public static void CopyExceptions()
{
CryptographicAttributeObject a0 = s_ca0;
CryptographicAttributeObject a1 = s_ca1;
CryptographicAttributeObject a2 = s_ca2;
CryptographicAttributeObjectCollection c = new CryptographicAttributeObjectCollection();
c.Add(a0);
c.Add(a1);
c.Add(a2);
CryptographicAttributeObject[] a = new CryptographicAttributeObject[3];
Assert.Throws <ArgumentNullException>(() => c.CopyTo(null, 0));
Assert.Throws <ArgumentOutOfRangeException>(() => c.CopyTo(a, -1));
Assert.Throws <ArgumentOutOfRangeException>(() => c.CopyTo(a, 3));
Assert.Throws <ArgumentException>(() => c.CopyTo(a, 1));
ICollection ic = c;
Assert.Throws <ArgumentNullException>(() => ic.CopyTo(null, 0));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(a, -1));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(a, 3));
Assert.Throws <ArgumentException>(() => ic.CopyTo(a, 1));
Assert.Throws <ArgumentException>(() => ic.CopyTo(new CryptographicAttributeObject[2, 2], 0));
Assert.Throws <InvalidCastException>(() => ic.CopyTo(new int[10], 0));
if (PlatformDetection.IsNonZeroLowerBoundArraySupported)
{
// Array has non-zero lower bound
Array array = Array.CreateInstance(typeof(object), new int[] { 10 }, new int[] { 10 });
Assert.Throws <IndexOutOfRangeException>(() => ic.CopyTo(array, 0));
}
}
public static void SignEnveloped(SubjectIdentifierType signerType)
{
using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
{
EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(new byte[] { 3 }));
envelopedCms.Encrypt(new CmsRecipient(signerType, cert));
SignedCms signedCms = new SignedCms(
new ContentInfo(new Oid(Oids.Pkcs7Enveloped), envelopedCms.Encode()));
signedCms.ComputeSignature(new CmsSigner(cert));
signedCms.CheckSignature(true);
SignerInfoCollection signers = signedCms.SignerInfos;
Assert.Equal(1, signers.Count);
CryptographicAttributeObjectCollection attrs = signers[0].SignedAttributes;
Assert.Equal(2, attrs.Count);
CryptographicAttributeObject firstAttrSet = attrs[0];
Assert.Equal(Oids.ContentType, firstAttrSet.Oid.Value);
Assert.Equal(1, firstAttrSet.Values.Count);
Assert.Equal(Oids.ContentType, firstAttrSet.Values[0].Oid.Value);
Assert.Equal("06092A864886F70D010703", firstAttrSet.Values[0].RawData.ByteArrayToHex());
CryptographicAttributeObject secondAttrSet = attrs[1];
Assert.Equal(Oids.MessageDigest, secondAttrSet.Oid.Value);
Assert.Equal(1, secondAttrSet.Values.Count);
Assert.Equal(Oids.MessageDigest, secondAttrSet.Values[0].Oid.Value);
}
}
private static void CheckOracleSecretBag(
Pkcs12SafeBag safeBag,
string key,
string value,
string keyId)
{
Pkcs12SecretBag secretBag = Assert.IsType <Pkcs12SecretBag>(safeBag);
Assert.Equal("1.2.840.113549.1.16.12.12", secretBag.GetSecretType().Value);
Assert.Equal(
MakeOracleKeyValuePairHex(key, value),
secretBag.SecretValue.ByteArrayToHex());
CryptographicAttributeObjectCollection attrs = secretBag.Attributes;
Assert.Equal(1, attrs.Count);
CryptographicAttributeObject firstAttr = attrs[0];
Assert.Equal(Oids.LocalKeyId, firstAttr.Oid.Value);
Assert.Equal(1, firstAttr.Values.Count);
Pkcs9LocalKeyId localKeyId = Assert.IsType <Pkcs9LocalKeyId>(firstAttr.Values[0]);
Assert.Equal(keyId, localKeyId.KeyId.ByteArrayToHex());
}
public static void RemoveNonExistent()
{
CryptographicAttributeObjectCollection c = new CryptographicAttributeObjectCollection();
CryptographicAttributeObject a0 = s_ca0;
c.Remove(a0); // You can "remove" items that aren't in the collection - this is defined as a NOP.
