Esempio n. 1
0
        private IX509AttributeCertificate CreateAttrCert()
        {
//			CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
//			X509Certificate iCert = (X509Certificate) fact
//				.generateCertificate(new ByteArrayInputStream(holderCert));
            X509Certificate iCert = new X509CertificateParser().ReadCertificate(holderCert);

            //
            // a sample key pair.
            //
            // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
            // new BigInteger(
            // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
            // 16), new BigInteger("11", 16));

            //
            // set up the keys
            //
//			KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
//			PrivateKey privKey = kFact.generatePrivate(RsaPrivateKeySpec);
            IAsymmetricKeyParameter privKey = RsaPrivateKeySpec;

            X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

            // the actual attributes
            GeneralName         roleName   = new GeneralName(GeneralName.Rfc822Name, "*****@*****.**");
            Asn1EncodableVector roleSyntax = new Asn1EncodableVector(roleName);

            // roleSyntax OID: 2.5.24.72
            X509Attribute attributes = new X509Attribute("2.5.24.72",
                                                         new DerSequence(roleSyntax));

            gen.AddAttribute(attributes);
            gen.SetHolder(new AttributeCertificateHolder(PrincipalUtilities.GetSubjectX509Principal(iCert)));
            gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
            gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            gen.SetSerialNumber(BigInteger.One);
            gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            Target targetName = new Target(
                Target.Choice.Name,
                new GeneralName(GeneralName.DnsName, "www.test.com"));

            Target targetGroup = new Target(
                Target.Choice.Group,
                new GeneralName(GeneralName.DirectoryName, "o=Test, ou=Test"));

            Target[] targets = new Target[] { targetName, targetGroup };

            TargetInformation targetInformation = new TargetInformation(targets);

            gen.AddExtension(X509Extensions.TargetInformation.Id, true, targetInformation);

            return(gen.Generate(privKey));
        }
Esempio n. 2
0
        public override void PerformTest()
        {
            IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert);
            X509CertificateParser     fact  = new X509CertificateParser();
            X509Certificate           sCert = fact.ReadCertificate(signCert);

            aCert.Verify(sCert.GetPublicKey());

            //
            // search test
            //
            IList list = new ArrayList();

            list.Add(sCert);

//			CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
//			CertStore store = CertStore.getInstance("Collection", ccsp);
            IX509Store store = X509StoreFactory.Create(
                "Certificate/Collection",
                new X509CollectionStoreParameters(list));

            ArrayList certs = new ArrayList(
//				store.getCertificates(aCert.getIssuer()));
                store.GetMatches(aCert.Issuer));

            if (certs.Count != 1 || !certs.Contains(sCert))
            {
                Fail("sCert not found by issuer");
            }

            X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
            if (attrs == null || attrs.Length != 1)
            {
                Fail("attribute not found");
            }

            //
            // reencode test
            //
            aCert = new X509V2AttributeCertificate(aCert.GetEncoded());

            aCert.Verify(sCert.GetPublicKey());

            IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded());

            if (!aCert.NotAfter.Equals(saCert.NotAfter))
            {
                Fail("failed date comparison");
            }

            // base generator test

            //
            // a sample key pair.
            //
            RsaKeyParameters pubKey = new RsaKeyParameters(
                false,
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16));

            AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;

            //
            // set up the keys
            //
//			PrivateKey          privKey;
//			PublicKey           pubKey;
//
//			KeyFactory  kFact = KeyFactory.getInstance("RSA");
//
//			privKey = kFact.generatePrivate(privKeySpec);
//			pubKey = kFact.generatePublic(pubKeySpec);

            X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

            gen.AddAttribute(attrs[0]);
            gen.SetHolder(aCert.Holder);
            gen.SetIssuer(aCert.Issuer);
            gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            gen.SetSerialNumber(aCert.SerialNumber);
            gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            aCert = gen.Generate(privKey);

            aCert.CheckValidity();

            aCert.Verify(pubKey);

