From d6445420cd7973a3eee7fb2be7ad6c97592e7a52 Mon Sep 17 00:00:00 2001 From: royb Date: Tue, 6 Jun 2023 13:25:55 -0400 Subject: Added SetReverseCertificates to PKCS12Builder and changed PKCS12 encoding --- crypto/src/pkcs/PKCS12StoreBuilder.cs | 10 ++++- crypto/src/pkcs/Pkcs12Store.cs | 71 ++++++++++++++++++++++++----------- 2 files changed, 58 insertions(+), 23 deletions(-) diff --git a/crypto/src/pkcs/PKCS12StoreBuilder.cs b/crypto/src/pkcs/PKCS12StoreBuilder.cs index 404439fb2..63d7fb56a 100644 --- a/crypto/src/pkcs/PKCS12StoreBuilder.cs +++ b/crypto/src/pkcs/PKCS12StoreBuilder.cs @@ -11,16 +11,22 @@ namespace Org.BouncyCastle.Pkcs private DerObjectIdentifier certAlgorithm = PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc; private DerObjectIdentifier keyPrfAlgorithm = null; private bool useDerEncoding = false; + private bool reverseCertificate = false; public Pkcs12StoreBuilder() { } - public Pkcs12Store Build(bool isReverse = false) + public Pkcs12Store Build() { - return new Pkcs12Store(keyAlgorithm, keyPrfAlgorithm, certAlgorithm, useDerEncoding, isReverse); + return new Pkcs12Store(keyAlgorithm, keyPrfAlgorithm, certAlgorithm, useDerEncoding, reverseCertificate); } + public Pkcs12StoreBuilder SetReverseCertificates(bool reverseCertificate) + { + this.reverseCertificate = reverseCertificate; + return this; + } public Pkcs12StoreBuilder SetCertAlgorithm(DerObjectIdentifier certAlgorithm) { diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs index b0cfbd3fb..26b94deb9 100644 --- a/crypto/src/pkcs/Pkcs12Store.cs +++ b/crypto/src/pkcs/Pkcs12Store.cs @@ -29,6 +29,12 @@ namespace Org.BouncyCastle.Pkcs new Dictionary(); private readonly Dictionary m_keyCerts = new Dictionary(); + private readonly List m_keysOrder = + new List(); + private readonly List m_certsOrder = + new List(); + private readonly List m_chainCertOrder = + new List(); private readonly DerObjectIdentifier keyAlgorithm; private readonly DerObjectIdentifier keyPrfAlgorithm; private readonly DerObjectIdentifier certAlgorithm; @@ -126,6 +132,7 @@ namespace Org.BouncyCastle.Pkcs alias = ((DerBmpString)attr).GetString(); // TODO Do these in a separate loop, just collect aliases here m_keys[alias] = keyEntry; + m_keysOrder.Add(alias); } else if (aOid.Equals(PkcsObjectIdentifiers.Pkcs9AtLocalKeyID)) { @@ -142,6 +149,7 @@ namespace Org.BouncyCastle.Pkcs if (alias == null) { m_keys[name] = keyEntry; + m_keysOrder.Add(name); } else { @@ -218,6 +226,7 @@ namespace Org.BouncyCastle.Pkcs } m_keys.Clear(); + m_keysOrder.Clear(); m_localIds.Clear(); unmarkedKeyEntry = null; @@ -285,11 +294,9 @@ namespace Org.BouncyCastle.Pkcs m_certs.Clear(); m_chainCerts.Clear(); m_keyCerts.Clear(); - // m_certOrder.Clear(); - if (isReverse) - { - certBags.Reverse(); - } + m_certsOrder.Clear(); + m_chainCertOrder.Clear(); + foreach (SafeBag b in certBags) { CertBag certBag = CertBag.GetInstance(b.BagValue); @@ -354,6 +361,7 @@ namespace Org.BouncyCastle.Pkcs X509CertificateEntry certEntry = new X509CertificateEntry(cert, attributes); m_chainCerts[certID] = certEntry; + m_chainCertOrder.Add(certID); // m_certOrder.Add(certID); if (unmarkedKeyEntry != null) @@ -383,6 +391,7 @@ namespace Org.BouncyCastle.Pkcs { // TODO