public void IsValidSigningCertificateV2_VerifySuccess()
        {
            var cert      = TestCertificate.Generate();
            var attribute = AttributeUtility.GetSigningCertificateV2(new[] { cert.PublicCert }, Common.HashAlgorithmName.SHA512);

            AttributeUtility.IsValidSigningCertificateV2(cert.PublicCert, new[] { cert.PublicCert }, attribute, SigningSpecifications.V1).Should().BeTrue();
        }
        public void IsValidSigningCertificateV2_EmptyChainVerifyFailure()
        {
            var child  = TestCertificate.Generate().PublicCert;
            var parent = TestCertificate.Generate().PublicCert;

            var localChain = new List <X509Certificate2>()
            {
                child, parent
            };
            var attributeChain = new List <KeyValuePair <Common.HashAlgorithmName, byte[]> >();

            AttributeUtility.IsValidSigningCertificateV2(child, localChain, attributeChain, SigningSpecifications.V1)
            .Should()
            .BeFalse();
        }
        public void IsValidSigningCertificateV2_HashNotAllowedVerifyFailure()
        {
            var cert = TestCertificate.Generate();

            // Allow only 512
            var spec = new Mock <SigningSpecifications>();

            spec.SetupGet(e => e.AllowedHashAlgorithmOids).Returns(new string[] { Common.HashAlgorithmName.SHA512.ConvertToOidString() });

            // Hash with 256
            var attribute = AttributeUtility.GetSigningCertificateV2(new[] { cert.PublicCert }, Common.HashAlgorithmName.SHA256);

            // Verify failure
            AttributeUtility.IsValidSigningCertificateV2(cert.PublicCert, new[] { cert.PublicCert }, attribute, spec.Object).Should().BeFalse();
        }
        public void IsValidSigningCertificateV2_DirectHashVerifySuccess()
        {
            var child  = TestCertificate.Generate().PublicCert;
            var parent = TestCertificate.Generate().PublicCert;

            var localChain = new List <X509Certificate2>()
            {
                child, parent
            };
            var attributeChain = new List <KeyValuePair <Common.HashAlgorithmName, byte[]> >()
            {
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(child.RawData)),
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(parent.RawData)),
            };

            AttributeUtility.IsValidSigningCertificateV2(child, localChain, attributeChain, SigningSpecifications.V1)
            .Should()
            .BeTrue();
        }
        public void SignedAttribute_IsValidSigningCertificateV2_SignatureCertIsNotFirstInListVerifyFailure()
        {
            var signerLeaf = TestCertificate.Generate().PublicCert;
            var rootCert   = TestCertificate.Generate().PublicCert;

            var localChain = new List <X509Certificate2>()
            {
                rootCert, signerLeaf
            };
            var attributeChain = new List <KeyValuePair <Common.HashAlgorithmName, byte[]> >()
            {
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(rootCert.RawData)),
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(Common.HashAlgorithmName.SHA512, Common.HashAlgorithmName.SHA512.GetHashProvider().ComputeHash(signerLeaf.RawData))
            };

            // Verify leaf node is first in the list
            AttributeUtility.IsValidSigningCertificateV2(signerLeaf, localChain, attributeChain, SigningSpecifications.V1)
            .Should()
            .BeFalse();
        }
        public void GetESSCertIDv2Entries_ReturnsDecodedHashes(Common.HashAlgorithmName hashAlgorithm)
        {
            // Arrange
            var cert      = TestCertificate.Generate().PublicCert;
            var cert2     = TestCertificate.Generate().PublicCert;
            var attribute = AttributeUtility.GetSigningCertificateV2(
                new[] { cert, cert2 },
                hashAlgorithm);
            var certHash  = CryptoHashUtility.ComputeHash(hashAlgorithm, cert.RawData);
            var cert2Hash = CryptoHashUtility.ComputeHash(hashAlgorithm, cert2.RawData);

            // Act
            var actual = AttributeUtility.GetESSCertIDv2Entries(attribute);

            // Assert
            actual.ShouldBeEquivalentTo(new[]
            {
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, certHash),
                new KeyValuePair <Common.HashAlgorithmName, byte[]>(hashAlgorithm, cert2Hash),
            });
        }
Exemplo n.º 7
0
        public TestCertificate CreateUntrustedTestCertificateThatWillExpireSoon()
        {
            Action <TestCertificateGenerator> actionGenerator = SigningTestUtility.CertificateModificationGeneratorForCertificateThatWillExpireSoon(SoonDuration);

            return(TestCertificate.Generate(actionGenerator));
        }