public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName)
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName);
Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value);
Assert.Equal(1, attribute.Values.Count);
var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
var expectedHash = SigningTestUtility.GetHash(certificate, hashAlgorithmName);
SigningTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash);
Assert.Equal(
hashAlgorithmName,
CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value));
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
var serialNumber = certificate.GetSerialNumber();
// Convert from little endian to big endian.
Array.Reverse(serialNumber);
SigningTestUtility.VerifyByteArrays(
serialNumber,
essCertIdV2.IssuerSerial.SerialNumber);
}
}
private static void VerifyAttributes(
System.Security.Cryptography.CryptographicAttributeObjectCollection attributes,
SignPackageRequest request)
{
var pkcs9SigningTimeAttributeFound = false;
var commitmentTypeIndicationAttributeFound = false;
var signingCertificateV2AttributeFound = false;
foreach (var attribute in attributes)
{
Assert.Equal(1, attribute.Values.Count);
switch (attribute.Oid.Value)
{
case "1.2.840.113549.1.9.5": // PKCS #9 signing time
Assert.IsType <Pkcs9SigningTime>(attribute.Values[0]);
pkcs9SigningTimeAttributeFound = true;
break;
case Oids.CommitmentTypeIndication:
var qualifier = CommitmentTypeQualifier.Read(attribute.Values[0].RawData);
var expectedCommitmentType = AttributeUtility.GetSignatureTypeOid(request.SignatureType);
Assert.Equal(expectedCommitmentType, qualifier.CommitmentTypeIdentifier.Value);
commitmentTypeIndicationAttributeFound = true;
break;
case Oids.SigningCertificateV2:
var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
Assert.Equal(SigningTestUtility.GetHash(request.Certificate, request.SignatureHashAlgorithm), essCertIdV2.CertificateHash);
Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(request.Certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifySerialNumber(request.Certificate, essCertIdV2.IssuerSerial);
Assert.Null(signingCertificateV2.Policies);
signingCertificateV2AttributeFound = true;
break;
}
}
Assert.True(pkcs9SigningTimeAttributeFound);
Assert.True(commitmentTypeIndicationAttributeFound);
Assert.True(signingCertificateV2AttributeFound);
}
public void Create_WithSha512_ReturnsEssCertIdV2()
{
var hashAlgorithmName = HashAlgorithmName.SHA512;
using (var certificate = _fixture.GetDefaultCertificate())
{
var essCertIdV2 = EssCertIdV2.Create(certificate, hashAlgorithmName);
Assert.Equal(SigningTestUtility.GetHash(certificate, hashAlgorithmName), essCertIdV2.CertificateHash);
Assert.Equal(Oids.Sha512, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifySerialNumber(certificate, essCertIdV2.IssuerSerial);
}
}
public void Create_WithValidInput_ReturnsSigningCertificateV2(HashAlgorithmName hashAlgorithmName)
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var signingCertificateV2 = SigningCertificateV2.Create(certificate, hashAlgorithmName);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
Assert.Equal(hashAlgorithmName, CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value));
Assert.Equal(SigningTestUtility.GetHash(certificate, hashAlgorithmName), essCertIdV2.CertificateHash);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifySerialNumber(certificate, essCertIdV2.IssuerSerial);
Assert.Null(signingCertificateV2.Policies);
}
}
public void Read_WithValidInput_ReturnsEssCertId()
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var bcCertificate = DotNetUtilities.FromX509Certificate(certificate);
var bcGeneralNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN));
var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber));
var hash = SigningTestUtility.GetHash(certificate, Common.HashAlgorithmName.SHA256);
var bcEssCertId = new BcEssCertId(hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertId = EssCertId.Read(bytes);
Assert.Equal(1, essCertId.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertId.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifyByteArrays(hash, essCertId.CertificateHash);
SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertId.IssuerSerial.SerialNumber);
}
}
