/// <summary>
/// Creates a new AES-256 Symmetric Key encrypted by a 4096 bit RSA key.
/// </summary>
/// <returns>A base64 string of the RSA-encrypted AES key.</returns>
private static string CreateNewAesKey()
{
using RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(4096, rsaCspParams);
// 32 bytes * 8 = AES-256
byte[] SuperRandomSymmetricKey = new byte[KEY_LENGTH];
rngCsp.GetBytes(SuperRandomSymmetricKey);
using SHA256 sha256 = SHA256.Create();
// SHA256 hash to check consistency
string unencryptedAesKeyHash = BitConverter.ToString(sha256.ComputeHash(SuperRandomSymmetricKey)).ToUpperInvariant().Replace("-", String.Empty, StringComparison.Ordinal);
// SPKI of asymmetric keypair formatted in same way as HTTP-Public-Key-Header to check it doesn't change
X509SubjectKeyIdentifierExtension spki = new X509SubjectKeyIdentifierExtension(rsaProvider.ExportSubjectPublicKeyInfo(), false);
// Encrypted AES key in base 64 should be impossible to decrypt even with the IV
string encryptedAesKeyBase64 = AsymmetricEncryptToBase64(rsaProvider, SuperRandomSymmetricKey);
Array.Clear(SuperRandomSymmetricKey, 0, SuperRandomSymmetricKey.Length);
// SHA256 hash of decrypted AES key to check consistency
Span <byte> decryptedAesKey = AsymmetricDecryptFromBase64(rsaProvider, encryptedAesKeyBase64);
string aesKeyHash = BitConverter.ToString(sha256.ComputeHash(decryptedAesKey.ToArray())).ToUpperInvariant().Replace("-", String.Empty, StringComparison.Ordinal);
return(encryptedAesKeyBase64);
}
public static void EncodeFromBytes(bool fromSpan)
{
byte[] sk = { 1, 2, 3, 4 };
X509SubjectKeyIdentifierExtension e;
if (fromSpan)
{
e = new X509SubjectKeyIdentifierExtension(new ReadOnlySpan <byte>(sk), false);
}
else
{
e = new X509SubjectKeyIdentifierExtension(sk, false);
}
byte[] rawData = e.RawData;
Assert.Equal("040401020304".HexToByteArray(), rawData);
if (fromSpan)
{
e = new X509SubjectKeyIdentifierExtension(
new AsnEncodedData(new ReadOnlySpan <byte>(rawData)),
false);
}
else
{
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
}
string skid = e.SubjectKeyIdentifier;
Assert.Equal("01020304", skid);
AssertExtensions.SequenceEqual(sk, e.SubjectKeyIdentifierBytes.Span);
}
public static void CreateFromKeyIdentifierPreservesLeadingZeros()
{
ReadOnlySpan <byte> encoded = new byte[]
{
// SEQUENCE( [0](
0x30, 0x16, 0x80, 0x14,
// keyId
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00,
};
ReadOnlySpan <byte> keyId = encoded.Slice(4);
X509AuthorityKeyIdentifierExtension akid;
// From ROSpan
akid = X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(keyId);
AssertExtensions.SequenceEqual(encoded, akid.RawData);
AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span);
// From array
akid = X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(keyId.ToArray());
AssertExtensions.SequenceEqual(encoded, akid.RawData);
AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span);
// From SKI
var skid = new X509SubjectKeyIdentifierExtension(keyId, critical: false);
akid = X509AuthorityKeyIdentifierExtension.CreateFromSubjectKeyIdentifier(skid);
AssertExtensions.SequenceEqual(encoded, akid.RawData);
AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span);
}
private static void EncodeDecode(
byte[] certBytes,
X509SubjectKeyIdentifierHashAlgorithm algorithm,
bool critical,
byte[] expectedDer,
string expectedIdentifier)
{
PublicKey pk;
using (var cert = new X509Certificate2(certBytes))
{
pk = cert.PublicKey;
}
X509SubjectKeyIdentifierExtension ext =
new X509SubjectKeyIdentifierExtension(pk, algorithm, critical);
byte[] rawData = ext.RawData;
Assert.Equal(expectedDer, rawData);
ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), critical);
Assert.Equal(expectedIdentifier, ext.SubjectKeyIdentifier);
Assert.Equal(expectedIdentifier, Convert.ToHexString(ext.SubjectKeyIdentifierBytes.Span));
ReadOnlyMemory <byte> ski1 = ext.SubjectKeyIdentifierBytes;
ReadOnlyMemory <byte> ski2 = ext.SubjectKeyIdentifierBytes;
Assert.True(ski1.Span == ski2.Span, "Two calls to SubjectKeyIdentifierBytes return the same buffer");
}
public void WrongExtension_X509KeyUsageExtension()
{
X509KeyUsageExtension ku = new X509KeyUsageExtension();
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension();
ski.CopyFrom(ku);
}
public void WrongAsnEncodedData()
{
AsnEncodedData aed = new AsnEncodedData(new byte[0]);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension("www.mono-project.com", false);
ski.CopyFrom(aed); // note: not the same behaviour than using the constructor!
