/// <summary> /// Creates a new AES-256 Symmetric Key encrypted by a 4096 bit RSA key. /// </summary> /// <returns>A base64 string of the RSA-encrypted AES key.</returns> private static string CreateNewAesKey() { using RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(4096, rsaCspParams); // 32 bytes * 8 = AES-256 byte[] SuperRandomSymmetricKey = new byte[KEY_LENGTH]; rngCsp.GetBytes(SuperRandomSymmetricKey); using SHA256 sha256 = SHA256.Create(); // SHA256 hash to check consistency string unencryptedAesKeyHash = BitConverter.ToString(sha256.ComputeHash(SuperRandomSymmetricKey)).ToUpperInvariant().Replace("-", String.Empty, StringComparison.Ordinal); // SPKI of asymmetric keypair formatted in same way as HTTP-Public-Key-Header to check it doesn't change X509SubjectKeyIdentifierExtension spki = new X509SubjectKeyIdentifierExtension(rsaProvider.ExportSubjectPublicKeyInfo(), false); // Encrypted AES key in base 64 should be impossible to decrypt even with the IV string encryptedAesKeyBase64 = AsymmetricEncryptToBase64(rsaProvider, SuperRandomSymmetricKey); Array.Clear(SuperRandomSymmetricKey, 0, SuperRandomSymmetricKey.Length); // SHA256 hash of decrypted AES key to check consistency Span <byte> decryptedAesKey = AsymmetricDecryptFromBase64(rsaProvider, encryptedAesKeyBase64); string aesKeyHash = BitConverter.ToString(sha256.ComputeHash(decryptedAesKey.ToArray())).ToUpperInvariant().Replace("-", String.Empty, StringComparison.Ordinal); return(encryptedAesKeyBase64); }
public static void EncodeFromBytes(bool fromSpan) { byte[] sk = { 1, 2, 3, 4 }; X509SubjectKeyIdentifierExtension e; if (fromSpan) { e = new X509SubjectKeyIdentifierExtension(new ReadOnlySpan <byte>(sk), false); } else { e = new X509SubjectKeyIdentifierExtension(sk, false); } byte[] rawData = e.RawData; Assert.Equal("040401020304".HexToByteArray(), rawData); if (fromSpan) { e = new X509SubjectKeyIdentifierExtension( new AsnEncodedData(new ReadOnlySpan <byte>(rawData)), false); } else { e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false); } string skid = e.SubjectKeyIdentifier; Assert.Equal("01020304", skid); AssertExtensions.SequenceEqual(sk, e.SubjectKeyIdentifierBytes.Span); }
public static void CreateFromKeyIdentifierPreservesLeadingZeros() { ReadOnlySpan <byte> encoded = new byte[] { // SEQUENCE( [0]( 0x30, 0x16, 0x80, 0x14, // keyId 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, }; ReadOnlySpan <byte> keyId = encoded.Slice(4); X509AuthorityKeyIdentifierExtension akid; // From ROSpan akid = X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(keyId); AssertExtensions.SequenceEqual(encoded, akid.RawData); AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span); // From array akid = X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(keyId.ToArray()); AssertExtensions.SequenceEqual(encoded, akid.RawData); AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span); // From SKI var skid = new X509SubjectKeyIdentifierExtension(keyId, critical: false); akid = X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(skid); AssertExtensions.SequenceEqual(encoded, akid.RawData); AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span); }
private static void EncodeDecode( byte[] certBytes, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical, byte[] expectedDer, string expectedIdentifier) { PublicKey pk; using (var cert = new X509Certificate2(certBytes)) { pk = cert.PublicKey; } X509SubjectKeyIdentifierExtension ext = new X509SubjectKeyIdentifierExtension(pk, algorithm, critical); byte[] rawData = ext.RawData; Assert.Equal(expectedDer, rawData); ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), critical); Assert.Equal(expectedIdentifier, ext.SubjectKeyIdentifier); Assert.Equal(expectedIdentifier, Convert.ToHexString(ext.SubjectKeyIdentifierBytes.Span)); ReadOnlyMemory <byte> ski1 = ext.SubjectKeyIdentifierBytes; ReadOnlyMemory <byte> ski2 = ext.SubjectKeyIdentifierBytes; Assert.True(ski1.Span == ski2.Span, "Two calls to SubjectKeyIdentifierBytes return the same buffer"); }
public void WrongExtension_X509KeyUsageExtension() { X509KeyUsageExtension ku = new X509KeyUsageExtension(); X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(); ski.CopyFrom(ku); }
