/// <summary> /// Create a new instance of the <see cref="HmacSigningHandler"/> class. /// </summary> /// <param name="secretRepository"></param> /// <param name="representationBuilder"></param> /// <param name="signatureCalculator"></param> /// <param name="scheme"></param> public HmacSigningHandler(ISecretRepository secretRepository, IMessageRepresentationBuilder representationBuilder, ISignatureCalculator signatureCalculator, string scheme = "SHA256") { this.secretRepository = secretRepository; this.representationBuilder = representationBuilder; this.signatureCalculator = signatureCalculator; this.scheme = scheme; }
/// <summary> /// Instantiate a Pkcs10CertificationRequest object with the necessary credentials. /// </summary> ///<param name="signatureCalculator">The signature calculator to sign the PKCS#10 request with.</param> /// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param> /// <param name="publicKey">Public Key to be included in cert reqest.</param> /// <param name="attributes">ASN1Set of Attributes.</param> /// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param> public Pkcs10CertificationRequest( ISignatureCalculator signatureCalculator, X509Name subject, AsymmetricKeyParameter publicKey, Asn1Set attributes, AsymmetricKeyParameter signingKey) { if (signatureCalculator == null) { throw new ArgumentNullException("signatureCalculator"); } if (subject == null) { throw new ArgumentNullException("subject"); } if (publicKey == null) { throw new ArgumentNullException("publicKey"); } if (publicKey.IsPrivate) { throw new ArgumentException("expected public key", "publicKey"); } if (!signingKey.IsPrivate) { throw new ArgumentException("key for signing must be private", "signingKey"); } init(signatureCalculator, subject, publicKey, attributes, signingKey); }
/// <summary> /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator. /// </summary> /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> /// <returns>An IX509AttributeCertificate.</returns> public IX509AttributeCertificate Generate(ISignatureCalculator signatureCalculator) { if (!extGenerator.IsEmpty) { acInfoGen.SetExtensions(extGenerator.Generate()); } AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo(); byte[] encoded = acInfo.GetDerEncoded(); IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); streamCalculator.Stream.Write(encoded, 0, encoded.Length); streamCalculator.Stream.Close(); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(acInfo, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails); try { v.Add(new DerBitString(((IBlockResult)streamCalculator.GetResult()).DoFinal())); return(new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(v)))); } catch (Exception e) { // TODO // throw new ExtCertificateEncodingException("constructed invalid certificate", e); throw new CertificateEncodingException("constructed invalid certificate", e); } }
/// <summary> /// Create a new instance of the <see cref="HmacSigningHandler"/> class. /// </summary> /// <param name="secretRepository"></param> /// <param name="representationBuilder"></param> /// <param name="signatureCalculator"></param> public HmacSigningHandler(ISecretRepository secretRepository, IMessageRepresentationBuilder representationBuilder, ISignatureCalculator signatureCalculator) { this.secretRepository = secretRepository; this.representationBuilder = representationBuilder; this.signatureCalculator = signatureCalculator; }
internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureCalculator contentSigner, CmsAttributeTableGenerator signedGen, CmsAttributeTableGenerator unsignedGen) { this.sigId = sigId; this.contentSigner = contentSigner; this.signedGen = signedGen; this.unsignedGen = unsignedGen; this.isDirectSignature = false; }
/** * Build a generator with the passed in certHolder issuer and serial number as the signerIdentifier. * * @param contentSigner operator for generating the final signature in the SignerInfo with. * @param certHolder carrier for the X.509 certificate related to the contentSigner. * @return a SignerInfoGenerator * @throws OperatorCreationException if the generator cannot be built. */ public SignerInfoGenerator Build(ISignatureCalculator contentSigner, X509Certificate certificate) { SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certificate.IssuerDN, new DerInteger(certificate.SerialNumber))); SignerInfoGenerator sigInfoGen = CreateGenerator(contentSigner, sigId); sigInfoGen.setAssociatedCertificate(certificate); return(sigInfoGen); }
