public void Read_WithValidInput_ReturnsSigningCertificateV2(HashAlgorithmName hashAlgorithmName) { using (var certificate = _fixture.GetDefaultCertificate()) { var expectedSigningCertificateV2 = SigningCertificateV2.Create(certificate, hashAlgorithmName); var bytes = expectedSigningCertificateV2.Encode(); var actualSigningCertificateV2 = SigningCertificateV2.Read(bytes); Assert.Equal( expectedSigningCertificateV2.Certificates.Count, actualSigningCertificateV2.Certificates.Count); for (var i = 0; i < expectedSigningCertificateV2.Certificates.Count; ++i) { var expectedEssCertIdV2 = expectedSigningCertificateV2.Certificates[i]; var actualEssCertIdV2 = actualSigningCertificateV2.Certificates[i]; Assert.Equal( expectedEssCertIdV2.HashAlgorithm.Algorithm.Value, actualEssCertIdV2.HashAlgorithm.Algorithm.Value); SignTestUtility.VerifyByteArrays( expectedEssCertIdV2.CertificateHash, actualEssCertIdV2.CertificateHash); Assert.Equal( expectedEssCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name, actualEssCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifyByteArrays(expectedEssCertIdV2.IssuerSerial.SerialNumber, actualEssCertIdV2.IssuerSerial.SerialNumber); } } }
public void Read_WithMultipleEssCertIds_ReturnsSigningCertificate() { var bcEssCertId1 = CreateBcEssCertId("1"); var bcEssCertId2 = CreateBcEssCertId("2"); var bcEssCertId3 = CreateBcEssCertId("3"); var bcSigningCertificate = new BcSigningCertificate( new DerSequence(new DerSequence(bcEssCertId1, bcEssCertId2, bcEssCertId3))); var bytes = bcSigningCertificate.GetDerEncoded(); var signingCertificate = SigningCertificate.Read(bytes); Assert.Equal(3, signingCertificate.Certificates.Count); Assert.Null(signingCertificate.Policies); SignTestUtility.VerifyByteArrays( bcEssCertId1.GetCertHash(), signingCertificate.Certificates[0].CertificateHash); Assert.Null(signingCertificate.Certificates[0].IssuerSerial); SignTestUtility.VerifyByteArrays( bcEssCertId2.GetCertHash(), signingCertificate.Certificates[1].CertificateHash); Assert.Null(signingCertificate.Certificates[1].IssuerSerial); SignTestUtility.VerifyByteArrays( bcEssCertId3.GetCertHash(), signingCertificate.Certificates[2].CertificateHash); Assert.Null(signingCertificate.Certificates[2].IssuerSerial); }
public void Read_WithMultipleEssCertIds_ReturnsSigningCertificateV2(HashAlgorithmName hashAlgorithmName) { var bcEssCertIdV2_1 = CreateBcEssCertIdV2(hashAlgorithmName, "1"); var bcEssCertIdV2_2 = CreateBcEssCertIdV2(hashAlgorithmName, "2"); var bcEssCertIdV2_3 = CreateBcEssCertIdV2(hashAlgorithmName, "3"); var bcSigningCertificateV2 = new BcSigningCertificateV2( new[] { bcEssCertIdV2_1, bcEssCertIdV2_2, bcEssCertIdV2_3 }); var bytes = bcSigningCertificateV2.GetDerEncoded(); var signingCertificate = SigningCertificateV2.Read(bytes); Assert.Equal(3, signingCertificate.Certificates.Count); Assert.Null(signingCertificate.Policies); SignTestUtility.VerifyByteArrays( bcEssCertIdV2_1.GetCertHash(), signingCertificate.Certificates[0].CertificateHash); Assert.Null(signingCertificate.Certificates[0].IssuerSerial); SignTestUtility.VerifyByteArrays( bcEssCertIdV2_2.GetCertHash(), signingCertificate.Certificates[1].CertificateHash); Assert.Null(signingCertificate.Certificates[1].IssuerSerial); SignTestUtility.VerifyByteArrays( bcEssCertIdV2_3.GetCertHash(), signingCertificate.Certificates[2].CertificateHash); Assert.Null(signingCertificate.Certificates[2].IssuerSerial); }
public void IsSelfIssued_WithPartialChain_ReturnsFalse() { using (var certificate = SignTestUtility.GetCertificate("leaf.crt")) { Assert.False(CertificateUtility.IsSelfIssued(certificate)); } }
public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName) { using (var certificate = _fixture.GetDefaultCertificate()) { var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName); Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value); Assert.Equal(1, attribute.Values.Count); var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData); Assert.Equal(1, signingCertificateV2.Certificates.Count); var essCertIdV2 = signingCertificateV2.Certificates[0]; var expectedHash = SignTestUtility.GetHash(certificate, hashAlgorithmName); SignTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash); Assert.Equal( hashAlgorithmName, CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value)); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); var serialNumber = certificate.GetSerialNumber(); // Convert from little endian to big endian. Array.Reverse(serialNumber); SignTestUtility.VerifyByteArrays( serialNumber, essCertIdV2.IssuerSerial.SerialNumber); } }