public void WrongAsnEncodedData() { AsnEncodedData aed = new AsnEncodedData(new byte[0]); X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension("www.mono-project.com", false); ski.CopyFrom(aed); // note: not the same behaviour than using the constructor! }
public override byte[] GetSubjectKeyIdentifier(X509Certificate2 certificate) { Debug.Assert(certificate != null); X509Extension extension = certificate.Extensions[Oids.SubjectKeyIdentifier]; if (extension == null) { // Construct the value from the public key info. extension = new X509SubjectKeyIdentifierExtension( certificate.PublicKey, X509SubjectKeyIdentifierHashAlgorithm.CapiSha1, false); } // Certificates are DER encoded. AsnReader reader = new AsnReader(extension.RawData, AsnEncodingRules.DER); if (reader.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> contents)) { reader.ThrowIfNotEmpty(); return(contents.ToArray()); } // TryGetPrimitiveOctetStringBytes will have thrown if the next tag wasn't // Universal (primitive) OCTET STRING, since we're in DER mode. // So there's really no way we can get here. Debug.Fail($"TryGetPrimitiveOctetStringBytes returned false in DER mode"); throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding); }
/// <summary> /// Build the X509 Authority Key extension. /// </summary> /// <param name="issuerName">The distinguished name of the issuer</param> /// <param name="issuerSerialNumber">The serial number of the issuer</param> /// <param name="ski">The subject key identifier extension to use</param> private static X509Extension BuildAuthorityKeyIdentifier( X500DistinguishedName issuerName, byte[] issuerSerialNumber, X509SubjectKeyIdentifierExtension ski ) { using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER)) { writer.PushSequence(); if (ski != null) { Asn1Tag keyIdTag = new Asn1Tag(TagClass.ContextSpecific, 0); writer.WriteOctetString(keyIdTag, HexToByteArray(ski.SubjectKeyIdentifier)); } Asn1Tag issuerNameTag = new Asn1Tag(TagClass.ContextSpecific, 1); writer.PushSequence(issuerNameTag); // Add the tag to constructed context-specific 4 (GeneralName.directoryName) Asn1Tag directoryNameTag = new Asn1Tag(TagClass.ContextSpecific, 4, true); writer.PushSetOf(directoryNameTag); byte[] issuerNameRaw = issuerName.RawData; writer.WriteEncodedValue(issuerNameRaw); writer.PopSetOf(directoryNameTag); writer.PopSequence(issuerNameTag); Asn1Tag issuerSerialTag = new Asn1Tag(TagClass.ContextSpecific, 2); System.Numerics.BigInteger issuerSerial = new System.Numerics.BigInteger(issuerSerialNumber); writer.WriteInteger(issuerSerialTag, issuerSerial); writer.PopSequence(); return(new X509Extension("2.5.29.35", writer.Encode(), false)); } }
public void WrongExtension_X509Extension_CertificateAuthority() { X509Extension ex = new X509Extension("1.2.3", new byte[0], true); X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(); ski.CopyFrom(ex); string s = ski.SubjectKeyIdentifier; }
/// <summary> /// Metodo para escribir el certificado de seguridad /// </summary> /// <param name="xCertificate"></param> ///<remarks> /// Autor: José Faustino Posas /// Company: Ssoft Colombia /// Fecha: 2012-01-16 /// ------------------- /// Control de Cambios /// ------------------- /// Autor: /// Fecha: /// Descripción: /// </remarks> public string setCertificateWriten(X509Certificate2 xCertificate) { string sCertificate = null; try { X509Certificate2 objCert = xCertificate; //Acá tenemos que poner el certificado StringBuilder objSB = new StringBuilder("Detalle del certificado: \n\n"); SymmetricAlgorithm algoritmo = SymmetricAlgorithm.Create("Rijndael"); //Detalle objSB.AppendLine("Persona = " + objCert.Subject); objSB.AppendLine("Emisor = " + objCert.Issuer); objSB.AppendLine("Válido desde = " + objCert.NotBefore.ToString()); objSB.AppendLine("Válido hasta = " + objCert.NotAfter.ToString()); objSB.AppendLine("Tamaño de la clave = " + objCert.PublicKey.Key.KeySize.ToString()); objSB.AppendLine("Valor de la clave = " + objCert.GetPublicKeyString().ToString()); objSB.AppendLine("Algoritmo de la clave = " + objCert.GetKeyAlgorithm().ToString()); objSB.AppendLine("Número de serie = " + objCert.SerialNumber); objSB.AppendLine("Hash = " + objCert.Thumbprint); //Extensiones objSB.AppendLine("\nExtensiones:\n"); foreach (X509Extension objExt in