public void VerifySelfSignedAppCerts(
KeyHashPair keyHashPair
)
{
var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize);
ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First();
var cert = CertificateFactory.CreateCertificate(app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames)
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
Assert.NotNull(cert);
Assert.NotNull(cert.RawData);
Assert.True(cert.HasPrivateKey);
using (RSA rsa = cert.GetRSAPrivateKey())
{
rsa.ExportParameters(true);
}
using (RSA rsa = cert.GetRSAPublicKey())
{
rsa.ExportParameters(false);
}
var plainCert = new X509Certificate2(cert.RawData);
Assert.NotNull(plainCert);
VerifyApplicationCert(app, plainCert);
X509Utils.VerifyRSAKeyPair(cert, cert, true);
Assert.True(X509Utils.VerifySelfSigned(cert));
}
public void VerifySignedAppCerts(
KeyHashPair keyHashPair
)
{
X509Certificate2 issuerCertificate = GetIssuer(keyHashPair);
Assert.NotNull(issuerCertificate);
Assert.NotNull(issuerCertificate.RawData);
Assert.True(issuerCertificate.HasPrivateKey);
var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize);
ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First();
var cert = CertificateFactory.CreateCertificate(
app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames)
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetIssuer(issuerCertificate)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
Assert.NotNull(cert);
Assert.NotNull(cert.RawData);
Assert.True(cert.HasPrivateKey);
using (var plainCert = new X509Certificate2(cert.RawData))
{
Assert.NotNull(plainCert);
VerifyApplicationCert(app, plainCert, issuerCertificate);
X509Utils.VerifyRSAKeyPair(plainCert, cert, true);
}
}
public void VerifyCACerts(
KeyHashPair keyHashPair
)
{
var subject = "CN=CA Test Cert";
int pathLengthConstraint = (keyHashPair.KeySize / 512) - 3;
var cert = CertificateFactory.CreateCertificate(subject)
.SetLifeTime(25 * 12)
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetCAConstraint(pathLengthConstraint)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
Assert.NotNull(cert);
Assert.NotNull(cert.RawData);
Assert.True(cert.HasPrivateKey);
var plainCert = new X509Certificate2(cert.RawData);
Assert.NotNull(plainCert);
VerifyCACert(plainCert, subject, pathLengthConstraint);
X509Utils.VerifySelfSigned(cert);
X509Utils.VerifyRSAKeyPair(cert, cert);
Assert.True(X509Utils.VerifySelfSigned(cert));
m_rootCACertificate[keyHashPair.KeySize] = cert;
}
public void VerifySignedAppCerts(
KeyHashPair keyHashPair
)
{
X509Certificate2 caCert;
if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out caCert))
{
Assert.Ignore($"Could not load Root CA.");
}
Assert.NotNull(caCert);
Assert.NotNull(caCert.RawData);
Assert.True(caCert.HasPrivateKey);
var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize);
ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First();
var cert = CertificateFactory.CreateCertificate(
app.ApplicationUri, app.ApplicationName, app.Subject, app.DomainNames)
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetIssuer(caCert)
.SetRSAKeySize(keyHashPair.KeySize)
.CreateForRSA();
Assert.NotNull(cert);
Assert.NotNull(cert.RawData);
Assert.True(cert.HasPrivateKey);
using (var plainCert = new X509Certificate2(cert.RawData))
{
Assert.NotNull(plainCert);
VerifyApplicationCert(app, plainCert, caCert);
X509Utils.VerifyRSAKeyPair(cert, caCert);
}
}
public void VerifyCACerts(
KeyHashPair keyHashPair
)
{
var subject = "CN=CA Test Cert";
int pathLengthConstraint = (keyHashPair.KeySize / 512) - 3;
var cert = CertificateFactory.CreateCertificate(
null, null, null,
null, null, subject,
null, keyHashPair.KeySize,
DateTime.UtcNow, 25 * 12,
keyHashPair.HashSize,
isCA: true,
pathLengthConstraint: pathLengthConstraint);
Assert.NotNull(cert);
Assert.NotNull(cert.RawData);
Assert.True(cert.HasPrivateKey);
var plainCert = new X509Certificate2(cert.RawData);
