Exemple #1
0
        /// <summary>
        /// Return whether or not a signing key proof-of-possession (POP) is valid.
        /// </summary>
        /// <param name="verifierProvider">a provider that can produce content verifiers for the signature contained in this POP.</param>
        /// <returns>true if the POP is valid, false otherwise.</returns>
        /// <exception cref="InvalidOperationException">if there is a problem in verification or content verifier creation.</exception>
        /// <exception cref="InvalidOperationException">if POP not appropriate.</exception>
        public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider)
        {
            ProofOfPossession pop = certReqMsg.Popo;

            if (pop.Type == popSigningKey)
            {
                PopoSigningKey popoSign = PopoSigningKey.GetInstance(pop.Object);
                if (popoSign.PoposkInput != null && popoSign.PoposkInput.PublicKeyMac != null)
                {
                    throw new InvalidOperationException("verification requires password check");
                }
                return(verifySignature(verifierProvider, popoSign));
            }

            throw new InvalidOperationException("not Signing Key type of proof of possession");
        }
    private ProofOfPossession(Asn1TaggedObject tagged)
    {
        tagNo = tagged.TagNo;
        switch (tagNo)
        {
        case 0:
            obj = DerNull.Instance;
            break;

        case 1:
            obj = PopoSigningKey.GetInstance(tagged, isExplicit: false);
            break;

        case 2:
        case 3:
            obj = PopoPrivKey.GetInstance(tagged, isExplicit: false);
            break;

        default:
            throw new ArgumentException("unknown tag: " + tagNo, "tagged");
        }
    }
Exemple #3
0
        private bool verifySignature(IVerifierFactoryProvider verifierFactoryProvider, PopoSigningKey signKey)
        {
            IVerifierFactory  verifer;
            IStreamCalculator calculator;

            try
            {
                verifer    = verifierFactoryProvider.CreateVerifierFactory(signKey.AlgorithmIdentifier);
                calculator = verifer.CreateCalculator();
            }
            catch (Exception ex)
            {
                throw new CrmfException("unable to create verifier: " + ex.Message, ex);
            }

            if (signKey.PoposkInput != null)
            {
                byte[] b = signKey.GetDerEncoded();
                calculator.Stream.Write(b, 0, b.Length);
            }
            else
            {
                byte[] b = certReqMsg.CertReq.GetDerEncoded();
                calculator.Stream.Write(b, 0, b.Length);
            }

            DefaultVerifierResult result = (DefaultVerifierResult)calculator.GetResult();

            return(result.IsVerified(signKey.Signature.GetBytes()));
        }
 public ProofOfPossession(PopoSigningKey Poposk)
 {
     tagNo = 1;
     obj   = Poposk;
 }