There may have been more than one alias m_certs[alias] = certEntry; + m_certsOrder.Add(alias); } } } @@ -575,14 +584,17 @@ namespace Org.BouncyCastle.Pkcs } m_keys[alias] = keyEntry; + m_keysOrder.Add(alias); if (chain.Length > 0) { m_certs[alias] = chain[0]; - + m_certsOrder.Add(alias); foreach (var certificateEntry in chain) { - m_chainCerts[new CertID(certificateEntry)] = certificateEntry; + CertID certId = new CertID(certificateEntry); + m_chainCerts[certId] = certificateEntry; + m_chainCertOrder.Add(certId); } } } @@ -595,18 +607,20 @@ namespace Org.BouncyCastle.Pkcs if (CollectionUtilities.Remove(m_certs, alias, out var certEntry)) { CertID certId = new CertID(certEntry); - // m_certOrder.Remove(certId); m_chainCerts.Remove(certId); + m_chainCertOrder.Remove(certId); + m_certsOrder.Remove(alias); } if (m_keys.Remove(alias)) { + m_keys.Remove(alias); if (CollectionUtilities.Remove(m_localIds, alias, out var id)) { if (CollectionUtilities.Remove(m_keyCerts, id, out var keyCertEntry)) { CertID certId = new CertID(certEntry); - // m_certOrder.Remove(certId); + m_chainCertOrder.Remove(certId); m_chainCerts.Remove(certId); } } @@ -653,10 +667,12 @@ namespace Org.BouncyCastle.Pkcs // handle the keys // Asn1EncodableVector keyBags = new Asn1EncodableVector(m_keys.Count); - foreach (var keyEntry in m_keys) + for (uint i = isReverse ? (uint)m_keysOrder.Count-1 : 0; + i < m_keysOrder.Count; + i = isReverse ? i-1 : i+1) { - var name = keyEntry.Key; - var privKey = keyEntry.Value; + var name = m_keysOrder[(int)i]; + var privKey = m_keys[name]; byte[] kSalt = new byte[SaltSize]; random.NextBytes(kSalt); @@ -740,8 +756,11 @@ namespace Org.BouncyCastle.Pkcs AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.ToAsn1Object()); var doneCerts = new HashSet(); - foreach (string name in m_keys.Keys) + for (uint i = isReverse ? (uint)m_keysOrder.Count-1 : 0; + i < m_keysOrder.Count; + i = isReverse ? i-1 : i+1) { + String name = m_keysOrder[(int)i]; X509CertificateEntry certEntry = GetCertificate(name); CertBag cBag = new CertBag( PkcsObjectIdentifiers.X509Certificate, @@ -788,11 +807,16 @@ namespace Org.BouncyCastle.Pkcs doneCerts.Add(certEntry.Certificate); } - - foreach (var certEntry in m_certs) + + // foreach (var certEntry in m_certs) + for (uint j = isReverse ? (uint)m_certsOrder.Count-1 : 0; + j < m_certsOrder.Count; + j = isReverse ? j-1 : j+1) { - var certId = certEntry.Key; - var cert = certEntry.Value; + var certId = m_certsOrder[(int)j]; + var cert = m_certs[certId]; + // var certId = certEntry.Key; + // var cert = certEntry.Value; if (m_keys.ContainsKey(certId)) continue; @@ -864,11 +888,16 @@ namespace Org.BouncyCastle.Pkcs doneCerts.Add(cert.Certificate); } - - foreach (var chainCertEntry in m_chainCerts) + + // foreach (var chainCertEntry in m_chainCerts) + for (uint i = isReverse ? (uint)m_chainCertOrder.Count-1 : 0; + i < m_chainCertOrder.Count; + i = isReverse ? i-1 : i+1) { - var certId = chainCertEntry.Key; - var cert = chainCertEntry.Value; + var certId = m_chainCertOrder[(int)i]; + var cert = m_chainCerts[certId]; + // var certId = chainCertEntry.Key; + // var cert = chainCertEntry.Value; if (doneCerts.Contains(cert.Certificate)) continue; -- cgit 1.4.1