objCert.Extensions) { objSB.AppendLine(objExt.Oid.FriendlyName + " (" + objExt.Oid.Value + ')'); if (objExt.Oid.FriendlyName == "Key Usage") { X509KeyUsageExtension ext = (X509KeyUsageExtension)objExt; objSB.AppendLine(" " + ext.KeyUsages); } if (objExt.Oid.FriendlyName == "Basic Constraints") { X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)objExt; objSB.AppendLine(" " + ext.CertificateAuthority); objSB.AppendLine(" " + ext.HasPathLengthConstraint); objSB.AppendLine(" " + ext.PathLengthConstraint); } if (objExt.Oid.FriendlyName == "Subject Key Identifier") { X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)objExt; objSB.AppendLine(" " + ext.SubjectKeyIdentifier); } if (objExt.Oid.FriendlyName == "Enhanced Key Usage") //2.5.29.37 { X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)objExt; OidCollection objOids = ext.EnhancedKeyUsages; foreach (Oid oid in objOids) { objSB.AppendLine(" " + oid.FriendlyName + " (" + oid.Value + ')'); } } } sCertificate = objSB.ToString(); //Debug.Print(objSB.ToString()); } catch { } return(sCertificate); }
private bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert) { cert = new X509Certificate2(certContext); if (dwFindType == 0) { switch (findType) { case X509FindType.FindBySubjectDistinguishedName: if (string.Compare((string)findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase) == 0) { break; } cert.Reset(); cert = null; return(false); case X509FindType.FindByIssuerDistinguishedName: if (string.Compare((string)findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase) == 0) { break; } cert.Reset(); cert = null; return(false); case X509FindType.FindBySerialNumber: if (this.BinaryMatches((byte[])findValue, cert.GetSerialNumber())) { break; } cert.Reset(); cert = null; return(false); case X509FindType.FindBySubjectKeyIdentifier: { X509SubjectKeyIdentifierExtension extension = cert.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension; if ((extension == null) || !this.BinaryMatches((byte[])findValue, extension.RawData)) { cert.Reset(); cert = null; return(false); } break; } } } if (validOnly && !new X509Chain(false) { ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.ExcludeRoot } }.Build(cert)) { cert.Reset(); cert = null; return(false); } return(cert != null); }
public void ConstructorAsnEncodedData_BadAsn() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]); X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true); Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)"); string s = ski.SubjectKeyIdentifier; }
public void ConstructorPublicKeyHash_CapiSha1() { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(pk1, X509SubjectKeyIdentifierHashAlgorithm.CapiSha1, false); Assert.IsFalse(ski.Critical, "Critical"); Assert.AreEqual("2.5.29.14", ski.Oid.Value, "Oid"); Assert.AreEqual("0E73CE0E2E059378FC782707EBF0B4E7AEA652E1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier"); Assert.AreEqual("04-14-0E-73-CE-0E-2E-05-93-78-FC-78-27-07-EB-F0-B4-E7-AE-A6-52-E1", BitConverter.ToString(ski.RawData), "RawData"); }
public void ConstructorPublicKeyHash_ShortSha1() { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(pk1, X509SubjectKeyIdentifierHashAlgorithm.ShortSha1, false); Assert.IsFalse(ski.Critical, "Critical"); Assert.AreEqual("2.5.29.14", ski.Oid.Value, "Oid"); Assert.AreEqual("436DCF47212D77D1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier"); Assert.AreEqual("04-08-43-6D-CF-47-21-2D-77-D1", BitConverter.ToString(ski.RawData), "RawData"); }
public void ConstructorPublicKeyHash_Sha1() { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(pk1, X509SubjectKeyIdentifierHashAlgorithm.Sha1, false); Assert.IsFalse(ski.Critical, "Critical"); Assert.AreEqual("2.5.29.14", ski.Oid.Value, "Oid"); Assert.AreEqual("4A0200E2E8D33DBA05FC37BDC36DCF47212D77D1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier"); Assert.AreEqual("04-14-4A-02-00-E2-E8-D3-3D-BA-05-FC-37-BD-C3-6D-CF-47-21-2D-77-D1", BitConverter.ToString(ski.RawData), "RawData"); }
public void ConstructorAsnEncodedData_BadAsnLength() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x01 }); X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true); Assert.AreEqual("3001", ski.Format(true), "Format(true)"); Assert.AreEqual("3001", ski.Format(false), "Format(false)"); string s = ski.SubjectKeyIdentifier; }
