public void CreateECDsaDefaultWithSerialTest()
{
var eccurve = ECCurve.NamedCurves.nistP256;
// default cert
Assert.Throws <ArgumentOutOfRangeException>(
() => {
CertificateBuilder.Create(Subject)
.SetSerialNumberLength(0)
.SetECCurve(eccurve)
.CreateForECDsa();
}
);
Assert.Throws <ArgumentOutOfRangeException>(
() => {
CertificateBuilder.Create(Subject)
.SetSerialNumberLength(X509Defaults.SerialNumberLengthMax + 1)
.SetECCurve(eccurve)
.CreateForECDsa();
}
);
var builder = CertificateBuilder.Create(Subject)
.SetSerialNumberLength(X509Defaults.SerialNumberLengthMax)
.SetECCurve(eccurve);
// ensure every cert has a different serial number
var cert1 = builder.CreateForECDsa();
var cert2 = builder.CreateForECDsa();
WriteCertificate(cert1, "Cert1 with max length serial number");
WriteCertificate(cert2, "Cert2 with max length serial number");
Assert.GreaterOrEqual(X509Defaults.SerialNumberLengthMax, cert1.GetSerialNumber().Length);
Assert.GreaterOrEqual(X509Defaults.SerialNumberLengthMax, cert2.GetSerialNumber().Length);
Assert.AreNotEqual(cert1.SerialNumber, cert2.SerialNumber);
}
public void CreateSelfSignedForECDsaDefaultTest(ECCurveHashPair eccurveHashPair)
{
// default cert
X509Certificate2 cert = CertificateBuilder.Create(Subject)
.SetECCurve(eccurveHashPair.Curve)
.CreateForECDsa();
Assert.NotNull(cert);
WriteCertificate(cert, "Default ECDsa cert");
using (var privateKey = cert.GetECDsaPrivateKey())
{
Assert.NotNull(privateKey);
privateKey.ExportParameters(false);
privateKey.ExportParameters(true);
}
using (var publicKey = cert.GetECDsaPublicKey())
{
Assert.NotNull(publicKey);
publicKey.ExportParameters(false);
}
Assert.AreEqual(X509Defaults.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
Assert.GreaterOrEqual(DateTime.UtcNow, cert.NotBefore);
Assert.GreaterOrEqual(DateTime.UtcNow.AddMonths(X509Defaults.LifeTime), cert.NotAfter.ToUniversalTime());
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
Assert.AreEqual(0, basicConstraintsExtension.PathLengthConstraint);
var keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert.Extensions);
Assert.NotNull(keyUsage);
X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert), "Verify self signed.");
}
public void VerifyOneSelfSignedAppCertForAll()
{
var builder = CertificateBuilder.Create(Subject)
.SetNotBefore(DateTime.Today.AddYears(-1))
.SetNotAfter(DateTime.Today.AddYears(25))
.AddExtension(new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" }));
byte[] previousSerialNumber = null;
foreach (var keyHash in KeyHashPairs)
{
using (var cert = builder
.SetHashAlgorithm(keyHash.HashAlgorithmName)
.SetRSAKeySize(keyHash.KeySize)
.CreateForRSA())
{
Assert.NotNull(cert);
WriteCertificate(cert, $"Default cert with RSA {keyHash.KeySize} {keyHash.HashAlgorithmName} signature.");
Assert.AreEqual(keyHash.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
// ensure serial numbers are different
Assert.AreNotEqual(previousSerialNumber, cert.GetSerialNumber());
X509PfxUtils.VerifyRSAKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
Assert.AreEqual(cert.SubjectName.Name, cert.IssuerName.Name);
Assert.AreEqual(cert.SubjectName.RawData, cert.IssuerName.RawData);
CheckPEMWriter(cert);
}
}
}
public void CreateCACertForRSA(
KeyHashPair keyHashPair
)
{
// create a CA cert
var cert = CertificateBuilder.Create(Subject)
.SetCAConstraint(-1)
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.AddExtension(X509Extensions.BuildX509CRLDistributionPoints("http://myca/mycert.crl"))
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
Assert.NotNull(cert);
WriteCertificate(cert, "Default cert with RSA {keyHashPair.KeySize} {keyHashPair.HashAlgorithmName} and CRL distribution points");
Assert.AreEqual(keyHashPair.KeySize, cert.GetRSAPublicKey().KeySize);
Assert.AreEqual(keyHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
Assert.False(basicConstraintsExtension.HasPathLengthConstraint);
X509Utils.VerifyRSAKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
CheckPEMWriter(cert);
}
public void CreateIssuerRSAWithSuppliedKeyPair()
{
X509Certificate2 issuer = null;
using (RSA rsaKeyPair = RSA.Create())
{
