diff options
| -rw-r--r-- | crypto/src/asn1/crmf/CertRequest.cs | 1 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContent.cs | 4 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateConfirmationContentBuilder.cs | 5 | ||||
| -rw-r--r-- | crypto/src/cmp/CertificateStatus.cs | 5 | ||||
| -rw-r--r-- | crypto/src/cmp/CmpException.cs | 3 | ||||
| -rw-r--r-- | crypto/src/cmp/GeneralPkiMessage.cs | 25 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessage.cs | 81 | ||||
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessageBuilder.cs | 2 | ||||
| -rw-r--r-- | crypto/src/crmf/AuthenticatorControl.cs | 20 | ||||
| -rw-r--r-- | crypto/src/crmf/CertificateRequestMessage.cs | 63 | ||||
| -rw-r--r-- | crypto/src/crmf/EncryptedValueBuilder.cs | 71 | ||||
| -rw-r--r-- | crypto/src/crmf/IEncryptedValuePadder.cs | 33 | ||||
| -rw-r--r-- | crypto/src/crmf/PKMacBuilder.cs | 40 | ||||
| -rw-r--r-- | crypto/src/crmf/PkiArchiveControl.cs | 25 | ||||
| -rw-r--r-- | crypto/src/crmf/RegTokenControl.cs | 18 | ||||
| -rw-r--r-- | crypto/test/src/cmp/test/ProtectedMessageTest.cs | 8 | ||||
| -rw-r--r-- | crypto/test/src/ejbca/test/EnrollmentExampleTest.cs | 85 |
17 files changed, 289 insertions, 200 deletions
diff --git a/crypto/src/asn1/crmf/CertRequest.cs b/crypto/src/asn1/crmf/CertRequest.cs index 625a9b519..bf6182f25 100644 --- a/crypto/src/asn1/crmf/CertRequest.cs +++ b/crypto/src/asn1/crmf/CertRequest.cs @@ -1,4 +1,5 @@ using System; +using Org.BouncyCastle.Crmf; namespace Org.BouncyCastle.Asn1.Crmf { diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs index 882bd2091..13d1dab8e 100644 --- a/crypto/src/cmp/CertificateConfirmationContent.cs +++ b/crypto/src/cmp/CertificateConfirmationContent.cs @@ -1,6 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Text; + using Org.BouncyCastle.Cms; using Org.BouncyCastle.Asn1.Cmp; diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs index 126484917..56f5d5ccb 100644 --- a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs +++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs @@ -1,7 +1,4 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.Text; +using System.Collections; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs index e8c3546dd..92a94ea05 100644 --- a/crypto/src/cmp/CertificateStatus.cs +++ b/crypto/src/cmp/CertificateStatus.cs @@ -1,7 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Text; -using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Cms; using Org.BouncyCastle.Crypto.IO; diff --git a/crypto/src/cmp/CmpException.cs b/crypto/src/cmp/CmpException.cs index 7ecdf5af8..2f50f7780 100644 --- a/crypto/src/cmp/CmpException.cs +++ b/crypto/src/cmp/CmpException.cs @@ -1,7 +1,6 @@ using System; -using System.Collections.Generic; using System.Runtime.Serialization; -using System.Text; + namespace Org.BouncyCastle.Cmp { diff --git a/crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/cmp/GeneralPkiMessage.cs index d91b8ef7e..ad55a8005 100644 --- a/crypto/src/cmp/GeneralPkiMessage.cs +++ b/crypto/src/cmp/GeneralPkiMessage.cs @@ -1,8 +1,4 @@ -using System; -using System.Collections.Generic; -using System.Text; - -namespace Org.BouncyCastle.Asn1.Cmp +namespace Org.BouncyCastle.Asn1.Cmp { public class GeneralPKIMessage { @@ -13,17 +9,28 @@ namespace Org.BouncyCastle.Asn1.Cmp return PkiMessage.GetInstance(Asn1Object.FromByteArray(encoding)); } + + /// <summary> + /// Wrap a PKIMessage ASN.1 structure. + /// </summary> + /// <param name="pkiMessage">PKI message.