You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
428 lines
19 KiB
428 lines
19 KiB
1 year ago
|
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||
|
|
#pragma warning disable
|
||
|
|
using System;
|
||
|
|
using System.Collections;
|
||
|
|
using System.IO;
|
||
|
|
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.CryptoPro;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Nist;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Oiw;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.Pkcs;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.TeleTrust;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Asn1.X9;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.IO;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Parameters;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Signers;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Security;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||
|
|
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||
|
|
|
||
|
|
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Crypto.Operators
|
||
|
|
{
|
||
|
|
internal class X509Utilities
|
||
|
|
{
|
||
|
|
private static readonly Asn1Null derNull = DerNull.Instance;
|
||
|
|
|
||
|
|
private static readonly IDictionary algorithms = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
|
||
|
|
private static readonly IDictionary exParams = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateHashtable();
|
||
|
|
private static readonly ISet noParams = new HashSet();
|
||
|
|
|
||
|
|
static X509Utilities()
|
||
|
|
{
|
||
|
|
algorithms.Add("MD2WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD2WithRsaEncryption);
|
||
|
|
algorithms.Add("MD2WITHRSA", PkcsObjectIdentifiers.MD2WithRsaEncryption);
|
||
|
|
algorithms.Add("MD5WITHRSAENCRYPTION", PkcsObjectIdentifiers.MD5WithRsaEncryption);
|
||
|
|
algorithms.Add("MD5WITHRSA", PkcsObjectIdentifiers.MD5WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-1WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-1WITHRSA", PkcsObjectIdentifiers.Sha1WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-224WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-224WITHRSA", PkcsObjectIdentifiers.Sha224WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-256WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-256WITHRSA", PkcsObjectIdentifiers.Sha256WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-384WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-384WITHRSA", PkcsObjectIdentifiers.Sha384WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-512WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA-512WITHRSA", PkcsObjectIdentifiers.Sha512WithRsaEncryption);
|
||
|
|
algorithms.Add("SHA512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(224)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(224)WITHRSA", PkcsObjectIdentifiers.Sha512_224WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(256)WITHRSAENCRYPTION", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA-512(256)WITHRSA", PkcsObjectIdentifiers.Sha512_256WithRSAEncryption);
|
||
|
|
algorithms.Add("SHA3-224WITHRSAENCRYPTION", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
|
||
|
|
algorithms.Add("SHA3-256WITHRSAENCRYPTION", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
|
||
|
|
algorithms.Add("SHA3-384WITHRSAENCRYPTION", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
|
||
|
|
algorithms.Add("SHA3-512WITHRSAENCRYPTION", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
|
||
|
|
algorithms.Add("SHA3-224WITHRSA", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_224);
|
||
|
|
algorithms.Add("SHA3-256WITHRSA", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_256);
|
||
|
|
algorithms.Add("SHA3-384WITHRSA", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_384);
|
||
|
|
algorithms.Add("SHA3-512WITHRSA", NistObjectIdentifiers.IdRsassaPkcs1V15WithSha3_512);
|
||
|
|
algorithms.Add("SHA1WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA224WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA256WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA384WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("SHA512WITHRSAANDMGF1", PkcsObjectIdentifiers.IdRsassaPss);
|
||
|
|
algorithms.Add("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
|
||
|
|
algorithms.Add("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD160);
|
||
|
|
algorithms.Add("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
|
||
|
|
algorithms.Add("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD128);
|
||
|
|
algorithms.Add("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
|
||
|
|
algorithms.Add("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.RsaSignatureWithRipeMD256);
|
||
|
|
algorithms.Add("SHA1WITHDSA", X9ObjectIdentifiers.IdDsaWithSha1);
|
||
|
|
algorithms.Add("DSAWITHSHA1", X9ObjectIdentifiers.IdDsaWithSha1);
|
||
|
|
algorithms.Add("SHA224WITHDSA", NistObjectIdentifiers.DsaWithSha224);
|
||
|
|
algorithms.Add("SHA256WITHDSA", NistObjectIdentifiers.DsaWithSha256);
|
||
|
|
algorithms.Add("SHA384WITHDSA", NistObjectIdentifiers.DsaWithSha384);
|
||
|
|
algorithms.Add("SHA512WITHDSA", NistObjectIdentifiers.DsaWithSha512);
|
||
|
|
algorithms.Add("SHA1WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha1);
|
||
|
|
algorithms.Add("ECDSAWITHSHA1", X9ObjectIdentifiers.ECDsaWithSha1);
|
||
|
|
algorithms.Add("SHA224WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha224);
|
||
|
|
algorithms.Add("SHA256WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha256);
|
||
|
|
algorithms.Add("SHA384WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha384);
|
||
|
|
algorithms.Add("SHA512WITHECDSA", X9ObjectIdentifiers.ECDsaWithSha512);
|
||
|
|
algorithms.Add("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
|
||
|
|
algorithms.Add("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
|
||
|
|
algorithms.Add("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
algorithms.Add("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
algorithms.Add("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
|
||
|
|
//
|
||
|
|
// According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
|
||
|
|
// The parameters field SHALL be NULL for RSA based signature algorithms.
