From a723aca1e07f57af70d7596a4fe3961045cdb0d9 Mon Sep 17 00:00:00 2001 From: David Hook Date: Mon, 14 Jan 2019 18:10:49 +1100 Subject: packaging fix --- .../src/asn1/cmp/CertificateConfirmationContent.cs | 44 ---- .../cmp/CertificateConfirmationContentBuilder.cs | 71 ------ crypto/src/asn1/cmp/CertificateStatus.cs | 54 ----- crypto/src/asn1/cmp/CmpException.cs | 26 -- crypto/src/asn1/crmf/AuthenticatorControl.cs | 33 --- crypto/src/asn1/crmf/CertificateRequestMessage.cs | 182 -------------- .../asn1/crmf/CertificateRequestMessageBuilder.cs | 261 --------------------- crypto/src/asn1/crmf/Controls.cs | 63 ----- crypto/src/asn1/crmf/CrmfException.cs | 26 -- crypto/src/asn1/crmf/PkiArchiveControl.cs | 68 ------ crypto/src/asn1/crmf/RegTokenControl.cs | 32 --- crypto/src/cmp/CertificateConfirmationContent.cs | 45 ++++ .../cmp/CertificateConfirmationContentBuilder.cs | 73 ++++++ crypto/src/cmp/CertificateStatus.cs | 55 +++++ crypto/src/cmp/CmpException.cs | 26 ++ crypto/src/crmf/AuthenticatorControl.cs | 36 +++ crypto/src/crmf/CertificateRequestMessage.cs | 184 +++++++++++++++ .../src/crmf/CertificateRequestMessageBuilder.cs | 261 +++++++++++++++++++++ crypto/src/crmf/CrmfException.cs | 26 ++ crypto/src/crmf/IControl.cs | 63 +++++ crypto/src/crmf/PkiArchiveControl.cs | 70 ++++++ crypto/src/crmf/RegTokenControl.cs | 36 +++ 22 files changed, 875 insertions(+), 860 deletions(-) delete mode 100644 crypto/src/asn1/cmp/CertificateConfirmationContent.cs delete mode 100644 crypto/src/asn1/cmp/CertificateConfirmationContentBuilder.cs delete mode 100644 crypto/src/asn1/cmp/CertificateStatus.cs delete mode 100644 crypto/src/asn1/cmp/CmpException.cs delete mode 100644 crypto/src/asn1/crmf/AuthenticatorControl.cs delete mode 100644 crypto/src/asn1/crmf/CertificateRequestMessage.cs delete mode 100644 crypto/src/asn1/crmf/CertificateRequestMessageBuilder.cs delete mode 100644 crypto/src/asn1/crmf/Controls.cs delete mode 100644 crypto/src/asn1/crmf/CrmfException.cs delete mode 100644 crypto/src/asn1/crmf/PkiArchiveControl.cs delete mode 100644 crypto/src/asn1/crmf/RegTokenControl.cs create mode 100644 crypto/src/cmp/CertificateConfirmationContent.cs create mode 100644 crypto/src/cmp/CertificateConfirmationContentBuilder.cs create mode 100644 crypto/src/cmp/CertificateStatus.cs create mode 100644 crypto/src/cmp/CmpException.cs create mode 100644 crypto/src/crmf/AuthenticatorControl.cs create mode 100644 crypto/src/crmf/CertificateRequestMessage.cs create mode 100644 crypto/src/crmf/CertificateRequestMessageBuilder.cs create mode 100644 crypto/src/crmf/CrmfException.cs create mode 100644 crypto/src/crmf/IControl.cs create mode 100644 crypto/src/crmf/PkiArchiveControl.cs create mode 100644 crypto/src/crmf/RegTokenControl.cs (limited to 'crypto') diff --git a/crypto/src/asn1/cmp/CertificateConfirmationContent.cs b/crypto/src/asn1/cmp/CertificateConfirmationContent.cs deleted file mode 100644 index 9f2f3e038..000000000 --- a/crypto/src/asn1/cmp/CertificateConfirmationContent.cs +++ /dev/null @@ -1,44 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Text; -using Org.BouncyCastle.Cms; - - -namespace Org.BouncyCastle.Asn1.Cmp -{ - public class CertificateConfirmationContent - { - private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private CertConfirmContent content; - - - public CertificateConfirmationContent(CertConfirmContent content) - { - this.content = content; - } - - public CertificateConfirmationContent(CertConfirmContent content, - DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) - { - this.content = content; - this.digestAlgFinder = digestAlgFinder; - } - - public CertConfirmContent ToAsn1Structure() - { - return content; - } - - public CertificateStatus[] GetStatusMessages() - { - CertStatus[] statusArray = content.ToCertStatusArray(); - CertificateStatus[] ret = new CertificateStatus[statusArray.Length]; - for (int i = 0; i != ret.Length; i++) - { - ret[i] = new CertificateStatus(digestAlgFinder, statusArray[i]); - } - - return ret; - } - } -} diff --git a/crypto/src/asn1/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/asn1/cmp/CertificateConfirmationContentBuilder.cs deleted file mode 100644 index b8c306f81..000000000 --- a/crypto/src/asn1/cmp/CertificateConfirmationContentBuilder.cs +++ /dev/null @@ -1,71 +0,0 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.Text; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cms; -using Org.BouncyCastle.Crypto.IO; -using Org.BouncyCastle.Math; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.X509; - -namespace Org.BouncyCastle.Asn1.Cmp -{ - public class CertificateConfirmationContentBuilder - { - DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private ArrayList acceptedCerts = new ArrayList(); - private ArrayList acceptedReqIds = new ArrayList(); - - public CertificateConfirmationContentBuilder() : this(new DefaultDigestAlgorithmIdentifierFinder()) - { - - } - - public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) - { - this.digestAlgFinder = digestAlgFinder; - } - - public CertificateConfirmationContentBuilder AddAcceptedCertificate(X509Certificate certHolder, - BigInteger certReqId) - { - acceptedCerts.Add(certHolder); - acceptedReqIds.Add(certReqId); - return this; - } - - public CertificateConfirmationContent Build() - { - Asn1EncodableVector v = new Asn1EncodableVector(); - for (int i = 0; i != acceptedCerts.Count; i++) - { - X509Certificate cert = (X509Certificate) acceptedCerts[i]; - BigInteger reqId = (BigInteger) acceptedReqIds[i]; - - - - AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName); - - AlgorithmIdentifier digAlg = digestAlgFinder.find(algorithmIdentifier); - if (digAlg == null) - { - throw new CmpException("cannot find algorithm for digest from signature"); - } - - DigestSink sink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm)); - - sink.Write(cert.GetEncoded()); - - byte[] dig = new byte[sink.Digest.GetDigestSize()]; - sink.Digest.DoFinal(dig, 0); - - v.Add(new CertStatus(dig,reqId)); - } - - return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)), - digestAlgFinder); - } - } -} diff --git a/crypto/src/asn1/cmp/CertificateStatus.cs b/crypto/src/asn1/cmp/CertificateStatus.cs deleted file mode 100644 index d16c8e006..000000000 --- a/crypto/src/asn1/cmp/CertificateStatus.cs +++ /dev/null @@ -1,54 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Text; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cms; -using Org.BouncyCastle.Crypto.IO; -using Org.BouncyCastle.Math; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.X509; - -namespace Org.BouncyCastle.Asn1.Cmp -{ - public class CertificateStatus - { - private DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); - private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; - private CertStatus certStatus; - - public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus) - { - this.digestAlgFinder = digestAlgFinder; - this.certStatus = certStatus; - } - - public PkiStatusInfo PkiStatusInfo - { - get { return certStatus.StatusInfo; } - } - - public BigInteger CertRequestId - { - get { return certStatus.CertReqID.Value; } - } - - public bool IsVerified(X509Certificate cert) - { - - AlgorithmIdentifier digAlg = digestAlgFinder.find( sigAlgFinder.Find(cert.SigAlgName)); - if (digAlg == null) - { - throw new CmpException("cannot find algorithm for digest from signature "+cert.SigAlgName); - } - - DigestSink digestSink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm)); - - digestSink.Write(cert.GetEncoded()); - - byte[] digest = new byte[digestSink.Digest.GetDigestSize()]; - digestSink.Digest.DoFinal(digest, 0); - return Arrays.ConstantTimeAreEqual(certStatus.CertHash.GetOctets(), digest); - } - } -} diff --git a/crypto/src/asn1/cmp/CmpException.cs b/crypto/src/asn1/cmp/CmpException.cs deleted file mode 100644 index 0500b7d3e..000000000 --- a/crypto/src/asn1/cmp/CmpException.cs +++ /dev/null @@ -1,26 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Runtime.Serialization; -using System.Text; - -namespace Org.BouncyCastle.Asn1.Cmp -{ - public class CmpException : Exception - { - public CmpException() - { - } - - public CmpException(string message) : base(message) - { - } - - public CmpException(string message, Exception innerException) : base(message, innerException) - { - } - - protected CmpException(SerializationInfo info, StreamingContext context) : base(info, context) - { - } - } -} diff --git a/crypto/src/asn1/crmf/AuthenticatorControl.cs b/crypto/src/asn1/crmf/AuthenticatorControl.cs deleted file mode 100644 index 060088b1f..000000000 --- a/crypto/src/asn1/crmf/AuthenticatorControl.cs +++ /dev/null @@ -1,33 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Text; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - public class AuthenticatorControl:IControl - { - - private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_authenticator; - - private readonly DerUtf8String token; - - public AuthenticatorControl(DerUtf8String token) - { - this.token = token; - } - - public AuthenticatorControl(String token) - { - this.token = new DerUtf8String(token); - } - - public DerObjectIdentifier Type - { - get { return type; } - } - - public Asn1Encodable Value { - get { return token; } - } - } -} diff --git a/crypto/src/asn1/crmf/CertificateRequestMessage.cs b/crypto/src/asn1/crmf/CertificateRequestMessage.cs deleted file mode 100644 index b80c2a3fd..000000000 --- a/crypto/src/asn1/crmf/CertificateRequestMessage.cs +++ /dev/null @@ -1,182 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Runtime.InteropServices; -using System.Text; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - public class CertificateRequestMessage - { - public static readonly int popRaVerified = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_RA_VERIFIED; - public static readonly int popSigningKey = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_SIGNING_KEY; - public static readonly int popKeyEncipherment = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_KEY_ENCIPHERMENT; - public static readonly int popKeyAgreement = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_KEY_AGREEMENT; - - private readonly CertReqMsg certReqMsg; - private readonly Controls controls; - - private static CertReqMsg ParseBytes(byte[] encoding) - - { - return CertReqMsg.GetInstance(encoding); - } - - public CertificateRequestMessage(CertReqMsg certReqMsg) - { - this.certReqMsg = certReqMsg; - this.controls = certReqMsg.CertReq.Controls; - } - - public CertReqMsg ToAsn1Structure() - { - return certReqMsg; - } - - public CertTemplate GetCertTemplate() - { - return this.certReqMsg.CertReq.CertTemplate; - } - - public bool HasControls - { - get { return controls != null; } - } - - - public bool HasControl(DerObjectIdentifier objectIdentifier) - { - return findControl(objectIdentifier) != null; - } - - public IControl GetControl(DerObjectIdentifier type) - { - AttributeTypeAndValue found = findControl(type); - if (found != null) - { - if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions)) - { - return new PkiArchiveControl(PkiArchiveOptions.GetInstance(found.Value)); - } - - if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_regToken)) - { - return new RegTokenControl(DerUtf8String.GetInstance(found.Value)); - } - - if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_authenticator)) - { - return new AuthenticatorControl(DerUtf8String.GetInstance(found.Value)); - } - } - return null; - } - - - - - public AttributeTypeAndValue findControl(DerObjectIdentifier type) - { - if (controls == null) - { - return null; - } - - AttributeTypeAndValue[] tAndV = controls.ToAttributeTypeAndValueArray(); - AttributeTypeAndValue found = null; - - for (int i = 0; i < tAndV.Length; i++) - { - if (tAndV[i].Type.Equals(type)) - { - found = tAndV[i]; - break; - } - } - - return found; - } - - public bool HasProofOfPossession - { - get { return certReqMsg.Popo != null; } - } - - public int ProofOfPossession - { - get { return certReqMsg.Popo.Type; } - } - - public bool HasSigningKeyProofOfPossessionWithPkMac - { - get - { - ProofOfPossession