refactor of PKMacBuilder

novotnyllc · Jan 14, 2019 · 6ca2f2f · 6ca2f2f
1 parent 765320e
commit 6ca2f2f
Show file tree

Hide file tree

Showing 9 changed files with 423 additions and 432 deletions.
diff --git a/crypto/src/asn1/cmp/GeneralPKIMessage.cs → crypto/src/cmp/GeneralPkiMessage.cs b/crypto/src/asn1/cmp/GeneralPKIMessage.cs → crypto/src/cmp/GeneralPkiMessage.cs
diff --git a/crypto/src/asn1/cmp/ProtectedPkiMessage.cs → crypto/src/cmp/ProtectedPkiMessage.cs b/crypto/src/asn1/cmp/ProtectedPkiMessage.cs → crypto/src/cmp/ProtectedPkiMessage.cs
@@ -3,15 +3,18 @@
 using System;
 using System.Collections.Generic;
 using System.Text;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Paddings;
 using Org.BouncyCastle.Utilities;
 using Org.BouncyCastle.Utilities.Encoders;
+using Org.BouncyCastle.Crmf;
 
-namespace Org.BouncyCastle.Asn1.Cmp
+namespace Org.BouncyCastle.Cmp
 {
 
     public class ProtectedPkiMessage
@@ -64,29 +67,31 @@ public X509Certificate[] GetCertificates()
 
             return res;
         }
-
 
-
+        public bool Verify(IVerifierFactory verifierFactory)
+        {
+            IStreamCalculator streamCalculator = verifierFactory.CreateCalculator();
+
+            IVerifier result = (IVerifier)Process(streamCalculator);
+
+            return result.IsVerified(pkiMessage.Protection.GetBytes());
+        }
 
-        public bool Verify(IVerifierFactory verifier)
+        private Object Process(IStreamCalculator streamCalculator)
         {
            Asn1EncodableVector avec = new Asn1EncodableVector();
            avec.Add(pkiMessage.Header);
            avec.Add(pkiMessage.Body);
            byte[] enc =   new DerSequence(avec).GetDerEncoded();
 
-           IStreamCalculator streamCalculator = verifier.CreateCalculator();
-
            streamCalculator.Stream.Write(enc,0,enc.Length);
            streamCalculator.Stream.Flush();
            streamCalculator.Stream.Close();
 
-           IVerifier result = (IVerifier) streamCalculator.GetResult();     
-           return result.IsVerified(pkiMessage.Protection.GetBytes());          
+           return streamCalculator.GetResult();          
         }
 
-
-        public bool Verify(Asn1MacFactoryProvider asn1Factory, byte[] password)
+        public bool Verify(PKMacBuilder pkMacBuilder, char[] password)
         {
             if (!CmpObjectIdentifiers.passwordBasedMac.Equals(pkiMessage.Header.ProtectionAlg.Algorithm))
             {
@@ -95,13 +100,11 @@ public bool Verify(Asn1MacFactoryProvider asn1Factory, byte[] password)
 
             PbmParameter parameter = PbmParameter.GetInstance(pkiMessage.Header.ProtectionAlg.Parameters);
 
-            PkMacFactory macFactory = (PkMacFactory)asn1Factory.CreateMacFactory(parameter);
-
-            macFactory.Password = password;
-            MacVerifierFactory macVerifierFactory = new MacVerifierFactory(macFactory);
+            pkMacBuilder.SetParameters(parameter);
 
-            return Verify(macVerifierFactory);       
-        }
+            IBlockResult result = (IBlockResult)Process(pkMacBuilder.Build(password).CreateCalculator());
 
+            return Arrays.ConstantTimeAreEqual(result.Collect(), this.pkiMessage.Protection.GetBytes());
+        }
     }
 }
diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -1,11 +1,13 @@
 using System;
 using System.Collections;
+using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.X509;
+using Org.BouncyCastle.Crmf;
 
 namespace Org.BouncyCastle.Cmp
 {
@@ -153,14 +155,13 @@ private byte[] CalculateSignature(IStreamCalculator signer, PkiHeader header, Pk
             signer.Stream.Write(encoded, 0, encoded.Length);
             Object result = signer.GetResult();
 
-
             if (result is DefaultSignatureResult)
             {
-                return ((DefaultSignatureResult) result).Collect();
+                return ((DefaultSignatureResult)result).Collect();
             }
-            else if (result is DefaultMacAndDigestResult)
+            else if (result is IBlockResult)
             {
-                return ((DefaultMacAndDigestResult) result).MacResult;
+                return ((IBlockResult)result).Collect();
             }
             else if (result is byte[])
             {

diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
@@ -19,7 +19,7 @@ public class CertificateRequestMessageBuilder
         private CertTemplateBuilder _templateBuilder;
         private ArrayList _controls= new ArrayList();
         private ISignatureFactory _popSigner;
-        private PkMacFactory _pkMacBuilder;
+        private PKMacBuilder _pkMacBuilder;
         private char[] _password;
         private GeneralName _sender;
         private int _popoType = ProofOfPossession.TYPE_KEY_ENCIPHERMENT;
@@ -161,7 +161,7 @@ public CertificateRequestMessageBuilder SetProofOfPossessionRaVerified()
             return this;
         }
 
-        public CertificateRequestMessageBuilder SetAuthInfoPKMAC(PkMacFactory pkmacFactory, char[] password)
+        public CertificateRequestMessageBuilder SetAuthInfoPKMAC(PKMacBuilder pkmacFactory, char[] password)
         {
             this._pkMacBuilder = pkmacFactory;
             this._password = password;

diff --git a/crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs b/crypto/src/crmf/DefaultPKMacPrimitivesProvider.cs
@@ -0,0 +1,23 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Crypto.Parameters;
+
+namespace Org.BouncyCastle.Crmf
+{
+    public class DefaultPKMacPrimitivesProvider : IPKMacPrimitivesProvider
+    {
+        public IDigest CreateDigest(AlgorithmIdentifier digestAlg)
+        {
+            return DigestUtilities.GetDigest(digestAlg.Algorithm);
+        }
+
+        public IMac CreateMac(AlgorithmIdentifier macAlg)
+        {
+            return MacUtilities.GetMac(macAlg.Algorithm);
+        }
+    }
+}
diff --git a/crypto/src/crmf/IPKMacPrimitivesProvider.cs b/crypto/src/crmf/IPKMacPrimitivesProvider.cs
@@ -0,0 +1,28 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Text;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Iana;
+using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Oiw;
+using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Cms;
+using Org.BouncyCastle.Crypto.IO;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
+using Org.BouncyCastle.Crypto;
+
+namespace Org.BouncyCastle.Crmf
+{
+    public interface IPKMacPrimitivesProvider   
+    {
+	    IDigest CreateDigest(AlgorithmIdentifier digestAlg);
+
+        IMac CreateMac(AlgorithmIdentifier macAlg);
+    }
+}