public void MsdnSignedXmlTest()
{
using (var store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
// Find signing certificate
Pkcs11X509Certificate cert = Helpers.GetCertificate(store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);
// Get PKCS#11 based private key
RSA rsaPrivateKey = cert.GetRSAPrivateKey();
// Get software based public key
RSA rsaPublicKey = cert.Info.ParsedCertificate.PublicKey.Key as RSA;
// Determine paths
string basePath = Helpers.GetBasePath();
string plainXmlFilePath = Path.Combine(basePath, "Example.xml");
string signedXmlFilePath = Path.Combine(basePath, "SignedExample.xml");
// Create an XML file to sign
CreateSomeXml(plainXmlFilePath);
// Sign the XML that was just created and save it in a new file
SignXmlFile(plainXmlFilePath, signedXmlFilePath, rsaPrivateKey);
// Verify the signature of the signed XML
bool result = VerifyXmlFile(signedXmlFilePath, rsaPublicKey);
// Check the results of the signature verification
Assert.IsTrue(result);
}
}
public void BasicSignedCmsTest()
{
// Load PKCS#11 based store
using (var pkcs11Store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
// Find signing certificate
Pkcs11X509Certificate pkcs11Cert = Helpers.GetCertificate(pkcs11Store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);
// Get PKCS#11 based private key
AsymmetricAlgorithm pkcs11PrivKey = pkcs11Cert.GetPrivateKey();
// Create signature with SignedCms class and PKCS#11 based private key
byte[] dataToSign = Encoding.UTF8.GetBytes("Hello world!");
ContentInfo contentInfo = new ContentInfo(dataToSign);
SignedCms signedCms = new SignedCms(contentInfo);
CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, pkcs11Cert.Info.ParsedCertificate, pkcs11PrivKey);
signedCms.ComputeSignature(cmsSigner);
byte[] encodedCms = signedCms.Encode();
// Verify signature
signedCms = new SignedCms();
signedCms.Decode(encodedCms);
signedCms.CheckSignature(true);
}
}
public void RsaPkcs1SelfTest()
{
using (var store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
Pkcs11X509Certificate cert1 = Helpers.GetCertificate(store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);
Pkcs11X509Certificate cert2 = Helpers.GetCertificate(store, SoftHsm2Manager.Token2Label, SoftHsm2Manager.Token2TestUserRsaLabel);
foreach (var cert in new Pkcs11X509Certificate[] { cert1, cert2 })
{
RSA p11PrivKey = cert.GetRSAPrivateKey();
Assert.IsNotNull(p11PrivKey);
RSA p11PubKey = cert.GetRSAPublicKey();
Assert.IsNotNull(p11PubKey);
foreach (HashAlgorithmName hashAlgName in _hashNamesPkcs1)
{
byte[] hash1 = Helpers.ComputeHash(_data1, hashAlgName);
byte[] hash2 = Helpers.ComputeHash(_data2, hashAlgName);
byte[] signature = p11PrivKey.SignHash(hash1, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsNotNull(signature);
bool result1 = p11PubKey.VerifyHash(hash1, signature, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsTrue(result1);
bool result2 = p11PubKey.VerifyHash(hash2, signature, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsFalse(result2);
}
}
}
}
public void RsaPkcs1PlatformTest()
{
using (var store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
Pkcs11X509Certificate cert = Helpers.GetCertificate(store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);
RSA p11PrivKey = cert.GetRSAPrivateKey();
Assert.IsNotNull(p11PrivKey);
RSA p11PubKey = cert.GetRSAPublicKey();
Assert.IsNotNull(p11PubKey);
RSA cngKey = CryptoObjects.GetTestUserPlatformRsaProvider();
Assert.IsNotNull(cngKey);
foreach (HashAlgorithmName hashAlgName in _hashNamesPkcs1)
{
byte[] hash1 = Helpers.ComputeHash(_data1, hashAlgName);
byte[] hash2 = Helpers.ComputeHash(_data2, hashAlgName);
byte[] p11Signature = p11PrivKey.SignHash(hash1, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsNotNull(p11Signature);
bool result1 = cngKey.VerifyHash(hash1, p11Signature, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsTrue(result1);
bool result2 = cngKey.VerifyHash(hash2, p11Signature, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsFalse(result2);
byte[] cngSignature = cngKey.SignHash(hash1, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsNotNull(cngSignature);
bool result3 = p11PubKey.VerifyHash(hash1, cngSignature, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsTrue(result3);
bool result4 = p11PubKey.VerifyHash(hash2, cngSignature, hashAlgName, RSASignaturePadding.Pkcs1);
Assert.IsFalse(result4);
}
}
}
public void BasicRsaCertificateRequestTest()
{
// Load PKCS#11 based store
using (var pkcs11Store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
{
// Find signing certificate (CA certificate)
Pkcs11X509Certificate pkcs11CertOfCertificateAuthority = Helpers.GetCertificate(pkcs11Store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);
// Generate new key pair for end entity
RSA rsaKeyPairOfEndEntity = RSA.Create(2048);
// Define certificate request
CertificateRequest certificateRequest = new CertificateRequest(
new X500DistinguishedName("C=SK,L=Bratislava,CN=BasicRsaCertificateRequestTest"),
rsaKeyPairOfEndEntity,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1);
// Define certificate extensions
certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
certificateRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, false));
// Issue X.509 certificate for end entity
X509Certificate2 certificateOfEndEntity = certificateRequest.Create(
pkcs11CertOfCertificateAuthority.Info.ParsedCertificate.SubjectName,
X509SignatureGenerator.CreateForRSA(pkcs11CertOfCertificateAuthority.GetRSAPrivateKey(), RSASignaturePadding.Pkcs1),
DateTimeOffset.UtcNow,
DateTimeOffset.UtcNow.AddDays(365),
new BigInteger(1).ToByteArray());
// Verify signature on X.509 certificate for end entity
Assert.IsTrue(CaCertSignedEndEntityCert(pkcs11CertOfCertificateAuthority.Info.ParsedCertificate.RawData, certificateOfEndEntity.RawData));
// Asociate end entity certificate with its private key
certificateOfEndEntity = certificateOfEndEntity.CopyWithPrivateKey(rsaKeyPairOfEndEntity);
// Export end entity certificate to PKCS#12 file
string basePath = Helpers.GetBasePath();
string pkcs12FilePath = Path.Combine(basePath, "BasicRsaCertificateRequestTest.p12");
File.WriteAllBytes(pkcs12FilePath, certificateOfEndEntity.Export(X509ContentType.Pkcs12, "password"));
}
}
