private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter) { CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One) .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)) .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); builder.SetValidity(new Time(notBefore), new Time(notAfter)); CertificateRequestMessage msg = builder.Build(); if (!notBefore.Equals(DateTime.MinValue)) { IsTrue("NotBefore did not match", (notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime()))); } else { IsTrue("Expected NotBefore to empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime()); } if (!notAfter.Equals(DateTime.MinValue)) { IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime()))); } else { IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime()); } }
public void TestSubsequentMessage() { RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); TestCertBuilder builder = new TestCertBuilder(); builder.NotBefore = DateTime.UtcNow.AddDays(-1); builder.NotAfter = DateTime.UtcNow.AddDays(1); builder.PublicKey = rsaKeyPair.Public; builder.SignatureAlgorithm = "Sha1WithRSAEncryption"; X509Certificate cert = builder.Build(rsaKeyPair.Private); GeneralName user = new GeneralName(new X509Name("CN=Test")); CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One) .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)) .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private); ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user, user) .SetTransactionId(new byte[] { 1, 2, 3, 4, 5 }) .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[] { crmBuiler.Build().ToAsn1Structure() }))) .AddCmpCertificate(cert) .Build(sigFact); ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPkiMessage(certRequestMsg.ToAsn1Message().GetDerEncoded())); CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content); CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0]; IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type); }
public void TestBasicMessage() { var rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); var rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); var certReqBuild = new CertificateRequestMessageBuilder(BigInteger.One); certReqBuild.SetSubject(new X509Name("CN=Test")) .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)) .SetProofOfPossessionSignKeySigner(new Asn1SignatureFactory("SHA1WithRSA", rsaKeyPair.Private)); var certificateRequestMessage = certReqBuild.Build(); IsTrue("Signing Key Pop Valid", certificateRequestMessage.IsValidSigningKeyPop(new Asn1VerifierFactoryProvider(rsaKeyPair.Public))); IsTrue(certificateRequestMessage.GetCertTemplate().Subject.Equivalent(new X509Name("CN=Test"))); IsTrue(certificateRequestMessage.GetCertTemplate().PublicKey.Equals(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))); }
public void TestBasicMessageWithArchiveControl() { var rsaKeyPairGenerator = new RsaKeyPairGenerator(); rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); var rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); var tcb = new TestCertBuilder() { PublicKey = rsaKeyPair.Public, Subject = new X509Name("CN=Test"), Issuer = new X509Name("CN=Test"), NotBefore = DateTime.UtcNow.AddDays(-1), NotAfter = DateTime.UtcNow.AddDays(1), SignatureAlgorithm = "Sha1WithRSAEncryption" }; var cert = tcb.Build(rsaKeyPair.Private); var publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public); var privateInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKeyPair.Private); var certificateRequestMessageBuilder = new CertificateRequestMessageBuilder(BigInteger.One); certificateRequestMessageBuilder.SetSubject(new X509Name("CN=Test")); certificateRequestMessageBuilder.SetPublicKey(publicKeyInfo); certificateRequestMessageBuilder.AddControl( new PkiArchiveControlBuilder(privateInfo, new GeneralName(new X509Name("CN=Test"))) .AddRecipientGenerator(new CmsKeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper("RSA/None/OAEPwithSHA256andMGF1Padding", cert))) .Build(new CmsContentEncryptorBuilder(NistObjectIdentifiers.IdAes128Cbc).Build()) ); var msg = certificateRequestMessageBuilder.Build(); IsTrue(Arrays.AreEqual(msg.GetCertTemplate().Subject.GetEncoded(), new X509Name("CN=Test").GetEncoded())); IsTrue(Arrays.AreEqual(msg.GetCertTemplate().PublicKey.GetEncoded(), publicKeyInfo.GetEncoded())); checkCertReqMsgWithArchiveControl(rsaKeyPair, msg); checkCertReqMsgWithArchiveControl(rsaKeyPair, new CertificateRequestMessage(msg.GetEncoded())); }