/// <summary> /// Build the Pfx structure, protecting it with a MAC calculated against the passed in password. /// </summary> /// <param name="macCalcFactory">a builder for a Pkcs12 mac calculator.</param> /// <returns>A Pfx object.</returns> public Pkcs12PfxPdu Build(IMacFactory <Pkcs12MacAlgDescriptor> macCalcFactory) { AuthenticatedSafe auth = AuthenticatedSafe.GetInstance(new DerSequence(dataVector)); byte[] encAuth; try { encAuth = auth.GetEncoded(); } catch (IOException e) { throw new PkcsException("unable to encode AuthenticatedSafe: " + e.Message, e); } ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new DerOctetString(encAuth)); MacData mData = null; if (macCalcFactory != null) { mData = PkcsUtilities.CreateMacData(macCalcFactory, encAuth); } // // output the Pfx // Pfx pfx = new Pfx(mainInfo, mData); return(new Pkcs12PfxPdu(pfx)); }
public ProtectedPkiMessage Build(IMacFactory factory) { IStreamCalculator calculator = factory.CreateCalculator(); FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); PkiHeader header = hdrBuilBuilder.Build(); DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); return(FinalizeMessage(header, protection)); }
internal Pkcs12MacFactory(Pkcs12MacAlgDescriptor algDetails, char[] password) { this.algDetails = algDetails; DigestAlgorithm prf = (DigestAlgorithm)Utils.digestTable[algDetails.DigestAlgorithm.Algorithm]; IPasswordBasedDeriver <Pbkd.PbkdParameters> deriver = CryptoServicesRegistrar.CreateService(Pbkd.Pkcs12).From(PasswordConverter.PKCS12, password) .WithPrf(prf).WithSalt(algDetails.GetIV()).WithIterationCount(algDetails.IterationCount).Build(); this.baseFactory = CryptoServicesRegistrar.CreateService(new FipsShs.Key(FipsShs.Sha1HMac, deriver.DeriveKey(TargetKeyType.MAC, (int)Utils.digestSize[prf]))).CreateMacFactory((FipsShs.AuthenticationParameters)Utils.pkcs12MacIds[prf]); }
internal static MacData CreateMacData(IMacFactory <Pkcs12MacAlgDescriptor> macCalcFactory, byte[] data) { IStreamCalculator <IBlockResult> mdCalc = macCalcFactory.CreateCalculator(); using (var str = mdCalc.Stream) { str.Write(data, 0, data.Length); } Pkcs12MacAlgDescriptor macAlg = macCalcFactory.AlgorithmDetails; return(new MacData(new DigestInfo(macAlg.DigestAlgorithm, mdCalc.GetResult().Collect()), macAlg.GetIV(), macAlg.IterationCount)); }
public ProtectedPkiMessage Build(IMacFactory factory) { if (null == body) { throw new InvalidOperationException("body must be set before building"); } IStreamCalculator calculator = factory.CreateCalculator(); FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); PkiHeader header = hdrBuilBuilder.Build(); DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); return(FinalizeMessage(header, protection)); }
public ProofOfPossessionSigningKeyBuilder SetPublicKeyMac(PKMacBuilder generator, char[] password) { IMacFactory fact = generator.Build(password); IStreamCalculator calc = fact.CreateCalculator(); byte[] d = _pubKeyInfo.GetDerEncoded(); calc.Stream.Write(d, 0, d.Length); calc.Stream.Flush(); BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(calc.Stream); this._publicKeyMAC = new PKMacValue( (AlgorithmIdentifier)fact.AlgorithmDetails, new DerBitString(((IBlockResult)calc.GetResult()).Collect())); return(this); }
public ProofOfPossessionSigningKeyBuilder setPublicKeyMac(PKMacBuilder generator, char[] password) { IMacFactory fact = generator.Build(password); IStreamCalculator calc = fact.CreateCalculator(); byte[] d = _pubKeyInfo.GetDerEncoded(); calc.Stream.Write(d, 0, d.Length); calc.Stream.Flush(); calc.Stream.Close(); this._publicKeyMAC = new PKMacValue( (AlgorithmIdentifier)fact.AlgorithmDetails, new DerBitString(((IBlockResult)calc.GetResult()).Collect())); return(this); }
/** * Verify the MacData attached to the PFX is consistent with what is expected. * * @param macCalcProviderBuilder provider builder for the calculator for the MAC * @return true if mac data is valid, false otherwise. * @throws PkcsException if there is a problem evaluating the MAC. * @throws IllegalStateException if no MAC is actually present */ public bool IsMacValid(IMacFactoryProvider <Pkcs12MacAlgDescriptor> macCalcProviderBuilder) { if (HasMac) { MacData pfxmData = pfx.MacData; IMacFactory <Pkcs12MacAlgDescriptor> mdFact = macCalcProviderBuilder.CreateMacFactory(new Pkcs12MacAlgDescriptor(pfxmData.Mac.AlgorithmID, pfxmData.GetSalt(), pfxmData.IterationCount.IntValue)); try { MacData mData = PkcsUtilities.CreateMacData(mdFact, Asn1OctetString.GetInstance(pfx.AuthSafe.Content).GetOctets()); return(Arrays.ConstantTimeAreEqual(mData.GetEncoded(), pfx.MacData.GetEncoded())); } catch (IOException e) { throw new PkcsException("unable to process AuthSafe: " + e.Message); } } throw new InvalidOperationException("no MAC present on PFX"); }
public RecipientOperator(IMacFactory <AlgorithmIdentifier> macCalculator) { this.algorithmIdentifier = macCalculator.AlgorithmDetails; this.op = macCalculator; }