public void TestProtectedMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder()
{
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
PublicKey = rsaKeyPair.Public,
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
builder.AddAttribute(X509Name.C, "Foo");
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
msgBuilder.AddCmpCertificate(cert);
ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
X509Certificate certificate = msg.GetCertificates()[0];
IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
}
public static bool Validate(SignedData signedData)
{
AsymmetricKeyParameter publicKeyParameter = decodePublicKeyParameter(signedData.subjectPublicKeyInfo);
AlgorithmIdentifier signatureAlgorithm = decodeSignatureAlgorithm(signedData.signatureAlgorithm);
var verifier = new Asn1VerifierFactory(signatureAlgorithm, publicKeyParameter);
return(verify(verifier, signatureAlgorithm, signedData.signedData, signedData.signatureValue));
}
public void TestConfirmationMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder()
{
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
PublicKey = rsaKeyPair.Public,
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
builder.AddAttribute(X509Name.C, "Foo");
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
.AddAcceptedCertificate(cert, BigInteger.One)
.Build();
ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure()));
msgBuilder.AddCmpCertificate(cert);
ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
IsEquals(sender, msg.Header.Sender);
IsEquals(recipient, msg.Header.Recipient);
content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder());
CertificateStatus[] statusList = content.GetStatusMessages();
IsEquals(1, statusList.Length);
IsTrue(statusList[0].IsVerified(cert));
}