}
public static void CopyExceptions()
{
CryptographicAttributeObject a0 = s_ca0;
CryptographicAttributeObject a1 = s_ca1;
CryptographicAttributeObject a2 = s_ca2;
CryptographicAttributeObjectCollection c = new CryptographicAttributeObjectCollection();
c.Add(a0);
c.Add(a1);
c.Add(a2);
CryptographicAttributeObject[] a = new CryptographicAttributeObject[3];
Assert.Throws <ArgumentNullException>(() => c.CopyTo(null, 0));
Assert.Throws <ArgumentOutOfRangeException>(() => c.CopyTo(a, -1));
Assert.Throws <ArgumentOutOfRangeException>(() => c.CopyTo(a, 3));
Assert.Throws <ArgumentException>(() => c.CopyTo(a, 1));
ICollection ic = c;
Assert.Throws <ArgumentNullException>(() => ic.CopyTo(null, 0));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(a, -1));
Assert.Throws <ArgumentOutOfRangeException>(() => ic.CopyTo(a, 3));
Assert.Throws <ArgumentException>(() => ic.CopyTo(a, 1));
Assert.Throws <ArgumentException>(() => ic.CopyTo(new CryptographicAttributeObject[2, 2], 0));
Assert.Throws <InvalidCastException>(() => ic.CopyTo(new int[10], 0));
}
public static void TestKeyAgreeOtherKeyAttribute_FixedValue_Ski()
{
//
// Test a KeyAgree CMS that embeds an OtherKeyAttribute in the recipient. We don't surface a way to generate this
// in the EnvelopedCms class so we can only do a fixed-value test here.
//
byte[] encryptedCms =
("3082015e06092a864886f70d010703a082014f3082014b02010231820117a1820113020103a08195a18192300906072a8648"
+ "ce3e020103818400028180313d5659f9a8633243f97d11462a3b07702802fed45abbe68e3f2670bfa500d6b4f70c1c0dceac"
+ "adffe9736764204806710d4e834b48773b7a4696a690a03abbc38c936483d2f3ccb8d764f66dc269d78a77821edd0decdef2"
+ "b1d4356c1d1f1b34cc81c76214b8a04f3d70e1e9dc9a589cc8410599dceafad903b7b01b6b2489301e060b2a864886f70d01"
+ "09100305300f060b2a864886f70d0109100306050030563054a028041413213309b39348347fb6a2155a53172be79c19c530"
+ "1006092a864886f70d0107010403424d580428da28837b15e9bdf5528180a2e9beb91bf0d4519a5d76b655ebac9c43012d50"
+ "d6b55f0618380210e4302b06092a864886f70d010701301406082a864886f70d030704087bb5f0d33e6e0354800814219a66"
+ "c2ea1449").HexToByteArray();
EnvelopedCms envelopedCms = new EnvelopedCms();
envelopedCms.Decode(encryptedCms);
KeyAgreeRecipientInfo r = (KeyAgreeRecipientInfo)(envelopedCms.RecipientInfos[0]);
CryptographicAttributeObject attribute = r.OtherKeyAttribute;
Assert.Equal(Oids.Pkcs7Data, attribute.Oid.Value);
Assert.Equal(1, attribute.Values.Count);
AsnEncodedData asnData = attribute.Values[0];
byte[] expectedAsnData = "0403424d58".HexToByteArray();
Assert.Equal <byte>(expectedAsnData, asnData.RawData);
}
public static void Oneary()
{
CryptographicAttributeObject a0 = s_ca0;
CryptographicAttributeObjectCollection c = new CryptographicAttributeObjectCollection(a0);
AssertEquals(c, new CryptographicAttributeObject[] { a0 });
}
public void One_CryptographicAttributeObject()
{
Oid o = new Oid(defaultOid);
CryptographicAttributeObject cao = new CryptographicAttributeObject(o);
coll = new CryptographicAttributeObjectCollection(cao);
Count(1);
}
public static void CryptographicAttributeObjectOidCtor()
{
Oid oid = new Oid(Oids.DocumentDescription);
CryptographicAttributeObject cao = new CryptographicAttributeObject(oid);
Assert.Equal(oid.Value, cao.Oid.Value);
Assert.Equal(0, cao.Values.Count);
}
Org.BouncyCastle.Asn1.Cms.Attribute ToBcAttribute(CryptographicAttributeObject obj)
{
var encodables = obj.Values.Cast <AsnEncodedData>().Select(d => Asn1Object.FromByteArray(d.RawData)).ToArray();
var derSet = new DerSet(encodables);
var attr = new Org.BouncyCastle.Asn1.Cms.Attribute(new DerObjectIdentifier(obj.Oid.Value), derSet);
return(attr);
}
public static void CryptographicAttributeObjectPassNullValuesToCtor()
{
Oid oid = new Oid(Oids.DocumentDescription);
// This is legal and equivalent to passing a zero-length AsnEncodedDataCollection.
