public IX509AttributeCertificate Generate(AsymmetricKeyParameter publicKey, SecureRandom random)
{
if (!this.extGenerator.IsEmpty)
{
this.acInfoGen.SetExtensions(this.extGenerator.Generate());
}
AttributeCertificateInfo attributeCertificateInfo = this.acInfoGen.GenerateAttributeCertificateInfo();
Asn1EncodableVector asn1EncodableVector = new Asn1EncodableVector(new Asn1Encodable[0]);
asn1EncodableVector.Add(new Asn1Encodable[]
{
attributeCertificateInfo,
this.sigAlgId
});
IX509AttributeCertificate result;
try
{
asn1EncodableVector.Add(new Asn1Encodable[]
{
new DerBitString(X509Utilities.GetSignatureForObject(this.sigOID, this.signatureAlgorithm, publicKey, random, attributeCertificateInfo))
});
result = new X509V2AttributeCertificate(AttributeCertificate.GetInstance(new DerSequence(asn1EncodableVector)));
}
catch (Exception e)
{
throw new CertificateEncodingException("constructed invalid certificate", e);
}
return(result);
}
public override bool Equals(object obj)
{
if (obj == this)
{
return(true);
}
X509V2AttributeCertificate x509V2AttributeCertificate = obj as X509V2AttributeCertificate;
return(x509V2AttributeCertificate != null && this.cert.Equals(x509V2AttributeCertificate.cert));
}
public override bool Equals(object obj)
{
if (obj == this)
{
return(true);
}
X509V2AttributeCertificate x509V2AttributeCertificate = obj as X509V2AttributeCertificate;
if (x509V2AttributeCertificate == null)
{
return(false);
}
return(cert.Equals(x509V2AttributeCertificate.cert));
}
public override bool Equals(
object obj)
{
if (obj == this)
return true;
X509V2AttributeCertificate other = obj as X509V2AttributeCertificate;
if (other == null)
return false;
return cert.Equals(other.cert);
// NB: May prefer this implementation of Equals if more than one certificate implementation in play
//return Arrays.AreEqual(this.GetEncoded(), other.GetEncoded());
}
public override void PerformTest()
{
X509CertificateParser certParser = new X509CertificateParser();
X509CrlParser crlParser = new X509CrlParser();
X509Certificate rootCert = certParser.ReadCertificate(CertPathTest.rootCertBin);
X509Certificate interCert = certParser.ReadCertificate(CertPathTest.interCertBin);
X509Certificate finalCert = certParser.ReadCertificate(CertPathTest.finalCertBin);
X509Crl rootCrl = crlParser.ReadCrl(CertPathTest.rootCrlBin);
X509Crl interCrl = crlParser.ReadCrl(CertPathTest.interCrlBin);
// Testing CollectionCertStore generation from List
IList certList = new ArrayList();
certList.Add(rootCert);
certList.Add(interCert);
certList.Add(finalCert);
IX509Store certStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
// set default to be the same as for SUN X500 name
X509Name.DefaultReverse = true;
// Searching for rootCert by subjectDN
X509CertStoreSelector targetConstraints = new X509CertStoreSelector();
targetConstraints.Subject = PrincipalUtilities.GetSubjectX509Principal(rootCert);
IList certs = new ArrayList(certStore.GetMatches(targetConstraints));
if (certs.Count != 1 || !certs.Contains(rootCert))
{
Fail("rootCert not found by subjectDN");
}
// Searching for rootCert by subjectDN encoded as byte
targetConstraints = new X509CertStoreSelector();
targetConstraints.Subject = PrincipalUtilities.GetSubjectX509Principal(rootCert);
certs = new ArrayList(certStore.GetMatches(targetConstraints));
if (certs.Count != 1 || !certs.Contains(rootCert))
{
