private X509AttrCertStoreSelector(
X509AttrCertStoreSelector o)
{
this.attributeCert = o.attributeCert;
this.attributeCertificateValid = o.attributeCertificateValid;
this.holder = o.holder;
this.issuer = o.issuer;
this.serialNumber = o.serialNumber;
}
private X509AttrCertStoreSelector(
X509AttrCertStoreSelector o)
{
this.attributeCert = o.attributeCert;
this.attributeCertificateValid = o.attributeCertificateValid;
this.holder = o.holder;
this.issuer = o.issuer;
this.serialNumber = o.serialNumber;
this.targetGroups = new HashSet(o.targetGroups);
this.targetNames = new HashSet(o.targetNames);
}
private X509AttrCertStoreSelector(
X509AttrCertStoreSelector o)
{
this.attributeCert = o.attributeCert;
this.attributeCertificateValid = o.attributeCertificateValid;
this.holder = o.holder;
this.issuer = o.issuer;
this.serialNumber = o.serialNumber;
this.targetGroups = new HashSet(o.targetGroups);
this.targetNames = new HashSet(o.targetNames);
}
public override bool Equals(object obj)
{
if (obj == this)
{
return(true);
}
if (!(obj is AttributeCertificateHolder))
{
return(false);
}
AttributeCertificateHolder attributeCertificateHolder = (AttributeCertificateHolder)obj;
return(holder.Equals(attributeCertificateHolder.holder));
}
private void doTestCertWithBaseCertificateID()
{
IX509AttributeCertificate attrCert = new X509V2AttributeCertificate(certWithBaseCertificateID);
X509CertificateParser fact = new X509CertificateParser();
X509Certificate cert = fact.ReadCertificate(holderCertWithBaseCertificateID);
AttributeCertificateHolder holder = attrCert.Holder;
if (holder.GetEntityNames() != null)
{
Fail("entity names set when none expected");
}
if (!holder.SerialNumber.Equals(cert.SerialNumber))
{
Fail("holder serial number doesn't Match");
}
if (!holder.GetIssuer()[0].Equivalent(cert.IssuerDN))
{
Fail("holder issuer doesn't Match");
}
if (!holder.Match(cert))
{
Fail("holder not matching holder certificate");
}
if (!holder.Equals(holder.Clone()))
{
Fail("holder clone test failed");
}
if (!attrCert.Issuer.Equals(attrCert.Issuer.Clone()))
{
Fail("issuer clone test failed");
}
equalityAndHashCodeTest(attrCert, certWithBaseCertificateID);
}
public void SetHolder(AttributeCertificateHolder holder)
{
acInfoGen.SetHolder(holder.holder);
}
public override void PerformTest()
{
IX509AttributeCertificate aCert = new X509V2AttributeCertificate(attrCert);
X509CertificateParser fact = new X509CertificateParser();
X509Certificate sCert = fact.ReadCertificate(signCert);
aCert.Verify(sCert.GetPublicKey());
//
// search test
//
IList list = new ArrayList();
list.Add(sCert);
// CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
// CertStore store = CertStore.getInstance("Collection", ccsp);
IX509Store store = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(list));
ArrayList certs = new ArrayList(
// store.getCertificates(aCert.getIssuer()));
store.GetMatches(aCert.Issuer));
if (certs.Count != 1 || !certs.Contains(sCert))
{
Fail("sCert not found by issuer");
}
X509Attribute[] attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
if (attrs == null || attrs.Length != 1)
{
Fail("attribute not found");
}
//
// reencode test
//
aCert = new X509V2AttributeCertificate(aCert.GetEncoded());
aCert.Verify(sCert.GetPublicKey());
IX509AttributeCertificate saCert = new X509V2AttributeCertificate(aCert.GetEncoded());
if (!aCert.NotAfter.Equals(saCert.NotAfter))
{
Fail("failed date comparison");
}
// base generator test
//
// a sample key pair.
