summary refs log tree commit diff
diff options
context:
space:
mode:
authorMegan Woods <megan@flygfisk.com>2019-01-14 19:19:55 +1100
committerMegan Woods <megan@flygfisk.com>2019-01-14 19:19:55 +1100
commitb7d7b6c6abb66a343ac9722fd0f80a4de203cc25 (patch)
tree8cb1368eb406c3f2aab83a1e5cc41537909e5d57
parentmove (diff)
downloadBouncyCastle.NET-ed25519-b7d7b6c6abb66a343ac9722fd0f80a4de203cc25.tar.xz
Updated locations added initial example for EJBCA
-rw-r--r--crypto/src/cmp/ProtectedPkiMessageBuilder.cs (renamed from crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs)19
-rw-r--r--crypto/src/crmf/CertificateRequestMessageBuilder.cs2
-rw-r--r--crypto/test/src/asn1/test/ProtectedMessageTest.cs429
-rw-r--r--crypto/test/src/cmp/test/ProtectedMessageTest.cs1
-rw-r--r--crypto/test/src/ejbca/test/EnrollmentExampleTest.cs84
5 files changed, 96 insertions, 439 deletions
diff --git a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
index a6a98d753..22a004669 100644
--- a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs
+++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -1,20 +1,13 @@
 using System;
 using System.Collections;
-using System.Collections.Generic;
-using System.IO;
-using System.Text;
-using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.IO;
-using Org.BouncyCastle.Crypto.Macs;
 using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Paddings;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.X509;
 
-namespace Org.BouncyCastle.Asn1.Cmp
+namespace Org.BouncyCastle.Cmp
 {
     public class ProtectedPkiMessageBuilder
     {
@@ -52,6 +45,12 @@ namespace Org.BouncyCastle.Asn1.Cmp
             return this;
         }
 
+        public ProtectedPkiMessageBuilder SetMessageTime(DerGeneralizedTime generalizedTime)
+        {
+            hdrBuilBuilder.SetMessageTime(generalizedTime);
+            return this;
+        }
+
         public ProtectedPkiMessageBuilder SetRecipKID(byte[] id)
         {
             hdrBuilBuilder.SetRecipKID(id);
diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
index 53ebdf3f5..10a575abe 100644
--- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs
+++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
@@ -3,6 +3,8 @@ using System.Collections;
 using System.Collections.Generic;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
diff --git a/crypto/test/src/asn1/test/ProtectedMessageTest.cs b/crypto/test/src/asn1/test/ProtectedMessageTest.cs
deleted file mode 100644
index 5ff51ba1a..000000000
--- a/crypto/test/src/asn1/test/ProtectedMessageTest.cs
+++ /dev/null
@@ -1,429 +0,0 @@
-using System;
-using System.Collections;
-using System.Collections.Generic;
-
-using System.Text;
-using NUnit.Framework;
-using Org.BouncyCastle.Asn1.Cmp;
-using Org.BouncyCastle.Asn1.Crmf;
-using Org.BouncyCastle.Asn1.Nist;
-using Org.BouncyCastle.Asn1.Pkcs;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Cms;
-using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Digests;
-using Org.BouncyCastle.Crypto.Engines;
-using Org.BouncyCastle.Crypto.Generators;
-using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;
-using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-using Org.BouncyCastle.Utilities.Test;
-using Org.BouncyCastle.X509;
-
-namespace Org.BouncyCastle.Asn1.Tests
-{
-    [TestFixture]
-    public class ProtectedMessageTest : SimpleTest
-    {
-        public override string Name
-        {
-            get { return "ProtectedMessageTest"; }
-        }
-
-        public override void PerformTest()
-        {
-            TestVerifyBCJavaGeneratedMessage();
-            TestSubsequentMessage();
-            TestMacProtectedMessage();
-            TestProtectedMessage();
-            TestConfirmationMessage();
-            TestSampleCr();        
-        }
-
-//        [Test]
-//        public void TestServerSideKey()
-//        {
-//            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-//            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
-//            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-//
-//            TestCertBuilder builder = new TestCertBuilder()
-//            {
-//                Issuer = new X509Name("CN=Test"),
-//                Subject =  new X509Name("CN=Test"),
-//                NotBefore = DateTime.UtcNow.AddDays(-1),
-//                NotAfter = DateTime.UtcNow.AddDays(1),
-//                PublicKey = rsaKeyPair.Public,
-//                SignatureAlgorithm = "MD5WithRSAEncryption"
-//            };
-//
-//            builder.AddAttribute(X509Name.C, "Foo");
-//            X509Certificate cert = builder.Build(rsaKeyPair.Private);
-//               
-//            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
-//            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-//
-//            
-//
-//        }
-
-        [Test]
-        public void TestNotBeforeNotAfter()
-        {
-            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
-            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
-            doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1,1,1,0,0,1), new DateTime(1,1,1,0,0,10)); 
-            doNotBeforeNotAfterTest(rsaKeyPair, DateTime.MinValue, new DateTime(1, 1, 1, 0, 0, 10));
-            doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1, 1, 1, 0, 0, 1), DateTime.MinValue);
-        }
-
-
-        private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter)
-        {
-            CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One)
-                .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public))