Fail("rootCert not found by encoded subjectDN");
}
X509Name.DefaultReverse = false;
// Searching for rootCert by public key encoded as byte
targetConstraints = new X509CertStoreSelector();
targetConstraints.SubjectPublicKey =
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rootCert.GetPublicKey());
certs = new ArrayList(certStore.GetMatches(targetConstraints));
if (certs.Count != 1 || !certs.Contains(rootCert))
{
Fail("rootCert not found by encoded public key");
}
// Searching for interCert by issuerDN
targetConstraints = new X509CertStoreSelector();
targetConstraints.Issuer = PrincipalUtilities.GetSubjectX509Principal(rootCert);
certs = new ArrayList(certStore.GetMatches(targetConstraints));
if (certs.Count != 2)
{
Fail("did not found 2 certs");
}
if (!certs.Contains(rootCert))
{
Fail("rootCert not found");
}
if (!certs.Contains(interCert))
{
Fail("interCert not found");
}
// Searching for rootCrl by issuerDN
IList crlList = new ArrayList();
crlList.Add(rootCrl);
crlList.Add(interCrl);
IX509Store store = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(crlList));
X509CrlStoreSelector targetConstraintsCRL = new X509CrlStoreSelector();
ArrayList issuers = new ArrayList();
issuers.Add(rootCrl.IssuerDN);
targetConstraintsCRL.Issuers = issuers;
IList crls = new ArrayList(store.GetMatches(targetConstraintsCRL));
if (crls.Count != 1 || !crls.Contains(rootCrl))
{
Fail("rootCrl not found");
}
crls = new ArrayList(certStore.GetMatches(targetConstraintsCRL));
if (crls.Count != 0)
{
Fail("error using wrong selector (CRL)");
}
certs = new ArrayList(store.GetMatches(targetConstraints));
if (certs.Count != 0)
{
Fail("error using wrong selector (certs)");
}
// Searching for attribute certificates
X509V2AttributeCertificate attrCert = new X509V2AttributeCertificate(AttrCertTest.attrCert);
IX509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(AttrCertTest.certWithBaseCertificateID);
IList attrList = new ArrayList();
attrList.Add(attrCert);
attrList.Add(attrCert2);
store = X509StoreFactory.Create(
"AttributeCertificate/Collection",
new X509CollectionStoreParameters(attrList));
X509AttrCertStoreSelector attrSelector = new X509AttrCertStoreSelector();
attrSelector.Holder = attrCert.Holder;
if (!attrSelector.Holder.Equals(attrCert.Holder))
{
Fail("holder get not correct");
}
IList attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert))
{
Fail("attrCert not found on holder");
}
attrSelector.Holder = attrCert2.Holder;
if (attrSelector.Holder.Equals(attrCert.Holder))
{
Fail("holder get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert2))
{
Fail("attrCert2 not found on holder");
}
attrSelector = new X509AttrCertStoreSelector();
attrSelector.Issuer = attrCert.Issuer;
if (!attrSelector.Issuer.Equals(attrCert.Issuer))
{
Fail("issuer get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert))
{
Fail("attrCert not found on issuer");
}
attrSelector.Issuer = attrCert2.Issuer;
if (attrSelector.Issuer.Equals(attrCert.Issuer))
{
Fail("issuer get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert2))
{
Fail("attrCert2 not found on issuer");
}
attrSelector = new X509AttrCertStoreSelector();
attrSelector.AttributeCert = attrCert;
if (!attrSelector.AttributeCert.Equals(attrCert))
{
Fail("attrCert get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert))
{
Fail("attrCert not found on attrCert");
}