|
||
|
|
//
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha1);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha224);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha256);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha384);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.ECDsaWithSha512);
|
||
|
|
noParams.Add(X9ObjectIdentifiers.IdDsaWithSha1);
|
||
|
|
noParams.Add(OiwObjectIdentifiers.DsaWithSha1);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha224);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha256);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha384);
|
||
|
|
noParams.Add(NistObjectIdentifiers.DsaWithSha512);
|
||
|
|
|
||
|
|
//
|
||
|
|
// RFC 4491
|
||
|
|
//
|
||
|
|
noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94);
|
||
|
|
noParams.Add(CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x2001);
|
||
|
|
|
||
|
|
//
|
||
|
|
// explicit params
|
||
|
|
//
|
||
|
|
AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OiwObjectIdentifiers.IdSha1, DerNull.Instance);
|
||
|
|
exParams.Add("SHA1WITHRSAANDMGF1", CreatePssParams(sha1AlgId, 20));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha224, DerNull.Instance);
|
||
|
|
exParams.Add("SHA224WITHRSAANDMGF1", CreatePssParams(sha224AlgId, 28));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha256, DerNull.Instance);
|
||
|
|
exParams.Add("SHA256WITHRSAANDMGF1", CreatePssParams(sha256AlgId, 32));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha384, DerNull.Instance);
|
||
|
|
exParams.Add("SHA384WITHRSAANDMGF1", CreatePssParams(sha384AlgId, 48));
|
||
|
|
|
||
|
|
AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NistObjectIdentifiers.IdSha512, DerNull.Instance);
|
||
|
|
exParams.Add("SHA512WITHRSAANDMGF1", CreatePssParams(sha512AlgId, 64));
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Return the digest algorithm using one of the standard JCA string
|
||
|
|
* representations rather than the algorithm identifier (if possible).
|
||
|
|
*/
|
||
|
|
private static string GetDigestAlgName(
|
||
|
|
DerObjectIdentifier digestAlgOID)
|
||
|
|
{
|
||
|
|
if (PkcsObjectIdentifiers.MD5.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "MD5";
|
||
|
|
}
|
||
|
|
else if (OiwObjectIdentifiers.IdSha1.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA1";
|
||
|
|
}
|
||
|
|
else if (NistObjectIdentifiers.IdSha224.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA224";
|
||
|
|
}
|
||
|
|
else if (NistObjectIdentifiers.IdSha256.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA256";
|
||
|
|
}
|
||
|
|
else if (NistObjectIdentifiers.IdSha384.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA384";
|
||
|
|
}
|
||
|
|
else if (NistObjectIdentifiers.IdSha512.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA512";
|
||
|
|
}
|
||
|
|
else if (NistObjectIdentifiers.IdSha512_224.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA512(224)";
|
||
|
|
}
|
||
|
|
else if (NistObjectIdentifiers.IdSha512_256.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "SHA512(256)";
|
||
|
|
}
|
||
|
|
else if (TeleTrusTObjectIdentifiers.RipeMD128.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "RIPEMD128";
|
||
|
|
}
|
||
|
|
else if (TeleTrusTObjectIdentifiers.RipeMD160.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "RIPEMD160";
|
||
|
|
}
|
||
|
|
else if (TeleTrusTObjectIdentifiers.RipeMD256.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "RIPEMD256";
|
||
|
|
}
|
||
|
|
else if (CryptoProObjectIdentifiers.GostR3411.Equals(digestAlgOID))
|
||
|
|
{
|
||
|
|
return "GOST3411";
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
return digestAlgOID.Id;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static string GetSignatureName(AlgorithmIdentifier sigAlgId)
|
||
|
|
{
|
||
|
|
Asn1Encodable parameters = sigAlgId.Parameters;
|
||
|
|
|
||
|
|
if (parameters != null && !derNull.Equals(parameters))
|
||
|
|
{
|
||
|
|
if (sigAlgId.Algorithm.Equals(PkcsObjectIdentifiers.IdRsassaPss))
|
||
|
|
{
|
||
|
|
RsassaPssParameters rsaParams = RsassaPssParameters.GetInstance(parameters);
|
||
|
|
|
||
|
|
return GetDigestAlgName(rsaParams.HashAlgorithm.Algorithm) + "withRSAandMGF1";
|
||
|
|
}
|
||
|
|
if (sigAlgId.Algorithm.Equals(X9ObjectIdentifiers.ECDsaWithSha2))
|
||
|
|
{
|
||
|
|
Asn1Sequence ecDsaParams = Asn1Sequence.GetInstance(parameters);
