Exemplo n.º 1
0
        public void RsaPkcs1PlatformTest()
        {
            using (var store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
            {
                Pkcs11X509Certificate cert = Helpers.GetCertificate(store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);

                RSA p11PrivKey = cert.GetRSAPrivateKey();
                Assert.IsNotNull(p11PrivKey);
                RSA p11PubKey = cert.GetRSAPublicKey();
                Assert.IsNotNull(p11PubKey);
                RSA cngKey = CryptoObjects.GetTestUserPlatformRsaProvider();
                Assert.IsNotNull(cngKey);

                foreach (HashAlgorithmName hashAlgName in _hashNamesPkcs1)
                {
                    byte[] hash1 = Helpers.ComputeHash(_data1, hashAlgName);
                    byte[] hash2 = Helpers.ComputeHash(_data2, hashAlgName);

                    byte[] p11Signature = p11PrivKey.SignHash(hash1, hashAlgName, RSASignaturePadding.Pkcs1);
                    Assert.IsNotNull(p11Signature);
                    bool result1 = cngKey.VerifyHash(hash1, p11Signature, hashAlgName, RSASignaturePadding.Pkcs1);
                    Assert.IsTrue(result1);
                    bool result2 = cngKey.VerifyHash(hash2, p11Signature, hashAlgName, RSASignaturePadding.Pkcs1);
                    Assert.IsFalse(result2);

                    byte[] cngSignature = cngKey.SignHash(hash1, hashAlgName, RSASignaturePadding.Pkcs1);
                    Assert.IsNotNull(cngSignature);
                    bool result3 = p11PubKey.VerifyHash(hash1, cngSignature, hashAlgName, RSASignaturePadding.Pkcs1);
                    Assert.IsTrue(result3);
                    bool result4 = p11PubKey.VerifyHash(hash2, cngSignature, hashAlgName, RSASignaturePadding.Pkcs1);
                    Assert.IsFalse(result4);
                }
            }
        }
Exemplo n.º 2
0
        public void MsdnSignedXmlTest()
        {
            using (var store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
            {
                // Find signing certificate
                Pkcs11X509Certificate cert = Helpers.GetCertificate(store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);

                // Get PKCS#11 based private key
                RSA rsaPrivateKey = cert.GetRSAPrivateKey();

                // Get software based public key
                RSA rsaPublicKey = cert.Info.ParsedCertificate.PublicKey.Key as RSA;

                // Determine paths
                string basePath          = Helpers.GetBasePath();
                string plainXmlFilePath  = Path.Combine(basePath, "Example.xml");
                string signedXmlFilePath = Path.Combine(basePath, "SignedExample.xml");

                // Create an XML file to sign
                CreateSomeXml(plainXmlFilePath);

                // Sign the XML that was just created and save it in a new file
                SignXmlFile(plainXmlFilePath, signedXmlFilePath, rsaPrivateKey);

                // Verify the signature of the signed XML
                bool result = VerifyXmlFile(signedXmlFilePath, rsaPublicKey);

                // Check the results of the signature verification
                Assert.IsTrue(result);
            }
        }
        public void BasicRsaCertificateRequestTest()
        {
            // Load PKCS#11 based store
            using (var pkcs11Store = new Pkcs11X509Store(SoftHsm2Manager.LibraryPath, SoftHsm2Manager.PinProvider))
            {
                // Find signing certificate (CA certificate)
                Pkcs11X509Certificate pkcs11CertOfCertificateAuthority = Helpers.GetCertificate(pkcs11Store, SoftHsm2Manager.Token1Label, SoftHsm2Manager.Token1TestUserRsaLabel);

                // Generate new key pair for end entity
                RSA rsaKeyPairOfEndEntity = RSA.Create(2048);

                // Define certificate request
                CertificateRequest certificateRequest = new CertificateRequest(
                    new X500DistinguishedName("C=SK,L=Bratislava,CN=BasicRsaCertificateRequestTest"),
                    rsaKeyPairOfEndEntity,
                    HashAlgorithmName.SHA256,
                    RSASignaturePadding.Pkcs1);

                // Define certificate extensions
                certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, true));
                certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
                certificateRequest.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, false));

                // Issue X.509 certificate for end entity
                X509Certificate2 certificateOfEndEntity = certificateRequest.Create(
                    pkcs11CertOfCertificateAuthority.Info.ParsedCertificate.SubjectName,
                    X509SignatureGenerator.CreateForRSA(pkcs11CertOfCertificateAuthority.GetRSAPrivateKey(), RSASignaturePadding.Pkcs1),
                    DateTimeOffset.UtcNow,
                    DateTimeOffset.UtcNow.AddDays(365),
                    new BigInteger(1).ToByteArray());

                // Verify signature on X.509 certificate for end entity
                Assert.IsTrue(CaCertSignedEndEntityCert(pkcs11CertOfCertificateAuthority.Info.ParsedCertificate.RawData, certificateOfEndEntity.RawData));

                // Asociate end entity certificate with its private key
                certificateOfEndEntity = certificateOfEndEntity.CopyWithPrivateKey(rsaKeyPairOfEndEntity);

                // Export end entity certificate to PKCS#12 file
                string basePath       = Helpers.GetBasePath();
                string pkcs12FilePath = Path.Combine(basePath, "BasicRsaCertificateRequestTest.p12");
                File.WriteAllBytes(pkcs12FilePath, certificateOfEndEntity.Export(X509ContentType.Pkcs12, "password"));
            }
        }