summary refs log tree commit diff
path: root/crypto/test
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/test')
-rw-r--r--crypto/test/src/cmp/test/ProtectedMessageTest.cs430
1 files changed, 430 insertions, 0 deletions
diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
new file mode 100644
index 000000000..ef1919779
--- /dev/null
+++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
@@ -0,0 +1,430 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+
+using System.Text;
+using NUnit.Framework;
+using Org.BouncyCastle.Asn1.Cmp;
+using Org.BouncyCastle.Asn1.Crmf;
+using Org.BouncyCastle.Crmf;
+using Org.BouncyCastle.Asn1.Nist;
+using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1.X509;
+using Org.BouncyCastle.Cms;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Digests;
+using Org.BouncyCastle.Crypto.Engines;
+using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Crypto.Signers;
+using Org.BouncyCastle.Math;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Utilities;
+using Org.BouncyCastle.Utilities.Encoders;
+using Org.BouncyCastle.Utilities.Test;
+using Org.BouncyCastle.X509;
+
+namespace Org.BouncyCastle.Cmp.Tests
+{
+    [TestFixture]
+    public class ProtectedMessageTest : SimpleTest
+    {
+        public override string Name
+        {
+            get { return "ProtectedMessageTest"; }
+        }
+
+        public override void PerformTest()
+        {
+            TestVerifyBCJavaGeneratedMessage();
+            TestSubsequentMessage();
+            TestMacProtectedMessage();
+            TestProtectedMessage();
+            TestConfirmationMessage();
+            TestSampleCr();        
+        }
+
+//        [Test]
+//        public void TestServerSideKey()
+//        {
+//            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+//            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
+//            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+//
+//            TestCertBuilder builder = new TestCertBuilder()
+//            {
+//                Issuer = new X509Name("CN=Test"),
+//                Subject =  new X509Name("CN=Test"),
+//                NotBefore = DateTime.UtcNow.AddDays(-1),
+//                NotAfter = DateTime.UtcNow.AddDays(1),
+//                PublicKey = rsaKeyPair.Public,
+//                SignatureAlgorithm = "MD5WithRSAEncryption"
+//            };
+//
+//            builder.AddAttribute(X509Name.C, "Foo");
+//            X509Certificate cert = builder.Build(rsaKeyPair.Private);
+//               
+//            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
+//            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
+//
+//            
+//
+//        }
+
+        [Test]
+        public void TestNotBeforeNotAfter()
+        {
+            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
+            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+            doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1,1,1,0,0,1), new DateTime(1,1,1,0,0,10)); 
+            doNotBeforeNotAfterTest(rsaKeyPair, DateTime.MinValue, new DateTime(1, 1, 1, 0, 0, 10));
+            doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1, 1, 1, 0, 0, 1), DateTime.MinValue);
+        }
+
+
+        private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter)
+        {
+            CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One)
+                .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public))
+                .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
+
+            builder.SetValidity(new Time(notBefore), new Time(notAfter));
+            CertificateRequestMessage msg = builder.Build();
+
+            if (!notBefore.Equals(DateTime.MinValue))
+            {
+                IsTrue("NotBefore did not match",(notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime())));
+            }
+            else
+            {
+                IsTrue("Expected NotBefore to empty.",DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime());
+            }
+
+            if (!notAfter.Equals(DateTime.MinValue))
+            {
+                IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime())));
+            }
+            else
+            {
+                IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime());
+            }
+
+        }
+
+
+        [Test]
+        public void TestSubsequentMessage()
+        {
+            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
+            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+            TestCertBuilder builder = new TestCertBuilder()
+            {
+                NotBefore = DateTime.UtcNow.AddDays(-1),
+                NotAfter = DateTime.UtcNow.AddDays(1),
+                PublicKey = rsaKeyPair.Public,
+                SignatureAlgorithm = "Sha1WithRSAEncryption"
+
+            };
+
+            X509Certificate cert = builder.Build(rsaKeyPair.Private);
+
+            GeneralName user = new GeneralName(new X509Name("CN=Test"));
+
+            CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One)
+                .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))
+                .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert);
+
+            ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private);
+
+            ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user,user)
+                .SetTransactionId(new byte[]{1,2,3,4,5})
+                .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[]{crmBuiler.Build().ToAsn1Structure()})))
+                .AddCmpCertificate(cert)            
+                .Build(sigFact);
+
+            ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(certRequestMsg.ToAsn1Message().GetDerEncoded()));