CryptographicAttributeObject cao = new CryptographicAttributeObject(oid, null);
Assert.Equal(oid.Value, cao.Oid.Value);
Assert.Equal(0, cao.Values.Count);
}
public void ConstructorOid()
{
Oid o = new Oid(defaultOid);
CryptographicAttributeObject ca = new CryptographicAttributeObject(o);
Assert.AreEqual(defaultName, ca.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(defaultOid, ca.Oid.Value, "Oid.Value");
Assert.AreEqual(0, ca.Values.Count, "Values");
}
private static DerSequenceReader CreateDerSequenceReader(CryptographicAttributeObject attribute)
{
if (attribute.Values.Count != 1)
{
throw new SignatureException(string.Format(CultureInfo.CurrentCulture, Strings.SignatureContainsInvalidAttribute, attribute.Oid.Value));
}
return(new DerSequenceReader(attribute.Values[0].RawData));
}
public void GetSignatureType_WhenCommitmentTypeIndicationAttributeNotFound_ReturnsUnknown()
{
var attribute = new CryptographicAttributeObject(new Oid(Oids.SigningCertificateV2));
var attributes = new CryptographicAttributeObjectCollection(attribute);
var signatureType = AttributeUtility.GetSignatureType(attributes);
Assert.Equal(SignatureType.Unknown, signatureType);
}
private static void ValidateEnumerator(IEnumerator enumerator, IList <CryptographicAttributeObject> expected)
{
foreach (CryptographicAttributeObject e in expected)
{
Assert.True(enumerator.MoveNext());
CryptographicAttributeObject actual = (CryptographicAttributeObject)(enumerator.Current);
Assert.Equal(e, actual, s_CryptographicAttributeObjectComparer);
}
Assert.False(enumerator.MoveNext());
}
public void ConstructorOidAsnEncodedDataCollectionNull()
{
Oid o = new Oid(defaultOid);
AsnEncodedDataCollection coll = null;
CryptographicAttributeObject ca = new CryptographicAttributeObject(o, coll);
Assert.AreEqual(defaultName, ca.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(defaultOid, ca.Oid.Value, "Oid.Value");
Assert.AreEqual(0, ca.Values.Count, "Values");
}
public void Constructor_CryptographicAttributeObject()
{
Oid o = new Oid(defaultOid);
CryptographicAttributeObject cao = new CryptographicAttributeObject(o);
CryptographicAttributeObjectCollection coll = new CryptographicAttributeObjectCollection(cao);
Assert.AreEqual(1, coll.Count, "Count");
Assert.AreSame(cao, coll[0], "this[int]");
CommonStuff(coll);
}
public void GetESSCertIDv2Entries_RejectsUnexpectedOid()
{
var attribute = new CryptographicAttributeObject(new Oid(Oids.TimeStampingEkuOid));
var ex = Assert.Throws <ArgumentException>(
() => AttributeUtility.GetESSCertIDv2Entries(attribute));
Assert.Contains(
"An attribute with \"signing-certificate-v2\" OID (1.2.840.113549.1.9.16.2.47) is required.",
ex.Message);
}
/// <summary>
/// CryptographicAttributeObject -> DerSequenceReader
/// </summary>
private static DerSequenceReader ToDerSequenceReader(this CryptographicAttributeObject attribute)
{
var values = attribute.Values.ToList();
if (values.Count != 1)
{
ThrowInvalidAttributeException(attribute);
}
return(new DerSequenceReader(values[0].RawData));
}
public void Remove_WithDifferentInstance()
{
Oid o = new Oid(defaultOid);
CryptographicAttributeObject cao = new CryptographicAttributeObject(o);
CryptographicAttributeObjectCollection coll = new CryptographicAttributeObjectCollection(cao);
Assert.AreEqual(1, coll.Count, "before Remove");
cao = new CryptographicAttributeObject(o);
coll.Remove(cao);
Assert.AreEqual(1, coll.Count, "after Remove");
}
public void ConstructorOidCollection()
{
Oid o = new Oid(defaultOid);
AsnEncodedDataCollection coll = new AsnEncodedDataCollection();
CryptographicAttributeObject ca = new CryptographicAttributeObject(o, coll);
Assert.AreEqual(defaultName, ca.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(defaultOid, ca.Oid.Value, "Oid.Value");
Assert.AreEqual(0, ca.Values.Count, "Values - 0");
coll.Add(new AsnEncodedData(new byte [0]));
Assert.AreEqual(1, ca.Values.Count, "Values - 1");
}
/// <summary>
/// Verify a signing-certificate-v2 attribute.
