CMS support for OtherRevocationInfoFormat

- see https://github.com/bcgit/bc-csharp/pull/328
author: Peter Dettman <peter.dettman@bouncycastle.org> 2022-11-06 17:43:41 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2022-11-06 17:43:41 +0700
commit: c1d0de54d5ae25ea78cde7ff30e58a5fd07e089c (patch)
tree: f2d77abd46e1004d7f0d765bd619e49501c1024c /crypto/test
parent: Asn1 GetInstance refactoring (diff)
download: BouncyCastle.NET-ed25519-c1d0de54d5ae25ea78cde7ff30e58a5fd07e089c.tar.xz
2 files changed, 121 insertions, 1 deletions
diff --git a/crypto/test/src/cms/test/CMSTestUtil.cs b/crypto/test/src/cms/test/CMSTestUtil.cs
index e98810c84..e7ec50f53 100644
--- a/crypto/test/src/cms/test/CMSTestUtil.cs
+++ b/crypto/test/src/cms/test/CMSTestUtil.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Text;
 
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
@@ -455,6 +456,15 @@ namespace Org.BouncyCastle.Cms.Tests
 			return CollectionUtilities.CreateStore(crlList);
         }
 
+        internal static IStore<Asn1Encodable> MakeOtherRevocationInfoStore(byte[] ocspResponseBytes)
+        {
+            var otherRevocationInfoList = new List<Asn1Encodable>
+            {
+                Asn1Object.FromByteArray(ocspResponseBytes)
+            };
+            return CollectionUtilities.CreateStore(otherRevocationInfoList);
+        }
+
         private static AuthorityKeyIdentifier CreateAuthorityKeyId(
 			AsymmetricKeyParameter _pubKey)
 		{
diff --git a/crypto/test/src/cms/test/SignedDataStreamTest.cs b/crypto/test/src/cms/test/SignedDataStreamTest.cs
index 37f41783d..3d7892c6d 100644
--- a/crypto/test/src/cms/test/SignedDataStreamTest.cs
+++ b/crypto/test/src/cms/test/SignedDataStreamTest.cs
@@ -38,6 +38,40 @@ namespace Org.BouncyCastle.Cms.Tests
 		private static X509Crl signCrl;
 		private static X509Crl origCrl;
 
+		private static readonly byte[] OcspResponseBytes = Base64.Decode(
+			"MIIFnAoBAKCCBZUwggWRBgkrBgEFBQcwAQEEggWCMIIFfjCCARehgZ8wgZwx"
+			+ "CzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEgcHJhZGVzaDESMBAGA1UE"
+			+ "BxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAKBgNVBAsTA0FUQzEeMBwG"
+			+ "A1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQwIgYJKoZIhvcNAQkBFhVv"
+			+ "Y3NwQHRjcy1jYS50Y3MuY28uaW4YDzIwMDMwNDAyMTIzNDU4WjBiMGAwOjAJ"
+			+ "BgUrDgMCGgUABBRs07IuoCWNmcEl1oHwIak1BPnX8QQUtGyl/iL9WJ1VxjxF"
+			+ "j0hAwJ/s1AcCAQKhERgPMjAwMjA4MjkwNzA5MjZaGA8yMDAzMDQwMjEyMzQ1"
+			+ "OFowDQYJKoZIhvcNAQEFBQADgYEAfbN0TCRFKdhsmvOdUoiJ+qvygGBzDxD/"
+			+ "VWhXYA+16AphHLIWNABR3CgHB3zWtdy2j7DJmQ/R7qKj7dUhWLSqclAiPgFt"
+			+ "QQ1YvSJAYfEIdyHkxv4NP0LSogxrumANcDyC9yt/W9yHjD2ICPBIqCsZLuLk"
+			+ "OHYi5DlwWe9Zm9VFwCGgggPMMIIDyDCCA8QwggKsoAMCAQICAQYwDQYJKoZI"
+			+ "hvcNAQEFBQAwgZQxFDASBgNVBAMTC1RDUy1DQSBPQ1NQMSYwJAYJKoZIhvcN"
+			+ "AQkBFhd0Y3MtY2FAdGNzLWNhLnRjcy5jby5pbjEMMAoGA1UEChMDVENTMQww"
+			+ "CgYDVQQLEwNBVEMxEjAQBgNVBAcTCUh5ZGVyYWJhZDEXMBUGA1UECBMOQW5k"
+			+ "aHJhIHByYWRlc2gxCzAJBgNVBAYTAklOMB4XDTAyMDgyOTA3MTE0M1oXDTAz"
+			+ "MDgyOTA3MTE0M1owgZwxCzAJBgNVBAYTAklOMRcwFQYDVQQIEw5BbmRocmEg"
+			+ "cHJhZGVzaDESMBAGA1UEBxMJSHlkZXJhYmFkMQwwCgYDVQQKEwNUQ1MxDDAK"
+			+ "BgNVBAsTA0FUQzEeMBwGA1UEAxMVVENTLUNBIE9DU1AgUmVzcG9uZGVyMSQw"
+			+ "IgYJKoZIhvcNAQkBFhVvY3NwQHRjcy1jYS50Y3MuY28uaW4wgZ8wDQYJKoZI"
+			+ "hvcNAQEBBQADgY0AMIGJAoGBAM+XWW4caMRv46D7L6Bv8iwtKgmQu0SAybmF"
+			+ "RJiz12qXzdvTLt8C75OdgmUomxp0+gW/4XlTPUqOMQWv463aZRv9Ust4f8MH"
+			+ "EJh4ekP/NS9+d8vEO3P40ntQkmSMcFmtA9E1koUtQ3MSJlcs441JjbgUaVnm"
+			+ "jDmmniQnZY4bU3tVAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADALBgNVHQ8E"
+			+ "BAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwNgYIKwYBBQUHAQEEKjAoMCYG"
+			+ "CCsGAQUFBzABhhpodHRwOi8vMTcyLjE5LjQwLjExMDo3NzAwLzAtBgNVHR8E"
+			+ "JjAkMCKgIKAehhxodHRwOi8vMTcyLjE5LjQwLjExMC9jcmwuY3JsMA0GCSqG"
+			+ "SIb3DQEBBQUAA4IBAQB6FovM3B4VDDZ15o12gnADZsIk9fTAczLlcrmXLNN4"
+			+ "PgmqgnwF0Ymj3bD5SavDOXxbA65AZJ7rBNAguLUo+xVkgxmoBH7R2sBxjTCc"
+			+ "r07NEadxM3HQkt0aX5XYEl8eRoifwqYAI9h0ziZfTNes8elNfb3DoPPjqq6V"
+			+ "mMg0f0iMS4W8LjNPorjRB+kIosa1deAGPhq0eJ8yr0/s2QR2/WFD5P4aXc8I"
+			+ "KWleklnIImS3zqiPrq6tl2Bm8DZj7vXlTOwmraSQxUwzCKwYob1yGvNOUQTq"
+			+ "pG6jxn7jgDawHU1+WjWQe4Q34/pWeGLysxTraMa+Ug9kPe+jy/qRX2xwvKBZ");
+
 		private static AsymmetricCipherKeyPair SignKP
 		{
 			get { return signKP == null ? (signKP = CmsTestUtil.MakeKeyPair()) : signKP; }
@@ -341,7 +375,83 @@ namespace Org.BouncyCastle.Cms.Tests
 			Assert.IsTrue(col.Contains(OrigCrl));
 		}
 
