diff options
Diffstat (limited to 'crypto/src/x509')
| -rw-r--r-- | crypto/src/x509/X509Certificate.cs | 42 | ||||
| -rw-r--r-- | crypto/src/x509/X509CertificateParser.cs | 69 | ||||
| -rw-r--r-- | crypto/src/x509/X509CrlParser.cs | 78 | ||||
| -rw-r--r-- | crypto/src/x509/X509Utilities.cs | 227 | ||||
| -rw-r--r-- | crypto/src/x509/X509V3CertificateGenerator.cs | 35 | ||||
| -rw-r--r-- | crypto/src/x509/store/X509CertStoreSelector.cs | 4 |
6 files changed, 172 insertions, 283 deletions
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs index 985ec0aeb..2fbad4ba5 100644 --- a/crypto/src/x509/X509Certificate.cs +++ b/crypto/src/x509/X509Certificate.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Collections.Generic; using System.IO; using System.Text; @@ -96,12 +97,10 @@ namespace Org.BouncyCastle.X509 try { - Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.19")); - + Asn1OctetString str = GetExtensionValue(X509Extensions.BasicConstraints); if (str != null) { - basicConstraints = BasicConstraints.GetInstance( - X509ExtensionUtilities.FromExtensionValue(str)); + basicConstraints = BasicConstraints.GetInstance(X509ExtensionUtilities.FromExtensionValue(str)); } } catch (Exception e) @@ -111,12 +110,10 @@ namespace Org.BouncyCastle.X509 try { - Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.15")); - + Asn1OctetString str = GetExtensionValue(X509Extensions.KeyUsage); if (str != null) { - DerBitString bits = DerBitString.GetInstance( - X509ExtensionUtilities.FromExtensionValue(str)); + DerBitString bits = DerBitString.GetInstance(X509ExtensionUtilities.FromExtensionValue(str)); byte[] bytes = bits.GetBytes(); int length = (bytes.Length * 8) - bits.PadBits; @@ -343,26 +340,23 @@ namespace Org.BouncyCastle.X509 } // TODO Replace with something that returns a list of DerObjectIdentifier - public virtual IList GetExtendedKeyUsage() + public virtual IList<DerObjectIdentifier> GetExtendedKeyUsage() { - Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.37")); + Asn1OctetString str = GetExtensionValue(X509Extensions.ExtendedKeyUsage); if (str == null) return null; try { - Asn1Sequence seq = Asn1Sequence.GetInstance( - X509ExtensionUtilities.FromExtensionValue(str)); - - IList list = Platform.CreateArrayList(); + Asn1Sequence seq = Asn1Sequence.GetInstance(X509ExtensionUtilities.FromExtensionValue(str)); + var result = new List<DerObjectIdentifier>(); foreach (DerObjectIdentifier oid in seq) { - list.Add(oid.Id); + result.Add(oid); } - - return list; + return result; } catch (Exception e) { @@ -387,19 +381,17 @@ namespace Org.BouncyCastle.X509 public virtual ICollection GetSubjectAlternativeNames() { - return GetAlternativeNames("2.5.29.17"); + return GetAlternativeNames(X509Extensions.SubjectAlternativeName); } public virtual ICollection GetIssuerAlternativeNames() { - return GetAlternativeNames("2.5.29.18"); + return GetAlternativeNames(X509Extensions.IssuerAlternativeName); } - protected virtual ICollection GetAlternativeNames( - string oid) + protected virtual ICollection GetAlternativeNames(DerObjectIdentifier oid) { - Asn1OctetString altNames = GetExtensionValue(new DerObjectIdentifier(oid)); - + Asn1OctetString altNames = GetExtensionValue(oid); if (altNames == null) return null; @@ -549,7 +541,7 @@ namespace Org.BouncyCastle.X509 if (extensions != null) { - IEnumerator e = extensions.ExtensionOids.GetEnumerator(); + var e = extensions.ExtensionOids.GetEnumerator(); if (e.MoveNext()) { @@ -558,7 +550,7 @@ namespace Org.BouncyCastle.X509 do { - DerObjectIdentifier oid = (DerObjectIdentifier)e.Current; + DerObjectIdentifier oid = e.Current; X509Extension ext = extensions.GetExtension(oid); if (ext.Value != null) diff --git a/crypto/src/x509/X509CertificateParser.cs b/crypto/src/x509/X509CertificateParser.cs index ceab31108..ce50dc8ed 100644 --- a/crypto/src/x509/X509CertificateParser.cs +++ b/crypto/src/x509/X509CertificateParser.cs @@ -1,12 +1,11 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Security.Certificates; -using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.X509 @@ -22,12 +21,11 @@ namespace Org.BouncyCastle.X509 { private static readonly PemParser PemCertParser = new PemParser("CERTIFICATE"); - private Asn1Set sData; - private int sDataObjectCount; - private Stream currentStream; + private Asn1Set sData; + private int sDataObjectCount; + private Stream currentStream; - private X509Certificate ReadDerCertificate( - Asn1InputStream dIn) + private X509Certificate ReadDerCertificate(Asn1InputStream dIn) { Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject(); @@ -42,7 +40,14 @@ namespace Org.BouncyCastle.X509 } } - return CreateX509Certificate(X509CertificateStructure.GetInstance(seq)); + return new X509Certificate(X509CertificateStructure.GetInstance(seq)); + } + + private X509Certificate ReadPemCertificate(Stream