            // as the issuer is the same this should still work (even though it is not
            // technically correct

            certs = new ArrayList(
//				store.getCertificates(aCert.Issuer));
                store.GetMatches(aCert.Issuer));

            if (certs.Count != 1 || !certs.Contains(sCert))
            {
                Fail("sCert not found by issuer");
            }

            attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
            if (attrs == null || attrs.Length != 1)
            {
                Fail("attribute not found");
            }

            //
            // reencode test
            //
            aCert = new X509V2AttributeCertificate(aCert.GetEncoded());

            aCert.Verify(pubKey);

            AttributeCertificateIssuer issuer = aCert.Issuer;

            X509Name[] principals = issuer.GetPrincipals();

            //
            // test holder
            //
            AttributeCertificateHolder holder = aCert.Holder;

            if (holder.GetEntityNames() == null)
            {
                Fail("entity names not set");
            }

            if (holder.SerialNumber != null)
            {
                Fail("holder serial number set when none expected");
            }

            if (holder.GetIssuer() != null)
            {
                Fail("holder issuer set when none expected");
            }

            principals = holder.GetEntityNames();

            string ps = principals[0].ToString();

            // TODO Check that this is a good enough test
//			if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))
            if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")))
            {
                Fail("principal[0] for entity names don't Match");
            }

            //
            // extension test
            //

            gen.AddExtension("1.1", true, new DerOctetString(new byte[10]));

            gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));

            aCert = gen.Generate(privKey);

            ISet exts = aCert.GetCriticalExtensionOids();

            if (exts.Count != 1 || !exts.Contains("1.1"))
            {
                Fail("critical extension test failed");
            }

            exts = aCert.GetNonCriticalExtensionOids();

            if (exts.Count != 1 || !exts.Contains("2.2"))
            {
                Fail("non-critical extension test failed");
            }

            Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1"));
            Asn1Encodable   extValue  = X509ExtensionUtilities.FromExtensionValue(extString);

            if (!extValue.Equals(new DerOctetString(new byte[10])))
            {
                Fail("wrong extension value found for 1.1");
            }

            doTestCertWithBaseCertificateID();
            doTestGenerateWithCert();
            doTestGenerateWithPrincipal();
        }
Esempio n. 3
0
        private void doTestGenerateWithPrincipal()
        {
            X509CertificateParser fact  = new X509CertificateParser();
            X509Certificate       iCert = fact.ReadCertificate(signCert);

            //
            // a sample key pair.
            //
            RsaKeyParameters pubKey = new RsaKeyParameters(
                false,
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16));

            //
            // set up the keys
            //
//			PrivateKey          privKey;
//			PublicKey           pubKey;
//
//			KeyFactory  kFact = KeyFactory.getInstance("RSA");
//
//			privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
//			pubKey = kFact.generatePublic(pubKeySpec);
            AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;

            X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();

            // the actual attributes
            GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789");

            // roleSyntax OID: 2.5.24.72
            X509Attribute attributes = new X509Attribute("2.5.24.72",
                                                         new DerSequence(roleName));

            gen.AddAttribute(attributes);
            gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN));
            gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
            gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            gen.SetSerialNumber(BigInteger.One);
            gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");

            IX509AttributeCertificate aCert = gen.Generate(privKey);

            aCert.CheckValidity();

            aCert.Verify(pubKey);

            AttributeCertificateHolder holder = aCert.Holder;

            if (holder.GetEntityNames() == null)
            {
                Fail("entity names not set when expected");
            }

            if (holder.SerialNumber != null)
            {
                Fail("holder serial number found when none expected");
            }

            if (holder.GetIssuer() != null)
            {
                Fail("holder issuer found when none expected");
            }

            if (!holder.Match(iCert))
            {
                Fail("generated holder not matching holder certificate");
            }

            X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID);

            if (holder.Match(sCert))
            {
                Fail("principal generated holder matching wrong certificate");
            }

            equalityAndHashCodeTest(aCert, aCert.GetEncoded());
        }