diff --git a/crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/cmp/ProtectedPkiMessage.cs
index 159f08722..d3cf4a524 100644
--- a/crypto/src/cmp/ProtectedPkiMessage.cs
+++ b/crypto/src/cmp/ProtectedPkiMessage.cs
@@ -1,30 +1,30 @@
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.X509;
using System;
-using System.Collections.Generic;
-using System.Text;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Cmp;
-using Org.BouncyCastle.Asn1.Crmf;
-using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
+
using Org.BouncyCastle.Crmf;
namespace Org.BouncyCastle.Cmp
{
-
+ /// <summary>
+ /// Wrapper for a PKIMessage with protection attached to it.
+ /// </summary>
public class ProtectedPkiMessage
{
private PkiMessage pkiMessage;
-
+ /// <summary>
+ /// Wrap a general message.
+ /// </summary>
+ /// <exception cref="ArgumentException">If the general message does not have protection.</exception>
+ /// <param name="pkiMessage">The General message</param>
public ProtectedPkiMessage(GeneralPKIMessage pkiMessage)
{
-
+
if (!pkiMessage.HasProtection)
{
throw new ArgumentException("pki message not protected");
@@ -32,7 +32,12 @@ namespace Org.BouncyCastle.Cmp
this.pkiMessage = pkiMessage.ToAsn1Structure();
}
-
+
+ /// <summary>
+ /// Wrap a PKI message.
+ /// </summary>
+ /// <exception cref="ArgumentException">If the PKI message does not have protection.</exception>
+ /// <param name="pkiMessage">The PKI message</param>
public ProtectedPkiMessage(PkiMessage pkiMessage)
{
if (pkiMessage.Header.ProtectionAlg == null)
@@ -43,13 +48,33 @@ namespace Org.BouncyCastle.Cmp
this.pkiMessage = pkiMessage;
}
+ /// <summary>
+ /// Message header
+ /// </summary>
public PkiHeader Header { get { return pkiMessage.Header; } }
+
+ /// <summary>
+ /// Message Body
+ /// </summary>
public PkiBody Body { get { return pkiMessage.Body; } }
+ /// <summary>
+ /// Return the underlying ASN.1 structure contained in this object.
+ /// </summary>
+ /// <returns>PKI Message structure</returns>
public PkiMessage ToAsn1Message() { return pkiMessage; }
+ /// <summary>
+ /// Determine whether the message is protected by a password based MAC. Use verify(PKMACBuilder, char[])
+ /// to verify the message if this method returns true.
+ /// </summary>
+ /// <returns>true if protection MAC PBE based, false otherwise.</returns>
public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } }
+ /// <summary>
+ /// Return the extra certificates associated with this message.
+ /// </summary>
+ /// <returns>an array of extra certificates, zero length if none present.</returns>
public X509Certificate[] GetCertificates()
{
CmpCertificate[] certs = pkiMessage.GetExtraCerts();
@@ -60,7 +85,7 @@ namespace Org.BouncyCastle.Cmp
}
X509Certificate[] res = new X509Certificate[certs.Length];
- for (int t=0; t<certs.Length;t++)
+ for (int t = 0; t < certs.Length; t++)
{
res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded()));
}
@@ -68,6 +93,11 @@ namespace Org.BouncyCastle.Cmp
return res;
}
+ /// <summary>
+ /// Verify a message with a public key based signature attached.
+ /// </summary>
+ /// <param name="verifierFactory">a factory of signature verifiers.</param>
+ /// <returns>true if the provider is able to create a verifier that validates the signature, false otherwise.</returns>
public bool Verify(IVerifierFactory verifierFactory)
{
IStreamCalculator streamCalculator = verifierFactory.CreateCalculator();
@@ -79,18 +109,25 @@ namespace Org.BouncyCastle.Cmp
private Object Process(IStreamCalculator streamCalculator)
{
- Asn1EncodableVector avec = new Asn1EncodableVector();
- avec.Add(pkiMessage.Header);
- avec.Add(pkiMessage.Body);
- byte[] enc = new DerSequence(avec).GetDerEncoded();
-
- streamCalculator.Stream.Write(enc,0,enc.Length);
- streamCalculator.Stream.Flush();
- streamCalculator.Stream.Close();
-
- return streamCalculator.GetResult();
+ Asn1EncodableVector avec = new Asn1EncodableVector();
+ avec.Add(pkiMessage.Header);
+ avec.Add(pkiMessage.Body);
+ byte[] enc = new DerSequence(avec).GetDerEncoded();
+
+ streamCalculator.Stream.Write(enc, 0, enc.Length);
+ streamCalculator.Stream.Flush();
+ streamCalculator.Stream.Close();
+
+ return streamCalculator.GetResult();
}
+ /// <summary>
+ /// Verify a message with password based MAC protection.
+ /// </summary>
+ /// <param name="pkMacBuilder">MAC builder that can be used to construct the appropriate MacCalculator</param>
+ /// <param name="password">the MAC password</param>
+ /// <returns>true if the passed in password and MAC builder verify the message, false otherwise.</returns>
+ /// <exception cref="InvalidOperationException">if algorithm not MAC based, or an exception is thrown verifying the MAC.</exception>
public bool Verify(PKMacBuilder pkMacBuilder, char[] password)
{
if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
|
