crypto/src/crmf/CertificateResponse.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

using System;

using Org.BouncyCastle.Asn1.Cmp;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Cms;

namespace Org.BouncyCastle.Crmf
{
    /// <summary>High level wrapper for the CertResponse CRMF structure.</summary>
    public class CertificateResponse
    {
        private readonly CertResponse m_certResponse;

        public CertificateResponse(CertResponse certResponse)
        {
            m_certResponse = certResponse;
        }

        /**
         * Return true if the response contains an encrypted certificate.
         *
         * @return true if certificate in response encrypted, false otherwise.
         */
        public virtual bool HasEncryptedCertificate =>
            m_certResponse.CertifiedKeyPair.CertOrEncCert.HasEncryptedCertificate;

        /**
         * Return a CMSEnvelopedData representing the encrypted certificate contained in the response.
         *
         * @return a CMEEnvelopedData if an encrypted certificate is present.
         * @throws IllegalStateException if no encrypted certificate is present, or there is an issue with the enveloped data.
         */
        public virtual CmsEnvelopedData GetEncryptedCertificate()
        {
            if (!HasEncryptedCertificate)
                throw new InvalidOperationException("encrypted certificate asked for, none found");

            CertifiedKeyPair receivedKeyPair = m_certResponse.CertifiedKeyPair;

            var contentInfo = new Asn1.Cms.ContentInfo(PkcsObjectIdentifiers.EnvelopedData,
                receivedKeyPair.CertOrEncCert.EncryptedCert.Value);

            CmsEnvelopedData envelopedData = new CmsEnvelopedData(contentInfo);

            if (envelopedData.GetRecipientInfos().Count != 1)
                throw new InvalidOperationException("data encrypted for more than one recipient");

            return envelopedData;
        }

        // TODO[crmf]
#if false
        /**
         * Return the CMPCertificate representing the plaintext certificate in the response.
         *
         * @return a CMPCertificate if a plaintext certificate is present.
         * @throws IllegalStateException if no plaintext certificate is present.
         */
        public virtual CmpCertificate GetCertificate(Recipient recipient)
        {
            CmsEnvelopedData encryptedCert = GetEncryptedCertificate();

            RecipientInformationStore recipients = encryptedCert.GetRecipientInfos();

            var c = recipients.GetRecipients();

            RecipientInformation recInfo = c[0];

            return CmpCertificate.GetInstance(recInfo.GetContent(recipient));
        }
#endif

        /**
         * Return the CMPCertificate representing the plaintext certificate in the response.
         *
         * @return a CMPCertificate if a plaintext certificate is present.
         * @throws IllegalStateException if no plaintext certificate is present.
         */
        public virtual CmpCertificate GetCertificate()
        {
            if (HasEncryptedCertificate)
                throw new InvalidOperationException("plaintext certificate asked for, none found");

            return m_certResponse.CertifiedKeyPair.CertOrEncCert.Certificate;
        }

        /**
         * Return this object's underlying ASN.1 structure.
         *
         * @return a CertResponse
         */
        public virtual CertResponse ToAsn1Structure() => m_certResponse;
    }
}