public override void PerformTest() { QCStatement mv = new QCStatement(Rfc3739QCObjectIdentifiers.IdQcsPkixQCSyntaxV1); CheckConstruction(mv, Rfc3739QCObjectIdentifiers.IdQcsPkixQCSyntaxV1, null); Asn1Encodable info = new SemanticsInformation(new DerObjectIdentifier("1.2")); mv = new QCStatement(Rfc3739QCObjectIdentifiers.IdQcsPkixQCSyntaxV1, info); CheckConstruction(mv, Rfc3739QCObjectIdentifiers.IdQcsPkixQCSyntaxV1, info); mv = QCStatement.GetInstance(null); if (mv != null) { Fail("null GetInstance() failed."); } try { QCStatement.GetInstance(new object()); Fail("GetInstance() failed to detect bad object."); } catch (ArgumentException) { // expected } }
public virtual bool Check(CertificateAndContext cert) { if (cert is null) { throw new System.ArgumentNullException(nameof(cert)); } Asn1OctetString qcStatement = cert.Certificate.GetExtensionValue(X509Extensions.QCStatements); if (qcStatement != null) { DerOctetString s = (DerOctetString)qcStatement; byte[] content = s.GetOctets(); using (Asn1InputStream input = new Asn1InputStream(content)) { DerSequence seq = (DerSequence)input.ReadObject(); for (int i = 0; i < seq.Count; i++) { QCStatement statement = QCStatement.GetInstance(seq[i]); if (statement.StatementId.Id.Equals(qcStatementId, System.StringComparison.OrdinalIgnoreCase)) { return(true); } } return(false); } } return(false); }
public virtual bool Check(CertificateAndContext cert) { //TODO jbonilla - Validar //byte[] qcStatement = cert.GetCertificate().GetExtensionValue(X509Extensions.QCStatements); Asn1OctetString qcStatement = cert.GetCertificate().GetExtensionValue(X509Extensions.QCStatements); if (qcStatement != null) { try { //Asn1InputStream input = new Asn1InputStream(qcStatement); //DerOctetString s = (DerOctetString)input.ReadObject(); DerOctetString s = (DerOctetString)qcStatement; byte[] content = s.GetOctets(); Asn1InputStream input = new Asn1InputStream(content); DerSequence seq = (DerSequence)input.ReadObject(); for (int i = 0; i < seq.Count; i++) { QCStatement statement = QCStatement.GetInstance(seq[i]); if (statement.StatementId.Id.Equals(qcStatementId)) { return(true); } } return(false); } catch (IOException e) { throw new RuntimeException(e); } } return(false); }
private void CheckConstruction( QCStatement mv, DerObjectIdentifier statementId, Asn1Encodable statementInfo) { CheckStatement(mv, statementId, statementInfo); mv = QCStatement.GetInstance(mv); CheckStatement(mv, statementId, statementInfo); Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray( mv.ToAsn1Object().GetEncoded()); mv = QCStatement.GetInstance(seq); CheckStatement(mv, statementId, statementInfo); }
private void CheckStatement( QCStatement qcs, DerObjectIdentifier statementId, Asn1Encodable statementInfo) { if (!qcs.StatementId.Equals(statementId)) { Fail("statementIds don't match."); } if (statementInfo != null) { if (!qcs.StatementInfo.Equals(statementInfo)) { Fail("statementInfos don't match."); } } else if (qcs.StatementInfo != null) { Fail("statementInfo found when none expected."); } }
static void Main(string[] args) { PolicyInformation[] certPolicies = new PolicyInformation[2]; certPolicies[0] = new PolicyInformation(new DerObjectIdentifier("2.16.840.1.101.2.1.11.5")); certPolicies[1] = new PolicyInformation(new DerObjectIdentifier("2.16.840.1.101.2.1.11.18")); var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); //serial var serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // sig alg const string signatureAlgorithm = "SHA1WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Subjects // Time x = new Time(); var subjectDN = new X509Name("CN=localhost, O=Arsslensoft, C=TN,surname=Idadi,givenname=Arsslen, uniqueidentifier=15002060,businesscategory=Production,initials=Hello, gender=male, placeofbirth=El Manar, pseudonym=Arsslinko, postaladdress=2076, countryofcitizenship=TN, countryofresidence=TN,telephonenumber=53299093"); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Validity