}
public override byte[] GetSubjectKeyIdentifier(X509Certificate2 certificate)
{
Debug.Assert(certificate != null);
X509Extension extension = certificate.Extensions[Oids.SubjectKeyIdentifier];
if (extension == null)
{
// Construct the value from the public key info.
extension = new X509SubjectKeyIdentifierExtension(
certificate.PublicKey,
X509SubjectKeyIdentifierHashAlgorithm.CapiSha1,
false);
}
// Certificates are DER encoded.
AsnReader reader = new AsnReader(extension.RawData, AsnEncodingRules.DER);
if (reader.TryGetPrimitiveOctetStringBytes(out ReadOnlyMemory <byte> contents))
{
reader.ThrowIfNotEmpty();
return(contents.ToArray());
}
// TryGetPrimitiveOctetStringBytes will have thrown if the next tag wasn't
// Universal (primitive) OCTET STRING, since we're in DER mode.
// So there's really no way we can get here.
Debug.Fail($"TryGetPrimitiveOctetStringBytes returned false in DER mode");
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
/// <summary>
/// Build the X509 Authority Key extension.
/// </summary>
/// <param name="issuerName">The distinguished name of the issuer</param>
/// <param name="issuerSerialNumber">The serial number of the issuer</param>
/// <param name="ski">The subject key identifier extension to use</param>
private static X509Extension BuildAuthorityKeyIdentifier(
X500DistinguishedName issuerName,
byte[] issuerSerialNumber,
X509SubjectKeyIdentifierExtension ski
)
{
using (AsnWriter writer = new AsnWriter(AsnEncodingRules.DER))
{
writer.PushSequence();
if (ski != null)
{
Asn1Tag keyIdTag = new Asn1Tag(TagClass.ContextSpecific, 0);
writer.WriteOctetString(keyIdTag, HexToByteArray(ski.SubjectKeyIdentifier));
}
Asn1Tag issuerNameTag = new Asn1Tag(TagClass.ContextSpecific, 1);
writer.PushSequence(issuerNameTag);
// Add the tag to constructed context-specific 4 (GeneralName.directoryName)
Asn1Tag directoryNameTag = new Asn1Tag(TagClass.ContextSpecific, 4, true);
writer.PushSetOf(directoryNameTag);
byte[] issuerNameRaw = issuerName.RawData;
writer.WriteEncodedValue(issuerNameRaw);
writer.PopSetOf(directoryNameTag);
writer.PopSequence(issuerNameTag);
Asn1Tag issuerSerialTag = new Asn1Tag(TagClass.ContextSpecific, 2);
System.Numerics.BigInteger issuerSerial = new System.Numerics.BigInteger(issuerSerialNumber);
writer.WriteInteger(issuerSerialTag, issuerSerial);
writer.PopSequence();
return(new X509Extension("2.5.29.35", writer.Encode(), false));
}
}
public void WrongExtension_X509Extension_CertificateAuthority()
{
X509Extension ex = new X509Extension("1.2.3", new byte[0], true);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension();
ski.CopyFrom(ex);
string s = ski.SubjectKeyIdentifier;
}
/// <summary>
/// Metodo para escribir el certificado de seguridad
/// </summary>
/// <param name="xCertificate"></param>
///<remarks>
/// Autor: José Faustino Posas
/// Company: Ssoft Colombia
/// Fecha: 2012-01-16
/// -------------------
/// Control de Cambios
/// -------------------
/// Autor:
/// Fecha:
/// Descripción:
/// </remarks>
public string setCertificateWriten(X509Certificate2 xCertificate)
{
string sCertificate = null;
try
{
X509Certificate2 objCert = xCertificate; //Acá tenemos que poner el certificado
StringBuilder objSB = new StringBuilder("Detalle del certificado: \n\n");
SymmetricAlgorithm algoritmo = SymmetricAlgorithm.Create("Rijndael");
//Detalle
objSB.AppendLine("Persona = " + objCert.Subject);
objSB.AppendLine("Emisor = " + objCert.Issuer);
objSB.AppendLine("Válido desde = " + objCert.NotBefore.ToString());
objSB.AppendLine("Válido hasta = " + objCert.NotAfter.ToString());
