summary refs log tree commit diff
diff options
context:
space:
mode:
authormw <megan@cryptoworkshop.com>2020-10-27 16:31:51 +1100
committermw <megan@cryptoworkshop.com>2020-10-27 16:31:51 +1100
commitb290b56d91ab7ee85198b2be77925fca9f037ac8 (patch)
treee3b377c06b354a8778d9519e12d93167ee876169
parentAdded fractional time and new tests (diff)
downloadBouncyCastle.NET-ed25519-b290b56d91ab7ee85198b2be77925fca9f037ac8.tar.xz
Finished NewTspTests
Diffstat
-rw-r--r--crypto/src/asn1/x509/X509ExtensionsGenerator.cs13


-rw-r--r--crypto/src/cms/CMSSignedData.cs11


-rw-r--r--crypto/src/cms/CMSSignedHelper.cs20


-rw-r--r--crypto/src/tsp/TimeStampResponseGenerator.cs63


-rw-r--r--crypto/src/tsp/TimeStampToken.cs7


-rw-r--r--crypto/src/tsp/TimeStampTokenGenerator.cs40


-rw-r--r--crypto/test/src/tsp/test/NewTspTest.cs441


7 files changed, 561 insertions, 34 deletions
diff --git a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
index d6f567b22..58620ea5e 100644
--- a/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
+++ b/crypto/src/asn1/x509/X509ExtensionsGenerator.cs
@@ -77,5 +77,16 @@ namespace Org.BouncyCastle.Asn1.X509
 		{
 			return new X509Extensions(extOrdering, extensions);
 		}
-	}
+
+        internal void AddExtension(DerObjectIdentifier oid,  X509Extension x509Extension)
+        {
+            if (extensions.Contains(oid))
+            {				
+				throw new ArgumentException  ("extension " + oid + " already added");
+			}
+
+			extOrdering.Add(oid);
+			extensions.Add(oid, x509Extension);
+        }
+    }
 }
diff --git a/crypto/src/cms/CMSSignedData.cs b/crypto/src/cms/CMSSignedData.cs
index 8634b2b3a..6028de709 100644
--- a/crypto/src/cms/CMSSignedData.cs
+++ b/crypto/src/cms/CMSSignedData.cs
@@ -150,11 +150,16 @@ namespace Org.BouncyCastle.Cms
 			get { return signedData.Version.IntValueExact; }
 		}
 
-		/**
+        internal IX509Store GetCertificates()
+        {
+            return Helper.GetCertificates(signedData.Certificates);
+		}
+
+        /**
 		* return the collection of signers that are associated with the
 		* signatures for the message.
 		*/
-		public SignerInformationStore GetSignerInfos()
+        public SignerInformationStore GetSignerInfos()
 		{
 			if (signerInfoStore == null)
 			{
@@ -217,7 +222,7 @@ namespace Org.BouncyCastle.Cms
 			string type)
 		{
 			if (certificateStore == null)
-			{
+			{				
 				certificateStore = Helper.CreateCertificateStore(type, signedData.Certificates);
 			}
 
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 6d49a5513..d59b8f39d 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -20,6 +20,7 @@ using Org.BouncyCastle.X509;
 using Org.BouncyCastle.X509.Store;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Utilities.Collections;
+using Org.BouncyCastle.Crypto.Tls;
 
 namespace Org.BouncyCastle.Cms
 {
@@ -127,7 +128,9 @@ namespace Org.BouncyCastle.Cms
             ecAlgorithms.Add(CmsSignedGenerator.DigestSha512, EncryptionECDsaWithSha512);
     }
 
-		/**
+       
+
+        /**
         * Return the digest algorithm using one of the standard JCA string
         * representations rather than the algorithm identifier (if possible).
         */
@@ -422,5 +425,18 @@ namespace Org.BouncyCastle.Cms
 
             return encOID;
         }
-    }
+
+		public IX509Store GetCertificates(Asn1Set certificates)
+		{
+			ArrayList certList = new ArrayList();
+			if (certificates != null)
+            {				
+				foreach (Asn1Encodable enc in certificates)
+                {
+					certList.Add(X509CertificateStructure.GetInstance(enc));
+                }				
+			}
+			return new X509CollectionStore(certList);
+		}
+	}
 }
diff --git a/crypto/src/tsp/TimeStampResponseGenerator.cs b/crypto/src/tsp/TimeStampResponseGenerator.cs
index b596f8d97..69a5c098b 100644
--- a/crypto/src/tsp/TimeStampResponseGenerator.cs
+++ b/crypto/src/tsp/TimeStampResponseGenerator.cs
@@ -6,6 +6,7 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.Cms;
 using Org.BouncyCastle.Asn1.Tsp;
+using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities.Date;
 
