private X509Crl GenerateJcaObject(
TbsCertificateList tbsCrl,
byte[] signature)
{
return(new X509Crl(
CertificateList.GetInstance(
new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature)))));
}
private void TbsV2CertListGenerate()
{
V2TbsCertListGenerator gen = new V2TbsCertListGenerator();
gen.SetIssuer(new X509Name("CN=AU,O=Bouncy Castle"));
gen.AddCrlEntry(new DerInteger(1), new Time(MakeUtcDateTime(1970, 1, 1, 0, 0, 1)), ReasonFlags.AACompromise);
gen.SetNextUpdate(new Time(MakeUtcDateTime(1970, 1, 1, 0, 0, 2)));
gen.SetThisUpdate(new Time(MakeUtcDateTime(1970, 1, 1, 0, 0, 0, 500)));
gen.SetSignature(new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance));
//
// extensions
//
IList order = new ArrayList();
IDictionary extensions = new Hashtable();
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(
OiwObjectIdentifiers.ElGamalAlgorithm,
new ElGamalParameter(BigInteger.One, BigInteger.Two)),
new DerInteger(3));
order.Add(X509Extensions.AuthorityKeyIdentifier);
order.Add(X509Extensions.IssuerAlternativeName);
order.Add(X509Extensions.CrlNumber);
order.Add(X509Extensions.IssuingDistributionPoint);
extensions.Add(X509Extensions.AuthorityKeyIdentifier, new X509Extension(true, new DerOctetString(CreateAuthorityKeyId(info, new X509Name("CN=AU,O=Bouncy Castle,OU=Test 2"), 2))));
extensions.Add(X509Extensions.IssuerAlternativeName, new X509Extension(false, new DerOctetString(GeneralNames.GetInstance(new DerSequence(new GeneralName(new X509Name("CN=AU,O=Bouncy Castle,OU=Test 3")))))));
extensions.Add(X509Extensions.CrlNumber, new X509Extension(false, new DerOctetString(new DerInteger(1))));
extensions.Add(X509Extensions.IssuingDistributionPoint, new X509Extension(true, new DerOctetString(IssuingDistributionPoint.GetInstance(DerSequence.Empty))));
X509Extensions ex = new X509Extensions(order, extensions);
gen.SetExtensions(ex);
TbsCertificateList tbs = gen.GenerateTbsCertList();
if (!Arrays.AreEqual(tbs.GetEncoded(), v2CertList))
{
Fail("failed v2 cert list generation");
}
//
// read back test
//
Asn1InputStream aIn = new Asn1InputStream(v2CertList);
Asn1Object o = aIn.ReadObject();
if (!Arrays.AreEqual(o.GetEncoded(), v2CertList))
{
Fail("failed v2 cert list read back test");
}
}
private CertificateList(Asn1Sequence seq)
{
if (seq.Count != 3)
{
throw new ArgumentException("sequence wrong size for CertificateList", "seq");
}
tbsCertList = TbsCertificateList.GetInstance(seq[0]);
sigAlgID = AlgorithmIdentifier.GetInstance(seq[1]);
sig = DerBitString.GetInstance(seq[2]);
}
public X509Crl Generate(ISignatureFactory signatureCalculatorFactory)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
TbsCertificateList tbsCertificateList = GenerateCertList();
IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
byte[] derEncoded = tbsCertificateList.GetDerEncoded();
streamCalculator.Stream.Write(derEncoded, 0, derEncoded.Length);
Platform.Dispose(streamCalculator.Stream);
return(GenerateJcaObject(tbsCertificateList, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect()));
}
public static X509Name GetIssuerX509Principal(X509Crl crl)
{
try
{
TbsCertificateList instance = TbsCertificateList.GetInstance(Asn1Object.FromByteArray(crl.GetTbsCertList()));
return(instance.Issuer);
}
catch (global::System.Exception e)
{
throw new CrlException("Could not extract issuer", e);
}
}
public static TbsCertificateList GetInstance(object obj)
{
TbsCertificateList tbsCertificateList = obj as TbsCertificateList;
if (obj == null || tbsCertificateList != null)
{
return(tbsCertificateList);
}
if (obj is Asn1Sequence)
{
return(new TbsCertificateList((Asn1Sequence)obj));
}
throw new ArgumentException("unknown object in factory: " + Platform.GetTypeName(obj), "obj");
}
public X509Crl Generate(AsymmetricKeyParameter privateKey, SecureRandom random)
{
TbsCertificateList tbsCertificateList = this.GenerateCertList();
byte[] signatureForObject;
try
{
signatureForObject = X509Utilities.GetSignatureForObject(this.sigOID, this.signatureAlgorithm, privateKey, random, tbsCertificateList);
}
catch (IOException e)
{
throw new CrlException("cannot generate CRL encoding", e);
}
return(this.GenerateJcaObject(tbsCertificateList, signatureForObject));
}
/// <summary>
/// Generate a new X509Crl using the passed in SignatureCalculator.
/// </summary>
/// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param>
/// <returns>An X509Crl.</returns>
public X509Crl Generate(ISignatureCalculator signatureCalculator)
{
tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails);
TbsCertificateList tbsCertList = GenerateCertList();
IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator();
byte[] encoded = tbsCertList.GetDerEncoded();
streamCalculator.Stream.Write(encoded, 0, encoded.Length);
streamCalculator.Stream.Close();
return(GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal()));
}
/// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
/// <param name="cspParam">CSP Parameters containing the key</param>
public X509Crl Generate(CspParameters cspParam)
{
TbsCertificateList tbsCrl = GenerateCertList();
byte[] signature;
try
{
signature = SysSigner.Sign(tbsCrl.GetDerEncoded(), cspParam, signatureAlgorithm);
}
catch (IOException e)
{
throw new CrlException("cannot generate CRL encoding", e);
}
return(new X509Crl(CertificateList.GetInstance(new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature)))));
}
/// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
/// <param name="cspParam">CSP Parameters containing the key</param>
public X509Crl Generate(CngKey key)
{
TbsCertificateList tbsCrl = GenerateCertList();
byte[] signature;
try
{
signature = CngSigner.Sign(tbsCrl.GetDerEncoded(), key, CngAlgorithm.Sha256);
}
catch (IOException e)
{
throw new CrlException("cannot generate CRL encoding", e);
}
return(new X509Crl(CertificateList.GetInstance(new DerSequence(tbsCrl, sigAlgId, new DerBitString(signature)))));
}
/// <summary>Generate an X509 CRL, based on the current issuer and subject.</summary>
/// <param name="privateKey">The key used for signing.</param>
/// <param name="random">A user-defined source of randomness.</param>
public X509Crl Generate(
AsymmetricKeyParameter privateKey,
SecureRandom random)
{
TbsCertificateList tbsCrl = GenerateCertList();
byte[] signature;
try
{
signature = X509Utilities.GetSignatureForObject(
sigOID, signatureAlgorithm, privateKey, random, tbsCrl);
}
catch (IOException e)
{
// TODO
// throw new ExtCrlException("cannot generate CRL encoding", e);
throw new CrlException("cannot generate CRL encoding", e);
}
return(GenerateJcaObject(tbsCrl, signature));
}
