public void TestLoadCertFromPfx()
{
X509Certificate2 certificate = KeyStoreUtil.GetCertificateFromPfx(TEST_PFX_PATH, TEST_PFX_PASSWORD, true);
Console.WriteLine(certificate);
Assert.NotNull(certificate);
}
public void TestLoadKeyFromPfx()
{
RSACryptoServiceProvider rsa = KeyStoreUtil.GetPrivateKeyFromPfx(TEST_PFX_PATH, TEST_PFX_PASSWORD, true);
Console.WriteLine(rsa);
Assert.NotNull(rsa);
}
public void setup()
{
AsymmetricCipherKeyPair keyPair = KeyStoreUtil.GenerateKeyPair();
Org.BouncyCastle.X509.X509Certificate rootCertificate = KeyStoreUtil.CreateCert("CN=Root", keyPair.Public, keyPair.Private);
AsymmetricCipherKeyPair clientKeyPair = KeyStoreUtil.GenerateKeyPair();
Org.BouncyCastle.X509.X509Certificate clientCertificate = KeyStoreUtil.CreateCert("CN=Client", clientKeyPair.Public, clientKeyPair.Private);
this.invalidCertChain = new List <Org.BouncyCastle.X509.X509Certificate>();
this.invalidCertChain.Add(rootCertificate);
this.invalidCertChain.Add(clientCertificate);
}
public void TestCreateKeyStore()
{
AsymmetricCipherKeyPair keyPair = KeyStoreUtil.GenerateKeyPair();
RsaPrivateCrtKeyParameters RSAprivKey = (RsaPrivateCrtKeyParameters)keyPair.Private;
RsaKeyParameters RSApubKey = (RsaKeyParameters)keyPair.Public;
Org.BouncyCastle.X509.X509Certificate cert = KeyStoreUtil.CreateCert("Test", RSApubKey, RSAprivKey);
Console.WriteLine(cert.ToString());
string pfxPath = TEST_PFX_PATH;
if (File.Exists(pfxPath))
{
pfxPath += "_old";
if (File.Exists(pfxPath))
{
File.Delete(pfxPath);
}
}
FileStream fs = new FileStream(pfxPath, FileMode.CreateNew);
KeyStoreUtil.WritePkcs12(RSAprivKey, cert, TEST_PFX_PASSWORD, fs);
fs.Close();
string crtPath = TEST_CRT_PATH;
if (File.Exists(crtPath))
{
crtPath += "_old";
if (File.Exists(crtPath))
{
File.Delete(crtPath);
}
}
FileStream certFileStream = new FileStream(crtPath, FileMode.CreateNew);
byte[] encodedCert = cert.GetEncoded();
certFileStream.Write(encodedCert, 0, encodedCert.Length);
certFileStream.Close();
}
public void TestInvalidChainInvalidWSSecuritySig()
{
X509Certificate2 validCertificate = new X509Certificate2(WS_SECURITY_CERT);
AsymmetricCipherKeyPair keyPair = KeyStoreUtil.GenerateKeyPair();
X509Certificate2 serviceCertificate =
new X509Certificate2(DotNetUtilities.ToX509Certificate
(KeyStoreUtil.CreateCert(validCertificate.Subject, keyPair.Public, keyPair.Private)));
XkmsClient client = new XkmsClientImpl(TestXkms.TRUST_SERVICE_LOCATION);
client.configureWSSecurity(serviceCertificate, null);
try
{
client.validate("test", this.invalidCertChain);
Assert.Fail();
}
catch (MessageSecurityException e)
{
// expected
}
}
public void TestCreateServiceSignature()
{
RSACryptoServiceProvider rsa = KeyStoreUtil.GetPrivateKeyFromPfx(TEST_PFX_PATH, TEST_PFX_PASSWORD, true);
X509Certificate2 certificate = KeyStoreUtil.GetCertificateFromPfx(TEST_PFX_PATH, TEST_PFX_PASSWORD, true);
List <X509Certificate2> certificateChain = new List <X509Certificate2>();
certificateChain.Add(certificate);
ServiceSignatureDO serviceSignature = SignatureRequestUtil.CreateServiceSignature(rsa, certificateChain, "signature-request", null,
"target", "language", "content-type", "relay-state");
Assert.NotNull(serviceSignature);
Assert.NotNull(serviceSignature.ServiceSigned);
Assert.NotNull(serviceSignature.ServiceSignature);
Assert.NotNull(serviceSignature.ServiceCertificateChainSize);
Assert.NotNull(serviceSignature.ServiceCertificates);
Assert.True(serviceSignature.ServiceCertificates.Count == 1);
Console.WriteLine("ServiceSignature");