@@ -163,6 +164,68 @@ namespace Org.BouncyCastle.Tsp
             }
         }
 
+
+        public TimeStampResponse GenerateGrantedResponse(
+            TimeStampRequest request,
+            BigInteger serialNumber,
+            DateTimeObject genTime, 
+            String statusString, 
+            X509Extensions additionalExtensions)
+        {
+            TimeStampResp resp;
+
+            try
+            {
+                if (genTime == null)
+                    throw new TspValidationException("The time source is not available.",
+                        PkiFailureInfo.TimeNotAvailable);
+
+                request.Validate(acceptedAlgorithms, acceptedPolicies, acceptedExtensions);
+
+                this.status = PkiStatus.Granted;
+                this.AddStatusString(statusString);
+
+                PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo();
+
+                ContentInfo tstTokenContentInfo;
+                try
+                {
+                    TimeStampToken token = tokenGenerator.Generate(request, serialNumber, genTime.Value,additionalExtensions);
+                    byte[] encoded = token.ToCmsSignedData().GetEncoded();
+
+                    tstTokenContentInfo = ContentInfo.GetInstance(Asn1Object.FromByteArray(encoded));
+                }
+                catch (IOException e)
+                {
+                    throw new TspException("Timestamp token received cannot be converted to ContentInfo", e);
+                }
+
+                resp = new TimeStampResp(pkiStatusInfo, tstTokenContentInfo);
+            }
+            catch (TspValidationException e)
+            {
+                status = PkiStatus.Rejection;
+
+                this.SetFailInfoField(e.FailureCode);
+                this.AddStatusString(e.Message);
+
+                PkiStatusInfo pkiStatusInfo = GetPkiStatusInfo();
+
+                resp = new TimeStampResp(pkiStatusInfo, null);
+            }
+
+            try
+            {
+                return new TimeStampResponse(resp);
+            }
+            catch (IOException e)
+            {
+                throw new TspException("created badly formatted response!", e);
+            }
+        }
+       
+
+
         class FailInfo
             : DerBitString
         {
diff --git a/crypto/src/tsp/TimeStampToken.cs b/crypto/src/tsp/TimeStampToken.cs
index 0615cbd76..1245589b4 100644
--- a/crypto/src/tsp/TimeStampToken.cs
+++ b/crypto/src/tsp/TimeStampToken.cs
@@ -146,7 +146,12 @@ namespace Org.BouncyCastle.Tsp
 			return tsToken.GetCrls(type);
 		}
 
-	    public IX509Store GetAttributeCertificates(
+        public IX509Store GetCertificates()
+        {
+			return tsToken.GetCertificates();
+        }
+
+        public IX509Store GetAttributeCertificates(
 			string type)
 	    {
 	        return tsToken.GetAttributeCertificates(type);
diff --git a/crypto/src/tsp/TimeStampTokenGenerator.cs b/crypto/src/tsp/TimeStampTokenGenerator.cs
index 5badcfdd0..dad0db63b 100644
--- a/crypto/src/tsp/TimeStampTokenGenerator.cs
+++ b/crypto/src/tsp/TimeStampTokenGenerator.cs
@@ -253,9 +253,18 @@ namespace Org.BouncyCastle.Tsp
         //------------------------------------------------------------------------------
 
         public TimeStampToken Generate(
+           TimeStampRequest request,
+           BigInteger serialNumber,
+           DateTime genTime)
+        {
+            return Generate(request, serialNumber, genTime, null);
+        }
+
+
+            public TimeStampToken Generate(
             TimeStampRequest request,
             BigInteger serialNumber,
-            DateTime genTime)
+            DateTime genTime, X509Extensions additionalExtensions)
         {
             DerObjectIdentifier digestAlgOID = new DerObjectIdentifier(request.MessageImprintAlgOid);
 
@@ -304,6 +313,33 @@ namespace Org.BouncyCastle.Tsp
                 tsaPolicy = new DerObjectIdentifier(request.ReqPolicy);
             }
 