</param> public GeneralPKIMessage(PkiMessage pkiMessage) { this.pkiMessage = pkiMessage; } + /// <summary> + /// Create a PKIMessage from the passed in bytes. + /// </summary> + /// <param name="encoding">BER/DER encoding of the PKIMessage</param> public GeneralPKIMessage(byte[] encoding) : this(parseBytes(encoding)) { } - public PkiHeader Header { - get { + public PkiHeader Header + { + get + { return pkiMessage.Header; } } @@ -36,6 +43,10 @@ namespace Org.BouncyCastle.Asn1.Cmp } } + /// <summary> + /// Return true if this message has protection bits on it. A return value of true + /// indicates the message can be used to construct a ProtectedPKIMessage. + /// </summary> public bool HasProtection { get { return pkiMessage.Protection != null; } diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs index 159f08722..d3cf4a524 100644 --- a/crypto/src/cmp/ProtectedPkiMessage.cs +++ b/crypto/src/cmp/ProtectedPkiMessage.cs @@ -1,30 +1,30 @@ using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.X509; using System; -using System.Collections.Generic; -using System.Text; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Crmf; -using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Paddings; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; + using Org.BouncyCastle.Crmf; namespace Org.BouncyCastle.Cmp { - + /// <summary> + /// Wrapper for a PKIMessage with protection attached to it. + /// </summary> public class ProtectedPkiMessage { private PkiMessage pkiMessage; - + /// <summary> + /// Wrap a general message. + /// </summary> + /// <exception cref="ArgumentException">If the general message does not have protection.</exception> + /// <param name="pkiMessage">The General message</param> public ProtectedPkiMessage(GeneralPKIMessage pkiMessage) { - + if (!pkiMessage.HasProtection) { throw new ArgumentException("pki message not protected"); @@ -32,7 +32,12 @@ namespace Org.BouncyCastle.Cmp this.pkiMessage = pkiMessage.ToAsn1Structure(); } - + + /// <summary> + /// Wrap a PKI message. + /// </summary> + /// <exception cref="ArgumentException">If the PKI message does not have protection.</exception> + /// <param name="pkiMessage">The PKI message</param> public ProtectedPkiMessage(PkiMessage pkiMessage) { if (pkiMessage.Header.ProtectionAlg == null) @@ -43,13 +48,33 @@ namespace Org.BouncyCastle.Cmp this.pkiMessage = pkiMessage; } + /// <summary> + /// Message header + /// </summary> public PkiHeader Header { get { return pkiMessage.Header; } } + + /// <summary> + /// Message Body + /// </summary> public PkiBody Body { get { return pkiMessage.Body; } } + /// <summary> + /// Return the underlying ASN.1 structure contained in this object. + /// </summary> + /// <returns>PKI Message structure</returns> public PkiMessage ToAsn1Message() { return pkiMessage; } + /// <summary> + /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[]) + /// to verify the message if this method returns true. + /// </summary> + /// <returns>true if protection MAC PBE based, false otherwise.</returns> public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } } + /// <summary> + /// Return the extra certificates associated with this message. + /// </summary> + /// <returns>an array of extra certificates, zero length if none present.</returns> public X509Certificate[] GetCertificates() { CmpCertificate[] certs = pkiMessage.GetExtraCerts(); @@ -60,7 +85,7 @@ namespace Org.BouncyCastle.Cmp } X509Certificate[] res = new X509Certificate[certs.Length]; - for (int t=0; t<certs.Length;t++) + for (int t = 0; t < certs.Length; t++) { res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded())); } @@ -68,6 +93,11 @@ namespace Org.BouncyCastle.Cmp return res; } + /// <summary> + /// Verify a message with a public key based signature attached. + /// </summary> + /// <param name="verifierFactory">a factory of signature verifiers.