blob: c39f06ad042e17ec0283aec3aea638b7fa28571c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.X509;
using System;
using System.Collections.Generic;
using System.Text;
using Org.BouncyCastle.Asn1.Crmf;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.Encoders;
namespace Org.BouncyCastle.Asn1.Cmp
{
public class ProtectedPkiMessage
{
private PkiMessage pkiMessage;
public ProtectedPkiMessage(GeneralPKIMessage pkiMessage)
{
if (!pkiMessage.HasProtection)
{
throw new ArgumentException("pki message not protected");
}
this.pkiMessage = pkiMessage.ToAsn1Structure();
}
public ProtectedPkiMessage(PkiMessage pkiMessage)
{
if (pkiMessage.Header.ProtectionAlg == null)
{
throw new ArgumentException("pki message not protected");
}
this.pkiMessage = pkiMessage;
}
public PkiHeader Header { get { return pkiMessage.Header; } }
public PkiBody Body { get { return pkiMessage.Body; } }
public PkiMessage ToAsn1Message() { return pkiMessage; }
public bool HasPasswordBasedMacProtected { get { return Header.ProtectionAlg.Algorithm.Equals(CmpObjectIdentifiers.passwordBasedMac); } }
public X509Certificate[] GetCertificates()
{
CmpCertificate[] certs = pkiMessage.GetExtraCerts();
if (certs == null)
{
return new X509Certificate[0];
}
X509Certificate[] res = new X509Certificate[certs.Length];
for (int t=0; t<certs.Length;t++)
{
res[t] = new X509Certificate(X509CertificateStructure.GetInstance(certs[t].GetEncoded()));
}
return res;
}
public bool Verify(IVerifierFactory verifier)
{
Asn1EncodableVector avec = new Asn1EncodableVector();
avec.Add(pkiMessage.Header);
avec.Add(pkiMessage.Body);
byte[] enc = new DerSequence(avec).GetDerEncoded();
IStreamCalculator streamCalculator = verifier.CreateCalculator();
streamCalculator.Stream.Write(enc,0,enc.Length);
streamCalculator.Stream.Flush();
streamCalculator.Stream.Close();
IVerifier result = (IVerifier) streamCalculator.GetResult();
return result.IsVerified(pkiMessage.Protection.GetBytes());
}
public bool Verify(Asn1MacFactoryProvider asn1Factory, byte[] password)
{
if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
{
throw new InvalidOperationException("protection algorithm is not mac based");
}
PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters);
PkMacFactory macFactory = (PkMacFactory)asn1Factory.CreateMacFactory(parameter);
macFactory.Password = password;
MacVerifierFactory macVerifierFactory = new MacVerifierFactory(macFactory);
return Verify(macVerifierFactory);
}
}
}
|
