private IX509AttributeCertificate CreateAttrCert() { // CertificateFactory fact = CertificateFactory.getInstance("X.509", "BC"); // X509Certificate iCert = (X509Certificate) fact // .generateCertificate(new ByteArrayInputStream(holderCert)); X509Certificate iCert = new X509CertificateParser().ReadCertificate(holderCert); // // a sample key pair. // // RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec( // new BigInteger( // "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", // 16), new BigInteger("11", 16)); // // set up the keys // // KeyFactory kFact = KeyFactory.getInstance("RSA", "BC"); // PrivateKey privKey = kFact.generatePrivate(RsaPrivateKeySpec); IAsymmetricKeyParameter privKey = RsaPrivateKeySpec; X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); // the actual attributes GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "*****@*****.**"); Asn1EncodableVector roleSyntax = new Asn1EncodableVector(roleName); // roleSyntax OID: 2.5.24.72 X509Attribute attributes = new X509Attribute("2.5.24.72", new DerSequence(roleSyntax)); gen.AddAttribute(attributes); gen.SetHolder(new AttributeCertificateHolder(PrincipalUtilities.GetSubjectX509Principal(iCert))); gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test"))); gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); gen.SetSerialNumber(BigInteger.One); gen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); Target targetName = new Target( Target.Choice.Name, new GeneralName(GeneralName.DnsName, "www.test.com")); Target targetGroup = new Target( Target.Choice.Group, new GeneralName(GeneralName.DirectoryName, "o=Test, ou=Test")); Target[] targets = new Target[] { targetName, targetGroup }; TargetInformation targetInformation = new TargetInformation(targets); gen.AddExtension(X509Extensions.TargetInformation.Id, true, targetInformation); return(gen.Generate(privKey)); }
public override void PerformTest() { IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert); X509CertificateParser fact = new X509CertificateParser(); X509Certificate sCert = fact.ReadCertificate(signCert); aCert.Verify(sCert.GetPublicKey()); // // search test // IList list = new ArrayList(); list.Add(sCert); // CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list); // CertStore store = CertStore.getInstance("Collection", ccsp); IX509Store store = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(list)); ArrayList certs = new ArrayList( // store.getCertificates(aCert.getIssuer())); store.GetMatches(aCert.Issuer)); if (certs.Count != 1 || !certs.Contains(sCert)) { Fail("sCert not found by issuer"); } X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1"); if (attrs == null || attrs.Length != 1) { Fail("attribute not found"); } // // reencode test // aCert = new X509V2AttributeCertificate(aCert.GetEncoded()); aCert.Verify(sCert.GetPublicKey()); IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded()); if (!aCert.NotAfter.Equals(saCert.NotAfter)) { Fail("failed date comparison"); } // base generator test // // a sample key pair. // RsaKeyParameters pubKey = new RsaKeyParameters( false, new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC; // // set up the keys // // PrivateKey privKey; // PublicKey pubKey; // // KeyFactory kFact = KeyFactory.getInstance("RSA"); // // privKey = kFact.generatePrivate(privKeySpec); // pubKey = kFact.generatePublic(pubKeySpec); X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); gen.AddAttribute(attrs[0]); gen.SetHolder(aCert.Holder); gen.SetIssuer(aCert.Issuer); gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); gen.SetSerialNumber(aCert.SerialNumber); gen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); aCert = gen.Generate(privKey); aCert.CheckValidity(); aCert.Verify(pubKey); // as the issuer is the same this should still work (even though it is not // technically correct certs = new ArrayList( // store.getCertificates(aCert.Issuer)); store.GetMatches(aCert.Issuer)); if (certs.Count != 1 || !certs.Contains(sCert)) { Fail("sCert not found by issuer"); } attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1"); if (attrs == null || attrs.Length != 1) { Fail("attribute not found"); } // // reencode test // aCert = new X509V2AttributeCertificate(aCert.GetEncoded()); aCert.Verify(pubKey); AttributeCertificateIssuer issuer = aCert.Issuer; X509Name[] principals = issuer.GetPrincipals(); // // test holder // AttributeCertificateHolder holder = aCert.Holder; if (holder.GetEntityNames() == null) { Fail("entity names not set"); } if (holder.SerialNumber != null) { Fail("holder serial number set when none expected"); } if (holder.GetIssuer() != null) { Fail("holder issuer set when none expected"); } principals = holder.GetEntityNames(); string ps = principals[0].ToString(); // TODO Check that this is a good enough test // if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")) if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))) { Fail("principal[0] for entity names don't Match"); } // // extension test // gen.AddExtension("1.1", true, new DerOctetString(new byte[10])); gen.AddExtension("2.2", false, new DerOctetString(new byte[20])); aCert = gen.Generate(privKey); ISet exts = aCert.GetCriticalExtensionOids(); if (exts.Count != 1 || !exts.Contains("1.1")) { Fail("critical extension test failed"); } exts = aCert.GetNonCriticalExtensionOids(); if (exts.Count != 1 || !exts.Contains("2.2")) { Fail("non-critical extension test failed"); } Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1")); Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extString); if (!extValue.Equals(new DerOctetString(new byte[10]))) { Fail("wrong extension value found for 1.1"); } doTestCertWithBaseCertificateID(); doTestGenerateWithCert(); doTestGenerateWithPrincipal(); }
private void doTestGenerateWithPrincipal() { X509CertificateParser fact = new X509CertificateParser(); X509Certificate iCert = fact.ReadCertificate(signCert); // // a sample key pair. // RsaKeyParameters pubKey = new RsaKeyParameters( false, new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); // // set up the keys // // PrivateKey privKey; // PublicKey pubKey; // // KeyFactory kFact = KeyFactory.getInstance("RSA"); // // privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC); // pubKey = kFact.generatePublic(pubKeySpec); AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC; X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); // the actual attributes GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789"); // roleSyntax OID: 2.5.24.72 X509Attribute attributes = new X509Attribute("2.5.24.72", new DerSequence(roleName)); gen.AddAttribute(attributes); gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN)); gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test"))); gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); gen.SetSerialNumber(BigInteger.One); gen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); IX509AttributeCertificate aCert = gen.Generate(privKey); aCert.CheckValidity(); aCert.Verify(pubKey); AttributeCertificateHolder holder = aCert.Holder; if (holder.GetEntityNames() == null) { Fail("entity names not set when expected"); } if (holder.SerialNumber != null) { Fail("holder serial number found when none expected"); } if (holder.GetIssuer() != null) { Fail("holder issuer found when none expected"); } if (!holder.Match(iCert)) { Fail("generated holder not matching holder certificate"); } X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID); if (holder.Match(sCert)) { Fail("principal generated holder matching wrong certificate"); } equalityAndHashCodeTest(aCert, aCert.GetEncoded()); }