summary refs log tree commit diff
path: root/crypto/src/cms/KeyTransRecipientInfoGenerator.cs
blob: 23b06d3b341673adf043afbe976950cfe52a75f8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
using System;
using System.IO;

using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Cms;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;

namespace Org.BouncyCastle.Cms
{
    public class KeyTransRecipientInfoGenerator : RecipientInfoGenerator
    {
        private static readonly CmsEnvelopedHelper Helper = CmsEnvelopedHelper.Instance;

        private TbsCertificateStructure recipientTbsCert;
        private AsymmetricKeyParameter recipientPublicKey;
        private Asn1OctetString subjectKeyIdentifier;

        // Derived fields
        private SubjectPublicKeyInfo info;
        private IssuerAndSerialNumber issuerAndSerialNumber;
        private SecureRandom random;

        internal KeyTransRecipientInfoGenerator()
        {
        }

        protected KeyTransRecipientInfoGenerator(IssuerAndSerialNumber issuerAndSerialNumber)
        {
            this.issuerAndSerialNumber = issuerAndSerialNumber;
        }

        protected KeyTransRecipientInfoGenerator(byte[] subjectKeyIdentifier)
        {
            this.subjectKeyIdentifier = new DerOctetString(subjectKeyIdentifier);
        }

        internal X509Certificate RecipientCert
        {
            set
            {
                this.recipientTbsCert = CmsUtilities.GetTbsCertificateStructure(value);
                this.recipientPublicKey = value.GetPublicKey();
                this.info = recipientTbsCert.SubjectPublicKeyInfo;
            }
        }

        internal AsymmetricKeyParameter RecipientPublicKey
        {
            set
            {
                this.recipientPublicKey = value;

                try
                {
                    info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(
                        recipientPublicKey);
                }
                catch (IOException)
                {
                    throw new ArgumentException("can't extract key algorithm from this key");
                }
            }
        }

        internal Asn1OctetString SubjectKeyIdentifier
        {
            set { this.subjectKeyIdentifier = value; }
        }

        public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
        {
            AlgorithmIdentifier keyEncryptionAlgorithm = this.AlgorithmDetails;

            this.random = random;

            byte[] encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey);

            RecipientIdentifier recipId;
            if (recipientTbsCert != null)
            {
                IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber(
                    recipientTbsCert.Issuer, recipientTbsCert.SerialNumber.Value);
                recipId = new RecipientIdentifier(issuerAndSerial);
            }
            else
            {
                recipId = new RecipientIdentifier(subjectKeyIdentifier);
            }

            return new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm,
                new DerOctetString(encryptedKeyBytes)));
        }

        protected virtual AlgorithmIdentifier AlgorithmDetails
        {
            get
            {
                return info.AlgorithmID;
            }
        }

        protected virtual byte[] GenerateWrappedKey(KeyParameter contentEncryptionKey)
        {
            byte[] keyBytes = contentEncryptionKey.GetKey();
            AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID;

            IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.Algorithm.Id);
            keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random));
            return keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
        }
    }
}