diff options
Diffstat (limited to 'crypto/src/x509')
-rw-r--r-- | crypto/src/x509/X509V1CertificateGenerator.cs | 50 | ||||
-rw-r--r-- | crypto/src/x509/X509V2AttributeCertificateGenerator.cs | 69 | ||||
-rw-r--r-- | crypto/src/x509/X509V2CRLGenerator.cs | 92 | ||||
-rw-r--r-- | crypto/src/x509/X509V3CertificateGenerator.cs | 65 |
4 files changed, 159 insertions, 117 deletions
diff --git a/crypto/src/x509/X509V1CertificateGenerator.cs b/crypto/src/x509/X509V1CertificateGenerator.cs index 02b58a198..8201a66ec 100644 --- a/crypto/src/x509/X509V1CertificateGenerator.cs +++ b/crypto/src/x509/X509V1CertificateGenerator.cs @@ -1,10 +1,12 @@ using System; +using System.IO; using System.Collections; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; @@ -119,6 +121,7 @@ namespace Org.BouncyCastle.X509 /// This can be either a name or an OID, names are treated as case insensitive. /// </summary> /// <param name="signatureAlgorithm">string representation of the algorithm name</param> + [Obsolete("Not needed if Generate used with an ISignatureCalculator")] public void SetSignatureAlgorithm( string signatureAlgorithm) { @@ -143,6 +146,7 @@ namespace Org.BouncyCastle.X509 /// </summary> /// <param name="privateKey">The private key of the issuer used to sign this certificate.</param> /// <returns>An X509Certificate.</returns> + [Obsolete("Use Generate with an ISignatureCalculator")] public X509Certificate Generate( AsymmetricKeyParameter privateKey) { @@ -155,43 +159,43 @@ namespace Org.BouncyCastle.X509 /// <param name="privateKey">The private key of the issuer used to sign this certificate.</param> /// <param name="random">The Secure Random you want to use.</param> /// <returns>An X509Certificate.</returns> + [Obsolete("Use Generate with an ISignatureCalculator")] public X509Certificate Generate( AsymmetricKeyParameter privateKey, SecureRandom random) { + return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random)); + } + + /// <summary> + /// Generate a new X509Certificate using the passed in SignatureCalculator. + /// </summary> + /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> + /// <returns>An X509Certificate.</returns> + public X509Certificate Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator) + { + tbsGen.SetSignature (signatureCalculator.AlgorithmDetails); + TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); - byte[] signature; - try - { - signature = X509Utilities.GetSignatureForObject( - sigOID, signatureAlgorithm, privateKey, random, tbsCert); - } - catch (Exception e) - { - // TODO -// throw new ExtCertificateEncodingException("exception encoding TBS cert", e); - throw new CertificateEncodingException("exception encoding TBS cert", e); - } + Stream sigStream = signatureCalculator.GetSignatureUpdater (); - try - { - return GenerateJcaObject(tbsCert, signature); - } - catch (CertificateParsingException e) - { - // TODO - // throw new ExtCertificateEncodingException("exception producing certificate object", e); - throw new CertificateEncodingException("exception producing certificate object", e); - } + byte[] encoded = tbsCert.GetDerEncoded(); + + sigStream.Write (encoded, 0, encoded.Length); + + sigStream.Close (); + + return GenerateJcaObject(tbsCert, signatureCalculator.AlgorithmDetails, signatureCalculator.Signature()); } private X509Certificate GenerateJcaObject( TbsCertificateStructure tbsCert, + AlgorithmIdentifier sigAlg, byte[] signature) { return new X509Certificate( - new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))); + new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature))); } /// <summary> diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs index a683d5e20..1cbdbcfcb 100644 --- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs +++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs @@ -8,6 +8,8 @@ using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Crypto.Operators; +using System.IO; namespace Org.BouncyCastle.X509 { @@ -66,12 +68,13 @@ namespace Org.BouncyCastle.X509 acInfoGen.SetEndDate(new DerGeneralizedTime(date)); } - /// <summary> - /// Set the signature algorithm. This can be either a name or an OID, names - /// are treated as case insensitive. - /// </summary> - /// <param name="signatureAlgorithm">The algorithm name.</param> - public void SetSignatureAlgorithm( + /// <summary> + /// Set the signature algorithm. This can be either a name or an OID, names + /// are treated as case insensitive. + /// </summary> + /// <param name="signatureAlgorithm">The algorithm name.