public void GetCertificateChainForSigning_WithUntrustedRoot_Throws() { using (var chainHolder = new X509ChainHolder()) using (var rootCertificate = SignTestUtility.GetCertificate("root.crt")) using (var intermediateCertificate = SignTestUtility.GetCertificate("intermediate.crt")) using (var leafCertificate = SignTestUtility.GetCertificate("leaf.crt")) { var chain = chainHolder.Chain; var extraStore = new X509Certificate2Collection() { rootCertificate, intermediateCertificate }; var logger = new TestLogger(); var exception = Assert.Throws <SignatureException>( () => CertificateChainUtility.GetCertificateChainForSigning( leafCertificate, extraStore, logger)); Assert.Equal(NuGetLogCode.NU3018, exception.Code); Assert.Equal("Certificate chain validation failed.", exception.Message); Assert.Equal(1, logger.Errors); Assert.Equal(RuntimeEnvironmentHelper.IsWindows ? 2 : 1, logger.Warnings); AssertUntrustedRoot(logger.LogMessages, LogLevel.Error); AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning); if (RuntimeEnvironmentHelper.IsWindows) { AssertRevocationStatusUnknown(logger.LogMessages, LogLevel.Warning); } } }
public void Create_WithCertificate_InitializesFields() { using (var certificate = _fixture.GetDefaultCertificate()) { var issuerSerial = IssuerSerial.Create(certificate); Assert.Equal(1, issuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, issuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifySerialNumber(certificate, issuerSerial); } }
public void GetPrimarySignatureTimestampCertificates_WithValidTimestamp_ReturnsCertificates() { var signature = PrimarySignature.Load(SignTestUtility.GetResourceBytes("SignatureWithTimestamp.p7s")); var certificates = SignatureUtility.GetPrimarySignatureTimestampCertificates(signature); Assert.Equal(3, certificates.Count); Assert.Equal("ff162bef155cb3d5b5962bbe084b21fc4d740001", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("2aa752fe64c49abe82913c463529cf10ff2f04ee", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("3b1efd3a66ea28b16697394703a72ca340a05bd5", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); }
public void GetPrimarySignatureCertificates_WithAuthorSignature_ReturnsCertificates() { var signature = PrimarySignature.Load(SignTestUtility.GetResourceBytes("SignatureWithTimestamp.p7s")); var certificates = SignatureUtility.GetPrimarySignatureCertificates(signature); Assert.Equal(3, certificates.Count); Assert.Equal("8219f5772ef562a3ea9b90da00ca7b9523a96fbf", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("d8198d59087bbe6a6e7d69af62030145366be93e", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("6d73d582b73b5b3b18a27506acceedea75ab63c2", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); }
public void GetCertificateChain_WithAuthorSignature_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); using (var certificates = SignatureUtility.GetCertificateChain(primarySignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("7d14ef1eaa95c41e3cb6c25bb177ce4f9bd7020c", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("0a08d814f1c1c4058bf709c4796a53a47df00e61", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("a1b6d9c348850849be54e3e8ac2ae9938e59e4b3", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public void GetTimestampCertificateChain_WithAuthorSignatureTimestamp_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); using (var certificates = SignatureUtility.GetTimestampCertificateChain(primarySignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("5f970d4b17786b091a77eabdd0cf92ff8d1fdb43", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("c5e93f93089bd49dc1d8e2b657093b9e29132dcf", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("a0e355c9f370a3069823afa3ce22b14a91475e77", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public void GetTimestampCertificateChain_WithoutTimestamp_Throws() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); primarySignature = RemoveTimestamp(primarySignature); var exception = Assert.Throws <SignatureException>( () => SignatureUtility.GetTimestampCertificateChain(primarySignature)); Assert.Equal(NuGetLogCode.NU3000, exception.Code); Assert.Equal("The primary signature does not have a timestamp.", exception.Message); }
