summary refs log tree commit diff
path: root/crypto/test/src/tsp
diff options
context:
space:
mode:
authormw <megan@cryptoworkshop.com>2020-10-27 16:31:51 +1100
committermw <megan@cryptoworkshop.com>2020-10-27 16:31:51 +1100
commitb290b56d91ab7ee85198b2be77925fca9f037ac8 (patch)
treee3b377c06b354a8778d9519e12d93167ee876169 /crypto/test/src/tsp
parentAdded fractional time and new tests (diff)
downloadBouncyCastle.NET-ed25519-b290b56d91ab7ee85198b2be77925fca9f037ac8.tar.xz
Finished NewTspTests
Diffstat (limited to 'crypto/test/src/tsp')
-rw-r--r--crypto/test/src/tsp/test/NewTspTest.cs441
1 files changed, 416 insertions, 25 deletions
diff --git a/crypto/test/src/tsp/test/NewTspTest.cs b/crypto/test/src/tsp/test/NewTspTest.cs
index b12035928..6437064c1 100644
--- a/crypto/test/src/tsp/test/NewTspTest.cs
+++ b/crypto/test/src/tsp/test/NewTspTest.cs
@@ -10,10 +10,10 @@ using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Cms;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Paddings;
 using Org.BouncyCastle.Crypto.Tls;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Date;
 using Org.BouncyCastle.X509;
 using Org.BouncyCastle.X509.Store;
 using System;
@@ -52,7 +52,6 @@ namespace Org.BouncyCastle.Tsp.Tests
 				new X509CollectionStoreParameters(certList));
 
 
-
 			basicTest(origKP.Private, cert, certs);
 			resolutionTest(origKP.Private, cert, certs, Resolution.R_SECONDS, "19700101000009Z");
 			resolutionTest(origKP.Private, cert, certs, Resolution.R_TENTHS_OF_SECONDS, "19700101000009.9Z");
@@ -64,54 +63,446 @@ namespace Org.BouncyCastle.Tsp.Tests
 			responseValidationTest(origKP.Private, cert, certs);
 			incorrectHashTest(origKP.Private, cert, certs);
 			badAlgorithmTest(origKP.Private, cert, certs);
-			//timeNotAvailableTest(origKP.Private, cert, certs);
+			timeNotAvailableTest(origKP.Private, cert, certs);
+			badPolicyTest(origKP.Private, cert, certs);
+			tokenEncodingTest(origKP.Private, cert, certs);
+			certReqTest(origKP.Private, cert, certs);
+			testAccuracyZeroCerts(origKP.Private, cert, certs);
+			testAccuracyWithCertsAndOrdering(origKP.Private, cert, certs);
+			testNoNonse(origKP.Private, cert, certs);
+			extensionTest(origKP.Private, cert, certs);
+			additionalExtensionTest(origKP.Private, cert, certs);
+
+		}
+
+        private void additionalExtensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				 privateKey, cert, TspAlgorithms.Sha1, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+			tsTokenGen.SetTsa(new Asn1.X509.GeneralName(new X509Name("CN=Test")));
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			X509ExtensionsGenerator extensionsGenerator = new X509ExtensionsGenerator();
+			extensionsGenerator.AddExtension(X509Extensions.AuditIdentity, false, new DerUtf8String("Test"));
+
+
+			TimeStampResponse tsResp = tsRespGen.GenerateGrantedResponse(request, new BigInteger("23"), new DateTimeObject( DateTime.UtcNow), "Okay", extensionsGenerator.Generate());
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			tsToken.Validate(cert);
+
+            Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
+
+			Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate],"no signingCertificate attribute found");
+
+			X509Extensions ext = tsToken.TimeStampInfo.TstInfo.Extensions;
+
+			Assert.True(1 == ext.GetExtensionOids().Length);
+
+			X509Extension left = new X509Extension(DerBoolean.False, new DerOctetString( new DerUtf8String("Test").GetEncoded()));
+			Assert.True(left.Equals (ext.GetExtension(X509Extensions.AuditIdentity)));
+
 
 
 		}
 
-        private void timeNotAvailableTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+		private void extensionTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
         {
 			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
-				   privateKey, cert, TspAlgorithms.Sha1, "1.2");
+				 privateKey, cert, TspAlgorithms.Sha1, "1.2");
 
 			tsTokenGen.SetCertificates(certs);
 
 			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
-			TimeStampRequest request = reqGen.Generate(new DerObjectIdentifier("1.2.3.4.5"), new byte[20]);
 
-			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);			
+			// --- These are test case only values
+			reqGen.SetReqPolicy("2.5.29.56"); 
+			reqGen.AddExtension(new DerObjectIdentifier("1.3.6.1.5.5.7.1.2"), true, new DerOctetString(new byte[20]));
+			// --- not for any real world purpose.
 