</param> + /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns> public bool Verify(IVerifierFactory verifierFactory) { IStreamCalculator streamCalculator = verifierFactory.CreateCalculator(); @@ -79,18 +109,25 @@ namespace Org.BouncyCastle.Cmp private Object Process(IStreamCalculator streamCalculator) { - Asn1EncodableVector avec = new Asn1EncodableVector(); - avec.Add(pkiMessage.Header); - avec.Add(pkiMessage.Body); - byte[] enc = new DerSequence(avec).GetDerEncoded(); - - streamCalculator.Stream.Write(enc,0,enc.Length); - streamCalculator.Stream.Flush(); - streamCalculator.Stream.Close(); - - return streamCalculator.GetResult(); + Asn1EncodableVector avec = new Asn1EncodableVector(); + avec.Add(pkiMessage.Header); + avec.Add(pkiMessage.Body); + byte[] enc = new DerSequence(avec).GetDerEncoded(); + + streamCalculator.Stream.Write(enc, 0, enc.Length); + streamCalculator.Stream.Flush(); + streamCalculator.Stream.Close(); + + return streamCalculator.GetResult(); } + /// <summary> + /// Verify a message with password based MAC protection. + /// </summary> + /// <param name="pkMacBuilder">MAC builder that can be used to construct the appropriate MacCalculator</param> + /// <param name="password">the MAC password</param> + /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns> + /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception> public bool Verify(PKMacBuilder pkMacBuilder, char[] password) { if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm)) diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs index e660f844a..3ee223ba8 100644 --- a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -1,13 +1,11 @@ using System; using System.Collections; -using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.X509; -using Org.BouncyCastle.Crmf; namespace Org.BouncyCastle.Cmp { diff --git a/crypto/src/crmf/AuthenticatorControl.cs b/crypto/src/crmf/AuthenticatorControl.cs index 7803c4418..976135ed8 100644 --- a/crypto/src/crmf/AuthenticatorControl.cs +++ b/crypto/src/crmf/AuthenticatorControl.cs @@ -1,12 +1,12 @@ using System; -using System.Collections.Generic; -using System.Text; - using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Crmf; namespace Org.BouncyCastle.Crmf { + /// <summary> + /// Carrier for an authenticator control. + /// </summary> public class AuthenticatorControl:IControl { @@ -14,21 +14,35 @@ namespace Org.BouncyCastle.Crmf private readonly DerUtf8String token; + /// <summary> + /// Basic constructor - build from a UTF-8 string representing the token. + /// </summary> + /// <param name="token">UTF-8 string representing the token.</param> public AuthenticatorControl(DerUtf8String token) { this.token = token; } + /// <summary> + /// Basic constructor - build from a string representing the token. + /// </summary> + /// <param name="token">string representing the token.</param> public AuthenticatorControl(String token) { this.token = new DerUtf8String(token); } + /// <summary> + /// Return the type of this control. + /// </summary> public DerObjectIdentifier Type { get { return type; } } + /// <summary> + /// Return the token associated with this control (a UTF8String). + /// </summary> public Asn1Encodable Value { get { return token; } } diff --git a/crypto/src/crmf/CertificateRequestMessage.cs b/crypto/src/crmf/CertificateRequestMessage.cs index 818facade..087e8a933 100644 --- a/crypto/src/crmf/CertificateRequestMessage.cs +++ b/crypto/src/crmf/CertificateRequestMessage.cs @@ -1,7 +1,4 @@ using System; -using System.Collections.Generic; -using System.Runtime.InteropServices; -using System.Text; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Crypto; @@ -19,39 +16,68 @@ namespace Org.BouncyCastle.Crmf private readonly CertReqMsg certReqMsg; private readonly Controls controls; - private static CertReqMsg ParseBytes(byte[] encoding) - + private static CertReqMsg ParseBytes(byte[] encoding) { return CertReqMsg.GetInstance(encoding); } + /// <summary> + /// Create a CertificateRequestMessage from the passed in bytes. + /// </summary> + /// <param name="encoded">BER/DER encoding of the CertReqMsg structure.