public void Create_WithLargePositiveSerialNumber_ReturnsIssuerSerial() { using (var certificate = SigningTestUtility.GenerateCertificate("test", generator => { generator.SetSerialNumber(BigInteger.ValueOf(long.MaxValue)); })) { var issuerSerial = IssuerSerial.Create(certificate); SignTestUtility.VerifySerialNumber(certificate, issuerSerial); } }
public void Create_WithSmallSerialNumber_ReturnsIssuerSerial() { using (var certificate = SigningTestUtility.GenerateCertificate("test", generator => { generator.SetSerialNumber(BigInteger.One); })) { var issuerSerial = IssuerSerial.Create(certificate); SignTestUtility.VerifySerialNumber(certificate, issuerSerial); } }
public void Read_WithOnlyCertificateHash_ReturnsEssCertIdV2() { var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach")); var bcEssCertId = new BcEssCertIdV2(hash); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value); SignTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); Assert.Null(essCertIdV2.IssuerSerial); }
public void GetTimestampCertificateChain_WithRepositoryCountersignatureTimestamp_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); using (var certificates = SignatureUtility.GetTimestampCertificateChain(primarySignature, repositoryCountersignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("96b479acf63394f3bcc9928c396264afd60909ed", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("fa4e4ca3d9a26b92a73bb875f964972983b55ccd", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("88b288ff6d3d826469a9ef7816166a7def221885", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
public void GetCertificateChain_WithUnrelatedRepositoryCountersignature_Throws() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); primarySignature = RemoveRepositoryCountersignature(primarySignature); var exception = Assert.Throws <ArgumentException>( () => SignatureUtility.GetCertificateChain(primarySignature, repositoryCountersignature)); Assert.Equal("repositoryCountersignature", exception.ParamName); Assert.StartsWith("The primary signature and repository countersignature are unrelated.", exception.Message); }
public void GetCertificateChain_WithRepositoryCountersignature_ReturnsCertificates() { var primarySignature = PrimarySignature.Load(SignTestUtility.GetResourceBytes(".signature.p7s")); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); using (var certificates = SignatureUtility.GetCertificateChain(primarySignature, repositoryCountersignature)) { Assert.Equal(3, certificates.Count); Assert.Equal("8d8cc5bdf9e5f86b971d7fb961fe24b999486483", certificates[0].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("c8ae47bfd632870a15e3775784affd2bdc96cbf1", certificates[1].Thumbprint, StringComparer.OrdinalIgnoreCase); Assert.Equal("d4e8185475a062de3518d1aa693f13c4283f81ff", certificates[2].Thumbprint, StringComparer.OrdinalIgnoreCase); } }
private static void VerifyAttributes( CryptographicAttributeObjectCollection attributes, SignPackageRequest request) { var pkcs9SigningTimeAttributeFound = false; var commitmentTypeIndicationAttributeFound = false; var signingCertificateV2AttributeFound = false; foreach (var attribute in attributes) { Assert.Equal(1, attribute.Values.Count); switch (attribute.Oid.Value) { case "1.2.840.113549.1.9.5": // PKCS #9 signing time Assert.IsType <Pkcs9SigningTime>(attribute.Values[0]); pkcs9SigningTimeAttributeFound = true; break; case Oids.CommitmentTypeIndication: var qualifier = CommitmentTypeQualifier.Read(attribute.Values[0].RawData); var expectedCommitmentType = AttributeUtility.GetSignatureTypeOid(request.SignatureType); Assert.Equal(expectedCommitmentType, qualifier.CommitmentTypeIdentifier.Value); commitmentTypeIndicationAttributeFound = true; break; case Oids.SigningCertificateV2: var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData); Assert.Equal(1, signingCertificateV2.Certificates.Count); var essCertIdV2 = signingCertificateV2.Certificates[0]; Assert.Equal(SignTestUtility.GetHash(request.Certificate, request.SignatureHashAlgorithm), essCertIdV2.CertificateHash); Assert.Equal(request.SignatureHashAlgorithm.ConvertToOidString(), essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(request.Certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifySerialNumber(request.Certificate, essCertIdV2.IssuerSerial); Assert.Null(signingCertificateV2.Policies); signingCertificateV2AttributeFound = true; break; } } Assert.True(pkcs9SigningTimeAttributeFound); Assert.True(commitmentTypeIndicationAttributeFound); Assert.True(signingCertificateV2AttributeFound); }