pop = certReqMsg.Popo; - - if (pop.Type == popSigningKey) - { - PopoSigningKey popoSign = PopoSigningKey.GetInstance(pop.Object); - - return popoSign.PoposkInput.PublicKeyMac != null; - } - - return false; - - } - } - - public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider) - { - ProofOfPossession pop = certReqMsg.Popo; - if (pop.Type == popSigningKey) - { - PopoSigningKey popoSign = PopoSigningKey.GetInstance(pop.Object); - if (popoSign.PoposkInput != null && popoSign.PoposkInput.PublicKeyMac != null) - { - throw new InvalidOperationException("verification requires password check"); - } - return verifySignature(verifierProvider, popoSign); - } - - throw new InvalidOperationException("not Signing Key type of proof of possession"); - } - - - - private bool verifySignature(IVerifierFactoryProvider verifierFactoryProvider, PopoSigningKey signKey) - { - IVerifierFactory verifer; - IStreamCalculator calculator; - try - { - verifer = verifierFactoryProvider.CreateVerifierFactory(signKey.AlgorithmIdentifier); - calculator = verifer.CreateCalculator(); - } - catch (Exception ex) - { - throw new CrmfException("unable to create verifier: "+ex.Message, ex); - } - - if (signKey.PoposkInput != null) - { - byte[] b = signKey.GetDerEncoded(); - calculator.Stream.Write(b,0,b.Length); - } - else - { - byte[] b = certReqMsg.GetDerEncoded(); - calculator.Stream.Write(b,0,b.Length); - } - - DefaultVerifierResult result = (DefaultVerifierResult) calculator.GetResult(); - - return result.IsVerified(signKey.Signature.GetBytes()); - } - - public byte[] GetEncoded() - { - return certReqMsg.GetEncoded(); - } - } -} diff --git a/crypto/src/asn1/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/asn1/crmf/CertificateRequestMessageBuilder.cs deleted file mode 100644 index df604f4f5..000000000 --- a/crypto/src/asn1/crmf/CertificateRequestMessageBuilder.cs +++ /dev/null @@ -1,261 +0,0 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.Security.Cryptography.X509Certificates; -using System.Text; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Math; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - public class CertificateRequestMessageBuilder - { - private readonly BigInteger _certReqId; - private X509ExtensionsGenerator _extGenerator; - private CertTemplateBuilder _templateBuilder; - private ArrayList _controls= new ArrayList(); - private ISignatureFactory _popSigner; - private PkMacFactory _pkMacBuilder; - private char[] _password; - private GeneralName _sender; - private int _popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; - private PopoPrivKey _popoPrivKey; - private Asn1Null _popRaVerified; - private PKMacValue _agreeMac; - - public CertificateRequestMessageBuilder(BigInteger certReqId) - { - this._certReqId = certReqId; - this._extGenerator = new X509ExtensionsGenerator(); - this._templateBuilder = new CertTemplateBuilder(); - } - - public CertificateRequestMessageBuilder SetPublicKey(SubjectPublicKeyInfo publicKeyInfo) - { - if (publicKeyInfo != null) - { - _templateBuilder.SetPublicKey(publicKeyInfo); - } - - return this; - } - - - public CertificateRequestMessageBuilder SetIssuer(X509Name issuer) - { - if (issuer != null) - { - _templateBuilder.SetIssuer(issuer); - } - - return this; - } - - public CertificateRequestMessageBuilder SetSubject(X509Name subject) - { - if (subject != null) - { - _templateBuilder.SetSubject(subject); - } - - return this; - } - - public CertificateRequestMessageBuilder SetSerialNumber(BigInteger serialNumber) - { - if (serialNumber != null) - { - _templateBuilder.SetSerialNumber(new DerInteger(serialNumber)); - } - - return this; - } - - public CertificateRequestMessageBuilder SetValidity(Time notBefore, Time notAfter) - { - _templateBuilder.SetValidity(new OptionalValidity(notBefore, notAfter)); - return this; - } - - public CertificateRequestMessageBuilder AddExtension(DerObjectIdentifier oid, bool critical, - Asn1Encodable value) - { - _extGenerator.AddExtension(oid,critical, value); - return this; - } - - public CertificateRequestMessageBuilder AddExtension(DerObjectIdentifier oid, bool critical, - byte[] value) - { - _extGenerator.AddExtension(oid, critical, value); - return this; - } - - public CertificateRequestMessageBuilder SetProofOfPossessionSignKeySigner(ISignatureFactory popoSignatureFactory) - { - if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) - { - throw new InvalidOperationException("only one proof of possession is allowed."); - } - - this._popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; - return this; - } - - public CertificateRequestMessageBuilder SetProofOfPossessionSubsequentMessage(SubsequentMessage msg) - { - if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) - { - throw new InvalidOperationException("only one proof of possession is allowed."); - } - - this._popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; - this._popoPrivKey = new PopoPrivKey(msg); - - - return this; - } - - - public CertificateRequestMessageBuilder SetProofOfPossessionSubsequentMessage(int type, SubsequentMessage msg) - { - if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) - { - throw new InvalidOperationException("only one proof of possession is allowed."); - } - - if (type != ProofOfPossession.TYPE_KEY_ENCIPHERMENT && type != ProofOfPossession.TYPE_KEY_AGREEMENT) - { - throw new ArgumentException("type must be ProofOfPossession.TYPE_KEY_ENCIPHERMENT || ProofOfPossession.TYPE_KEY_AGREEMENT"); - } - - this._popoType = type; - this._popoPrivKey = new PopoPrivKey(msg); - return this; - } - - public CertificateRequestMessageBuilder SetProofOfPossessionAgreeMac(PKMacValue macValue) - { - if (_popSigner != null || _popRaVerified != null || _popoPrivKey != null) - { - throw new InvalidOperationException("only one proof of possession allowed"); - } - - this._agreeMac = macValue; - return this; - } - - public CertificateRequestMessageBuilder SetProofOfPossessionRaVerified() - { - if (_popSigner != null || _popoPrivKey != null) - { - throw new InvalidOperationException("only one proof