Пример #1
0
        private ApplicationTestData RandomApplicationTestData()
        {
            // TODO: set to discoveryserver
            ApplicationType appType     = (ApplicationType)_randomSource.NextInt32((int)ApplicationType.ClientAndServer);
            string          pureAppName = _dataGenerator.GetRandomString("en");

            pureAppName = Regex.Replace(pureAppName, @"[^\w\d\s]", "");
            string           pureAppUri         = Regex.Replace(pureAppName, @"[^\w\d]", "");
            string           appName            = "UA " + pureAppName;
            StringCollection domainNames        = RandomDomainNames();
            string           localhost          = domainNames[0];
            string           privateKeyFormat   = _randomSource.NextInt32(1) == 0 ? "PEM" : "PFX";
            string           appUri             = ("urn:localhost:opcfoundation.org:" + pureAppUri.ToLower()).Replace("localhost", localhost);
            string           prodUri            = "http://opcfoundation.org/UA/" + pureAppUri;
            StringCollection discoveryUrls      = new StringCollection();
            StringCollection serverCapabilities = new StringCollection();
            int port = (_dataGenerator.GetRandomInt16() & 0x1fff) + 50000;

            switch (appType)
            {
            case ApplicationType.Client:
                appName += " Client";
                break;

            case ApplicationType.ClientAndServer:
                appName += " Client and";
                goto case ApplicationType.Server;

            case ApplicationType.DiscoveryServer:
                appName      += " DiscoveryServer";
                discoveryUrls = RandomDiscoveryUrl(domainNames, 4840, pureAppUri);
                serverCapabilities.Add("LDS");
                break;

            case ApplicationType.Server:
                appName           += " Server";
                discoveryUrls      = RandomDiscoveryUrl(domainNames, port, pureAppUri);
                serverCapabilities = RandomServerCapabilities();
                break;
            }
            ApplicationTestData testData = new ApplicationTestData
            {
                ApplicationRecord = new ApplicationRecordDataType
                {
                    ApplicationNames = new LocalizedTextCollection {
                        new LocalizedText("en-us", appName)
                    },
                    ApplicationUri     = appUri,
                    ApplicationType    = appType,
                    ProductUri         = prodUri,
                    DiscoveryUrls      = discoveryUrls,
                    ServerCapabilities = serverCapabilities
                },
                DomainNames      = domainNames,
                Subject          = String.Format("CN={0},DC={1},O=OPC Foundation", appName, localhost),
                PrivateKeyFormat = privateKeyFormat
            };

            return(testData);
        }
Пример #2
0
        public static void VerifySignedApplicationCert(ApplicationTestData testApp, byte [] rawSignedCert, byte [][] rawIssuerCerts)
        {
            X509Certificate2 signedCert = new X509Certificate2(rawSignedCert);
            X509Certificate2 issuerCert = new X509Certificate2(rawIssuerCerts[0]);

            Assert.NotNull(signedCert);
            Assert.False(signedCert.HasPrivateKey);
            Assert.True(Utils.CompareDistinguishedName(testApp.Subject, signedCert.Subject));
            Assert.False(Utils.CompareDistinguishedName(signedCert.Issuer, signedCert.Subject));
            Assert.True(Utils.CompareDistinguishedName(signedCert.Issuer, issuerCert.Subject));

            // test basic constraints
            var constraints = FindBasicConstraintsExtension(signedCert);

            Assert.NotNull(constraints);
            Assert.True(constraints.Critical);
            Assert.False(constraints.CertificateAuthority);
            Assert.False(constraints.HasPathLengthConstraint);

            // key usage
            var keyUsage = FindKeyUsageExtension(signedCert);

            Assert.NotNull(keyUsage);
            Assert.True(keyUsage.Critical);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment);
            Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation);

            // enhanced key usage
            var enhancedKeyUsage = FindEnhancedKeyUsageExtension(signedCert);

            Assert.NotNull(enhancedKeyUsage);
            Assert.True(enhancedKeyUsage.Critical);

            // test for authority key
            X509AuthorityKeyIdentifierExtension authority = FindAuthorityKeyIdentifier(signedCert);

            Assert.NotNull(authority);
            Assert.NotNull(authority.SerialNumber);
            Assert.NotNull(authority.KeyId);
            Assert.NotNull(authority.AuthorityNames);

            // verify authority key in signed cert
            X509SubjectKeyIdentifierExtension subjectKeyId = FindSubjectKeyIdentifierExtension(issuerCert);

            Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyId);
            Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber);

            X509SubjectAltNameExtension subjectAlternateName = FindSubjectAltName(signedCert);

            Assert.NotNull(subjectAlternateName);
            Assert.False(subjectAlternateName.Critical);
            var domainNames = Utils.GetDomainsFromCertficate(signedCert);

            foreach (var domainName in testApp.DomainNames)
            {
                Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase));
            }
            Assert.True(subjectAlternateName.Uris.Count == 1);
            var applicationUri = Utils.GetApplicationUriFromCertificate(signedCert);

            Assert.True(testApp.ApplicationRecord.ApplicationUri == applicationUri);
        }