/// <summary> /// Creates a new instance of the <see cref="HmacSignatureValidator"/> class. /// </summary> /// <param name="signatureCalculator"></param> /// <param name="representationBuilder"></param> /// <param name="secretRepository"></param> /// <param name="objectCache"></param> /// <param name="validityPeriod"></param> /// <param name="clockDrift"></param> public HmacSignatureValidator(ISignatureCalculator signatureCalculator, IMessageRepresentationBuilder representationBuilder, ISecretRepository secretRepository, ICache objectCache, int validityPeriod, int clockDrift) { this.secretRepository = secretRepository; this.representationBuilder = representationBuilder; this.signatureCalculator = signatureCalculator; this.objectCache = objectCache; ValidityPeriod = validityPeriod; ClockDrift = clockDrift; }
internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureCalculator contentSigner, bool isDirectSignature) { this.sigId = sigId; this.contentSigner = contentSigner; this.isDirectSignature = isDirectSignature; if (this.isDirectSignature) { this.signedGen = null; this.unsignedGen = null; } else { this.signedGen = new DefaultSignedAttributeTableGenerator(); this.unsignedGen = null; } }
/// <summary> /// Generate a new X509Certificate using the passed in SignatureCalculator. /// </summary> /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> /// <returns>An X509Certificate.</returns> public X509Certificate Generate(ISignatureCalculator signatureCalculator) { tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails); TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] encoded = tbsCert.GetDerEncoded(); streamCalculator.Stream.Write(encoded, 0, encoded.Length); streamCalculator.Stream.Close(); return(GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal())); }
internal SignerInf( CmsSignedGenerator outer, ISignatureCalculator sigCalc, SignerIdentifier signerIdentifier, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { this.outer = outer; this.sigCalc = sigCalc; this.signerIdentifier = signerIdentifier; this.digestOID = new DefaultDigestAlgorithmIdentifierFinder().find((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; this.encOID = ((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; }
private SignerInfoGenerator CreateGenerator(ISignatureCalculator contentSigner, SignerIdentifier sigId) { if (directSignature) { return(new SignerInfoGenerator(sigId, contentSigner, true)); } if (signedGen != null || unsignedGen != null) { if (signedGen == null) { signedGen = new DefaultSignedAttributeTableGenerator(); } return(new SignerInfoGenerator(sigId, contentSigner, signedGen, unsignedGen)); } return(new SignerInfoGenerator(sigId, contentSigner)); }
internal SignerInf( CmsSignedGenerator outer, AsymmetricKeyParameter key, SignerIdentifier signerIdentifier, string digestOID, string encOID, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr, Asn1.Cms.AttributeTable baseSignedTable) { string digestName = Helper.GetDigestAlgName(digestOID); string signatureName = digestName + "with" + Helper.GetEncryptionAlgName(encOID); this.outer = outer; this.sigCalc = new Asn1SignatureCalculator(signatureName, key); this.signerIdentifier = signerIdentifier; this.digestOID = digestOID; this.encOID = encOID; this.sAttr = sAttr; this.unsAttr = unsAttr; this.baseSignedTable = baseSignedTable; }
private void init( ISignatureCalculator signatureCalculator, X509Name subject, AsymmetricKeyParameter publicKey, Asn1Set attributes, AsymmetricKeyParameter signingKey) { this.sigAlgId = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails; SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey); this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes); IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] reqInfoData = reqInfo.GetDerEncoded(); streamCalculator.Stream.Write(reqInfoData, 0, reqInfoData.Length); streamCalculator.Stream.Close(); // Generate Signature. sigBits = new DerBitString(((IBlockResult)streamCalculator.GetResult()).DoFinal()); }
/// <summary> /// Generate the signed response using the passed in signature calculator. /// </summary> /// <param name="signatureCalculator">Implementation of signing calculator.</param> /// <param name="chain">The certificate chain associated with the response signer.</param> /// <param name="producedAt">"produced at" date.</param> /// <returns></returns> public BasicOcspResp Generate( ISignatureCalculator signatureCalculator, X509Certificate[] chain, DateTime producedAt) { if (signatureCalculator == null) { throw new ArgumentException("no signature calculator specified"); } return GenerateResponse(signatureCalculator, chain, producedAt); }
/** * Build a generator with the passed in subjectKeyIdentifier as the signerIdentifier. If used you should * try to follow the calculation described in RFC 5280 section 4.2.1.2. * * @param contentSigner operator for generating the final signature in the SignerInfo with. * @param subjectKeyIdentifier key identifier to identify the public key for verifying the signature. * @return a SignerInfoGenerator * @throws OperatorCreationException if the generator cannot be built. */ public SignerInfoGenerator Build(ISignatureCalculator contentSigner, byte[] subjectKeyIdentifier) { SignerIdentifier sigId = new SignerIdentifier(new DerOctetString(subjectKeyIdentifier)); return(CreateGenerator(contentSigner, sigId)); }