var notBefore = DateTime.UtcNow.Date.Subtract(new TimeSpan(5, 0, 0)); var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // PKEY const int strength = 512; var keyGenerationParameters = new KeyGenerationParameters(random, strength); // var x= new Al.Security.Crypto.Generators.DsaKeyPairGenerator(); // X9ECParameters ecP = NistNamedCurves.GetByName("B-571"); // ECDomainParameters ecSpec = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()); // ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator("ECDSA"); // //ECPA par = new DsaParametersGenerator(); // //par.Init(2048, 100, random); // //ECKeyGenerationParameters pa = new ECKeyGenerationParameters(random, par.GenerateParameters()); //// var keyPairGenerator = new DHKeyPairGenerator(); // //DsaParametersGenerator par = new DsaParametersGenerator(); // //par.Init(2048, 100, random); // //DsaKeyGenerationParameters pa = new DsaKeyGenerationParameters(random, par.GenerateParameters()); // // keyPairGenerator.Init(pa); // keyPairGenerator.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); //var keyPairGenerator = new DsaKeyPairGenerator(); //DsaParametersGenerator par = new DsaParametersGenerator(); //par.Init(1024, 100, random); //DsaKeyGenerationParameters pa = new DsaKeyGenerationParameters(random, par.GenerateParameters()); //keyPairGenerator.Init(pa); // KeyPair = keyPairGenerator.GenerateKeyPair(); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); StreamReader str = new StreamReader("D:\\test.key"); PemReader pem = new PemReader(str); AsymmetricCipherKeyPair keypair = (AsymmetricCipherKeyPair)pem.ReadObject(); var subjectKeyPair = keypair; str.Close(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // ext X509Extensions certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(subjectKeyPair.Public)); certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(subjectKeyPair.Public)); certificateGenerator.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(false)); // key usage certificateGenerator.AddExtension( X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.KeyAgreement | KeyUsage.DataEncipherment | KeyUsage.DigitalSignature)); // extended key usage var usages = new[] { KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth }; ExtendedKeyUsage extendedKeyUsage = new ExtendedKeyUsage(usages); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, extendedKeyUsage); // Test Policy DerSequence seq = CreatePolicyInformationsSequence("http://www.arsslensoft.com", "Arsslensoft", "1.3.6.1.4.1.23823.1.1.1", "Test Notice"); // certificateGenerator.AddExtension(X509Extensions.CertificatePolicies, false, new DerSequence(certPolicies)); // Authority access List <GeneralSubtree> ees = new List <GeneralSubtree>(); ees.Add(new GeneralSubtree(new GeneralName(GeneralName.UniformResourceIdentifier, "http://www.google.com"))); certificateGenerator.AddExtension(X509Extensions.NameConstraints, true, new NameConstraints(null, ees)); certificateGenerator.AddExtension(X509Extensions.NetscapeComment, true, new DerVisibleString("NS COMMENT")); certificateGenerator.AddExtension(X509Extensions.NetscapeBaseUrl, true, new DerIA5String("http://www.google.com")); certificateGenerator.AddExtension(X509Extensions.InhibitAnyPolicy, true, new DerInteger(12)); // Policy constraints byte inhibit = 12; byte explicitc = 12; // certificateGenerator.AddExtension(X509Extensions.PolicyConstraints, false, new DerOctetSequence(new byte[] { 128, 1, explicitc, 129, 1, inhibit })); certificateGenerator.AddExtension(X509Extensions.NetscapeCertUsage, false, new KeyUsage(KeyUsage.KeyAgreement)); certificateGenerator.AddExtension(X509Extensions.AuthorityInfoAccess, false, CreateAuthorityAccessInformationSequence("http://www.arsslensoft.com", null)); // Subhect Issuer Alternative name GeneralName