Assert.NotNull(plainCert);
VerifyCACert(plainCert, subject, pathLengthConstraint);
CertificateFactory.VerifySelfSigned(cert);
CertificateFactory.VerifyRSAKeyPair(cert, cert);
}
private X509Certificate2 GetIssuer(KeyHashPair keyHashPair)
{
X509Certificate2 issuerCertificate = null;
try
{
if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out issuerCertificate))
{
VerifyCACerts(keyHashPair);
if (!m_rootCACertificate.TryGetValue(keyHashPair.KeySize, out issuerCertificate))
{
Assert.Ignore($"Could not load Issuer Cert.");
}
}
}
catch
{
Assert.Ignore($"Could not load create Issuer Cert.");
}
return(issuerCertificate);
}
public void VerifySelfSignedAppCerts(
KeyHashPair keyHashPair
)
{
var appTestGenerator = new ApplicationTestDataGenerator(keyHashPair.KeySize);
ApplicationTestData app = appTestGenerator.ApplicationTestSet(1).First();
var cert = CertificateFactory.CreateCertificate(null, null, null,
app.ApplicationUri, app.ApplicationName, app.Subject,
app.DomainNames, keyHashPair.KeySize, DateTime.UtcNow,
CertificateFactory.DefaultLifeTime, keyHashPair.HashSize);
Assert.NotNull(cert);
Assert.NotNull(cert.RawData);
Assert.True(cert.HasPrivateKey);
var plainCert = new X509Certificate2(cert.RawData);
Assert.NotNull(plainCert);
VerifySelfSignedApplicationCert(app, plainCert);
CertificateFactory.VerifySelfSigned(cert);
CertificateFactory.VerifyRSAKeyPair(cert, cert);
}
public void VerifyCrlCerts(
KeyHashPair keyHashPair
)
{
int pathLengthConstraint = (keyHashPair.KeySize / 512) - 3;
X509Certificate2 issuerCertificate = GetIssuer(keyHashPair);
Assert.True(X509Utils.VerifySelfSigned(issuerCertificate));
var otherIssuerCertificate = CertificateFactory.CreateCertificate(issuerCertificate.Subject)
.SetLifeTime(TimeSpan.FromDays(180))
.SetHashAlgorithm(keyHashPair.HashAlgorithmName)
.SetCAConstraint(pathLengthConstraint)
.CreateForRSA();
Assert.True(X509Utils.VerifySelfSigned(otherIssuerCertificate));
X509Certificate2Collection revokedCerts = new X509Certificate2Collection();
for (int i = 0; i < 10; i++)
{
var cert = CertificateFactory.CreateCertificate($"CN=Test Cert {i}")
.SetIssuer(issuerCertificate)
.SetRSAKeySize(keyHashPair.KeySize <= 2048 ? keyHashPair.KeySize : 2048)
.CreateForRSA();
revokedCerts.Add(cert);
Assert.False(X509Utils.VerifySelfSigned(cert));
}
Assert.NotNull(issuerCertificate);
Assert.NotNull(issuerCertificate.RawData);
Assert.True(issuerCertificate.HasPrivateKey);
using (var rsa = issuerCertificate.GetRSAPrivateKey())
{
Assert.NotNull(rsa);
}
using (var plainCert = new X509Certificate2(issuerCertificate.RawData))
{
Assert.NotNull(plainCert);
VerifyCACert(plainCert, issuerCertificate.Subject, pathLengthConstraint);
}
Assert.True(X509Utils.VerifySelfSigned(issuerCertificate));
X509Utils.VerifyRSAKeyPair(issuerCertificate, issuerCertificate, true);
var crl = CertificateFactory.RevokeCertificate(issuerCertificate, null, null);
Assert.NotNull(crl);
Assert.True(crl.VerifySignature(issuerCertificate, true));
var extension = X509Extensions.FindExtension <X509CrlNumberExtension>(crl.CrlExtensions);
var crlCounter = new BigInteger(1);
Assert.AreEqual(crlCounter, extension.CrlNumber);
var revokedList = new List <X509CRL>();
revokedList.Add(crl);
foreach (var cert in revokedCerts)
{
Assert.Throws <CryptographicException>(() => crl.VerifySignature(otherIssuerCertificate, true));
Assert.False(crl.IsRevoked(cert));
var nextCrl = CertificateFactory.RevokeCertificate(issuerCertificate, revokedList, new X509Certificate2Collection(cert));
crlCounter++;
Assert.NotNull(nextCrl);
Assert.True(nextCrl.IsRevoked(cert));
extension = X509Extensions.FindExtension <X509CrlNumberExtension>(nextCrl.CrlExtensions);
Assert.AreEqual(crlCounter, extension.CrlNumber);
Assert.True(crl.VerifySignature(issuerCertificate, true));
revokedList.Add(nextCrl);
crl = nextCrl;
}
foreach (var cert in revokedCerts)
{
Assert.True(crl.IsRevoked(cert));
}
}
