diff options
Diffstat (limited to 'crypto/src/crmf/CertificateResponse.cs')
-rw-r--r-- | crypto/src/crmf/CertificateResponse.cs | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/crypto/src/crmf/CertificateResponse.cs b/crypto/src/crmf/CertificateResponse.cs new file mode 100644 index 000000000..3a3f0d7c6 --- /dev/null +++ b/crypto/src/crmf/CertificateResponse.cs @@ -0,0 +1,94 @@ +using System; + +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Cms; + +namespace Org.BouncyCastle.Crmf +{ + /// <summary>High level wrapper for the CertResponse CRMF structure.</summary> + public class CertificateResponse + { + private readonly CertResponse m_certResponse; + + public CertificateResponse(CertResponse certResponse) + { + m_certResponse = certResponse; + } + + /** + * Return true if the response contains an encrypted certificate. + * + * @return true if certificate in response encrypted, false otherwise. + */ + public virtual bool HasEncryptedCertificate => + m_certResponse.CertifiedKeyPair.CertOrEncCert.HasEncryptedCertificate; + + /** + * Return a CMSEnvelopedData representing the encrypted certificate contained in the response. + * + * @return a CMEEnvelopedData if an encrypted certificate is present. + * @throws IllegalStateException if no encrypted certificate is present, or there is an issue with the enveloped data. + */ + public virtual CmsEnvelopedData GetEncryptedCertificate() + { + if (!HasEncryptedCertificate) + throw new InvalidOperationException("encrypted certificate asked for, none found"); + + CertifiedKeyPair receivedKeyPair = m_certResponse.CertifiedKeyPair; + + var contentInfo = new Asn1.Cms.ContentInfo(PkcsObjectIdentifiers.EnvelopedData, + receivedKeyPair.CertOrEncCert.EncryptedCert.Value); + + CmsEnvelopedData envelopedData = new CmsEnvelopedData(contentInfo); + + if (envelopedData.GetRecipientInfos().Count != 1) + throw new InvalidOperationException("data encrypted for more than one recipient"); + + return envelopedData; + } + + // TODO[crmf] +#if false + /** + * Return the CMPCertificate representing the plaintext certificate in the response. + * + * @return a CMPCertificate if a plaintext certificate is present. + * @throws IllegalStateException if no plaintext certificate is present. + */ + public virtual CmpCertificate GetCertificate(Recipient recipient) + { + CmsEnvelopedData encryptedCert = GetEncryptedCertificate(); + + RecipientInformationStore recipients = encryptedCert.GetRecipientInfos(); + + var c = recipients.GetRecipients(); + + RecipientInformation recInfo = c[0]; + + return CmpCertificate.GetInstance(recInfo.GetContent(recipient)); + } +#endif + + /** + * Return the CMPCertificate representing the plaintext certificate in the response. + * + * @return a CMPCertificate if a plaintext certificate is present. + * @throws IllegalStateException if no plaintext certificate is present. + */ + public virtual CmpCertificate GetCertificate() + { + if (HasEncryptedCertificate) + throw new InvalidOperationException("plaintext certificate asked for, none found"); + + return m_certResponse.CertifiedKeyPair.CertOrEncCert.Certificate; + } + + /** + * Return this object's underlying ASN.1 structure. + * + * @return a CertResponse + */ + public virtual CertResponse ToAsn1Structure() => m_certResponse; + } +} |