1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
using System;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Asn1.Crmf
{
public class PopoSigningKey
: Asn1Encodable
{
private readonly PopoSigningKeyInput poposkInput;
private readonly AlgorithmIdentifier algorithmIdentifier;
private readonly DerBitString signature;
private PopoSigningKey(Asn1Sequence seq)
{
int index = 0;
if (seq[index] is Asn1TaggedObject tagObj)
{
index++;
if (tagObj.TagNo != 0)
throw new ArgumentException( "Unknown PopoSigningKeyInput tag: " + tagObj.TagNo, nameof(seq));
poposkInput = PopoSigningKeyInput.GetInstance(tagObj.GetObject());
}
algorithmIdentifier = AlgorithmIdentifier.GetInstance(seq[index++]);
signature = DerBitString.GetInstance(seq[index]);
}
public static PopoSigningKey GetInstance(object obj)
{
if (obj is PopoSigningKey)
return (PopoSigningKey)obj;
if (obj is Asn1Sequence)
return new PopoSigningKey((Asn1Sequence)obj);
throw new ArgumentException("Invalid object: " + Platform.GetTypeName(obj), "obj");
}
public static PopoSigningKey GetInstance(Asn1TaggedObject obj, bool isExplicit)
{
return GetInstance(Asn1Sequence.GetInstance(obj, isExplicit));
}
/**
* Creates a new Proof of Possession object for a signing key.
* @param poposkIn the PopoSigningKeyInput structure, or null if the
* CertTemplate includes both subject and publicKey values.
* @param aid the AlgorithmIdentifier used to sign the proof of possession.
* @param signature a signature over the DER-encoded value of poposkIn,
* or the DER-encoded value of certReq if poposkIn is null.
*/
public PopoSigningKey(
PopoSigningKeyInput poposkIn,
AlgorithmIdentifier aid,
DerBitString signature)
{
this.poposkInput = poposkIn;
this.algorithmIdentifier = aid;
this.signature = signature;
}
public virtual PopoSigningKeyInput PoposkInput
{
get { return poposkInput; }
}
public virtual AlgorithmIdentifier AlgorithmIdentifier
{
get { return algorithmIdentifier; }
}
public virtual DerBitString Signature
{
get { return signature; }
}
/**
* <pre>
* PopoSigningKey ::= SEQUENCE {
* poposkInput [0] PopoSigningKeyInput OPTIONAL,
* algorithmIdentifier AlgorithmIdentifier,
* signature BIT STRING }
* -- The signature (using "algorithmIdentifier") is on the
* -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg
* -- certReq CertTemplate contains the subject and publicKey values,
* -- then poposkInput MUST be omitted and the signature MUST be
* -- computed on the DER-encoded value of CertReqMsg certReq. If
* -- the CertReqMsg certReq CertTemplate does not contain the public
* -- key and subject values, then poposkInput MUST be present and
* -- MUST be signed. This strategy ensures that the public key is
* -- not present in both the poposkInput and CertReqMsg certReq
* -- CertTemplate fields.
* </pre>
* @return a basic ASN.1 object representation.
*/
public override Asn1Object ToAsn1Object()
{
Asn1EncodableVector v = new Asn1EncodableVector(3);
v.AddOptionalTagged(false, 0, poposkInput);
v.Add(algorithmIdentifier);
v.Add(signature);
return new DerSequence(v);
}
}
}
|