// create cert with supplied keys
var generator = X509SignatureGenerator.CreateForRSA(rsaKeyPair, RSASignaturePadding.Pkcs1);
using (var cert = CertificateBuilder.Create("CN=Root Cert")
.SetCAConstraint(-1)
.SetRSAPublicKey(rsaKeyPair)
.CreateForRSA(generator))
{
Assert.NotNull(cert);
issuer = new X509Certificate2(cert.RawData);
WriteCertificate(cert, "Default root cert with supplied RSA cert");
CheckPEMWriter(cert);
}
// now sign a cert with supplied private key
using (var appCert = CertificateBuilder.Create("CN=App Cert")
.SetIssuer(issuer)
.CreateForRSA(generator))
{
Assert.NotNull(appCert);
WriteCertificate(appCert, "Signed RSA app cert");
CheckPEMWriter(appCert);
}
}
}
public void CreateForECDsaWithGeneratorTest(
ECCurveHashPair ecCurveHashPair
)
{
// default signing cert with custom key
X509Certificate2 signingCert = CertificateBuilder.Create(Subject)
.SetCAConstraint()
.SetHashAlgorithm(HashAlgorithmName.SHA512)
.SetECCurve(ecCurveHashPair.Curve)
.CreateForECDsa();
WriteCertificate(signingCert, $"Signing ECDsa {signingCert.GetECDsaPublicKey().KeySize} cert");
using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
{
var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetIssuer(new X509Certificate2(signingCert.RawData))
.CreateForRSA(generator);
Assert.NotNull(cert);
WriteCertificate(cert, "Default signed ECDsa cert");
}
using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
using (ECDsa ecdsaPublicKey = signingCert.GetECDsaPublicKey())
{
var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
.SetIssuer(new X509Certificate2(signingCert.RawData))
.SetECDsaPublicKey(ecdsaPublicKey)
.CreateForECDsa(generator);
Assert.NotNull(cert);
WriteCertificate(cert, "Default signed ECDsa cert with Public Key");
}
using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
{
var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
.SetIssuer(new X509Certificate2(signingCert.RawData))
.SetECCurve(ecCurveHashPair.Curve)
.CreateForECDsa(generator);
Assert.NotNull(cert);
WriteCertificate(cert, "Default signed RSA cert");
}
// ensure invalid path throws argument exception
Assert.Throws <NotSupportedException>(() => {
using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
{
var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
.SetECCurve(ecCurveHashPair.Curve)
.CreateForECDsa(generator);
}
});
}
public void CreateIssuerRSACngWithSuppliedKeyPair()
{
if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
Assert.Ignore("Cng provider only available on windows");
}
X509Certificate2 issuer = null;
CngKey cngKey = CngKey.Create(CngAlgorithm.Rsa);
using (RSA rsaKeyPair = new RSACng(cngKey))
{
// create cert with supplied keys
var generator = X509SignatureGenerator.CreateForRSA(rsaKeyPair, RSASignaturePadding.Pkcs1);
using (var cert = CertificateBuilder.Create("CN=Root Cert")
.SetCAConstraint(-1)
.SetRSAPublicKey(rsaKeyPair)
.CreateForRSA(generator))
{
Assert.NotNull(cert);
issuer = new X509Certificate2(cert.RawData);
WriteCertificate(cert, "Default root cert with supplied RSA cert");
}
// now sign a cert with supplied private key
using (var appCert = CertificateBuilder.Create("CN=App Cert")
.SetIssuer(issuer)
.CreateForRSA(generator))
{
Assert.NotNull(appCert);
WriteCertificate(appCert, "Signed RSA app cert");
}
}
}
public void VerifyOneSelfSignedAppCertForAll()
{
var builder = CertificateBuilder.Create(Subject)
.SetNotBefore(DateTime.Today.AddYears(-1))
.SetNotAfter(DateTime.Today.AddYears(25))
.AddExtension(new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" }));
byte[] previousSerialNumber = null;
foreach (var eCCurveHash in ECCurveHashPairs)
{
if (!eCCurveHash.Curve.IsNamed)
{
continue;
}
using (var cert = builder
.SetHashAlgorithm(eCCurveHash.HashAlgorithmName)
.SetECCurve(eCCurveHash.Curve)
.CreateForECDsa())
{
Assert.NotNull(cert);
WriteCertificate(cert, $"Default cert with ECDsa {eCCurveHash.Curve.Oid.FriendlyName} {eCCurveHash.HashAlgorithmName} signature.");
Assert.AreEqual(eCCurveHash.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
// ensure serial numbers are different
Assert.AreNotEqual(previousSerialNumber, cert.GetSerialNumber());
