diff --git a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
index a6a98d753..22a004669 100644
--- a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs
+++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs
@@ -1,20 +1,13 @@
using System;
using System.Collections;
-using System.Collections.Generic;
-using System.IO;
-using System.Text;
-using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Cmp;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.IO;
-using Org.BouncyCastle.Crypto.Macs;
using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Paddings;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities.Encoders;
using Org.BouncyCastle.X509;
-namespace Org.BouncyCastle.Asn1.Cmp
+namespace Org.BouncyCastle.Cmp
{
public class ProtectedPkiMessageBuilder
{
@@ -52,6 +45,12 @@ namespace Org.BouncyCastle.Asn1.Cmp
return this;
}
+ public ProtectedPkiMessageBuilder SetMessageTime(DerGeneralizedTime generalizedTime)
+ {
+ hdrBuilBuilder.SetMessageTime(generalizedTime);
+ return this;
+ }
+
public ProtectedPkiMessageBuilder SetRecipKID(byte[] id)
{
hdrBuilBuilder.SetRecipKID(id);
diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
index 53ebdf3f5..10a575abe 100644
--- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs
+++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs
@@ -3,6 +3,8 @@ using System.Collections;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Text;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Crmf;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Operators;
diff --git a/crypto/test/src/asn1/test/ProtectedMessageTest.cs b/crypto/test/src/asn1/test/ProtectedMessageTest.cs
deleted file mode 100644
index 5ff51ba1a..000000000
--- a/crypto/test/src/asn1/test/ProtectedMessageTest.cs
+++ /dev/null
@@ -1,429 +0,0 @@
-using System;
-using System.Collections;
-using System.Collections.Generic;
-
-using System.Text;
-using NUnit.Framework;
-using Org.BouncyCastle.Asn1.Cmp;
-using Org.BouncyCastle.Asn1.Crmf;
-using Org.BouncyCastle.Asn1.Nist;
-using Org.BouncyCastle.Asn1.Pkcs;
-using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Cms;
-using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Digests;
-using Org.BouncyCastle.Crypto.Engines;
-using Org.BouncyCastle.Crypto.Generators;
-using Org.BouncyCastle.Crypto.Operators;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Crypto.Signers;
-using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities;
-using Org.BouncyCastle.Utilities.Encoders;
-using Org.BouncyCastle.Utilities.Test;
-using Org.BouncyCastle.X509;
-
-namespace Org.BouncyCastle.Asn1.Tests
-{
- [TestFixture]
- public class ProtectedMessageTest : SimpleTest
- {
- public override string Name
- {
- get { return "ProtectedMessageTest"; }
- }
-
- public override void PerformTest()
- {
- TestVerifyBCJavaGeneratedMessage();
- TestSubsequentMessage();
- TestMacProtectedMessage();
- TestProtectedMessage();
- TestConfirmationMessage();
- TestSampleCr();
- }
-
-// [Test]
-// public void TestServerSideKey()
-// {
-// RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
-// rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
-// AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-//
-// TestCertBuilder builder = new TestCertBuilder()
-// {
-// Issuer = new X509Name("CN=Test"),
-// Subject = new X509Name("CN=Test"),
-// NotBefore = DateTime.UtcNow.AddDays(-1),
-// NotAfter = DateTime.UtcNow.AddDays(1),
-// PublicKey = rsaKeyPair.Public,
-// SignatureAlgorithm = "MD5WithRSAEncryption"
-// };
-//
-// builder.AddAttribute(X509Name.C, "Foo");
-// X509Certificate cert = builder.Build(rsaKeyPair.Private);
-//
-// GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
-// GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-//
-//
-//
-// }
-
- [Test]
- public void TestNotBeforeNotAfter()
- {
- RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
- rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
- AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
- doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1,1,1,0,0,1), new DateTime(1,1,1,0,0,10));
- doNotBeforeNotAfterTest(rsaKeyPair, DateTime.MinValue, new DateTime(1, 1, 1, 0, 0, 10));
- doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1, 1, 1, 0, 0, 1), DateTime.MinValue);
- }
-
-
- private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter)
- {
- CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One)
- .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public))
- .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
-