</param> + public CertificateRequestMessage(byte[] encoded):this(CertReqMsg.GetInstance(encoded)) + { + + } + public CertificateRequestMessage(CertReqMsg certReqMsg) { this.certReqMsg = certReqMsg; this.controls = certReqMsg.CertReq.Controls; } + /// <summary> + /// Return the underlying ASN.1 object defining this CertificateRequestMessage object. + /// </summary> + /// <returns>A CertReqMsg</returns> public CertReqMsg ToAsn1Structure() { return certReqMsg; } + /// <summary> + /// Return the certificate template contained in this message. + /// </summary> + /// <returns>a CertTemplate structure.</returns> public CertTemplate GetCertTemplate() { return this.certReqMsg.CertReq.CertTemplate; } + /// <summary> + /// Return whether or not this request has control values associated with it. + /// </summary> + /// <returns>true if there are control values present, false otherwise.</returns> public bool HasControls { get { return controls != null; } } - + /// <summary> + /// Return whether or not this request has a specific type of control value. + /// </summary> + /// <param name="objectIdentifier">the type OID for the control value we are checking for.</param> + /// <returns>true if a control value of type is present, false otherwise.</returns> public bool HasControl(DerObjectIdentifier objectIdentifier) { return findControl(objectIdentifier) != null; } + /// <summary> + /// Return a control value of the specified type. + /// </summary> + /// <param name="type">the type OID for the control value we are checking for.</param> + /// <returns>the control value if present, null otherwise.</returns> public IControl GetControl(DerObjectIdentifier type) { AttributeTypeAndValue found = findControl(type); @@ -100,16 +126,29 @@ namespace Org.BouncyCastle.Crmf return found; } + /// <summary> + /// Return whether or not this request message has a proof-of-possession field in it. + /// </summary> + /// <returns>true if proof-of-possession is present, false otherwise.</returns> public bool HasProofOfPossession { get { return certReqMsg.Popo != null; } } + /// <summary> + /// Return the type of the proof-of-possession this request message provides. + /// </summary> + /// <returns>one of: popRaVerified, popSigningKey, popKeyEncipherment, popKeyAgreement</returns> public int ProofOfPossession { get { return certReqMsg.Popo.Type; } } + /// <summary> + /// Return whether or not the proof-of-possession (POP) is of the type popSigningKey and + /// it has a public key MAC associated with it. + /// </summary> + /// <returns>true if POP is popSigningKey and a PKMAC is present, false otherwise.</returns> public bool HasSigningKeyProofOfPossessionWithPkMac { get @@ -127,7 +166,13 @@ namespace Org.BouncyCastle.Crmf } } - + /// <summary> + /// Return whether or not a signing key proof-of-possession (POP) is valid. + /// </summary> + /// <param name="verifierProvider">a provider that can produce content verifiers for the signature contained in this POP.</param> + /// <returns>true if the POP is valid, false otherwise.</returns> + /// <exception cref="InvalidOperationException">if there is a problem in verification or content verifier creation.</exception> + /// <exception cref="InvalidOperationException">if POP not appropriate.</exception> public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider) { ProofOfPossession pop = certReqMsg.Popo; @@ -176,6 +221,10 @@ namespace Org.BouncyCastle.Crmf return result.IsVerified(signKey.Signature.GetBytes()); } + /// <summary> + /// Return the ASN.1 encoding of the certReqMsg we wrap. + /// </summary> + /// <returns>a byte array containing the binary encoding of the certReqMsg.