objSB.AppendLine("Tamaño de la clave = " + objCert.PublicKey.Key.KeySize.ToString());
objSB.AppendLine("Valor de la clave = " + objCert.GetPublicKeyString().ToString());
objSB.AppendLine("Algoritmo de la clave = " + objCert.GetKeyAlgorithm().ToString());
objSB.AppendLine("Número de serie = " + objCert.SerialNumber);
objSB.AppendLine("Hash = " + objCert.Thumbprint);
//Extensiones
objSB.AppendLine("\nExtensiones:\n");
foreach (X509Extension objExt in objCert.Extensions)
{
objSB.AppendLine(objExt.Oid.FriendlyName + " (" + objExt.Oid.Value + ')');
if (objExt.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)objExt;
objSB.AppendLine(" " + ext.KeyUsages);
}
if (objExt.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)objExt;
objSB.AppendLine(" " + ext.CertificateAuthority);
objSB.AppendLine(" " + ext.HasPathLengthConstraint);
objSB.AppendLine(" " + ext.PathLengthConstraint);
}
if (objExt.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)objExt;
objSB.AppendLine(" " + ext.SubjectKeyIdentifier);
}
if (objExt.Oid.FriendlyName == "Enhanced Key Usage") //2.5.29.37
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)objExt;
OidCollection objOids = ext.EnhancedKeyUsages;
foreach (Oid oid in objOids)
{
objSB.AppendLine(" " + oid.FriendlyName + " (" + oid.Value + ')');
}
}
}
sCertificate = objSB.ToString();
//Debug.Print(objSB.ToString());
}
catch { }
return(sCertificate);
}
private bool TryGetMatchingX509Certificate(IntPtr certContext, X509FindType findType, uint dwFindType, object findValue, bool validOnly, out X509Certificate2 cert)
{
cert = new X509Certificate2(certContext);
if (dwFindType == 0)
{
switch (findType)
{
case X509FindType.FindBySubjectDistinguishedName:
if (string.Compare((string)findValue, cert.SubjectName.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
break;
}
cert.Reset();
cert = null;
return(false);
case X509FindType.FindByIssuerDistinguishedName:
if (string.Compare((string)findValue, cert.IssuerName.Name, StringComparison.OrdinalIgnoreCase) == 0)
{
break;
}
cert.Reset();
cert = null;
return(false);
case X509FindType.FindBySerialNumber:
if (this.BinaryMatches((byte[])findValue, cert.GetSerialNumber()))
{
break;
}
cert.Reset();
cert = null;
return(false);
case X509FindType.FindBySubjectKeyIdentifier:
{
X509SubjectKeyIdentifierExtension extension = cert.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension;
if ((extension == null) || !this.BinaryMatches((byte[])findValue, extension.RawData))
{
cert.Reset();
cert = null;
return(false);
}
break;
}
}
}
if (validOnly && !new X509Chain(false)
{
ChainPolicy = { RevocationMode = X509RevocationMode.NoCheck, RevocationFlag = X509RevocationFlag.ExcludeRoot }
}.Build(cert))
{
cert.Reset();
cert = null;
return(false);
}
return(cert != null);
}
public void ConstructorAsnEncodedData_BadAsn()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true);
Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)");
string s = ski.SubjectKeyIdentifier;
}
public void ConstructorPublicKeyHash_CapiSha1()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(pk1, X509SubjectKeyIdentifierHashAlgorithm.CapiSha1, false);
Assert.IsFalse(ski.Critical, "Critical");
Assert.AreEqual("2.5.29.14", ski.Oid.Value, "Oid");
Assert.AreEqual("0E73CE0E2E059378FC782707EBF0B4E7AEA652E1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("04-14-0E-73-CE-0E-2E-05-93-78-FC-78-27-07-EB-F0-B4-E7-AE-A6-52-E1", BitConverter.ToString(ski.RawData), "RawData");
}