-                .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
-
-            builder.SetValidity(new Time(notBefore), new Time(notAfter));
-            CertificateRequestMessage msg = builder.Build();
-
-            if (!notBefore.Equals(DateTime.MinValue))
-            {
-                IsTrue("NotBefore did not match",(notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime())));
-            }
-            else
-            {
-                IsTrue("Expected NotBefore to empty.",DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime());
-            }
-
-            if (!notAfter.Equals(DateTime.MinValue))
-            {
-                IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime())));
-            }
-            else
-            {
-                IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime());
-            }
-
-        }
-
-
-        [Test]
-        public void TestSubsequentMessage()
-        {
-            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
-            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
-            TestCertBuilder builder = new TestCertBuilder()
-            {
-                NotBefore = DateTime.UtcNow.AddDays(-1),
-                NotAfter = DateTime.UtcNow.AddDays(1),
-                PublicKey = rsaKeyPair.Public,
-                SignatureAlgorithm = "Sha1WithRSAEncryption"
-
-            };
-
-            X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
-            GeneralName user = new GeneralName(new X509Name("CN=Test"));
-
-            CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One)
-                .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))
-                .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
-
-            ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private);
-
-            ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user,user)
-                .SetTransactionId(new byte[]{1,2,3,4,5})
-                .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[]{crmBuiler.Build().ToAsn1Structure()})))
-                .AddCmpCertificate(cert)            
-                .Build(sigFact);
-
-            ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(certRequestMsg.ToAsn1Message().GetDerEncoded()));
-            CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content);
-            CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0];
-            IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type);
-
-        }
-
-
-
-        [Test]
-        public void TestSampleCr()
-        {
-            byte[] raw = Base64.Decode(
-                "MIIB5TCB3AIBAqQdMBsxDDAKBgNVBAMMA0FSUDELMAkGA1UEBhMCQ0ikOTA3MREwDwYDVQQDDAhBZG1pbkNBM" +
-                "TEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRaFGMEQGCSqGSIb2fQdCDTA3BBxzYWx0Tm9NYX" +
-                "R0ZXJXaGF0VGhpc1N0cmluZ0lzMAcGBSsOAwIaAgIEADAKBggrBgEFBQgBAqIQBA5TZW5kZXJLSUQtMjAwOKQ" +
-                "PBA0xMjAzNjA3MDE1OTQ0pRIEEOPfE1DMncRUdrBj8KelgsCigeowgecwgeQwgd0CAQAwgcGlHTAbMQwwCgYD" +
-                "VQQDDANBUlAxCzAJBgNVBAYTAkNIpoGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrrv4e42olM2YJqSbCN" +
-                "d19EtW7d6T8HYvcSU5wsm5icKFkxyD5jrO/2xYh3zqUFYwZap0pA7qbhxk5sEne2ywVpt2lGSmpAU8M7hC9oh" +
-                "Ep9wvv+3+td5MEO+qMuWWxF8OZBlYIFBZ/k+pGlU+4XlBP5Ai6pu/EI/0A+1/bcGs0sQIDAQABMBQwEgYJKwY" +
-                "BBQUHBQEBDAVEVU1NWaACBQCgFwMVAO73HUPF//mY5+E714Cv5oprt0kO\r\n");
-
-            ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(raw));
-
-            
-                       
-            IsTrue(msg.Verify(new Asn1MacFactoryProvider(),Strings.ToAsciiByteArray("TopSecret1234")));
-
-        }
-
-
-        [Test]
-        public void TestConfirmationMessage()
-        {
-            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
-            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
-            TestCertBuilder builder = new TestCertBuilder()
-            {
-                NotBefore = DateTime.UtcNow.AddDays(-1),
-                NotAfter = DateTime.UtcNow.AddDays(1),
-                PublicKey = rsaKeyPair.Public,
-                SignatureAlgorithm = "Sha1WithRSAEncryption"
-
-            };
-
-            builder.AddAttribute(X509Name.C, "Foo");
-            X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
-            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
-            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-
-            CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
-                .AddAcceptedCertificate(cert, BigInteger.One)
-                .Build();
-
-            ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
-            msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure()));            
-            msgBuilder.AddCmpCertificate(cert);
-
-            ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
-            ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
-
-            IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
-
-            IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
-
-            IsEquals(sender,msg.Header.Sender);
-            IsEquals(recipient,msg.Header.Recipient);
-
-            content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder());
-            CertificateStatus[] statusList = content.GetStatusMessages();
-            IsEquals(1,statusList.Length);
-            IsTrue(statusList[0].IsVerified(cert));
