/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Operator.OperatorCreationException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> public virtual bool VerifyAuthorizedOCSPResponderTest(DateTime ocspResponderCertStartDate, DateTime ocspResponderCertEndDate , DateTime checkDate) { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateRsa.p12" , password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateRsa.p12", password, password); String checkCertFileName = certsSrc + "signCertRsaWithChain.p12"; X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; RsaKeyPairGenerator keyGen = SignTestPortUtil.BuildRSA2048KeyPairGenerator(); AsymmetricCipherKeyPair key = keyGen.GenerateKeyPair(); ICipherParameters ocspRespPrivateKey = key.Private; AsymmetricKeyParameter ocspRespPublicKey = key.Public; TestCertificateBuilder certBuilder = new TestCertificateBuilder(ocspRespPublicKey, caCert, caPrivateKey, "CN=iTextTestOCSPResponder, OU=test, O=iText" ); certBuilder.SetStartDate(ocspResponderCertStartDate); certBuilder.SetEndDate(ocspResponderCertEndDate); X509Certificate ocspResponderCert = certBuilder.BuildAuthorizedOCSPResponderCert(); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(ocspResponderCert, ocspRespPrivateKey); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(caCert, builder); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, checkDate)); }
public virtual void ValidOcspTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey); NUnit.Framework.Assert.IsTrue(VerifyTest(builder)); }
public virtual void ValidOcspTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "rootRsa.p12", password )[0]; TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert); NUnit.Framework.Assert.IsTrue(VerifyTest(builder)); }
public virtual void InvalidUnknownOcspTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "rootRsa.p12", password )[0]; TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert); builder.SetCertificateStatus(new UnknownStatus()); NUnit.Framework.Assert.IsFalse(VerifyTest(builder)); }
public virtual void InvalidRevokedOcspTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey); builder.SetCertificateStatus(new RevokedStatus(DateTimeUtil.GetCurrentUtcTime().AddDays(-20), Org.BouncyCastle.Asn1.X509.CrlReason.KeyCompromise )); NUnit.Framework.Assert.IsFalse(VerifyTest(builder)); }
public virtual void ExpiredIssuerCertTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "intermediateExpiredCert.p12" , password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(certsSrc + "intermediateExpiredCert.p12", password , password); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey); NUnit.Framework.Assert.IsTrue(VerifyTest(builder, certsSrc + "signCertRsaWithExpiredChain.p12", caCert.NotBefore )); }
public virtual void InvalidOutdatedOcspTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert, caPrivateKey); DateTime thisUpdate = DateTimeUtil.GetCurrentTime().AddDays(-30); DateTime nextUpdate = DateTimeUtil.GetCurrentTime().AddDays(-15); builder.SetThisUpdate(thisUpdate); builder.SetNextUpdate(nextUpdate); NUnit.Framework.Assert.IsFalse(VerifyTest(builder)); }
public virtual void InvalidOutdatedOcspTest01() { X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(certsSrc + "rootRsa.p12", password )[0]; TestOcspResponseBuilder builder = new TestOcspResponseBuilder(caCert); DateTime thisUpdate = DateTimeUtil.GetCurrentTime().AddDays(-30); DateTime nextUpdate = DateTimeUtil.GetCurrentTime().AddDays(-15); builder.SetThisUpdate(thisUpdate); builder.SetNextUpdate(nextUpdate); NUnit.Framework.Assert.IsFalse(VerifyTest(builder)); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder, String checkCertFileName, DateTime checkDate ) { X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; X509Certificate rootCert = rootRsaOcspBuilder.GetIssuerCert(); TestOcspClient ocspClient = new TestOcspClient().AddBuilderForCertIssuer(rootCert, rootRsaOcspBuilder); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, rootCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, rootCert, checkDate)); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder builder) { String caCertFileName = certsSrc + "rootRsa.p12"; String checkCertFileName = certsSrc + "signCertRsa01.p12"; X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; TestOcspClient ocspClient = new TestOcspClient(builder, caPrivateKey); byte[] basicOcspRespBytes = ocspClient.GetEncoded(checkCert, caCert, null); Asn1Object var2 = Asn1Object.FromByteArray(basicOcspRespBytes); BasicOcspResp basicOCSPResp = new BasicOcspResp(BasicOcspResponse.GetInstance(var2)); OCSPVerifier ocspVerifier = new OCSPVerifier(null, null); return(ocspVerifier.Verify(basicOCSPResp, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime())); }
public virtual byte[] GetEncoded(X509Certificate checkCert, X509Certificate issuerCert, String url) { byte[] bytes = null; try { CertificateID id = SignTestPortUtil.GenerateCertificateId(issuerCert, checkCert.SerialNumber, Org.BouncyCastle.Ocsp.CertificateID.HashSha1 ); TestOcspResponseBuilder builder = issuerIdToResponseBuilder.Get(issuerCert.SerialNumber.ToString(16)); if (builder == null) { throw new ArgumentException("This TestOcspClient instance is not capable of providing OCSP response for the given issuerCert:" + issuerCert.SubjectDN.ToString()); } bytes = builder.MakeOcspResponse(SignTestPortUtil.GenerateOcspRequestWithNonce(id).GetEncoded()); } catch (Exception ignored) { if (ignored is Exception) { throw (Exception)ignored; } } return(bytes); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> private bool VerifyTest(TestOcspResponseBuilder rootRsaOcspBuilder) { return(VerifyTest(rootRsaOcspBuilder, certsSrc + "signCertRsa01.p12", DateTimeUtil.GetCurrentUtcTime())); }
/// <exception cref="Org.BouncyCastle.Security.Certificates.CertificateEncodingException"/> public TestOcspClient(X509Certificate caCert, ICipherParameters caPrivateKey) { this.builder = new TestOcspResponseBuilder(caCert); this.caPrivateKey = caPrivateKey; }
public TestOcspClient(TestOcspResponseBuilder builder, ICipherParameters caPrivateKey) { this.builder = builder; this.caPrivateKey = caPrivateKey; }
public virtual TestOcspClient AddBuilderForCertIssuer(X509Certificate cert, TestOcspResponseBuilder builder ) { issuerIdToResponseBuilder.Put(cert.SerialNumber.ToString(16), builder); return(this); }