inStream) + { + Asn1Sequence seq = PemCertParser.ReadPemObject(inStream); + + return seq == null ? null : new X509Certificate(X509CertificateStructure.GetInstance(seq)); } private X509Certificate GetCertificate() @@ -54,38 +59,18 @@ namespace Org.BouncyCastle.X509 object obj = sData[sDataObjectCount++]; if (obj is Asn1Sequence) - { - return CreateX509Certificate( - X509CertificateStructure.GetInstance(obj)); - } + return new X509Certificate(X509CertificateStructure.GetInstance(obj)); } } return null; } - private X509Certificate ReadPemCertificate( - Stream inStream) - { - Asn1Sequence seq = PemCertParser.ReadPemObject(inStream); - - return seq == null - ? null - : CreateX509Certificate(X509CertificateStructure.GetInstance(seq)); - } - - protected virtual X509Certificate CreateX509Certificate( - X509CertificateStructure c) - { - return new X509Certificate(c); - } - /// <summary> /// Create loading data from byte array. /// </summary> /// <param name="input"></param> - public X509Certificate ReadCertificate( - byte[] input) + public X509Certificate ReadCertificate(byte[] input) { return ReadCertificate(new MemoryStream(input, false)); } @@ -94,8 +79,7 @@ namespace Org.BouncyCastle.X509 /// Create loading data from byte array. /// </summary> /// <param name="input"></param> - public ICollection ReadCertificates( - byte[] input) + public IList<X509Certificate> ReadCertificates(byte[] input) { return ReadCertificates(new MemoryStream(input, false)); } @@ -104,8 +88,7 @@ namespace Org.BouncyCastle.X509 * Generates a certificate object and initializes it with the data * read from the input stream inStream. */ - public X509Certificate ReadCertificate( - Stream inStream) + public X509Certificate ReadCertificate(Stream inStream) { if (inStream == null) throw new ArgumentNullException("inStream"); @@ -130,9 +113,7 @@ namespace Org.BouncyCastle.X509 if (sData != null) { if (sDataObjectCount != sData.Count) - { return GetCertificate(); - } sData = null; sDataObjectCount = 0; @@ -155,9 +136,7 @@ namespace Org.BouncyCastle.X509 } if (tag != 0x30) // assume ascii PEM encoded. - { return ReadPemCertificate(inStream); - } return ReadDerCertificate(new Asn1InputStream(inStream)); } @@ -171,18 +150,18 @@ namespace Org.BouncyCastle.X509 * Returns a (possibly empty) collection view of the certificates * read from the given input stream inStream. */ - public ICollection ReadCertificates( - Stream inStream) + public IList<X509Certificate> ReadCertificates(Stream inStream) { - X509Certificate cert; - IList certs = Platform.CreateArrayList(); + return new List<X509Certificate>(ParseCertificates(inStream)); + } + public IEnumerable<X509Certificate> ParseCertificates(Stream inStream) + { + X509Certificate cert; while ((cert = ReadCertificate(inStream)) != null) { - certs.Add(cert); + yield return cert; } - - return certs; } } } diff --git a/crypto/src/x509/X509CrlParser.cs b/crypto/src/x509/X509CrlParser.cs index f0bb9f98f..ad2b4f704 100644 --- a/crypto/src/x509/X509CrlParser.cs +++ b/crypto/src/x509/X509CrlParser.cs @@ -1,12 +1,11 @@ using System; -using System.Collections; +using System.Collections.Generic; using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Security.Certificates; -using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.X509 @@ -17,33 +16,16 @@ namespace Org.BouncyCastle.X509 private readonly bool lazyAsn1; - private Asn1Set sCrlData; - private int sCrlDataObjectCount; - private Stream currentCrlStream; + private Asn1Set sCrlData; + private int sCrlDataObjectCount; + private Stream currentCrlStream; - public X509CrlParser() - : this(false) - { - } - - public X509CrlParser( - bool lazyAsn1) + public X509CrlParser(bool lazyAsn1 = false) { this.lazyAsn1 = lazyAsn1; } - private X509Crl ReadPemCrl( - Stream inStream) - { - Asn1Sequence seq = PemCrlParser.ReadPemObject(inStream); - - return seq == null - ? null - : CreateX509Crl(CertificateList.GetInstance(seq)); - } - - private X509Crl ReadDerCrl( - Asn1InputStream dIn) + private X509Crl ReadDerCrl(Asn1InputStream dIn) { Asn1Sequence seq = (Asn1Sequence)dIn.ReadObject(); @@ -58,33 +40,29 @@ namespace Org.BouncyCastle.X509 } } - return CreateX509Crl(CertificateList.GetInstance(seq)); + return new X509Crl(CertificateList.GetInstance(seq)); } - private X509Crl GetCrl() + private X509Crl ReadPemCrl(Stream inStream) { - if (sCrlData == null || sCrlDataObjectCount >= sCrlData.Count) - { - return null; - } + Asn1Sequence seq = PemCrlParser.ReadPemObject(inStream); - return CreateX509Crl( - CertificateList.GetInstance( - sCrlData[sCrlDataObjectCount++])); + return seq == null ? null : new X509Crl(CertificateList.GetInstance(seq)); } - protected virtual X509Crl CreateX509Crl( - CertificateList c) + private X509Crl GetCrl() { - return new X509Crl(c); + if (sCrlData == null || sCrlDataObjectCount >= sCrlData.Count) + return null; + + return