|
||
|
|
|
||
|
|
return GetDigestAlgName((DerObjectIdentifier)ecDsaParams[0]) + "withECDSA";
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return sigAlgId.Algorithm.Id;
|
||
|
|
}
|
||
|
|
|
||
|
|
private static RsassaPssParameters CreatePssParams(
|
||
|
|
AlgorithmIdentifier hashAlgId,
|
||
|
|
int saltSize)
|
||
|
|
{
|
||
|
|
return new RsassaPssParameters(
|
||
|
|
hashAlgId,
|
||
|
|
new AlgorithmIdentifier(PkcsObjectIdentifiers.IdMgf1, hashAlgId),
|
||
|
|
new DerInteger(saltSize),
|
||
|
|
new DerInteger(1));
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static DerObjectIdentifier GetAlgorithmOid(
|
||
|
|
string algorithmName)
|
||
|
|
{
|
||
|
|
algorithmName = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithmName);
|
||
|
|
|
||
|
|
if (algorithms.Contains(algorithmName))
|
||
|
|
{
|
||
|
|
return (DerObjectIdentifier) algorithms[algorithmName];
|
||
|
|
}
|
||
|
|
|
||
|
|
return new DerObjectIdentifier(algorithmName);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static AlgorithmIdentifier GetSigAlgID(
|
||
|
|
DerObjectIdentifier sigOid,
|
||
|
|
string algorithmName)
|
||
|
|
{
|
||
|
|
if (noParams.Contains(sigOid))
|
||
|
|
{
|
||
|
|
return new AlgorithmIdentifier(sigOid);
|
||
|
|
}
|
||
|
|
|
||
|
|
algorithmName = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.ToUpperInvariant(algorithmName);
|
||
|
|
|
||
|
|
if (exParams.Contains(algorithmName))
|
||
|
|
{
|
||
|
|
return new AlgorithmIdentifier(sigOid, (Asn1Encodable) exParams[algorithmName]);
|
||
|
|
}
|
||
|
|
|
||
|
|
return new AlgorithmIdentifier(sigOid, DerNull.Instance);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal static IEnumerable GetAlgNames()
|
||
|
|
{
|
||
|
|
return new EnumerableProxy(algorithms.Keys);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Calculator factory class for signature generation in ASN.1 based profiles that use an AlgorithmIdentifier to preserve
|
||
|
|
/// signature algorithm details.
|
||
|
|
/// </summary>
|
||
|
|
public class Asn1SignatureFactory
|
||
|
|
: ISignatureFactory
|
||
|
|
{
|
||
|
|
private readonly AlgorithmIdentifier algID;
|
||
|
|
private readonly string algorithm;
|
||
|
|
private readonly AsymmetricKeyParameter privateKey;
|
||
|
|
private readonly SecureRandom random;
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Base constructor.
|
||
|
|
/// </summary>
|
||
|
|
/// <param name="algorithm">The name of the signature algorithm to use.</param>
|
||
|
|
/// <param name="privateKey">The private key to be used in the signing operation.</param>
|
||
|
|
public Asn1SignatureFactory (string algorithm, AsymmetricKeyParameter privateKey)
|
||
|
|
: this(algorithm, privateKey, null)
|
||
|
|
{
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Constructor which also specifies a source of randomness to be used if one is required.
|
||
|
|
/// </summary>
|
||
|
|
/// <param name="algorithm">The name of the signature algorithm to use.</param>
|
||
|
|
/// <param name="privateKey">The private key to be used in the signing operation.</param>
|
||
|
|
/// <param name="random">The source of randomness to be used in signature calculation.</param>
|
||
|
|
public Asn1SignatureFactory(string algorithm, AsymmetricKeyParameter privateKey, SecureRandom random)
|
||
|
|
{
|
||
|
|
if (algorithm == null)
|
||
|
|
throw new ArgumentNullException("algorithm");
|
||
|
|
if (privateKey == null)
|
||
|
|
throw new ArgumentNullException("privateKey");
|
||
|
|
if (!privateKey.IsPrivate)
|
||
|
|
throw new ArgumentException("Key for signing must be private", "privateKey");
|
||
|
|
|
||
|
|
DerObjectIdentifier sigOid = X509Utilities.GetAlgorithmOid(algorithm);
|
||
|
|
|
||
|
|
this.algorithm = algorithm;
|
||
|
|
this.privateKey = privateKey;
|
||
|
|
this.random = random;
|
||
|
|
this.algID = X509Utilities.GetSigAlgID(sigOid, algorithm);
|
||
|
|
}
|
||
|
|
|
||
|
|
public Object AlgorithmDetails
|
||
|
|
{
|
||
|
|
get { return this.algID; }
|
||
|
|
}
|
||
|
|
|
||
|
|
public IStreamCalculator CreateCalculator()
|
||
|
|
{
|
||
|
|
ISigner signer = SignerUtilities.InitSigner(algorithm, true, privateKey, random);
|
||
|
|
|
||
|
|
return new DefaultSignatureCalculator(signer);
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Allows enumeration of the signature names supported by the verifier provider.