/** * Build a generator with the passed in subjectKeyIdentifier as the signerIdentifier. If used you should * try to follow the calculation described in RFC 5280 section 4.2.1.2. * * @param contentSigner operator for generating the final signature in the SignerInfo with. * @param subjectKeyIdentifier key identifier to identify the public key for verifying the signature. * @return a SignerInfoGenerator * @throws OperatorCreationException if the generator cannot be built. */ public SignerInfoGenerator Build(ISignatureCalculator contentSigner, byte[] subjectKeyIdentifier) { SignerIdentifier sigId = new SignerIdentifier(new DerOctetString(subjectKeyIdentifier)); return CreateGenerator(contentSigner, sigId); }
private void init( ISignatureCalculator signatureCalculator, X509Name subject, AsymmetricKeyParameter publicKey, Asn1Set attributes, AsymmetricKeyParameter signingKey) { this.sigAlgId = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails; SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey); this.reqInfo = new CertificationRequestInfo(subject, pubInfo, attributes); Stream sigStream = signatureCalculator.GetSignatureUpdater(); byte[] reqInfoData = reqInfo.GetDerEncoded(); sigStream.Write(reqInfoData, 0, reqInfoData.Length); // Generate Signature. sigBits = new DerBitString(signatureCalculator.Signature()); }
/// <summary> /// Instantiate a Pkcs10CertificationRequest object with the necessary credentials. /// </summary> ///<param name="signatureCalculator">The signature calculator to sign the PKCS#10 request with.</param> /// <param name="subject">X509Name of subject eg OU="My unit." O="My Organisatioin" C="au" </param> /// <param name="publicKey">Public Key to be included in cert reqest.</param> /// <param name="attributes">ASN1Set of Attributes.</param> /// <param name="signingKey">Matching Private key for nominated (above) public key to be used to sign the request.</param> public Pkcs10CertificationRequest( ISignatureCalculator signatureCalculator, X509Name subject, AsymmetricKeyParameter publicKey, Asn1Set attributes, AsymmetricKeyParameter signingKey) { if (signatureCalculator == null) throw new ArgumentNullException("signatureCalculator"); if (subject == null) throw new ArgumentNullException("subject"); if (publicKey == null) throw new ArgumentNullException("publicKey"); if (publicKey.IsPrivate) throw new ArgumentException("expected public key", "publicKey"); if (!signingKey.IsPrivate) throw new ArgumentException("key for signing must be private", "signingKey"); init(signatureCalculator, subject, publicKey, attributes, signingKey); }
/// <summary> /// Generate a new X509Crl using the passed in SignatureCalculator. /// </summary> /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> /// <returns>An X509Crl.</returns> public X509Crl Generate(ISignatureCalculator signatureCalculator) { tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails); TbsCertificateList tbsCertList = GenerateCertList(); IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] encoded = tbsCertList.GetDerEncoded(); streamCalculator.Stream.Write(encoded, 0, encoded.Length); streamCalculator.Stream.Close(); return GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal()); }
private SignerInfoGenerator CreateGenerator(ISignatureCalculator contentSigner, SignerIdentifier sigId) { if (directSignature) { return new SignerInfoGenerator(sigId, contentSigner, true); } if (signedGen != null || unsignedGen != null) { if (signedGen == null) { signedGen = new DefaultSignedAttributeTableGenerator(); } return new SignerInfoGenerator(sigId, contentSigner, signedGen, unsignedGen); } return new SignerInfoGenerator(sigId, contentSigner); }
/** * Build a generator with the passed in certHolder issuer and serial number as the signerIdentifier. * * @param contentSigner operator for generating the final signature in the SignerInfo with. * @param certHolder carrier for the X.509 certificate related to the contentSigner. * @return a SignerInfoGenerator * @throws OperatorCreationException if the generator cannot be built. */ public SignerInfoGenerator Build(ISignatureCalculator contentSigner, X509Certificate certificate) { SignerIdentifier sigId = new SignerIdentifier(new IssuerAndSerialNumber(certificate.IssuerDN, new DerInteger(certificate.SerialNumber))); SignerInfoGenerator sigInfoGen = CreateGenerator(contentSigner, sigId); sigInfoGen.setAssociatedCertificate(certificate); return sigInfoGen; }
internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureCalculator contentSigner) : this(sigId, contentSigner, false) { }
