public void VerifySignedAppCerts( KeyHashPair keyHashPair ) { X509Certificate2 issuerCertificate = GetIssuer(keyHashPair); Assert.NotNull(issuerCertificate); Assert.NotNull(issuerCertificate.RawData); Assert.True(issuerCertificate.HasPrivateKey); var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate( app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetIssuer(issuerCertificate) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); using (var plainCert = new X509Certificate2(cert.RawData)) { Assert.NotNull(plainCert); VerifyApplicationCert(app, plainCert, issuerCertificate); X509Utils.VerifyRSAKeyPair(plainCert, cert, true); } }
public void VerifySelfSignedAppCerts( KeyHashPair keyHashPair ) { var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate(app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); using (RSA rsa = cert.GetRSAPrivateKey()) { rsa.ExportParameters(true); } using (RSA rsa = cert.GetRSAPublicKey()) { rsa.ExportParameters(false); } var plainCert = new X509Certificate2(cert.RawData); Assert.NotNull(plainCert); VerifyApplicationCert(app, plainCert); X509Utils.VerifyRSAKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert)); }
public void VerifySignedAppCerts( KeyHashPair keyHashPair ) { X509Certificate2 caCert; if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out caCert)) { Assert.Ignore($"Could not load Root CA."); } Assert.NotNull(caCert); Assert.NotNull(caCert.RawData); Assert.True(caCert.HasPrivateKey); var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate( app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetIssuer(caCert) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); using (var plainCert = new X509Certificate2(cert.RawData)) { Assert.NotNull(plainCert); VerifyApplicationCert(app, plainCert, caCert); X509Utils.VerifyRSAKeyPair(cert, caCert); } }
public async Task RegisterAllApplications() { foreach (var application in _applicationTestSet) { var result = await _applicationsDatabase.RegisterApplicationAsync( application.Model.ToRegistrationRequest()); var applicationModel = await _applicationsDatabase.GetApplicationAsync(application.Model.ApplicationId); Assert.NotNull(applicationModel); Assert.NotNull(applicationModel.Application.ApplicationId); ApplicationTestData.AssertEqualApplicationModelData(applicationModel.Application, application.Model); application.Model = applicationModel.Application; Assert.NotNull(applicationModel); } _fixture.RegistrationOk = true; }
public void VerifySelfSignedAppCerts( KeyHashPair keyHashPair ) { var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate(null, null, null, app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames, keyHashPair.KeySize, DateTime.UtcNow, CertificateFactory.DefaultLifeTime, keyHashPair.HashSize); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); var plainCert = new X509Certificate2(cert.RawData); Assert.NotNull(plainCert); VerifySelfSignedApplicationCert(app, plainCert); CertificateFactory.VerifySelfSigned(cert); CertificateFactory.VerifyRSAKeyPair(cert, cert); }
public static void VerifyApplicationCert(ApplicationTestData testApp, X509Certificate2 cert, X509Certificate2 issuerCert = null) { bool signedCert = issuerCert != null; if (issuerCert == null) { issuerCert = cert; } TestContext.Out.WriteLine($"{nameof(VerifyApplicationCert)}:"); Assert.NotNull(cert); TestContext.Out.WriteLine(cert); Assert.False(cert.HasPrivateKey); Assert.True(X509Utils.CompareDistinguishedName(testApp.Subject, cert.Subject)); Assert.True(X509Utils.CompareDistinguishedName(issuerCert.Subject, cert.Issuer)); // test basic constraints X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert); Assert.NotNull(constraints); TestContext.Out.WriteLine(constraints.Format(true)); Assert.True(constraints.Critical); if (signedCert) { Assert.False(constraints.CertificateAuthority); Assert.False(constraints.HasPathLengthConstraint); } else { Assert.True(constraints.CertificateAuthority); Assert.True(constraints.HasPathLengthConstraint); Assert.AreEqual(0, constraints.PathLengthConstraint); } // key usage X509KeyUsageExtension keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert); Assert.NotNull(keyUsage); TestContext.Out.WriteLine(keyUsage.Format(true)); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == (signedCert ? 0 : X509KeyUsageFlags.KeyCertSign)); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage X509EnhancedKeyUsageExtension enhancedKeyUsage = X509Extensions.FindExtension <X509EnhancedKeyUsageExtension>(cert); Assert.NotNull(enhancedKeyUsage); TestContext.Out.WriteLine(enhancedKeyUsage.Format(true)); Assert.True(enhancedKeyUsage.Critical); // test for authority key X509AuthorityKeyIdentifierExtension authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(cert); Assert.NotNull(authority); TestContext.Out.WriteLine(authority.Format(true)); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyIdentifier); Assert.NotNull(authority.Issuer); if (issuerCert == null) { Assert.AreEqual(cert.SubjectName.RawData, authority.Issuer.RawData); Assert.True(X509Utils.CompareDistinguishedName(cert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}"); } else { Assert.AreEqual(issuerCert.SubjectName.RawData, authority.Issuer.RawData); Assert.True(X509Utils.CompareDistinguishedName(issuerCert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}"); } // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(cert); TestContext.Out.WriteLine(subjectKeyId.Format(true)); if (signedCert) { var caCertSubjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(issuerCert); Assert.NotNull(caCertSubjectKeyId); Assert.AreEqual(caCertSubjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); } else { Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); } Assert.AreEqual(issuerCert.GetSerialNumber(), authority.GetSerialNumber()); Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(cert); Assert.NotNull(subjectAlternateName); TestContext.Out.WriteLine(subjectAlternateName.Format(true)); Assert.False(subjectAlternateName.Critical); var domainNames = X509Utils.GetDomainsFromCertficate(cert); foreach (var domainName in testApp.DomainNames) { Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase)); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = X509Utils.GetApplicationUriFromCertificate(cert); TestContext.Out.WriteLine("ApplicationUri: "); TestContext.Out.WriteLine(applicationUri); Assert.AreEqual(testApp.ApplicationUri, applicationUri); }
public static void VerifySignedApplicationCert(ApplicationTestData testApp, X509Certificate2 signedCert, X509Certificate2Collection issuerCerts) { var issuerCert = issuerCerts[0]; var signedCertO = signedCert.ToCertificate(); Assert.NotNull(signedCertO); Assert.False(signedCert.HasPrivateKey); Assert.True(Utils.CompareDistinguishedName(testApp.Subject, signedCert.Subject)); Assert.False(Utils.CompareDistinguishedName(signedCert.Issuer, signedCert.Subject)); Assert.True(Utils.CompareDistinguishedName(signedCert.Issuer, issuerCert.Subject)); // test basic constraints var constraints = signedCertO.GetBasicConstraintsExtension(); Assert.NotNull(constraints); Assert.True(constraints.Critical); Assert.False(constraints.CertificateAuthority); Assert.False(constraints.HasPathLengthConstraint); // key usage var keyUsage = signedCertO.GetKeyUsageExtension(); Assert.NotNull(keyUsage); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage var enhancedKeyUsage = signedCertO.GetEnhancedKeyUsageExtension(); Assert.NotNull(enhancedKeyUsage); Assert.True(enhancedKeyUsage.Critical); // test for authority key var authority = signedCertO.GetAuthorityKeyIdentifierExtension(); Assert.NotNull(authority); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyId); Assert.NotNull(authority.AuthorityNames); // verify authority key in signed cert var subjectKeyId = signedCertO.GetSubjectKeyIdentifierExtension(); Assert.Equal(subjectKeyId.SubjectKeyIdentifier, authority.KeyId); Assert.Equal(issuerCert.SerialNumber, authority.SerialNumber.ToString()); var subjectAlternateName = signedCertO.GetSubjectAltNameExtension(); Assert.NotNull(subjectAlternateName); Assert.False(subjectAlternateName.Critical); var domainNames = Utils.GetDomainsFromCertficate(signedCert); foreach (var domainName in testApp.DomainNames) { Assert.Contains(domainName, domainNames, StringComparer.OrdinalIgnoreCase); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = Utils.GetApplicationUriFromCertificate(signedCert); Assert.True(testApp.ApplicationRecord.ApplicationUri == applicationUri); var issuerCertIdCollection = new CertificateIdentifierCollection(); foreach (var cert in issuerCerts) { issuerCertIdCollection.Add(new CertificateIdentifier(cert)); } // verify cert with issuer chain var certValidator = new CertificateValidator(); var issuerStore = new CertificateTrustList(); var trustedStore = new CertificateTrustList { TrustedCertificates = issuerCertIdCollection }; certValidator.Update(trustedStore, issuerStore, null); Assert.Throws <ServiceResultException>(() => certValidator.Validate(signedCert)); issuerStore.TrustedCertificates = issuerCertIdCollection; certValidator.Update(issuerStore, trustedStore, null); certValidator.Validate(signedCert); }
public static void VerifySelfSignedApplicationCert(ApplicationTestData testApp, X509Certificate2 cert) { Assert.NotNull(cert); Assert.False(cert.HasPrivateKey); Assert.True(Utils.CompareDistinguishedName(testApp.Subject, cert.Subject)); Assert.True(Utils.CompareDistinguishedName(testApp.Subject, cert.Issuer)); // test basic constraints var constraints = FindExtension <X509BasicConstraintsExtension>(cert); Assert.NotNull(constraints); Assert.True(constraints.Critical); Assert.True(constraints.CertificateAuthority); Assert.True(constraints.HasPathLengthConstraint); Assert.AreEqual(0, constraints.PathLengthConstraint); // key usage var keyUsage = FindExtension <X509KeyUsageExtension>(cert); Assert.NotNull(keyUsage); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage X509EnhancedKeyUsageExtension enhancedKeyUsage = FindExtension <X509EnhancedKeyUsageExtension>(cert); Assert.NotNull(enhancedKeyUsage); Assert.True(enhancedKeyUsage.Critical); // test for authority key X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(cert); Assert.NotNull(authority); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyId); Assert.NotNull(authority.AuthorityNames); // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = FindExtension <X509SubjectKeyIdentifierExtension>(cert); Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyId); Assert.AreEqual(cert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = FindSubjectAltName(cert); Assert.NotNull(subjectAlternateName); Assert.False(subjectAlternateName.Critical); var domainNames = Utils.GetDomainsFromCertficate(cert); foreach (var domainName in testApp.DomainNames) { Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase)); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = Utils.GetApplicationUriFromCertificate(cert); Assert.AreEqual(testApp.ApplicationUri, applicationUri); }