internal string SubjectKeyIdentifierExtension(bool multiLine) { try { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(this, false); return(ski.ToString(multiLine)); } catch { return(String.Empty); } }
public void CreateViaCryptoConfig() { // extensions can be created with CryptoConfig AsnEncodedData aed = new AsnEncodedData(new byte[] { 0x04, 0x00 }); X509SubjectKeyIdentifierExtension ski = (X509SubjectKeyIdentifierExtension)CryptoConfig.CreateFromName(oid, new object[2] { aed, true }); Assert.AreEqual(String.Empty, ski.SubjectKeyIdentifier, "SubjectKeyIdentifier"); Assert.AreEqual("04-00", BitConverter.ToString(ski.RawData), "RawData"); }
public void ConstructorAsnEncodedData_SmallestValid() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x04, 0x00 }); X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true); Assert.AreEqual(String.Empty, ski.SubjectKeyIdentifier, "SubjectKeyIdentifier"); Assert.AreEqual("04-00", BitConverter.ToString(ski.RawData), "RawData"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual ("Information Not Available", ski.Format (true), "Format(true)"); //Assert.AreEqual ("Information Not Available", ski.Format (false), "Format(false)"); }
public void ConstructorEmpty() { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(); Assert.IsFalse(ski.Critical, "Critical"); Assert.IsNull(ski.RawData, "RawData"); Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)"); }
public static void VerifyCACert(string subject, X509Certificate2 cert) { Assert.NotNull(cert); Assert.False(cert.HasPrivateKey); Assert.True(Utils.CompareDistinguishedName(subject, cert.Subject)); Assert.True(Utils.CompareDistinguishedName(subject, cert.Issuer)); // test basic constraints var constraints = FindExtension <X509BasicConstraintsExtension>(cert); Assert.NotNull(constraints); Assert.True(constraints.Critical); Assert.True(constraints.CertificateAuthority); Assert.True(constraints.HasPathLengthConstraint); // key usage var keyUsage = FindExtension <X509KeyUsageExtension>(cert); Assert.NotNull(keyUsage); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == X509KeyUsageFlags.CrlSign); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0); // enhanced key usage X509EnhancedKeyUsageExtension enhancedKeyUsage = FindExtension <X509EnhancedKeyUsageExtension>(cert); Assert.Null(enhancedKeyUsage); // test for authority key X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(cert); Assert.NotNull(authority); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyId); Assert.NotNull(authority.AuthorityNames); // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = FindExtension <X509SubjectKeyIdentifierExtension>(cert); Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyId); Assert.AreEqual(cert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = FindSubjectAltName(cert); Assert.Null(subjectAlternateName); }
public static void DecodeFromBER() { // Extensions encoded inside PKCS#8 on Windows may use BER encoding that would be invalid DER. // Ensure that no exception is thrown and the value is decoded correctly. X509SubjectKeyIdentifierExtension ext; byte[] rawData = "0481145971a65a334dda980780ff841ebe87f9723241f2".HexToByteArray(); ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false); string skid = ext.SubjectKeyIdentifier; Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid); }
public static void Main() { try { X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; for (int i = 0; i < collection.Count; i++) { foreach (X509Extension extension in collection[i].Extensions) { Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")"); if (extension.Oid.FriendlyName == "Key Usage") { X509KeyUsageExtension ext = (X509KeyUsageExtension)extension; Console.WriteLine(ext.KeyUsages); } if (extension.Oid.FriendlyName == "Basic Constraints") { X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension; Console.WriteLine(ext.CertificateAuthority); Console.WriteLine(ext.HasPathLengthConstraint); Console.WriteLine(ext.PathLengthConstraint); } if (extension.Oid.FriendlyName == "Subject Key Identifier") { X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension; Console.WriteLine(ext.SubjectKeyIdentifier); } if (extension.Oid.FriendlyName == "Enhanced Key Usage") { X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension; OidCollection oids = ext.EnhancedKeyUsages; foreach (Oid oid in oids) { Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")"); } } } } store.Close(); } catch (CryptographicException) { Console.WriteLine("Information could not be written out for this certificate."); } }
