/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
public virtual bool VerifyAuthorizedOCSPResponderTest(DateTime ocspResponderCertStartDate, DateTime ocspResponderCertEndDate
, DateTime checkDate)
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateRsa.p12"
, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateRsa.p12", password,
password);
String checkCertFileName = certsSrc + "signCertRsaWithChain.p12";
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
RsaKeyPairGenerator keyGen = SignTestPortUtil.BuildRSA2048KeyPairGenerator();
AsymmetricCipherKeyPair key = keyGen.GenerateKeyPair();
ICipherParameters ocspRespPrivateKey = key.Private;
AsymmetricKeyParameter ocspRespPublicKey = key.Public;
TestCertificateBuilder certBuilder = new TestCertificateBuilder(ocspRespPublicKey, caCert, caPrivateKey, "CN=iTextTestOCSPResponder, OU=test, O=iText"
);
certBuilder.SetStartDate(ocspResponderCertStartDate);
certBuilder.SetEndDate(ocspResponderCertEndDate);
X509Certificate ocspResponderCert = certBuilder.BuildAuthorizedOCSPResponderCert();
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(ocspResponderCert, ocspRespPrivateKey);
TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, builder);
byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null);
Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes);
BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, checkDate));
}
public virtual void ValidOcspTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey);
NUnit.Framework.Assert.IsTrue(VerifyTest(builder));
}
public virtual void ValidOcspTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "rootRsa.p12", password
)[0];
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert);
NUnit.Framework.Assert.IsTrue(VerifyTest(builder));
}
public virtual void InvalidUnknownOcspTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "rootRsa.p12", password
)[0];
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert);
builder.SetCertificateStatus(new UnknownStatus());
NUnit.Framework.Assert.IsFalse(VerifyTest(builder));
}
public virtual void InvalidRevokedOcspTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey);
builder.SetCertificateStatus(new RevokedStatus(DateTimeUtil.GetCurrentUtcTime().AddDays(-20), Org.BouncyCastle.Asn1.X509.CrlReason.KeyCompromise
));
NUnit.Framework.Assert.IsFalse(VerifyTest(builder));
}
public virtual void ExpiredIssuerCertTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateExpiredCert.p12"
, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateExpiredCert.p12", password
, password);
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey);
NUnit.Framework.Assert.IsTrue(VerifyTest(builder, certsSrc + "signCertRsaWithExpiredChain.p12", caCert.NotBefore
));
}
public virtual void InvalidOutdatedOcspTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey);
DateTime thisUpdate = DateTimeUtil.GetCurrentTime().AddDays(-30);
DateTime nextUpdate = DateTimeUtil.GetCurrentTime().AddDays(-15);
builder.SetThisUpdate(thisUpdate);
builder.SetNextUpdate(nextUpdate);
NUnit.Framework.Assert.IsFalse(VerifyTest(builder));
}
public virtual void InvalidOutdatedOcspTest01()
{
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "rootRsa.p12", password
)[0];
TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert);
DateTime thisUpdate = DateTimeUtil.GetCurrentTime().AddDays(-30);
DateTime nextUpdate = DateTimeUtil.GetCurrentTime().AddDays(-15);
builder.SetThisUpdate(thisUpdate);
builder.SetNextUpdate(nextUpdate);
NUnit.Framework.Assert.IsFalse(VerifyTest(builder));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder, String checkCertFileName, DateTime checkDate
)
{
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
X509Certificate rootCert = rootRsaOcspBuilder.GetIssuerCert();
TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(rootCert, rootRsaOcspBuilder);
byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, rootCert, null);
Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes);
BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
return(ocspVerifier.Verify(basicOCSPResp, checkCert, rootCert, checkDate));
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
private bool VerifyTest(TestOcspResponseBuilder builder)
{
String caCertFileName = certsSrc + "rootRsa.p12";
String checkCertFileName = certsSrc + "signCertRsa01.p12";
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
TestOcspClient ocspClient = new TestOcspClient(builder, caPrivateKey);
byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null);
Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes);
BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2));
OCSPVerifier ocspVerifier = new OCSPVerifier(null, null);
return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime()));
}
public virtual byte[] GetEncoded(X509Certificate checkCert, X509Certificate issuerCert, String url)
{
byte[] bytes = null;
try {
CertificateID id = SignTestPortUtil.GenerateCertificateId(issuerCert, checkCert.SerialNumber, Org.BouncyCastle.Ocsp.CertificateID.HashSha1
);
TestOcspResponseBuilder builder = issuerIdToResponseBuilder.Get(issuerCert.SerialNumber.ToString(16));
if (builder == null)
{
throw new ArgumentException("This TestOcspClient instance is not capable of providing OCSP response for the given issuerCert:"
+ issuerCert.SubjectDN.ToString());
}
bytes = builder.MakeOcspResponse(SignTestPortUtil.GenerateOcspRequestWithNonce(id).GetEncoded());
}
catch (Exception ignored) {
if (ignored is Exception)
{
throw (Exception)ignored;
}
}
return(bytes);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder)
{
return(VerifyTest(rootRsaOcspBuilder, certsSrc + "signCertRsa01.p12", DateTimeUtil.GetCurrentUtcTime()));
}
/// <exception cref="Org.BouncyCastle.Security.Certificates.CertificateEncodingException"/>
public TestOcspClient(X509Certificate caCert, ICipherParameters caPrivateKey)
{
this.builder = new TestOcspResponseBuilder(caCert);
this.caPrivateKey = caPrivateKey;
}
public TestOcspClient(TestOcspResponseBuilder builder, ICipherParameters caPrivateKey)
{
this.builder = builder;
this.caPrivateKey = caPrivateKey;
}
public virtual TestOcspClient AddBuilderForCertIssuer(X509Certificate cert, TestOcspResponseBuilder builder
)
{
issuerIdToResponseBuilder.Put(cert.SerialNumber.ToString(16), builder);
return(this);
}
