public CertificateConfirmationContent Build()
{
Asn1EncodableVector v = new Asn1EncodableVector();
for (int i = 0; i != acceptedCerts.Count; i++)
{
X509Certificate cert = (X509Certificate)acceptedCerts[i];
BigInteger reqId = (BigInteger)acceptedReqIds[i];
AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName);
AlgorithmIdentifier digAlg = digestAlgFinder.find(algorithmIdentifier);
if (digAlg == null)
{
throw new CmpException("cannot find algorithm for digest from signature");
}
DigestSink sink = new DigestSink(DigestUtilities.GetDigest(digAlg.Algorithm));
sink.Write(cert.GetEncoded());
byte[] dig = new byte[sink.Digest.GetDigestSize()];
sink.Digest.DoFinal(dig, 0);
v.Add(new CertStatus(dig, reqId));
}
return(new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)),
digestAlgFinder));
}
public CertificateConfirmationContent Build()
{
Asn1EncodableVector v = new Asn1EncodableVector();
for (int i = 0; i != acceptedCerts.Count; i++)
{
X509Certificate cert = (X509Certificate)acceptedCerts[i];
BigInteger reqId = (BigInteger)acceptedReqIds[i];
AlgorithmIdentifier algorithmIdentifier = sigAlgFinder.Find(cert.SigAlgName);
AlgorithmIdentifier digAlg = digestAlgFinder.find(algorithmIdentifier);
if (null == digAlg)
{
throw new CmpException("cannot find algorithm for digest from signature");
}
byte[] digest = DigestUtilities.CalculateDigest(digAlg.Algorithm, cert.GetEncoded());
v.Add(new CertStatus(digest, reqId));
}
return(new CertificateConfirmationContent(CertConfirmContent.GetInstance(new DerSequence(v)),
digestAlgFinder));
}
public void TestConfirmationMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder()
{
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
PublicKey = rsaKeyPair.Public,
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
builder.AddAttribute(X509Name.C, "Foo");
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
.AddAcceptedCertificate(cert, BigInteger.One)
.Build();
ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure()));
msgBuilder.AddCmpCertificate(cert);
ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
IsEquals(sender, msg.Header.Sender);
IsEquals(recipient, msg.Header.Recipient);
content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder());
CertificateStatus[] statusList = content.GetStatusMessages();
IsEquals(1, statusList.Length);
IsTrue(statusList[0].IsVerified(cert));
}
public CertificateConfirmationContent(CertConfirmContent content,
DefaultDigestAlgorithmIdentifierFinder digestAlgFinder)
{
this.content = content;
this.digestAlgFinder = digestAlgFinder;
}
public CertificateConfirmationContent(CertConfirmContent content)
{
this.content = content;
}
private static Asn1Encodable GetBodyForType(int type, Asn1Encodable o)
{
switch (type)
{
case 0:
return(CertReqMessages.GetInstance(o));
case 1:
return(CertRepMessage.GetInstance(o));
case 2:
return(CertReqMessages.GetInstance(o));
case 3:
return(CertRepMessage.GetInstance(o));
case 4:
return(CertificationRequest.GetInstance(o));
case 5:
return(PopoDecKeyChallContent.GetInstance(o));
case 6:
return(PopoDecKeyRespContent.GetInstance(o));
case 7:
return(CertReqMessages.GetInstance(o));
case 8:
return(CertRepMessage.GetInstance(o));
case 9:
return(CertReqMessages.GetInstance(o));
case 10:
return(KeyRecRepContent.GetInstance(o));
case 11:
return(RevReqContent.GetInstance(o));
case 12:
return(RevRepContent.GetInstance(o));
case 13:
return(CertReqMessages.GetInstance(o));
case 14:
return(CertRepMessage.GetInstance(o));
case 15:
return(CAKeyUpdAnnContent.GetInstance(o));
case 16:
return(CmpCertificate.GetInstance(o));
case 17:
return(RevAnnContent.GetInstance(o));
case 18:
return(CrlAnnContent.GetInstance(o));
case 19:
return(PkiConfirmContent.GetInstance(o));
case 20:
return(PkiMessages.GetInstance(o));
case 21:
return(GenMsgContent.GetInstance(o));
case 22:
return(GenRepContent.GetInstance(o));
case 23:
return(ErrorMsgContent.GetInstance(o));
case 24:
return(CertConfirmContent.GetInstance(o));
case 25:
return(PollReqContent.GetInstance(o));
case 26:
return(PollRepContent.GetInstance(o));
default:
throw new ArgumentException("unknown tag number: " + type, "type");
}
}
