diff options
Diffstat (limited to 'crypto/src/x509/AttributeCertificateHolder.cs')
| -rw-r--r-- | crypto/src/x509/AttributeCertificateHolder.cs | 276 |
1 files changed, 72 insertions, 204 deletions
diff --git a/crypto/src/x509/AttributeCertificateHolder.cs b/crypto/src/x509/AttributeCertificateHolder.cs index 9122a809f..1df5b1a56 100644 --- a/crypto/src/x509/AttributeCertificateHolder.cs +++ b/crypto/src/x509/AttributeCertificateHolder.cs @@ -1,73 +1,60 @@ using System; +using System.Collections.Generic; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.X509 { - /// <remarks> - /// The Holder object. - /// <pre> - /// Holder ::= SEQUENCE { - /// baseCertificateID [0] IssuerSerial OPTIONAL, - /// -- the issuer and serial number of - /// -- the holder's Public Key Certificate - /// entityName [1] GeneralNames OPTIONAL, - /// -- the name of the claimant or role - /// objectDigestInfo [2] ObjectDigestInfo OPTIONAL - /// -- used to directly authenticate the holder, - /// -- for example, an executable - /// } - /// </pre> - /// </remarks> - public class AttributeCertificateHolder - //: CertSelector, Selector - : ISelector<X509Certificate> + /// <remarks> + /// The Holder object. + /// <pre> + /// Holder ::= SEQUENCE { + /// baseCertificateID [0] IssuerSerial OPTIONAL, + /// -- the issuer and serial number of + /// -- the holder's Public Key Certificate + /// entityName [1] GeneralNames OPTIONAL, + /// -- the name of the claimant or role + /// objectDigestInfo [2] ObjectDigestInfo OPTIONAL + /// -- used to directly authenticate the holder, + /// -- for example, an executable + /// } + /// </pre> + /// </remarks> + public class AttributeCertificateHolder + : IEquatable<AttributeCertificateHolder>, ISelector<X509Certificate> { - internal readonly Holder holder; + internal readonly Holder m_holder; - internal AttributeCertificateHolder( - Asn1Sequence seq) + internal AttributeCertificateHolder(Asn1Sequence seq) { - holder = Holder.GetInstance(seq); + m_holder = Holder.GetInstance(seq); } - public AttributeCertificateHolder( - X509Name issuerName, - BigInteger serialNumber) + public AttributeCertificateHolder(X509Name issuerName, BigInteger serialNumber) { - holder = new Holder( + m_holder = new Holder( new IssuerSerial( GenerateGeneralNames(issuerName), new DerInteger(serialNumber))); } - public AttributeCertificateHolder( - X509Certificate cert) + public AttributeCertificateHolder(X509Certificate cert) { - X509Name name; - try - { - name = PrincipalUtilities.GetIssuerX509Principal(cert); - } - catch (Exception e) - { - throw new CertificateParsingException(e.Message); - } - - holder = new Holder(new IssuerSerial(GenerateGeneralNames(name), new DerInteger(cert.SerialNumber))); + m_holder = new Holder( + new IssuerSerial( + GenerateGeneralNames(cert.IssuerDN), + new DerInteger(cert.SerialNumber))); } - public AttributeCertificateHolder( - X509Name principal) + public AttributeCertificateHolder(X509Name principal) { - holder = new Holder(GenerateGeneralNames(principal)); + m_holder = new Holder(GenerateGeneralNames(principal)); } /** @@ -93,16 +80,14 @@ namespace Org.BouncyCastle.X509 * <code>otherObjectDigest</code>. * @param objectDigest The hash value. */ - public AttributeCertificateHolder( - int digestedObjectType, - string digestAlgorithm, - string otherObjectTypeID, - byte[] objectDigest) + public AttributeCertificateHolder(int digestedObjectType, string digestAlgorithm, string otherObjectTypeID, + byte[] objectDigest) { - // TODO Allow 'objectDigest' to be null? + var digestAlgorithmID = new AlgorithmIdentifier(new DerObjectIdentifier(digestAlgorithm)); + var