private static bool IsMatch(
X509Certificate2 certificate,
EssCertIdV2 essCertIdV2,
Errors errors,
bool isIssuerSerialRequired)
{
if (isIssuerSerialRequired)
{
if (essCertIdV2.IssuerSerial == null ||
essCertIdV2.IssuerSerial.GeneralNames.Count == 0)
{
throw new SignatureException(errors.InvalidSignature, errors.InvalidSignatureString);
}
}
if (essCertIdV2.IssuerSerial != null)
{
if (!AreSerialNumbersEqual(essCertIdV2.IssuerSerial, certificate))
{
return(false);
}
if (!AreGeneralNamesEqual(essCertIdV2.IssuerSerial, certificate))
{
return(false);
}
}
var hashAlgorithmName = CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value);
var actualHash = CertificateUtility.GetHash(certificate, hashAlgorithmName);
return(essCertIdV2.CertificateHash.SequenceEqual(actualHash));
}
public static SigningCertificateV2 Create(X509Certificate2 certificate, HashAlgorithmName hashAlgorithmName)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
var essCertIdV2 = EssCertIdV2.Create(certificate, hashAlgorithmName);
return(new SigningCertificateV2(new[] { essCertIdV2 }, policies: null));
}
public void Read_WithOnlyCertificateHash_ReturnsEssCertIdV2()
{
var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach"));
var bcEssCertId = new BcEssCertIdV2(hash);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value);
SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
Assert.Null(essCertIdV2.IssuerSerial);
}
private static IReadOnlyList <EssCertIdV2> ReadCertificates(DerSequenceReader reader)
{
var certificates = new List <EssCertIdV2>();
while (reader.HasData)
{
var certificate = EssCertIdV2.Read(reader);
certificates.Add(certificate);
}
return(certificates.AsReadOnly());
}
public void Create_WithSha512_ReturnsEssCertIdV2()
{
var hashAlgorithmName = HashAlgorithmName.SHA512;
using (var certificate = _fixture.GetDefaultCertificate())
{
var essCertIdV2 = EssCertIdV2.Create(certificate, hashAlgorithmName);
Assert.Equal(SigningTestUtility.GetHash(certificate, hashAlgorithmName), essCertIdV2.CertificateHash);
Assert.Equal(Oids.Sha512, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifySerialNumber(certificate, essCertIdV2.IssuerSerial);
}
}
public void Read_WithDefaultAlgorithmIdentifier_ReturnsEssCertIdV2()
{
var directoryName = new X509Name("CN=test");
var generalNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, directoryName));
var bcIssuerSerial = new BcIssuerSerial(generalNames, new DerInteger(BigInteger.One));
var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach"));
var bcEssCertId = new BcEssCertIdV2(hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(directoryName.ToString(), essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber);
}
public void Read_WithValidInput_ReturnsEssCertId()
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var bcCertificate = DotNetUtilities.FromX509Certificate(certificate);
var bcGeneralNames = new GeneralNames(
new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN));
var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber));
var hash = SigningTestUtility.GetHash(certificate, HashAlgorithmName.SHA384);
var bcAlgorithmId = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha384));
var bcEssCertId = new BcEssCertIdV2(bcAlgorithmId, hash, bcIssuerSerial);
var bytes = bcEssCertId.GetDerEncoded();
var essCertIdV2 = EssCertIdV2.Read(bytes);
Assert.Equal(Oids.Sha384, essCertIdV2.HashAlgorithm.Algorithm.Value);
Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count);
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash);
SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber);
}
}
public void Read_WithInvalidAsn1_Throws()
{
Assert.Throws <System.Security.Cryptography.CryptographicException>(
() => EssCertIdV2.Read(new byte[] { 0x30, 0x0b }));
}
