init commit
This commit is contained in:
@@ -0,0 +1,181 @@
|
||||
using System;
|
||||
using System.Collections;
|
||||
using System.IO;
|
||||
using Org.BouncyCastle.Asn1;
|
||||
using Org.BouncyCastle.Asn1.Ocsp;
|
||||
using Org.BouncyCastle.Asn1.X509;
|
||||
using Org.BouncyCastle.Crypto;
|
||||
using Org.BouncyCastle.Crypto.Parameters;
|
||||
using Org.BouncyCastle.Security;
|
||||
using Org.BouncyCastle.Security.Certificates;
|
||||
using Org.BouncyCastle.Utilities;
|
||||
using Org.BouncyCastle.X509;
|
||||
|
||||
namespace Org.BouncyCastle.Ocsp;
|
||||
|
||||
public class OcspReqGenerator
|
||||
{
|
||||
private class RequestObject
|
||||
{
|
||||
internal CertificateID certId;
|
||||
|
||||
internal X509Extensions extensions;
|
||||
|
||||
public RequestObject(CertificateID certId, X509Extensions extensions)
|
||||
{
|
||||
this.certId = certId;
|
||||
this.extensions = extensions;
|
||||
}
|
||||
|
||||
public Request ToRequest()
|
||||
{
|
||||
return new Request(certId.ToAsn1Object(), extensions);
|
||||
}
|
||||
}
|
||||
|
||||
private IList list = Platform.CreateArrayList();
|
||||
|
||||
private GeneralName requestorName = null;
|
||||
|
||||
private X509Extensions requestExtensions = null;
|
||||
|
||||
public IEnumerable SignatureAlgNames => OcspUtilities.AlgNames;
|
||||
|
||||
public void AddRequest(CertificateID certId)
|
||||
{
|
||||
list.Add(new RequestObject(certId, null));
|
||||
}
|
||||
|
||||
public void AddRequest(CertificateID certId, X509Extensions singleRequestExtensions)
|
||||
{
|
||||
list.Add(new RequestObject(certId, singleRequestExtensions));
|
||||
}
|
||||
|
||||
public void SetRequestorName(X509Name requestorName)
|
||||
{
|
||||
try
|
||||
{
|
||||
this.requestorName = new GeneralName(4, requestorName);
|
||||
}
|
||||
catch (Exception innerException)
|
||||
{
|
||||
throw new ArgumentException("cannot encode principal", innerException);
|
||||
}
|
||||
}
|
||||
|
||||
public void SetRequestorName(GeneralName requestorName)
|
||||
{
|
||||
this.requestorName = requestorName;
|
||||
}
|
||||
|
||||
public void SetRequestExtensions(X509Extensions requestExtensions)
|
||||
{
|
||||
this.requestExtensions = requestExtensions;
|
||||
}
|
||||
|
||||
private OcspReq GenerateRequest(DerObjectIdentifier signingAlgorithm, AsymmetricKeyParameter privateKey, X509Certificate[] chain, SecureRandom random)
|
||||
{
|
||||
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector();
|
||||
foreach (RequestObject item in list)
|
||||
{
|
||||
try
|
||||
{
|
||||
asn1EncodableVector.Add(item.ToRequest());
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
throw new OcspException("exception creating Request", e);
|
||||
}
|
||||
}
|
||||
TbsRequest tbsRequest = new TbsRequest(requestorName, new DerSequence(asn1EncodableVector), requestExtensions);
|
||||
ISigner signer = null;
|
||||
Signature optionalSignature = null;
|
||||
if (signingAlgorithm != null)
|
||||
{
|
||||
if (requestorName == null)
|
||||
{
|
||||
throw new OcspException("requestorName must be specified if request is signed.");
|
||||
}
|
||||
try
|
||||
{
|
||||
signer = SignerUtilities.GetSigner(signingAlgorithm.Id);
|
||||
if (random != null)
|
||||
{
|
||||
signer.Init(forSigning: true, new ParametersWithRandom(privateKey, random));
|
||||
}
|
||||
else
|
||||
{
|
||||
signer.Init(forSigning: true, privateKey);
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
throw new OcspException("exception creating signature: " + ex, ex);
|
||||
}
|
||||
DerBitString derBitString = null;
|
||||
try
|
||||
{
|
||||
byte[] encoded = tbsRequest.GetEncoded();
|
||||
signer.BlockUpdate(encoded, 0, encoded.Length);
|
||||
derBitString = new DerBitString(signer.GenerateSignature());
|
||||
}
|
||||
catch (Exception ex2)
|
||||
{
|
||||
throw new OcspException("exception processing TBSRequest: " + ex2, ex2);
|
||||
}
|
||||
AlgorithmIdentifier signatureAlgorithm = new AlgorithmIdentifier(signingAlgorithm, DerNull.Instance);
|
||||
if (chain != null && chain.Length > 0)
|
||||
{
|
||||
Asn1EncodableVector asn1EncodableVector2 = new Asn1EncodableVector();
|
||||
try
|
||||
{
|
||||
for (int i = 0; i != chain.Length; i++)
|
||||
{
|
||||
asn1EncodableVector2.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(chain[i].GetEncoded())));
|
||||
}
|
||||
}
|
||||
catch (IOException e2)
|
||||
{
|
||||
throw new OcspException("error processing certs", e2);
|
||||
}
|
||||
catch (CertificateEncodingException e3)
|
||||
{
|
||||
throw new OcspException("error encoding certs", e3);
|
||||
}
|
||||
optionalSignature = new Signature(signatureAlgorithm, derBitString, new DerSequence(asn1EncodableVector2));
|
||||
}
|
||||
else
|
||||
{
|
||||
optionalSignature = new Signature(signatureAlgorithm, derBitString);
|
||||
}
|
||||
}
|
||||
return new OcspReq(new OcspRequest(tbsRequest, optionalSignature));
|
||||
}
|
||||
|
||||
public OcspReq Generate()
|
||||
{
|
||||
return GenerateRequest(null, null, null, null);
|
||||
}
|
||||
|
||||
public OcspReq Generate(string signingAlgorithm, AsymmetricKeyParameter privateKey, X509Certificate[] chain)
|
||||
{
|
||||
return Generate(signingAlgorithm, privateKey, chain, null);
|
||||
}
|
||||
|
||||
public OcspReq Generate(string signingAlgorithm, AsymmetricKeyParameter privateKey, X509Certificate[] chain, SecureRandom random)
|
||||
{
|
||||
if (signingAlgorithm == null)
|
||||
{
|
||||
throw new ArgumentException("no signing algorithm specified");
|
||||
}
|
||||
try
|
||||
{
|
||||
DerObjectIdentifier algorithmOid = OcspUtilities.GetAlgorithmOid(signingAlgorithm);
|
||||
return GenerateRequest(algorithmOid, privateKey, chain, random);
|
||||
}
|
||||
catch (ArgumentException)
|
||||
{
|
||||
throw new ArgumentException("unknown signing algorithm specified: " + signingAlgorithm);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user