Пример #1
0
        /**
         * we Generate a self signed certificate for the sake of testing - DSA
         */
        internal void checkCreation2()
        {
            //
            // set up the keys
            //
            AsymmetricKeyParameter privKey;
            AsymmetricKeyParameter pubKey;

            try
            {
//				KeyPairGenerator g = KeyPairGenerator.GetInstance("DSA", "SUN");
//				g.initialize(512, new SecureRandom());
//				KeyPair p = g.generateKeyPair();
                IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("DSA");
                DsaParametersGenerator dpg = new DsaParametersGenerator();
                dpg.Init(512, 25, new SecureRandom());
                g.Init(new DsaKeyGenerationParameters(new SecureRandom(), dpg.GenerateParameters()));
                AsymmetricCipherKeyPair p = g.GenerateKeyPair();

                privKey = p.Private;
                pubKey = p.Public;
            }
            catch (Exception e)
            {
                Fail("error setting up keys - " + e.ToString());
                return;
            }

            //
            // distinguished name table.
            //
            IList ord = new ArrayList();
            ord.Add(X509Name.C);
            ord.Add(X509Name.O);
            ord.Add(X509Name.L);
            ord.Add(X509Name.ST);
            ord.Add(X509Name.E);

            IList values = new ArrayList();
            values.Add("AU");
            values.Add("The Legion of the Bouncy Castle");
            values.Add("Melbourne");
            values.Add("Victoria");
            values.Add("*****@*****.**");

            //
            // extensions
            //

            //
            // create the certificate - version 3
            //
            X509V3CertificateGenerator  certGen = new X509V3CertificateGenerator();

            certGen.SetSerialNumber(BigInteger.One);
            certGen.SetIssuerDN(new X509Name(ord, values));
            certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            certGen.SetSubjectDN(new X509Name(ord, values));
            certGen.SetPublicKey(pubKey);
            certGen.SetSignatureAlgorithm("SHA1withDSA");

            try
            {
                X509Certificate cert = certGen.Generate(privKey);

                cert.CheckValidity(DateTime.UtcNow);

                cert.Verify(pubKey);

                cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());

                // Console.WriteLine(cert);
            }
            catch (Exception e)
            {
                Fail("error setting generating cert - " + e.ToString());
            }

            //
            // create the certificate - version 1
            //
            X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator();

            certGen1.SetSerialNumber(BigInteger.One);
            certGen1.SetIssuerDN(new X509Name(ord, values));
            certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            certGen1.SetSubjectDN(new X509Name(ord, values));
            certGen1.SetPublicKey(pubKey);
            certGen1.SetSignatureAlgorithm("SHA1withDSA");

            try
            {
                X509Certificate cert = certGen1.Generate(privKey);

                cert.CheckValidity(DateTime.UtcNow);

                cert.Verify(pubKey);

                cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());

                //Console.WriteLine(cert);
            }
            catch (Exception e)
            {
                Fail("error setting generating cert - " + e.ToString());
            }

            //
            // exception test
            //
            try
            {
                certGen.SetPublicKey(dudPublicKey);

                Fail("key without encoding not detected in v1");
            }
            catch (ArgumentException)
            {
                // expected
            }
        }
Пример #2
0
        /**
         * we Generate a self signed certificate for the sake of testing - RSA
         */
        internal void checkCreation1()
        {
            //
            // a sample key pair.
            //
            RsaKeyParameters pubKey = new RsaKeyParameters(
                false,
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16));

            RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters(
                new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
                new BigInteger("11", 16),
                new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16),
                new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16),
                new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16),
                new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16),
                new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16),
                new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16));

            //
            // set up the keys
            //
//			AsymmetricKeyParameter privKey;
//			AsymmetricKeyParameter pubKey;

//			KeyFactory  fact = KeyFactory.GetInstance("RSA");
//
//			privKey = fact.generatePrivate(privKeySpec);
//			pubKey = fact.generatePublic(pubKeySpec);

            //
            // distinguished name table.
            //
            IList ord = new ArrayList();
            ord.Add(X509Name.C);
            ord.Add(X509Name.O);
            ord.Add(X509Name.L);
            ord.Add(X509Name.ST);
            ord.Add(X509Name.E);

            IList values = new ArrayList();
            values.Add("AU");
            values.Add("The Legion of the Bouncy Castle");
            values.Add("Melbourne");
            values.Add("Victoria");
            values.Add("*****@*****.**");

            //
            // extensions
            //

            //
            // create the certificate - version 3 - without extensions
            //
            X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

            certGen.SetSerialNumber(BigInteger.One);
            certGen.SetIssuerDN(new X509Name(ord, values));
            certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            certGen.SetSubjectDN(new X509Name(ord, values));
            certGen.SetPublicKey(pubKey);
            certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");

            X509Certificate cert = certGen.Generate(privKey);

            cert.CheckValidity(DateTime.UtcNow);

            cert.Verify(pubKey);

            ISet dummySet = cert.GetNonCriticalExtensionOids();
            if (dummySet != null)
            {
                Fail("non-critical oid set should be null");
            }
            dummySet = cert.GetCriticalExtensionOids();
            if (dummySet != null)
            {
                Fail("critical oid set should be null");
            }

            //
            // create the certificate - version 3 - with extensions
            //
            certGen = new X509V3CertificateGenerator();

            certGen.SetSerialNumber(BigInteger.One);
            certGen.SetIssuerDN(new X509Name(ord, values));
            certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            certGen.SetSubjectDN(new X509Name(ord, values));
            certGen.SetPublicKey(pubKey);
            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
            certGen.AddExtension("2.5.29.15", true,
                new X509KeyUsage(X509KeyUsage.EncipherOnly));
            certGen.AddExtension("2.5.29.37", true,
                new DerSequence(KeyPurposeID.AnyExtendedKeyUsage));
            certGen.AddExtension("2.5.29.17", true,
                new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "*****@*****.**")));

            cert = certGen.Generate(privKey);

            cert.CheckValidity(DateTime.UtcNow);

            cert.Verify(pubKey);

            cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());

            if (!cert.GetKeyUsage()[7])
            {
                Fail("error generating cert - key usage wrong.");
            }

            IList l = cert.GetExtendedKeyUsage();
            if (!l[0].Equals(KeyPurposeID.AnyExtendedKeyUsage.Id))
            {
                Fail("failed extended key usage test");
            }

            foreach (IList gn in cert.GetSubjectAlternativeNames())
            {
                if (!gn[1].Equals("*****@*****.**"))
                {
                    Fail("failed subject alternative names test");
                }
            }

            // Console.WriteLine(cert);

            //
            // create the certificate - version 1
            //
            X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator();

            certGen1.SetSerialNumber(BigInteger.One);
            certGen1.SetIssuerDN(new X509Name(ord, values));
            certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
            certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
            certGen1.SetSubjectDN(new X509Name(ord, values));
            certGen1.SetPublicKey(pubKey);
            certGen1.SetSignatureAlgorithm("MD5WithRSAEncryption");

            cert = certGen1.Generate(privKey);

            cert.CheckValidity(DateTime.UtcNow);

            cert.Verify(pubKey);

            cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded());

            // Console.WriteLine(cert);
            if (!cert.IssuerDN.Equivalent(cert.SubjectDN))
            {
                Fail("name comparison fails");
            }
        }