Console.WriteLine("----------------");
Console.WriteLine(" * ServiceSigned =" + serviceSignature.ServiceSigned);
Console.WriteLine(" * ServiceSignature=" + serviceSignature.ServiceSignature);
}
private void SetSignatureRequest(bool signed, bool artifact, String languageValue)
{
if (FileUpload1.HasFile)
{
try
{
// read to be signed document
byte[] doc = new byte[FileUpload1.PostedFile.ContentLength];
FileUpload1.PostedFile.InputStream.Read(doc, 0, FileUpload1.PostedFile.ContentLength);
// construct post parameter values
String signatureRequestValue = null;
String signatureRequestIdValue = null;
String contentTypeValue = FileUpload1.PostedFile.ContentType;
String relayStateValue = Guid.NewGuid().ToString();
String targetValue = Request.Url.ToString();
if (artifact)
{
// upload using WS
StorageInfoDO storageInfo = getClient().Store(doc, FileUpload1.PostedFile.ContentType);
signatureRequestIdValue = storageInfo.Artifact;
}
else
{
signatureRequestValue = Convert.ToBase64String(doc);
}
// construct service signature if requested
ServiceSignatureDO serviceSignature = null;
if (signed)
{
RSACryptoServiceProvider rsa = KeyStoreUtil.GetPrivateKeyFromPfx(TEST_PFX_PATH, TEST_PFX_PASSWORD, true);
X509Certificate2 certificate = KeyStoreUtil.GetCertificateFromPfx(TEST_PFX_PATH, TEST_PFX_PASSWORD, true);
List <X509Certificate2> certificateChain = new List <X509Certificate2>();
certificateChain.Add(certificate);
serviceSignature = SignatureRequestUtil.CreateServiceSignature(rsa, certificateChain, signatureRequestValue,
signatureRequestIdValue, targetValue, languageValue, contentTypeValue, relayStateValue);
}
// set signature request post parameters
if (null != signatureRequestValue)
{
SignatureRequest.Value = signatureRequestValue;
SignatureRequestId.Visible = false;
}
else
{
SignatureRequest.Visible = false;
SignatureRequestId.Value = signatureRequestIdValue;
}
if (null != serviceSignature)
{
ServiceSigned.Value = serviceSignature.ServiceSigned;
ServiceSignature.Value = serviceSignature.ServiceSignature;
ServiceCertificateChainSize.Value = serviceSignature.ServiceCertificateChainSize;
ServiceCertificate.Value = serviceSignature.ServiceCertificates[0];
ServiceCertificate.ID = "ServiceCertificate.1";
}
else
{
ServiceSigned.Visible = false;
ServiceSignature.Visible = false;
ServiceCertificateChainSize.Visible = false;
ServiceCertificate.Visible = false;
}
ContentType.Value = contentTypeValue;
RelayState.Value = relayStateValue;
target.Value = targetValue;
language.Value = languageValue;
// store signature request state on session for response validation
Session[SIGNATURE_REQUEST_SESSION_PARAM] = signatureRequestValue;
Session[SIGNATURE_REQUEST_ID_SESSION_PARAM] = signatureRequestIdValue;
Session[RELAY_STATE_SESSION_PARAM] = relayStateValue;
Session[TARGET_SESSION_PARAM] = targetValue;
Session[CONTENT_TYPE_SESSION_PARAM] = contentTypeValue;
// ready for sign request
SignForm.Action = dssLocation;
Button1.Text = "Sign Document";
hideRequest();
// display some info
Label1.Text = "File name: " + FileUpload1.PostedFile.FileName + "<br>" +
FileUpload1.PostedFile.ContentLength + " kb<br>" +
"Content type: " + FileUpload1.PostedFile.ContentType + "<br>";
if (null != signatureRequestIdValue)
{
Label1.Text += "Document ID: " + signatureRequestIdValue + "<br>";
}
if (null != serviceSignature)
{
Label1.Text += "Service Signed: " + serviceSignature.ServiceSigned + "<br>";
}
}
catch (Exception ex)
{
Label1.Text = "ERROR: " + ex.Message.ToString();
}
}
else
{
Label1.Text = "You have not specified a file.";
}
}
