public void TestMacProtectedMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); TestCertBuilder builder = new TestCertBuilder() { NotBefore = DateTime.UtcNow.AddDays(-1), NotAfter = DateTime.UtcNow.AddDays(1), PublicKey = rsaKeyPair.Public, SignatureAlgorithm = "Sha1WithRSAEncryption" }; builder.AddAttribute(X509Name.C, "Foo"); X509Certificate cert = builder.Build(rsaKeyPair.Private); GeneralName sender = new GeneralName(new X509Name("CN=Sender")); GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); msgBuilder.AddCmpCertificate(cert); // // Default instance. // PKMacBuilder macFactory = new PKMacBuilder(); ProtectedPkiMessage msg = msgBuilder.Build(macFactory.Build("testpass".ToCharArray())); IsTrue(msg.Verify(macFactory, "testpass".ToCharArray())); }
public void TestProtectedMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); TestCertBuilder builder = new TestCertBuilder() { NotBefore = DateTime.UtcNow.AddDays(-1), NotAfter = DateTime.UtcNow.AddDays(1), PublicKey = rsaKeyPair.Public, SignatureAlgorithm = "Sha1WithRSAEncryption" }; builder.AddAttribute(X509Name.C, "Foo"); X509Certificate cert = builder.Build(rsaKeyPair.Private); GeneralName sender = new GeneralName(new X509Name("CN=Sender")); GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); msgBuilder.AddCmpCertificate(cert); ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private); ProtectedPkiMessage msg = msgBuilder.Build(sigFact); X509Certificate certificate = msg.GetCertificates()[0]; IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); }
public void TestSubsequentMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); TestCertBuilder builder = new TestCertBuilder(); builder.NotBefore = DateTime.UtcNow.AddDays(-1); builder.NotAfter = DateTime.UtcNow.AddDays(1); builder.PublicKey = rsaKeyPair.Public; builder.SignatureAlgorithm = "Sha1WithRSAEncryption"; X509Certificate cert = builder.Build(rsaKeyPair.Private); GeneralName user = new GeneralName(new X509Name("CN=Test")); CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One) .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)) .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private); ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user, user) .SetTransactionId(new byte[] { 1, 2, 3, 4, 5 }) .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[] { crmBuiler.Build().ToAsn1Structure() }))) .AddCmpCertificate(cert) .Build(sigFact); ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPkiMessage(certRequestMsg.ToAsn1Message().GetDerEncoded())); CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content); CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0]; IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type); }
public void TestConfirmationMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); TestCertBuilder builder = new TestCertBuilder() { NotBefore = DateTime.UtcNow.AddDays(-1), NotAfter = DateTime.UtcNow.AddDays(1), PublicKey = rsaKeyPair.Public, SignatureAlgorithm = "Sha1WithRSAEncryption" }; builder.AddAttribute(X509Name.C, "Foo"); X509Certificate cert = builder.Build(rsaKeyPair.Private); GeneralName sender = new GeneralName(new X509Name("CN=Sender")); GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); CertificateConfirmationContent content = new CertificateConfirmationContentBuilder() .AddAcceptedCertificate(cert, BigInteger.One) .Build(); ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure())); msgBuilder.AddCmpCertificate(cert); ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private); ProtectedPkiMessage msg = msgBuilder.Build(sigFact); IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); IsEquals(sender, msg.Header.Sender); IsEquals(recipient, msg.Header.Recipient); content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder()); CertificateStatus[] statusList = content.GetStatusMessages(); IsEquals(1, statusList.Length); IsTrue(statusList[0].IsVerified(cert)); }