new X509Crl(CertificateList.GetInstance(sCrlData[sCrlDataObjectCount++])); } /// <summary> /// Create loading data from byte array. /// </summary> /// <param name="input"></param> - public X509Crl ReadCrl( - byte[] input) + public X509Crl ReadCrl(byte[] input) { return ReadCrl(new MemoryStream(input, false)); } @@ -93,8 +71,7 @@ namespace Org.BouncyCastle.X509 /// Create loading data from byte array. /// </summary> /// <param name="input"></param> - public ICollection ReadCrls( - byte[] input) + public IList<X509Crl> ReadCrls(byte[] input) { return ReadCrls(new MemoryStream(input, false)); } @@ -103,8 +80,7 @@ namespace Org.BouncyCastle.X509 * Generates a certificate revocation list (CRL) object and initializes * it with the data read from the input stream inStream. */ - public X509Crl ReadCrl( - Stream inStream) + public X509Crl ReadCrl(Stream inStream) { if (inStream == null) throw new ArgumentNullException("inStream"); @@ -129,9 +105,7 @@ namespace Org.BouncyCastle.X509 if (sCrlData != null) { if (sCrlDataObjectCount != sCrlData.Count) - { return GetCrl(); - } sCrlData = null; sCrlDataObjectCount = 0; @@ -154,9 +128,7 @@ namespace Org.BouncyCastle.X509 } if (tag != 0x30) // assume ascii PEM encoded. - { return ReadPemCrl(inStream); - } Asn1InputStream asn1 = lazyAsn1 ? new LazyAsn1InputStream(inStream) @@ -183,18 +155,18 @@ namespace Org.BouncyCastle.X509 * only significant field being crls. In particular the signature * and the contents are ignored. */ - public ICollection ReadCrls( - Stream inStream) + public IList<X509Crl> ReadCrls(Stream inStream) { - X509Crl crl; - IList crls = Platform.CreateArrayList(); + return new List<X509Crl>(ParseCrls(inStream)); + } + public IEnumerable<X509Crl> ParseCrls(Stream inStream) + { + X509Crl crl; while ((crl = ReadCrl(inStream)) != null) { - crls.Add(crl); + yield return crl; } - - return crls; } } } diff --git a/crypto/src/x509/X509Utilities.cs b/crypto/src/x509/X509Utilities.cs index 85f24f26a..30ca0b080 100644 --- a/crypto/src/x509/X509Utilities.cs +++ b/crypto/src/x509/X509Utilities.cs @@ -1,5 +1,4 @@ using System; -using System.Collections; using System.Collections.Generic; using Org.BouncyCastle.Asn1; @@ -10,122 +9,120 @@ using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.TeleTrust; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X9; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Collections; namespace Org.BouncyCastle.X509 { internal class X509Utilities { - private static readonly IDictionary algorithms = Platform.CreateHashtable(); - private static readonly IDictionary exParams = Platform.CreateHashtable(); - private static readonly HashSet<DerObjectIdentifier> noParams = new HashSet<DerObjectIdentifier>(); + private static readonly Dictionary<string, DerObjectIdentifier> m_algorithms = + new Dictionary<string, DerObjectIdentifier>(StringComparer.OrdinalIgnoreCase); + private static readonly Dictionary<string, Asn1Encodable> m_exParams = + new Dictionary<string, Asn1Encodable>(StringComparer.OrdinalIgnoreCase); + private static readonly HashSet<DerObjectIdentifier> m_noParams = new HashSet<DerObjectIdentifier>(); static X509Utilities() { - algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption); - algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption); - algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption); - algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption); - algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); - algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); - algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); - algorithms.Add("SHA-1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); - algorithms.Add("SHA224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); - algorithms.Add("SHA-224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); - algorithms.Add("SHA224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); - algorithms.Add("SHA-224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); - algorithms.Add("SHA256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); - algorithms.Add("SHA-256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); - algorithms.Add("SHA256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); - algorithms.Add("SHA-256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); - algorithms.Add("SHA384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); - algorithms.Add("SHA-384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); - algorithms.Add("SHA384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); - algorithms.Add("SHA-384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); - algorithms.Add("SHA512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); - algorithms.Add("SHA-512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); - algorithms.Add("SHA512