public void IsValidSigningCertificateV2_VerifySuccess()
{
var cert = TestCertificate.Generate();
var attribute = AttributeUtility.GetSigningCertificateV2(new[] { cert.PublicCert }, Common.HashAlgorithmName.SHA512);
AttributeUtility.IsValidSigningCertificateV2(cert.PublicCert, new[] { cert.PublicCert }, attribute, SigningSpecifications.V1).Should().BeTrue();
}
public void IsValidSigningCertificateV2_EmptyChainVerifyFailure()
{
var child = TestCertificate.Generate().PublicCert;
var parent = TestCertificate.Generate().PublicCert;
var localChain = new List <X509Certificate2>()
{
child, parent
};
var attributeChain = new List <KeyValuePair <Common.HashAlgorithmName, byte[]> >();
AttributeUtility.IsValidSigningCertificateV2(child, localChain, attributeChain, SigningSpecifications.V1)
.Should()
.BeFalse();
}
public void IsValidSigningCertificateV2_HashNotAllowedVerifyFailure()
{
var cert = TestCertificate.Generate();
// Allow only 512
var spec = new Mock <SigningSpecifications>();
spec.SetupGet(e => e.AllowedHashAlgorithmOids).Returns(new string[] { Common.HashAlgorithmName.SHA512.ConvertToOidString() });
// Hash with 256
var attribute = AttributeUtility.GetSigningCertificateV2(new[] { cert.PublicCert }, Common.HashAlgorithmName.SHA256);
// Verify failure
AttributeUtility.IsValidSigningCertificateV2(cert.PublicCert, new[] { cert.PublicCert }, attribute, spec.Object).Should().BeFalse();
}
public void IsValidSigningCertificateV2_DirectHashVerifySuccess()
{
var child = TestCertificate.Generate().PublicCert;
var parent = TestCertificate.Generate().PublicCert;
var localChain = new List <X509Certificate2>()
{
child, parent
};
var attributeChain = new List <KeyValuePair <Common.HashAlgorithmName, byte[]> >()
{
new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(child.RawData)),
new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(parent.RawData)),
};
AttributeUtility.IsValidSigningCertificateV2(child, localChain, attributeChain, SigningSpecifications.V1)
.Should()
.BeTrue();
}
public void SignedAttribute_IsValidSigningCertificateV2_SignatureCertIsNotFirstInListVerifyFailure()
{
var signerLeaf = TestCertificate.Generate().PublicCert;
var rootCert = TestCertificate.Generate().PublicCert;
var localChain = new List <X509Certificate2>()
{
rootCert, signerLeaf
};
var attributeChain = new List <KeyValuePair <Common.HashAlgorithmName, byte[]> >()
{
new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(rootCert.RawData)),
new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(signerLeaf.RawData))
};
// Verify leaf node is first in the list
AttributeUtility.IsValidSigningCertificateV2(signerLeaf, localChain, attributeChain, SigningSpecifications.V1)
.Should()
.BeFalse();
}
public void GetESSCertIDv2Entries_ReturnsDecodedHashes(Common.HashAlgorithmName hashAlgorithm)
{
// Arrange
var cert = TestCertificate.Generate().PublicCert;
var cert2 = TestCertificate.Generate().PublicCert;
var attribute = AttributeUtility.GetSigningCertificateV2(
new[] { cert, cert2 },
hashAlgorithm);
var certHash = CryptoHashUtility.ComputeHash(hashAlgorithm, cert.RawData);
var cert2Hash = CryptoHashUtility.ComputeHash(hashAlgorithm, cert2.RawData);
// Act
var actual = AttributeUtility.GetESSCertIDv2Entries(attribute);
// Assert
actual.ShouldBeEquivalentTo(new[]
{
new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, certHash),
new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, cert2Hash),
});
}
public TestCertificate CreateUntrustedTestCertificateThatWillExpireSoon()
{
Action <TestCertificateGenerator> actionGenerator = SigningTestUtility.CertificateModificationGeneratorForCertificateThatWillExpireSoon(SoonDuration);
return(TestCertificate.Generate(actionGenerator));
}