X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
}
}
}
public void CreateSelfSignedForECDsaTests(ECCurve eccurve)
{
// default cert
X509Certificate2 cert = CertificateBuilder.Create(Subject).SetECCurve(eccurve).CreateForECDsa();
WriteCertificate(cert, "Default ECDsa cert");
// set dates
cert = CertificateBuilder.Create(Subject)
.SetNotBefore(DateTime.Today.AddYears(-1))
.SetNotAfter(DateTime.Today.AddYears(25))
.AddExtension(new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" }))
.SetECCurve(eccurve)
.CreateForECDsa();
WriteCertificate(cert, "Default cert with modified lifetime and alt name extension");
// set hash alg
cert = CertificateBuilder.Create(Subject)
.SetHashAlgorithm(HashAlgorithmName.SHA512)
.SetECCurve(eccurve)
.CreateForECDsa();
WriteCertificate(cert, "Default cert with SHA512 signature.");
// set CA constraints
cert = CertificateBuilder.Create(Subject)
.SetCAConstraint(-1)
.AddExtension(X509Extensions.BuildX509CRLDistributionPoints("http://myca/mycert.crl"))
.SetECCurve(eccurve)
.CreateForECDsa();
WriteCertificate(cert, "Default cert with CA constraints None and CRL distribution points");
}
public void CreateSelfSignedForRSAAllFields(
KeyHashPair keyHashPair
)
{
// set dates and extension
var applicationUri = "urn:opcfoundation.org:mypc";
var domains = new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" };
var cert = CertificateBuilder.Create(Subject)
.SetNotBefore(DateTime.Today.AddYears(-1))
.SetNotAfter(DateTime.Today.AddYears(25))
.AddExtension(new X509SubjectAltNameExtension(applicationUri, domains))
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
Assert.NotNull(cert);
WriteCertificate(cert, $"Default cert RSA {keyHashPair.KeySize} with modified lifetime and alt name extension");
Assert.AreEqual(Subject, cert.Subject);
Assert.AreEqual(keyHashPair.KeySize, cert.GetRSAPublicKey().KeySize);
Assert.AreEqual(keyHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
X509Utils.VerifyRSAKeyPair(cert, cert);
X509Utils.VerifySelfSigned(cert);
}
public void CreateForRSAWithGeneratorTest(
KeyHashPair keyHashPair
)
{
// default signing cert with custom key
X509Certificate2 signingCert = CertificateBuilder.Create(Subject)
.SetCAConstraint()
.SetHashAlgorithm(HashAlgorithmName.SHA512)
.SetRSAKeySize(2048)
.CreateForRSA();
WriteCertificate(signingCert, $"Signing RSA {signingCert.GetRSAPublicKey().KeySize} cert");
using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey())
{
var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetIssuer(new X509Certificate2(signingCert.RawData))
.CreateForRSA(generator);
Assert.NotNull(cert);
WriteCertificate(cert, $"Default signed RSA cert");
}
using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey())
using (RSA rsaPublicKey = signingCert.GetRSAPublicKey())
{
var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetIssuer(new X509Certificate2(signingCert.RawData))
.SetRSAPublicKey(rsaPublicKey)
.CreateForRSA(generator);
Assert.NotNull(cert);
WriteCertificate(cert, $"Default signed RSA cert with Public Key");
}
using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey())
{
var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetIssuer(new X509Certificate2(signingCert.RawData))
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA(generator);
Assert.NotNull(cert);
WriteCertificate(cert, $"Default signed RSA cert");
}
// ensure invalid path throws argument exception
Assert.Throws <NotSupportedException>(() => {
using (RSA rsaPrivateKey = signingCert.GetRSAPrivateKey())
{
var generator = X509SignatureGenerator.CreateForRSA(rsaPrivateKey, RSASignaturePadding.Pkcs1);
var cert = CertificateBuilder.Create("CN=App Cert")
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA(generator);
}
});
}
public void CreateSelfSignedForRSADefaultTest()
{
// default cert
X509Certificate2 cert = CertificateBuilder.Create(Subject).CreateForRSA();
Assert.NotNull(cert);
WriteCertificate(cert, "Default RSA cert");
using (var privateKey = cert.GetRSAPrivateKey())
{
Assert.NotNull(privateKey);
privateKey.ExportParameters(false);
privateKey.ExportParameters(true);
}
using (var publicKey = cert.GetRSAPublicKey())