</returns> public byte[] GetEncoded() { return certReqMsg.GetEncoded(); diff --git a/crypto/src/crmf/EncryptedValueBuilder.cs b/crypto/src/crmf/EncryptedValueBuilder.cs index f9279bd53..28d5b52b4 100644 --- a/crypto/src/crmf/EncryptedValueBuilder.cs +++ b/crypto/src/crmf/EncryptedValueBuilder.cs @@ -24,23 +24,23 @@ namespace Org.BouncyCastle.Crmf private ICipherBuilderWithKey encryptor; private EncryptedValuePadder padder; - /** - * Create a builder that makes EncryptedValue structures. - * - * @param wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue. - * @param encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. - */ + /// + /// Create a builder that makes EncryptedValue structures. + /// + /// <param name="wrapper">wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue.</param> + /// <param name="encryptor">encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. </param> + /// public EncryptedValueBuilder(IKeyWrapper wrapper, ICipherBuilderWithKey encryptor) : this(wrapper, encryptor, null) { } - /** - * Create a builder that makes EncryptedValue structures with fixed length blocks padded using the passed in padder. - * - * @param wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue. - * @param encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. - * @param padder a padder to ensure that the EncryptedValue created will always be a constant length. - */ + /// + /// Create a builder that makes EncryptedValue structures with fixed length blocks padded using the passed in padder. + /// + /// <param name="wrapper">a wrapper for key used to encrypt the actual data contained in the EncryptedValue.</param> + /// <param name="encryptor">encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue.</param> + /// <param name="padder">padder a padder to ensure that the EncryptedValue created will always be a constant length.</param> + /// public EncryptedValueBuilder(IKeyWrapper wrapper, ICipherBuilderWithKey encryptor, EncryptedValuePadder padder) { this.wrapper = wrapper; @@ -48,26 +48,25 @@ namespace Org.BouncyCastle.Crmf this.padder = padder; } - /** - * Build an EncryptedValue structure containing the passed in pass phrase. - * - * @param revocationPassphrase a revocation pass phrase. - * @return an EncryptedValue containing the encrypted pass phrase. - * @throws CrmfException on a failure to encrypt the data, or wrap the symmetric key for this value. - */ + /// + /// Build an EncryptedValue structure containing the passed in pass phrase. + /// + /// <param name="revocationPassphrase">a revocation pass phrase.</param> + ///<returns>an EncryptedValue containing the encrypted pass phrase.</returns> + /// public EncryptedValue Build(char[] revocationPassphrase) { return encryptData(padData(Strings.ToUtf8ByteArray(revocationPassphrase))); } - /** - * Build an EncryptedValue structure containing the certificate contained in - * the passed in holder. - * - * @param holder a holder containing a certificate. - * @return an EncryptedValue containing the encrypted certificate. - * @throws CrmfException on a failure to encrypt the data, or wrap the symmetric key for this value. - */ + ///<summary> + /// Build an EncryptedValue structure containing the certificate contained in + /// the passed in holder. + ///</summary> + /// <param name="holder">a holder containing a certificate.</param> + /// <returns>an EncryptedValue containing the encrypted certificate.</returns> + /// <exception cref="CrmfException">on a failure to encrypt the data, or wrap the symmetric key for this value.</exception> + /// public EncryptedValue Build(X509Certificate holder) { try @@ -80,14 +79,14 @@ namespace Org.BouncyCastle.Crmf } } - /** - * Build an EncryptedValue structure containing the private key contained in - * the passed info structure. - * - * @param privateKeyInfo a PKCS#8 private key info structure. - * @return an EncryptedValue containing an EncryptedPrivateKeyInfo structure. - * @throws CrmfException on a failure to encrypt the data, or wrap the symmetric key for this value. - */ + ///<summary> + /// Build an EncryptedValue structure containing the private key contained in + /// the passed info structure. + ///</summary> + /// <param name="privateKeyInfo">a PKCS#8 private key info structure.