Example #1
0
 public void FailToReadEidCertificates()
 {
     using (Readers listen = new Readers(ReaderScope.User))
     {
         EidCard target = listen.WaitForEid(new TimeSpan(0, 0, 5));
     }
 }
Example #2
0
        public void ReadEidCertificates()
        {
            using (Readers readers = new Readers(ReaderScope.User))
            {
                readers.EidCardRequest += readers_EidCardRequest;
                readers.EidCardRequestCancellation += readers_EidCardRequestCancellation;
                EidCard target = readers.WaitForEid(new TimeSpan(0, 5, 0));
                Assert.NotNull(target);
                using (target)
                {
                    X509Certificate2 auth = target.ReadCertificate(CertificateId.Authentication);
                    X509Certificate2 sign = target.ReadCertificate(CertificateId.Signature);
                    X509Certificate2 ca = target.ReadCertificate(CertificateId.CA);
                    X509Certificate2 root = target.ReadCertificate(CertificateId.Root);

                    Assert.AreNotEqual(auth.Subject, sign.Subject);
                    Assert.AreEqual(sign.Issuer, ca.Subject);
                    Assert.AreEqual(auth.Issuer, ca.Subject);
                    Assert.AreEqual(ca.Issuer, root.Subject);
                    Assert.AreEqual(root.Issuer, root.Subject);
                }
            }
        }
Example #3
0
        private static void GetCertificates(TimeSpan timeout, out X509Certificate2 authentication, out X509Certificate2 signature)
        {
            //Read the values from the eID, request eID if needed
            X509Certificate2 auth;
            X509Certificate2 sign;
            using (Readers readers = new Readers(ReaderScope.User))
            {
                readers.EidCardRequest += readers_EidCardRequest;
                readers.EidCardRequestCancellation += readers_EidCardRequestCancellation;
                EidCard target = readers.WaitForEid(timeout);
                using (target)
                {
                    auth = target.ReadCertificate(CertificateId.Authentication);
                    sign = target.ReadCertificate(CertificateId.Signature);
                }
            }
            X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            my.Open(OpenFlags.ReadOnly);
            try
            {
                X509Certificate2Collection authMatch = my.Certificates.Find(X509FindType.FindByThumbprint, auth.Thumbprint, true);
                if (authMatch.Count == 0) throw new InvalidOperationException("The eID authentication certificate could not be found in the windows store");
                authentication = authMatch[0];

                X509Certificate2Collection signMatch = my.Certificates.Find(X509FindType.FindByThumbprint, sign.Thumbprint, true);
                if (signMatch.Count == 0) throw new InvalidOperationException("The eID authentication certificate could not be found in the windows store");
                signature = signMatch[0];
            }
            finally
            {
                my.Close();
            }

            if (!authentication.HasPrivateKey) throw new InvalidOperationException("The authentication certificate must have a private key");
            if (!signature.HasPrivateKey) throw new InvalidOperationException("The signature certificate must have a private key");

            BC::X509.X509Certificate bcAuthentication = DotNetUtilities.FromX509Certificate(authentication);
            BC::X509.X509Certificate bcSignature = DotNetUtilities.FromX509Certificate(signature);
            if (signature.Issuer != authentication.Issuer) throw new InvalidOperationException("The signature certificate must have the same issuer as the authentication certificate");
            if (!bcAuthentication.SubjectDN.GetOidList().Contains(X509Name.SerialNumber)
                        || !bcSignature.SubjectDN.GetOidList().Contains(X509Name.SerialNumber)
                        || bcAuthentication.SubjectDN.GetValueList(X509Name.SerialNumber).Count != 1
                        || bcSignature.SubjectDN.GetValueList(X509Name.SerialNumber).Count != 1
                        || !bcAuthentication.SubjectDN.GetValueList(X509Name.SerialNumber)[0].Equals(bcSignature.SubjectDN.GetValueList(X509Name.SerialNumber)[0]))
            {
                throw new InvalidOperationException("The signature certificate must have the same serial number as the authentication certificate");
            }

            if (!bcAuthentication.GetKeyUsage()[0]) throw new InvalidOperationException("The authentication certificate must have a key for signing");
            if (!bcSignature.GetKeyUsage()[1]) throw new InvalidOperationException("The authentication certificate must have a key for non-Repudiation");
        }