diff options
Diffstat (limited to 'crypto/src/asn1/cms/AuthEnvelopedData.cs')
-rw-r--r-- | crypto/src/asn1/cms/AuthEnvelopedData.cs | 194 |
1 files changed, 71 insertions, 123 deletions
diff --git a/crypto/src/asn1/cms/AuthEnvelopedData.cs b/crypto/src/asn1/cms/AuthEnvelopedData.cs index ae0380b64..62d54b33e 100644 --- a/crypto/src/asn1/cms/AuthEnvelopedData.cs +++ b/crypto/src/asn1/cms/AuthEnvelopedData.cs @@ -19,133 +19,80 @@ namespace Org.BouncyCastle.Asn1.Cms return new AuthEnvelopedData(Asn1Sequence.GetInstance(obj, isExplicit)); } - private DerInteger version; - private OriginatorInfo originatorInfo; - private Asn1Set recipientInfos; - private EncryptedContentInfo authEncryptedContentInfo; - private Asn1Set authAttrs; - private Asn1OctetString mac; - private Asn1Set unauthAttrs; - - public AuthEnvelopedData( - OriginatorInfo originatorInfo, - Asn1Set recipientInfos, - EncryptedContentInfo authEncryptedContentInfo, - Asn1Set authAttrs, - Asn1OctetString mac, - Asn1Set unauthAttrs) - { - // "It MUST be set to 0." - this.version = DerInteger.Zero; - - this.originatorInfo = originatorInfo; - - // "There MUST be at least one element in the collection." - this.recipientInfos = recipientInfos; - if (this.recipientInfos.Count < 1) - throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo"); - - this.authEncryptedContentInfo = authEncryptedContentInfo; - - // "The authAttrs MUST be present if the content type carried in - // EncryptedContentInfo is not id-data." - this.authAttrs = authAttrs; - if (!authEncryptedContentInfo.ContentType.Equals(CmsObjectIdentifiers.Data)) - { - if (authAttrs == null || authAttrs.Count < 1) - throw new ArgumentException("authAttrs must be present with non-data content"); - } - - this.mac = mac; - - this.unauthAttrs = unauthAttrs; - } + private readonly DerInteger m_version; + private readonly OriginatorInfo m_originatorInfo; + private readonly Asn1Set m_recipientInfos; + private readonly EncryptedContentInfo m_authEncryptedContentInfo; + private readonly Asn1Set m_authAttrs; + private readonly Asn1OctetString m_mac; + private readonly Asn1Set m_unauthAttrs; + + public AuthEnvelopedData(OriginatorInfo originatorInfo, Asn1Set recipientInfos, + EncryptedContentInfo authEncryptedContentInfo, Asn1Set authAttrs, Asn1OctetString mac, + Asn1Set unauthAttrs) + { + m_version = DerInteger.Zero; + m_originatorInfo = originatorInfo; + m_recipientInfos = recipientInfos ?? throw new ArgumentNullException(nameof(recipientInfos)); + m_authEncryptedContentInfo = authEncryptedContentInfo ?? throw new ArgumentNullException(nameof(authEncryptedContentInfo)); + m_authAttrs = authAttrs; + m_mac = mac ?? throw new ArgumentNullException(nameof(mac)); + m_unauthAttrs = unauthAttrs; + + Validate(); + } - private AuthEnvelopedData(Asn1Sequence seq) + private AuthEnvelopedData(Asn1Sequence seq) { - int index = 0; - - // "It MUST be set to 0." - Asn1Object tmp = seq[index++].ToAsn1Object(); - version = DerInteger.GetInstance(tmp); - if (!version.HasValue(0)) - throw new ArgumentException("AuthEnvelopedData version number must be 0"); - - tmp = seq[index++].ToAsn1Object(); - if (tmp is Asn1TaggedObject taggedObject1) - { - originatorInfo = OriginatorInfo.GetInstance(taggedObject1, false); - tmp = seq[index++].ToAsn1Object(); - } - - // "There MUST be at least one element in the collection." - recipientInfos = Asn1Set.GetInstance(tmp); - if (recipientInfos.Count < 1) - throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo"); - - tmp = seq[index++].ToAsn1Object(); - authEncryptedContentInfo = EncryptedContentInfo.GetInstance(tmp); - - tmp = seq[index++].ToAsn1Object(); - if (tmp is Asn1TaggedObject taggedObject2) - { - authAttrs = Asn1Set.GetInstance(taggedObject2, false); - tmp = seq[index++].ToAsn1Object(); - } - else - { - // "The authAttrs MUST be present if the