private X509AttrCertStoreSelector( X509AttrCertStoreSelector o) { this.attributeCert = o.attributeCert; this.attributeCertificateValid = o.attributeCertificateValid; this.holder = o.holder; this.issuer = o.issuer; this.serialNumber = o.serialNumber; }
private X509AttrCertStoreSelector( X509AttrCertStoreSelector o) { this.attributeCert = o.attributeCert; this.attributeCertificateValid = o.attributeCertificateValid; this.holder = o.holder; this.issuer = o.issuer; this.serialNumber = o.serialNumber; this.targetGroups = new HashSet(o.targetGroups); this.targetNames = new HashSet(o.targetNames); }
public override bool Equals(object obj) { if (obj == this) { return(true); } if (!(obj is AttributeCertificateHolder)) { return(false); } AttributeCertificateHolder attributeCertificateHolder = (AttributeCertificateHolder)obj; return(holder.Equals(attributeCertificateHolder.holder)); }
private void doTestCertWithBaseCertificateID() { IX509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID); X509CertificateParser fact = new X509CertificateParser(); X509Certificate cert = fact.ReadCertificate(holderCertWithBaseCertificateID); AttributeCertificateHolder holder = attrCert.Holder; if (holder.GetEntityNames() != null) { Fail("entity names set when none expected"); } if (!holder.SerialNumber.Equals(cert.SerialNumber)) { Fail("holder serial number doesn't Match"); } if (!holder.GetIssuer()[0].Equivalent(cert.IssuerDN)) { Fail("holder issuer doesn't Match"); } if (!holder.Match(cert)) { Fail("holder not matching holder certificate"); } if (!holder.Equals(holder.Clone())) { Fail("holder clone test failed"); } if (!attrCert.Issuer.Equals(attrCert.Issuer.Clone())) { Fail("issuer clone test failed"); } equalityAndHashCodeTest(attrCert, certWithBaseCertificateID); }
public void SetHolder(AttributeCertificateHolder holder) { acInfoGen.SetHolder(holder.holder); }
public override void PerformTest() { IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert); X509CertificateParser fact = new X509CertificateParser(); X509Certificate sCert = fact.ReadCertificate(signCert); aCert.Verify(sCert.GetPublicKey()); // // search test // IList list = new ArrayList(); list.Add(sCert); // CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list); // CertStore store = CertStore.getInstance("Collection", ccsp); IX509Store store = X509StoreFactory.Create( "Certificate/Collection", new X509CollectionStoreParameters(list)); ArrayList certs = new ArrayList( // store.getCertificates(aCert.getIssuer())); store.GetMatches(aCert.Issuer)); if (certs.Count != 1 || !certs.Contains(sCert)) { Fail("sCert not found by issuer"); } X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1"); if (attrs == null || attrs.Length != 1) { Fail("attribute not found"); } // // reencode test // aCert = new X509V2AttributeCertificate(aCert.GetEncoded()); aCert.Verify(sCert.GetPublicKey()); IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded()); if (!aCert.NotAfter.Equals(saCert.NotAfter)) { Fail("failed date comparison"); } // base generator test // // a sample key pair. // RsaKeyParameters pubKey = new RsaKeyParameters( false, new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC; // // set up the keys // // PrivateKey privKey; // PublicKey pubKey; // // KeyFactory kFact = KeyFactory.getInstance("RSA"); // // privKey = kFact.generatePrivate(privKeySpec); // pubKey = kFact.generatePublic(pubKeySpec); X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); gen.AddAttribute(attrs[0]); gen.SetHolder(aCert.Holder); gen.SetIssuer(aCert.Issuer); gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); gen.SetSerialNumber(aCert.SerialNumber); gen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); aCert = gen.Generate(privKey); aCert.CheckValidity(); aCert.Verify(pubKey); // as the issuer is the same this should still work (even though it is not // technically correct certs = new ArrayList( // store.getCertificates(aCert.Issuer)); store.GetMatches(aCert.Issuer)); if (certs.Count != 1 || !certs.Contains(sCert)) { Fail("sCert not found by issuer"); } attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1"); if (attrs == null || attrs.Length != 1) { Fail("attribute not found"); } // // reencode test // aCert = new X509V2AttributeCertificate(aCert.GetEncoded()); aCert.Verify(pubKey); AttributeCertificateIssuer issuer = aCert.Issuer; X509Name[] principals = issuer.GetPrincipals(); // // test holder // AttributeCertificateHolder holder = aCert.Holder; if (holder.GetEntityNames() == null) { Fail("entity names not set"); } if (holder.SerialNumber != null) { Fail("holder serial number set when none expected"); } if (holder.GetIssuer() != null) { Fail("holder issuer set when none expected"); } principals = holder.GetEntityNames(); string ps = principals[0].ToString(); // TODO Check that this is a good enough test // if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")) if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))) { Fail("principal[0] for entity names don't Match"); } // // extension test // gen.AddExtension("1.1", true, new DerOctetString(new byte[10])); gen.AddExtension("2.2", false, new DerOctetString(new byte[20])); aCert = gen.Generate(privKey); ISet exts = aCert.GetCriticalExtensionOids(); if (exts.Count != 1 || !exts.Contains("1.1")) { Fail("critical extension test failed"); } exts = aCert.GetNonCriticalExtensionOids(); if (exts.Count != 1 || !exts.Contains("2.2")) { Fail("non-critical extension test failed"); } Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1")); Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extString); if (!extValue.Equals(new DerOctetString(new byte[10]))) { Fail("wrong extension value found for 1.1"); } doTestCertWithBaseCertificateID(); doTestGenerateWithCert(); doTestGenerateWithPrincipal(); }
private void doTestGenerateWithPrincipal() { X509CertificateParser fact = new X509CertificateParser(); X509Certificate iCert = fact.ReadCertificate(signCert); // // a sample key pair. // RsaKeyParameters pubKey = new RsaKeyParameters( false, new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); // // set up the keys // // PrivateKey privKey; // PublicKey pubKey; // // KeyFactory kFact = KeyFactory.getInstance("RSA"); // // privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC); // pubKey = kFact.generatePublic(pubKeySpec); AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC; X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator(); // the actual attributes GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789"); // roleSyntax OID: 2.5.24.72 X509Attribute attributes = new X509Attribute("2.5.24.72", new DerSequence(roleName)); gen.AddAttribute(attributes); gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN)); gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test"))); gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); gen.SetSerialNumber(BigInteger.One); gen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); IX509AttributeCertificate aCert = gen.Generate(privKey); aCert.CheckValidity(); aCert.Verify(pubKey); AttributeCertificateHolder holder = aCert.Holder; if (holder.GetEntityNames() == null) { Fail("entity names not set when expected"); } if (holder.SerialNumber != null) { Fail("holder serial number found when none expected"); } if (holder.GetIssuer() != null) { Fail("holder issuer found when none expected"); } if (!holder.Match(iCert)) { Fail("generated holder not matching holder certificate"); } X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID); if (holder.Match(sCert)) { Fail("principal generated holder matching wrong certificate"); } equalityAndHashCodeTest(aCert, aCert.GetEncoded()); }