mirrored from https://www.bouncycastle.org/repositories/bc-csharp
-
Notifications
You must be signed in to change notification settings - Fork 602
Expand file tree
/
Copy pathOCSPReqGenerator.cs
More file actions
152 lines (126 loc) · 5.31 KB
/
Copy pathOCSPReqGenerator.cs
File metadata and controls
152 lines (126 loc) · 5.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
using System;
using System.Collections.Generic;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Ocsp;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Ocsp
{
public class OcspReqGenerator
{
private readonly List<RequestObject> m_list = new List<RequestObject>();
private GeneralName m_requestorName = null;
private X509Extensions m_requestExtensions = null;
private class RequestObject
{
internal CertificateID certId;
internal X509Extensions extensions;
public RequestObject(
CertificateID certId,
X509Extensions extensions)
{
this.certId = certId;
this.extensions = extensions;
}
public Request ToRequest()
{
return new Request(certId.ToAsn1Object(), extensions);
}
}
/// <summary>Add a request for the given CertificateID.</summary>
/// <param name="certId">Certificate ID of interest.</param>
public void AddRequest(CertificateID certId)
{
m_list.Add(new RequestObject(certId, null));
}
/// <summary>Add a request with extensions.</summary>
/// <param name="certId">Certificate ID of interest.</param>
/// <param name="singleRequestExtensions">The extensions to attach to the request.</param>
public void AddRequest(CertificateID certId, X509Extensions singleRequestExtensions)
{
m_list.Add(new RequestObject(certId, singleRequestExtensions));
}
/// <summary>Set the requestor name to the passed in X509Name.</summary>
/// <param name="requestorName">An X509Name representing the requestor name.</param>
public void SetRequestorName(X509Name requestorName)
{
try
{
m_requestorName = new GeneralName(GeneralName.DirectoryName, requestorName);
}
catch (Exception e)
{
throw new ArgumentException("cannot encode principal", e);
}
}
public void SetRequestorName(GeneralName requestorName)
{
m_requestorName = requestorName;
}
public void SetRequestExtensions(X509Extensions requestExtensions)
{
m_requestExtensions = requestExtensions;
}
private OcspReq GenerateRequest(ISignatureFactory signatureFactory, X509Certificate[] chain)
{
DerSequence requests;
try
{
requests = DerSequence.Map(m_list, ro => ro.ToRequest());
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
var tbsRequest = new TbsRequest(m_requestorName, requests, m_requestExtensions);
Signature optionalSignature = null;
if (signatureFactory != null)
{
if (m_requestorName == null)
throw new OcspException("requestorName must be specified if request is signed.");
AlgorithmIdentifier sigAlgID = (AlgorithmIdentifier)signatureFactory.AlgorithmDetails;
DerBitString signature;
try
{
signature = X509.X509Utilities.GenerateSignature(signatureFactory, tbsRequest);
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest", e);
}
DerSequence certs = null;
if (!Arrays.IsNullOrEmpty(chain))
{
certs = DerSequence.Map(chain, c => c.CertificateStructure);
}
optionalSignature = new Signature(sigAlgID, signature, certs);
}
return new OcspReq(new OcspRequest(tbsRequest, optionalSignature));
}
/// <summary>Generate an unsigned request.</summary>
public OcspReq Generate() => GenerateRequest(null, null);
public OcspReq Generate(string signingAlgorithm, AsymmetricKeyParameter privateKey, X509Certificate[] chain)
{
return Generate(signingAlgorithm, privateKey, chain, random: null);
}
public OcspReq Generate(string signingAlgorithm, AsymmetricKeyParameter privateKey, X509Certificate[] chain,
SecureRandom random)
{
if (signingAlgorithm == null)
throw new ArgumentNullException(nameof(signingAlgorithm));
return GenerateRequest(new Asn1SignatureFactory(signingAlgorithm, privateKey, random), chain);
}
public OcspReq Generate(ISignatureFactory signatureFactory, X509Certificate[] chain)
{
if (signatureFactory == null)
throw new ArgumentNullException(nameof(signatureFactory));
return GenerateRequest(signatureFactory, chain);
}
/// <summary>Return an IEnumerable of the signature names supported by the generator.</summary>
public IEnumerable<string> SignatureAlgNames => Asn1SignatureFactory.SignatureAlgNames;
}
}