private IX509AttributeCertificate CreateAttrCert()
{
// CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC");
// X509Certificate iCert = (X509Certificate) fact
// .generateCertificate(new ByteArrayInputStream(holderCert));
X509Certificate iCert = new X509CertificateParser().ReadCertificate(holderCert);
//
// a sample key pair.
//
// RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
// new BigInteger(
// "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
// 16), new BigInteger("11", 16));
//
// set up the keys
//
// KeyFactory kFact = KeyFactory.getInstance("RSA", "BC");
// PrivateKey privKey = kFact.generatePrivate(RsaPrivateKeySpec);
IAsymmetricKeyParameter privKey = RsaPrivateKeySpec;
X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
// the actual attributes
GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "*****@*****.**");
Asn1EncodableVector roleSyntax = new Asn1EncodableVector(roleName);
// roleSyntax OID: 2.5.24.72
X509Attribute attributes = new X509Attribute("2.5.24.72",
new DerSequence(roleSyntax));
gen.AddAttribute(attributes);
gen.SetHolder(new AttributeCertificateHolder(PrincipalUtilities.GetSubjectX509Principal(iCert)));
gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
gen.SetSerialNumber(BigInteger.One);
gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Target targetName = new Target(
Target.Choice.Name,
new GeneralName(GeneralName.DnsName, "www.test.com"));
Target targetGroup = new Target(
Target.Choice.Group,
new GeneralName(GeneralName.DirectoryName, "o=Test, ou=Test"));
Target[] targets = new Target[] { targetName, targetGroup };
TargetInformation targetInformation = new TargetInformation(targets);
gen.AddExtension(X509Extensions.TargetInformation.Id, true, targetInformation);
return(gen.Generate(privKey));
}
public override void PerformTest()
{
IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert);
X509CertificateParser fact = new X509CertificateParser();
X509Certificate sCert = fact.ReadCertificate(signCert);
aCert.Verify(sCert.GetPublicKey());
//
// search test
//
IList list = new ArrayList();
list.Add(sCert);
// CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
// CertStore store = CertStore.getInstance("Collection", ccsp);
IX509Store store = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(list));
ArrayList certs = new ArrayList(
// store.getCertificates(aCert.getIssuer()));
store.GetMatches(aCert.Issuer));
if (certs.Count != 1 || !certs.Contains(sCert))
{
Fail("sCert not found by issuer");
}
X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
if (attrs == null || attrs.Length != 1)
{
Fail("attribute not found");
}
//
// reencode test
//
aCert = new X509V2AttributeCertificate(aCert.GetEncoded());
aCert.Verify(sCert.GetPublicKey());
IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded());
if (!aCert.NotAfter.Equals(saCert.NotAfter))
{
Fail("failed date comparison");
}
// base generator test
//
// a sample key pair.
//
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
//
// set up the keys
//
// PrivateKey privKey;
// PublicKey pubKey;
//
// KeyFactory kFact = KeyFactory.getInstance("RSA");
//
// privKey = kFact.generatePrivate(privKeySpec);
// pubKey = kFact.generatePublic(pubKeySpec);
X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
gen.AddAttribute(attrs[0]);
gen.SetHolder(aCert.Holder);
gen.SetIssuer(aCert.Issuer);
gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
gen.SetSerialNumber(aCert.SerialNumber);
gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
aCert = gen.Generate(privKey);
aCert.CheckValidity();
aCert.Verify(pubKey);
// as the issuer is the same this should still work (even though it is not
// technically correct
certs = new ArrayList(
// store.getCertificates(aCert.Issuer));
store.GetMatches(aCert.Issuer));
if (certs.Count != 1 || !certs.Contains(sCert))
{
Fail("sCert not found by issuer");
}
attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
if (attrs == null || attrs.Length != 1)
{
Fail("attribute not found");
}
//
// reencode test
//
aCert = new X509V2AttributeCertificate(aCert.GetEncoded());
aCert.Verify(pubKey);
AttributeCertificateIssuer issuer = aCert.Issuer;
X509Name[] principals = issuer.GetPrincipals();
//
// test holder
//
AttributeCertificateHolder holder = aCert.Holder;
if (holder.GetEntityNames() == null)
{
Fail("entity names not set");
}
if (holder.SerialNumber != null)
{
Fail("holder serial number set when none expected");
}
if (holder.GetIssuer() != null)
{
Fail("holder issuer set when none expected");
}
principals = holder.GetEntityNames();
string ps = principals[0].ToString();
// TODO Check that this is a good enough test
// if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))
if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")))
{
Fail("principal[0] for entity names don't Match");
}
//
// extension test
//
gen.AddExtension("1.1", true, new DerOctetString(new byte[10]));
gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));
aCert = gen.Generate(privKey);
ISet exts = aCert.GetCriticalExtensionOids();
if (exts.Count != 1 || !exts.Contains("1.1"))
{
Fail("critical extension test failed");
}
exts = aCert.GetNonCriticalExtensionOids();
if (exts.Count != 1 || !exts.Contains("2.2"))
{
Fail("non-critical extension test failed");
}
Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1"));
Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extString);
if (!extValue.Equals(new DerOctetString(new byte[10])))
{
Fail("wrong extension value found for 1.1");
}
doTestCertWithBaseCertificateID();
doTestGenerateWithCert();
doTestGenerateWithPrincipal();
}
private void doTestGenerateWithPrincipal()
{
X509CertificateParser fact = new X509CertificateParser();
X509Certificate iCert = fact.ReadCertificate(signCert);
//
// a sample key pair.
//
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
//
// set up the keys
//
// PrivateKey privKey;
// PublicKey pubKey;
//
// KeyFactory kFact = KeyFactory.getInstance("RSA");
//
// privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
// pubKey = kFact.generatePublic(pubKeySpec);
AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
// the actual attributes
GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789");
// roleSyntax OID: 2.5.24.72
X509Attribute attributes = new X509Attribute("2.5.24.72",
new DerSequence(roleName));
gen.AddAttribute(attributes);
gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN));
gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
gen.SetSerialNumber(BigInteger.One);
gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
IX509AttributeCertificate aCert = gen.Generate(privKey);
aCert.CheckValidity();
aCert.Verify(pubKey);
AttributeCertificateHolder holder = aCert.Holder;
if (holder.GetEntityNames() == null)
{
Fail("entity names not set when expected");
}
if (holder.SerialNumber != null)
{
Fail("holder serial number found when none expected");
}
if (holder.GetIssuer() != null)
{
Fail("holder issuer found when none expected");
}
if (!holder.Match(iCert))
{
Fail("generated holder not matching holder certificate");
}
X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID);
if (holder.Match(sCert))
{
Fail("principal generated holder matching wrong certificate");
}
equalityAndHashCodeTest(aCert, aCert.GetEncoded());
}