public void FailToReadEidCertificates()
{
using (Readers listen = new Readers(ReaderScope.User))
{
EidCard target = listen.WaitForEid(new TimeSpan(0, 0, 5));
}
}
public void ReadEidCertificates()
{
using (Readers readers = new Readers(ReaderScope.User))
{
readers.EidCardRequest += readers_EidCardRequest;
readers.EidCardRequestCancellation += readers_EidCardRequestCancellation;
EidCard target = readers.WaitForEid(new TimeSpan(0, 5, 0));
Assert.NotNull(target);
using (target)
{
X509Certificate2 auth = target.ReadCertificate(CertificateId.Authentication);
X509Certificate2 sign = target.ReadCertificate(CertificateId.Signature);
X509Certificate2 ca = target.ReadCertificate(CertificateId.CA);
X509Certificate2 root = target.ReadCertificate(CertificateId.Root);
Assert.AreNotEqual(auth.Subject, sign.Subject);
Assert.AreEqual(sign.Issuer, ca.Subject);
Assert.AreEqual(auth.Issuer, ca.Subject);
Assert.AreEqual(ca.Issuer, root.Subject);
Assert.AreEqual(root.Issuer, root.Subject);
}
}
}
private static void GetCertificates(TimeSpan timeout, out X509Certificate2 authentication, out X509Certificate2 signature)
{
//Read the values from the eID, request eID if needed
X509Certificate2 auth;
X509Certificate2 sign;
using (Readers readers = new Readers(ReaderScope.User))
{
readers.EidCardRequest += readers_EidCardRequest;
readers.EidCardRequestCancellation += readers_EidCardRequestCancellation;
EidCard target = readers.WaitForEid(timeout);
using (target)
{
auth = target.ReadCertificate(CertificateId.Authentication);
sign = target.ReadCertificate(CertificateId.Signature);
}
}
X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
my.Open(OpenFlags.ReadOnly);
try
{
X509Certificate2Collection authMatch = my.Certificates.Find(X509FindType.FindByThumbprint, auth.Thumbprint, true);
if (authMatch.Count == 0) throw new InvalidOperationException("The eID authentication certificate could not be found in the windows store");
authentication = authMatch[0];
X509Certificate2Collection signMatch = my.Certificates.Find(X509FindType.FindByThumbprint, sign.Thumbprint, true);
if (signMatch.Count == 0) throw new InvalidOperationException("The eID authentication certificate could not be found in the windows store");
signature = signMatch[0];
}
finally
{
my.Close();
}
if (!authentication.HasPrivateKey) throw new InvalidOperationException("The authentication certificate must have a private key");
if (!signature.HasPrivateKey) throw new InvalidOperationException("The signature certificate must have a private key");
BC::X509.X509Certificate bcAuthentication = DotNetUtilities.FromX509Certificate(authentication);
BC::X509.X509Certificate bcSignature = DotNetUtilities.FromX509Certificate(signature);
if (signature.Issuer != authentication.Issuer) throw new InvalidOperationException("The signature certificate must have the same issuer as the authentication certificate");
if (!bcAuthentication.SubjectDN.GetOidList().Contains(X509Name.SerialNumber)
|| !bcSignature.SubjectDN.GetOidList().Contains(X509Name.SerialNumber)
|| bcAuthentication.SubjectDN.GetValueList(X509Name.SerialNumber).Count != 1
|| bcSignature.SubjectDN.GetValueList(X509Name.SerialNumber).Count != 1
|| !bcAuthentication.SubjectDN.GetValueList(X509Name.SerialNumber)[0].Equals(bcSignature.SubjectDN.GetValueList(X509Name.SerialNumber)[0]))
{
throw new InvalidOperationException("The signature certificate must have the same serial number as the authentication certificate");
}
if (!bcAuthentication.GetKeyUsage()[0]) throw new InvalidOperationException("The authentication certificate must have a key for signing");
if (!bcSignature.GetKeyUsage()[1]) throw new InvalidOperationException("The authentication certificate must have a key for non-Repudiation");
}