1 files changed, 94 insertions, 0 deletions
diff --git a/crypto/src/crmf/CertificateResponse.cs b/crypto/src/crmf/CertificateResponse.cs
new file mode 100644
index 000000000..3a3f0d7c6
--- /dev/null
+++ b/crypto/src/crmf/CertificateResponse.cs
@@ -0,0 +1,94 @@
+using System;
+
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Cms;
+
+namespace Org.BouncyCastle.Crmf
+{
+    /// <summary>High level wrapper for the CertResponse CRMF structure.</summary>
+    public class CertificateResponse
+    {
+        private readonly CertResponse m_certResponse;
+
+        public CertificateResponse(CertResponse certResponse)
+        {
+            m_certResponse = certResponse;
+        }
+
+        /**
+         * Return true if the response contains an encrypted certificate.
+         *
+         * @return true if certificate in response encrypted, false otherwise.
+         */
+        public virtual bool HasEncryptedCertificate =>
+            m_certResponse.CertifiedKeyPair.CertOrEncCert.HasEncryptedCertificate;
+
+        /**
+         * Return a CMSEnvelopedData representing the encrypted certificate contained in the response.
+         *
+         * @return a CMEEnvelopedData if an encrypted certificate is present.
+         * @throws IllegalStateException if no encrypted certificate is present, or there is an issue with the enveloped data.
+         */
+        public virtual CmsEnvelopedData GetEncryptedCertificate()
+        {
+            if (!HasEncryptedCertificate)
+                throw new InvalidOperationException("encrypted certificate asked for, none found");
+
+            CertifiedKeyPair receivedKeyPair = m_certResponse.CertifiedKeyPair;
+
+            var contentInfo = new Asn1.Cms.ContentInfo(PkcsObjectIdentifiers.EnvelopedData,
+                receivedKeyPair.CertOrEncCert.EncryptedCert.Value);
+
+            CmsEnvelopedData envelopedData = new CmsEnvelopedData(contentInfo);
+
+            if (envelopedData.GetRecipientInfos().Count != 1)
+                throw new InvalidOperationException("data encrypted for more than one recipient");
+
+            return envelopedData;
+        }
+
+        // TODO[crmf]
+#if false
+        /**
+         * Return the CMPCertificate representing the plaintext certificate in the response.
+         *
+         * @return a CMPCertificate if a plaintext certificate is present.
+         * @throws IllegalStateException if no plaintext certificate is present.
+         */
+        public virtual CmpCertificate GetCertificate(Recipient recipient)
+        {
+            CmsEnvelopedData encryptedCert = GetEncryptedCertificate();
+
+            RecipientInformationStore recipients = encryptedCert.GetRecipientInfos();
+
+            var c = recipients.GetRecipients();
+
+            RecipientInformation recInfo = c[0];
+
+            return CmpCertificate.GetInstance(recInfo.GetContent(recipient));
+        }
+#endif
+
+        /**
+         * Return the CMPCertificate representing the plaintext certificate in the response.
+         *
+         * @return a CMPCertificate if a plaintext certificate is present.
+         * @throws IllegalStateException if no plaintext certificate is present.
+         */
+        public virtual CmpCertificate GetCertificate()
+        {
+            if (HasEncryptedCertificate)
+                throw new InvalidOperationException("plaintext certificate asked for, none found");
+
+            return m_certResponse.CertifiedKeyPair.CertOrEncCert.Certificate;
+        }
+
+        /**
+         * Return this object's underlying ASN.1 structure.
+         *
+         * @return a CertResponse
+         */
+        public virtual CertResponse ToAsn1Structure() => m_certResponse;
+    }
+}