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); - algorithms.Add("SHA-512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); - algorithms.Add("SHA512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); - algorithms.Add("SHA-512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); - algorithms.Add("SHA512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); - algorithms.Add("SHA-512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); - algorithms.Add("SHA512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); - algorithms.Add("SHA-512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); - algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); - algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); - algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); - algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); - algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); - algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); - algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); - algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); - algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); - algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); - algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); - algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); - algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); - algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1); - algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1); - algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224); - algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256); - algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384); - algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512); - algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1); - algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1); - algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224); - algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256); - algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384); - algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512); - algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); - algorithms.Add("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); - algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); - algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); - algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); + m_algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption); + m_algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption); + m_algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption); + m_algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption); + m_algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); + m_algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption); + m_algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); + m_algorithms.Add("SHA-1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption); + m_algorithms.Add("SHA224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); + m_algorithms.Add("SHA-224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption); + m_algorithms.Add("SHA224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); + m_algorithms.Add("SHA-224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption); + m_algorithms.Add("SHA256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); + m_algorithms.Add("SHA-256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption); + m_algorithms.Add("SHA256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); + m_algorithms.Add("SHA-256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption); + m_algorithms.Add("SHA384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); + m_algorithms.Add("SHA-384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption); + m_algorithms.Add("SHA384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); + m_algorithms.Add("SHA-384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption); + m_algorithms.Add("SHA512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); + m_algorithms.Add("SHA-512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption); + m_algorithms.Add("SHA512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); + m_algorithms.Add("SHA-512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption); + m_algorithms.Add("SHA512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); + m_algorithms.Add("SHA-512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); + m_algorithms.Add("SHA512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); + m_algorithms.Add("SHA-512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption); + m_algorithms.Add("SHA512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); + m_algorithms.Add("SHA-512