+            CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content);
+            CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0];
+            IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type);
+
+        }
+
+
+
+        [Test]
+        public void TestSampleCr()
+        {
+            byte[] raw = Base64.Decode(
+                "MIIB5TCB3AIBAqQdMBsxDDAKBgNVBAMMA0FSUDELMAkGA1UEBhMCQ0ikOTA3MREwDwYDVQQDDAhBZG1pbkNBM" +
+                "TEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRaFGMEQGCSqGSIb2fQdCDTA3BBxzYWx0Tm9NYX" +
+                "R0ZXJXaGF0VGhpc1N0cmluZ0lzMAcGBSsOAwIaAgIEADAKBggrBgEFBQgBAqIQBA5TZW5kZXJLSUQtMjAwOKQ" +
+                "PBA0xMjAzNjA3MDE1OTQ0pRIEEOPfE1DMncRUdrBj8KelgsCigeowgecwgeQwgd0CAQAwgcGlHTAbMQwwCgYD" +
+                "VQQDDANBUlAxCzAJBgNVBAYTAkNIpoGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrrv4e42olM2YJqSbCN" +
+                "d19EtW7d6T8HYvcSU5wsm5icKFkxyD5jrO/2xYh3zqUFYwZap0pA7qbhxk5sEne2ywVpt2lGSmpAU8M7hC9oh" +
+                "Ep9wvv+3+td5MEO+qMuWWxF8OZBlYIFBZ/k+pGlU+4XlBP5Ai6pu/EI/0A+1/bcGs0sQIDAQABMBQwEgYJKwY" +
+                "BBQUHBQEBDAVEVU1NWaACBQCgFwMVAO73HUPF//mY5+E714Cv5oprt0kO\r\n");
+
+            ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(raw));
+
+            
+                       
+            IsTrue(msg.Verify(new Asn1MacFactoryProvider(),Strings.ToAsciiByteArray("TopSecret1234")));
+
+        }
+
+
+        [Test]
+        public void TestConfirmationMessage()
+        {
+            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100));
+            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+            TestCertBuilder builder = new TestCertBuilder()
+            {
+                NotBefore = DateTime.UtcNow.AddDays(-1),
+                NotAfter = DateTime.UtcNow.AddDays(1),
+                PublicKey = rsaKeyPair.Public,
+                SignatureAlgorithm = "Sha1WithRSAEncryption"
+
+            };
+
+            builder.AddAttribute(X509Name.C, "Foo");
+            X509Certificate cert = builder.Build(rsaKeyPair.Private);
+
+            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
+            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
+
+            CertificateConfirmationContent content = new CertificateConfirmationContentBuilder()
+                .AddAcceptedCertificate(cert, BigInteger.One)
+                .Build();
+
+            ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
+            msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure()));            
+            msgBuilder.AddCmpCertificate(cert);
+
+            ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private);
+            ProtectedPkiMessage msg = msgBuilder.Build(sigFact);
+
+            IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
+
+            IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory));
+
+            IsEquals(sender,msg.Header.Sender);
+            IsEquals(recipient,msg.Header.Recipient);
+
+            content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder());
+            CertificateStatus[] statusList = content.GetStatusMessages();
+            IsEquals(1,statusList.Length);
+            IsTrue(statusList[0].IsVerified(cert));
+        }
+
+
+
+        [Test]
+        public  void TestProtectedMessage()
+        {
+           RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537),new SecureRandom(),2048,100));
+           AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+            TestCertBuilder builder = new TestCertBuilder()
+            {
+                NotBefore = DateTime.UtcNow.AddDays(-1),
+                NotAfter =  DateTime.UtcNow.AddDays(1),
+                PublicKey = rsaKeyPair.Public,
+                SignatureAlgorithm = "Sha1WithRSAEncryption"
+                      
+            };
+
+            builder.AddAttribute(X509Name.C, "Foo");
+            X509Certificate cert = builder.Build(rsaKeyPair.Private);
+
+            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
+            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
+          
+            ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender,recipient);
+            msgBuilder.AddCmpCertificate(cert);
+           
+            ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA",rsaKeyPair.Private);
+
+            ProtectedPkiMessage msg =  msgBuilder.Build(sigFact);
+
+            X509Certificate certificate = msg.GetCertificates()[0];
+
+            IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public);
+
+            IsTrue("PKIMessage must verify (MD5withRSA)",msg.Verify(verifierFactory));
+        }
+
+        [Test]
+        public void TestMacProtectedMessage()
+        {
+            RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
+            rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048,
+                100));
+            AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair();
+
+            TestCertBuilder builder = new TestCertBuilder()
+            {
+                NotBefore = DateTime.UtcNow.AddDays(-1),
+                NotAfter = DateTime.UtcNow.AddDays(1),
+                PublicKey = rsaKeyPair.Public,
+                SignatureAlgorithm = "Sha1WithRSAEncryption"
+
+            };
+
+            builder.AddAttribute(X509Name.C, "Foo");
+            X509Certificate cert = builder.Build(rsaKeyPair.Private);
+
+            GeneralName sender = new GeneralName(new X509Name("CN=Sender"));
+            GeneralName recipient = new GeneralName(new X509Name("CN=Recip"));
+
+            ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient);
+            msgBuilder.AddCmpCertificate(cert);
+
+            //
+            // Default instance.
