コード例 #1
0
        public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName)
        {
            using (var certificate = _fixture.GetDefaultCertificate())
            {
                var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName);

                Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value);
                Assert.Equal(1, attribute.Values.Count);

                var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);

                Assert.Equal(1, signingCertificateV2.Certificates.Count);

                var essCertIdV2  = signingCertificateV2.Certificates[0];
                var expectedHash = SignTestUtility.GetHash(certificate, hashAlgorithmName);

                SignTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash);
                Assert.Equal(
                    hashAlgorithmName,
                    CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value));
                Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);

                var serialNumber = certificate.GetSerialNumber();

                // Convert from little endian to big endian.
                Array.Reverse(serialNumber);

                SignTestUtility.VerifyByteArrays(
                    serialNumber,
                    essCertIdV2.IssuerSerial.SerialNumber);
            }
        }
コード例 #2
0
 public void IsSignatureAlgorithmSupported_WhenSupported_ReturnsTrue(Common.HashAlgorithmName algorithm, string expectedSignatureAlgorithmOid)
 {
     using (var certificate = SigningTestUtility.GenerateCertificate(
                "test",
                generator => { },
                algorithm,
                RSASignaturePaddingMode.Pkcs1))
     {
         Assert.Equal(expectedSignatureAlgorithmOid, certificate.SignatureAlgorithm.Value);
         Assert.True(CertificateUtility.IsSignatureAlgorithmSupported(certificate));
     }
 }
コード例 #3
0
ファイル: EssCertIdV2.cs プロジェクト: dslzuha/nugetclient
        public static EssCertIdV2 Create(X509Certificate2 certificate, Common.HashAlgorithmName hashAlgorithmName)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }

            var algorithm    = new AlgorithmIdentifier(hashAlgorithmName.ConvertToOid());
            var hash         = CertificateUtility.GetHash(certificate, hashAlgorithmName);
            var issuerSerial = IssuerSerial.Create(certificate);

            return(new EssCertIdV2(algorithm, hash, issuerSerial));
        }
コード例 #4
0
        // ESSCertIDv2::=  SEQUENCE {
        //    hashAlgorithm AlgorithmIdentifier
        //           DEFAULT {algorithm id-sha256 },
        //    certHash Hash,
        //    issuerSerial IssuerSerial OPTIONAL
        // }
        private static byte[][] CreateESSCertIDv2Entry(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
        {
            // Get hash Oid
            var hashAlgorithmOid = hashAlgorithm.ConvertToOidString();
            var entry            = GetESSCertIDv2Entry(cert, hashAlgorithm);

            return(DerEncoder.ConstructSegmentedSequence(new List <byte[][]>()
            {
                // AlgorithmIdentifier
                DerEncoder.SegmentedEncodeOid(hashAlgorithmOid),

                // Hash
                DerEncoder.SegmentedEncodeOctetString(entry.Value)
            }));
        }
コード例 #5
0
        /// <summary>
        /// Create a signing-certificate-v2 from a certificate.
        /// </summary>
        /// <param name="certificate">The signing certificate.</param>
        /// <param name="hashAlgorithm">The hash algorithm for the signing-certificate-v2 attribute.</param>
        public static CryptographicAttributeObject CreateSigningCertificateV2(
            X509Certificate2 certificate,
            Common.HashAlgorithmName hashAlgorithm)
        {
            if (certificate == null)
            {
                throw new ArgumentNullException(nameof(certificate));
            }

            var signingCertificateV2 = SigningCertificateV2.Create(certificate, hashAlgorithm);
            var bytes = signingCertificateV2.Encode();

            var data = new AsnEncodedData(Oids.SigningCertificateV2, bytes);

            return(new CryptographicAttributeObject(
                       new Oid(Oids.SigningCertificateV2),
                       new AsnEncodedDataCollection(data)));
        }
コード例 #6
0
        public void GetESSCertIDv2Entries_ReturnsDecodedHashes(Common.HashAlgorithmName hashAlgorithm)
        {
            // Arrange
            var cert      = TestCertificate.Generate().PublicCert;
            var cert2     = TestCertificate.Generate().PublicCert;
            var attribute = AttributeUtility.GetSigningCertificateV2(
                new[] { cert, cert2 },
                hashAlgorithm);
            var certHash  = CryptoHashUtility.ComputeHash(hashAlgorithm, cert.RawData);
            var cert2Hash = CryptoHashUtility.ComputeHash(hashAlgorithm, cert2.RawData);

            // Act
            var actual = AttributeUtility.GetESSCertIDv2Entries(attribute);

            // Assert
            actual.ShouldBeEquivalentTo(new[]
            {
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, certHash),
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, cert2Hash),
            });
        }
コード例 #7
0
        private static SignatureContent GenerateSignatureContent(Common.HashAlgorithmName hashAlgorithmName, byte[] zipArchiveHash)
        {
            var base64ZipArchiveHash = Convert.ToBase64String(zipArchiveHash);

            return(new SignatureContent(SigningSpecifications.V1, hashAlgorithmName, base64ZipArchiveHash));
        }
コード例 #8
0
 // Cert -> Hash
 private static byte[] GetCertificateHash(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
 {
     return(hashAlgorithm.ComputeHash(cert.RawData));
 }
コード例 #9
0
        // Cert -> Hash pair
        private static KeyValuePair <Common.HashAlgorithmName, byte[]> GetESSCertIDv2Entry(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
        {
            // Hash the certificate
            var hashValue = GetCertificateHash(cert, hashAlgorithm);

            return(new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, hashValue));
        }
コード例 #10
0
        /// <summary>
        /// Create a signing-certificate-v2 from a certificate.
        /// </summary>
        public static CryptographicAttributeObject GetSigningCertificateV2(IEnumerable <X509Certificate2> chain, Common.HashAlgorithmName hashAlgorithm)
        {
            // Build the cert chain as-is
            var certEntries = chain.Select(e => CreateESSCertIDv2Entry(e, hashAlgorithm)).ToList();

            var data = new AsnEncodedData(Oids.SigningCertificateV2, DerEncoder.ConstructSequence(certEntries));

            // Create an attribute
            return(new CryptographicAttributeObject(
                       oid: new Oid(Oids.SigningCertificateV2),
                       values: new AsnEncodedDataCollection(data)));
        }