+
+            X509Extensions respExtensions = request.Extensions;
+            if (additionalExtensions != null)
+            {
+                X509ExtensionsGenerator extGen = new X509ExtensionsGenerator();
+
+                if (respExtensions != null)
+                {                    
+                    foreach(object oid in respExtensions.ExtensionOids)
+                    {
+                        DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid);
+                        extGen.AddExtension(id, respExtensions.GetExtension(DerObjectIdentifier.GetInstance(id)));
+                    }                   
+                }
+
+                foreach (object oid in additionalExtensions.ExtensionOids)
+                {
+                    DerObjectIdentifier id = DerObjectIdentifier.GetInstance(oid);
+                    extGen.AddExtension(id, additionalExtensions.GetExtension(DerObjectIdentifier.GetInstance(id)));
+
+                }
+           
+                respExtensions = extGen.Generate();
+            }
+
+
+
             DerGeneralizedTime generalizedTime;
             if (resolution != Resolution.R_SECONDS)
             {
@@ -316,7 +352,7 @@ namespace Org.BouncyCastle.Tsp
 
             TstInfo tstInfo = new TstInfo(tsaPolicy, messageImprint,
                 new DerInteger(serialNumber), generalizedTime, accuracy,
-                derOrdering, nonce, tsa, request.Extensions);
+                derOrdering, nonce, tsa, respExtensions);
 
             try
             {
diff --git a/crypto/test/src/tsp/test/NewTspTest.cs b/crypto/test/src/tsp/test/NewTspTest.cs
index b12035928..6437064c1 100644
--- a/crypto/test/src/tsp/test/NewTspTest.cs
+++ b/crypto/test/src/tsp/test/NewTspTest.cs
@@ -10,10 +10,10 @@ using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Paddings;
 using Org.BouncyCastle.Crypto.Tls;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Date;
 using Org.BouncyCastle.X509;
 using Org.BouncyCastle.X509.Store;
 using System;
@@ -52,7 +52,6 @@ namespace Org.BouncyCastle.Tsp.Tests
 				new X509CollectionStoreParameters(certList));
 
 
-
 			basicTest(origKP.Private, cert, certs);
 			resolutionTest(origKP.Private, cert, certs, Resolution.R_SECONDS, "19700101000009Z");
 			resolutionTest(origKP.Private, cert, certs, Resolution.R_TENTHS_OF_SECONDS, "19700101000009.9Z");
@@ -64,54 +63,446 @@ namespace Org.BouncyCastle.Tsp.Tests
 			responseValidationTest(origKP.Private, cert, certs);
 			incorrectHashTest(origKP.Private, cert, certs);
 			badAlgorithmTest(origKP.Private, cert, certs);
-			//timeNotAvailableTest(origKP.Private, cert, certs);
+			timeNotAvailableTest(origKP.Private, cert, certs);
+			badPolicyTest(origKP.Private, cert, certs);
+			tokenEncodingTest(origKP.Private, cert, certs);
+			certReqTest(origKP.Private, cert, certs);
+			testAccuracyZeroCerts(origKP.Private, cert, certs);
+			testAccuracyWithCertsAndOrdering(origKP.Private, cert, certs);
+			testNoNonse(origKP.Private, cert, certs);
+			extensionTest(origKP.Private, cert, certs);
+			additionalExtensionTest(origKP.Private, cert, certs);
+
+		}
+
+        private void additionalExtensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				 privateKey, cert, TspAlgorithms.Sha1, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+			tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test")));
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			X509ExtensionsGenerator extensionsGenerator = new X509ExtensionsGenerator();
+			extensionsGenerator.AddExtension(X509Extensions.AuditIdentity, false, new DerUtf8String("Test"));
+
+
+			TimeStampResponse tsResp = tsRespGen.GenerateGrantedResponse(request, new BigInteger("23"), new DateTimeObject( DateTime.UtcNow), "Okay", extensionsGenerator.Generate());
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			tsToken.Validate(cert);
+
+            Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
+
+			Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate],"no signingCertificate attribute found");
+
+			X509Extensions ext = tsToken.TimeStampInfo.TstInfo.Extensions;
+
+			Assert.True(1 == ext.GetExtensionOids().Length);
+
+			X509Extension left = new X509Extension(DerBoolean.False, new DerOctetString( new DerUtf8String("Test").GetEncoded()));
+			Assert.True(left.Equals (ext.GetExtension(X509Extensions.AuditIdentity)));
+
 
 
 		}
 
-        private void timeNotAvailableTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+		private void extensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
         {
 			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
-				   privateKey, cert, TspAlgorithms.Sha1, "1.2");
+				 privateKey, cert, TspAlgorithms.Sha1, "1.2");
 
 			tsTokenGen.SetCertificates(certs);
 
 			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
-			TimeStampRequest request = reqGen.Generate(new DerObjectIdentifier("1.2.3.4.5"), new byte[20]);
 
-			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);			
+			// --- These are test case only values
+			reqGen.SetReqPolicy("2.5.29.56"); 
+			reqGen.AddExtension(new DerObjectIdentifier("1.3.6.1.5.5.7.1.2"), true, new DerOctetString(new byte[20]));
+			// --- not for any real world purpose.
 