/// <summary> /// Create a new instance of the <see cref="HmacSha256SigningHandler"/> class. /// </summary> /// <param name="secretRepository"></param> /// <param name="representationBuilder"></param> /// <param name="signatureCalculator"></param> public HmacSha256SigningHandler(ISecretRepository secretRepository, IMessageRepresentationBuilder representationBuilder, ISignatureCalculator signatureCalculator) : base(secretRepository, representationBuilder, signatureCalculator, "SHA256") { }
public InstanceSignatureBuilder(ISignatureCalculator calculator) { _calculator = calculator; }
internal SignerInfoGenerator(SignerIdentifier sigId, ISignatureCalculator contentSigner): this(sigId, contentSigner, false) { }
/// <summary> /// Generate a new X509Crl using the passed in SignatureCalculator. /// </summary> /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> /// <returns>An X509Crl.</returns> public X509Crl Generate(ISignatureCalculator signatureCalculator) { tbsGen.SetSignature((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails); TbsCertificateList tbsCertList = GenerateCertList(); Stream sigStream = signatureCalculator.GetSignatureUpdater(); byte[] encoded = tbsCertList.GetDerEncoded(); sigStream.Write(encoded, 0, encoded.Length); sigStream.Close(); return GenerateJcaObject(tbsCertList, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, signatureCalculator.Signature()); }
/// <summary> /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator. /// </summary> /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> /// <returns>An IX509AttributeCertificate.</returns> public IX509AttributeCertificate Generate(ISignatureCalculator signatureCalculator) { if (!extGenerator.IsEmpty) { acInfoGen.SetExtensions(extGenerator.Generate()); } AttributeCertificateInfo acInfo = acInfoGen.GenerateAttributeCertificateInfo(); byte[] encoded = acInfo.GetDerEncoded(); IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); streamCalculator.Stream.Write(encoded, 0, encoded.Length); streamCalculator.Stream.Close(); Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(acInfo, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails); try { v.Add(new DerBitString(((IBlockResult)streamCalculator.GetResult()).DoFinal())); return new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(v))); } catch (Exception e) { // TODO // throw new ExtCertificateEncodingException("constructed invalid certificate", e); throw new CertificateEncodingException("constructed invalid certificate", e); } }
/// <summary> /// Generate a new X509Certificate using the passed in SignatureCalculator. /// </summary> /// <param name="signatureCalculator">A signature calculator with the necessary algorithm details.</param> /// <returns>An X509Certificate.</returns> public X509Certificate Generate(ISignatureCalculator signatureCalculator) { tbsGen.SetSignature ((AlgorithmIdentifier)signatureCalculator.AlgorithmDetails); if (!extGenerator.IsEmpty) { tbsGen.SetExtensions(extGenerator.Generate()); } TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] encoded = tbsCert.GetDerEncoded(); streamCalculator.Stream.Write (encoded, 0, encoded.Length); streamCalculator.Stream.Close (); return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).DoFinal()); }
private BasicOcspResp GenerateResponse( ISignatureCalculator signatureCalculator, X509Certificate[] chain, DateTime producedAt) { AlgorithmIdentifier signingAlgID = (AlgorithmIdentifier)signatureCalculator.AlgorithmDetails; DerObjectIdentifier signingAlgorithm = signingAlgID.Algorithm; Asn1EncodableVector responses = new Asn1EncodableVector(); foreach (ResponseObject respObj in list) { try { responses.Add(respObj.ToResponse()); } catch (Exception e) { throw new OcspException("exception creating Request", e); } } ResponseData tbsResp = new ResponseData(responderID.ToAsn1Object(), new DerGeneralizedTime(producedAt), new DerSequence(responses), responseExtensions); DerBitString bitSig = null; try { IStreamCalculator streamCalculator = signatureCalculator.CreateCalculator(); byte[] encoded = tbsResp.GetDerEncoded(); streamCalculator.Stream.Write(encoded, 0, encoded.Length); streamCalculator.Stream.Close(); bitSig = new DerBitString(((IBlockResult)streamCalculator.GetResult()).DoFinal()); } catch (Exception e) { throw new OcspException("exception processing TBSRequest: " + e, e); } AlgorithmIdentifier sigAlgId = OcspUtilities.GetSigAlgID(signingAlgorithm); DerSequence chainSeq = null; if (chain != null && chain.Length > 0) { Asn1EncodableVector v = new Asn1EncodableVector(); try { for (int i = 0; i != chain.Length; i++) { v.Add( X509CertificateStructure.GetInstance( Asn1Object.FromByteArray(chain[i].GetEncoded()))); } } catch (IOException e) { throw new OcspException("error processing certs", e); } catch (CertificateEncodingException e) { throw new OcspException("error encoding certs", e); } chainSeq = new DerSequence(v); } return new BasicOcspResp(new BasicOcspResponse(tbsResp, sigAlgId, bitSig, chainSeq)); }