1 files changed, 104 insertions, 0 deletions
diff --git a/crypto/src/crmf/CertificateResponseBuilder.cs b/crypto/src/crmf/CertificateResponseBuilder.cs
new file mode 100644
index 000000000..d1e85ea23
--- /dev/null
+++ b/crypto/src/crmf/CertificateResponseBuilder.cs
@@ -0,0 +1,104 @@
+using System;
+
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Cms;
+using Org.BouncyCastle.Asn1.Crmf;
+using Org.BouncyCastle.Cms;
+using Org.BouncyCastle.X509;
+
+namespace Org.BouncyCastle.Crmf
+{
+    /// <summary>Builder for CertificateResponse objects (the CertResponse CRMF equivalent).</summary>
+    public class CertificateResponseBuilder
+    {
+        private readonly DerInteger m_certReqID;
+        private readonly PkiStatusInfo m_statusInfo;
+
+        private CertifiedKeyPair m_certKeyPair;
+        private Asn1OctetString m_rspInfo;
+
+        /**
+         * Base constructor.
+         *
+         * @param certReqId the request ID for the response.
+         * @param statusInfo the status info to associate with the response.
+         */
+        public CertificateResponseBuilder(DerInteger certReqID, PkiStatusInfo statusInfo)
+        {
+            m_certReqID = certReqID;
+            m_statusInfo = statusInfo;
+        }
+
+        /**
+         * Specify the certificate to assign to this response (in plaintext).
+         *
+         * @param certificate the X.509 PK certificate to include.
+         * @return the current builder.
+         */
+        public virtual CertificateResponseBuilder WithCertificate(X509Certificate certificate)
+        {
+            if (m_certKeyPair != null)
+                throw new InvalidOperationException("certificate in response already set");
+
+            var cmpCertificate = new CmpCertificate(certificate.CertificateStructure);
+
+            m_certKeyPair = new CertifiedKeyPair(new CertOrEncCert(cmpCertificate));
+
+            return this;
+        }
+
+        /**
+         * Specify the certificate to assign to this response (in plaintext).
+         *
+         * @param cmpCertificate the X.509 PK certificate to include.
+         * @return the current builder.
+         */
+        public virtual CertificateResponseBuilder WithCertificate(CmpCertificate cmpCertificate)
+        {
+            if (m_certKeyPair != null)
+                throw new InvalidOperationException("certificate in response already set");
+
+            m_certKeyPair = new CertifiedKeyPair(new CertOrEncCert(cmpCertificate));
+
+            return this;
+        }
+
+        /**
+         * Specify the encrypted certificate to assign to this response (in plaintext).
+         *
+         * @param encryptedCertificate an encrypted
+         * @return the current builder.
+         */
+        public virtual CertificateResponseBuilder WithCertificate(CmsEnvelopedData encryptedCertificate)
+        {
+            if (m_certKeyPair != null)
+                throw new InvalidOperationException("certificate in response already set");
+
+            var encryptedKey = new EncryptedKey(EnvelopedData.GetInstance(encryptedCertificate.ContentInfo.Content));
+
+            m_certKeyPair = new CertifiedKeyPair(new CertOrEncCert(encryptedKey));
+
+            return this;
+        }
+
+        /**
+         * Specify the response info field on the response.
+         *
+         * @param responseInfo a response info string.
+         * @return the current builder.
+         */
+        public virtual CertificateResponseBuilder WithResponseInfo(byte[] responseInfo)
+        {
+            if (m_rspInfo != null)
+                throw new InvalidOperationException("response info already set");
+
+            m_rspInfo = new DerOctetString(responseInfo);
+
+            return this;
+        }
+
+        public virtual CertificateResponse Build() =>
+            new CertificateResponse(new CertResponse(m_certReqID, m_statusInfo, m_certKeyPair, m_rspInfo));
+    }
+}