of possession allowed"); - } - - this._popRaVerified = DerNull.Instance; - - return this; - } - - public CertificateRequestMessageBuilder SetAuthInfoPKMAC(PkMacFactory pkmacFactory, char[] password) - { - this._pkMacBuilder = pkmacFactory; - this._password = password; - - return this; - } - - public CertificateRequestMessageBuilder SetAuthInfoSender(X509Name sender) - { - return SetAuthInfoSender(new GeneralName(sender)); - } - - public CertificateRequestMessageBuilder SetAuthInfoSender(GeneralName sender) - { - this._sender = sender; - return this; - } - - public CertificateRequestMessage Build() - { - Asn1EncodableVector v = new Asn1EncodableVector(); - - v.Add(new DerInteger(this._certReqId)); - - if (!this._extGenerator.IsEmpty) - { - this._templateBuilder.SetExtensions(_extGenerator.Generate()); - } - - v.Add(_templateBuilder.Build()); - - if (_controls.Count>0) - { - Asn1EncodableVector controlV = new Asn1EncodableVector(); - - foreach (Object item in _controls) - { - IControl control = (IControl) item; - controlV.Add(new AttributeTypeAndValue(control.Type, control.Value)); - } - - v.Add(new DerSequence(controlV)); - } - - CertRequest request = CertRequest.GetInstance(new DerSequence(v)); - - v = new Asn1EncodableVector(); - - v.Add(request); - - if (_popSigner != null) - { - CertTemplate template = request.CertTemplate; - - if (template.Subject == null || template.PublicKey == null) - { - SubjectPublicKeyInfo pubKeyInfo = request.CertTemplate.PublicKey; - - ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo); - - if (_sender != null) - { - builder.setSender(_sender); - } - else - { - // PkMa pkmacGenerator = new PKMACValueGenerator(_pkmacBuilder); - - builder.setPublicKeyMac(_pkMacBuilder, _password); - } - - v.Add(new ProofOfPossession(builder.build(_popSigner))); - } - else - { - ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(request); - - v.Add(new ProofOfPossession(builder.build(_popSigner))); - } - } - else if (_popoPrivKey != null) - { - v.Add(new ProofOfPossession(_popoType, _popoPrivKey)); - } - else if (_agreeMac != null) - { - v.Add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_AGREEMENT, - PopoPrivKey.GetInstance(new DerTaggedObject(false, PopoPrivKey.agreeMAC, _agreeMac),true ))); - - } - else if (_popRaVerified != null) - { - v.Add(new ProofOfPossession()); - } - - return new CertificateRequestMessage(CertReqMsg.GetInstance(new DerSequence(v))); - } - } -} diff --git a/crypto/src/asn1/crmf/Controls.cs b/crypto/src/asn1/crmf/Controls.cs deleted file mode 100644 index 8f986168c..000000000 --- a/crypto/src/asn1/crmf/Controls.cs +++ /dev/null @@ -1,63 +0,0 @@ -using System; - -using Org.BouncyCastle.Utilities; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - - public interface IControl - { - DerObjectIdentifier Type { get; } - - Asn1Encodable Value { get; } - } - - - public class Controls - : Asn1Encodable - { - private readonly Asn1Sequence content; - - private Controls(Asn1Sequence seq) - { - content = seq; - } - - public static Controls GetInstance(object obj) - { - if (obj is Controls) - return (Controls)obj; - - if (obj is Asn1Sequence) - return new Controls((Asn1Sequence)obj); - - throw new ArgumentException("Invalid object: " + Platform.GetTypeName(obj), "obj"); - } - - public Controls(params AttributeTypeAndValue[] atvs) - { - content = new DerSequence(atvs); - } - - public virtual AttributeTypeAndValue[] ToAttributeTypeAndValueArray() - { - AttributeTypeAndValue[] result = new AttributeTypeAndValue[content.Count]; - for (int i = 0; i != result.Length; ++i) - { - result[i] = AttributeTypeAndValue.GetInstance(content[i]); - } - return result; - } - - /** - * 
-         * Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
-         *
- * @return a basic ASN.1 object representation. - */ - public override Asn1Object ToAsn1Object() - { - return content; - } - } -} diff --git a/crypto/src/asn1/crmf/CrmfException.cs b/crypto/src/asn1/crmf/CrmfException.cs deleted file mode 100644 index 7043ccd73..000000000 --- a/crypto/src/asn1/crmf/CrmfException.cs +++ /dev/null @@ -1,26 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Runtime.Serialization; -using System.Text; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - public class CrmfException : Exception - { - public CrmfException() - { - } - - public CrmfException(string message) : base(message) - { - } - - public CrmfException(string message, Exception innerException) : base(message, innerException) - { - } - - protected CrmfException(SerializationInfo info, StreamingContext context) : base(info, context) - { - } - } -} diff --git a/crypto/src/asn1/crmf/PkiArchiveControl.cs b/crypto/src/asn1/crmf/PkiArchiveControl.cs deleted file mode 100644 index 0290fdfe6..000000000 --- a/crypto/src/asn1/crmf/PkiArchiveControl.cs +++ /dev/null @@ -1,68 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Text; -using Org.BouncyCastle.Asn1.Cms; -using Org.BouncyCastle.Cms; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - public class PkiArchiveControl:IControl - { - public static readonly int encryptedPrivKey = PkiArchiveOptions.encryptedPrivKey; - public static readonly int keyGenParameters = PkiArchiveOptions.keyGenParameters; - public static readonly int archiveRemGenPrivKey = PkiArchiveOptions.archiveRemGenPrivKey; - - private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions; - - private readonly PkiArchiveOptions pkiArchiveOptions; - - public PkiArchiveControl(PkiArchiveOptions pkiArchiveOptions) - { - this.pkiArchiveOptions = pkiArchiveOptions; - } - - public DerObjectIdentifier Type - { - get { return type; } - } - - public Asn1Encodable Value - { - get { return pkiArchiveOptions; } - } - - public int ArchiveType - { - get { return pkiArchiveOptions.Type; } - } - - public bool EnvelopedData - { - get - { - EncryptedKey encKey = EncryptedKey.GetInstance(pkiArchiveOptions.Value); - return !encKey.IsEncryptedValue; - } - } - - public CmsEnvelopedData GetEnvelopedData() - { - try - { - EncryptedKey encKey = EncryptedKey.GetInstance(pkiArchiveOptions.Value); - EnvelopedData