private static bool IsMatch( X509Certificate2 certificate, EssCertIdV2 essCertIdV2, Errors errors, bool isIssuerSerialRequired) { if (isIssuerSerialRequired) { if (essCertIdV2.IssuerSerial == null || essCertIdV2.IssuerSerial.GeneralNames.Count == 0) { throw new SignatureException(errors.InvalidSignature, errors.InvalidSignatureString); } } if (essCertIdV2.IssuerSerial != null) { if (!AreSerialNumbersEqual(essCertIdV2.IssuerSerial, certificate)) { return(false); } if (!AreGeneralNamesEqual(essCertIdV2.IssuerSerial, certificate)) { return(false); } } var hashAlgorithmName = CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value); var actualHash = CertificateUtility.GetHash(certificate, hashAlgorithmName); return(essCertIdV2.CertificateHash.SequenceEqual(actualHash)); }
public static SigningCertificateV2 Create(X509Certificate2 certificate, HashAlgorithmName hashAlgorithmName) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } var essCertIdV2 = EssCertIdV2.Create(certificate, hashAlgorithmName); return(new SigningCertificateV2(new[] { essCertIdV2 }, policies: null)); }
public void Read_WithOnlyCertificateHash_ReturnsEssCertIdV2() { var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach")); var bcEssCertId = new BcEssCertIdV2(hash); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value); SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); Assert.Null(essCertIdV2.IssuerSerial); }
private static IReadOnlyList <EssCertIdV2> ReadCertificates(DerSequenceReader reader) { var certificates = new List <EssCertIdV2>(); while (reader.HasData) { var certificate = EssCertIdV2.Read(reader); certificates.Add(certificate); } return(certificates.AsReadOnly()); }
public void Create_WithSha512_ReturnsEssCertIdV2() { var hashAlgorithmName = HashAlgorithmName.SHA512; using (var certificate = _fixture.GetDefaultCertificate()) { var essCertIdV2 = EssCertIdV2.Create(certificate, hashAlgorithmName); Assert.Equal(SigningTestUtility.GetHash(certificate, hashAlgorithmName), essCertIdV2.CertificateHash); Assert.Equal(Oids.Sha512, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SigningTestUtility.VerifySerialNumber(certificate, essCertIdV2.IssuerSerial); } }
public void Read_WithDefaultAlgorithmIdentifier_ReturnsEssCertIdV2() { var directoryName = new X509Name("CN=test"); var generalNames = new GeneralNames( new BcGeneralName(BcGeneralName.DirectoryName, directoryName)); var bcIssuerSerial = new BcIssuerSerial(generalNames, new DerInteger(BigInteger.One)); var hash = CryptoHashUtility.ComputeHash(HashAlgorithmName.SHA256, Encoding.UTF8.GetBytes("peach")); var bcEssCertId = new BcEssCertIdV2(hash, bcIssuerSerial); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha256, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(directoryName.ToString(), essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber); }
public void Read_WithValidInput_ReturnsEssCertId() { using (var certificate = _fixture.GetDefaultCertificate()) { var bcCertificate = DotNetUtilities.FromX509Certificate(certificate); var bcGeneralNames = new GeneralNames( new BcGeneralName(BcGeneralName.DirectoryName, bcCertificate.IssuerDN)); var bcIssuerSerial = new BcIssuerSerial(bcGeneralNames, new DerInteger(bcCertificate.SerialNumber)); var hash = SigningTestUtility.GetHash(certificate, HashAlgorithmName.SHA384); var bcAlgorithmId = new BcAlgorithmIdentifier(new DerObjectIdentifier(Oids.Sha384)); var bcEssCertId = new BcEssCertIdV2(bcAlgorithmId, hash, bcIssuerSerial); var bytes = bcEssCertId.GetDerEncoded(); var essCertIdV2 = EssCertIdV2.Read(bytes); Assert.Equal(Oids.Sha384, essCertIdV2.HashAlgorithm.Algorithm.Value); Assert.Equal(1, essCertIdV2.IssuerSerial.GeneralNames.Count); Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name); SigningTestUtility.VerifyByteArrays(hash, essCertIdV2.CertificateHash); SigningTestUtility.VerifyByteArrays(bcIssuerSerial.Serial.Value.ToByteArray(), essCertIdV2.IssuerSerial.SerialNumber); } }
public void Read_WithInvalidAsn1_Throws() { Assert.Throws <System.Security.Cryptography.CryptographicException>( () => EssCertIdV2.Read(new byte[] { 0x30, 0x0b })); }