{
Assert.NotNull(publicKey);
Assert.AreEqual(X509Defaults.RSAKeySize, publicKey.KeySize);
publicKey.ExportParameters(false);
}
Assert.AreEqual(X509Defaults.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
Assert.GreaterOrEqual(DateTime.UtcNow, cert.NotBefore);
Assert.GreaterOrEqual(DateTime.UtcNow.AddMonths(X509Defaults.LifeTime), cert.NotAfter.ToUniversalTime());
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
X509Utils.VerifyRSAKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
}
public void CreateECDsaManualSerialTest()
{
var eccurve = ECCurve.NamedCurves.nistP256;
// default cert
Assert.Throws <ArgumentOutOfRangeException>(
() => {
CertificateBuilder.Create(Subject)
.SetSerialNumber(Array.Empty <byte>())
.SetECCurve(eccurve)
.CreateForECDsa();
}
);
Assert.Throws <ArgumentOutOfRangeException>(
() => {
CertificateBuilder.Create(Subject)
.SetSerialNumber(new byte[X509Defaults.SerialNumberLengthMax + 1])
.SetECCurve(eccurve)
.CreateForECDsa();
}
);
var serial = new byte[X509Defaults.SerialNumberLengthMax];
for (int i = 0; i < serial.Length; i++)
{
serial[i] = (byte)((i + 1) | 0x80);
}
// test if sign bit is cleared
var builder = CertificateBuilder.Create(Subject)
.SetSerialNumber(serial);
serial[serial.Length - 1] &= 0x7f;
Assert.AreEqual(serial, builder.GetSerialNumber());
var cert1 = builder.SetECCurve(eccurve).CreateForECDsa();
WriteCertificate(cert1, "Cert1 with max length serial number");
TestContext.Out.WriteLine($"Serial: {serial.ToHexString(true)}");
Assert.AreEqual(serial, cert1.GetSerialNumber());
Assert.AreEqual(X509Defaults.SerialNumberLengthMax, cert1.GetSerialNumber().Length);
// clear sign bit
builder.SetSerialNumberLength(X509Defaults.SerialNumberLengthMax);
var cert2 = builder.SetECCurve(eccurve).CreateForECDsa();
WriteCertificate(cert2, "Cert2 with max length serial number");
TestContext.Out.WriteLine($"Serial: {cert2.SerialNumber}");
Assert.GreaterOrEqual(X509Defaults.SerialNumberLengthMax, cert2.GetSerialNumber().Length);
Assert.AreNotEqual(cert1.SerialNumber, cert2.SerialNumber);
}
/// <summary>
/// Create a certificate for an OPC UA application.
/// </summary>
/// <param name="applicationUri">The application Uri</param>
/// <param name="applicationName">The friendly name of the application</param>
/// <param name="subjectName">The subject of the certificate</param>
/// <param name="domainNames">The domain names for the alt name extension</param>
/// <returns>
/// Return the Certificate builder with X509 Subject Alt Name extension
/// to create the certificate.
/// </returns>
public static ICertificateBuilder CreateCertificate(
string applicationUri,
string applicationName,
string subjectName,
IList <string> domainNames)
{
SetSuitableDefaults(
ref applicationUri,
ref applicationName,
ref subjectName,
ref domainNames);
return(CertificateBuilder.Create(subjectName)
.AddExtension(new X509SubjectAltNameExtension(applicationUri, domainNames)));
}
public void CreateSelfSignedForRSADefaultHashCustomKey(
KeyHashPair keyHashPair
)
{
// default cert with custom key
X509Certificate2 cert = CertificateBuilder.Create(Subject)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
WriteCertificate(cert, $"Default RSA {keyHashPair.KeySize} cert");
Assert.AreEqual(Subject, cert.Subject);
Assert.AreEqual(keyHashPair.KeySize, cert.GetRSAPublicKey().KeySize);
Assert.AreEqual(X509Defaults.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
X509Utils.VerifyRSAKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
}
public void GlobalSetup()
{
m_certificate = CertificateBuilder.Create("CN=TestCert")
.SetNotBefore(DateTime.Today.AddDays(-1))
.AddExtension(
new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc", new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" }))
.CreateForRSA();
var random = new Random();
m_rsaPrivateKey = m_certificate.GetRSAPrivateKey();
m_rsaPublicKey = m_certificate.GetRSAPublicKey();
// blob size for RSA padding OaepSHA256
int blobSize = m_rsaPublicKey.KeySize / 8 - 66;
m_randomByteArray = new byte[blobSize];
random.NextBytes(m_randomByteArray);