</param> + /// <returns>an EncryptedValue containing an EncryptedPrivateKeyInfo structure.</returns> + /// <exception cref="CrmfException">on a failure to encrypt the data, or wrap the symmetric key for this value.</exception> + /// public EncryptedValue Build(PrivateKeyInfo privateKeyInfo) { Pkcs8EncryptedPrivateKeyInfoBuilder encInfoBldr = new Pkcs8EncryptedPrivateKeyInfoBuilder(privateKeyInfo); diff --git a/crypto/src/crmf/IEncryptedValuePadder.cs b/crypto/src/crmf/IEncryptedValuePadder.cs index b620186dc..b12993e1f 100644 --- a/crypto/src/crmf/IEncryptedValuePadder.cs +++ b/crypto/src/crmf/IEncryptedValuePadder.cs @@ -4,26 +4,27 @@ using System.Text; namespace Org.BouncyCastle.Crmf { - /** - * An encrypted value padder is used to make sure that prior to a value been - * encrypted the data is padded to a standard length. - */ + + /// <summary> + /// An encrypted value padder is used to make sure that prior to a value been + /// encrypted the data is padded to a standard length. + /// </summary> public interface EncryptedValuePadder { - /** - * Return a byte array of padded data. - * - * @param data the data to be padded. - * @return a padded byte array containing data. - */ + /// + /// <summary>Return a byte array of padded data.</summary> + /// + /// <param name="data">the data to be padded.</param> + /// <returns>a padded byte array containing data.</returns> + /// byte[] GetPaddedData(byte[] data); - /** - * Return a byte array of with padding removed. - * - * @param paddedData the data to be padded. - * @return an array containing the original unpadded data. - */ + /// + /// <summary>Return a byte array of with padding removed.</summary> + /// + /// <param name="paddedData">the data to be padded.</param> + /// <returns>an array containing the original unpadded data.</returns> + /// byte[] GetUnpaddedData(byte[] paddedData); } } diff --git a/crypto/src/crmf/PKMacBuilder.cs b/crypto/src/crmf/PKMacBuilder.cs index 3dec4e86f..00bec9f8b 100644 --- a/crypto/src/crmf/PKMacBuilder.cs +++ b/crypto/src/crmf/PKMacBuilder.cs @@ -107,27 +107,46 @@ namespace Org.BouncyCastle.Crmf private byte[] salt; private int maxIterations; + /// <summary> + /// Default, IterationCount = 1000, OIW=IdSha1, Mac=HmacSHA1 + /// </summary> public PKMacBuilder() : this(new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1), 1000, new AlgorithmIdentifier(IanaObjectIdentifiers.HmacSha1, DerNull.Instance), new DefaultPKMacPrimitivesProvider()) { } + /// <summary> + /// Defaults with IPKMacPrimitivesProvider + /// </summary> + /// <param name="provider"></param> public PKMacBuilder(IPKMacPrimitivesProvider provider) : this(new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1), 1000, new AlgorithmIdentifier(IanaObjectIdentifiers.HmacSha1, DerNull.Instance), provider) { } + /// <summary> + /// Create. + /// </summary> + /// <param name="provider">The Mac provider</param> + /// <param name="digestAlgorithmIdentifier">Digest Algorithm Id</param> + /// <param name="macAlgorithmIdentifier">Mac Algorithm Id</param> public PKMacBuilder(IPKMacPrimitivesProvider provider, AlgorithmIdentifier digestAlgorithmIdentifier, AlgorithmIdentifier macAlgorithmIdentifier) : this(digestAlgorithmIdentifier, 1000, macAlgorithmIdentifier, provider) { } + /// <summary> + /// Create a PKMAC builder enforcing a ceiling on the maximum iteration count. + /// </summary> + /// <param name="provider">supporting calculator</param> + /// <param name="maxIterations">max allowable value for iteration count.</param> public PKMacBuilder(IPKMacPrimitivesProvider provider, int maxIterations) { this.provider = provider; this.maxIterations = maxIterations; } + private PKMacBuilder(AlgorithmIdentifier digestAlgorithmIdentifier, int iterationCount, AlgorithmIdentifier macAlgorithmIdentifier, IPKMacPrimitivesProvider provider) { this.iterationCount = iterationCount; @@ -154,6 +173,12 @@ namespace Org.BouncyCastle.Crmf return this; } + /// <summary> + /// Set the iteration count. + /// </summary> + /// <param name="iterationCount">the iteration count.