summary refs log tree commit diff
path: root/crypto/src/cmp/ProtectedPkiMessage.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/cmp/ProtectedPkiMessage.cs')
-rw-r--r--crypto/src/cmp/ProtectedPkiMessage.cs110
1 files changed, 110 insertions, 0 deletions
diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs
new file mode 100644
index 000000000..159f08722
--- /dev/null
+++ b/crypto/src/cmp/ProtectedPkiMessage.cs
@@ -0,0 +1,110 @@
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.X509;
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Crmf;
+using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
+using Org.BouncyCastle.Crypto.Paddings;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
+using Org.BouncyCastle.Crmf;
+
+namespace Org.BouncyCastle.Cmp
+{
+   
+    public class ProtectedPkiMessage
+    {
+        private PkiMessage pkiMessage;
+        
+
+        public ProtectedPkiMessage(GeneralPKIMessage pkiMessage)
+        {
+            
+            if (!pkiMessage.HasProtection)
+            {
+                throw new ArgumentException("pki message not protected");
+            }
+
+            this.pkiMessage = pkiMessage.ToAsn1Structure();
+        }
+           
+        public ProtectedPkiMessage(PkiMessage pkiMessage)
+        {
+            if (pkiMessage.Header.ProtectionAlg == null)
+            {
+                throw new ArgumentException("pki message not protected");
+            }
+
+            this.pkiMessage = pkiMessage;
+        }
+
+        public PkiHeader Header { get { return pkiMessage.Header; } }
+        public PkiBody Body { get { return pkiMessage.Body; } }
+
+        public PkiMessage ToAsn1Message() { return pkiMessage; }
+
+        public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } }
+
+        public X509Certificate[] GetCertificates()
+        {
+            CmpCertificate[] certs = pkiMessage.GetExtraCerts();
+
+            if (certs == null)
+            {
+                return new X509Certificate[0];
+            }
+
+            X509Certificate[] res = new X509Certificate[certs.Length];
+           for (int t=0; t<certs.Length;t++)
+            {
+                res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded()));
+            }
+
+            return res;
+        }
+
+        public bool Verify(IVerifierFactory verifierFactory)
+        {
+            IStreamCalculator streamCalculator = verifierFactory.CreateCalculator();
+
+            IVerifier result = (IVerifier)Process(streamCalculator);
+
+            return result.IsVerified(pkiMessage.Protection.GetBytes());
+        }
+
+        private Object Process(IStreamCalculator streamCalculator)
+        {
+           Asn1EncodableVector avec = new Asn1EncodableVector();
+           avec.Add(pkiMessage.Header);
+           avec.Add(pkiMessage.Body);
+           byte[] enc =   new DerSequence(avec).GetDerEncoded();
+
+           streamCalculator.Stream.Write(enc,0,enc.Length);
+           streamCalculator.Stream.Flush();
+           streamCalculator.Stream.Close();
+          
+           return streamCalculator.GetResult();          
+        }
+
+        public bool Verify(PKMacBuilder pkMacBuilder, char[] password)
+        {
+            if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
+            {
+                throw new InvalidOperationException("protection algorithm is not mac based");
+            }
+
+            PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters);
+
+            pkMacBuilder.SetParameters(parameter);
+
+            IBlockResult result = (IBlockResult)Process(pkMacBuilder.Build(password).CreateCalculator());
+
+            return Arrays.ConstantTimeAreEqual(result.Collect(), this.pkiMessage.Protection.GetBytes());
+        }
+    }
+}