public void TestMacProtectedMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048,
100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder()
{
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
PublicKey = rsaKeyPair.Public,
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
builder.AddAttribute(X509Name.C, "Foo");
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
msgBuilder.AddCmpCertificate(cert);
//
// Default instance.
//
PKMacBuilder macFactory = new PKMacBuilder();
ProtectedPkiMessage msg = msgBuilder.Build(macFactory.Build("testpass".ToCharArray()));
IsTrue(msg.Verify(macFactory, "testpass".ToCharArray()));
}
public void TestProtectedMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder()
{
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
PublicKey = rsaKeyPair.Public,
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
builder.AddAttribute(X509Name.C, "Foo");
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
msgBuilder.AddCmpCertificate(cert);
ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
X509Certificate certificate = msg.GetCertificates()[0];
IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
}
public void TestSubsequentMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder();
builder.NotBefore = DateTime.UtcNow.AddDays(-1);
builder.NotAfter = DateTime.UtcNow.AddDays(1);
builder.PublicKey = rsaKeyPair.Public;
builder.SignatureAlgorithm = "Sha1WithRSAEncryption";
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName user = new GeneralName(new X509Name("CN=Test"));
CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One)
.SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))
.SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user, user)
.SetTransactionId(new byte[] { 1, 2, 3, 4, 5 })
.SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[] { crmBuiler.Build().ToAsn1Structure() })))
.AddCmpCertificate(cert)
.Build(sigFact);
ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPkiMessage(certRequestMsg.ToAsn1Message().GetDerEncoded()));
CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content);
CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0];
IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type);
}
public void TestConfirmationMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder()
{
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
PublicKey = rsaKeyPair.Public,
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
builder.AddAttribute(X509Name.C, "Foo");
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
.AddAcceptedCertificate(cert, BigInteger.One)
.Build();
ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure()));
msgBuilder.AddCmpCertificate(cert);
ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
IsEquals(sender, msg.Header.Sender);
IsEquals(recipient, msg.Header.Recipient);
content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder());
CertificateStatus[] statusList = content.GetStatusMessages();
IsEquals(1, statusList.Length);
IsTrue(statusList[0].IsVerified(cert));
}