/// </summary>
public static bool IsValidSigningCertificateV2(
X509Certificate2 signatureCertificate,
IReadOnlyList <X509Certificate2> chain,
CryptographicAttributeObject signingCertV2Attribute,
SigningSpecifications signingSpecifications)
{
return(IsValidSigningCertificateV2(
signatureCertificate: signatureCertificate,
localCertificateChain: chain,
attributeCertificateChain: GetESSCertIDv2Entries(signingCertV2Attribute),
signingSpecifications: signingSpecifications));
}
/// <summary>
/// Verify a signing-certificate-v2 attribute.
/// </summary>
public static bool IsValidSigningCertificateV2(
X509Certificate2 signatureCertificate,
X509Chain chain,
CryptographicAttributeObject signingCertV2Attribute,
SigningSpecifications signingSpecifications)
{
return(IsValidSigningCertificateV2(
signatureCertificate: signatureCertificate,
chain: SigningUtility.GetCertificateChain(chain),
signingCertV2Attribute: signingCertV2Attribute,
signingSpecifications: signingSpecifications));
}
public void LinkDemand_Deny_Unrestricted()
{
Oid o = new Oid(defaultOid);
CryptographicAttributeObject cao = new CryptographicAttributeObject(o);
CryptographicAttributeObjectCollection coll = new CryptographicAttributeObjectCollection(cao);
CryptographicAttributeObjectEnumerator e = coll.GetEnumerator();
MethodInfo mi = typeof(CryptographicAttributeObjectEnumerator).GetMethod("MoveNext");
Assert.IsNotNull(mi, "default .ctor()");
Assert.IsTrue((bool)mi.Invoke(e, null), "invoke");
}
/// <summary>
/// Attribute -> SignatureType values with no validation.
/// </summary>
private static List <SignatureType> GetCommitmentTypeIndicationRawValues(CryptographicAttributeObject attribute)
{
var values = new List <SignatureType>(1);
var reader = attribute.ToDerSequenceReader();
while (reader.HasData)
{
values.Add(GetSignatureType(reader.ReadOidAsString()));
}
return(values);
}
public static void TestUnprotectedAttributes1_EmptySet()
{
// This tests the behavior of unprotected attribute extraction when one of the attribute sequences declares an
// attribute type, but the contained SET OF AttributeValue is empty.
//
// Attribute ::= SEQUENCE {
// attrType OBJECT IDENTIFIER,
// attrValues SET OF AttributeValue }
//
// The encoded message was built in ASN.1 editor and tested in framework.It contains an enveloped message
// version 2 with a key transport recipient, the enveloped message contains data encrypted with 3DES.
//
// The attributes set is built as
// {
// { attrType: document description, attrValues: { value1, value2 } },
// { attrType: document name, attrValues: { } },
// }
//
// The important part of this test is that there are 0 attributes of a type that is declared within the encoded message.
// This should return 2 as it should create a CryptographicAttributeObjectCollection with two CryptographicAttributeObjects,
// the first one holding a list of document description with the two values, the second one holding an empty list of
// document name.
byte[] encodedMessage =
("3082017806092A864886F70D010703A0820169308201650201023181C83081C5020100302E301A311830160603550403"
+ "130F5253414B65795472616E7366657231021031D935FB63E8CFAB48A0BF7B397B67C0300D06092A864886F70D010101"
+ "05000481802EE6A4AAA9F907E8EF472D8CD8603098488EC1C462815E6FC5A53A3DF6EB730F3D191746FDBBCA89114C6D"
+ "45FB6C4F26088043894D5A706889A29D52E03ABEDFAC98336BD01B0A9CFA57CC6C80908F4B42EFCE5E60E7A761451A4D"
+ "1A39783072000E551062027795A1CEB079791BA48C5F77D360EE48E185DE6C8CCB1C093D4B302B06092A864886F70D01"
+ "0701301406082A864886F70D03070408F55F613664678EE9800800BC3504D1F59470A168300E060A2B06010401823758"
+ "020131003056060A2B060104018237580202314804224D00790020004400650073006300720069007000740069006F00"
+ "6E0020003100000004224D00790020004400650073006300720069007000740069006F006E00200032000000").HexToByteArray();
EnvelopedCms ecms = new EnvelopedCms();
ecms.Decode(encodedMessage);
Assert.Equal(2, ecms.UnprotectedAttributes.Count);
CryptographicAttributeObjectCollection collection = ecms.UnprotectedAttributes;
string attrObj0Oid = collection[0].Oid.Value;
CryptographicAttributeObject documentDescObj = (attrObj0Oid == Oids.DocumentDescription) ?
