CycloneDX · mtsfoni · Sep 14, 2024 · Sep 14, 2024 · Sep 14, 2024
diff --git a/src/CycloneDX.Core/Json/Converters/SignatureChoiceConverter.cs b/src/CycloneDX.Core/Json/Converters/SignatureChoiceConverter.cs
@@ -0,0 +1,99 @@
+// This file is part of CycloneDX Library for .NET
+//
+// Licensed under the Apache License, Version 2.0 (the “License”);
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an “AS IS” BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) OWASP Foundation. All Rights Reserved.
+
+using System;
+using System.Collections.Generic;
+using System.Diagnostics.Contracts;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+using CycloneDX.Models;
+
+namespace CycloneDX.Json.Converters
+{
+
+
+    public class SignatureChoiceConverter : JsonConverter<SignatureChoice>
+    {
+        public override SignatureChoice Read(
+            ref Utf8JsonReader reader,
+            Type typeToConvert,
+            JsonSerializerOptions options)
+        {
+            if (reader.TokenType == JsonTokenType.Null)
+            {
+                return null;
+            }
+            else if (reader.TokenType == JsonTokenType.StartObject)
+            {
+                var signatureChoice = new SignatureChoice();
+                var doc = JsonDocument.ParseValue(ref reader);
+                if (doc.RootElement.TryGetProperty("signers", out var signersValue))
+                {
+                    var signers = signersValue.Deserialize<List<Signature>>(options);
+                    signatureChoice.Signers = signers;
+                }
+                else if (doc.RootElement.TryGetProperty("chain", out var chainValue))
+                {
+                    var chain = chainValue.Deserialize<List<Signature>>(options);
+                    signatureChoice.Chain = chain;
+                }
+                else
+                {
+                    var signature = doc.Deserialize<Signature>(options);
+                    signatureChoice.Signature = signature;
+                }
+                return signatureChoice;
+            }
+            else
+            {
+                throw new JsonException();
+            }
+        }
+
+        public override void Write(
+            Utf8JsonWriter writer,
+            SignatureChoice value,
+            JsonSerializerOptions options)
+        {
+            Contract.Requires(writer != null);
+            Contract.Requires(value != null);
+
+            if (value != null)
+            {
+
+                if (value.Signers != null)
+                {
+                    writer.WriteStartObject();
+                    writer.WritePropertyName("signers");
+                    JsonSerializer.Serialize(writer, value.Signers, options);
+                    writer.WriteEndObject();
+                }
+                if (value.Chain != null)
+                {
+                    writer.WriteStartObject();
+                    writer.WritePropertyName("chain");
+                    JsonSerializer.Serialize(writer, value.Chain, options);
+                    writer.WriteEndObject();
+                }
+                if (value.Signature != null) 
+                {
+                    JsonSerializer.Serialize(writer, value.Signature, options);
+                }
+            }
+        }
+    }
+}
diff --git a/src/CycloneDX.Core/Json/Utils.cs b/src/CycloneDX.Core/Json/Utils.cs
@@ -96,6 +96,7 @@ public static JsonSerializerOptions GetJsonSerializerOptions()
             options.Converters.Add(new HyphenEnumConverter<Data.DataType>());
             options.Converters.Add(new HyphenEnumConverter<ActivityType>());
             options.Converters.Add(new HyphenEnumConverter<EnergySource>());
+            options.Converters.Add(new SignatureChoiceConverter());
 
             options.Converters.Add(new JsonStringEnumConverter());
 

diff --git a/src/CycloneDX.Core/Models/Bom.cs b/src/CycloneDX.Core/Models/Bom.cs
@@ -195,6 +195,6 @@ public int NonNullableVersion
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
     }
 }
diff --git a/src/CycloneDX.Core/Models/Component.cs b/src/CycloneDX.Core/Models/Component.cs
@@ -282,7 +282,7 @@ public bool NonNullableModified
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
         public override bool Equals(object obj)
         {

