public void CreateForECDsaWithGeneratorTest(
            ECCurveHashPair ecCurveHashPair
            )
        {
            // default signing cert with custom key
            X509Certificate2 signingCert = CertificateBuilder.Create(Subject)
                                           .SetCAConstraint()
                                           .SetHashAlgorithm(HashAlgorithmName.SHA512)
                                           .SetECCurve(ecCurveHashPair.Curve)
                                           .CreateForECDsa();

            WriteCertificate(signingCert, $"Signing ECDsa {signingCert.GetECDsaPublicKey().KeySize} cert");

            using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
            {
                var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
                var cert      = CertificateBuilder.Create("CN=App Cert")
                                .SetIssuer(new X509Certificate2(signingCert.RawData))
                                .CreateForRSA(generator);
                Assert.NotNull(cert);
                WriteCertificate(cert, "Default signed ECDsa cert");
            }

            using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
                using (ECDsa ecdsaPublicKey = signingCert.GetECDsaPublicKey())
                {
                    var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
                    var cert      = CertificateBuilder.Create("CN=App Cert")
                                    .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
                                    .SetIssuer(new X509Certificate2(signingCert.RawData))
                                    .SetECDsaPublicKey(ecdsaPublicKey)
                                    .CreateForECDsa(generator);
                    Assert.NotNull(cert);
                    WriteCertificate(cert, "Default signed ECDsa cert with Public Key");
                }

            using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
            {
                var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
                var cert      = CertificateBuilder.Create("CN=App Cert")
                                .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
                                .SetIssuer(new X509Certificate2(signingCert.RawData))
                                .SetECCurve(ecCurveHashPair.Curve)
                                .CreateForECDsa(generator);
                Assert.NotNull(cert);
                WriteCertificate(cert, "Default signed RSA cert");
            }

            // ensure invalid path throws argument exception
            Assert.Throws <NotSupportedException>(() => {
                using (ECDsa ecdsaPrivateKey = signingCert.GetECDsaPrivateKey())
                {
                    var generator = X509SignatureGenerator.CreateForECDsa(ecdsaPrivateKey);
                    var cert      = CertificateBuilder.Create("CN=App Cert")
                                    .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
                                    .SetECCurve(ecCurveHashPair.Curve)
                                    .CreateForECDsa(generator);
                }
            });
        }
        public void CreateSelfSignedForECDsaDefaultTest(ECCurveHashPair eccurveHashPair)
        {
            // default cert
            X509Certificate2 cert = CertificateBuilder.Create(Subject)
                                    .SetECCurve(eccurveHashPair.Curve)
                                    .CreateForECDsa();

            Assert.NotNull(cert);
            WriteCertificate(cert, "Default ECDsa cert");
            using (var privateKey = cert.GetECDsaPrivateKey())
            {
                Assert.NotNull(privateKey);
                privateKey.ExportParameters(false);
                privateKey.ExportParameters(true);
            }
            using (var publicKey = cert.GetECDsaPublicKey())
            {
                Assert.NotNull(publicKey);
                publicKey.ExportParameters(false);
            }
            Assert.AreEqual(X509Defaults.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
            Assert.GreaterOrEqual(DateTime.UtcNow, cert.NotBefore);
            Assert.GreaterOrEqual(DateTime.UtcNow.AddMonths(X509Defaults.LifeTime), cert.NotAfter.ToUniversalTime());
            var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);

            Assert.NotNull(basicConstraintsExtension);
            Assert.True(basicConstraintsExtension.CertificateAuthority);
            Assert.AreEqual(0, basicConstraintsExtension.PathLengthConstraint);
            var keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert.Extensions);

            Assert.NotNull(keyUsage);
            X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
            Assert.True(X509Utils.VerifySelfSigned(cert), "Verify self signed.");
        }
Exemplo n.º 3
0
        public void CreateSelfSignedForECDsaAllFields(
            ECCurveHashPair ecCurveHashPair
            )
        {
            // set dates and extension
            var applicationUri = "urn:opcfoundation.org:mypc";
            var domains        = new string[] { "mypc", "mypc.opcfoundation.org", "192.168.1.100" };
            var cert           = CertificateBuilder.Create(Subject)
                                 .SetNotBefore(DateTime.Today.AddYears(-1))
                                 .SetNotAfter(DateTime.Today.AddYears(25))
                                 .AddExtension(new X509SubjectAltNameExtension(applicationUri, domains))
                                 .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
                                 .SetECCurve(ecCurveHashPair.Curve)
                                 .CreateForECDsa();

            Assert.NotNull(cert);
            WriteCertificate(cert, $"Default cert ECDsa {ecCurveHashPair.Curve.Oid.FriendlyName} with modified lifetime and alt name extension");
            Assert.AreEqual(Subject, cert.Subject);
            using (var privateKey = cert.GetECDsaPrivateKey())
            {
                Assert.NotNull(privateKey);
                privateKey.ExportParameters(false);
                privateKey.ExportParameters(true);
            }
            using (var publicKey = cert.GetECDsaPublicKey())
            {
                Assert.NotNull(publicKey);
                publicKey.ExportParameters(false);
            }
            Assert.AreEqual(ecCurveHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
            var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);

            Assert.NotNull(basicConstraintsExtension);
            Assert.True(basicConstraintsExtension.CertificateAuthority);
            X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
            Assert.True(X509Utils.VerifySelfSigned(cert));
            CheckPEMWriter(cert);
        }
        public void CreateCACertForECDsa(
            ECCurveHashPair ecCurveHashPair
            )
        {
            // create a CA cert
            var cert = CertificateBuilder.Create(Subject)
                       .SetCAConstraint()
                       .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
                       .AddExtension(X509Extensions.BuildX509CRLDistributionPoints("http://myca/mycert.crl"))
                       .SetECCurve(ecCurveHashPair.Curve)
                       .CreateForECDsa();

            Assert.NotNull(cert);
            WriteCertificate(cert, "Default cert with RSA {keyHashPair.KeySize} {keyHashPair.HashAlgorithmName} and CRL distribution points");
            Assert.AreEqual(ecCurveHashPair.HashAlgorithmName, Oids.GetHashAlgorithmName(cert.SignatureAlgorithm.Value));
            var basicConstraintsExtension = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert.Extensions);

            Assert.NotNull(basicConstraintsExtension);
            Assert.True(basicConstraintsExtension.CertificateAuthority);
            Assert.False(basicConstraintsExtension.HasPathLengthConstraint);
            X509PfxUtils.VerifyECDsaKeyPair(cert, cert, true);
            Assert.True(X509Utils.VerifySelfSigned(cert));
        }