protected internal AgileEncryptionVerifier(EncryptionDocument ed) { IEnumerator <CT_KeyEncryptor> encList = ed.GetEncryption().keyEncryptors.keyEncryptor.GetEnumerator(); CT_PasswordKeyEncryptor keyData; try { //keyData = encList.Next().EncryptedPasswordKey; encList.MoveNext(); keyData = encList.Current.Item as CT_PasswordKeyEncryptor; if (keyData == null) { throw new NullReferenceException("encryptedKey not Set"); } } catch (Exception e) { throw new EncryptedDocumentException("Unable to parse keyData", e); } int keyBits = (int)keyData.keyBits; CipherAlgorithm ca = CipherAlgorithm.FromXmlId(keyData.cipherAlgorithm.ToString(), keyBits); CipherAlgorithm = (ca); int hashSize = (int)keyData.hashSize; HashAlgorithm ha = HashAlgorithm.FromEcmaId(keyData.hashAlgorithm.ToString()); HashAlgorithm = (ha); if (HashAlgorithm.hashSize != hashSize) { throw new EncryptedDocumentException("Unsupported hash algorithm: " + keyData.hashAlgorithm + " @ " + hashSize + " bytes"); } SpinCount = (int)(keyData.spinCount); EncryptedVerifier = (keyData.encryptedVerifierHashInput); Salt = (keyData.saltValue); EncryptedKey = (keyData.encryptedKeyValue); EncryptedVerifierHash = (keyData.encryptedVerifierHashValue); int saltSize = (int)keyData.saltSize; if (saltSize != Salt.Length) { throw new EncryptedDocumentException("Invalid salt size"); } switch (keyData.cipherChaining) { case ST_CipherChaining.ChainingModeCBC: ChainingMode = (ChainingMode.cbc); break; case ST_CipherChaining.ChainingModeCFB: ChainingMode = (ChainingMode.cfb); break; default: throw new EncryptedDocumentException("Unsupported chaining mode - " + keyData.cipherChaining.ToString()); } //if (!encList.HasNext()) return; try { //CertificateFactory cf = CertificateFactory.GetInstance("X.509"); while (encList.MoveNext()) { CT_CertificateKeyEncryptor certKey = encList.Current.Item as CT_CertificateKeyEncryptor; AgileCertificateEntry ace = new AgileCertificateEntry(); ace.certVerifier = certKey.certVerifier; ace.encryptedKey = certKey.encryptedKeyValue; ace.x509 = new X509Certificate(X509CertificateStructure.GetInstance(certKey.X509Certificate)); certList.Add(ace); } } catch (Exception e) { throw new EncryptedDocumentException("can't parse X509 certificate", e); } }
protected EncryptionDocument CreateEncryptionDocument() { AgileEncryptionVerifier ver = builder.GetVerifier(); AgileEncryptionHeader header = builder.GetHeader(); EncryptionDocument ed = EncryptionDocument.NewInstance(); CT_Encryption edRoot = ed.AddNewEncryption(); CT_KeyData keyData = edRoot.AddNewKeyData(); CT_KeyEncryptors keyEncList = edRoot.AddNewKeyEncryptors(); CT_KeyEncryptor keyEnc = keyEncList.AddNewKeyEncryptor(); keyEnc.uri = (/*setter*/ passwordUri); CT_PasswordKeyEncryptor keyPass = keyEnc.AddNewEncryptedPasswordKey(); keyPass.spinCount = (uint)ver.SpinCount; keyData.saltSize = (uint)header.BlockSize; keyPass.saltSize = (uint)header.BlockSize; keyData.blockSize = (uint)header.BlockSize; keyPass.blockSize = (uint)header.BlockSize; keyData.keyBits = (uint)header.KeySize; keyPass.keyBits = (uint)header.KeySize; HashAlgorithm hashAlgo = header.HashAlgorithm; keyData.hashSize = (uint)hashAlgo.hashSize; keyPass.hashSize = (uint)hashAlgo.hashSize; ST_CipherAlgorithm?xmlCipherAlgo = (ST_CipherAlgorithm?)Enum.Parse(typeof(ST_CipherAlgorithm), header.CipherAlgorithm.xmlId); if (xmlCipherAlgo == null) { throw new EncryptedDocumentException("CipherAlgorithm " + header.CipherAlgorithm + " not supported."); } keyData.cipherAlgorithm = (/*setter*/ xmlCipherAlgo.Value); keyPass.cipherAlgorithm = (/*setter*/ xmlCipherAlgo.Value); switch (header.ChainingMode.jceId) { case "cbc": keyData.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCBC); keyPass.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCBC); break; case "cfb": keyData.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCFB); keyPass.cipherChaining = (/*setter*/ ST_CipherChaining.ChainingModeCFB); break; default: throw new EncryptedDocumentException("ChainingMode " + header.ChainingMode + " not supported."); } ST_HashAlgorithm?xmlHashAlgo = (ST_HashAlgorithm?)Enum.Parse(typeof(ST_HashAlgorithm), hashAlgo.ecmaString); if (xmlHashAlgo == null) { throw new EncryptedDocumentException("HashAlgorithm " + hashAlgo + " not supported."); } keyData.hashAlgorithm = (/*setter*/ xmlHashAlgo.Value); keyPass.hashAlgorithm = (/*setter*/ xmlHashAlgo.Value); keyData.saltValue = (/*setter*/ header.KeySalt); keyPass.saltValue = (/*setter*/ ver.Salt); keyPass.encryptedVerifierHashInput = (/*setter*/ ver.EncryptedVerifier); keyPass.encryptedVerifierHashValue = (/*setter*/ ver.EncryptedVerifierHash); keyPass.encryptedKeyValue = (/*setter*/ ver.EncryptedKey); CT_DataIntegrity hmacData = edRoot.AddNewDataIntegrity(); hmacData.encryptedHmacKey = (/*setter*/ header.GetEncryptedHmacKey()); hmacData.encryptedHmacValue = (/*setter*/ header.GetEncryptedHmacValue()); foreach (AgileCertificateEntry ace in ver.GetCertificates()) { keyEnc = keyEncList.AddNewKeyEncryptor(); keyEnc.uri = (/*setter*/ certificateUri); CT_CertificateKeyEncryptor certData = keyEnc.AddNewEncryptedCertificateKey(); try { certData.X509Certificate = ace.x509.GetEncoded(); } catch (Exception e) { throw new EncryptedDocumentException(e); } certData.encryptedKeyValue = (/*setter*/ ace.encryptedKey); certData.certVerifier = (/*setter*/ ace.certVerifier); } return(ed); }