public void ConstructorPublicKeyHash_ShortSha1()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(pk1, X509SubjectKeyIdentifierHashAlgorithm.ShortSha1, false);
Assert.IsFalse(ski.Critical, "Critical");
Assert.AreEqual("2.5.29.14", ski.Oid.Value, "Oid");
Assert.AreEqual("436DCF47212D77D1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("04-08-43-6D-CF-47-21-2D-77-D1", BitConverter.ToString(ski.RawData), "RawData");
}
public void ConstructorPublicKeyHash_Sha1()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(pk1, X509SubjectKeyIdentifierHashAlgorithm.Sha1, false);
Assert.IsFalse(ski.Critical, "Critical");
Assert.AreEqual("2.5.29.14", ski.Oid.Value, "Oid");
Assert.AreEqual("4A0200E2E8D33DBA05FC37BDC36DCF47212D77D1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("04-14-4A-02-00-E2-E8-D3-3D-BA-05-FC-37-BD-C3-6D-CF-47-21-2D-77-D1", BitConverter.ToString(ski.RawData), "RawData");
}
public void ConstructorAsnEncodedData_BadAsnLength()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x01 });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true);
Assert.AreEqual("3001", ski.Format(true), "Format(true)");
Assert.AreEqual("3001", ski.Format(false), "Format(false)");
string s = ski.SubjectKeyIdentifier;
}
internal string SubjectKeyIdentifierExtension(bool multiLine)
{
try {
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(this, false);
return(ski.ToString(multiLine));
}
catch {
return(String.Empty);
}
}
public void CreateViaCryptoConfig()
{
// extensions can be created with CryptoConfig
AsnEncodedData aed = new AsnEncodedData(new byte[] { 0x04, 0x00 });
X509SubjectKeyIdentifierExtension ski = (X509SubjectKeyIdentifierExtension)CryptoConfig.CreateFromName(oid, new object[2] {
aed, true
});
Assert.AreEqual(String.Empty, ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("04-00", BitConverter.ToString(ski.RawData), "RawData");
}
public void ConstructorAsnEncodedData_SmallestValid()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x04, 0x00 });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true);
Assert.AreEqual(String.Empty, ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("04-00", BitConverter.ToString(ski.RawData), "RawData");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual ("Information Not Available", ski.Format (true), "Format(true)");
//Assert.AreEqual ("Information Not Available", ski.Format (false), "Format(false)");
}
public void ConstructorEmpty()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension();
Assert.IsFalse(ski.Critical, "Critical");
Assert.IsNull(ski.RawData, "RawData");
Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)");
}
public static void VerifyCACert(string subject, X509Certificate2 cert)
{
Assert.NotNull(cert);
Assert.False(cert.HasPrivateKey);
Assert.True(Utils.CompareDistinguishedName(subject, cert.Subject));
Assert.True(Utils.CompareDistinguishedName(subject, cert.Issuer));
// test basic constraints
var constraints = FindExtension <X509BasicConstraintsExtension>(cert);
Assert.NotNull(constraints);
Assert.True(constraints.Critical);
Assert.True(constraints.CertificateAuthority);
Assert.True(constraints.HasPathLengthConstraint);
// key usage
var keyUsage = FindExtension <X509KeyUsageExtension>(cert);
Assert.NotNull(keyUsage);
Assert.True(keyUsage.Critical);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == X509KeyUsageFlags.CrlSign);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0);
// enhanced key usage
X509EnhancedKeyUsageExtension enhancedKeyUsage = FindExtension <X509EnhancedKeyUsageExtension>(cert);
Assert.Null(enhancedKeyUsage);
// test for authority key
