Implement TODO checks

author: Peter Dettman <peter.dettman@bouncycastle.org> 2021-02-08 14:33:40 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2021-02-08 14:33:40 +0700
commit: ef7655418e843d5d2e712b20bb8bde9b83988f42 (patch)
tree: e292cf470b88596d06e84b0cb133322abbcf6894 /crypto/src
parent: Fix CMS RSASSA-PSS verification when no signed attrs (diff)
download: BouncyCastle.NET-ed25519-ef7655418e843d5d2e712b20bb8bde9b83988f42.tar.xz
1 files changed, 17 insertions, 6 deletions
diff --git a/crypto/src/asn1/cms/AuthEnvelopedData.cs b/crypto/src/asn1/cms/AuthEnvelopedData.cs
index 6277e4b87..c6e1e3bb5 100644
--- a/crypto/src/asn1/cms/AuthEnvelopedData.cs
+++ b/crypto/src/asn1/cms/AuthEnvelopedData.cs
@@ -28,16 +28,21 @@ namespace Org.BouncyCastle.Asn1.Cms
 
 			this.originatorInfo = originatorInfo;
 
-			// TODO
 			// "There MUST be at least one element in the collection."
 			this.recipientInfos = recipientInfos;
+			if (this.recipientInfos.Count < 1)
+				throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo");
 
 			this.authEncryptedContentInfo = authEncryptedContentInfo;
 
-			// TODO
 			// "The authAttrs MUST be present if the content type carried in
 			// EncryptedContentInfo is not id-data."
 			this.authAttrs = authAttrs;
+			if (!authEncryptedContentInfo.ContentType.Equals(CmsObjectIdentifiers.Data))
+			{
+				if (authAttrs == null || authAttrs.Count < 1)
+					throw new ArgumentException("authAttrs must be present with non-data content");
+			}
 
 			this.mac = mac;
 
@@ -49,10 +54,11 @@ namespace Org.BouncyCastle.Asn1.Cms
 		{
 			int index = 0;
 
-			// TODO
 			// "It MUST be set to 0."
 			Asn1Object tmp = seq[index++].ToAsn1Object();
-			version = (DerInteger)tmp;
+			version = DerInteger.GetInstance(tmp);
+			if (version.IntValueExact != 0)
+				throw new ArgumentException("AuthEnvelopedData version number must be 0");
 
 			tmp = seq[index++].ToAsn1Object();
 			if (tmp is Asn1TaggedObject)
@@ -61,9 +67,10 @@ namespace Org.BouncyCastle.Asn1.Cms
 				tmp = seq[index++].ToAsn1Object();
 			}
 
-			// TODO
 			// "There MUST be at least one element in the collection."
 			recipientInfos = Asn1Set.GetInstance(tmp);
+			if (recipientInfos.Count < 1)
+				throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo");
 
 			tmp = seq[index++].ToAsn1Object();
 			authEncryptedContentInfo = EncryptedContentInfo.GetInstance(tmp);
@@ -76,9 +83,13 @@ namespace Org.BouncyCastle.Asn1.Cms
 			}
 			else
 			{
-				// TODO
 				// "The authAttrs MUST be present if the content type carried in
 				// EncryptedContentInfo is not id-data."
+				if (!authEncryptedContentInfo.ContentType.Equals(CmsObjectIdentifiers.Data))
+				{
+					if (authAttrs == null || authAttrs.Count < 1)
+						throw new ArgumentException("authAttrs must be present with non-data content");
+				}
 			}
 
 			mac = Asn1OctetString.GetInstance(tmp);
author	Peter Dettman <peter.dettman@bouncycastle.org>	2021-02-08 14:33:40 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2021-02-08 14:33:40 +0700
commit	ef7655418e843d5d2e712b20bb8bde9b83988f42 (patch)
tree	e292cf470b88596d06e84b0cb133322abbcf6894 /crypto/src
parent	Fix CMS RSASSA-PSS verification when no signed attrs (diff)
download	BouncyCastle.NET-ed25519-ef7655418e843d5d2e712b20bb8bde9b83988f42.tar.xz