// Verify Pkcs10 Cert Request is valid.
+ /// </summary>
+ /// <returns>true = valid.</returns>
+ public bool Verify()
+ {
+ return Verify(this.GetPublicKey());
+ }
+
+ public bool Verify(
+ AsymmetricKeyParameter publicKey)
+ {
return Verify(new Asn1VerifierFactoryProvider(publicKey));
- }
+ }
public bool Verify(
IVerifierFactoryProvider verifierProvider)
@@ -387,82 +388,82 @@ namespace Org.BouncyCastle.Pkcs
// TODO Figure out how to set parameters on an ISigner
private void SetSignatureParameters(
- ISigner signature,
- Asn1Encodable asn1Params)
- {
- if (asn1Params != null && !(asn1Params is Asn1Null))
- {
-// AlgorithmParameters sigParams = AlgorithmParameters.GetInstance(signature.getAlgorithm());
-//
-// try
-// {
-// sigParams.init(asn1Params.ToAsn1Object().GetDerEncoded());
-// }
-// catch (IOException e)
-// {
-// throw new SignatureException("IOException decoding parameters: " + e.Message);
-// }
-
- if (Platform.EndsWith(signature.AlgorithmName, "MGF1"))
- {
- throw Platform.CreateNotImplementedException("signature algorithm with MGF1");
-
-// try
-// {
-// signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class));
-// }
-// catch (GeneralSecurityException e)
-// {
-// throw new SignatureException("Exception extracting parameters: " + e.getMessage());
-// }
- }
- }
- }
-
- internal static string GetSignatureName(
- AlgorithmIdentifier sigAlgId)
- {
- Asn1Encodable asn1Params = sigAlgId.Parameters;
-
- if (asn1Params != null && !(asn1Params is Asn1Null))
- {
+ ISigner signature,
+ Asn1Encodable asn1Params)
+ {
+ if (asn1Params != null && !(asn1Params is Asn1Null))
+ {
+ // AlgorithmParameters sigParams = AlgorithmParameters.GetInstance(signature.getAlgorithm());
+ //
+ // try
+ // {
+ // sigParams.init(asn1Params.ToAsn1Object().GetDerEncoded());
+ // }
+ // catch (IOException e)
+ // {
+ // throw new SignatureException("IOException decoding parameters: " + e.Message);
+ // }
+
+ if (Platform.EndsWith(signature.AlgorithmName, "MGF1"))
+ {
+ throw Platform.CreateNotImplementedException("signature algorithm with MGF1");
+
+ // try
+ // {
+ // signature.setParameter(sigParams.getParameterSpec(PSSParameterSpec.class));
+ // }
+ // catch (GeneralSecurityException e)
+ // {
+ // throw new SignatureException("Exception extracting parameters: " + e.getMessage());
+ // }
+ }
+ }
+ }
+
+ internal static string GetSignatureName(
+ AlgorithmIdentifier sigAlgId)
+ {
+ Asn1Encodable asn1Params = sigAlgId.Parameters;
+
+ if (asn1Params != null && !(asn1Params is Asn1Null))
+ {
if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
- {
- RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(asn1Params);
+ {
+ RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(asn1Params);
return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
- }
- }
+ }
+ }
return sigAlgId.Algorithm.Id;
- }
-
- private static string GetDigestAlgName(
- DerObjectIdentifier digestAlgOID)
- {
- if (PkcsObjectIdentifiers.MD5.Equals(digestAlgOID))
- {
- return "MD5";
- }
- else if (OiwObjectIdentifiers.IdSha1.Equals(digestAlgOID))
- {
- return "SHA1";
- }
- else if (NistObjectIdentifiers.IdSha224.Equals(digestAlgOID))
- {
- return "SHA224";
- }
- else if (NistObjectIdentifiers.IdSha256.Equals(digestAlgOID))
- {
- return "SHA256";
- }
- else if (NistObjectIdentifiers.IdSha384.Equals(digestAlgOID))
- {
