From abfe6f37e9e1135338ddb73f23e7639bdadc3824 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 10 May 2024 20:51:55 +0700 Subject: Add checks in CMS tests that recipient matches expected certificate --- .../src/cms/test/AuthenticatedDataStreamTest.cs | 1 + crypto/test/src/cms/test/AuthenticatedDataTest.cs | 16 ++++++--- .../test/src/cms/test/EnvelopedDataStreamTest.cs | 8 +++-- crypto/test/src/cms/test/EnvelopedDataTest.cs | 41 ++++++++++++++++------ 4 files changed, 48 insertions(+), 18 deletions(-) diff --git a/crypto/test/src/cms/test/AuthenticatedDataStreamTest.cs b/crypto/test/src/cms/test/AuthenticatedDataStreamTest.cs index 8ae275a69..14d15ea2d 100644 --- a/crypto/test/src/cms/test/AuthenticatedDataStreamTest.cs +++ b/crypto/test/src/cms/test/AuthenticatedDataStreamTest.cs @@ -98,6 +98,7 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); byte[] recData = recipient.GetContent(ReciKP.Private); diff --git a/crypto/test/src/cms/test/AuthenticatedDataTest.cs b/crypto/test/src/cms/test/AuthenticatedDataTest.cs index e9364d3aa..a922bed29 100644 --- a/crypto/test/src/cms/test/AuthenticatedDataTest.cs +++ b/crypto/test/src/cms/test/AuthenticatedDataTest.cs @@ -173,7 +173,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciECKP.Private); + Assert.True(recipient.RecipientID.Match(ReciECCert)); + + byte[] recData = recipient.GetContent(ReciECKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); @@ -206,8 +208,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - byte[] recData = recipient.GetContent(ReciKP.Private); + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); @@ -237,8 +240,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - byte[] recData = recipient.GetContent(ReciKP.Private); + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); @@ -268,8 +272,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.IdRsaesOaep.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - byte[] recData = recipient.GetContent(ReciKP.Private); + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); @@ -305,8 +310,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, algOid.Id); + Assert.True(Arrays.AreEqual(recipient.RecipientID.KeyIdentifier, kekId)); - byte[] recData = recipient.GetContent(kek); + byte[] recData = recipient.GetContent(kek); Assert.IsTrue(Arrays.AreEqual(data, recData)); Assert.IsTrue(Arrays.AreEqual(ad.GetMac(), recipient.GetMac())); diff --git a/crypto/test/src/cms/test/EnvelopedDataStreamTest.cs b/crypto/test/src/cms/test/EnvelopedDataStreamTest.cs index 0962d5bea..f22f55663 100644 --- a/crypto/test/src/cms/test/EnvelopedDataStreamTest.cs +++ b/crypto/test/src/cms/test/EnvelopedDataStreamTest.cs @@ -140,8 +140,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private); + CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(expectedData, CmsTestUtil.StreamToByteArray( recData.ContentStream))); @@ -323,8 +324,9 @@ namespace Org.BouncyCastle.Cms.Tests RecipientInformation recipient = e.Current; Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private); + CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private); Stream dataStream = recData.ContentStream; MemoryStream dataOut = new MemoryStream(); @@ -377,6 +379,7 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in recipients.GetRecipients()) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private); @@ -415,6 +418,7 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in recipients.GetRecipients()) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25"); + Assert.True(Arrays.AreEqual(recipient.RecipientID.KeyIdentifier, kekId)); CmsTypedStream recData = recipient.GetContentStream(kek); diff --git a/crypto/test/src/cms/test/EnvelopedDataTest.cs b/crypto/test/src/cms/test/EnvelopedDataTest.cs index 36b3c7db4..6c3c8991d 100644 --- a/crypto/test/src/cms/test/EnvelopedDataTest.cs +++ b/crypto/test/src/cms/test/EnvelopedDataTest.cs @@ -356,8 +356,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - byte[] recData = recipient.GetContent(ReciKP.Private); + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -386,7 +387,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -416,7 +419,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -445,7 +450,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -475,7 +482,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } } @@ -505,7 +514,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } } @@ -534,7 +545,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } } @@ -571,6 +584,8 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { + Assert.True(recipient.RecipientID.Match(ReciCert)); + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -604,7 +619,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { - byte[] recData = recipient.GetContent(ReciKP.Private); + Assert.True(recipient.RecipientID.Match(ReciCert)); + + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } } @@ -699,8 +716,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id); + Assert.True(recipient.RecipientID.Match(ReciCert)); - byte[] recData = recipient.GetContent(ReciKP.Private); + byte[] recData = recipient.GetContent(ReciKP.Private); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -728,7 +746,7 @@ namespace Org.BouncyCastle.Cms.Tests { Assert.AreEqual(recipient.KeyEncryptionAlgOid, NistObjectIdentifiers.IdAes128Wrap.Id); - byte[] recData = recipient.GetContent(kek); + byte[] recData = recipient.GetContent(kek); Assert.IsTrue(Arrays.AreEqual(data, recData)); } @@ -816,8 +834,9 @@ namespace Org.BouncyCastle.Cms.Tests foreach (RecipientInformation recipient in c) { Assert.AreEqual(algOid.Id, recipient.KeyEncryptionAlgOid); + Assert.True(Arrays.AreEqual(recipient.RecipientID.KeyIdentifier, kekId)); - byte[] recData = recipient.GetContent(kek); + byte[] recData = recipient.GetContent(kek); Assert.IsTrue(Arrays.AreEqual(data, recData)); } -- cgit 1.4.1