public void CreateSigningCertificateV2_WithValidInput_ReturnsAttribute(Common.HashAlgorithmName hashAlgorithmName)
{
using (var certificate = _fixture.GetDefaultCertificate())
{
var attribute = AttributeUtility.CreateSigningCertificateV2(certificate, hashAlgorithmName);
Assert.Equal(Oids.SigningCertificateV2, attribute.Oid.Value);
Assert.Equal(1, attribute.Values.Count);
var signingCertificateV2 = SigningCertificateV2.Read(attribute.Values[0].RawData);
Assert.Equal(1, signingCertificateV2.Certificates.Count);
var essCertIdV2 = signingCertificateV2.Certificates[0];
var expectedHash = SignTestUtility.GetHash(certificate, hashAlgorithmName);
SignTestUtility.VerifyByteArrays(expectedHash, essCertIdV2.CertificateHash);
Assert.Equal(
hashAlgorithmName,
CryptoHashUtility.OidToHashAlgorithmName(essCertIdV2.HashAlgorithm.Algorithm.Value));
Assert.Equal(certificate.IssuerName.Name, essCertIdV2.IssuerSerial.GeneralNames[0].DirectoryName.Name);
var serialNumber = certificate.GetSerialNumber();
// Convert from little endian to big endian.
Array.Reverse(serialNumber);
SignTestUtility.VerifyByteArrays(
serialNumber,
essCertIdV2.IssuerSerial.SerialNumber);
}
}
public void IsSignatureAlgorithmSupported_WhenSupported_ReturnsTrue(Common.HashAlgorithmName algorithm, string expectedSignatureAlgorithmOid)
{
using (var certificate = SigningTestUtility.GenerateCertificate(
"test",
generator => { },
algorithm,
RSASignaturePaddingMode.Pkcs1))
{
Assert.Equal(expectedSignatureAlgorithmOid, certificate.SignatureAlgorithm.Value);
Assert.True(CertificateUtility.IsSignatureAlgorithmSupported(certificate));
}
}
public static EssCertIdV2 Create(X509Certificate2 certificate, Common.HashAlgorithmName hashAlgorithmName)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
var algorithm = new AlgorithmIdentifier(hashAlgorithmName.ConvertToOid());
var hash = CertificateUtility.GetHash(certificate, hashAlgorithmName);
var issuerSerial = IssuerSerial.Create(certificate);
return(new EssCertIdV2(algorithm, hash, issuerSerial));
}
// ESSCertIDv2::= SEQUENCE {
// hashAlgorithm AlgorithmIdentifier
// DEFAULT {algorithm id-sha256 },
// certHash Hash,
// issuerSerial IssuerSerial OPTIONAL
// }
private static byte[][] CreateESSCertIDv2Entry(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
{
// Get hash Oid
var hashAlgorithmOid = hashAlgorithm.ConvertToOidString();
var entry = GetESSCertIDv2Entry(cert, hashAlgorithm);
return(DerEncoder.ConstructSegmentedSequence(new List <byte[][]>()
{
// AlgorithmIdentifier
DerEncoder.SegmentedEncodeOid(hashAlgorithmOid),
// Hash
DerEncoder.SegmentedEncodeOctetString(entry.Value)
}));
}
/// <summary>
/// Create a signing-certificate-v2 from a certificate.
/// </summary>
/// <param name="certificate">The signing certificate.</param>
/// <param name="hashAlgorithm">The hash algorithm for the signing-certificate-v2 attribute.</param>
public static CryptographicAttributeObject CreateSigningCertificateV2(
X509Certificate2 certificate,
Common.HashAlgorithmName hashAlgorithm)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
var signingCertificateV2 = SigningCertificateV2.Create(certificate, hashAlgorithm);
var bytes = signingCertificateV2.Encode();
var data = new AsnEncodedData(Oids.SigningCertificateV2, bytes);
return(new CryptographicAttributeObject(
new Oid(Oids.SigningCertificateV2),
new AsnEncodedDataCollection(data)));
}
public void GetESSCertIDv2Entries_ReturnsDecodedHashes(Common.HashAlgorithmName hashAlgorithm)
{
// Arrange
var cert = TestCertificate.Generate().PublicCert;
var cert2 = TestCertificate.Generate().PublicCert;
var attribute = AttributeUtility.GetSigningCertificateV2(
new[] { cert, cert2 },
hashAlgorithm);
var certHash = CryptoHashUtility.ComputeHash(hashAlgorithm, cert.RawData);
var cert2Hash = CryptoHashUtility.ComputeHash(hashAlgorithm, cert2.RawData);
// Act
var actual = AttributeUtility.GetESSCertIDv2Entries(attribute);
// Assert
actual.ShouldBeEquivalentTo(new[]
{
new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, certHash),
new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, cert2Hash),
});
}
private static SignatureContent GenerateSignatureContent(Common.HashAlgorithmName hashAlgorithmName, byte[] zipArchiveHash)
{
var base64ZipArchiveHash = Convert.ToBase64String(zipArchiveHash);
return(new SignatureContent(SigningSpecifications.V1, hashAlgorithmName, base64ZipArchiveHash));
}
// Cert -> Hash
private static byte[] GetCertificateHash(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
{
return(hashAlgorithm.ComputeHash(cert.RawData));
}
// Cert -> Hash pair
private static KeyValuePair <Common.HashAlgorithmName, byte[]> GetESSCertIDv2Entry(X509Certificate2 cert, Common.HashAlgorithmName hashAlgorithm)
{
// Hash the certificate
var hashValue = GetCertificateHash(cert, hashAlgorithm);
return(new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, hashValue));
}
/// <summary>
/// Create a signing-certificate-v2 from a certificate.
/// </summary>
public static CryptographicAttributeObject GetSigningCertificateV2(IEnumerable <X509Certificate2> chain, Common.HashAlgorithmName hashAlgorithm)
{
// Build the cert chain as-is
var certEntries = chain.Select(e => CreateESSCertIDv2Entry(e, hashAlgorithm)).ToList();
var data = new AsnEncodedData(Oids.SigningCertificateV2, DerEncoder.ConstructSequence(certEntries));
// Create an attribute
return(new CryptographicAttributeObject(
oid: new Oid(Oids.SigningCertificateV2),
values: new AsnEncodedDataCollection(data)));
}