</param> + /// <returns>this</returns> + /// <exception cref="ArgumentException">if iteration count is less than 100</exception> public PKMacBuilder SetIterationCount(int iterationCount) { if (iterationCount < 100) @@ -167,6 +192,11 @@ namespace Org.BouncyCastle.Crmf return this; } + /// <summary> + /// Set PbmParameters + /// </summary> + /// <param name="parameters">The parameters.</param> + /// <returns>this</returns> public PKMacBuilder SetParameters(PbmParameter parameters) { checkIterationCountCeiling(parameters.IterationCount.Value.IntValue); @@ -176,6 +206,11 @@ namespace Org.BouncyCastle.Crmf return this; } + /// <summary> + /// The Secure random + /// </summary> + /// <param name="random">The random.</param> + /// <returns>this</returns> public PKMacBuilder SetSecureRandom(SecureRandom random) { this.random = random; @@ -183,6 +218,11 @@ namespace Org.BouncyCastle.Crmf return this; } + /// <summary> + /// Build an IMacFactory. + /// </summary> + /// <param name="password">The password.</param> + /// <returns>IMacFactory</returns> public IMacFactory Build(char[] password) { if (parameters != null) diff --git a/crypto/src/crmf/PkiArchiveControl.cs b/crypto/src/crmf/PkiArchiveControl.cs index ec8fb7671..d533e6c52 100644 --- a/crypto/src/crmf/PkiArchiveControl.cs +++ b/crypto/src/crmf/PkiArchiveControl.cs @@ -18,26 +18,47 @@ namespace Org.BouncyCastle.Crmf private readonly PkiArchiveOptions pkiArchiveOptions; + /// <summary> + /// Basic constructor - build from an PKIArchiveOptions structure. + /// </summary> + /// <param name="pkiArchiveOptions">the ASN.1 structure that will underlie this control.</param> public PkiArchiveControl(PkiArchiveOptions pkiArchiveOptions) { this.pkiArchiveOptions = pkiArchiveOptions; } + /// <summary> + /// Return the type of this control. + /// </summary> + /// <returns>CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions</returns> public DerObjectIdentifier Type { + get { return type; } } + /// <summary> + /// Return the underlying ASN.1 object. + /// </summary> + /// <returns>a PKIArchiveOptions structure.</returns> public Asn1Encodable Value { get { return pkiArchiveOptions; } } + /// <summary> + /// Return the archive control type, one of: encryptedPrivKey,keyGenParameters,or archiveRemGenPrivKey. + /// </summary> + /// <returns>the archive control type.</returns> public int ArchiveType { get { return pkiArchiveOptions.Type; } } + /// <summary> + /// Return whether this control contains enveloped data. + /// </summary> + /// <returns>true if the control contains enveloped data, false otherwise.</returns> public bool EnvelopedData { get @@ -47,6 +68,10 @@ namespace Org.BouncyCastle.Crmf } } + /// <summary> + /// Return the enveloped data structure contained in this control. + /// </summary> + /// <returns>a CMSEnvelopedData object.</returns> public CmsEnvelopedData GetEnvelopedData() { try diff --git a/crypto/src/crmf/RegTokenControl.cs b/crypto/src/crmf/RegTokenControl.cs index b53ce1922..90e956f67 100644 --- a/crypto/src/crmf/RegTokenControl.cs +++ b/crypto/src/crmf/RegTokenControl.cs @@ -14,20 +14,36 @@ namespace Org.BouncyCastle.Crmf private readonly DerUtf8String token; + /// <summary> + /// Basic constructor - build from a UTF-8 string representing the token. + /// </summary> + /// <param name="token">UTF-8 string representing the token.</param> public RegTokenControl(DerUtf8String token) { this.token = token; } - + /// <summary> + /// Basic constructor - build from a string representing the token. + /// </summary> + /// <param name="token">string representing the token.