- builder.SetValidity(new Time(notBefore), new Time(notAfter));
- CertificateRequestMessage msg = builder.Build();
-
- if (!notBefore.Equals(DateTime.MinValue))
- {
- IsTrue("NotBefore did not match",(notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime())));
- }
- else
- {
- IsTrue("Expected NotBefore to empty.",DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime());
- }
-
- if (!notAfter.Equals(DateTime.MinValue))
- {
- IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime())));
- }
- else
- {
- IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime());
- }
-
- }
-
-
- [Test]
- public void TestSubsequentMessage()
- {
- RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
- rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
- AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
- TestCertBuilder builder = new TestCertBuilder()
- {
- NotBefore = DateTime.UtcNow.AddDays(-1),
- NotAfter = DateTime.UtcNow.AddDays(1),
- PublicKey = rsaKeyPair.Public,
- SignatureAlgorithm = "Sha1WithRSAEncryption"
-
- };
-
- X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
- GeneralName user = new GeneralName(new X509Name("CN=Test"));
-
- CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One)
- .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))
- .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
-
- ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private);
-
- ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user,user)
- .SetTransactionId(new byte[]{1,2,3,4,5})
- .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[]{crmBuiler.Build().ToAsn1Structure()})))
- .AddCmpCertificate(cert)
- .Build(sigFact);
-
- ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(certRequestMsg.ToAsn1Message().GetDerEncoded()));
- CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content);
- CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0];
- IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type);
-
- }
-
-
-
- [Test]
- public void TestSampleCr()
- {
- byte[] raw = Base64.Decode(
- "MIIB5TCB3AIBAqQdMBsxDDAKBgNVBAMMA0FSUDELMAkGA1UEBhMCQ0ikOTA3MREwDwYDVQQDDAhBZG1pbkNBM" +
- "TEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRaFGMEQGCSqGSIb2fQdCDTA3BBxzYWx0Tm9NYX" +
- "R0ZXJXaGF0VGhpc1N0cmluZ0lzMAcGBSsOAwIaAgIEADAKBggrBgEFBQgBAqIQBA5TZW5kZXJLSUQtMjAwOKQ" +
- "PBA0xMjAzNjA3MDE1OTQ0pRIEEOPfE1DMncRUdrBj8KelgsCigeowgecwgeQwgd0CAQAwgcGlHTAbMQwwCgYD" +
- "VQQDDANBUlAxCzAJBgNVBAYTAkNIpoGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrrv4e42olM2YJqSbCN" +
- "d19EtW7d6T8HYvcSU5wsm5icKFkxyD5jrO/2xYh3zqUFYwZap0pA7qbhxk5sEne2ywVpt2lGSmpAU8M7hC9oh" +
- "Ep9wvv+3+td5MEO+qMuWWxF8OZBlYIFBZ/k+pGlU+4XlBP5Ai6pu/EI/0A+1/bcGs0sQIDAQABMBQwEgYJKwY" +
- "BBQUHBQEBDAVEVU1NWaACBQCgFwMVAO73HUPF//mY5+E714Cv5oprt0kO\r\n");
-
- ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(raw));
-
-
-
- IsTrue(msg.Verify(new Asn1MacFactoryProvider(),Strings.ToAsciiByteArray("TopSecret1234")));
-
- }
-
-
- [Test]
- public void TestConfirmationMessage()
- {
- RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
- rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
- AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
- TestCertBuilder builder = new TestCertBuilder()
- {
- NotBefore = DateTime.UtcNow.AddDays(-1),
- NotAfter = DateTime.UtcNow.AddDays(1),
- PublicKey = rsaKeyPair.Public,
- SignatureAlgorithm = "Sha1WithRSAEncryption"
-
- };
-
- builder.AddAttribute(X509Name.C, "Foo");
- X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
- GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
- GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-
- CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
- .AddAcceptedCertificate(cert, BigInteger.One)
- .Build();
-
- ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
- msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure()));
- msgBuilder.AddCmpCertificate(cert);
-
- ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
- ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
-
- IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
-
- IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
-
- IsEquals(sender,msg.Header.Sender);
- IsEquals(recipient,msg.Header.Recipient);
-
- content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder());
- CertificateStatus[] statusList = content.GetStatusMessages();
- IsEquals(1,statusList.Length);
- IsTrue(statusList[0].IsVerified(cert));
- }
-
-
-
- [Test]
- public void TestProtectedMessage()
- {
- RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
- rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537),new SecureRandom(),2048,100));
- AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
- TestCertBuilder builder = new TestCertBuilder()
- {
- NotBefore = DateTime.UtcNow.AddDays(-1),
- NotAfter = DateTime.UtcNow.AddDays(1),
- PublicKey = rsaKeyPair.Public,
- SignatureAlgorithm = "Sha1WithRSAEncryption"
-
- };
-
- builder.AddAttribute(X509Name.C, "Foo");
- X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
- GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
- GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-
- ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender,recipient);
- msgBuilder.AddCmpCertificate(cert);
-
- ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA",rsaKeyPair.Private);
-
- ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
-
- X509Certificate certificate = msg.GetCertificates()[0];
-
- IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
-
- IsTrue("PKIMessage must verify (MD5withRSA)",msg.Verify(verifierFactory));
- }
-
- [Test]
- public void TestMacProtectedMessage()
- {
- RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
- rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048,
- 100));
- AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
-
- TestCertBuilder builder = new TestCertBuilder()
- {
- NotBefore = DateTime.UtcNow.AddDays(-1),
- NotAfter = DateTime.UtcNow.AddDays(1),
- PublicKey = rsaKeyPair.Public,
- SignatureAlgorithm = "Sha1WithRSAEncryption"
-
- };
-
- builder.AddAttribute(X509Name.C, "Foo");
- X509Certificate cert = builder.Build(rsaKeyPair.Private);
-
- GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
- GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
-
- ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
- msgBuilder.AddCmpCertificate(cert);
-
- //
- // Default instance.
- //
-
-
- PkMacFactory macFactory = new PkMacFactory(new SecureRandom());
- macFactory.Password = Strings.ToAsciiByteArray("testpass");
- ProtectedPkiMessage msg = msgBuilder.Build(macFactory);
-
-
- MacVerifierFactory verifierFactory = new MacVerifierFactory(
- new PkMacFactory((PbmParameter) msg.Header.ProtectionAlg.Parameters)
- {Password = Strings.ToAsciiByteArray("testpass")}
- );
- IsTrue(msg.Verify(verifierFactory));
- }
-
-
-
-
- [Test]
- public void TestVerifyBCJavaGeneratedMessage()
- {
- //
- // Test with content generated by BC-JAVA version.
- //
-
- ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode(
- "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" +
- "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" +
- "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" +
- "01"));
- ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode(
- "30820155020100300d06092a864886f70d01010105000482013f3082013b02" +
- "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" +
- "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" +
- "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" +
- "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" +
- "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" +
- "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" +
- "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" +
- "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" +
- "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" +
- "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" +
- "3fe91d68"));
-
- byte[] ind = Hex.Decode(
- "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" +
- "123010310e300c06035504030c055265636970a140303e06092a864886f67d" +
- "07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" +
- "2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" +
- "031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" +
- "308201113081bca003020102020601684a515d5b300d06092a864886f70d01" +
- "01050500300f310d300b06035504030c0454657374301e170d313930313134" +
- "3033303433325a170d3139303432343033303433325a300f310d300b060355" +
- "04030c0454657374305c300d06092a864886f70d0101010500034b00304802" +
- "4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" +
- "365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" +
- "f68377450203010001300d06092a864886f70d0101050500034100264b5b76" +
- "f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" +
- "c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0");
-
-
- ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind));
-
- PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters);
-
- MacVerifierFactory verifierFactory = new MacVerifierFactory(new PkMacFactory(pbmParameters)