-			TimeStampResponse tsResp = null;
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
 
 			try
 			{
-				tsResp = tsRespGen.Generate(request, new BigInteger("23"), null);
+				request.Validate(new ArrayList(), new ArrayList(), new ArrayList());
+				Assert.Fail("expected exception");
+			} catch(Exception ex)
+            {
+				Assert.True("request contains unknown algorithm" == ex.Message);
+            }
+
+			ArrayList algorithms = new ArrayList();
+			algorithms.Add(TspAlgorithms.Sha1);
+
+			try
+			{
+				request.Validate(algorithms, new ArrayList(), new ArrayList());
+				Assert.Fail("no exception");
 			}
-			catch (TspException e)
+			catch (Exception e)
 			{
-				Console.WriteLine();
+				Assert.IsTrue(e.Message == "request contains unknown policy");
 			}
 
+			ArrayList policies = new ArrayList();
+
+			// Testing only do not use in real world.
+			policies.Add("2.5.29.56");
+
+			try
+			{
+				request.Validate(algorithms, policies, new ArrayList());
+				Assert.Fail("no exception");
+			}
+			catch (Exception e)
+			{
+				Assert.IsTrue(e.Message == "request contains unknown extension");
+			}
+
+			ArrayList extensions = new ArrayList();
+
+			// Testing only do not use in real world/
+			extensions.Add("1.3.6.1.5.5.7.1.2");
+
+
+			// should validate with full set
+			request.Validate(algorithms, policies, extensions);
+
+			// should validate with null policy
+			request.Validate(algorithms, null, extensions);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("23"), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			tsToken.Validate(cert);
+
+            Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
+
+			Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found");
+		}
+
+		private void testNoNonse(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				privateKey, cert, TspAlgorithms.MD5, "1.2.3");
+
+			tsTokenGen.SetCertificates(certs);
+	
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
+
+			ArrayList algorithms = new ArrayList();
+			algorithms.Add(TspAlgorithms.Sha1);
+
+			request.Validate(algorithms, new ArrayList(), new ArrayList());
+
+			Assert.False(request.CertReq);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("24"), DateTime.UtcNow);
+
 			tsResp = new TimeStampResponse(tsResp.GetEncoded());
 
-			//TimeStampToken tsToken = tsResp.TimeStampToken;
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			tsToken.Validate(cert);
+
+			tsResp.Validate(request);
+
+			TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
+
+			GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
+
+			Assert.IsNull(accuracy);
+
+			Assert.IsTrue(new BigInteger("24").Equals(tstInfo.SerialNumber));
+
 
-			//if (tsToken != null)
-			//{
-			//	fail("timeNotAvailable - token not null.");
-			//}
+			Assert.IsTrue("1.2.3" ==  tstInfo.Policy);
 
-			//PKIFailureInfo failInfo = tsResp.getFailInfo();
+			Assert.False( tstInfo.IsOrdered);
 
-			//if (failInfo == null)
-			//{
-			//	fail("timeNotAvailable - failInfo set to null.");
-			//}
+			Assert.IsNull(tstInfo.Nonce);
+
+			//
+			// test certReq
+			//
+			IX509Store store = tsToken.GetCertificates();
+
+			ICollection certificates = store.GetMatches(null);
+
+			Assert.IsTrue(0 == certificates.Count);
+
+
+		}
+
+		private void testAccuracyWithCertsAndOrdering(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				privateKey, cert, TspAlgorithms.MD5, "1.2.3");
+
+			tsTokenGen.SetCertificates(certs);
+
+			tsTokenGen.SetAccuracySeconds(1);
+			tsTokenGen.SetAccuracyMillis(2);
+			tsTokenGen.SetAccuracyMicros(3);
+
+			tsTokenGen.SetOrdering(true);
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
 