</param> + [Obsolete("Not needed if Generate used with an ISignatureCalculator")] + public void SetSignatureAlgorithm( string signatureAlgorithm) { this.signatureAlgorithm = signatureAlgorithm; @@ -127,37 +130,57 @@ namespace Org.BouncyCastle.X509 extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue); } - /// <summary> - /// Generate an X509 certificate, based on the current issuer and subject. - /// </summary> - public IX509AttributeCertificate Generate( - AsymmetricKeyParameter publicKey) + /// <summary> + /// Generate an X509 certificate, based on the current issuer and subject. + /// </summary> + [Obsolete("Use Generate with an ISignatureCalculator")] + public IX509AttributeCertificate Generate( + AsymmetricKeyParameter privateKey) { - return Generate(publicKey, null); + return Generate(privateKey, null); } - /// <summary> - /// Generate an X509 certificate, based on the current issuer and subject, - /// using the supplied source of randomness, if required. - /// </summary> - public IX509AttributeCertificate Generate( - AsymmetricKeyParameter publicKey, + /// <summary> + /// Generate an X509 certificate, based on the current issuer and subject, + /// using the supplied source of randomness, if required. + /// </summary> + [Obsolete("Use Generate with an ISignatureCalculator")] + public IX509AttributeCertificate Generate( + AsymmetricKeyParameter privateKey, SecureRandom random) - { - if (!extGenerator.IsEmpty) + { + return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random)); + } + + /// <summary> + /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator. + /// </summary> + /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> + /// <returns>An IX509AttributeCertificate.</returns> + public IX509AttributeCertificate Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator) + { + if (!extGenerator.IsEmpty) { acInfoGen.SetExtensions(extGenerator.Generate()); } AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo(); - Asn1EncodableVector v = new Asn1EncodableVector(); + byte[] encoded = acInfo.GetDerEncoded(); + + Stream sigStream = signatureCalculator.GetSignatureUpdater(); + + sigStream.Write(encoded, 0, encoded.Length); + + sigStream.Close(); + + Asn1EncodableVector v = new Asn1EncodableVector(); - v.Add(acInfo, sigAlgId); + v.Add(acInfo, signatureCalculator.AlgorithmDetails); try { - v.Add(new DerBitString(X509Utilities.GetSignatureForObject(sigOID, signatureAlgorithm, publicKey, random, acInfo))); + v.Add(new DerBitString(signatureCalculator.Signature())); return new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(v))); } diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs index a2293b333..ef0464a82 100644 --- a/crypto/src/x509/X509V2CRLGenerator.cs +++ b/crypto/src/x509/X509V2CRLGenerator.cs @@ -10,6 +10,7 @@ using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities.Collections; +using Org.BouncyCastle.Crypto.Operators; namespace Org.BouncyCastle.X509 { @@ -129,13 +130,12 @@ namespace Org.BouncyCastle.X509 } } - /** - * Set the signature algorithm. This can be either a name or an oid, names - * are treated as case insensitive. - * - * @param signatureAlgorithm string representation of the algorithm name. - */ - public void SetSignatureAlgorithm( + /// <summary> + /// Set the signature algorithm that will be used to sign this CRL. + /// </summary> + /// <param name="signatureAlgorithm"/> + [Obsolete("Not needed if Generate used with an ISignatureCalculator")] + public void SetSignatureAlgorithm( string signatureAlgorithm) { this.signatureAlgorithm = signatureAlgorithm; @@ -198,40 +198,55 @@ namespace Org.BouncyCastle.X509 extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue)); } - /// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary> - /// <param name="privateKey">The key used for signing.</param> - public X509Crl Generate( - AsymmetricKeyParameter privateKey) - { - return Generate(privateKey, null); - } + /// <summary> + /// Generate an X.509 CRL, based on the current issuer and subject. + /// </summary> + /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param> + /// <returns>An X509Crl.</returns> + [Obsolete("Use Generate with an ISignatureCalculator")] + public X509Crl Generate( + AsymmetricKeyParameter privateKey) + { + return Generate(privateKey, null); + } - /// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary> - /// <param name="privateKey">The key used for signing.</param> - /// <param name="random">A user-defined source of randomness.</param> - public X509Crl Generate( - AsymmetricKeyParameter privateKey, - SecureRandom random) - { - TbsCertificateList tbsCrl = GenerateCertList(); - byte[] signature; + /// <summary> + /// Generate an X.509 CRL, based on the current issuer and subject using the specified secure random. + /// </summary> + /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param> + /// <param name="random">Your Secure Random instance.</param> + /// <returns>An X509Crl.