X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(cert);
Assert.NotNull(authority);
Assert.NotNull(authority.SerialNumber);
Assert.NotNull(authority.KeyId);
Assert.NotNull(authority.AuthorityNames);
// verify authority key in signed cert
X509SubjectKeyIdentifierExtension subjectKeyId = FindExtension <X509SubjectKeyIdentifierExtension>(cert);
Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyId);
Assert.AreEqual(cert.SerialNumber, authority.SerialNumber);
X509SubjectAltNameExtension subjectAlternateName = FindSubjectAltName(cert);
Assert.Null(subjectAlternateName);
}
public static void DecodeFromBER()
{
// Extensions encoded inside PKCS#8 on Windows may use BER encoding that would be invalid DER.
// Ensure that no exception is thrown and the value is decoded correctly.
X509SubjectKeyIdentifierExtension ext;
byte[] rawData = "0481145971a65a334dda980780ff841ebe87f9723241f2".HexToByteArray();
ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = ext.SubjectKeyIdentifier;
Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid);
}
public static void Main()
{
try
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
for (int i = 0; i < collection.Count; i++)
{
foreach (X509Extension extension in collection[i].Extensions)
{
Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");
if (extension.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;
Console.WriteLine(ext.KeyUsages);
}
if (extension.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;
Console.WriteLine(ext.CertificateAuthority);
Console.WriteLine(ext.HasPathLengthConstraint);
Console.WriteLine(ext.PathLengthConstraint);
}
if (extension.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;
Console.WriteLine(ext.SubjectKeyIdentifier);
}
if (extension.Oid.FriendlyName == "Enhanced Key Usage")
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
OidCollection oids = ext.EnhancedKeyUsages;
foreach (Oid oid in oids)
{
Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
}
}
}
}
store.Close();
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
}
private static X509SubjectKeyIdentifierExtension FindSubjectKeyIdentifierExtension(X509Certificate2 certificate)
{
for (int ii = 0; ii < certificate.Extensions.Count; ii++)
{
X509SubjectKeyIdentifierExtension extension = certificate.Extensions[ii] as X509SubjectKeyIdentifierExtension;
if (extension != null)
{
return(extension);
}
}
return(null);
}
public static void SubjectKeyIdentifierExtension_PublicKey()
{
PublicKey pk = new X509Certificate2(TestData.MsCertificate).PublicKey;
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(pk, false);
byte[] rawData = e.RawData;
Assert.Equal("04145971a65a334dda980780ff841ebe87f9723241f2".HexToByteArray(), rawData);
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = e.SubjectKeyIdentifier;
Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid);
}
public static void SubjectKeyIdentifierExtension_String()
{
string sk = "01ABcd";
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(sk, false);
byte[] rawData = e.RawData;
Assert.Equal("040301abcd".HexToByteArray(), rawData);
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = e.SubjectKeyIdentifier;
Assert.Equal("01ABCD", skid);
}
public static void SubjectKeyIdentifierExtension_Bytes()
{
byte[] sk = { 1, 2, 3, 4 };
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(sk, false);
byte[] rawData = e.RawData;
Assert.Equal("040401020304".HexToByteArray(), rawData);
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = e.SubjectKeyIdentifier;
Assert.Equal("01020304", skid);
