private void extensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs) { TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator( privateKey, cert, TspAlgorithms.Sha1, "1.2"); tsTokenGen.SetCertificates(certs); TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator(); // --- These are test case only values reqGen.SetReqPolicy("2.5.29.56"); reqGen.AddExtension(new DerObjectIdentifier("1.3.6.1.5.5.7.1.2"), true, new DerOctetString(new byte[20])); // --- not for any real world purpose. TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]); try { request.Validate(new ArrayList(), new ArrayList(), new ArrayList()); Assert.Fail("expected exception"); } catch (Exception ex) { Assert.True("request contains unknown algorithm" == ex.Message); } ArrayList algorithms = new ArrayList(); algorithms.Add(TspAlgorithms.Sha1); try { request.Validate(algorithms, new ArrayList(), new ArrayList()); Assert.Fail("no exception"); } catch (Exception e) { Assert.IsTrue(e.Message == "request contains unknown policy"); } ArrayList policies = new ArrayList(); // Testing only do not use in real world. policies.Add("2.5.29.56"); try { request.Validate(algorithms, policies, new ArrayList()); Assert.Fail("no exception"); } catch (Exception e) { Assert.IsTrue(e.Message == "request contains unknown extension"); } ArrayList extensions = new ArrayList(); // Testing only do not use in real world/ extensions.Add("1.3.6.1.5.5.7.1.2"); // should validate with full set request.Validate(algorithms, policies, extensions); // should validate with null policy request.Validate(algorithms, null, extensions); TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed); TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("23"), DateTime.UtcNow); tsResp = new TimeStampResponse(tsResp.GetEncoded()); TimeStampToken tsToken = tsResp.TimeStampToken; tsToken.Validate(cert); Asn1.Cms.AttributeTable table = tsToken.SignedAttributes; Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found"); }