-			//if (failInfo.intValue() != PKIFailureInfo.timeNotAvailable)
-			//{
-			//	fail("timeNotAvailable - wrong failure info returned.");
-			//}
+			reqGen.SetCertReq(true);
+
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+
+			//
+			// This is different to the Java API.
+			//
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+
+			tsResp.Validate(request);
+
+			TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
+
+			GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
+
+			Assert.IsTrue(1 == accuracy.Seconds);
+			Assert.IsTrue(2 == accuracy.Millis);
+			Assert.IsTrue(3 == accuracy.Micros);
+
+			Assert.IsTrue(new BigInteger("23").Equals(tstInfo.SerialNumber));
+
+			Assert.IsTrue("1.2.3" == tstInfo.Policy);
+
+			IX509Store store = tsToken.GetCertificates();
+
+			ICollection certificates = store.GetMatches(null);
+
+			Assert.IsTrue(2 == certificates.Count);
+
+		}
+
+		private void testAccuracyZeroCerts(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+			  privateKey, cert, TspAlgorithms.MD5, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+
+			tsTokenGen.SetAccuracySeconds(1);
+			tsTokenGen.SetAccuracyMillis(2);
+			tsTokenGen.SetAccuracyMicros(3);
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+	
+			tsResp.Validate(request);
+
+			TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
+
+			GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
+
+			Assert.IsTrue(1 == accuracy.Seconds);
+			Assert.IsTrue(2 == accuracy.Millis);
+			Assert.IsTrue(3 == accuracy.Micros);
+
+			Assert.IsTrue(new BigInteger("23").Equals(tstInfo.SerialNumber));
+
+			Assert.IsTrue("1.2" == tstInfo.Policy);
+
+			IX509Store store = tsToken.GetCertificates();
+
+			ICollection certificates = store.GetMatches(null);
+
+			Assert.IsTrue(0 == certificates.Count);
+		}
+
+        private void certReqTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+			  privateKey, cert, TspAlgorithms.MD5, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+			
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			reqGen.SetCertReq(false);
+
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			Assert.IsNull(tsToken.TimeStampInfo.GenTimeAccuracy);  // check for abscence of accuracy
+
+			Assert.True("1.2".Equals( tsToken.TimeStampInfo.Policy));
+
+			try
+			{
+				tsToken.Validate(cert);
+			}
+			catch (TspValidationException e)
+			{
+				Assert.Fail("certReq(false) verification of token failed.");
+			}
+
+			var store = tsToken.GetCertificates();
+			var certsColl = store.GetMatches(null);
+
+			if (certsColl.Count >0)
+			{
+				Assert.Fail("certReq(false) found certificates in response.");
+			}
+		}
+
+		private void tokenEncodingTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				 privateKey, cert, TspAlgorithms.Sha1, "1.2.3.4.5.6");
+
+			tsTokenGen.SetCertificates(certs);
+		
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampResponse tsResponse = new TimeStampResponse(tsResp.GetEncoded());
+
+			if (!Arrays.AreEqual(tsResponse.GetEncoded(), tsResp.GetEncoded())
+				|| !Arrays.AreEqual(tsResponse.TimeStampToken.GetEncoded(),
+				tsResp.TimeStampToken.GetEncoded()))
+			{
+				Assert.Fail();
+			}
+		}
+
+		private void badPolicyTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				  privateKey, cert, TspAlgorithms.Sha1, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+			
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			reqGen.SetReqPolicy("1.1");
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, new ArrayList());
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			if (tsToken != null)
+			{
+				Assert.Fail("badPolicy - token not null.");
+			}
+
+			PkiFailureInfo failInfo = tsResp.GetFailInfo();
+
+			if (failInfo == null)
+			{
+				Assert.Fail("badPolicy - failInfo set to null.");
+			}
+
+			if (failInfo.IntValue != PkiFailureInfo.UnacceptedPolicy)
+			{
+				Assert.Fail("badPolicy - wrong failure info returned.");
+			}
+
+
+		}
+
+		private void timeNotAvailableTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				   privateKey, cert, TspAlgorithms.Sha1, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(new DerObjectIdentifier("1.2.3.4.5"), new byte[20]);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);			
+
+			TimeStampResponse tsResp = null;
+
+
+			//
+			// This is different to the java api.
+			// the java version has two calls, generateGrantedResponse and generateRejectedResponse
+			// See line 726 of NewTspTest
+			//
+
+			tsResp = tsRespGen.Generate(request, new BigInteger("23"), null);
+					
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			if (tsToken != null)
+			{
+				Assert.Fail("timeNotAvailable - token not null.");
+			}
+
+			PkiFailureInfo failInfo = tsResp.GetFailInfo();
+
+			if (failInfo == null)
+			{
+				Assert.Fail("timeNotAvailable - failInfo set to null.");
+			}
+
+			if (failInfo.IntValue != PkiFailureInfo.TimeNotAvailable)
+			{
+				Assert.Fail("timeNotAvailable - wrong failure info returned.");
+			}
 		}
 
         private void badAlgorithmTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 17:15:12 +0000