content type carried in - // EncryptedContentInfo is not id-data." - if (!authEncryptedContentInfo.ContentType.Equals(CmsObjectIdentifiers.Data)) - { - if (authAttrs == null || authAttrs.Count < 1) - throw new ArgumentException("authAttrs must be present with non-data content"); - } - } - - mac = Asn1OctetString.GetInstance(tmp); - - if (seq.Count > index) - { - tmp = seq[index++].ToAsn1Object(); - unauthAttrs = Asn1Set.GetInstance((Asn1TaggedObject)tmp, false); - } + int count = seq.Count, pos = 0; + if (count < 4 || count > 7) + throw new ArgumentException("Bad sequence size: " + count, nameof(seq)); + + m_version = DerInteger.GetInstance(seq[pos++]); + m_originatorInfo = Asn1Utilities.ReadOptionalContextTagged(seq, ref pos, 0, false, OriginatorInfo.GetInstance); + m_recipientInfos = Asn1Set.GetInstance(seq[pos++]); + m_authEncryptedContentInfo = EncryptedContentInfo.GetInstance(seq[pos++]); + m_authAttrs = Asn1Utilities.ReadOptionalContextTagged(seq, ref pos, 1, false, Asn1Set.GetInstance); + m_mac = Asn1OctetString.GetInstance(seq[pos++]); + m_unauthAttrs = Asn1Utilities.ReadOptionalContextTagged(seq, ref pos, 2, false, Asn1Set.GetInstance); + + if (pos != count) + throw new ArgumentException("Unexpected elements in sequence", nameof(seq)); + + Validate(); } - public DerInteger Version - { - get { return version; } - } + private void Validate() + { + // "It MUST be set to 0." + if (!m_version.HasValue(0)) + throw new ArgumentException("AuthEnvelopedData version number must be 0"); + + // "There MUST be at least one element in the collection." + if (m_recipientInfos.Count < 1) + throw new ArgumentException("AuthEnvelopedData requires at least 1 RecipientInfo"); + + // "The authAttrs MUST be present if the content type carried in EncryptedContentInfo is not id-data." + if (!CmsObjectIdentifiers.Data.Equals(m_authEncryptedContentInfo.ContentType)) + { + if (m_authAttrs == null || m_authAttrs.Count < 1) + throw new ArgumentException("authAttrs must be present with non-data content"); + } + } - public OriginatorInfo OriginatorInfo - { - get { return originatorInfo; } - } + public DerInteger Version => m_version; - public Asn1Set RecipientInfos - { - get { return recipientInfos; } - } + public OriginatorInfo OriginatorInfo => m_originatorInfo; - public EncryptedContentInfo AuthEncryptedContentInfo - { - get { return authEncryptedContentInfo; } - } + public Asn1Set RecipientInfos => m_recipientInfos; - public Asn1Set AuthAttrs - { - get { return authAttrs; } - } + public EncryptedContentInfo AuthEncryptedContentInfo => m_authEncryptedContentInfo; - public Asn1OctetString Mac - { - get { return mac; } - } + public Asn1Set AuthAttrs => m_authAttrs; - public Asn1Set UnauthAttrs - { - get { return unauthAttrs; } - } + public Asn1OctetString Mac => m_mac; + + public Asn1Set UnauthAttrs => m_unauthAttrs; /** * Produce an object suitable for an Asn1OutputStream. @@ -162,19 +109,20 @@ namespace Org.BouncyCastle.Asn1.Cms */ public override Asn1Object ToAsn1Object() { - Asn1EncodableVector v = new Asn1EncodableVector(version); - v.AddOptionalTagged(false, 0, originatorInfo); - v.Add(recipientInfos, authEncryptedContentInfo); + Asn1EncodableVector v = new Asn1EncodableVector(7); + v.Add(m_version); + v.AddOptionalTagged(false, 0, m_originatorInfo); + v.Add(m_recipientInfos, m_authEncryptedContentInfo); // "authAttrs optionally contains the authenticated attributes." // "AuthAttributes MUST be DER encoded, even if the rest of the // AuthEnvelopedData structure is BER encoded." - v.AddOptionalTagged(false, 1, authAttrs); + v.AddOptionalTagged(false, 1, m_authAttrs); - v.Add(mac); + v.Add(m_mac); // "unauthAttrs optionally contains the unauthenticated attributes." - v.AddOptionalTagged(false, 2, unauthAttrs); + v.AddOptionalTagged(false, 2, m_unauthAttrs); return new BerSequence(v); } |