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); + m_algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); + m_algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption); + m_algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); + m_algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); + m_algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); + m_algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); + m_algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss); + m_algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); + m_algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160); + m_algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); + m_algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128); + m_algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); + m_algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256); + m_algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1); + m_algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1); + m_algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224); + m_algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256); + m_algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384); + m_algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512); + m_algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1); + m_algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1); + m_algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224); + m_algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256); + m_algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384); + m_algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512); + m_algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); + m_algorithms.Add("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); + m_algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); + m_algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); + m_algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); // // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. // The parameters field SHALL be NULL for RSA based signature algorithms. // - noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1); - noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224); - noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256); - noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384); - noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512); - noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1); - noParams.Add(OiwObjectIdentifiers.DsaWithSha1); - noParams.Add(NistObjectIdentifiers.DsaWithSha224); - noParams.Add(NistObjectIdentifiers.DsaWithSha256); - noParams.Add(NistObjectIdentifiers.DsaWithSha384); - noParams.Add(NistObjectIdentifiers.DsaWithSha512); + m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1); + m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224); + m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256); + m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384); + m_noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512); + m_noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1); + m_noParams.Add(OiwObjectIdentifiers.DsaWithSha1); + m_noParams.Add(NistObjectIdentifiers.DsaWithSha224); + m_noParams.Add(NistObjectIdentifiers.DsaWithSha256); + m_noParams.Add(NistObjectIdentifiers.DsaWithSha384); + m_noParams.Add(NistObjectIdentifiers.DsaWithSha512); // // RFC 4491 // - noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); - noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); + m_noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94); + m_noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001); // // explicit params // AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance); - exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20)); + m_exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20)); AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance); - exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28)); + m_exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28)); AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance); - exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32)); + m_exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32)); AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance); - exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48)); + m_exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48)); AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance); - exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64)); + m_exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64)); } private static RsassaPssParameters CreatePssParams( @@ -139,68 +136,28 @@ namespace Org.BouncyCastle.X509 new DerInteger(1)); } - internal static DerObjectIdentifier GetAlgorithmOid( - string algorithmName) + internal