+            //
+
+
+            PkMacFactory macFactory = new PkMacFactory(new SecureRandom());
+            macFactory.Password = Strings.ToAsciiByteArray("testpass");
+            ProtectedPkiMessage msg = msgBuilder.Build(macFactory);
+
+
+            MacVerifierFactory verifierFactory = new MacVerifierFactory(
+                new PkMacFactory((PbmParameter) msg.Header.ProtectionAlg.Parameters)
+                    {Password = Strings.ToAsciiByteArray("testpass")}
+            );
+            IsTrue(msg.Verify(verifierFactory));
+        }
+
+     
+        
+
+        [Test]
+        public void TestVerifyBCJavaGeneratedMessage()
+        {
+        //
+        // Test with content generated by BC-JAVA version.
+        //
+
+        ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode(
+            "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" +
+            "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" +
+            "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" +
+            "01"));
+        ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode(
+            "30820155020100300d06092a864886f70d01010105000482013f3082013b02" +
+            "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" +
+            "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" +
+            "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" +
+            "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" +
+            "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" +
+            "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" +
+            "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" +
+            "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" +
+            "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" +
+            "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" +
+            "3fe91d68"));
+
+        byte[] ind = Hex.Decode(
+            "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" +
+            "123010310e300c06035504030c055265636970a140303e06092a864886f67d" +
+            "07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" +
+            "2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" +
+            "031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" +
+            "308201113081bca003020102020601684a515d5b300d06092a864886f70d01" +
+            "01050500300f310d300b06035504030c0454657374301e170d313930313134" +
+            "3033303433325a170d3139303432343033303433325a300f310d300b060355" +
+            "04030c0454657374305c300d06092a864886f70d0101010500034b00304802" +
+            "4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" +
+            "365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" +
+            "f68377450203010001300d06092a864886f70d0101050500034100264b5b76" +
+            "f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" +
+            "c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0");
+
+
+        ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind));
+
+        PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters);
+
+        MacVerifierFactory verifierFactory = new MacVerifierFactory(new PkMacFactory(pbmParameters)
+        {
+            Password = Strings.ToAsciiByteArray("secret")
+        });
+
+        IsTrue(pkiMsg.Verify(verifierFactory));
+    }
+
+
+    
+}
+
+    public class TestCertBuilder
+    {
+        IDictionary attrs = new Hashtable();
+        IList ord = new ArrayList();
+        IList values = new ArrayList();
+
+        public DateTime NotBefore { get; set; }
+
+        public DateTime NotAfter { get; set; }
+
+        public AsymmetricKeyParameter PublicKey { get; set; }
+
+        public String SignatureAlgorithm { get; set; }
+
+        public X509Name Issuer { get; set; }
+        public X509Name Subject { get; set; }
+
+        public TestCertBuilder AddAttribute(DerObjectIdentifier name, Object value)
+        {
+            attrs[name] = value;
+            ord.Add(name);
+            values.Add(value);
+            return this;
+        }
+
+        public X509Certificate Build(AsymmetricKeyParameter privateKey)
+        {
+            X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
+
+            certGen.SetSerialNumber(BigInteger.One);
+
+            if (Issuer != null)
+            {
+                certGen.SetIssuerDN(Issuer);
+            }
+            else
+            {
+                certGen.SetIssuerDN(new X509Name(ord, attrs));
+            }
+
+           
+            certGen.SetNotBefore(NotBefore);
+            certGen.SetNotAfter(NotAfter);
+
+            if (Subject != null)
+            {
+                certGen.SetSubjectDN(Subject);
+            }
+            else
+            {
+                certGen.SetSubjectDN(new X509Name(ord, attrs));
+            }
+
+          
+            certGen.SetPublicKey(PublicKey);
+            certGen.SetSignatureAlgorithm(SignatureAlgorithm);
+
+            return certGen.Generate(privateKey);
+        }
+    }
+}