</returns> + [Obsolete("Use Generate with an ISignatureCalculator")] + public X509Crl Generate( + AsymmetricKeyParameter privateKey, + SecureRandom random) + { + return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random)); + } - try - { - signature = X509Utilities.GetSignatureForObject( - sigOID, signatureAlgorithm, privateKey, random, tbsCrl); - } - catch (IOException e) - { - // TODO -// throw new ExtCrlException("cannot generate CRL encoding", e); - throw new CrlException("cannot generate CRL encoding", e); - } + /// <summary> + /// Generate a new X509Crl using the passed in SignatureCalculator. + /// </summary> + /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> + /// <returns>An X509Crl.</returns> + public X509Crl Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator) + { + tbsGen.SetSignature(signatureCalculator.AlgorithmDetails); - return GenerateJcaObject(tbsCrl, signature); - } + TbsCertificateList tbsCertList = GenerateCertList(); + + Stream sigStream = signatureCalculator.GetSignatureUpdater(); + + byte[] encoded = tbsCertList.GetDerEncoded(); + + sigStream.Write(encoded, 0, encoded.Length); + + sigStream.Close(); + + return GenerateJcaObject(tbsCertList, signatureCalculator.AlgorithmDetails, signatureCalculator.Signature()); + } - private TbsCertificateList GenerateCertList() + private TbsCertificateList GenerateCertList() { if (!extGenerator.IsEmpty) { @@ -243,11 +258,12 @@ namespace Org.BouncyCastle.X509 private X509Crl GenerateJcaObject( TbsCertificateList tbsCrl, + AlgorithmIdentifier algId, byte[] signature) { return new X509Crl( CertificateList.GetInstance( - new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature)))); + new DerSequence(tbsCrl, algId, new DerBitString(signature)))); } /// <summary> diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs index bb0dd9cbc..252b91aa4 100644 --- a/crypto/src/x509/X509V3CertificateGenerator.cs +++ b/crypto/src/x509/X509V3CertificateGenerator.cs @@ -1,9 +1,11 @@ using System; using System.Collections; +using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math; using Org.BouncyCastle.Security; @@ -110,6 +112,7 @@ namespace Org.BouncyCastle.X509 /// Set the signature algorithm that will be used to sign this certificate. /// </summary> /// <param name="signatureAlgorithm"/> + [Obsolete("Not needed if Generate used with an ISignatureCalculator")] public void SetSignatureAlgorithm( string signatureAlgorithm) { @@ -274,7 +277,8 @@ namespace Org.BouncyCastle.X509 /// </summary> /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param> /// <returns>An X509Certificate.</returns> - public X509Certificate Generate( + [Obsolete("Use Generate with an ISignatureCalculator")] + public X509Certificate Generate( AsymmetricKeyParameter privateKey) { return Generate(privateKey, null); @@ -286,53 +290,48 @@ namespace Org.BouncyCastle.X509 /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param> /// <param name="random">You Secure Random instance.</param> /// <returns>An X509Certificate.</returns> + [Obsolete("Use Generate with an ISignatureCalculator")] public X509Certificate Generate( AsymmetricKeyParameter privateKey, SecureRandom random) { - TbsCertificateStructure tbsCert = GenerateTbsCert(); - byte[] signature; - - try - { - signature = X509Utilities.GetSignatureForObject( - sigOid, signatureAlgorithm, privateKey, random, tbsCert); - } - catch (Exception e) - { - // TODO -// throw new ExtCertificateEncodingException("exception encoding TBS cert", e); - throw new CertificateEncodingException("exception encoding TBS cert", e); - } - - try - { - return GenerateJcaObject(tbsCert, signature); - } - catch (CertificateParsingException e) - { - // TODO - // throw new ExtCertificateEncodingException("exception producing certificate object", e); - throw new CertificateEncodingException("exception producing certificate object", e); - } + return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random)); } - private TbsCertificateStructure GenerateTbsCert() + /// <summary> + /// Generate a new X509Certificate using the passed in SignatureCalculator. + /// </summary> + /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> + /// <returns>An X509Certificate.</returns> + public X509Certificate Generate(ISignatureCalculator<AlgorithmIdentifier> signatureCalculator) { - if (!extGenerator.IsEmpty) - { - tbsGen.SetExtensions(extGenerator.Generate()); - } + tbsGen.SetSignature (signatureCalculator.AlgorithmDetails); + + if (!extGenerator.IsEmpty) + { + tbsGen.SetExtensions(extGenerator.Generate()); + } + + TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); + + Stream sigStream = signatureCalculator.GetSignatureUpdater (); + + byte[] encoded = tbsCert.GetDerEncoded(); + + sigStream.Write (encoded, 0, encoded.Length); + + sigStream.Close (); - return tbsGen.GenerateTbsCertificate(); + return GenerateJcaObject(tbsCert, signatureCalculator.AlgorithmDetails, signatureCalculator.Signature()); } private X509Certificate GenerateJcaObject( TbsCertificateStructure tbsCert, + AlgorithmIdentifier sigAlg, byte[] signature) { return new X509Certificate( - new X509CertificateStructure(tbsCert, sigAlgId, new DerBitString(signature))); + new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature))); } /// <summary> |