using System;
using System.Collections;
using System.IO;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Security.Certificates;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.Crypto.Operators;
namespace Org.BouncyCastle.X509
{
/**
* class to produce an X.509 Version 2 CRL.
*/
public class X509V2CrlGenerator
{
private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
private V2TbsCertListGenerator tbsGen;
private DerObjectIdentifier sigOID;
private AlgorithmIdentifier sigAlgId;
private string signatureAlgorithm;
public X509V2CrlGenerator()
{
tbsGen = new V2TbsCertListGenerator();
}
/**
* reset the generator
*/
public void Reset()
{
tbsGen = new V2TbsCertListGenerator();
extGenerator.Reset();
}
/**
* Set the issuer distinguished name - the issuer is the entity whose private key is used to sign the
* certificate.
*/
public void SetIssuerDN(
X509Name issuer)
{
tbsGen.SetIssuer(issuer);
}
public void SetThisUpdate(
DateTime date)
{
tbsGen.SetThisUpdate(new Time(date));
}
public void SetNextUpdate(
DateTime date)
{
tbsGen.SetNextUpdate(new Time(date));
}
/**
* Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise
* or 0 if CrlReason is not to be used
**/
public void AddCrlEntry(
BigInteger userCertificate,
DateTime revocationDate,
int reason)
{
tbsGen.AddCrlEntry(new DerInteger(userCertificate), new Time(revocationDate), reason);
}
/**
* Add a CRL entry with an Invalidity Date extension as well as a CrlReason extension.
* Reason being as indicated by CrlReason, i.e. CrlReason.KeyCompromise
* or 0 if CrlReason is not to be used
**/
public void AddCrlEntry(
BigInteger userCertificate,
DateTime revocationDate,
int reason,
DateTime invalidityDate)
{
tbsGen.AddCrlEntry(new DerInteger(userCertificate), new Time(revocationDate), reason, new DerGeneralizedTime(invalidityDate));
}
/**
* Add a CRL entry with extensions.
**/
public void AddCrlEntry(
BigInteger userCertificate,
DateTime revocationDate,
X509Extensions extensions)
{
tbsGen.AddCrlEntry(new DerInteger(userCertificate), new Time(revocationDate), extensions);
}
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509Crl to source the other entries from.
*/
public void AddCrl(
X509Crl other)
{
if (other == null)
throw new ArgumentNullException("other");
ISet revocations = other.GetRevokedCertificates();
if (revocations != null)
{
foreach (X509CrlEntry entry in revocations)
{
try
{
tbsGen.AddCrlEntry(
Asn1Sequence.GetInstance(
Asn1Object.FromByteArray(entry.GetEncoded())));
}
catch (IOException e)
{
throw new CrlException("exception processing encoding of CRL", e);
}
}
}
}
///
/// Set the signature algorithm that will be used to sign this CRL.
///
///
[Obsolete("Not needed if Generate used with an ISignatureCalculator")]
public void SetSignatureAlgorithm(
string signatureAlgorithm)
{
this.signatureAlgorithm = signatureAlgorithm;
try
{
sigOID = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
}
catch (Exception e)
{
throw new ArgumentException("Unknown signature type requested", e);
}
sigAlgId = X509Utilities.GetSigAlgID(sigOID, signatureAlgorithm);
tbsGen.SetSignature(sigAlgId);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void AddExtension(
string oid,
bool critical,
Asn1Encodable extensionValue)
{
extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, extensionValue);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void AddExtension(
DerObjectIdentifier oid,
bool critical,
Asn1Encodable extensionValue)
{
extGenerator.AddExtension(oid, critical, extensionValue);
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void AddExtension(
string oid,
bool critical,
byte[] extensionValue)
{
extGenerator.AddExtension(new DerObjectIdentifier(oid), critical, new DerOctetString(extensionValue));
}
/**
* add a given extension field for the standard extensions tag (tag 0)
*/
public void AddExtension(
DerObjectIdentifier oid,
bool critical,
byte[] extensionValue)
{
extGenerator.AddExtension(oid, critical, new DerOctetString(extensionValue));
}
///
/// Generate an X.509 CRL, based on the current issuer and subject.
///
/// The private key of the issuer that is signing this certificate.
/// An X509Crl.
[Obsolete("Use Generate with an ISignatureCalculator")]
public X509Crl Generate(
AsymmetricKeyParameter privateKey)
{
return Generate(privateKey, null);
}
///
/// Generate an X.509 CRL, based on the current issuer and subject using the specified secure random.
///
/// The private key of the issuer that is signing this certificate.
/// Your Secure Random instance.
/// An X509Crl.
[Obsolete("Use Generate with an ISignatureCalculator")]
public X509Crl Generate(
AsymmetricKeyParameter privateKey,
SecureRandom random)
{
return Generate(new Asn1SignatureCalculator(signatureAlgorithm, privateKey, random));
}
///
/// Generate a new X509Crl using the passed in SignatureCalculator.
///
/// A signature calculator with the necessary algorithm details.
/// An X509Crl.
public X509Crl Generate(ISignatureCalculator signatureCalculator)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails);
TbsCertificateList tbsCertList = GenerateCertList();
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] encoded = tbsCertList.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
streamCalculator.Stream.Close();
return GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal());
}
private TbsCertificateList GenerateCertList()
{
if (!extGenerator.IsEmpty)
{
tbsGen.SetExtensions(extGenerator.Generate());
}
return tbsGen.GenerateTbsCertList();
}
private X509Crl GenerateJcaObject(
TbsCertificateList tbsCrl,
AlgorithmIdentifier algId,
byte[] signature)
{
return new X509Crl(
CertificateList.GetInstance(
new DerSequence(tbsCrl, algId, new DerBitString(signature))));
}
///
/// Allows enumeration of the signature names supported by the generator.
///
public IEnumerable SignatureAlgNames
{
get { return X509Utilities.GetAlgNames(); }
}
}
}