objectDigestInfo = new ObjectDigestInfo(digestedObjectType, otherObjectTypeID, digestAlgorithmID, + Arrays.Clone(objectDigest)); - holder = new Holder(new ObjectDigestInfo(digestedObjectType, otherObjectTypeID, - new AlgorithmIdentifier(new DerObjectIdentifier(digestAlgorithm)), Arrays.Clone(objectDigest))); + m_holder = new Holder(objectDigestInfo); } /** @@ -124,7 +109,7 @@ namespace Org.BouncyCastle.X509 { get { - ObjectDigestInfo odi = holder.ObjectDigestInfo; + ObjectDigestInfo odi = m_holder.ObjectDigestInfo; return odi == null ? -1 @@ -138,31 +123,14 @@ namespace Org.BouncyCastle.X509 * @return The other object type ID or <code>null</code> if no object * digest info is set. */ - public string DigestAlgorithm - { - get - { - ObjectDigestInfo odi = holder.ObjectDigestInfo; - - return odi == null - ? null - : odi.DigestAlgorithm.Algorithm.Id; - } - } + public string DigestAlgorithm => m_holder.ObjectDigestInfo?.DigestAlgorithm.Algorithm.Id; /** * Returns the hash if an object digest info is used. * * @return The hash or <code>null</code> if no object digest info is set. */ - public byte[] GetObjectDigest() - { - ObjectDigestInfo odi = holder.ObjectDigestInfo; - - return odi == null - ? null - : odi.ObjectDigest.GetBytes(); - } + public byte[] GetObjectDigest() => m_holder.ObjectDigestInfo?.ObjectDigest.GetBytes(); /** * Returns the digest algorithm ID if an object digest info is used. @@ -170,43 +138,20 @@ namespace Org.BouncyCastle.X509 * @return The digest algorithm ID or <code>null</code> if no object * digest info is set. */ - public string OtherObjectTypeID - { - get - { - ObjectDigestInfo odi = holder.ObjectDigestInfo; + public string OtherObjectTypeID => m_holder.ObjectDigestInfo?.OtherObjectTypeID.Id; - return odi == null - ? null - : odi.OtherObjectTypeID.Id; - } - } - - private GeneralNames GenerateGeneralNames( - X509Name principal) - { -// return GeneralNames.GetInstance(new DerSequence(new GeneralName(principal))); - return new GeneralNames(new GeneralName(principal)); - } + private GeneralNames GenerateGeneralNames(X509Name principal) => new GeneralNames(new GeneralName(principal)); - private bool MatchesDN( - X509Name subject, - GeneralNames targets) + private bool MatchesDN(X509Name subject, GeneralNames targets) { - GeneralName[] names = targets.GetNames(); - - for (int i = 0; i != names.Length; i++) + foreach (var gn in targets.GetNames()) { - GeneralName gn = names[i]; - if (gn.TagNo == GeneralName.DirectoryName) { try { if (X509Name.GetInstance(gn.Name).Equivalent(subject)) - { return true; - } } catch (Exception) { @@ -217,59 +162,18 @@ namespace Org.BouncyCastle.X509 return false; } - private object[] GetNames( - GeneralName[] names) + private X509Name[] GetPrincipals(GeneralNames generalNames) { - int count = 0; - for (int i = 0; i != names.Length; i++) + var names = generalNames.GetNames(); + var result = new List<X509Name>(names.Length); + foreach (var name in names) { - if (names[i].TagNo == GeneralName.DirectoryName) + if (GeneralName.DirectoryName == name.TagNo) { - ++count; + result.Add(X509Name.GetInstance(name.Name)); } - } - - object[] result = new object[count]; - - int pos = 0; - for (int i = 0; i != names.Length; i++) - { - if (names[i].TagNo == GeneralName.DirectoryName) - { - result[pos++] = X509Name.GetInstance(names[i].Name); - } - } - - return result; - } - - private X509Name[] GetPrincipals( - GeneralNames names) - { - object[] p = this.GetNames(names.GetNames()); - - int count = 0; - - for (int i = 0; i != p.Length; i++) - { - if (p[i] is X509Name) - { - ++count; - } } - - X509Name[] result = new X509Name[count]; - - int pos = 0; - for (int i = 0; i != p.Length; i++) - { - if (p[i] is X509Name) - { - result[pos++] = (X509Name)p[i]; - } - } - - return result; + return result.ToArray(); } /** @@ -279,12 +183,8 @@ namespace Org.BouncyCastle.X509 */ public X509Name[] GetEntityNames() { - if (holder.EntityName != null) - { - return GetPrincipals(holder.EntityName); - } - - return null; + var entityName = m_holder.EntityName; + return entityName == null ? null : GetPrincipals(entityName); } /** @@ -294,12 +194,8 @@ namespace Org.BouncyCastle.X509 */ public X509Name[] GetIssuer() { - if (holder.BaseCertificateID != null) - { - return GetPrincipals(holder.BaseCertificateID.Issuer); - } - - return null; + var baseCertificateID = m_holder.BaseCertificateID; + return baseCertificateID == null ? null : GetPrincipals(baseCertificateID.Issuer); } /** @@ -307,23 +203,9 @@ namespace Org.BouncyCastle.X509 * * @return the certificate serial number, null if no BaseCertificateID is set. */ - public BigInteger SerialNumber - { - get - { - if (holder.BaseCertificateID != null) - { - return holder.BaseCertificateID.Serial.Value; - } + public BigInteger SerialNumber => m_holder.BaseCertificateID?.Serial.Value; - return null; - } - } - - public object Clone() - { - return new AttributeCertificateHolder((Asn1Sequence)holder.ToAsn1Object()); - } + public object Clone() => new AttributeCertificateHolder((Asn1Sequence)m_holder.ToAsn1Object()); public bool Match(X509Certificate x509Cert) { @@ -332,23 +214,26 @@ namespace Org.BouncyCastle.X509 try { - if (holder.BaseCertificateID != null) + var baseCertificateID = m_holder.BaseCertificateID; + if (baseCertificateID != null) { - return holder.BaseCertificateID.Serial.HasValue(x509Cert.SerialNumber) - && MatchesDN(PrincipalUtilities.GetIssuerX509Principal(x509Cert), holder.BaseCertificateID.Issuer); + return baseCertificateID.Serial.HasValue(x509Cert.SerialNumber) + && MatchesDN(x509Cert.IssuerDN, baseCertificateID.Issuer); } - if (holder.EntityName != null) + var entityName = m_holder.EntityName; + if (entityName != null) { - if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName)) + if (MatchesDN(x509Cert.SubjectDN, entityName)) return true; } - if (holder.ObjectDigestInfo != null) + var objectDigestInfo = m_holder.ObjectDigestInfo; + if (objectDigestInfo != null) { IDigest md = DigestUtilities.GetDigest(DigestAlgorithm); - switch (DigestedObjectType) + switch (objectDigestInfo.DigestedObjectType.IntValueExact) { case ObjectDigestInfo.PublicKey: { @@ -363,15 +248,12 @@ namespace Org.BouncyCastle.X509 md.BlockUpdate(b, 0, b.Length); break; } - // TODO Default handler? } // TODO Shouldn't this be the other way around? - if (!Arrays.AreEqual(DigestUtilities.DoFinal(md), GetObjectDigest())) - { + if (!Arrays.AreEqual(GetObjectDigest(), DigestUtilities.DoFinal(md))) return false; - } } } catch (Exception) @@ -381,27 +263,13 @@ namespace Org.BouncyCastle.X509 return false; } - public override bool Equals( - object obj) + public virtual bool Equals(AttributeCertificateHolder other) { - if (obj == this) - { - return true; - } - - if (!(obj is AttributeCertificateHolder)) - { - return false; - } - - AttributeCertificateHolder other = (AttributeCertificateHolder)obj; + return this == other || m_holder.Equals(other?.m_holder); + } - return this.holder.Equals(other.holder); - } + public override bool Equals(object obj) => Equals(obj as AttributeCertificateHolder); - public override int GetHashCode() - { - return this.holder.GetHashCode(); - } + public override int GetHashCode() => m_holder.GetHashCode(); } } |