crypto/src/crmf/ProofOfPossessionSigningKeyBuilder.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

using System;
using System.IO;

using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Crmf;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Utilities;

namespace Org.BouncyCastle.Crmf
{
    public class ProofOfPossessionSigningKeyBuilder
    {
        private CertRequest _certRequest;
        private SubjectPublicKeyInfo _pubKeyInfo;
        private GeneralName _name;
        private PKMacValue _publicKeyMAC;

        public ProofOfPossessionSigningKeyBuilder(CertRequest certRequest)
        {
            this._certRequest = certRequest;
        }

        public ProofOfPossessionSigningKeyBuilder(SubjectPublicKeyInfo pubKeyInfo)
        {
            this._pubKeyInfo = pubKeyInfo;
        }

        public ProofOfPossessionSigningKeyBuilder SetSender(GeneralName name)
        {
            this._name = name;
            return this;
        }

        public ProofOfPossessionSigningKeyBuilder SetPublicKeyMac(PKMacBuilder generator, char[] password)
        {
            IMacFactory fact = generator.Build(password);

            return ImplSetPublicKeyMac(fact);
        }

#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
        public ProofOfPossessionSigningKeyBuilder SetPublicKeyMac(PKMacBuilder generator, ReadOnlySpan<char> password)
        {
            IMacFactory fact = generator.Build(password);

            return ImplSetPublicKeyMac(fact);
        }
#endif

        public PopoSigningKey Build(ISignatureFactory signer)
        {
            if (_name != null && _publicKeyMAC != null)
                throw new InvalidOperationException("name and publicKeyMAC cannot both be set.");

            PopoSigningKeyInput popo;

            IStreamCalculator<IBlockResult> calc = signer.CreateCalculator();
            using (Stream sigStream = calc.Stream)
            {
                if (_certRequest != null)
                {
                    popo = null;
                    _certRequest.EncodeTo(sigStream, Asn1Encodable.Der);
                }
                else if (_name != null)
                {
                    popo = new PopoSigningKeyInput(_name, _pubKeyInfo);
                    popo.EncodeTo(sigStream, Asn1Encodable.Der);
                }
                else
                {
                    popo = new PopoSigningKeyInput(_publicKeyMAC, _pubKeyInfo);
                    popo.EncodeTo(sigStream, Asn1Encodable.Der);
                }
            }

            var signature = calc.GetResult().Collect();

            return new PopoSigningKey(popo, (AlgorithmIdentifier)signer.AlgorithmDetails, new DerBitString(signature));
        }

        private ProofOfPossessionSigningKeyBuilder ImplSetPublicKeyMac(IMacFactory fact)
        {
            IStreamCalculator<IBlockResult> calc = fact.CreateCalculator();
            using (var stream = calc.Stream)
            {
                _pubKeyInfo.EncodeTo(stream, Asn1Encodable.Der);
            }

            var mac = calc.GetResult().Collect();

            this._publicKeyMAC = new PKMacValue((AlgorithmIdentifier)fact.AlgorithmDetails, new DerBitString(mac));
            return this;
        }
    }
}