public void VerifySelfSignedAppCerts( KeyHashPair keyHashPair ) { var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate(app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); using (RSA rsa = cert.GetRSAPrivateKey()) { rsa.ExportParameters(true); } using (RSA rsa = cert.GetRSAPublicKey()) { rsa.ExportParameters(false); } var plainCert = new X509Certificate2(cert.RawData); Assert.NotNull(plainCert); VerifyApplicationCert(app, plainCert); X509Utils.VerifyRSAKeyPair(cert, cert, true); Assert.True(X509Utils.VerifySelfSigned(cert)); }
public void VerifySignedAppCerts( KeyHashPair keyHashPair ) { X509Certificate2 issuerCertificate = GetIssuer(keyHashPair); Assert.NotNull(issuerCertificate); Assert.NotNull(issuerCertificate.RawData); Assert.True(issuerCertificate.HasPrivateKey); var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate( app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetIssuer(issuerCertificate) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); using (var plainCert = new X509Certificate2(cert.RawData)) { Assert.NotNull(plainCert); VerifyApplicationCert(app, plainCert, issuerCertificate); X509Utils.VerifyRSAKeyPair(plainCert, cert, true); } }
public void VerifyCACerts( KeyHashPair keyHashPair ) { var subject = "CN=CA Test Cert"; int pathLengthConstraint = (keyHashPair.KeySize / 512) - 3; var cert = CertificateFactory.CreateCertificate(subject) .SetLifeTime(25 * 12) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetCAConstraint(pathLengthConstraint) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); var plainCert = new X509Certificate2(cert.RawData); Assert.NotNull(plainCert); VerifyCACert(plainCert, subject, pathLengthConstraint); X509Utils.VerifySelfSigned(cert); X509Utils.VerifyRSAKeyPair(cert, cert); Assert.True(X509Utils.VerifySelfSigned(cert)); m_rootCACertificate[keyHashPair.KeySize] = cert; }
public void VerifySignedAppCerts( KeyHashPair keyHashPair ) { X509Certificate2 caCert; if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out caCert)) { Assert.Ignore($"Could not load Root CA."); } Assert.NotNull(caCert); Assert.NotNull(caCert.RawData); Assert.True(caCert.HasPrivateKey); var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate( app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetIssuer(caCert) .SetRSAKeySize(keyHashPair.KeySize) .CreateForRSA(); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); using (var plainCert = new X509Certificate2(cert.RawData)) { Assert.NotNull(plainCert); VerifyApplicationCert(app, plainCert, caCert); X509Utils.VerifyRSAKeyPair(cert, caCert); } }
public void VerifyCACerts( KeyHashPair keyHashPair ) { var subject = "CN=CA Test Cert"; int pathLengthConstraint = (keyHashPair.KeySize / 512) - 3; var cert = CertificateFactory.CreateCertificate( null, null, null, null, null, subject, null, keyHashPair.KeySize, DateTime.UtcNow, 25 * 12, keyHashPair.HashSize, isCA: true, pathLengthConstraint: pathLengthConstraint); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); var plainCert = new X509Certificate2(cert.RawData); Assert.NotNull(plainCert); VerifyCACert(plainCert, subject, pathLengthConstraint); CertificateFactory.VerifySelfSigned(cert); CertificateFactory.VerifyRSAKeyPair(cert, cert); }
private X509Certificate2 GetIssuer(KeyHashPair keyHashPair) { X509Certificate2 issuerCertificate = null; try { if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out issuerCertificate)) { VerifyCACerts(keyHashPair); if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out issuerCertificate)) { Assert.Ignore($"Could not load Issuer Cert."); } } } catch { Assert.Ignore($"Could not load create Issuer Cert."); } return(issuerCertificate); }
public void VerifySelfSignedAppCerts( KeyHashPair keyHashPair ) { var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize); ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First(); var cert = CertificateFactory.CreateCertificate(null, null, null, app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames, keyHashPair.KeySize, DateTime.UtcNow, CertificateFactory.DefaultLifeTime, keyHashPair.HashSize); Assert.NotNull(cert); Assert.NotNull(cert.RawData); Assert.True(cert.HasPrivateKey); var plainCert = new X509Certificate2(cert.RawData); Assert.NotNull(plainCert); VerifySelfSignedApplicationCert(app, plainCert); CertificateFactory.VerifySelfSigned(cert); CertificateFactory.VerifyRSAKeyPair(cert, cert); }
public void VerifyCrlCerts( KeyHashPair keyHashPair ) { int pathLengthConstraint = (keyHashPair.KeySize / 512) - 3; X509Certificate2 issuerCertificate = GetIssuer(keyHashPair); Assert.True(X509Utils.VerifySelfSigned(issuerCertificate)); var otherIssuerCertificate = CertificateFactory.CreateCertificate(issuerCertificate.Subject) .SetLifeTime(TimeSpan.FromDays(180)) .SetHashAlgorithm(keyHashPair.HashAlgorithmName) .SetCAConstraint(pathLengthConstraint) .CreateForRSA(); Assert.True(X509Utils.VerifySelfSigned(otherIssuerCertificate)); X509Certificate2Collection revokedCerts = new X509Certificate2Collection(); for (int i = 0; i < 10; i++) { var cert = CertificateFactory.CreateCertificate($"CN=Test Cert {i}") .SetIssuer(issuerCertificate) .SetRSAKeySize(keyHashPair.KeySize <= 2048 ? keyHashPair.KeySize : 2048) .CreateForRSA(); revokedCerts.Add(cert); Assert.False(X509Utils.VerifySelfSigned(cert)); } Assert.NotNull(issuerCertificate); Assert.NotNull(issuerCertificate.RawData); Assert.True(issuerCertificate.HasPrivateKey); using (var rsa = issuerCertificate.GetRSAPrivateKey()) { Assert.NotNull(rsa); } using (var plainCert = new X509Certificate2(issuerCertificate.RawData)) { Assert.NotNull(plainCert); VerifyCACert(plainCert, issuerCertificate.Subject, pathLengthConstraint); } Assert.True(X509Utils.VerifySelfSigned(issuerCertificate)); X509Utils.VerifyRSAKeyPair(issuerCertificate, issuerCertificate, true); var crl = CertificateFactory.RevokeCertificate(issuerCertificate, null, null); Assert.NotNull(crl); Assert.True(crl.VerifySignature(issuerCertificate, true)); var extension = X509Extensions.FindExtension <X509CrlNumberExtension>(crl.CrlExtensions); var crlCounter = new BigInteger(1); Assert.AreEqual(crlCounter, extension.CrlNumber); var revokedList = new List <X509CRL>(); revokedList.Add(crl); foreach (var cert in revokedCerts) { Assert.Throws <CryptographicException>(() => crl.VerifySignature(otherIssuerCertificate, true)); Assert.False(crl.IsRevoked(cert)); var nextCrl = CertificateFactory.RevokeCertificate(issuerCertificate, revokedList, new X509Certificate2Collection(cert)); crlCounter++; Assert.NotNull(nextCrl); Assert.True(nextCrl.IsRevoked(cert)); extension = X509Extensions.FindExtension <X509CrlNumberExtension>(nextCrl.CrlExtensions); Assert.AreEqual(crlCounter, extension.CrlNumber); Assert.True(crl.VerifySignature(issuerCertificate, true)); revokedList.Add(nextCrl); crl = nextCrl; } foreach (var cert in revokedCerts) { Assert.True(crl.IsRevoked(cert)); } }