Class to produce an X.509 Version 2 AttributeCertificate.
Exemple #1
0
		public override void PerformTest()
		{
			IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert);
			X509CertificateParser fact = new X509CertificateParser();
			X509Certificate sCert = fact.ReadCertificate(signCert);

			aCert.Verify(sCert.GetPublicKey());

			//
			// search test
			//
			IList list = new ArrayList();

			list.Add(sCert);

//			CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
//			CertStore store = CertStore.getInstance("Collection", ccsp);
			IX509Store store = X509StoreFactory.Create(
				"Certificate/Collection",
				new X509CollectionStoreParameters(list));

			ArrayList certs = new ArrayList(
//				store.getCertificates(aCert.getIssuer()));
				store.GetMatches(aCert.Issuer));

			if (certs.Count != 1 || !certs.Contains(sCert))
			{
				Fail("sCert not found by issuer");
			}

			X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
			if (attrs == null || attrs.Length != 1)
			{
				Fail("attribute not found");
			}

			//
			// reencode test
			//
			aCert = new X509V2AttributeCertificate(aCert.GetEncoded());

			aCert.Verify(sCert.GetPublicKey());

			IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded());

			if (!aCert.NotAfter.Equals(saCert.NotAfter))
			{
				Fail("failed date comparison");
			}

			// base generator test

			//
			// a sample key pair.
			//
			RsaKeyParameters pubKey = new RsaKeyParameters(
				false,
				new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
				new BigInteger("11", 16));

			AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;

			//
			// set up the keys
			//
//			PrivateKey          privKey;
//			PublicKey           pubKey;
//
//			KeyFactory  kFact = KeyFactory.getInstance("RSA");
//
//			privKey = kFact.generatePrivate(privKeySpec);
//			pubKey = kFact.generatePublic(pubKeySpec);

			X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

			gen.AddAttribute(attrs[0]);
			gen.SetHolder(aCert.Holder);
			gen.SetIssuer(aCert.Issuer);
			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
			gen.SetSerialNumber(aCert.SerialNumber);
			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

			aCert = gen.Generate(privKey);

			aCert.CheckValidity();

			aCert.Verify(pubKey);

			// as the issuer is the same this should still work (even though it is not
			// technically correct

			certs = new ArrayList(
//				store.getCertificates(aCert.Issuer));
				store.GetMatches(aCert.Issuer));

			if (certs.Count != 1 || !certs.Contains(sCert))
			{
				Fail("sCert not found by issuer");
			}

			attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
			if (attrs == null || attrs.Length != 1)
			{
				Fail("attribute not found");
			}

			//
			// reencode test
			//
			aCert = new X509V2AttributeCertificate(aCert.GetEncoded());

			aCert.Verify(pubKey);

			AttributeCertificateIssuer issuer = aCert.Issuer;

			X509Name[] principals = issuer.GetPrincipals();

			//
			// test holder
			//
			AttributeCertificateHolder holder = aCert.Holder;

			if (holder.GetEntityNames() == null)
			{
				Fail("entity names not set");
			}

			if (holder.SerialNumber != null)
			{
				Fail("holder serial number set when none expected");
			}

			if (holder.GetIssuer() != null)
			{
				Fail("holder issuer set when none expected");
			}

			principals = holder.GetEntityNames();

			string ps = principals[0].ToString();

			// TODO Check that this is a good enough test
//			if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))
			if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")))
			{
				Fail("principal[0] for entity names don't Match");
			}

			//
			// extension test
			//

			gen.AddExtension("1.1", true, new DerOctetString(new byte[10]));

			gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));

			aCert = gen.Generate(privKey);

			ISet exts = aCert.GetCriticalExtensionOids();

			if (exts.Count != 1 || !exts.Contains("1.1"))
			{
				Fail("critical extension test failed");
			}

			exts = aCert.GetNonCriticalExtensionOids();

			if (exts.Count != 1 || !exts.Contains("2.2"))
			{
				Fail("non-critical extension test failed");
			}

			Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1"));
			Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extString);

			if (!extValue.Equals(new DerOctetString(new byte[10])))
			{
				Fail("wrong extension value found for 1.1");
			}

			doTestCertWithBaseCertificateID();
			doTestGenerateWithCert();
			doTestGenerateWithPrincipal();
		}
		private IX509AttributeCertificate CreateAttrCert()
		{
//			CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
//			X509Certificate iCert = (X509Certificate) fact
//				.generateCertificate(new ByteArrayInputStream(holderCert));
			X509Certificate iCert = new X509CertificateParser().ReadCertificate(holderCert);

			//
			// a sample key pair.
			//
			// RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
			// new BigInteger(
			// "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
			// 16), new BigInteger("11", 16));

			//
			// set up the keys
			//
//			KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
//			PrivateKey privKey = kFact.generatePrivate(RsaPrivateKeySpec);
			AsymmetricKeyParameter privKey = RsaPrivateKeySpec;

			X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

			// the actual attributes
			GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "*****@*****.**");
			Asn1EncodableVector roleSyntax = new Asn1EncodableVector(roleName);

			// roleSyntax OID: 2.5.24.72
			X509Attribute attributes = new X509Attribute("2.5.24.72",
				new DerSequence(roleSyntax));

			gen.AddAttribute(attributes);
			gen.SetHolder(new AttributeCertificateHolder(PrincipalUtilities.GetSubjectX509Principal(iCert)));
			gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
			gen.SetSerialNumber(BigInteger.One);
			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

			Target targetName = new Target(
				Target.Choice.Name,
				new GeneralName(GeneralName.DnsName, "www.test.com"));

			Target targetGroup = new Target(
				Target.Choice.Group,
				new GeneralName(GeneralName.DirectoryName, "o=Test, ou=Test"));

			Target[] targets = new Target[]{ targetName, targetGroup };

			TargetInformation targetInformation = new TargetInformation(targets);
			gen.AddExtension(X509Extensions.TargetInformation.Id, true, targetInformation);

			return gen.Generate(privKey);
		}
Exemple #3
0
		private void doTestGenerateWithPrincipal()
		{
			X509CertificateParser fact = new X509CertificateParser();
			X509Certificate iCert = fact.ReadCertificate(signCert);

			//
			// a sample key pair.
			//
			RsaKeyParameters pubKey = new RsaKeyParameters(
				false,
				new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
				new BigInteger("11", 16));

			//
			// set up the keys
			//
//			PrivateKey          privKey;
//			PublicKey           pubKey;
//
//			KeyFactory  kFact = KeyFactory.getInstance("RSA");
//
//			privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
//			pubKey = kFact.generatePublic(pubKeySpec);
			AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;

			X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

			// the actual attributes
			GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789");

			// roleSyntax OID: 2.5.24.72
			X509Attribute attributes = new X509Attribute("2.5.24.72",
				new DerSequence(roleName));

			gen.AddAttribute(attributes);
			gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN));
			gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
			gen.SetSerialNumber(BigInteger.One);
			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

			IX509AttributeCertificate aCert = gen.Generate(privKey);

			aCert.CheckValidity();

			aCert.Verify(pubKey);

			AttributeCertificateHolder holder = aCert.Holder;

			if (holder.GetEntityNames() == null)
			{
				Fail("entity names not set when expected");
			}

			if (holder.SerialNumber != null)
			{
				Fail("holder serial number found when none expected");
			}

			if (holder.GetIssuer() != null)
			{
				Fail("holder issuer found when none expected");
			}

			if (!holder.Match(iCert))
			{
				Fail("generated holder not matching holder certificate");
			}

			X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID);

			if (holder.Match(sCert))
			{
				Fail("principal generated holder matching wrong certificate");
			}

			equalityAndHashCodeTest(aCert, aCert.GetEncoded());
		}