- {
- Password = Strings.ToAsciiByteArray("secret")
- });
-
- IsTrue(pkiMsg.Verify(verifierFactory));
- }
-
-
-
-}
-
- public class TestCertBuilder
- {
- IDictionary attrs = new Hashtable();
- IList ord = new ArrayList();
- IList values = new ArrayList();
-
- public DateTime NotBefore { get; set; }
-
- public DateTime NotAfter { get; set; }
-
- public AsymmetricKeyParameter PublicKey { get; set; }
-
- public String SignatureAlgorithm { get; set; }
-
- public X509Name Issuer { get; set; }
- public X509Name Subject { get; set; }
-
- public TestCertBuilder AddAttribute(DerObjectIdentifier name, Object value)
- {
- attrs[name] = value;
- ord.Add(name);
- values.Add(value);
- return this;
- }
-
- public X509Certificate Build(AsymmetricKeyParameter privateKey)
- {
- X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
-
- certGen.SetSerialNumber(BigInteger.One);
-
- if (Issuer != null)
- {
- certGen.SetIssuerDN(Issuer);
- }
- else
- {
- certGen.SetIssuerDN(new X509Name(ord, attrs));
- }
-
-
- certGen.SetNotBefore(NotBefore);
- certGen.SetNotAfter(NotAfter);
-
- if (Subject != null)
- {
- certGen.SetSubjectDN(Subject);
- }
- else
- {
- certGen.SetSubjectDN(new X509Name(ord, attrs));
- }
-
-
- certGen.SetPublicKey(PublicKey);
- certGen.SetSignatureAlgorithm(SignatureAlgorithm);
-
- return certGen.Generate(privateKey);
- }
- }
-}
diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
index ef1919779..c22ba3297 100644
--- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs
+++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
@@ -4,6 +4,7 @@ using System.Collections.Generic;
using System.Text;
using NUnit.Framework;
+using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Cmp;
using Org.BouncyCastle.Asn1.Crmf;
using Org.BouncyCastle.Crmf;
diff --git a/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs
new file mode 100644
index 000000000..ce023549e
--- /dev/null
+++ b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs
@@ -0,0 +1,84 @@
+using NUnit.Framework;
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Crmf;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Cmp;
+using Org.BouncyCastle.Crmf;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.X509;
+
+namespace crypto.test.src.ejbca.test
+{
+ [TestFixture]
+ public class EnrollmentExampleTest
+ {
+
+ [Test]
+ public void TestEnrollmentRAWithSharedSecret()
+ {
+ long certReqId = 1;
+ SecureRandom secureRandom = new SecureRandom();
+
+ byte[] senderNonce = new byte[20];
+ secureRandom.NextBytes(senderNonce);
+
+ byte[] transactionId = Strings.ToAsciiByteArray("MyTransactionId");
+
+
+ RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+ rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
+ AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+
+ CertificateRequestMessageBuilder msgbuilder = new CertificateRequestMessageBuilder(BigInteger.ValueOf(certReqId));
+ X509NameEntryConverter dnconverter = new X509DefaultEntryConverter();
+
+ X509Name issuerDN = X509Name.GetInstance(new X509Name("CN=AdminCA1").ToAsn1Object());
+ X509Name subjectDN = X509Name.GetInstance(new X509Name("CN=user", dnconverter).ToAsn1Object());
+ msgbuilder.SetIssuer(issuerDN);
+ msgbuilder.SetSubject(subjectDN);
+ SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public);
+
+ msgbuilder.SetPublicKey(keyInfo);
+ GeneralName sender = new GeneralName(subjectDN);
+ msgbuilder.SetAuthInfoSender(sender);
+ // RAVerified POP
+ msgbuilder.SetProofOfPossessionRaVerified();
+ CertificateRequestMessage msg = msgbuilder.Build();
+ GeneralName recipient = new GeneralName(issuerDN);
+
+ ProtectedPkiMessageBuilder pbuilder = new ProtectedPkiMessageBuilder(sender, recipient);
+ // pbuilder. SetMessageTime(new Date());
+ // senderNonce
+ pbuilder.SetSenderNonce(senderNonce);
+ // TransactionId
+ pbuilder.SetTransactionId(transactionId);
+ // Key Id used (required) by the recipient to do a lot of stuff
+ pbuilder.SetSenderKID(Strings.ToAsciiByteArray("KeyId"));
+
+
+ CertReqMessages msgs = new CertReqMessages(msg.ToAsn1Structure());
+ PkiBody pkibody = new PkiBody(PkiBody.TYPE_INIT_REQ, msgs);
+ pbuilder.SetBody(pkibody);
+
+
+
+ AlgorithmIdentifier digAlg = new AlgorithmIdentifier("1.3.14.3.2.26"); // SHA1
+ AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7"); // HMAC/SHA1
+
+ PkMacFactory macFactory = new PkMacFactory(digAlg,macAlg);
+ macFactory.Password = Strings.ToAsciiByteArray("password");
+
+ ProtectedPkiMessage message = pbuilder.Build(macFactory);
+
+
+ }
+
+ }
+}
\ No newline at end of file
|