diff --git a/src/CycloneDX.Core/Models/Composition.cs b/src/CycloneDX.Core/Models/Composition.cs
@@ -71,7 +71,7 @@ public enum AggregateType
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
         public System.Xml.Schema.XmlSchema GetSchema() {
             return null;

diff --git a/src/CycloneDX.Core/Models/Declarations/Affirmation.cs b/src/CycloneDX.Core/Models/Declarations/Affirmation.cs
@@ -39,7 +39,7 @@ public class Affirmation
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
     }
 }
diff --git a/src/CycloneDX.Core/Models/Declarations/Attestation.cs b/src/CycloneDX.Core/Models/Declarations/Attestation.cs
@@ -44,7 +44,7 @@ public class Attestation : IEquatable<Attestation>
         public List<System.Xml.XmlElement> Any { get; set; }
 
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
         public override bool Equals(object obj)
         {

diff --git a/src/CycloneDX.Core/Models/Declarations/Claim.cs b/src/CycloneDX.Core/Models/Declarations/Claim.cs
@@ -68,7 +68,7 @@ public class Claim : IEquatable<Claim>, IHasBomRef
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
         public override bool Equals(object obj)
         {

diff --git a/src/CycloneDX.Core/Models/Declarations/Declarations.cs b/src/CycloneDX.Core/Models/Declarations/Declarations.cs
@@ -58,7 +58,7 @@ public class Declarations
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
     }
 

diff --git a/src/CycloneDX.Core/Models/Declarations/DeclarationsEvidence.cs b/src/CycloneDX.Core/Models/Declarations/DeclarationsEvidence.cs
@@ -73,7 +73,7 @@ public DateTime? Expires
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
     }
 }
diff --git a/src/CycloneDX.Core/Models/Declarations/Signatory.cs b/src/CycloneDX.Core/Models/Declarations/Signatory.cs
@@ -41,6 +41,6 @@ public class Signatory
         [JsonIgnore]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
     }
 }
diff --git a/src/CycloneDX.Core/Models/Declarations/Signature.cs b/src/CycloneDX.Core/Models/Declarations/Signature.cs
@@ -25,8 +25,39 @@ public class Signature
     {
         public string Algorithm { get; set; }
         public string KeyId { get; set; }
-        public string PublicKey { get; set; }
+        public PublicKey PublicKey { get; set; }
         public List<string> CertificatePath { get; set; }
+        public List<string> Excludes { get; set; }
         public string Value { get; set; }
     }
+
+    public class SignatureChoice
+    {
+        public List<Signature> Signers { get; set; }
+        public List<Signature> Chain { get; set; }
+        public Signature Signature { get; set; }
+    }
+
+    public enum KeyTypeIndicator
+    {
+        EC,
+        OKP,
+        RSA,
+    }
+
+    public class PublicKey
+    {
+        public KeyTypeIndicator Kty { get; set; }
+        // curve
+        public string Crv { get; set; }
+        // curve point x
+        public string X { get; set; }
+        // curve point y
+        public string Y { get; set; }
+        // RSA modulus
+        public string N { get; set; }
+        // RSA exponent
+        public string E { get; set; }
+
+    }
 }
diff --git a/src/CycloneDX.Core/Models/Definitions/Standard.cs b/src/CycloneDX.Core/Models/Definitions/Standard.cs
@@ -72,7 +72,7 @@ public class Standard : IEquatable<Standard>, IHasBomRef
         public System.Xml.XmlAttribute[] AnyAttr { get; set; }
 
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
 
 

diff --git a/src/CycloneDX.Core/Models/Service.cs b/src/CycloneDX.Core/Models/Service.cs
@@ -210,7 +210,7 @@ public LicenseChoiceList LicensesSerialized
         [XmlAnyElement("Signature", Namespace = "http://www.w3.org/2000/09/xmldsig#")]
         public XmlElement XmlSignature { get; set; }
         [XmlIgnore]
-        public Signature Signature { get; set; }
+        public SignatureChoice Signature { get; set; }
 
         [XmlArray("tags")]
         [XmlArrayItem("tag")]