private X509AttrCertStoreSelector(
			X509AttrCertStoreSelector o)
        {
            this.attributeCert = o.attributeCert;
            this.attributeCertificateValid = o.attributeCertificateValid;
            this.holder = o.holder;
            this.issuer = o.issuer;
            this.serialNumber = o.serialNumber;
        }
		private X509AttrCertStoreSelector(
			X509AttrCertStoreSelector o)
		{
			this.attributeCert = o.attributeCert;
			this.attributeCertificateValid = o.attributeCertificateValid;
			this.holder = o.holder;
			this.issuer = o.issuer;
			this.serialNumber = o.serialNumber;
			this.targetGroups = new HashSet(o.targetGroups);
			this.targetNames = new HashSet(o.targetNames);
		}
 private X509AttrCertStoreSelector(
     X509AttrCertStoreSelector o)
 {
     this.attributeCert             = o.attributeCert;
     this.attributeCertificateValid = o.attributeCertificateValid;
     this.holder       = o.holder;
     this.issuer       = o.issuer;
     this.serialNumber = o.serialNumber;
     this.targetGroups = new HashSet(o.targetGroups);
     this.targetNames  = new HashSet(o.targetNames);
 }
    public override bool Equals(object obj)
    {
        if (obj == this)
        {
            return(true);
        }
        if (!(obj is AttributeCertificateHolder))
        {
            return(false);
        }
        AttributeCertificateHolder attributeCertificateHolder = (AttributeCertificateHolder)obj;

        return(holder.Equals(attributeCertificateHolder.holder));
    }
Ejemplo n.º 5
0
        private void doTestCertWithBaseCertificateID()
        {
            IX509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID);
            X509CertificateParser     fact     = new X509CertificateParser();
            X509Certificate           cert     = fact.ReadCertificate(holderCertWithBaseCertificateID);

            AttributeCertificateHolder holder = attrCert.Holder;

            if (holder.GetEntityNames() != null)
            {
                Fail("entity names set when none expected");
            }

            if (!holder.SerialNumber.Equals(cert.SerialNumber))
            {
                Fail("holder serial number doesn't Match");
            }

            if (!holder.GetIssuer()[0].Equivalent(cert.IssuerDN))
            {
                Fail("holder issuer doesn't Match");
            }

            if (!holder.Match(cert))
            {
                Fail("holder not matching holder certificate");
            }

            if (!holder.Equals(holder.Clone()))
            {
                Fail("holder clone test failed");
            }

            if (!attrCert.Issuer.Equals(attrCert.Issuer.Clone()))
            {
                Fail("issuer clone test failed");
            }

            equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
        }
 public void SetHolder(AttributeCertificateHolder holder)
 {
     acInfoGen.SetHolder(holder.holder);
 }
Ejemplo n.º 7
0
        public override void PerformTest()
        {
            IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert);
            X509CertificateParser     fact  = new X509CertificateParser();
            X509Certificate           sCert = fact.ReadCertificate(signCert);

            aCert.Verify(sCert.GetPublicKey());

            //
            // search test
            //
            IList list = new ArrayList();

            list.Add(sCert);

//			CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
//			CertStore store = CertStore.getInstance("Collection", ccsp);
            IX509Store store = X509StoreFactory.Create(
                "Certificate/Collection",
                new X509CollectionStoreParameters(list));

            ArrayList certs = new ArrayList(
//				store.getCertificates(aCert.getIssuer()));
                store.GetMatches(aCert.Issuer));

            if (certs.Count != 1 || !certs.Contains(sCert))
            {
                Fail("sCert not found by issuer");
            }

            X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
            if (attrs == null || attrs.Length != 1)
            {
                Fail("attribute not found");
            }

            //
            // reencode test
            //
            aCert = new X509V2AttributeCertificate(aCert.GetEncoded());

            aCert.Verify(sCert.GetPublicKey());

            IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded());

            if (!aCert.NotAfter.Equals(saCert.NotAfter))
            {
                Fail("failed date comparison");
            }

            // base generator test

            //
            // a sample key pair.
            //
            RsaKeyParameters pubKey = new RsaKeyParameters(
                false,
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16));

            AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;

            //
            // set up the keys
            //
//			PrivateKey          privKey;
//			PublicKey           pubKey;
//
//			KeyFactory  kFact = KeyFactory.getInstance("RSA");
//
//			privKey = kFact.generatePrivate(privKeySpec);
//			pubKey = kFact.generatePublic(pubKeySpec);