public void CreateSignedAttributes_SignPackageRequest_WithValidInput_ReturnsAttributes() { using (var rootCertificate = SignTestUtility.GetCertificate("root.crt")) using (var intermediateCertificate = SignTestUtility.GetCertificate("intermediate.crt")) using (var leafCertificate = SignTestUtility.GetCertificate("leaf.crt")) using (var request = CreateRequest(leafCertificate)) { var certList = new[] { leafCertificate, intermediateCertificate, rootCertificate }; var attributes = SigningUtility.CreateSignedAttributes(request, certList); Assert.Equal(3, attributes.Count); VerifyAttributes(attributes, request); } }
public void Create_WithSha512_ReturnsEssCertIdV2() { var hashAlgorithmName = HashAlgorithmName.SHA512; using (var certificate = _fixture.GetDefaultCertificate()) { var essCertIdV2 = EssCertIdV2.Create(certificate, hashAlgorithmName); Assert.Equal(SignTestUtility.GetHash(certificate, hashAlgorithmName), essCertIdV2.CertificateHash); Assert.Equal(Oids.Sha512, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifySerialNumber(certificate, essCertIdV2.IssuerSerial); } }
public void Create_WithValidInput_ReturnsSigningCertificateV2(HashAlgorithmName hashAlgorithmName) { using (var certificate = _fixture.GetDefaultCertificate()) { var signingCertificateV2 = SigningCertificateV2.Create(certificate, hashAlgorithmName); Assert.Equal(1, signingCertificateV2.Certificates.Count); var essCertIdV2 = signingCertificateV2.Certificates[0]; Assert.Equal(hashAlgorithmName, CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value)); Assert.Equal(SignTestUtility.GetHash(certificate, hashAlgorithmName), essCertIdV2.CertificateHash); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifySerialNumber(certificate, essCertIdV2.IssuerSerial); Assert.Null(signingCertificateV2.Policies); } }
public void Read_WithDefaultAlgorithmIdentifier_ReturnsEssCertIdV2() { var directoryName = new X509Name("CN=test"); var generalNames = new GeneralNames( new BcGeneralName(BcGeneralName.DirectoryName, directoryName)); var bcIssuerSerial = new BcIssuerSerial(generalNames, new DerInteger(BigInteger.One)); var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach")); var bcEssCertId = new BcEssCertIdV2(hash, bcIssuerSerial); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(directoryName.ToString(), essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); SignTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber); }
public void Read_WithValidInput_ReturnsEssCertId() { using (var certificate = _fixture.GetDefaultCertificate()) { var bcCertificate = DotNetUtilities.FromX509Certificate(certificate); var bcGeneralNames = new GeneralNames( new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN)); var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber)); var hash = SignTestUtility.GetHash(certificate, Common.HashAlgorithmName.SHA256); var bcEssCertId = new BcEssCertId(hash, bcIssuerSerial); var bytes = bcEssCertId.GetDerEncoded(); var essCertId = EssCertId.Read(bytes); Assert.Equal(1, essCertId.IssuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, essCertId.IssuerSerial.GeneralNames[0].DirectoryName.Name); SignTestUtility.VerifyByteArrays(hash, essCertId.CertificateHash); SignTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertId.IssuerSerial.SerialNumber); } }
public void GetCertificateListFromChain_ReturnsCertificatesInOrder() { using (var chainHolder = new X509ChainHolder()) using (var rootCertificate = SignTestUtility.GetCertificate("root.crt")) using (var intermediateCertificate = SignTestUtility.GetCertificate("intermediate.crt")) using (var leafCertificate = SignTestUtility.GetCertificate("leaf.crt")) { var chain = chainHolder.Chain; chain.ChainPolicy.ExtraStore.Add(rootCertificate); chain.ChainPolicy.ExtraStore.Add(intermediateCertificate); chain.Build(leafCertificate); var certificateChain = CertificateChainUtility.GetCertificateListFromChain(chain); Assert.Equal(3, certificateChain.Count); Assert.Equal(leafCertificate.Thumbprint, certificateChain[0].Thumbprint); Assert.Equal(intermediateCertificate.Thumbprint, certificateChain[1].Thumbprint); Assert.Equal(rootCertificate.Thumbprint, certificateChain[2].Thumbprint); } }