internal void checkKeyUsage( int id, byte[] bytes) { string dump = ""; try { X509Certificate cert = new X509CertificateParser().ReadCertificate(bytes); AsymmetricKeyParameter k = cert.GetPublicKey(); if (cert.GetKeyUsage()[7]) { Fail("error generating cert - key usage wrong."); } // Console.WriteLine(cert); } catch (Exception e) { Fail(dump + SimpleTest.NewLine + Name + ": "+ id + " failed - exception " + e.Message, e); } }
/** * we Generate a self signed certificate for the sake of testing - RSA */ internal void checkCreation1() { // // a sample key pair. // RsaKeyParameters pubKey = new RsaKeyParameters( false, new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16)); RsaPrivateCrtKeyParameters privKey = new RsaPrivateCrtKeyParameters( new BigInteger("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", 16), new BigInteger("11", 16), new BigInteger("9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89", 16), new BigInteger("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", 16), new BigInteger("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", 16), new BigInteger("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", 16), new BigInteger("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", 16), new BigInteger("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", 16)); // // set up the keys // // AsymmetricKeyParameter privKey; // AsymmetricKeyParameter pubKey; // KeyFactory fact = KeyFactory.GetInstance("RSA"); // // privKey = fact.generatePrivate(privKeySpec); // pubKey = fact.generatePublic(pubKeySpec); // // distinguished name table. // IList ord = new ArrayList(); ord.Add(X509Name.C); ord.Add(X509Name.O); ord.Add(X509Name.L); ord.Add(X509Name.ST); ord.Add(X509Name.E); IList values = new ArrayList(); values.Add("AU"); values.Add("The Legion of the Bouncy Castle"); values.Add("Melbourne"); values.Add("Victoria"); values.Add("*****@*****.**"); // // extensions // // // create the certificate - version 3 - without extensions // X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, values)); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen.SetSubjectDN(new X509Name(ord, values)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption"); X509Certificate cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); ISet dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { Fail("non-critical oid set should be null"); } dummySet = cert.GetCriticalExtensionOids(); if (dummySet != null) { Fail("critical oid set should be null"); } // // create the certificate - version 3 - with extensions // certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, values)); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen.SetSubjectDN(new X509Name(ord, values)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("MD5WithRSAEncryption"); certGen.AddExtension("2.5.29.15", true, new X509KeyUsage(X509KeyUsage.EncipherOnly)); certGen.AddExtension("2.5.29.37", true, new DerSequence(KeyPurposeID.AnyExtendedKeyUsage)); certGen.AddExtension("2.5.29.17", true, new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "*****@*****.**"))); cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded()); if (!cert.GetKeyUsage()[7]) { Fail("error generating cert - key usage wrong."); } IList l = cert.GetExtendedKeyUsage(); if (!l[0].Equals(KeyPurposeID.AnyExtendedKeyUsage.Id)) { Fail("failed extended key usage test"); } foreach (IList gn in cert.GetSubjectAlternativeNames()) { if (!gn[1].Equals("*****@*****.**")) { Fail("failed subject alternative names test"); } } // Console.WriteLine(cert); // // create the certificate - version 1 // X509V1CertificateGenerator certGen1 = new X509V1CertificateGenerator(); certGen1.SetSerialNumber(BigInteger.One); certGen1.SetIssuerDN(new X509Name(ord, values)); certGen1.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen1.SetSubjectDN(new X509Name(ord, values)); certGen1.SetPublicKey(pubKey); certGen1.SetSignatureAlgorithm("MD5WithRSAEncryption"); cert = certGen1.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); cert = new X509CertificateParser().ReadCertificate(cert.GetEncoded()); // Console.WriteLine(cert); if (!cert.IssuerDN.Equivalent(cert.SubjectDN)) { Fail("name comparison fails"); } }
bool certTesting() { Console.WriteLine("Unesite putanju do certifikata!"); X509Certificate2 x509 = new X509Certificate2(); pathOfCert = Console.ReadLine(); //Create X509Certificate2 object from .pem file. try { byte[] rawData = ReadFile(pathOfCert); x509.Import(rawData); var cert = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(x509.GetRawCertData()); bool[] keyUsage = cert.GetKeyUsage(); foreach (bool key in keyUsage) { Console.WriteLine("OK{0}", key); } byte[] buf = ReadFile("lista1.pem"); X509CrlParser xx = new X509CrlParser(); X509Crl ss = xx.ReadCrl(buf); var nextupdate = ss.NextUpdate; var isRevoked = ss.IsRevoked(cert); //Console.WriteLine("{0} {1}", nextupdate, isRevoked); DateTime dateNow = DateTime.Now; //Da uporedimo jel lista jos dalje aktivna! DateTime dateList = nextupdate.Value; if (dateNow.Date > dateList.Date) { Console.WriteLine("Izabrata CRL lista je outOfDate,prosledite novu,za dalji rad!"); return(false); } else if (isRevoked == true) { Console.WriteLine("Certefikat je povucen i ne moze se koristit!\nZelite odabrati drugi certifikat"); string decision = Console.ReadLine(); if (decision == "Y" || decision == "y") { Console.Clear(); certTesting(); } else { return(false); } } //DODATI OVDE JOS else if za provjeru za sta se key certifikata moze koristit! //i ako je uredan ispisati da je cert uredan } catch (Exception ex) { Console.WriteLine(ex.Message); Console.WriteLine("Nepravilan odabir certifikata!\nZelite opet probati (Y/N)"); string decision = Console.ReadLine(); if (decision == "Y" || decision == "y") { Console.Clear(); certTesting(); } else { return(false); } } return(true); }