/// <summary>
/// Build the Pfx structure, protecting it with a MAC calculated against the passed in password.
/// </summary>
/// <param name="macCalcFactory">a builder for a Pkcs12 mac calculator.</param>
/// <returns>A Pfx object.</returns>
public Pkcs12PfxPdu Build(IMacFactory <Pkcs12MacAlgDescriptor> macCalcFactory)
{
AuthenticatedSafe auth = AuthenticatedSafe.GetInstance(new DerSequence(dataVector));
byte[] encAuth;
try
{
encAuth = auth.GetEncoded();
}
catch (IOException e)
{
throw new PkcsException("unable to encode AuthenticatedSafe: " + e.Message, e);
}
ContentInfo mainInfo = new ContentInfo(PkcsObjectIdentifiers.Data, new DerOctetString(encAuth));
MacData mData = null;
if (macCalcFactory != null)
{
mData = PkcsUtilities.CreateMacData(macCalcFactory, encAuth);
}
//
// output the Pfx
//
Pfx pfx = new Pfx(mainInfo, mData);
return(new Pkcs12PfxPdu(pfx));
}
public ProtectedPkiMessage Build(IMacFactory factory)
{
IStreamCalculator calculator = factory.CreateCalculator();
FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails);
PkiHeader header = hdrBuilBuilder.Build();
DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
return(FinalizeMessage(header, protection));
}
internal Pkcs12MacFactory(Pkcs12MacAlgDescriptor algDetails, char[] password)
{
this.algDetails = algDetails;
DigestAlgorithm prf = (DigestAlgorithm)Utils.digestTable[algDetails.DigestAlgorithm.Algorithm];
IPasswordBasedDeriver <Pbkd.PbkdParameters> deriver = CryptoServicesRegistrar.CreateService(Pbkd.Pkcs12).From(PasswordConverter.PKCS12, password)
.WithPrf(prf).WithSalt(algDetails.GetIV()).WithIterationCount(algDetails.IterationCount).Build();
this.baseFactory = CryptoServicesRegistrar.CreateService(new FipsShs.Key(FipsShs.Sha1HMac, deriver.DeriveKey(TargetKeyType.MAC, (int)Utils.digestSize[prf]))).CreateMacFactory((FipsShs.AuthenticationParameters)Utils.pkcs12MacIds[prf]);
}
internal static MacData CreateMacData(IMacFactory <Pkcs12MacAlgDescriptor> macCalcFactory, byte[] data)
{
IStreamCalculator <IBlockResult> mdCalc = macCalcFactory.CreateCalculator();
using (var str = mdCalc.Stream)
{
str.Write(data, 0, data.Length);
}
Pkcs12MacAlgDescriptor macAlg = macCalcFactory.AlgorithmDetails;
return(new MacData(new DigestInfo(macAlg.DigestAlgorithm, mdCalc.GetResult().Collect()), macAlg.GetIV(), macAlg.IterationCount));
}
public ProtectedPkiMessage Build(IMacFactory factory)
{
if (null == body)
{
throw new InvalidOperationException("body must be set before building");
}
IStreamCalculator calculator = factory.CreateCalculator();
FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails);
PkiHeader header = hdrBuilBuilder.Build();
DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body));
return(FinalizeMessage(header, protection));
}
public ProofOfPossessionSigningKeyBuilder SetPublicKeyMac(PKMacBuilder generator, char[] password)
{
IMacFactory fact = generator.Build(password);
IStreamCalculator calc = fact.CreateCalculator();
byte[] d = _pubKeyInfo.GetDerEncoded();
calc.Stream.Write(d, 0, d.Length);
calc.Stream.Flush();
BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(calc.Stream);
this._publicKeyMAC = new PKMacValue(
(AlgorithmIdentifier)fact.AlgorithmDetails,
new DerBitString(((IBlockResult)calc.GetResult()).Collect()));
return(this);
}
public ProofOfPossessionSigningKeyBuilder setPublicKeyMac(PKMacBuilder generator, char[] password)
{
IMacFactory fact = generator.Build(password);
IStreamCalculator calc = fact.CreateCalculator();
byte[] d = _pubKeyInfo.GetDerEncoded();
calc.Stream.Write(d, 0, d.Length);
calc.Stream.Flush();
calc.Stream.Close();
this._publicKeyMAC = new PKMacValue(
(AlgorithmIdentifier)fact.AlgorithmDetails,
new DerBitString(((IBlockResult)calc.GetResult()).Collect()));
return(this);
}
/**
* Verify the MacData attached to the PFX is consistent with what is expected.
*
* @param macCalcProviderBuilder provider builder for the calculator for the MAC
* @return true if mac data is valid, false otherwise.
* @throws PkcsException if there is a problem evaluating the MAC.
* @throws IllegalStateException if no MAC is actually present
*/
public bool IsMacValid(IMacFactoryProvider <Pkcs12MacAlgDescriptor> macCalcProviderBuilder)
{
if (HasMac)
{
MacData pfxmData = pfx.MacData;
IMacFactory <Pkcs12MacAlgDescriptor> mdFact = macCalcProviderBuilder.CreateMacFactory(new Pkcs12MacAlgDescriptor(pfxmData.Mac.AlgorithmID, pfxmData.GetSalt(), pfxmData.IterationCount.IntValue));
try
{
MacData mData = PkcsUtilities.CreateMacData(mdFact, Asn1OctetString.GetInstance(pfx.AuthSafe.Content).GetOctets());
return(Arrays.ConstantTimeAreEqual(mData.GetEncoded(), pfx.MacData.GetEncoded()));
}
catch (IOException e)
{
throw new PkcsException("unable to process AuthSafe: " + e.Message);
}
}
throw new InvalidOperationException("no MAC present on PFX");
}
public RecipientOperator(IMacFactory <AlgorithmIdentifier> macCalculator)
{
this.algorithmIdentifier = macCalculator.AlgorithmDetails;
this.op = macCalculator;
}