-			TimeStampResponse tsResp = null;
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
 
 			try
 			{
-				tsResp = tsRespGen.Generate(request, new BigInteger("23"), null);
+				request.Validate(new ArrayList(), new ArrayList(), new ArrayList());
+				Assert.Fail("expected exception");
+			} catch(Exception ex)
+            {
+				Assert.True("request contains unknown algorithm" == ex.Message);
+            }
+
+			ArrayList algorithms = new ArrayList();
+			algorithms.Add(TspAlgorithms.Sha1);
+
+			try
+			{
+				request.Validate(algorithms, new ArrayList(), new ArrayList());
+				Assert.Fail("no exception");
 			}
-			catch (TspException e)
+			catch (Exception e)
 			{
-				Console.WriteLine();
+				Assert.IsTrue(e.Message == "request contains unknown policy");
 			}
 
+			ArrayList policies = new ArrayList();
+
+			// Testing only do not use in real world.
+			policies.Add("2.5.29.56");
+
+			try
+			{
+				request.Validate(algorithms, policies, new ArrayList());
+				Assert.Fail("no exception");
+			}
+			catch (Exception e)
+			{
+				Assert.IsTrue(e.Message == "request contains unknown extension");
+			}
+
+			ArrayList extensions = new ArrayList();
+
+			// Testing only do not use in real world/
+			extensions.Add("1.3.6.1.5.5.7.1.2");
+
+
+			// should validate with full set
+			request.Validate(algorithms, policies, extensions);
+
+			// should validate with null policy
+			request.Validate(algorithms, null, extensions);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("23"), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			tsToken.Validate(cert);
+
+            Asn1.Cms.AttributeTable table = tsToken.SignedAttributes;
+
+			Assert.NotNull(table[PkcsObjectIdentifiers.IdAASigningCertificate], "no signingCertificate attribute found");
+		}
+
+		private void testNoNonse(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				privateKey, cert, TspAlgorithms.MD5, "1.2.3");
+
+			tsTokenGen.SetCertificates(certs);
+	
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
+
+			ArrayList algorithms = new ArrayList();
+			algorithms.Add(TspAlgorithms.Sha1);
+
+			request.Validate(algorithms, new ArrayList(), new ArrayList());
+
+			Assert.False(request.CertReq);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, new BigInteger("24"), DateTime.UtcNow);
+
 			tsResp = new TimeStampResponse(tsResp.GetEncoded());
 
-			//TimeStampToken tsToken = tsResp.TimeStampToken;
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			tsToken.Validate(cert);
+
+			tsResp.Validate(request);
+
+			TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
+
+			GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
+
+			Assert.IsNull(accuracy);
+
+			Assert.IsTrue(new BigInteger("24").Equals(tstInfo.SerialNumber));
+
 
-			//if (tsToken != null)
-			//{
-			//	fail("timeNotAvailable - token not null.");
-			//}
+			Assert.IsTrue("1.2.3" ==  tstInfo.Policy);
 
-			//PKIFailureInfo failInfo = tsResp.getFailInfo();
+			Assert.False( tstInfo.IsOrdered);
 
-			//if (failInfo == null)
-			//{
-			//	fail("timeNotAvailable - failInfo set to null.");
-			//}
+			Assert.IsNull(tstInfo.Nonce);
+
+			//
+			// test certReq
+			//
+			IX509Store store = tsToken.GetCertificates();
+
+			ICollection certificates = store.GetMatches(null);
+
+			Assert.IsTrue(0 == certificates.Count);
+
+
+		}
+
+		private void testAccuracyWithCertsAndOrdering(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				privateKey, cert, TspAlgorithms.MD5, "1.2.3");
+
+			tsTokenGen.SetCertificates(certs);
+
+			tsTokenGen.SetAccuracySeconds(1);
+			tsTokenGen.SetAccuracyMillis(2);
+			tsTokenGen.SetAccuracyMicros(3);
+
+			tsTokenGen.SetOrdering(true);
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
 