//
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
//
// set up the keys
//
// PrivateKey privKey;
// PublicKey pubKey;
//
// KeyFactory kFact = KeyFactory.getInstance("RSA");
//
// privKey = kFact.generatePrivate(privKeySpec);
// pubKey = kFact.generatePublic(pubKeySpec);
X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
gen.AddAttribute(attrs[0]);
gen.SetHolder(aCert.Holder);
gen.SetIssuer(aCert.Issuer);
gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
gen.SetSerialNumber(aCert.SerialNumber);
gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
aCert = gen.Generate(privKey);
aCert.CheckValidity();
aCert.Verify(pubKey);
// as the issuer is the same this should still work (even though it is not
// technically correct
certs = new ArrayList(
// store.getCertificates(aCert.Issuer));
store.GetMatches(aCert.Issuer));
if (certs.Count != 1 || !certs.Contains(sCert))
{
Fail("sCert not found by issuer");
}
attrs = aCert.GetAttributes("1.3.6.1.4.1.6760.8.1.1");
if (attrs == null || attrs.Length != 1)
{
Fail("attribute not found");
}
//
// reencode test
//
aCert = new X509V2AttributeCertificate(aCert.GetEncoded());
aCert.Verify(pubKey);
AttributeCertificateIssuer issuer = aCert.Issuer;
X509Name[] principals = issuer.GetPrincipals();
//
// test holder
//
AttributeCertificateHolder holder = aCert.Holder;
if (holder.GetEntityNames() == null)
{
Fail("entity names not set");
}
if (holder.SerialNumber != null)
{
Fail("holder serial number set when none expected");
}
if (holder.GetIssuer() != null)
{
Fail("holder issuer set when none expected");
}
principals = holder.GetEntityNames();
string ps = principals[0].ToString();
// TODO Check that this is a good enough test
// if (!ps.Equals("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]"))
if (!principals[0].Equivalent(new X509Name("C=US, O=vt, OU=Class 2, OU=Virginia Tech User, CN=Markus Lorch (mlorch), [email protected]")))
{
Fail("principal[0] for entity names don't Match");
}
//
// extension test
//
gen.AddExtension("1.1", true, new DerOctetString(new byte[10]));
gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));
aCert = gen.Generate(privKey);
ISet exts = aCert.GetCriticalExtensionOids();
if (exts.Count != 1 || !exts.Contains("1.1"))
{
Fail("critical extension test failed");
}
exts = aCert.GetNonCriticalExtensionOids();
if (exts.Count != 1 || !exts.Contains("2.2"))
{
Fail("non-critical extension test failed");
}
Asn1OctetString extString = aCert.GetExtensionValue(new DerObjectIdentifier("1.1"));
Asn1Encodable extValue = X509ExtensionUtilities.FromExtensionValue(extString);
if (!extValue.Equals(new DerOctetString(new byte[10])))
{
Fail("wrong extension value found for 1.1");
}
doTestCertWithBaseCertificateID();
doTestGenerateWithCert();
doTestGenerateWithPrincipal();
}
private void doTestGenerateWithPrincipal()
{
X509CertificateParser fact = new X509CertificateParser();
X509Certificate iCert = fact.ReadCertificate(signCert);
//
// a sample key pair.
//
RsaKeyParameters pubKey = new RsaKeyParameters(
false,
new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16),
new BigInteger("11", 16));
//
// set up the keys
//
// PrivateKey privKey;
// PublicKey pubKey;
//
// KeyFactory kFact = KeyFactory.getInstance("RSA");
//
// privKey = kFact.generatePrivate(RSA_PRIVATE_KEY_SPEC);
// pubKey = kFact.generatePublic(pubKeySpec);
AsymmetricKeyParameter privKey = RSA_PRIVATE_KEY_SPEC;
X509V2AttributeCertificateGenerator gen = new X509V2AttributeCertificateGenerator();
// the actual attributes
GeneralName roleName = new GeneralName(GeneralName.Rfc822Name, "DAU123456789");
// roleSyntax OID: 2.5.24.72
X509Attribute attributes = new X509Attribute("2.5.24.72",
new DerSequence(roleName));
gen.AddAttribute(attributes);
gen.SetHolder(new AttributeCertificateHolder(iCert.SubjectDN));
gen.SetIssuer(new AttributeCertificateIssuer(new X509Name("cn=test")));
gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
gen.SetSerialNumber(BigInteger.One);
gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
IX509AttributeCertificate aCert = gen.Generate(privKey);
aCert.CheckValidity();
aCert.Verify(pubKey);
AttributeCertificateHolder holder = aCert.Holder;
if (holder.GetEntityNames() == null)
{
Fail("entity names not set when expected");
}
if (holder.SerialNumber != null)
{
Fail("holder serial number found when none expected");
}
if (holder.GetIssuer() != null)
{
Fail("holder issuer found when none expected");
}
if (!holder.Match(iCert))
{
Fail("generated holder not matching holder certificate");
}
X509Certificate sCert = fact.ReadCertificate(holderCertWithBaseCertificateID);
if (holder.Match(sCert))
{
Fail("principal generated holder matching wrong certificate");
}
equalityAndHashCodeTest(aCert, aCert.GetEncoded());
}