}
// generates SKI and optionally AKI
void generateKeyIdentifiers(X509Certificate2 signer)
{
using (var hasher = SHA1.Create()) {
var hash = hasher.ComputeHash(PrivateKeyInfo.GetPublicKey().EncodedKeyValue.RawData);
var ext = new X509SubjectKeyIdentifierExtension(hash, false);
_extensions.Add(ext);
}
if (signer != null)
{
var ext = new X509AuthorityKeyIdentifierExtension(signer, AuthorityKeyIdentifierFlags.KeyIdentifier, false);
_extensions.Add(ext);
}
}
public void ConstructorString_NotHex()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension("Mono::", true);
Assert.IsTrue(ski.Critical, "Critical");
Assert.AreEqual("04-03-FF-FF-FF", BitConverter.ToString(ski.RawData), "RawData");
Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual("FFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("ff ff ff" + Environment.NewLine, ski.Format(true), "Format(true)");
Assert.AreEqual("ff ff ff", ski.Format(false), "Format(false)");
}
private static string GetSubjectKeyIdentifier(X509Certificate2 cert)
{
foreach (var ext in cert.Extensions)
{
X509SubjectKeyIdentifierExtension skiExt = ext as X509SubjectKeyIdentifierExtension;
if (skiExt != null)
{
return(skiExt.SubjectKeyIdentifier);
}
}
Assert.False(true, "Subject Key Identifier not found");
return(null);
}
internal string SubjectKeyIdentifierExtension (bool multiLine)
{
try {
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (this, false);
return ski.ToString (multiLine);
}
catch {
return String.Empty;
}
}
private static void TestSubjectKeyIdentifierExtension(
byte[] certBytes,
X509SubjectKeyIdentifierHashAlgorithm algorithm,
bool critical,
byte[] expectedDer,
string expectedIdentifier)
{
PublicKey pk = new X509Certificate2(certBytes).PublicKey;
X509SubjectKeyIdentifierExtension ext =
new X509SubjectKeyIdentifierExtension(pk, algorithm, critical);
byte[] rawData = ext.RawData;
Assert.Equal(expectedDer, rawData);
ext = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), critical);
Assert.Equal(expectedIdentifier, ext.SubjectKeyIdentifier);
}
public static void SubjectKeyIdentifierExtension_PublicKey()
{
PublicKey pk = new X509Certificate2(TestData.MsCertificate).PublicKey;
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(pk, false);
byte[] rawData = e.RawData;
Assert.Equal("04145971a65a334dda980780ff841ebe87f9723241f2".HexToByteArray(), rawData);
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = e.SubjectKeyIdentifier;
Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", skid);
}
public static void SubjectKeyIdentifierExtension_String()
{
string sk = "01ABcd";
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(sk, false);
byte[] rawData = e.RawData;
Assert.Equal("040301abcd".HexToByteArray(), rawData);
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = e.SubjectKeyIdentifier;
Assert.Equal("01ABCD", skid);
}
public static void SubjectKeyIdentifierExtension_Bytes()
{
byte[] sk = { 1, 2, 3, 4 };
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension(sk, false);
byte[] rawData = e.RawData;
Assert.Equal("040401020304".HexToByteArray(), rawData);
e = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(rawData), false);
string skid = e.SubjectKeyIdentifier;
Assert.Equal("01020304", skid);
}
public static void SubjectKeyIdentifierExtensionDefault()
{
X509SubjectKeyIdentifierExtension e = new X509SubjectKeyIdentifierExtension();
string oidValue = e.Oid.Value;
Assert.Equal("2.5.29.14", oidValue);
byte[] rawData = e.RawData;
Assert.Null(rawData);
string skid = e.SubjectKeyIdentifier;
Assert.Null(skid);
}