-        }
-
-
-
-        [Test]
-        public  void TestProtectedMessage()
-        {
-           RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537),new SecureRandom(),2048,100));
-           AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
-            TestCertBuilder builder = new TestCertBuilder()
-            {
-                NotBefore = DateTime.UtcNow.AddDays(-1),
-                NotAfter =  DateTime.UtcNow.AddDays(1),
-                PublicKey = rsaKeyPair.Public,
-                SignatureAlgorithm = "Sha1WithRSAEncryption"
-                      
-            };
-
-            builder.AddAttribute(X509Name.C, "Foo");
-            X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
-            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
-            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-          
-            ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender,recipient);
-            msgBuilder.AddCmpCertificate(cert);
-           
-            ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA",rsaKeyPair.Private);
-
-            ProtectedPkiMessage msg =  msgBuilder.Build(sigFact);
-
-            X509Certificate certificate = msg.GetCertificates()[0];
-
-            IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
-
-            IsTrue("PKIMessage must verify (MD5withRSA)",msg.Verify(verifierFactory));
-        }
-
-        [Test]
-        public void TestMacProtectedMessage()
-        {
-            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048,
-                100));
-            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
-            TestCertBuilder builder = new TestCertBuilder()
-            {
-                NotBefore = DateTime.UtcNow.AddDays(-1),
-                NotAfter = DateTime.UtcNow.AddDays(1),
-                PublicKey = rsaKeyPair.Public,
-                SignatureAlgorithm = "Sha1WithRSAEncryption"
-
-            };
-
-            builder.AddAttribute(X509Name.C, "Foo");
-            X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
-            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
-            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-
-            ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
-            msgBuilder.AddCmpCertificate(cert);
-
-            //
-            // Default instance.
-            //
-
-
-            PkMacFactory macFactory = new PkMacFactory(new SecureRandom());
-            macFactory.Password = Strings.ToAsciiByteArray("testpass");
-            ProtectedPkiMessage msg = msgBuilder.Build(macFactory);
-
-
-            MacVerifierFactory verifierFactory = new MacVerifierFactory(
-                new PkMacFactory((PbmParameter) msg.Header.ProtectionAlg.Parameters)
-                    {Password = Strings.ToAsciiByteArray("testpass")}
-            );
-            IsTrue(msg.Verify(verifierFactory));
-        }
-
-     
-        
-
-        [Test]
-        public void TestVerifyBCJavaGeneratedMessage()
-        {
-        //
-        // Test with content generated by BC-JAVA version.
-        //
-
-        ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode(
-            "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" +
-            "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" +
-            "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" +
-            "01"));
-        ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode(
-            "30820155020100300d06092a864886f70d01010105000482013f3082013b02" +
-            "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" +
-            "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" +
-            "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" +
-            "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" +
-            "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" +
-            "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" +
-            "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" +
-            "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" +
-            "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" +
-            "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" +
-            "3fe91d68"));
-
-        byte[] ind = Hex.Decode(
-            "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" +
-            "123010310e300c06035504030c055265636970a140303e06092a864886f67d" +
-            "07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" +
-            "2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" +
-            "031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" +
-            "308201113081bca003020102020601684a515d5b300d06092a864886f70d01" +
-            "01050500300f310d300b06035504030c0454657374301e170d313930313134" +
-            "3033303433325a170d3139303432343033303433325a300f310d300b060355" +
-            "04030c0454657374305c300d06092a864886f70d0101010500034b00304802" +
-            "4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" +
-            "365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" +
-            "f68377450203010001300d06092a864886f70d0101050500034100264b5b76" +
-            "f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" +
-            "c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0");
-
-
-        ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind));
-
-        PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters);
-
