diff options
| author | Megan Woods <megan@flygfisk.com> | 2019-01-14 19:19:55 +1100 |
|---|---|---|
| committer | Megan Woods <megan@flygfisk.com> | 2019-01-14 19:19:55 +1100 |
| commit | b7d7b6c6abb66a343ac9722fd0f80a4de203cc25 (patch) | |
| tree | 8cb1368eb406c3f2aab83a1e5cc41537909e5d57 | |
| parent | move (diff) | |
| download | BouncyCastle.NET-ed25519-b7d7b6c6abb66a343ac9722fd0f80a4de203cc25.tar.xz | |
Updated locations added initial example for EJBCA
| -rw-r--r-- | crypto/src/cmp/ProtectedPkiMessageBuilder.cs (renamed from crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs) | 19 | ||||
| -rw-r--r-- | crypto/src/crmf/CertificateRequestMessageBuilder.cs | 2 | ||||
| -rw-r--r-- | crypto/test/src/asn1/test/ProtectedMessageTest.cs | 429 | ||||
| -rw-r--r-- | crypto/test/src/cmp/test/ProtectedMessageTest.cs | 1 | ||||
| -rw-r--r-- | crypto/test/src/ejbca/test/EnrollmentExampleTest.cs | 84 |
5 files changed, 96 insertions, 439 deletions
diff --git a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs index a6a98d753..22a004669 100644 --- a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -1,20 +1,13 @@ using System; using System.Collections; -using System.Collections.Generic; -using System.IO; -using System.Text; -using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.IO; -using Org.BouncyCastle.Crypto.Macs; using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Paddings; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities.Encoders; using Org.BouncyCastle.X509; -namespace Org.BouncyCastle.Asn1.Cmp +namespace Org.BouncyCastle.Cmp { public class ProtectedPkiMessageBuilder { @@ -52,6 +45,12 @@ namespace Org.BouncyCastle.Asn1.Cmp return this; } + public ProtectedPkiMessageBuilder SetMessageTime(DerGeneralizedTime generalizedTime) + { + hdrBuilBuilder.SetMessageTime(generalizedTime); + return this; + } + public ProtectedPkiMessageBuilder SetRecipKID(byte[] id) { hdrBuilBuilder.SetRecipKID(id); diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs index 53ebdf3f5..10a575abe 100644 --- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs +++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs @@ -3,6 +3,8 @@ using System.Collections; using System.Collections.Generic; using System.Security.Cryptography.X509Certificates; using System.Text; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; diff --git a/crypto/test/src/asn1/test/ProtectedMessageTest.cs b/crypto/test/src/asn1/test/ProtectedMessageTest.cs deleted file mode 100644 index 5ff51ba1a..000000000 --- a/crypto/test/src/asn1/test/ProtectedMessageTest.cs +++ /dev/null @@ -1,429 +0,0 @@ -using System; -using System.Collections; -using System.Collections.Generic; - -using System.Text; -using NUnit.Framework; -using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Crmf; -using Org.BouncyCastle.Asn1.Nist; -using Org.BouncyCastle.Asn1.Pkcs; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cms; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Generators; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Crypto.Signers; -using Org.BouncyCastle.Math; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; -using Org.BouncyCastle.X509; - -namespace Org.BouncyCastle.Asn1.Tests -{ - [TestFixture] - public class ProtectedMessageTest : SimpleTest - { - public override string Name - { - get { return "ProtectedMessageTest"; } - } - - public override void PerformTest() - { - TestVerifyBCJavaGeneratedMessage(); - TestSubsequentMessage(); - TestMacProtectedMessage(); - TestProtectedMessage(); - TestConfirmationMessage(); - TestSampleCr(); - } - -// [Test] -// public void TestServerSideKey() -// { -// RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); -// rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); -// AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); -// -// TestCertBuilder builder = new TestCertBuilder() -// { -// Issuer = new X509Name("CN=Test"), -// Subject = new X509Name("CN=Test"), -// NotBefore = DateTime.UtcNow.AddDays(-1), -// NotAfter = DateTime.UtcNow.AddDays(1), -// PublicKey = rsaKeyPair.Public, -// SignatureAlgorithm = "MD5WithRSAEncryption" -// }; -// -// builder.AddAttribute(X509Name.C, "Foo"); -// X509Certificate cert = builder.Build(rsaKeyPair.Private); -// -// GeneralName sender = new GeneralName(new X509Name("CN=Sender")); -// GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); -// -// -// -// } - - [Test] - public void TestNotBeforeNotAfter() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1,1,1,0,0,1), new DateTime(1,1,1,0,0,10)); - doNotBeforeNotAfterTest(rsaKeyPair, DateTime.MinValue, new DateTime(1, 1, 1, 0, 0, 10)); - doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1, 1, 1, 0, 0, 1), DateTime.MinValue); - } - - - private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter) - { - CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One) - .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)) - .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); - - builder.SetValidity(new Time(notBefore), new Time(notAfter)); - CertificateRequestMessage msg = builder.Build(); - - if (!notBefore.Equals(DateTime.MinValue)) - { - IsTrue("NotBefore did not match",(notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime()))); - } - else - { - IsTrue("Expected NotBefore to empty.",DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime()); - } - - if (!notAfter.Equals(DateTime.MinValue)) - { - IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime()))); - } - else - { - IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime()); - } - - } - - - [Test] - public void TestSubsequentMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName user = new GeneralName(new X509Name("CN=Test")); - - CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One) - .