private ApplicationTestData RandomApplicationTestData() { // TODO: set to discoveryserver ApplicationType appType = (ApplicationType)_randomSource.NextInt32((int)ApplicationType.ClientAndServer); string pureAppName = _dataGenerator.GetRandomString("en"); pureAppName = Regex.Replace(pureAppName, @"[^\w\d\s]", ""); string pureAppUri = Regex.Replace(pureAppName, @"[^\w\d]", ""); string appName = "UA " + pureAppName; StringCollection domainNames = RandomDomainNames(); string localhost = domainNames[0]; string privateKeyFormat = _randomSource.NextInt32(1) == 0 ? "PEM" : "PFX"; string appUri = ("urn:localhost:opcfoundation.org:" + pureAppUri.ToLower()).Replace("localhost", localhost); string prodUri = "http://opcfoundation.org/UA/" + pureAppUri; StringCollection discoveryUrls = new StringCollection(); StringCollection serverCapabilities = new StringCollection(); int port = (_dataGenerator.GetRandomInt16() & 0x1fff) + 50000; switch (appType) { case ApplicationType.Client: appName += " Client"; break; case ApplicationType.ClientAndServer: appName += " Client and"; goto case ApplicationType.Server; case ApplicationType.DiscoveryServer: appName += " DiscoveryServer"; discoveryUrls = RandomDiscoveryUrl(domainNames, 4840, pureAppUri); serverCapabilities.Add("LDS"); break; case ApplicationType.Server: appName += " Server"; discoveryUrls = RandomDiscoveryUrl(domainNames, port, pureAppUri); serverCapabilities = RandomServerCapabilities(); break; } ApplicationTestData testData = new ApplicationTestData { ApplicationRecord = new ApplicationRecordDataType { ApplicationNames = new LocalizedTextCollection { new LocalizedText("en-us", appName) }, ApplicationUri = appUri, ApplicationType = appType, ProductUri = prodUri, DiscoveryUrls = discoveryUrls, ServerCapabilities = serverCapabilities }, DomainNames = domainNames, Subject = String.Format("CN={0},DC={1},O=OPC Foundation", appName, localhost), PrivateKeyFormat = privateKeyFormat }; return(testData); }
public static void VerifySignedApplicationCert(ApplicationTestData testApp, byte [] rawSignedCert, byte [][] rawIssuerCerts) { X509Certificate2 signedCert = new X509Certificate2(rawSignedCert); X509Certificate2 issuerCert = new X509Certificate2(rawIssuerCerts[0]); Assert.NotNull(signedCert); Assert.False(signedCert.HasPrivateKey); Assert.True(Utils.CompareDistinguishedName(testApp.Subject, signedCert.Subject)); Assert.False(Utils.CompareDistinguishedName(signedCert.Issuer, signedCert.Subject)); Assert.True(Utils.CompareDistinguishedName(signedCert.Issuer, issuerCert.Subject)); // test basic constraints var constraints = FindBasicConstraintsExtension(signedCert); Assert.NotNull(constraints); Assert.True(constraints.Critical); Assert.False(constraints.CertificateAuthority); Assert.False(constraints.HasPathLengthConstraint); // key usage var keyUsage = FindKeyUsageExtension(signedCert); Assert.NotNull(keyUsage); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage var enhancedKeyUsage = FindEnhancedKeyUsageExtension(signedCert); Assert.NotNull(enhancedKeyUsage); Assert.True(enhancedKeyUsage.Critical); // test for authority key X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(signedCert); Assert.NotNull(authority); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyId); Assert.NotNull(authority.AuthorityNames); // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = FindSubjectKeyIdentifierExtension(issuerCert); Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyId); Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = FindSubjectAltName(signedCert); Assert.NotNull(subjectAlternateName); Assert.False(subjectAlternateName.Critical); var domainNames = Utils.GetDomainsFromCertficate(signedCert); foreach (var domainName in testApp.DomainNames) { Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase)); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = Utils.GetApplicationUriFromCertificate(signedCert); Assert.True(testApp.ApplicationRecord.ApplicationUri == applicationUri); }