private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter)
{
CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One)
.SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public))
.SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
builder.SetValidity(new Time(notBefore), new Time(notAfter));
CertificateRequestMessage msg = builder.Build();
if (!notBefore.Equals(DateTime.MinValue))
{
IsTrue("NotBefore did not match", (notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime())));
}
else
{
IsTrue("Expected NotBefore to empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime());
}
if (!notAfter.Equals(DateTime.MinValue))
{
IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime())));
}
else
{
IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime());
}
}
public void TestSubsequentMessage()
{
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
TestCertBuilder builder = new TestCertBuilder();
builder.NotBefore = DateTime.UtcNow.AddDays(-1);
builder.NotAfter = DateTime.UtcNow.AddDays(1);
builder.PublicKey = rsaKeyPair.Public;
builder.SignatureAlgorithm = "Sha1WithRSAEncryption";
X509Certificate cert = builder.Build(rsaKeyPair.Private);
GeneralName user = new GeneralName(new X509Name("CN=Test"));
CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One)
.SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))
.SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private);
ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user, user)
.SetTransactionId(new byte[] { 1, 2, 3, 4, 5 })
.SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[] { crmBuiler.Build().ToAsn1Structure() })))
.AddCmpCertificate(cert)
.Build(sigFact);
ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPkiMessage(certRequestMsg.ToAsn1Message().GetDerEncoded()));
CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content);
CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0];
IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type);
}
public void TestBasicMessage()
{
var rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
var rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
var certReqBuild = new CertificateRequestMessageBuilder(BigInteger.One);
certReqBuild.SetSubject(new X509Name("CN=Test"))
.SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))
.SetProofOfPossessionSignKeySigner(new Asn1SignatureFactory("SHA1WithRSA", rsaKeyPair.Private));
var certificateRequestMessage = certReqBuild.Build();
IsTrue("Signing Key Pop Valid", certificateRequestMessage.IsValidSigningKeyPop(new Asn1VerifierFactoryProvider(rsaKeyPair.Public)));
IsTrue(certificateRequestMessage.GetCertTemplate().Subject.Equivalent(new X509Name("CN=Test")));
IsTrue(certificateRequestMessage.GetCertTemplate().PublicKey.Equals(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)));
}
public void TestBasicMessageWithArchiveControl()
{
var rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
var rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
var tcb = new TestCertBuilder()
{
PublicKey = rsaKeyPair.Public,
Subject = new X509Name("CN=Test"),
Issuer = new X509Name("CN=Test"),
NotBefore = DateTime.UtcNow.AddDays(-1),
NotAfter = DateTime.UtcNow.AddDays(1),
SignatureAlgorithm = "Sha1WithRSAEncryption"
};
var cert = tcb.Build(rsaKeyPair.Private);
var publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public);
var privateInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKeyPair.Private);
var certificateRequestMessageBuilder = new CertificateRequestMessageBuilder(BigInteger.One);
certificateRequestMessageBuilder.SetSubject(new X509Name("CN=Test"));
certificateRequestMessageBuilder.SetPublicKey(publicKeyInfo);
certificateRequestMessageBuilder.AddControl(
new PkiArchiveControlBuilder(privateInfo, new GeneralName(new X509Name("CN=Test")))
.AddRecipientGenerator(new CmsKeyTransRecipientInfoGenerator(cert, new Asn1KeyWrapper("RSA/None/OAEPwithSHA256andMGF1Padding", cert)))
.Build(new CmsContentEncryptorBuilder(NistObjectIdentifiers.IdAes128Cbc).Build())
);
var msg = certificateRequestMessageBuilder.Build();
IsTrue(Arrays.AreEqual(msg.GetCertTemplate().Subject.GetEncoded(), new X509Name("CN=Test").GetEncoded()));
IsTrue(Arrays.AreEqual(msg.GetCertTemplate().PublicKey.GetEncoded(), publicKeyInfo.GetEncoded()));
checkCertReqMsgWithArchiveControl(rsaKeyPair, msg);
checkCertReqMsgWithArchiveControl(rsaKeyPair, new CertificateRequestMessage(msg.GetEncoded()));
}