</param> public RegTokenControl(String token) { this.token = new DerUtf8String(token); } + /// <summary> + /// Return the type of this control. + /// </summary> + /// <returns>CRMFObjectIdentifiers.id_regCtrl_regToken</returns> public DerObjectIdentifier Type { get { return type; } } + + /// <summary> + /// Return the token associated with this control (a UTF8String). + /// </summary> + /// <returns>a UTF8String.</returns> public Asn1Encodable Value { get { return token; } diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs index 569ba6c7b..24f2fe572 100644 --- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs +++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs @@ -1,27 +1,19 @@ using System; using System.Collections; -using System.Collections.Generic; -using System.Text; using NUnit.Framework; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Crmf; -using Org.BouncyCastle.Asn1.Nist; -using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Cms; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Crypto.Generators; using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.Utilities.Test; using Org.BouncyCastle.X509; diff --git a/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs deleted file mode 100644 index 4ee0ae2c3..000000000 --- a/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs +++ /dev/null @@ -1,85 +0,0 @@ -using System; -using NUnit.Framework; -using Org.BouncyCastle.Asn1; -using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Crmf; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cmp; -using Org.BouncyCastle.Crmf; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Generators; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Math; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.X509; - -namespace crypto.test.src.ejbca.test -{ - [TestFixture] - public class EnrollmentExampleTest - { - - [Test] - public void TestEnrollmentRAWithSharedSecret() - { - long certReqId = 1; - SecureRandom secureRandom = new SecureRandom(); - - byte[] senderNonce = new byte[20]; - secureRandom.NextBytes(senderNonce); - - byte[] transactionId = Strings.ToAsciiByteArray("MyTransactionId"); - - - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - - CertificateRequestMessageBuilder msgbuilder = new CertificateRequestMessageBuilder(BigInteger.ValueOf(certReqId)); - X509NameEntryConverter dnconverter = new X509DefaultEntryConverter(); - - X509Name issuerDN = X509Name.GetInstance(new X509Name("CN=AdminCA1").ToAsn1Object()); - X509Name subjectDN = X509Name.GetInstance(new X509Name("CN=user", dnconverter).ToAsn1Object()); - msgbuilder.SetIssuer(issuerDN); - msgbuilder.SetSubject(subjectDN); - SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public); - - msgbuilder.SetPublicKey(keyInfo); - GeneralName sender = new GeneralName(subjectDN); - msgbuilder.SetAuthInfoSender(sender); - // RAVerified POP - msgbuilder.SetProofOfPossessionRaVerified(); - CertificateRequestMessage msg = msgbuilder.Build(); - GeneralName recipient = new GeneralName(issuerDN); - - ProtectedPkiMessageBuilder pbuilder = new ProtectedPkiMessageBuilder(sender, recipient); - pbuilder.SetMessageTime(new DerGeneralizedTime(DateTime.Now)); - // senderNonce - pbuilder.SetSenderNonce(senderNonce); - // TransactionId - pbuilder.SetTransactionId(transactionId); - // Key Id used (required) by the recipient to do a lot of stuff - pbuilder.SetSenderKID(Strings.ToAsciiByteArray("KeyId")); - - - CertReqMessages msgs = new CertReqMessages(msg.ToAsn1Structure()); - PkiBody pkibody = new PkiBody(PkiBody.TYPE_INIT_REQ, msgs); - pbuilder.SetBody(pkibody); - - - AlgorithmIdentifier digAlg = new AlgorithmIdentifier("1.3.14.3.2.26"); // SHA1 - AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7"); // HMAC/SHA1 - - PkMacFactory macFactory = new PkMacFactory(digAlg,macAlg); - macFactory.Password = Strings.ToAsciiByteArray("password"); - - ProtectedPkiMessage message = pbuilder.Build(macFactory); - - - } - - } -} \ No newline at end of file |