attrSelector = new X509AttrCertStoreSelector();
attrSelector.SerialNumber = attrCert.SerialNumber;
if (!attrSelector.SerialNumber.Equals(attrCert.SerialNumber))
{
Fail("serial number get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert))
{
Fail("attrCert not found on serial number");
}
attrSelector = (X509AttrCertStoreSelector)attrSelector.Clone();
if (!attrSelector.SerialNumber.Equals(attrCert.SerialNumber))
{
Fail("serial number get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert))
{
Fail("attrCert not found on serial number");
}
attrSelector = new X509AttrCertStoreSelector();
attrSelector.AttributeCertificateValid = new DateTimeObject(attrCert.NotBefore);
if (attrSelector.AttributeCertificateValid.Value != attrCert.NotBefore)
{
Fail("valid get not correct");
}
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 1 || !attrs.Contains(attrCert))
{
Fail("attrCert not found on valid");
}
attrSelector = new X509AttrCertStoreSelector();
attrSelector.AttributeCertificateValid = new DateTimeObject(attrCert.NotBefore.AddMilliseconds(-100));
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 0)
{
Fail("attrCert found on before");
}
attrSelector.AttributeCertificateValid = new DateTimeObject(attrCert.NotAfter.AddMilliseconds(100));
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 0)
{
Fail("attrCert found on after");
}
attrSelector.SerialNumber = BigInteger.ValueOf(10000);
attrs = new ArrayList(store.GetMatches(attrSelector));
if (attrs.Count != 0)
{
Fail("attrCert found on wrong serial number");
}
attrSelector.AttributeCert = null;
attrSelector.AttributeCertificateValid = null;
attrSelector.Holder = null;
attrSelector.Issuer = null;
attrSelector.SerialNumber = null;
if (attrSelector.AttributeCert != null)
{
Fail("null attrCert");
}
if (attrSelector.AttributeCertificateValid != null)
{
Fail("null attrCertValid");
}
if (attrSelector.Holder != null)
{
Fail("null attrCert holder");
}
if (attrSelector.Issuer != null)
{
Fail("null attrCert issuer");
}
if (attrSelector.SerialNumber != null)
{
Fail("null attrCert serial");
}
attrs = new ArrayList(certStore.GetMatches(attrSelector));
if (attrs.Count != 0)
{
Fail("error using wrong selector (attrs)");
}
certPairTest();
}
public override void PerformTest()
{
IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert);
X509CertificateParser fact = new X509CertificateParser();
X509Certificate sCert = fact.ReadCertificate(signCert);
aCert.Verify(sCert.GetPublicKey());
//
// search test
//
IList list = new ArrayList();
list.Add(sCert);
// CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
// CertStore store = CertStore.getInstance("Collection", ccsp);
IX509Store store = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(list));
ArrayList certs = new ArrayList(
// store.getCertificates(aCert.getIssuer()));
store.GetMatches(aCert.Issuer));
if (certs.Count != 1 || !certs.Contains(sCert))
{
Fail("sCert not found by issuer");
}
X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
if (attrs == null || attrs.Length != 1)
{
Fail("attribute not found");
}
//
// reencode test
//
aCert = new X509V2AttributeCertificate(aCert.GetEncoded());
aCert.Verify(sCert.GetPublicKey());
IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded());
if (!aCert.NotAfter.Equals(saCert.NotAfter))
{
Fail("failed date comparison");
}
// base generator test
//
// a sample key pair.