private static X509SubjectKeyIdentifierExtension FindSubjectKeyIdentifierExtension(X509Certificate2 certificate) { for (int ii = 0; ii < certificate.Extensions.Count; ii++) { X509SubjectKeyIdentifierExtension extension = certificate.Extensions[ii] as X509SubjectKeyIdentifierExtension; if (extension != null) { return(extension); } } return(null); }
public static void SubjectKeyIdentifierExtension_PublicKey() { PublicKey pk = new X509Certificate2(TestData.MsCertificate).PublicKey; X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(pk, false); byte[] rawData = e.RawData; Assert.Equal("04145971a65a334dda980780ff841ebe87f9723241f2".HexToByteArray(), rawData); e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false); string skid = e.SubjectKeyIdentifier; Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid); }
public static void SubjectKeyIdentifierExtension_String() { string sk = "01ABcd"; X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(sk, false); byte[] rawData = e.RawData; Assert.Equal("040301abcd".HexToByteArray(), rawData); e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false); string skid = e.SubjectKeyIdentifier; Assert.Equal("01ABCD", skid); }
public static void SubjectKeyIdentifierExtension_Bytes() { byte[] sk = { 1, 2, 3, 4 }; X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(sk, false); byte[] rawData = e.RawData; Assert.Equal("040401020304".HexToByteArray(), rawData); e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false); string skid = e.SubjectKeyIdentifier; Assert.Equal("01020304", skid); }
// generates SKI and optionally AKI void generateKeyIdentifiers(X509Certificate2 signer) { using (var hasher = SHA1.Create()) { var hash = hasher.ComputeHash(PrivateKeyInfo.GetPublicKey().EncodedKeyValue.RawData); var ext = new X509SubjectKeyIdentifierExtension(hash, false); _extensions.Add(ext); } if (signer != null) { var ext = new X509AuthorityKeyIdentifierExtension(signer, AuthorityKeyIdentifierFlags.KeyIdentifier, false); _extensions.Add(ext); } }
public void ConstructorString_NotHex() { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension("Mono::", true); Assert.IsTrue(ski.Critical, "Critical"); Assert.AreEqual("04-03-FF-FF-FF", BitConverter.ToString(ski.RawData), "RawData"); Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual("FFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier"); Assert.AreEqual("ff ff ff" + Environment.NewLine, ski.Format(true), "Format(true)"); Assert.AreEqual("ff ff ff", ski.Format(false), "Format(false)"); }
private static string GetSubjectKeyIdentifier(X509Certificate2 cert) { foreach (var ext in cert.Extensions) { X509SubjectKeyIdentifierExtension skiExt = ext as X509SubjectKeyIdentifierExtension; if (skiExt != null) { return(skiExt.SubjectKeyIdentifier); } } Assert.False(true, "Subject Key Identifier not found"); return(null); }
internal string SubjectKeyIdentifierExtension (bool multiLine) { try { X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (this, false); return ski.ToString (multiLine); } catch { return String.Empty; } }
private static void TestSubjectKeyIdentifierExtension( byte[] certBytes, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical, byte[] expectedDer, string expectedIdentifier) { PublicKey pk = new X509Certificate2(certBytes).PublicKey; X509SubjectKeyIdentifierExtension ext = new X509SubjectKeyIdentifierExtension(pk, algorithm, critical); byte[] rawData = ext.RawData; Assert.Equal(expectedDer, rawData); ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), critical); Assert.Equal(expectedIdentifier, ext.SubjectKeyIdentifier); }
public static void SubjectKeyIdentifierExtensionDefault() { X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(); string oidValue = e.Oid.Value; Assert.Equal("2.5.29.14", oidValue); byte[] rawData = e.RawData; Assert.Null(rawData); string skid = e.SubjectKeyIdentifier; Assert.Null(skid); }