- return "SHA384";
- }
- else if (NistObjectIdentifiers.IdSha512.Equals(digestAlgOID))
- {
- return "SHA512";
- }
+ }
+
+ private static string GetDigestAlgName(
+ DerObjectIdentifier digestAlgOID)
+ {
+ if (PkcsObjectIdentifiers.MD5.Equals(digestAlgOID))
+ {
+ return "MD5";
+ }
+ else if (OiwObjectIdentifiers.IdSha1.Equals(digestAlgOID))
+ {
+ return "SHA1";
+ }
+ else if (NistObjectIdentifiers.IdSha224.Equals(digestAlgOID))
+ {
+ return "SHA224";
+ }
+ else if (NistObjectIdentifiers.IdSha256.Equals(digestAlgOID))
+ {
+ return "SHA256";
+ }
+ else if (NistObjectIdentifiers.IdSha384.Equals(digestAlgOID))
+ {
+ return "SHA384";
+ }
+ else if (NistObjectIdentifiers.IdSha512.Equals(digestAlgOID))
+ {
+ return "SHA512";
+ }
else if (NistObjectIdentifiers.IdSha512_224.Equals(digestAlgOID))
{
return "SHA512(224)";
@@ -472,25 +473,83 @@ namespace Org.BouncyCastle.Pkcs
return "SHA512(256)";
}
else if (TeleTrusTObjectIdentifiers.RipeMD128.Equals(digestAlgOID))
- {
- return "RIPEMD128";
- }
- else if (TeleTrusTObjectIdentifiers.RipeMD160.Equals(digestAlgOID))
- {
- return "RIPEMD160";
- }
- else if (TeleTrusTObjectIdentifiers.RipeMD256.Equals(digestAlgOID))
- {
- return "RIPEMD256";
- }
- else if (CryptoProObjectIdentifiers.GostR3411.Equals(digestAlgOID))
- {
- return "GOST3411";
- }
- else
- {
- return digestAlgOID.Id;
- }
- }
- }
+ {
+ return "RIPEMD128";
+ }
+ else if (TeleTrusTObjectIdentifiers.RipeMD160.Equals(digestAlgOID))
+ {
+ return "RIPEMD160";
+ }
+ else if (TeleTrusTObjectIdentifiers.RipeMD256.Equals(digestAlgOID))
+ {
+ return "RIPEMD256";
+ }
+ else if (CryptoProObjectIdentifiers.GostR3411.Equals(digestAlgOID))
+ {
+ return "GOST3411";
+ }
+ else
+ {
+ return digestAlgOID.Id;
+ }
+ }
+
+ /// <summary>
+ /// Returns X509Extensions if the attribute can be found and returns the extensions block.
+ /// </summary>
+ /// <returns>X509Extensions block or null if one cannot be found.</returns>
+ public X509Extensions GetX509Extensions()
+ {
+ if (reqInfo.Attributes != null)
+ {
+ foreach (Asn1Encodable item in reqInfo.Attributes)
+ {
+ AttributePkcs attributePkcs;
+ try
+ {
+ attributePkcs = AttributePkcs.GetInstance(item);
+
+ }
+ catch (ArgumentException ex)
+ {
+ throw new ArgumentException("encountered non PKCS attribute in extensions block", ex);
+ }
+
+ if (attributePkcs.AttrType.Equals(PkcsObjectIdentifiers.Pkcs9AtExtensionRequest))
+ {
+ X509ExtensionsGenerator generator = new X509ExtensionsGenerator();
+
+ Asn1Sequence extensionSequence = Asn1Sequence.GetInstance(attributePkcs.AttrValues[0]);
+
+
+ foreach (Asn1Encodable seqItem in extensionSequence)
+ {
+
+ Asn1Sequence itemSeq = Asn1Sequence.GetInstance(seqItem);
+ bool critical = itemSeq.Count == 3 && DerBoolean.GetInstance(itemSeq[1]).IsTrue;
+
+ if (itemSeq.Count == 2)
+ {
+ generator.AddExtension(DerObjectIdentifier.GetInstance(itemSeq[0]), false, Asn1OctetString.GetInstance(itemSeq[1]).GetOctets());
+ }
+ else if (itemSeq.Count == 3)
+ {
+ generator.AddExtension(DerObjectIdentifier.GetInstance(itemSeq[0]), DerBoolean.GetInstance(itemSeq[1]).IsTrue, Asn1OctetString.GetInstance(itemSeq[2]).GetOctets());
+ }
+ else
+ {
+ throw new ArgumentException("incorrect sequence size of X509Extension got " + itemSeq.Count + " expected 2 or 3");
+ }
+ }
+
+ return generator.Generate();
+ }
+
+ }
+ }
+
+ return null;
+ }
+
+ }
}
|