            X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

            gen.AddAttribute(attrs[0]);
            gen.SetHolder(aCert.Holder);
            gen.SetIssuer(aCert.Issuer);
            gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            gen.SetSerialNumber(aCert.SerialNumber);
            gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            aCert = gen.Generate(privKey);

            aCert.CheckValidity();

            aCert.Verify(pubKey);

            // as the issuer is the same this should still work (even though it is not
            // technically correct

            certs = new ArrayList(
//				store.getCertificates(aCert.Issuer));
                store.GetMatches(aCert.Issuer));

            if (certs.Count != 1 || !certs.Contains(sCert))
            {
                Fail("sCert not found by issuer");
            }

            attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
            if (attrs == null || attrs.Length != 1)
            {
                Fail("attribute not found");
            }

            //
            // reencode test
            //
            aCert = new X509V2AttributeCertificate(aCert.GetEncoded());

            aCert.Verify(pubKey);

            AttributeCertificateIssuer issuer = aCert.Issuer;

            X509Name[] principals = issuer.GetPrincipals();

            //
            // test holder
            //
            AttributeCertificateHolder holder = aCert.Holder;

            if (holder.GetEntityNames() == null)
            {
                Fail("entity names not set");
            }

            if (holder.SerialNumber != null)
            {
                Fail("holder serial number set when none expected");
            }

            if (holder.GetIssuer() != null)
            {
                Fail("holder issuer set when none expected");
            }

            principals = holder.GetEntityNames();

            string ps = principals[0].ToString();

            // TODO Check that this is a good enough test
//			if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))
            if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")))
            {
                Fail("principal[0] for entity names don't Match");
            }

            //
            // extension test
            //

            gen.AddExtension("1.1", true, new DerOctetString(new byte[10]));

            gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));

            aCert = gen.Generate(privKey);

            ISet exts = aCert.GetCriticalExtensionOids();

            if (exts.Count != 1 || !exts.Contains("1.1"))
            {
                Fail("critical extension test failed");
            }

            exts = aCert.GetNonCriticalExtensionOids();

            if (exts.Count != 1 || !exts.Contains("2.2"))
            {
                Fail("non-critical extension test failed");
            }

            Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1"));
            Asn1Encodable   extValue  = X509ExtensionUtilities.FromExtensionValue(extString);

            if (!extValue.Equals(new DerOctetString(new byte[10])))
            {
                Fail("wrong extension value found for 1.1");
            }

            doTestCertWithBaseCertificateID();
            doTestGenerateWithCert();
            doTestGenerateWithPrincipal();
        }
Ejemplo n.º 8
0
        private void doTestGenerateWithPrincipal()
        {
            X509CertificateParser fact  = new X509CertificateParser();
            X509Certificate       iCert = fact.ReadCertificate(signCert);

            //
            // a sample key pair.
            //
            RsaKeyParameters pubKey = new RsaKeyParameters(
                false,
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16));

            //
            // set up the keys
            //
//			PrivateKey          privKey;
//			PublicKey           pubKey;
//
//			KeyFactory  kFact = KeyFactory.getInstance("RSA");
//
//			privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
//			pubKey = kFact.generatePublic(pubKeySpec);
            AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;

            X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

            // the actual attributes
            GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789");

            // roleSyntax OID: 2.5.24.72
            X509Attribute attributes = new X509Attribute("2.5.24.72",
                                                         new DerSequence(roleName));

            gen.AddAttribute(attributes);
            gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN));
            gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
            gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            gen.SetSerialNumber(BigInteger.One);
            gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            IX509AttributeCertificate aCert = gen.Generate(privKey);

            aCert.CheckValidity();

            aCert.Verify(pubKey);

            AttributeCertificateHolder holder = aCert.Holder;

            if (holder.GetEntityNames() == null)
            {
                Fail("entity names not set when expected");
            }

            if (holder.SerialNumber != null)
            {
                Fail("holder serial number found when none expected");
            }

            if (holder.GetIssuer() != null)
            {
                Fail("holder issuer found when none expected");
            }

            if (!holder.Match(iCert))
            {
                Fail("generated holder not matching holder certificate");
            }

            X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID);

            if (holder.Match(sCert))
            {
                Fail("principal generated holder matching wrong certificate");
            }

            equalityAndHashCodeTest(aCert, aCert.GetEncoded());
        }