-		[Test]
+        [Test]
+        public void TestCrlAndOtherRevocationInfoFormat()
+        {
+            MemoryStream bOut = new MemoryStream();
+
+            var x509Certs = CmsTestUtil.MakeCertStore(OrigCert, SignCert);
+            var x509Crls = CmsTestUtil.MakeCrlStore(SignCrl, OrigCrl);
+			var x509OtherRevocationInfos = CmsTestUtil.MakeOtherRevocationInfoStore(OcspResponseBytes);
+
+            CmsSignedDataStreamGenerator gen = new CmsSignedDataStreamGenerator();
+            gen.AddSigner(OrigKP.Private, OrigCert, CmsSignedGenerator.DigestSha1);
+            gen.AddCertificates(x509Certs);
+            gen.AddCrls(x509Crls);
+            gen.AddOtherRevocationInfos(CmsObjectIdentifiers.id_ri_ocsp_response, x509OtherRevocationInfos);
+
+            Stream sigOut = gen.Open(bOut);
+
+            byte[] testBytes = Encoding.ASCII.GetBytes(TestMessage);
+            sigOut.Write(testBytes, 0, testBytes.Length);
+
+            sigOut.Close();
+
+            CheckSigParseable(bOut.ToArray());
+
+            CmsSignedDataParser sp = new CmsSignedDataParser(
+                new CmsTypedStream(new MemoryStream(testBytes, false)), bOut.ToArray());
+
+            sp.GetSignedContent().Drain();
+
+            // compute expected content digest
+            byte[] hash = DigestUtilities.CalculateDigest("SHA1", testBytes);
+
+            VerifySignatures(sp, hash);
+
+            //
+            // try using existing signer
+            //
+            gen = new CmsSignedDataStreamGenerator();
+            gen.AddSigners(sp.GetSignerInfos());
+            gen.AddCertificates(sp.GetCertificates());
+            gen.AddCrls(sp.GetCrls());
+
+            var spOtherRevocationInfos = sp.GetOtherRevInfos(CmsObjectIdentifiers.id_ri_ocsp_response);
+            gen.AddOtherRevocationInfos(CmsObjectIdentifiers.id_ri_ocsp_response, spOtherRevocationInfos);
+
+            bOut.SetLength(0);
+
+            sigOut = gen.Open(bOut, true);
+            sigOut.Write(testBytes, 0, testBytes.Length);
+            sigOut.Close();
+
+            VerifyEncodedData(bOut);
+
+            //
+            // look for the CRLs
+            //
+            var crls = new List<X509Crl>(x509Crls.EnumerateMatches(null));
+
+            Assert.AreEqual(2, crls.Count);
+            Assert.IsTrue(crls.Contains(SignCrl));
+            Assert.IsTrue(crls.Contains(OrigCrl));
+
+            //
+            // look for OtherRevocationInfo
+            //
+            var x509OtherRevocationInfoList = new List<Asn1Encodable>(
+				x509OtherRevocationInfos.EnumerateMatches(null));
+
+            Assert.AreEqual(1, x509OtherRevocationInfoList.Count);
+
+            var spOtherRevocationInfoList = new List<Asn1Encodable>(
+                spOtherRevocationInfos.EnumerateMatches(null));
+
+            Assert.AreEqual(1, spOtherRevocationInfoList.Count);
+        }
+
+        [Test]
 		public void TestSha1WithRsaNonData()
 		{
 			MemoryStream bOut = new MemoryStream();
author	Peter Dettman <peter.dettman@bouncycastle.org>	2022-11-06 17:43:41 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2022-11-06 17:43:41 +0700
commit	c1d0de54d5ae25ea78cde7ff30e58a5fd07e089c (patch)
tree	f2d77abd46e1004d7f0d765bd619e49501c1024c /crypto/test
parent	Asn1 GetInstance refactoring (diff)
download	BouncyCastle.NET-ed25519-c1d0de54d5ae25ea78cde7ff30e58a5fd07e089c.tar.xz