|
||
|
|
/// </summary>
|
||
|
|
public static IEnumerable SignatureAlgNames
|
||
|
|
{
|
||
|
|
get { return X509Utilities.GetAlgNames(); }
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Verifier class for signature verification in ASN.1 based profiles that use an AlgorithmIdentifier to preserve
|
||
|
|
/// signature algorithm details.
|
||
|
|
/// </summary>
|
||
|
|
public class Asn1VerifierFactory
|
||
|
|
: IVerifierFactory
|
||
|
|
{
|
||
|
|
private readonly AlgorithmIdentifier algID;
|
||
|
|
private readonly AsymmetricKeyParameter publicKey;
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Base constructor.
|
||
|
|
/// </summary>
|
||
|
|
/// <param name="algorithm">The name of the signature algorithm to use.</param>
|
||
|
|
/// <param name="publicKey">The public key to be used in the verification operation.</param>
|
||
|
|
public Asn1VerifierFactory(string algorithm, AsymmetricKeyParameter publicKey)
|
||
|
|
{
|
||
|
|
if (algorithm == null)
|
||
|
|
throw new ArgumentNullException("algorithm");
|
||
|
|
if (publicKey == null)
|
||
|
|
throw new ArgumentNullException("publicKey");
|
||
|
|
if (publicKey.IsPrivate)
|
||
|
|
throw new ArgumentException("Key for verifying must be public", "publicKey");
|
||
|
|
|
||
|
|
DerObjectIdentifier sigOid = X509Utilities.GetAlgorithmOid(algorithm);
|
||
|
|
|
||
|
|
this.publicKey = publicKey;
|
||
|
|
this.algID = X509Utilities.GetSigAlgID(sigOid, algorithm);
|
||
|
|
}
|
||
|
|
|
||
|
|
public Asn1VerifierFactory(AlgorithmIdentifier algorithm, AsymmetricKeyParameter publicKey)
|
||
|
|
{
|
||
|
|
this.publicKey = publicKey;
|
||
|
|
this.algID = algorithm;
|
||
|
|
}
|
||
|
|
|
||
|
|
public Object AlgorithmDetails
|
||
|
|
{
|
||
|
|
get { return this.algID; }
|
||
|
|
}
|
||
|
|
|
||
|
|
public IStreamCalculator CreateCalculator()
|
||
|
|
{
|
||
|
|
|
||
|
|
ISigner verifier = SignerUtilities.InitSigner(X509Utilities.GetSignatureName(algID), false, publicKey, null);
|
||
|
|
|
||
|
|
return new DefaultVerifierCalculator(verifier);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Provider class which supports dynamic creation of signature verifiers.
|
||
|
|
/// </summary>
|
||
|
|
public class Asn1VerifierFactoryProvider: IVerifierFactoryProvider
|
||
|
|
{
|
||
|
|
private readonly AsymmetricKeyParameter publicKey;
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Base constructor - specify the public key to be used in verification.
|
||
|
|
/// </summary>
|
||
|
|
/// <param name="publicKey">The public key to be used in creating verifiers provided by this object.</param>
|
||
|
|
public Asn1VerifierFactoryProvider(AsymmetricKeyParameter publicKey)
|
||
|
|
{
|
||
|
|
this.publicKey = publicKey;
|
||
|
|
}
|
||
|
|
|
||
|
|
public IVerifierFactory CreateVerifierFactory(Object algorithmDetails)
|
||
|
|
{
|
||
|
|
return new Asn1VerifierFactory((AlgorithmIdentifier)algorithmDetails, publicKey);
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>
|
||
|
|
/// Allows enumeration of the signature names supported by the verifier provider.
|
||
|
|
/// </summary>
|
||
|
|
public IEnumerable SignatureAlgNames
|
||
|
|
{
|
||
|
|
get { return X509Utilities.GetAlgNames(); }
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
#pragma warning restore
|
||
|
|
#endif
|