//
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
//
// set up the keys
//
// PrivateKey privKey;
// PublicKey pubKey;
//
// KeyFactory kFact = KeyFactory.getInstance("RSA");
//
// privKey = kFact.generatePrivate(privKeySpec);
// pubKey = kFact.generatePublic(pubKeySpec);
X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
gen.AddAttribute(attrs[0]);
gen.SetHolder(aCert.Holder);
gen.SetIssuer(aCert.Issuer);
gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
gen.SetSerialNumber(aCert.SerialNumber);
gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
aCert = gen.Generate(privKey);
aCert.CheckValidity();
aCert.Verify(pubKey);
// as the issuer is the same this should still work (even though it is not
// technically correct
certs = new ArrayList(
// store.getCertificates(aCert.Issuer));
store.GetMatches(aCert.Issuer));
if (certs.Count != 1 || !certs.Contains(sCert))
{
Fail("sCert not found by issuer");
}
attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
if (attrs == null || attrs.Length != 1)
{
Fail("attribute not found");
}
//
// reencode test
//
aCert = new X509V2AttributeCertificate(aCert.GetEncoded());
aCert.Verify(pubKey);
AttributeCertificateIssuer issuer = aCert.Issuer;
X509Name[] principals = issuer.GetPrincipals();
//
// test holder
//
AttributeCertificateHolder holder = aCert.Holder;
if (holder.GetEntityNames() == null)
{
Fail("entity names not set");
}
if (holder.SerialNumber != null)
{
Fail("holder serial number set when none expected");
}
if (holder.GetIssuer() != null)
{
Fail("holder issuer set when none expected");
}
principals = holder.GetEntityNames();
string ps = principals[0].ToString();
// TODO Check that this is a good enough test
// if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))
if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")))
{
Fail("principal[0] for entity names don't Match");
}
//
// extension test
//
gen.AddExtension("1.1", true, new DerOctetString(new byte[10]));
gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));
aCert = gen.Generate(privKey);
ISet exts = aCert.GetCriticalExtensionOids();
if (exts.Count != 1 || !exts.Contains("1.1"))
{
Fail("critical extension test failed");
}
exts = aCert.GetNonCriticalExtensionOids();
if (exts.Count != 1 || !exts.Contains("2.2"))
{
Fail("non-critical extension test failed");
}
Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1"));
Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extString);
if (!extValue.Equals(new DerOctetString(new byte[10])))
{
Fail("wrong extension value found for 1.1");
}
doTestCertWithBaseCertificateID();
doTestGenerateWithCert();
doTestGenerateWithPrincipal();
}
private void equalityAndHashCodeTest(
IX509AttributeCertificate attrCert,
byte[] encoding)
{
if (!attrCert.Equals(attrCert))
{
Fail("same certificate not equal");
}
if (!attrCert.Holder.Equals(attrCert.Holder))
{
Fail("same holder not equal");
}
if (!attrCert.Issuer.Equals(attrCert.Issuer))
{
Fail("same issuer not equal");
}
if (attrCert.Holder.Equals(attrCert.Issuer))
{
Fail("wrong holder equal");
}
if (attrCert.Issuer.Equals(attrCert.Holder))
{
Fail("wrong issuer equal");
}
IX509AttributeCertificate attrCert2 = new X509V2AttributeCertificate(encoding);
if (attrCert2.Holder.GetHashCode() != attrCert.Holder.GetHashCode())
{
Fail("holder hashCode test failed");
}
if (!attrCert2.Holder.Equals(attrCert.Holder))
{
Fail("holder Equals test failed");
}
if (attrCert2.Issuer.GetHashCode() != attrCert.Issuer.GetHashCode())
{
Fail("issuer hashCode test failed");
}
if (!attrCert2.Issuer.Equals(attrCert.Issuer))
{
Fail("issuer Equals test failed");
}
}
private void doTestCertWithBaseCertificateID()
{
IX509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID);
X509CertificateParser fact = new X509CertificateParser();
X509Certificate cert = fact.ReadCertificate(holderCertWithBaseCertificateID);
AttributeCertificateHolder holder = attrCert.Holder;
if (holder.GetEntityNames() != null)
{
Fail("entity names set when none expected");
}
if (!holder.SerialNumber.Equals(cert.SerialNumber))
{
Fail("holder serial number doesn't Match");
}
if (!holder.GetIssuer()[0].Equivalent(cert.IssuerDN))
{
Fail("holder issuer doesn't Match");
}
if (!holder.Match(cert))
{
Fail("holder not matching holder certificate");
}
if (!holder.Equals(holder.Clone()))
{
Fail("holder clone test failed");
}
if (!attrCert.Issuer.Equals(attrCert.Issuer.Clone()))
{
Fail("issuer clone test failed");
}
equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
}
public X509V2AttributeCertificate(Stream encIn) : this(X509V2AttributeCertificate.GetObject(encIn))
{
}
