From 3d578b981aad94eaee07fa444dd11f9323026e94 Mon Sep 17 00:00:00 2001 From: MW Date: Thu, 17 Jan 2019 16:16:20 +1100 Subject: CMS ArchiveControl --- crypto/src/crmf/CertificateRequestMessage.cs | 4 +- .../src/crmf/CertificateRequestMessageBuilder.cs | 9 +++- crypto/src/crmf/PKIArchiveControlBuilder.cs | 61 ++++++++++++++++++++++ 3 files changed, 71 insertions(+), 3 deletions(-) create mode 100644 crypto/src/crmf/PKIArchiveControlBuilder.cs (limited to 'crypto/src/crmf') diff --git a/crypto/src/crmf/CertificateRequestMessage.cs b/crypto/src/crmf/CertificateRequestMessage.cs index 087e8a933..5b5d37c9e 100644 --- a/crypto/src/crmf/CertificateRequestMessage.cs +++ b/crypto/src/crmf/CertificateRequestMessage.cs @@ -211,8 +211,8 @@ namespace Org.BouncyCastle.Crmf calculator.Stream.Write(b,0,b.Length); } else - { - byte[] b = certReqMsg.GetDerEncoded(); + { + byte[] b = certReqMsg.CertReq.GetDerEncoded(); calculator.Stream.Write(b,0,b.Length); } diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs index 384f6a965..9c3cf954d 100644 --- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs +++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs @@ -95,6 +95,12 @@ namespace Org.BouncyCastle.Crmf return this; } + public CertificateRequestMessageBuilder AddControl(IControl control) + { + _controls.Add(control); + return this; + } + public CertificateRequestMessageBuilder SetProofOfPossessionSignKeySigner(ISignatureFactory popoSignatureFactory) { if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) @@ -102,7 +108,8 @@ namespace Org.BouncyCastle.Crmf throw new InvalidOperationException("only one proof of possession is allowed."); } - this._popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; + this._popSigner = popoSignatureFactory; + return this; } diff --git a/crypto/src/crmf/PKIArchiveControlBuilder.cs b/crypto/src/crmf/PKIArchiveControlBuilder.cs new file mode 100644 index 000000000..f43ecd4ec --- /dev/null +++ b/crypto/src/crmf/PKIArchiveControlBuilder.cs @@ -0,0 +1,61 @@ +using System; +using System.IO; +using Org.BouncyCastle.Asn1.Cms; +using Org.BouncyCastle.Asn1.Crmf; +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cms; +using Org.BouncyCastle.Crypto; + +namespace Org.BouncyCastle.Crmf +{ + public class PKIArchiveControlBuilder + { + private CmsEnvelopedDataGenerator envGen; + private CmsProcessableByteArray keyContent; + + /// + ///Basic constructor - specify the contents of the PKIArchiveControl structure. + /// + /// the private key to be archived. + /// the general name to be associated with the private key. + /// + public PKIArchiveControlBuilder(PrivateKeyInfo privateKeyInfo, GeneralName generalName) + { + EncKeyWithID encKeyWithID = new EncKeyWithID(privateKeyInfo, generalName); + + try + { + this.keyContent = new CmsProcessableByteArray(CrmfObjectIdentifiers.id_ct_encKeyWithID, encKeyWithID.GetEncoded()); + } + catch (IOException e) + { + throw new InvalidOperationException("unable to encode key and general name info"); + } + + this.envGen = new CmsEnvelopedDataGenerator(); + } + + + + + ///Add a recipient generator to this control. + /// recipient generator created for a specific recipient. + ///this builder object. + public PKIArchiveControlBuilder AddRecipientGenerator(RecipientInfoGenerator recipientGen) + { + envGen.AddRecipientInfoGenerator(recipientGen); + return this; + } + + /// Build the PKIArchiveControl using the passed in encryptor to encrypt its contents. + /// a suitable content encryptor. + /// a PKIArchiveControl object. + public PkiArchiveControl Build(ICipherBuilderWithKey contentEncryptor) + { + CmsEnvelopedData envContent = envGen.Generate(keyContent, contentEncryptor); + EnvelopedData envD = EnvelopedData.GetInstance(envContent.ContentInfo.Content); + return new PkiArchiveControl(new PkiArchiveOptions(new EncryptedKey(envD))); + } +} +} \ No newline at end of file -- cgit 1.5.1