static DerObjectIdentifier GetAlgorithmOid(string algorithmName) { - algorithmName = Platform.ToUpperInvariant(algorithmName); - - if (algorithms.Contains(algorithmName)) - { - return (DerObjectIdentifier) algorithms[algorithmName]; - } + if (m_algorithms.TryGetValue(algorithmName, out var oid)) + return oid; return new DerObjectIdentifier(algorithmName); } - internal static AlgorithmIdentifier GetSigAlgID( - DerObjectIdentifier sigOid, - string algorithmName) + internal static AlgorithmIdentifier GetSigAlgID(DerObjectIdentifier sigOid, string algorithmName) { - if (noParams.Contains(sigOid)) - { + if (m_noParams.Contains(sigOid)) return new AlgorithmIdentifier(sigOid); - } - - algorithmName = Platform.ToUpperInvariant(algorithmName); - if (exParams.Contains(algorithmName)) - { - return new AlgorithmIdentifier(sigOid, (Asn1Encodable) exParams[algorithmName]); - } + if (m_exParams.TryGetValue(algorithmName, out var explicitParameters)) + return new AlgorithmIdentifier(sigOid, explicitParameters); return new AlgorithmIdentifier(sigOid, DerNull.Instance); } - internal static IEnumerable GetAlgNames() - { - return new EnumerableProxy(algorithms.Keys); - } - - internal static byte[] GetSignatureForObject( - DerObjectIdentifier sigOid, // TODO Redundant now? - string sigName, - AsymmetricKeyParameter privateKey, - SecureRandom random, - Asn1Encodable ae) + internal static IEnumerable<string> GetAlgNames() { - if (sigOid == null) - throw new ArgumentNullException("sigOid"); - - ISigner sig = SignerUtilities.GetSigner(sigName); - - if (random != null) - { - sig.Init(true, new ParametersWithRandom(privateKey, random)); - } - else - { - sig.Init(true, privateKey); - } - - byte[] encoded = ae.GetDerEncoded(); - sig.BlockUpdate(encoded, 0, encoded.Length); - - return sig.GenerateSignature(); + return CollectionUtilities.Proxy(m_algorithms.Keys); } } } diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs index 47e58ddb5..7930ab23b 100644 --- a/crypto/src/x509/X509V3CertificateGenerator.cs +++ b/crypto/src/x509/X509V3CertificateGenerator.cs @@ -1,12 +1,11 @@ using System; -using System.Collections; +using System.Collections.Generic; +using System.IO; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; using Org.BouncyCastle.Math; -using Org.BouncyCastle.Security; using Org.BouncyCastle.Security.Certificates; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.X509.Extension; @@ -226,11 +225,8 @@ namespace Org.BouncyCastle.X509 X509Certificate cert) { Asn1OctetString extValue = cert.GetExtensionValue(oid); - if (extValue == null) - { throw new CertificateParsingException("extension " + oid + " not present"); - } try { @@ -251,7 +247,9 @@ namespace Org.BouncyCastle.X509 /// <returns>An X509Certificate.</returns> public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory) { - tbsGen.SetSignature ((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails); + var sigAlgID = (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails; + + tbsGen.SetSignature(sigAlgID); if (!extGenerator.IsEmpty) { @@ -261,29 +259,20 @@ namespace Org.BouncyCastle.X509 TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator(); + using (Stream sigStream = streamCalculator.Stream) + { + tbsCert.EncodeTo(sigStream, Asn1Encodable.Der); + } - byte[] encoded = tbsCert.GetDerEncoded(); - - streamCalculator.Stream.Write(encoded, 0, encoded.Length); - - Platform.Dispose(streamCalculator.Stream); + var signature = ((IBlockResult)streamCalculator.GetResult()).Collect(); - return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()); - } - - private X509Certificate GenerateJcaObject( - TbsCertificateStructure tbsCert, - AlgorithmIdentifier sigAlg, - byte[] signature) - { - return new X509Certificate( - new X509CertificateStructure(tbsCert, sigAlg, new DerBitString(signature))); + return new X509Certificate(new X509CertificateStructure(tbsCert, sigAlgID, new DerBitString(signature))); } /// <summary> /// Allows enumeration of the signature names supported by the generator. /// </summary> - public IEnumerable SignatureAlgNames + public IEnumerable<string> SignatureAlgNames { get { return X509Utilities.GetAlgNames(); } } diff --git a/crypto/src/x509/store/X509CertStoreSelector.cs b/crypto/src/x509/store/X509CertStoreSelector.cs index b351f1cf3..197e8f26d 100644 --- a/crypto/src/x509/store/X509CertStoreSelector.cs +++ b/crypto/src/x509/store/X509CertStoreSelector.cs @@ -192,7 +192,7 @@ namespace Org.BouncyCastle.X509.Store if (extendedKeyUsage != null) { - IList eku = c.GetExtendedKeyUsage(); + var eku = c.GetExtendedKeyUsage(); // Note: if no extended key usage set, all key purposes are implicitly allowed @@ -200,7 +200,7 @@ namespace Org.BouncyCastle.X509.Store { foreach (DerObjectIdentifier oid in extendedKeyUsage) { - if (!eku.Contains(oid.Id)) + if (!eku.Contains(oid)) return false; } } |