-			//if (failInfo.intValue() != PKIFailureInfo.timeNotAvailable)
-			//{
-			//	fail("timeNotAvailable - wrong failure info returned.");
-			//}
+			reqGen.SetCertReq(true);
+
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+
+			//
+			// This is different to the Java API.
+			//
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+
+			tsResp.Validate(request);
+
+			TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
+
+			GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
+
+			Assert.IsTrue(1 == accuracy.Seconds);
+			Assert.IsTrue(2 == accuracy.Millis);
+			Assert.IsTrue(3 == accuracy.Micros);
+
+			Assert.IsTrue(new BigInteger("23").Equals(tstInfo.SerialNumber));
+
+			Assert.IsTrue("1.2.3" == tstInfo.Policy);
+
+			IX509Store store = tsToken.GetCertificates();
+
+			ICollection certificates = store.GetMatches(null);
+
+			Assert.IsTrue(2 == certificates.Count);
+
+		}
+
+		private void testAccuracyZeroCerts(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+			  privateKey, cert, TspAlgorithms.MD5, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+
+			tsTokenGen.SetAccuracySeconds(1);
+			tsTokenGen.SetAccuracyMillis(2);
+			tsTokenGen.SetAccuracyMicros(3);
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+	
+			tsResp.Validate(request);
+
+			TimeStampTokenInfo tstInfo = tsToken.TimeStampInfo;
+
+			GenTimeAccuracy accuracy = tstInfo.GenTimeAccuracy;
+
+			Assert.IsTrue(1 == accuracy.Seconds);
+			Assert.IsTrue(2 == accuracy.Millis);
+			Assert.IsTrue(3 == accuracy.Micros);
+
+			Assert.IsTrue(new BigInteger("23").Equals(tstInfo.SerialNumber));
+
+			Assert.IsTrue("1.2" == tstInfo.Policy);
+
+			IX509Store store = tsToken.GetCertificates();
+
+			ICollection certificates = store.GetMatches(null);
+
+			Assert.IsTrue(0 == certificates.Count);
+		}
+
+        private void certReqTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+			  privateKey, cert, TspAlgorithms.MD5, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+			
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			reqGen.SetCertReq(false);
+
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			Assert.IsNull(tsToken.TimeStampInfo.GenTimeAccuracy);  // check for abscence of accuracy
+
+			Assert.True("1.2".Equals( tsToken.TimeStampInfo.Policy));
+
+			try
+			{
+				tsToken.Validate(cert);
+			}
+			catch (TspValidationException e)
+			{
+				Assert.Fail("certReq(false) verification of token failed.");
+			}
+
+			var store = tsToken.GetCertificates();
+			var certsColl = store.GetMatches(null);
+
+			if (certsColl.Count >0)
+			{
+				Assert.Fail("certReq(false) found certificates in response.");
+			}
+		}
+
+		private void tokenEncodingTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				 privateKey, cert, TspAlgorithms.Sha1, "1.2.3.4.5.6");
+
+			tsTokenGen.SetCertificates(certs);
+		
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20], BigInteger.ValueOf(100));
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampResponse tsResponse = new TimeStampResponse(tsResp.GetEncoded());
+
+			if (!Arrays.AreEqual(tsResponse.GetEncoded(), tsResp.GetEncoded())
+				|| !Arrays.AreEqual(tsResponse.TimeStampToken.GetEncoded(),
+				tsResp.TimeStampToken.GetEncoded()))
+			{
+				Assert.Fail();
+			}
+		}
+
+		private void badPolicyTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				  privateKey, cert, TspAlgorithms.Sha1, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+			
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			reqGen.SetReqPolicy("1.1");
+			TimeStampRequest request = reqGen.Generate(TspAlgorithms.Sha1, new byte[20]);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed, new ArrayList());
+
+			TimeStampResponse tsResp = tsRespGen.Generate(request, BigInteger.ValueOf(23), DateTime.UtcNow);
+
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			if (tsToken != null)
+			{
+				Assert.Fail("badPolicy - token not null.");
+			}
+
+			PkiFailureInfo failInfo = tsResp.GetFailInfo();
+
+			if (failInfo == null)
+			{
+				Assert.Fail("badPolicy - failInfo set to null.");
+			}
+
+			if (failInfo.IntValue != PkiFailureInfo.UnacceptedPolicy)
+			{
+				Assert.Fail("badPolicy - wrong failure info returned.");
+			}
+
+
+		}
+
+		private void timeNotAvailableTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)
+        {
+			TimeStampTokenGenerator tsTokenGen = new TimeStampTokenGenerator(
+				   privateKey, cert, TspAlgorithms.Sha1, "1.2");
+
+			tsTokenGen.SetCertificates(certs);
+
+			TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
+			TimeStampRequest request = reqGen.Generate(new DerObjectIdentifier("1.2.3.4.5"), new byte[20]);
+
+			TimeStampResponseGenerator tsRespGen = new TimeStampResponseGenerator(tsTokenGen, TspAlgorithms.Allowed);			
+
+			TimeStampResponse tsResp = null;
+
+
+			//
+			// This is different to the java api.
+			// the java version has two calls, generateGrantedResponse and generateRejectedResponse
+			// See line 726 of NewTspTest
+			//
+
+			tsResp = tsRespGen.Generate(request, new BigInteger("23"), null);
+					
+			tsResp = new TimeStampResponse(tsResp.GetEncoded());
+
+			TimeStampToken tsToken = tsResp.TimeStampToken;
+
+			if (tsToken != null)
+			{
+				Assert.Fail("timeNotAvailable - token not null.");
+			}
+
+			PkiFailureInfo failInfo = tsResp.GetFailInfo();
+
+			if (failInfo == null)
+			{
+				Assert.Fail("timeNotAvailable - failInfo set to null.");
+			}
+
+			if (failInfo.IntValue != PkiFailureInfo.TimeNotAvailable)
+			{
+				Assert.Fail("timeNotAvailable - wrong failure info returned.");
+			}
 		}
 
         private void badAlgorithmTest(AsymmetricKeyParameter privateKey, X509Certificate cert, IX509Store certs)