m_encryptedByteArray = m_rsaPublicKey.Encrypt(m_randomByteArray, RSAEncryptionPadding.OaepSHA256);
m_signature = m_rsaPrivateKey.SignData(m_randomByteArray, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
public void CreateSelfSignedForECDsaAllFields(
ECCurveHashPair ecCurveHashPair
)
{
// set dates and extension
var applicationUri = "urn:opcfoundation.org:mypc";
var domains = new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" };
var cert = CertificateBuilder.Create(Subject)
.SetNotBefore(DateTime.Today.AddYears(-1))
.SetNotAfter(DateTime.Today.AddYears(25))
.AddExtension(new X509SubjectAltNameExtension(applicationUri, domains))
.SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
.SetECCurve(ecCurveHashPair.Curve)
.CreateForECDsa();
Assert.NotNull(cert);
WriteCertificate(cert, $"Default cert ECDsa {ecCurveHashPair.Curve.Oid.FriendlyName} with modified lifetime and alt name extension");
Assert.AreEqual(Subject, cert.Subject);
using (var privateKey = cert.GetECDsaPrivateKey())
{
Assert.NotNull(privateKey);
privateKey.ExportParameters(false);
privateKey.ExportParameters(true);
}
using (var publicKey = cert.GetECDsaPublicKey())
{
Assert.NotNull(publicKey);
publicKey.ExportParameters(false);
}
Assert.AreEqual(ecCurveHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
CheckPEMWriter(cert);
}
public void CreateCACertForECDsa(
ECCurveHashPair ecCurveHashPair
)
{
// create a CA cert
var cert = CertificateBuilder.Create(Subject)
.SetCAConstraint()
.SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
.AddExtension(X509Extensions.BuildX509CRLDistributionPoints(new string[] { "http://myca/mycert.crl", "http://myaltca/mycert.crl" }))
.SetECCurve(ecCurveHashPair.Curve)
.CreateForECDsa();
Assert.NotNull(cert);
WriteCertificate(cert, "Default cert with RSA {keyHashPair.KeySize} {keyHashPair.HashAlgorithmName} and CRL distribution points");
Assert.AreEqual(ecCurveHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);
Assert.NotNull(basicConstraintsExtension);
Assert.True(basicConstraintsExtension.CertificateAuthority);
Assert.False(basicConstraintsExtension.HasPathLengthConstraint);
X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
}
public void GlobalSetup()
{
m_issuerCert = CertificateBuilder.Create("CN=Root CA")
.SetCAConstraint()
.CreateForRSA();
m_certificate = CertificateBuilder.Create("CN=TestCert")
.SetNotBefore(DateTime.Today.AddDays(-1))
.AddExtension(
new X509SubjectAltNameExtension("urn:opcfoundation.org:mypc",
new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" }))
.CreateForRSA();
var crlBuilder = CrlBuilder.Create(m_issuerCert.SubjectName, HashAlgorithmName.SHA256)
.SetThisUpdate(DateTime.UtcNow.Date)
.SetNextUpdate(DateTime.UtcNow.Date.AddDays(30));
var revokedarray = new RevokedCertificate(m_certificate.SerialNumber);
crlBuilder.RevokedCertificates.Add(revokedarray);
crlBuilder.CrlExtensions.Add(X509Extensions.BuildCRLNumber(1));
crlBuilder.CrlExtensions.Add(X509Extensions.BuildAuthorityKeyIdentifier(m_issuerCert));
m_issuerCrl = crlBuilder.CreateForRSA(m_issuerCert);
m_x509Crl = new X509CRL(m_issuerCrl.RawData);
var random = new Random();
m_rsaPrivateKey = m_certificate.GetRSAPrivateKey();
m_rsaPublicKey = m_certificate.GetRSAPublicKey();
// blob size for RSA padding OaepSHA256
int blobSize = m_rsaPublicKey.KeySize / 8 - 66;
m_randomByteArray = new byte[blobSize];
random.NextBytes(m_randomByteArray);
m_encryptedByteArray = m_rsaPublicKey.Encrypt(m_randomByteArray, RSAEncryptionPadding.OaepSHA256);
m_signature = m_rsaPrivateKey.SignData(m_randomByteArray, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
/// <summary>
/// Create a certificate for any use.
/// </summary>
/// <param name="subjectName">The subject of the certificate</param>
/// <returns>Return the Certificate builder.</returns>
public static ICertificateBuilder CreateCertificate(string subjectName)
{
return(CertificateBuilder.Create(subjectName));
}
protected void OneTimeSetUp()
{
m_issuerCert = CertificateBuilder.Create("CN=Root CA")
.SetCAConstraint()
.CreateForRSA();
}
public void CreateCertificate()
{
using (X509Certificate2 cert = CertificateBuilder.Create("CN=Create").CreateForRSA()) { }
}