data = Org.BouncyCastle.Asn1.Cms.EnvelopedData.GetInstance(encKey.Value); - - return new CmsEnvelopedData(new ContentInfo(CmsObjectIdentifiers.EnvelopedData, data)); - } - catch (CmsException e) - { - throw new CrmfException("CMS parsing error: " + e.Message, e); - } - catch (Exception e) - { - throw new CrmfException("CRMF parsing error: "+e.Message, e); - } - } - - } -} diff --git a/crypto/src/asn1/crmf/RegTokenControl.cs b/crypto/src/asn1/crmf/RegTokenControl.cs deleted file mode 100644 index 77bf32557..000000000 --- a/crypto/src/asn1/crmf/RegTokenControl.cs +++ /dev/null @@ -1,32 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Text; - -namespace Org.BouncyCastle.Asn1.Crmf -{ - public class RegTokenControl:IControl - { - private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_regToken; - - private readonly DerUtf8String token; - - public RegTokenControl(DerUtf8String token) - { - this.token = token; - } - - public RegTokenControl(String token) - { - this.token = new DerUtf8String(token); - } - - public DerObjectIdentifier Type - { - get { return type; } - } - public Asn1Encodable Value - { - get { return token; } - } - } -} diff --git a/crypto/src/cmp/CertificateConfirmationContent.cs b/crypto/src/cmp/CertificateConfirmationContent.cs new file mode 100644 index 000000000..882bd2091 --- /dev/null +++ b/crypto/src/cmp/CertificateConfirmationContent.cs @@ -0,0 +1,45 @@ +using System; +using System.Collections.Generic; +using System.Text; +using Org.BouncyCastle.Cms; +using Org.BouncyCastle.Asn1.Cmp; + + +namespace Org.BouncyCastle.Cmp +{ + public class CertificateConfirmationContent + { + private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; + private CertConfirmContent content; + + + public CertificateConfirmationContent(CertConfirmContent content) + { + this.content = content; + } + + public CertificateConfirmationContent(CertConfirmContent content, + DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + { + this.content = content; + this.digestAlgFinder = digestAlgFinder; + } + + public CertConfirmContent ToAsn1Structure() + { + return content; + } + + public CertificateStatus[] GetStatusMessages() + { + CertStatus[] statusArray = content.ToCertStatusArray(); + CertificateStatus[] ret = new CertificateStatus[statusArray.Length]; + for (int i = 0; i != ret.Length; i++) + { + ret[i] = new CertificateStatus(digestAlgFinder, statusArray[i]); + } + + return ret; + } + } +} diff --git a/crypto/src/cmp/CertificateConfirmationContentBuilder.cs b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs new file mode 100644 index 000000000..126484917 --- /dev/null +++ b/crypto/src/cmp/CertificateConfirmationContentBuilder.cs @@ -0,0 +1,73 @@ +using System; +using System.Collections; +using System.Collections.Generic; +using System.Text; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cms; +using Org.BouncyCastle.Crypto.IO; +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.X509; + +namespace Org.BouncyCastle.Cmp +{ + public class CertificateConfirmationContentBuilder + { + DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); + private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; + private ArrayList acceptedCerts = new ArrayList(); + private ArrayList acceptedReqIds = new ArrayList(); + + public CertificateConfirmationContentBuilder() : this(new DefaultDigestAlgorithmIdentifierFinder()) + { + + } + + public CertificateConfirmationContentBuilder(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder) + { + this.digestAlgFinder = digestAlgFinder; + } + + public CertificateConfirmationContentBuilder AddAcceptedCertificate(X509Certificate certHolder, + BigInteger certReqId) + { + acceptedCerts.Add(certHolder); + acceptedReqIds.Add(certReqId); + return this; + } + + public CertificateConfirmationContent Build() + { + Asn1EncodableVector v = new Asn1EncodableVector(); + for (int i = 0; i != acceptedCerts.Count; i++) + { + X509Certificate cert = (X509Certificate) acceptedCerts[i]; + BigInteger reqId = (BigInteger) acceptedReqIds[i]; + + + + AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName); + + AlgorithmIdentifier digAlg = digestAlgFinder.find(algorithmIdentifier); + if (digAlg == null) + { + throw new CmpException("cannot find algorithm for digest from signature"); + } + + DigestSink sink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm)); + + sink.Write(cert.GetEncoded()); + + byte[] dig = new byte[sink.Digest.GetDigestSize()]; + sink.Digest.DoFinal(dig, 0); + + v.Add(new CertStatus(dig,reqId)); + } + + return new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)), + digestAlgFinder); + } + } +} diff --git a/crypto/src/cmp/CertificateStatus.cs b/crypto/src/cmp/CertificateStatus.cs new file mode 100644 index 000000000..e8c3546dd --- /dev/null +++ b/crypto/src/cmp/CertificateStatus.cs @@ -0,0 +1,55 @@ +using System; +using System.Collections.Generic; +using System.Text; +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cms; +using Org.BouncyCastle.Crypto.IO; +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.X509; + +namespace Org.BouncyCastle.Cmp +{ + public class CertificateStatus + { + private DefaultSignatureAlgorithmIdentifierFinder sigAlgFinder = new DefaultSignatureAlgorithmIdentifierFinder(); + private DefaultDigestAlgorithmIdentifierFinder digestAlgFinder; + private CertStatus certStatus; + + public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus) + { + this.digestAlgFinder = digestAlgFinder; + this.certStatus = certStatus; + } + + public PkiStatusInfo PkiStatusInfo + { + get { return certStatus.StatusInfo; } + } + + public BigInteger CertRequestId + { + get { return certStatus.CertReqID.Value; } + } + + public bool IsVerified(X509Certificate cert) + { + + AlgorithmIdentifier digAlg = digestAlgFinder.find( sigAlgFinder.Find(cert.SigAlgName)); + if (digAlg == null) + { + throw new CmpException("cannot find algorithm for digest from signature "+cert.SigAlgName); + } + + DigestSink digestSink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm)); + + digestSink.Write(cert.GetEncoded()); + + byte[] digest = new byte[digestSink.Digest.GetDigestSize()]; + digestSink.Digest.DoFinal(digest, 0); + return Arrays.ConstantTimeAreEqual(certStatus.CertHash.GetOctets(), digest); + } + } +} diff --git a/crypto/src/cmp/CmpException.cs b/crypto/src/cmp/CmpException.cs new file mode 100644 index 000000000..7ecdf5af8 --- /dev/null +++ b/crypto/src/cmp/CmpException.cs @@ -0,0 +1,26 @@ +using System; +using System.Collections.Generic; +using System.Runtime.Serialization; +using System.Text; + +namespace Org.BouncyCastle.Cmp +{ + public class CmpException : Exception + { + public CmpException() + { + } + + public CmpException(string message) : base(message) + { + } + + public CmpException(string message, Exception innerException) : base(message, innerException) + { + } + + protected CmpException(SerializationInfo info, StreamingContext context) : base(info, context) + { + } + } +} diff --git a/crypto/src/crmf/AuthenticatorControl.cs b/crypto/src/crmf/AuthenticatorControl.cs new file mode 100644 index 000000000..7803c4418 --- /dev/null +++ b/crypto/src/crmf/AuthenticatorControl.cs @@ -0,0 +1,36 @@ +using System; +using System.Collections.Generic; +using System.Text; + +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Crmf; + +namespace Org.BouncyCastle.Crmf +{ + public class AuthenticatorControl:IControl + { + + private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_authenticator; + + private readonly DerUtf8String token; + + public AuthenticatorControl(DerUtf8String token) + { + this.token = token; + } + + public AuthenticatorControl(String token) + { + this.token = new DerUtf8String(token); + } + + public DerObjectIdentifier Type + { + get { return type; } + } + + public Asn1Encodable Value { + get { return token; } + } + } +} diff --git a/crypto/src/crmf/CertificateRequestMessage.cs b/crypto/src/crmf/CertificateRequestMessage.cs new file mode 100644 index 000000000..818facade --- /dev/null +++ b/crypto/src/crmf/CertificateRequestMessage.cs @@ -0,0 +1,184 @@ +using System; +using System.Collections.Generic; +using System.Runtime.InteropServices; +using System.Text; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Crmf; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Operators; + +namespace Org.BouncyCastle.Crmf +{ + public class CertificateRequestMessage + { + public static readonly int popRaVerified = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_RA_VERIFIED; + public static readonly int popSigningKey = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_SIGNING_KEY; + public static readonly int popKeyEncipherment = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_KEY_ENCIPHERMENT; + public static readonly int popKeyAgreement = Org.BouncyCastle.Asn1.Crmf.ProofOfPossession.TYPE_KEY_AGREEMENT; + + private readonly CertReqMsg certReqMsg; + private readonly Controls controls; + + private static CertReqMsg ParseBytes(byte[] encoding) + + { + return CertReqMsg.GetInstance(encoding); + } + + public CertificateRequestMessage(CertReqMsg certReqMsg) + { + this.certReqMsg = certReqMsg; + this.controls = certReqMsg.CertReq.Controls; + } + + public CertReqMsg ToAsn1Structure() + { + return certReqMsg; + } + + public CertTemplate GetCertTemplate() + { + return this.certReqMsg.CertReq.CertTemplate; + } + + public bool HasControls + { + get { return controls != null; } + } + + + public bool HasControl(DerObjectIdentifier objectIdentifier) + { + return findControl(objectIdentifier) != null; + } + + public IControl GetControl(DerObjectIdentifier type) + { + AttributeTypeAndValue found = findControl(type); + if (found != null) + { + if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions)) + { + return new PkiArchiveControl(PkiArchiveOptions.GetInstance(found.Value)); + } + + if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_regToken)) + { + return new RegTokenControl(DerUtf8String.GetInstance(found.Value)); + } + + if (found.Type.Equals(CrmfObjectIdentifiers.id_regCtrl_authenticator)) + { + return new AuthenticatorControl(DerUtf8String.GetInstance(found.Value)); + } + } + return null; + } + + + + + public AttributeTypeAndValue findControl(DerObjectIdentifier type) + { + if (controls == null) + { + return null; + } + + AttributeTypeAndValue[] tAndV = controls.ToAttributeTypeAndValueArray(); + AttributeTypeAndValue found = null; + + for (int i = 0; i < tAndV.Length; i++) + { + if (tAndV[i].Type.Equals(type)) + { + found = tAndV[i]; + break; + } + } + + return found; + } + + public bool HasProofOfPossession + { + get { return certReqMsg.Popo != null; } + } + + public int ProofOfPossession + { + get { return certReqMsg.Popo.Type; } + } + + public bool HasSigningKeyProofOfPossessionWithPkMac + { + get + { + ProofOfPossession pop = certReqMsg.Popo; + + if (pop.Type == popSigningKey) + { + PopoSigningKey popoSign = PopoSigningKey.GetInstance(pop.Object); + + return popoSign.PoposkInput.PublicKeyMac != null; + } + + return false; + + } + } + + public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider) + { + ProofOfPossession pop = certReqMsg.Popo; + if (pop.Type == popSigningKey) + { + PopoSigningKey popoSign = PopoSigningKey.GetInstance(pop.Object); + if (popoSign.PoposkInput != null && popoSign.PoposkInput.PublicKeyMac != null) + { + throw new InvalidOperationException("verification requires password check"); + } + return verifySignature(verifierProvider, popoSign); + } + + throw new InvalidOperationException("not Signing Key type of proof of possession"); + } + + + + private bool verifySignature(IVerifierFactoryProvider verifierFactoryProvider, PopoSigningKey signKey) + { + IVerifierFactory verifer; + IStreamCalculator calculator; + try + { + verifer = verifierFactoryProvider.CreateVerifierFactory(signKey.AlgorithmIdentifier); + calculator = verifer.CreateCalculator(); + } + catch (Exception ex) + { + throw new CrmfException("unable to create verifier: "+ex.Message, ex); + } + + if (signKey.PoposkInput != null) + { + byte[] b = signKey.GetDerEncoded(); + calculator.Stream.Write(b,0,b.Length); + } + else + { + byte[] b = certReqMsg.GetDerEncoded(); + calculator.Stream.Write(b,0,b.Length); + } + + DefaultVerifierResult result = (DefaultVerifierResult) calculator.GetResult(); + + return result.IsVerified(signKey.Signature.GetBytes()); + } + + public byte[] GetEncoded() + { + return certReqMsg.GetEncoded(); + } + } +} diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs new file mode 100644 index 000000000..53ebdf3f5 --- /dev/null +++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs @@ -0,0 +1,261 @@ +using System; +using System.Collections; +using System.Collections.Generic; +using System.Security.Cryptography.X509Certificates; +using System.Text; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Math; + +namespace Org.BouncyCastle.Crmf +{ + public class CertificateRequestMessageBuilder + { + private readonly BigInteger _certReqId; + private X509ExtensionsGenerator _extGenerator; + private CertTemplateBuilder _templateBuilder; + private ArrayList _controls= new ArrayList(); + private ISignatureFactory _popSigner; + private PkMacFactory _pkMacBuilder; + private char[] _password; + private GeneralName _sender; + private int _popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; + private PopoPrivKey _popoPrivKey; + private Asn1Null _popRaVerified; + private PKMacValue _agreeMac; + + public CertificateRequestMessageBuilder(BigInteger certReqId) + { + this._certReqId = certReqId; + this._extGenerator = new X509ExtensionsGenerator(); + this._templateBuilder = new CertTemplateBuilder(); + } + + public CertificateRequestMessageBuilder SetPublicKey(SubjectPublicKeyInfo publicKeyInfo) + { + if (publicKeyInfo != null) + { + _templateBuilder.SetPublicKey(publicKeyInfo); + } + + return this; + } + + + public CertificateRequestMessageBuilder SetIssuer(X509Name issuer) + { + if (issuer != null) + { + _templateBuilder.SetIssuer(issuer); + } + + return this; + } + + public CertificateRequestMessageBuilder SetSubject(X509Name subject) + { + if (subject != null) + { + _templateBuilder.SetSubject(subject); + } + + return this; + } + + public CertificateRequestMessageBuilder SetSerialNumber(BigInteger serialNumber) + { + if (serialNumber != null) + { + _templateBuilder.SetSerialNumber(new DerInteger(serialNumber)); + } + + return this; + } + + public CertificateRequestMessageBuilder SetValidity(Time notBefore, Time notAfter) + { + _templateBuilder.SetValidity(new OptionalValidity(notBefore, notAfter)); + return this; + } + + public CertificateRequestMessageBuilder AddExtension(DerObjectIdentifier oid, bool critical, + Asn1Encodable value) + { + _extGenerator.AddExtension(oid,critical, value); + return this; + } + + public CertificateRequestMessageBuilder AddExtension(DerObjectIdentifier oid, bool critical, + byte[] value) + { + _extGenerator.AddExtension(oid, critical, value); + return this; + } + + public CertificateRequestMessageBuilder SetProofOfPossessionSignKeySigner(ISignatureFactory popoSignatureFactory) + { + if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) + { + throw new InvalidOperationException("only one proof of possession is allowed."); + } + + this._popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; + return this; + } + + public CertificateRequestMessageBuilder SetProofOfPossessionSubsequentMessage(SubsequentMessage msg) + { + if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) + { + throw new InvalidOperationException("only one proof of possession is allowed."); + } + + this._popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; + this._popoPrivKey = new PopoPrivKey(msg); + + + return this; + } + + + public CertificateRequestMessageBuilder SetProofOfPossessionSubsequentMessage(int type, SubsequentMessage msg) + { + if (_popoPrivKey != null || _popRaVerified != null || _agreeMac != null) + { + throw new InvalidOperationException("only one proof of possession is allowed."); + } + + if (type != ProofOfPossession.TYPE_KEY_ENCIPHERMENT && type != ProofOfPossession.TYPE_KEY_AGREEMENT) + { + throw new ArgumentException("type must be ProofOfPossession.TYPE_KEY_ENCIPHERMENT || ProofOfPossession.TYPE_KEY_AGREEMENT"); + } + + this._popoType = type; + this._popoPrivKey = new PopoPrivKey(msg); + return this; + } + + public CertificateRequestMessageBuilder SetProofOfPossessionAgreeMac(PKMacValue macValue) + { + if (_popSigner != null || _popRaVerified != null || _popoPrivKey != null) + { + throw new InvalidOperationException("only one proof of possession allowed"); + } + + this._agreeMac = macValue; + return this; + } + + public CertificateRequestMessageBuilder SetProofOfPossessionRaVerified() + { + if (_popSigner != null || _popoPrivKey != null) + { + throw new InvalidOperationException("only one proof of possession allowed"); + } + + this._popRaVerified = DerNull.Instance; + + return this; + } + + public CertificateRequestMessageBuilder SetAuthInfoPKMAC(PkMacFactory pkmacFactory, char[] password) + { + this._pkMacBuilder = pkmacFactory; + this._password = password; + + return this; + } + + public CertificateRequestMessageBuilder SetAuthInfoSender(X509Name sender) + { + return SetAuthInfoSender(new GeneralName(sender)); + } + + public CertificateRequestMessageBuilder SetAuthInfoSender(GeneralName sender) + { + this._sender = sender; + return this; + } + + public CertificateRequestMessage Build() + { + Asn1EncodableVector v = new Asn1EncodableVector(); + + v.Add(new DerInteger(this._certReqId)); + + if (!this._extGenerator.IsEmpty) + { + this._templateBuilder.SetExtensions(_extGenerator.Generate()); + } + + v.Add(_templateBuilder.Build()); + + if (_controls.Count>0) + { + Asn1EncodableVector controlV = new Asn1EncodableVector(); + + foreach (Object item in _controls) + { + IControl control = (IControl) item; + controlV.Add(new AttributeTypeAndValue(control.Type, control.Value)); + } + + v.Add(new DerSequence(controlV)); + } + + CertRequest request = CertRequest.GetInstance(new DerSequence(v)); + + v = new Asn1EncodableVector(); + + v.Add(request); + + if (_popSigner != null) + { + CertTemplate template = request.CertTemplate; + + if (template.Subject == null || template.PublicKey == null) + { + SubjectPublicKeyInfo pubKeyInfo = request.CertTemplate.PublicKey; + + ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo); + + if (_sender != null) + { + builder.setSender(_sender); + } + else + { + // PkMa pkmacGenerator = new PKMACValueGenerator(_pkmacBuilder); + + builder.setPublicKeyMac(_pkMacBuilder, _password); + } + + v.Add(new ProofOfPossession(builder.build(_popSigner))); + } + else + { + ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(request); + + v.Add(new ProofOfPossession(builder.build(_popSigner))); + } + } + else if (_popoPrivKey != null) + { + v.Add(new ProofOfPossession(_popoType, _popoPrivKey)); + } + else if (_agreeMac != null) + { + v.Add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_AGREEMENT, + PopoPrivKey.GetInstance(new DerTaggedObject(false, PopoPrivKey.agreeMAC, _agreeMac),true ))); + + } + else if (_popRaVerified != null) + { + v.Add(new ProofOfPossession()); + } + + return new CertificateRequestMessage(CertReqMsg.GetInstance(new DerSequence(v))); + } + } +} diff --git a/crypto/src/crmf/CrmfException.cs b/crypto/src/crmf/CrmfException.cs new file mode 100644 index 000000000..c80f480b7 --- /dev/null +++ b/crypto/src/crmf/CrmfException.cs @@ -0,0 +1,26 @@ +using System; +using System.Collections.Generic; +using System.Runtime.Serialization; +using System.Text; + +namespace Org.BouncyCastle.Crmf +{ + public class CrmfException : Exception + { + public CrmfException() + { + } + + public CrmfException(string message) : base(message) + { + } + + public CrmfException(string message, Exception innerException) : base(message, innerException) + { + } + + protected CrmfException(SerializationInfo info, StreamingContext context) : base(info, context) + { + } + } +} diff --git a/crypto/src/crmf/IControl.cs b/crypto/src/crmf/IControl.cs new file mode 100644 index 000000000..8f986168c --- /dev/null +++ b/crypto/src/crmf/IControl.cs @@ -0,0 +1,63 @@ +using System; + +using Org.BouncyCastle.Utilities; + +namespace Org.BouncyCastle.Asn1.Crmf +{ + + public interface IControl + { + DerObjectIdentifier Type { get; } + + Asn1Encodable Value { get; } + } + + + public class Controls + : Asn1Encodable + { + private readonly Asn1Sequence content; + + private Controls(Asn1Sequence seq) + { + content = seq; + } + + public static Controls GetInstance(object obj) + { + if (obj is Controls) + return (Controls)obj; + + if (obj is Asn1Sequence) + return new Controls((Asn1Sequence)obj); + + throw new ArgumentException("Invalid object: " + Platform.GetTypeName(obj), "obj"); + } + + public Controls(params AttributeTypeAndValue[] atvs) + { + content = new DerSequence(atvs); + } + + public virtual AttributeTypeAndValue[] ToAttributeTypeAndValueArray() + { + AttributeTypeAndValue[] result = new AttributeTypeAndValue[content.Count]; + for (int i = 0; i != result.Length; ++i) + { + result[i] = AttributeTypeAndValue.GetInstance(content[i]); + } + return result; + } + + /** + * 
+         * Controls  ::= SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue
+         *
+ * @return a basic ASN.1 object representation. + */ + public override Asn1Object ToAsn1Object() + { + return content; + } + } +} diff --git a/crypto/src/crmf/PkiArchiveControl.cs b/crypto/src/crmf/PkiArchiveControl.cs new file mode 100644 index 000000000..ec8fb7671 --- /dev/null +++ b/crypto/src/crmf/PkiArchiveControl.cs @@ -0,0 +1,70 @@ +using System; +using System.Collections.Generic; +using System.Text; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cms; +using Org.BouncyCastle.Asn1.Crmf; +using Org.BouncyCastle.Cms; + +namespace Org.BouncyCastle.Crmf +{ + public class PkiArchiveControl:IControl + { + public static readonly int encryptedPrivKey = PkiArchiveOptions.encryptedPrivKey; + public static readonly int keyGenParameters = PkiArchiveOptions.keyGenParameters; + public static readonly int archiveRemGenPrivKey = PkiArchiveOptions.archiveRemGenPrivKey; + + private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions; + + private readonly PkiArchiveOptions pkiArchiveOptions; + + public PkiArchiveControl(PkiArchiveOptions pkiArchiveOptions) + { + this.pkiArchiveOptions = pkiArchiveOptions; + } + + public DerObjectIdentifier Type + { + get { return type; } + } + + public Asn1Encodable Value + { + get { return pkiArchiveOptions; } + } + + public int ArchiveType + { + get { return pkiArchiveOptions.Type; } + } + + public bool EnvelopedData + { + get + { + EncryptedKey encKey = EncryptedKey.GetInstance(pkiArchiveOptions.Value); + return !encKey.IsEncryptedValue; + } + } + + public CmsEnvelopedData GetEnvelopedData() + { + try + { + EncryptedKey encKey = EncryptedKey.GetInstance(pkiArchiveOptions.Value); + EnvelopedData data = Org.BouncyCastle.Asn1.Cms.EnvelopedData.GetInstance(encKey.Value); + + return new CmsEnvelopedData(new ContentInfo(CmsObjectIdentifiers.EnvelopedData, data)); + } + catch (CmsException e) + { + throw new CrmfException("CMS parsing error: " + e.Message, e); + } + catch (Exception e) + { + throw new CrmfException("CRMF parsing error: "+e.Message, e); + } + } + + } +} diff --git a/crypto/src/crmf/RegTokenControl.cs b/crypto/src/crmf/RegTokenControl.cs new file mode 100644 index 000000000..b53ce1922 --- /dev/null +++ b/crypto/src/crmf/RegTokenControl.cs @@ -0,0 +1,36 @@ +using System; +using System.Collections.Generic; +using System.Text; + +using Org.BouncyCastle.Crmf; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Crmf; + +namespace Org.BouncyCastle.Crmf +{ + public class RegTokenControl:IControl + { + private static readonly DerObjectIdentifier type = CrmfObjectIdentifiers.id_regCtrl_regToken; + + private readonly DerUtf8String token; + + public RegTokenControl(DerUtf8String token) + { + this.token = token; + } + + public RegTokenControl(String token) + { + this.token = new DerUtf8String(token); + } + + public DerObjectIdentifier Type + { + get { return type; } + } + public Asn1Encodable Value + { + get { return token; } + } + } +} -- cgit 1.4.1