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)) - .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); - - ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private); - - ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user,user) - .SetTransactionId(new byte[]{1,2,3,4,5}) - .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[]{crmBuiler.Build().ToAsn1Structure()}))) - .AddCmpCertificate(cert) - .Build(sigFact); - - ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(certRequestMsg.ToAsn1Message().GetDerEncoded())); - CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content); - CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0]; - IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type); - - } - - - - [Test] - public void TestSampleCr() - { - byte[] raw = Base64.Decode( - "MIIB5TCB3AIBAqQdMBsxDDAKBgNVBAMMA0FSUDELMAkGA1UEBhMCQ0ikOTA3MREwDwYDVQQDDAhBZG1pbkNBM" + - "TEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRaFGMEQGCSqGSIb2fQdCDTA3BBxzYWx0Tm9NYX" + - "R0ZXJXaGF0VGhpc1N0cmluZ0lzMAcGBSsOAwIaAgIEADAKBggrBgEFBQgBAqIQBA5TZW5kZXJLSUQtMjAwOKQ" + - "PBA0xMjAzNjA3MDE1OTQ0pRIEEOPfE1DMncRUdrBj8KelgsCigeowgecwgeQwgd0CAQAwgcGlHTAbMQwwCgYD" + - "VQQDDANBUlAxCzAJBgNVBAYTAkNIpoGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrrv4e42olM2YJqSbCN" + - "d19EtW7d6T8HYvcSU5wsm5icKFkxyD5jrO/2xYh3zqUFYwZap0pA7qbhxk5sEne2ywVpt2lGSmpAU8M7hC9oh" + - "Ep9wvv+3+td5MEO+qMuWWxF8OZBlYIFBZ/k+pGlU+4XlBP5Ai6pu/EI/0A+1/bcGs0sQIDAQABMBQwEgYJKwY" + - "BBQUHBQEBDAVEVU1NWaACBQCgFwMVAO73HUPF//mY5+E714Cv5oprt0kO\r\n"); - - ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(raw)); - - - - IsTrue(msg.Verify(new Asn1MacFactoryProvider(),Strings.ToAsciiByteArray("TopSecret1234"))); - - } - - - [Test] - public void TestConfirmationMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - builder.AddAttribute(X509Name.C, "Foo"); - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - - CertificateConfirmationContent content = new CertificateConfirmationContentBuilder() - .AddAcceptedCertificate(cert, BigInteger.One) - .Build(); - - ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); - msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure())); - msgBuilder.AddCmpCertificate(cert); - - ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private); - ProtectedPkiMessage msg = msgBuilder.Build(sigFact); - - IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); - - IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); - - IsEquals(sender,msg.Header.Sender); - IsEquals(recipient,msg.Header.Recipient); - - content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder()); - CertificateStatus[] statusList = content.GetStatusMessages(); - IsEquals(1,statusList.Length); - IsTrue(statusList[0].IsVerified(cert)); - } - - - - [Test] - public void TestProtectedMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537),new SecureRandom(),2048,100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - builder.AddAttribute(X509Name.C, "Foo"); - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - - ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender,recipient); - msgBuilder.AddCmpCertificate(cert); - - ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA",rsaKeyPair.Private); - - ProtectedPkiMessage msg = msgBuilder.Build(sigFact); - - X509Certificate certificate = msg.GetCertificates()[0]; - - IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); - - IsTrue("PKIMessage must verify (MD5withRSA)",msg.Verify(verifierFactory)); - } - - [Test] - public void TestMacProtectedMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, - 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - builder.AddAttribute(X509Name.C, "Foo"); - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - - ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); - msgBuilder.AddCmpCertificate(cert); - - // - // Default instance. - // - - - PkMacFactory macFactory = new PkMacFactory(new SecureRandom()); - macFactory.Password = Strings.ToAsciiByteArray("testpass"); - ProtectedPkiMessage msg = msgBuilder.Build(macFactory); - - - MacVerifierFactory verifierFactory = new MacVerifierFactory( - new PkMacFactory((PbmParameter) msg.Header.ProtectionAlg.Parameters) - {Password = Strings.ToAsciiByteArray("testpass")} - ); - IsTrue(msg.Verify(verifierFactory)); - } - - - - - [Test] - public void TestVerifyBCJavaGeneratedMessage() - { - // - // Test with content generated by BC-JAVA version. - // - - ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode( - "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" + - "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" + - "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" + - "01")); - ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode( - "30820155020100300d06092a864886f70d01010105000482013f3082013b02" + - "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" + - "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" + - "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" + - "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" + - "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" + - "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" + - "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" + - "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" + - "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" + - "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" + - "3fe91d68")); - - byte[] ind = Hex.Decode( - "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" + - "123010310e300c06035504030c055265636970a140303e06092a864886f67d" + - "07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" + - "2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" + - "031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" + - "308201113081bca003020102020601684a515d5b300d06092a864886f70d01" + - "01050500300f310d300b06035504030c0454657374301e170d313930313134" + - "3033303433325a170d3139303432343033303433325a300f310d300b060355" + - "04030c0454657374305c300d06092a864886f70d0101010500034b00304802" + - "4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" + - "365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" + - "f68377450203010001300d06092a864886f70d0101050500034100264b5b76" + - "f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" + - "c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0"); - - - ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind)); - - PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters); - - MacVerifierFactory verifierFactory = new MacVerifierFactory(new PkMacFactory(pbmParameters) - { - Password = Strings.ToAsciiByteArray("secret") - }); - - IsTrue(pkiMsg.Verify(verifierFactory)); - } - - - -} - - public class TestCertBuilder - { - IDictionary attrs = new Hashtable(); - IList ord = new ArrayList(); - IList values = new ArrayList(); - - public DateTime NotBefore { get; set; } - - public DateTime NotAfter { get; set; } - - public AsymmetricKeyParameter PublicKey { get; set; } - - public String SignatureAlgorithm { get; set; } - - public X509Name Issuer { get; set; } - public X509Name Subject { get; set; } - - public TestCertBuilder AddAttribute(DerObjectIdentifier name, Object value) - { - attrs[name] = value; - ord.Add(name); - values.Add(value); - return this; - } - - public X509Certificate Build(AsymmetricKeyParameter privateKey) - { - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.SetSerialNumber(BigInteger.One); - - if (Issuer != null) - { - certGen.SetIssuerDN(Issuer); - } - else - { - certGen.SetIssuerDN(new X509Name(ord, attrs)); - } - - - certGen.SetNotBefore(NotBefore); - certGen.SetNotAfter(NotAfter); - - if (Subject != null) - { - certGen.SetSubjectDN(Subject); - } - else - { - certGen.SetSubjectDN(new X509Name(ord, attrs)); - } - - - certGen.SetPublicKey(PublicKey); - certGen.SetSignatureAlgorithm(SignatureAlgorithm); - - return certGen.Generate(privateKey); - } - } -} diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs index ef1919779..c22ba3297 100644 --- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs +++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using System.Text; using NUnit.Framework; +using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Crmf; diff --git a/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs new file mode 100644 index 000000000..ce023549e --- /dev/null +++ b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs @@ -0,0 +1,84 @@ +using NUnit.Framework; +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.Crmf; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cmp; +using Org.BouncyCastle.Crmf; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.X509; + +namespace crypto.test.src.ejbca.test +{ + [TestFixture] + public class EnrollmentExampleTest + { + + [Test] + public void TestEnrollmentRAWithSharedSecret() + { + long certReqId = 1; + SecureRandom secureRandom = new SecureRandom(); + + byte[] senderNonce = new byte[20]; + secureRandom.NextBytes(senderNonce); + + byte[] transactionId = Strings.ToAsciiByteArray("MyTransactionId"); + + + RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); + + + CertificateRequestMessageBuilder msgbuilder = new CertificateRequestMessageBuilder(BigInteger.ValueOf(certReqId)); + X509NameEntryConverter dnconverter = new X509DefaultEntryConverter(); + + X509Name issuerDN = X509Name.GetInstance(new X509Name("CN=AdminCA1").ToAsn1Object()); + X509Name subjectDN = X509Name.GetInstance(new X509Name("CN=user", dnconverter).ToAsn1Object()); + msgbuilder.SetIssuer(issuerDN); + msgbuilder.SetSubject(subjectDN); + SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public); + + msgbuilder.SetPublicKey(keyInfo); + GeneralName sender = new GeneralName(subjectDN); + msgbuilder.SetAuthInfoSender(sender); + // RAVerified POP + msgbuilder.SetProofOfPossessionRaVerified(); + CertificateRequestMessage msg = msgbuilder.Build(); + GeneralName recipient = new GeneralName(issuerDN); + + ProtectedPkiMessageBuilder pbuilder = new ProtectedPkiMessageBuilder(sender, recipient); + // pbuilder. SetMessageTime(new Date()); + // senderNonce + pbuilder.SetSenderNonce(senderNonce); + // TransactionId + pbuilder.SetTransactionId(transactionId); + // Key Id used (required) by the recipient to do a lot of stuff + pbuilder.SetSenderKID(Strings.ToAsciiByteArray("KeyId")); + + + CertReqMessages msgs = new CertReqMessages(msg.ToAsn1Structure()); + PkiBody pkibody = new PkiBody(PkiBody.TYPE_INIT_REQ, msgs); + pbuilder.SetBody(pkibody); + + + + AlgorithmIdentifier digAlg = new AlgorithmIdentifier("1.3.14.3.2.26"); // SHA1 + AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7"); // HMAC/SHA1 + + PkMacFactory macFactory = new PkMacFactory(digAlg,macAlg); + macFactory.Password = Strings.ToAsciiByteArray("password"); + + ProtectedPkiMessage message = pbuilder.Build(macFactory); + + + } + + } +} \ No newline at end of file |