using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.X509; using System; namespace Org.BouncyCastle.Crmf { public class CertificateRequestMessage { public static readonly int popRaVerified = 0; public static readonly int popSigningKey = 1; public static readonly int popKeyEncipherment = 2; public static readonly int popKeyAgreement = 3; private readonly CertReqMsg m_certReqMsg; private readonly Controls m_controls; public bool HasControls => m_controls != null; public bool HasProofOfPossession => m_certReqMsg.Pop != null; public int ProofOfPossession => m_certReqMsg.Pop.Type; public bool HasSigningKeyProofOfPossessionWithPkMac { get { ProofOfPossession pop = m_certReqMsg.Pop; if (pop.Type != popSigningKey) return false; return PopoSigningKey.GetInstance(pop.Object).PoposkInput.PublicKeyMac != null; } } private static CertReqMsg ParseBytes(byte[] encoding) { return CertReqMsg.GetInstance(encoding); } public CertificateRequestMessage(byte[] encoded) : this(ParseBytes(encoded)) { } public CertificateRequestMessage(CertReqMsg certReqMsg) { m_certReqMsg = certReqMsg; m_controls = certReqMsg.CertReq.Controls; } public CertReqMsg ToAsn1Structure() { return m_certReqMsg; } public DerInteger GetCertReqID() { return m_certReqMsg.CertReq.CertReqID; } public CertTemplate GetCertTemplate() { return m_certReqMsg.CertReq.CertTemplate; } public bool HasControl(DerObjectIdentifier objectIdentifier) { return FindControl(objectIdentifier) != null; } public IControl GetControl(DerObjectIdentifier type) { AttributeTypeAndValue attributeTypeAndValue = FindControl(type); if (attributeTypeAndValue != null) { DerObjectIdentifier type2 = attributeTypeAndValue.Type; if (CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions.Equals(type2)) return new PkiArchiveControl(PkiArchiveOptions.GetInstance(attributeTypeAndValue.Value)); if (CrmfObjectIdentifiers.id_regCtrl_regToken.Equals(type2)) return new RegTokenControl(DerUtf8String.GetInstance(attributeTypeAndValue.Value)); if (CrmfObjectIdentifiers.id_regCtrl_authenticator.Equals(type2)) return new AuthenticatorControl(DerUtf8String.GetInstance(attributeTypeAndValue.Value)); } return null; } public AttributeTypeAndValue FindControl(DerObjectIdentifier type) { if (m_controls == null) return null; AttributeTypeAndValue[] array = m_controls.ToAttributeTypeAndValueArray(); AttributeTypeAndValue result = null; for (int i = 0; i < array.Length; i++) { if (array[i].Type.Equals(type)) { result = array[i]; break; } } return result; } public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider) { ProofOfPossession pop = m_certReqMsg.Pop; if (pop.Type != popSigningKey) throw new InvalidOperationException("not Signing Key type of proof of possession"); PopoSigningKey instance = PopoSigningKey.GetInstance(pop.Object); if (instance.PoposkInput != null && instance.PoposkInput.PublicKeyMac != null) throw new InvalidOperationException("verification requires password check"); return VerifySignature(verifierProvider, instance); } public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider, PKMacBuilder macBuilder, char[] password) { return IsValidSigningKeyPop(verifierProvider, macBuilder, password.AsSpan()); } public bool IsValidSigningKeyPop(IVerifierFactoryProvider verifierProvider, PKMacBuilder macBuilder, ReadOnlySpan<char> password) { ProofOfPossession pop = m_certReqMsg.Pop; if (pop.Type != popSigningKey) throw new InvalidOperationException("not Signing Key type of proof of possession"); PopoSigningKey instance = PopoSigningKey.GetInstance(pop.Object); if (instance.PoposkInput == null || instance.PoposkInput.Sender != null) throw new InvalidOperationException("no PKMAC present in proof of possession"); PKMacValue publicKeyMac = instance.PoposkInput.PublicKeyMac; if (new PKMacValueVerifier(macBuilder).IsValid(publicKeyMac, password, GetCertTemplate().PublicKey)) return VerifySignature(verifierProvider, instance); return false; } private bool VerifySignature(IVerifierFactoryProvider verifierFactoryProvider, PopoSigningKey signKey) { IVerifierFactory verifierFactory = verifierFactoryProvider.CreateVerifierFactory(signKey.AlgorithmIdentifier); Asn1Encodable asn1Encodable = signKey.PoposkInput; if (asn1Encodable == null) asn1Encodable = m_certReqMsg.CertReq; return X509Utilities.VerifySignature(verifierFactory, asn1Encodable, signKey.Signature); } public byte[] GetEncoded() { return m_certReqMsg.GetEncoded(); } } }