altName = new GeneralName(GeneralName.DnsName, "localhost"); GeneralNames subjectAltName = new GeneralNames(altName); certificateGenerator.AddExtension(X509Extensions.IssuerAlternativeName, false, subjectAltName); certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); // certificateGenerator.AddExtension(new DerObjectIdentifier("2.16.840.1.11730.29.53"), false, subjectAltName); // GeneralNames s; //CRL Distribution Points DistributionPointName distPointOne = new DistributionPointName(new GeneralNames( new GeneralName(GeneralName.UniformResourceIdentifier, "http://crl.somewebsite.com/master.crl"))); GeneralNames gns = new GeneralNames(new GeneralName[] { new GeneralName(GeneralName.UniformResourceIdentifier, "ldap://crl.somewebsite.com/cn%3dSecureCA%2cou%3dPKI%2co%3dCyberdyne%2cc%3dUS?certificaterevocationlist;binary"), new GeneralName(GeneralName.Rfc822Name, "Arslen") }); DistributionPointName distPointTwo = new DistributionPointName(gns); DistributionPoint[] distPoints = new DistributionPoint[2]; distPoints[0] = new DistributionPoint(distPointOne, null, null); distPoints[1] = new DistributionPoint(distPointTwo, null, gns); IssuingDistributionPoint iss = new IssuingDistributionPoint(distPointOne, false, true, null, false, false); certificateGenerator.AddExtension(X509Extensions.IssuingDistributionPoint, false, iss); certificateGenerator.AddExtension(X509Extensions.CrlDistributionPoints, false, new CrlDistPoint(distPoints)); // Biometric Asn1EncodableVector v = new Asn1EncodableVector(); BiometricData bdat = new BiometricData(new TypeOfBiometricData(TypeOfBiometricData.HandwrittenSignature), new AlgorithmIdentifier(new DerObjectIdentifier("1.3.14.3.2.26")), new DerOctetString(new byte[] { 169, 74, 143, 229, 204, 177, 155, 166, 28, 76, 8, 115, 211, 145, 233, 135, 152, 47, 187, 211 }), new DerIA5String("http://www.google.com")); v.Add(bdat); v.Add(new BiometricData(new TypeOfBiometricData(TypeOfBiometricData.HandwrittenSignature), new AlgorithmIdentifier(new DerObjectIdentifier("1.3.14.3.2.26")), new DerOctetString(new byte[] { 169, 74, 143, 229, 204, 177, 155, 166, 28, 76, 8, 115, 211, 145, 233, 135, 152, 47, 187, 211 }), new DerIA5String("http://www.google.co"))); certificateGenerator.AddExtension(X509Extensions.BiometricInfo, false, new DerSequenceOf(v)); QCStatement st = new QCStatement(Rfc3739QCObjectIdentifiers.IdQcs); certificateGenerator.AddExtension(X509Extensions.QCStatements, false, st); //Al.Security.Pkcs.Pkcs10CertificationRequest c = new Al.Security.Pkcs.Pkcs10CertificationRequest( //certificateGenerator.AddExtension(X509Extensions.ReasonCode, false, ce); // test done certificateGenerator.AddExtension(X509Extensions.SubjectInfoAccess, false, CreateAuthorityAccessInformationSequence("http://www.arsslensoft.com", null)); //// 2 //TargetInformation ti = new Al.Security.Asn1.X509.TargetInformation(new Target[] { new Target(Target.Choice.Name, new GeneralName(GeneralName.UniformResourceIdentifier, "http://www.go.com")) }); //certificateGenerator.AddExtension(X509Extensions.TargetInformation, false, new DerSequence(ti)); // 3 PrivateKeyUsagePeriod kup = new PrivateKeyUsagePeriod(DateTime.Now, DateTime.Now.AddYears(2)); certificateGenerator.AddExtension(X509Extensions.PrivateKeyUsagePeriod, false, new DerSequence(kup)); //generate var issuerKeyPair = subjectKeyPair; var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); StreamWriter wstr = new StreamWriter(Path.ChangeExtension("D:\\test.crt", ".pem"), false); PemWriter pemWriter = new PemWriter(wstr); pemWriter.WriteObject(certificate); pemWriter.WriteObject(issuerKeyPair.Private); wstr.Flush(); wstr.Close(); // System.Security.Cryptography.X509Certificates.X509Certificate x509_ = DotNetUtilities.ToX509Certificate(certificate.CertificateStructure); //File.WriteAllBytes(@"D:\\test.crt", x509_.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12)); }