collection[0] :
collection[1];
CryptographicAttributeObject documentNameObj = (attrObj0Oid == Oids.DocumentName) ?
collection[0] :
collection[1];
Assert.Equal(0, documentNameObj.Values.Count);
Assert.Equal(2, documentDescObj.Values.Count);
}
public static void CryptographicAttributeObjectMismatch()
{
Oid oid = new Oid(Oids.DocumentDescription);
Oid wrongOid = new Oid(Oids.DocumentName);
AsnEncodedDataCollection col = new AsnEncodedDataCollection();
col.Add(new AsnEncodedData(oid, new byte[3]));
object ignore;
Assert.Throws <InvalidOperationException>(() => ignore = new CryptographicAttributeObject(wrongOid, col));
}
private void Reset(uint originatorChoice, uint version, CAPI.CMSG_RECIPIENT_ENCRYPTED_KEY_INFO encryptedKeyInfo, uint subIndex)
{
this.m_encryptedKeyInfo = encryptedKeyInfo;
this.m_originatorChoice = originatorChoice;
this.m_version = (int)version;
this.m_originatorIdentifier = (SubjectIdentifierOrKey)null;
this.m_userKeyMaterial = new byte[0];
this.m_encryptionAlgorithm = (AlgorithmIdentifier)null;
this.m_recipientIdentifier = (SubjectIdentifier)null;
this.m_encryptedKey = new byte[0];
this.m_date = DateTime.MinValue;
this.m_otherKeyAttribute = (CryptographicAttributeObject)null;
this.m_subIndex = subIndex;
}
//
// Private methods.
//
private void Reset(uint originatorChoice, uint version, CAPI.CMSG_RECIPIENT_ENCRYPTED_KEY_INFO encryptedKeyInfo, uint subIndex)
{
m_encryptedKeyInfo = encryptedKeyInfo;
m_originatorChoice = originatorChoice;
m_version = (int)version;
m_originatorIdentifier = null;
m_userKeyMaterial = new byte[0];
m_encryptionAlgorithm = null;
m_recipientIdentifier = null;
m_encryptedKey = new byte[0];
m_date = DateTime.MinValue;
m_otherKeyAttribute = null;
m_subIndex = subIndex;
}
[InlineData(null)] // No commitment type.
public async Task AllowsNonAuthorAndRepositoryCounterSignatures(string commitmentTypeOidBase64)
{
// Arrange
_message = new SignatureValidationMessage(
TestResources.SignedPackageLeafId,
TestResources.SignedPackageLeaf1Version,
new Uri($"https://unit.test/validation/{TestResources.SignedPackageLeaf1.ToLowerInvariant()}"),
Guid.NewGuid());
var packageStream = await GetSignedPackageStream1Async();
ModifySignatureContent(
packageStream,
configuredSignedCms: signedCms =>
{
using (var counterCertificate = SigningTestUtility.GenerateCertificate(subjectName: null, modifyGenerator: null))
{
var cmsSigner = new CmsSigner(counterCertificate);
if (commitmentTypeOidBase64 != null)
{
var value = new AsnEncodedData(
Oids.CommitmentTypeIndication,
Convert.FromBase64String(commitmentTypeOidBase64));
var attribute = new CryptographicAttributeObject(
new Oid(Oids.CommitmentTypeIndication),
new AsnEncodedDataCollection(value));
cmsSigner.SignedAttributes.Add(attribute);
}
signedCms.SignerInfos[0].ComputeCounterSignature(cmsSigner);
}
});
// Act
var result = await _target.ValidateAsync(
_packageKey,
_packageStream,
_message,
_token);
// Assert
VerifyPackageSigningStatus(result, ValidationStatus.Failed, PackageSigningStatus.Invalid);
// This failure type indicates the counter signature validation passed.
VerifyNU3008(result);
}
public void Remove(CryptographicAttributeObject attribute) {}
public void CopyTo(CryptographicAttributeObject[] array, int index) {}
public CryptographicAttributeObjectCollection(CryptographicAttributeObject attribute) {}
public int Add(CryptographicAttributeObject attribute) {}