-        MacVerifierFactory verifierFactory = new MacVerifierFactory(new PkMacFactory(pbmParameters)
-        {
-            Password = Strings.ToAsciiByteArray("secret")
-        });
-
-        IsTrue(pkiMsg.Verify(verifierFactory));
-    }
-
-
-    
-}
-
-    public class TestCertBuilder
-    {
-        IDictionary attrs = new Hashtable();
-        IList ord = new ArrayList();
-        IList values = new ArrayList();
-
-        public DateTime NotBefore { get; set; }
-
-        public DateTime NotAfter { get; set; }
-
-        public AsymmetricKeyParameter PublicKey { get; set; }
-
-        public String SignatureAlgorithm { get; set; }
-
-        public X509Name Issuer { get; set; }
-        public X509Name Subject { get; set; }
-
-        public TestCertBuilder AddAttribute(DerObjectIdentifier name, Object value)
-        {
-            attrs[name] = value;
-            ord.Add(name);
-            values.Add(value);
-            return this;
-        }
-
-        public X509Certificate Build(AsymmetricKeyParameter privateKey)
-        {
-            X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
-
-            certGen.SetSerialNumber(BigInteger.One);
-
-            if (Issuer != null)
-            {
-                certGen.SetIssuerDN(Issuer);
-            }
-            else
-            {
-                certGen.SetIssuerDN(new X509Name(ord, attrs));
-            }
-
-           
-            certGen.SetNotBefore(NotBefore);
-            certGen.SetNotAfter(NotAfter);
-
-            if (Subject != null)
-            {
-                certGen.SetSubjectDN(Subject);
-            }
-            else
-            {
-                certGen.SetSubjectDN(new X509Name(ord, attrs));
-            }
-
-          
-            certGen.SetPublicKey(PublicKey);
-            certGen.SetSignatureAlgorithm(SignatureAlgorithm);
-
-            return certGen.Generate(privateKey);
-        }
-    }
-}
diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
index ef1919779..c22ba3297 100644
--- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs
+++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
@@ -4,6 +4,7 @@ using System.Collections.Generic;
 
 using System.Text;
 using NUnit.Framework;
+using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Cmp;
 using Org.BouncyCastle.Asn1.Crmf;
 using Org.BouncyCastle.Crmf;
diff --git a/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs
new file mode 100644
index 000000000..ce023549e
--- /dev/null
+++ b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs
@@ -0,0 +1,84 @@
+using NUnit.Framework;
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Crmf;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Cmp;
+using Org.BouncyCastle.Crmf;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.X509;
+
+namespace crypto.test.src.ejbca.test
+{
+    [TestFixture]
+    public class EnrollmentExampleTest
+    {
+
+        [Test]      
+        public void TestEnrollmentRAWithSharedSecret()
+        {
+            long certReqId = 1;
+            SecureRandom secureRandom = new SecureRandom();
+
+            byte[] senderNonce = new byte[20];
+            secureRandom.NextBytes(senderNonce);
+
+            byte[] transactionId = Strings.ToAsciiByteArray("MyTransactionId");
+
+
+            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
+            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+
+            CertificateRequestMessageBuilder msgbuilder = new CertificateRequestMessageBuilder(BigInteger.ValueOf(certReqId));
+            X509NameEntryConverter dnconverter = new X509DefaultEntryConverter();
+           
+            X509Name issuerDN = X509Name.GetInstance(new X509Name("CN=AdminCA1").ToAsn1Object());
+            X509Name subjectDN = X509Name.GetInstance(new X509Name("CN=user", dnconverter).ToAsn1Object());
+            msgbuilder.SetIssuer(issuerDN);
+            msgbuilder.SetSubject(subjectDN);
+            SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public);
+
+            msgbuilder.SetPublicKey(keyInfo);
+            GeneralName sender = new GeneralName(subjectDN);
+            msgbuilder.SetAuthInfoSender(sender);
+            // RAVerified POP
+            msgbuilder.SetProofOfPossessionRaVerified();
+            CertificateRequestMessage msg = msgbuilder.Build();
+            GeneralName recipient = new GeneralName(issuerDN);
+
+            ProtectedPkiMessageBuilder pbuilder = new ProtectedPkiMessageBuilder(sender, recipient);
+            // pbuilder. SetMessageTime(new Date());
+            // senderNonce
+            pbuilder.SetSenderNonce(senderNonce);
+            // TransactionId
+            pbuilder.SetTransactionId(transactionId);
+            // Key Id used (required) by the recipient to do a lot of stuff
+            pbuilder.SetSenderKID(Strings.ToAsciiByteArray("KeyId"));
+
+            
+            CertReqMessages msgs = new CertReqMessages(msg.ToAsn1Structure());
+            PkiBody pkibody = new PkiBody(PkiBody.TYPE_INIT_REQ, msgs);
+            pbuilder.SetBody(pkibody);
+
+                      
+            
+            AlgorithmIdentifier digAlg = new AlgorithmIdentifier("1.3.14.3.2.26"); // SHA1
+            AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7"); // HMAC/SHA1
+
+            PkMacFactory macFactory = new PkMacFactory(digAlg,macAlg);
+            macFactory.Password = Strings.ToAsciiByteArray("password");
+
+            ProtectedPkiMessage message = pbuilder.Build(macFactory);
+                                  
+
+        }
+
+    }
+}
\ No newline at end of file