private ApplicationTestData RandomApplicationTestData()
{
// TODO: set to discoveryserver
ApplicationType appType = (ApplicationType)_randomSource.NextInt32((int)ApplicationType.ClientAndServer);
string pureAppName = _dataGenerator.GetRandomString("en");
pureAppName = Regex.Replace(pureAppName, @"[^\w\d\s]", "");
string pureAppUri = Regex.Replace(pureAppName, @"[^\w\d]", "");
string appName = "UA " + pureAppName;
StringCollection domainNames = RandomDomainNames();
string localhost = domainNames[0];
string privateKeyFormat = _randomSource.NextInt32(1) == 0 ? "PEM" : "PFX";
string appUri = ("urn:localhost:opcfoundation.org:" + pureAppUri.ToLower()).Replace("localhost", localhost);
string prodUri = "http://opcfoundation.org/UA/" + pureAppUri;
StringCollection discoveryUrls = new StringCollection();
StringCollection serverCapabilities = new StringCollection();
int port = (_dataGenerator.GetRandomInt16() & 0x1fff) + 50000;
switch (appType)
{
case ApplicationType.Client:
appName += " Client";
break;
case ApplicationType.ClientAndServer:
appName += " Client and";
goto case ApplicationType.Server;
case ApplicationType.DiscoveryServer:
appName += " DiscoveryServer";
discoveryUrls = RandomDiscoveryUrl(domainNames, 4840, pureAppUri);
serverCapabilities.Add("LDS");
break;
case ApplicationType.Server:
appName += " Server";
discoveryUrls = RandomDiscoveryUrl(domainNames, port, pureAppUri);
serverCapabilities = RandomServerCapabilities();
break;
}
ApplicationTestData testData = new ApplicationTestData
{
ApplicationRecord = new ApplicationRecordDataType
{
ApplicationNames = new LocalizedTextCollection {
new LocalizedText("en-us", appName)
},
ApplicationUri = appUri,
ApplicationType = appType,
ProductUri = prodUri,
DiscoveryUrls = discoveryUrls,
ServerCapabilities = serverCapabilities
},
DomainNames = domainNames,
Subject = String.Format("CN={0},DC={1},O=OPC Foundation", appName, localhost),
PrivateKeyFormat = privateKeyFormat
};
return(testData);
}
public static void VerifySignedApplicationCert(ApplicationTestData testApp, byte [] rawSignedCert, byte [][] rawIssuerCerts)
{
X509Certificate2 signedCert = new X509Certificate2(rawSignedCert);
X509Certificate2 issuerCert = new X509Certificate2(rawIssuerCerts[0]);
Assert.NotNull(signedCert);
Assert.False(signedCert.HasPrivateKey);
Assert.True(Utils.CompareDistinguishedName(testApp.Subject, signedCert.Subject));
Assert.False(Utils.CompareDistinguishedName(signedCert.Issuer, signedCert.Subject));
Assert.True(Utils.CompareDistinguishedName(signedCert.Issuer, issuerCert.Subject));
// test basic constraints
var constraints = FindBasicConstraintsExtension(signedCert);
Assert.NotNull(constraints);
Assert.True(constraints.Critical);
Assert.False(constraints.CertificateAuthority);
Assert.False(constraints.HasPathLengthConstraint);
// key usage
var keyUsage = FindKeyUsageExtension(signedCert);
Assert.NotNull(keyUsage);
Assert.True(keyUsage.Critical);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation);
// enhanced key usage
var enhancedKeyUsage = FindEnhancedKeyUsageExtension(signedCert);
Assert.NotNull(enhancedKeyUsage);
Assert.True(enhancedKeyUsage.Critical);
// test for authority key
X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(signedCert);
Assert.NotNull(authority);
Assert.NotNull(authority.SerialNumber);
Assert.NotNull(authority.KeyId);
Assert.NotNull(authority.AuthorityNames);
// verify authority key in signed cert
X509SubjectKeyIdentifierExtension subjectKeyId = FindSubjectKeyIdentifierExtension(issuerCert);
Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyId);
Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber);
X509SubjectAltNameExtension subjectAlternateName = FindSubjectAltName(signedCert);
Assert.NotNull(subjectAlternateName);
Assert.False(subjectAlternateName.Critical);
var domainNames = Utils.GetDomainsFromCertficate(signedCert);
foreach (var domainName in testApp.DomainNames)
{
Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase));
}
Assert.True(subjectAlternateName.Uris.Count == 1);
var applicationUri = Utils.GetApplicationUriFromCertificate(signedCert);
Assert.True(testApp.ApplicationRecord.ApplicationUri == applicationUri);
}
