From 3d578b981aad94eaee07fa444dd11f9323026e94 Mon Sep 17 00:00:00 2001 From: MW Date: Thu, 17 Jan 2019 16:16:20 +1100 Subject: CMS ArchiveControl --- crypto/test/src/crmf/test/CrmfTest.cs | 191 ++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 crypto/test/src/crmf/test/CrmfTest.cs (limited to 'crypto/test') diff --git a/crypto/test/src/crmf/test/CrmfTest.cs b/crypto/test/src/crmf/test/CrmfTest.cs new file mode 100644 index 000000000..caff0e664 --- /dev/null +++ b/crypto/test/src/crmf/test/CrmfTest.cs @@ -0,0 +1,191 @@ +using System; +using System.Collections; +using NUnit.Core; +using NUnit.Framework; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cms; +using Org.BouncyCastle.Asn1.Crmf; +using Org.BouncyCastle.Asn1.Nist; +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cmp.Tests; +using Org.BouncyCastle.Cms; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Pkcs; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; +using Org.BouncyCastle.X509; + +namespace Org.BouncyCastle.Crmf.Tests +{ + [TestFixture] + public class CrmfTest : SimpleTest + { + + + public override string Name => "CRMF Tests"; + + + public override void PerformTest() + { + TestFromJVM(); + TestBasicMessage(); + TestBasicMessageWithArchiveControl(); + TestBasicMessageWithArchiveControlJVMGenerated(); + } + + [Test] + public void TestFromJVM() + { + var pubKey = PublicKeyFactory.CreateKey(Hex.Decode( + "305c300d06092a864886f70d0101010500034b003048024100bbb3f6a5031fbb1feedbfed7584a4f6321ccdc16b9526b0f6e31859328db35a6ec420a98e14fb3bcf192004b1aa6fc9269410204785cc01317232feb545a7b410203010001")); + var privKey = PrivateKeyFactory.CreateKey(Hex.Decode("30820153020100300d06092a864886f70d01010105000482013d30820139020100024100bbb3f6a5031fbb1feedbfed7584a4f6321ccdc16b9526b0f6e31859328db35a6ec420a98e14fb3bcf192004b1aa6fc9269410204785cc01317232feb545a7b41020301000102400093b384b9021c4cd59888e956cb1e653e736833235315b0e938116da19a9276b1ea1fe33da580a497313f08eb3e7c14627508a4284be04ea3e6ba8cb4b0a5c9022100e2fe0d9f35bfd7ecf196227e5e915a2464478ea7033c6dff4ce6a02961759a49022100d3b093770745dfea42c5c5c31f1a6b797a60dfb5503ae60f70b864452c4a193902203cc761c65b91feb3070cf8377602dd6c191dbfe8a04931fac6108a9a09ea7f61022071bb2a5f06af49cfc8340d3df995ee2c03cdcc22d389f15456511abdf73f9031022065bc10d43192cb3131c53be18a0d41a060d4e0a3324a47e3eb4bf720e1b46b10")); + + var rawMsg = Hex.Decode("3081cc30760201013071a511300f310d300b0603550403130454657374a65c300d06092a864886f70d0101010500034b003048024100bbb3f6a5031fbb1feedbfed7584a4f6321ccdc16b9526b0f6e31859328db35a6ec420a98e14fb3bcf192004b1aa6fc9269410204785cc01317232feb545a7b410203010001a152300d06092a864886f70d01010505000341003120cdb58edfef4a2e1a4bfe96b972007c1d1c949221d266efe28b45ba036b9d534f5dca261dce8f21e134d97e55c3bd76d1460781fd9703f8f9907d1f036c20"); + + var msg = new CertificateRequestMessage(rawMsg); + IsTrue("Pop Valid",msg.IsValidSigningKeyPop(new Asn1VerifierFactoryProvider(pubKey))); + + // + // Vandalize message to check for failure. + // + + rawMsg[7] ^= 1; + msg = new CertificateRequestMessage(rawMsg); + + IsTrue("Pop Verified Vandalized Message!", !msg.IsValidSigningKeyPop(new Asn1VerifierFactoryProvider(pubKey))); + + } + + + + [Test] + public void TestBasicMessage() + { + var rsaKeyPairGenerator = new RsaKeyPairGenerator(); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + var rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); + + var certReqBuild = new CertificateRequestMessageBuilder(BigInteger.One); + + certReqBuild.SetSubject(new X509Name("CN=Test")) + .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)) + .SetProofOfPossessionSignKeySigner(new Asn1SignatureFactory("SHA1WithRSA", rsaKeyPair.Private)); + + var certificateRequestMessage = certReqBuild.Build(); + + IsTrue("Signing Key Pop Valid",certificateRequestMessage.IsValidSigningKeyPop(new Asn1VerifierFactoryProvider(rsaKeyPair.Public))); + IsTrue(certificateRequestMessage.GetCertTemplate().Subject.Equivalent(new X509Name("CN=Test"))); + IsTrue(certificateRequestMessage.GetCertTemplate().PublicKey.Equals(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public))); + } + + [Test] + public void TestBasicMessageWithArchiveControl() + { + var rsaKeyPairGenerator = new RsaKeyPairGenerator(); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + var rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); + + var tcb = new TestCertBuilder() + { + PublicKey = rsaKeyPair.Public, + Subject = new X509Name("CN=Test"), + Issuer = new X509Name("CN=Test"), + NotBefore = DateTime.UtcNow.AddDays(-1), + NotAfter = DateTime.UtcNow.AddDays(1), + SignatureAlgorithm = "Sha1WithRSAEncryption" + }; + + var cert = tcb.Build(rsaKeyPair.Private); + + var publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public); + var privateInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(rsaKeyPair.Private); + + + var certificateRequestMessageBuilder = new CertificateRequestMessageBuilder(BigInteger.One); + certificateRequestMessageBuilder.SetSubject(new X509Name("CN=Test")); + certificateRequestMessageBuilder.SetPublicKey(publicKeyInfo); + + certificateRequestMessageBuilder.AddControl( + new PKIArchiveControlBuilder(privateInfo, new GeneralName(new X509Name("CN=Test"))) + .AddRecipientGenerator(new KeyTransRecipientInfoGenerator() + { + RecipientCert = cert, + SubjectKeyIdentifier = (DerOctetString)SubjectKeyIdentifier.CreateSha1KeyIdentifier(publicKeyInfo).ToAsn1Object() + }).Build(new CmsContentEncryptorBuilder(NistObjectIdentifiers.IdAes128Cbc) + .Build()) + ); + + var msg = certificateRequestMessageBuilder.Build(); + + IsTrue(Arrays.AreEqual(msg.GetCertTemplate().Subject.GetEncoded(), new X509Name("CN=Test").GetEncoded())); + IsTrue(Arrays.AreEqual(msg.GetCertTemplate().PublicKey.GetEncoded(),publicKeyInfo.GetEncoded())); + + checkCertReqMsgWithArchiveControl(rsaKeyPair,msg); + checkCertReqMsgWithArchiveControl(rsaKeyPair, new CertificateRequestMessage(msg.GetEncoded())); + + } + + [Test] + public void TestBasicMessageWithArchiveControlJVMGenerated() + { + AsymmetricKeyParameter publicKey = PublicKeyFactory.CreateKey( + Hex.Decode("305c300d06092a864886f70d0101010500034b003048024100a9a94b7b98dc3daf8cac032a14bd4510832b0e007edbdafc065e328645a35828b8185cdbf73ed495c88436b11a9322965595d2e4c1dd63c3c4d41812f876b3070203010001")); + AsymmetricKeyParameter privateKey = PrivateKeyFactory.CreateKey( + Hex.Decode("30820154020100300d06092a864886f70d01010105000482013e3082013a020100024100a9a94b7b98dc3daf8cac032a14bd4510832b0e007edbdafc065e328645a35828b8185cdbf73ed495c88436b11a9322965595d2e4c1dd63c3c4d41812f876b307020301000102400831deacfe21a9331902d7f648e1297c563196b00c70971fb439098cb5c1618925bdbac4c66b30f8956660220f326f51e5a1725ce690165154fb62fa14497265022100e54943be1b4951e127f6e79c5ab333cba4b0fff0b5e59328d6393ba98dc0e6c3022100bd6da58ce195146a1d3825ec2a622cf4962da653096bea87fbd9a94db266a66d0221008948bcceeef78f97089ec53ed0efcb6b7b489f7638f32491a6f2cdce4f99d89102204eb1b066d8883054ed12985e863506ec0d3fa5ab356cc99ff876b228ff0639f9022024049aaf39bf9a0ddfbd4caee277d0a9f07d075faae12571176a5c0ca40415c0")); + + CertificateRequestMessage msg = new CertificateRequestMessage( + Hex.Decode("308202af308202ab0201013071a511300f310d300b0603550403130454657374a65c300d06092a864886f70d0101010500034b003048024100a9a94b7b98dc3daf8cac032a14bd4510832b0e007edbdafc065e328645a35828b8185cdbf73ed495c88436b11a9322965595d2e4c1dd63c3c4d41812f876b3070203010001308202313082022d06092b0601050507050104a082021ea082021a0201003171306f0201003019300f310d300b06035504030c04546573740206016859de5806300d06092a864886f70d0101010500044066f1a72f808908af784b83c07895276104d7c4caaee6090212ce5b27517aec510425b784352b5342c999f844b8796286f10a59807e290f06aa39f8cba86dd6bf308201a0060b2a864886f70d0109100115301d060960864801650304010204104aceaa277cc7974ea2a775ff9db6062580820170c648e70c25c4789d2ff4ed398e5536efb45d2dd8ba76a628ad30bf9596a18337afc0f596f0c18e05fb3fa9944ed9691dae1d9b327b5bbafaaa63efb0e22d675811c27bfb023b80184325fd4b67b3b9e41bf43c5583a86433b230e09a34b61397ddff0eadf10c883fc1f01860e2a56ab4002dcc4d4925c53e09dde0b99928fdf602bce544722155cebd8816e91a411a99feea07695774cd8883034022d57f64e9cd3383c3125c48db2936b7395a22b17910be1f2c0b8650bdb5bd752ffc40fcd30169e5ae3a4ac7ad9cc850e9c17bbcf8e1a1898d0d8be19145c484467b8f1124657a5e08c10fc67416274990cc16d55c9fb76c265dd436b7e803425892297f1a08e4fab8e178874b2b3bf9c749693d609db208e9a3ebbddd26cd6a1b33c0201532170dc6c303e7ac0c42ba0bc54dfb928b228842b6bb08d8dc411d262dabf140a8b5a5c67ea486c1877a2fc000981d54cf2decaf1cfeebcf83134992b09a2b1fe9e02da25b874604b5d8bbd609875ba8")); + + AsymmetricCipherKeyPair rsaKeyPair = new AsymmetricCipherKeyPair(publicKey,privateKey); + + + SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey); + + + Console.WriteLine(msg.GetCertTemplate().Subject.Equivalent(new X509Name("CN=Test"))); + + IsTrue(msg.GetCertTemplate().Subject.Equivalent(new X509Name("CN=Test"))); + IsTrue(Arrays.AreEqual(msg.GetCertTemplate().PublicKey.GetEncoded(), publicKeyInfo.GetEncoded())); + + checkCertReqMsgWithArchiveControl(rsaKeyPair, msg); + checkCertReqMsgWithArchiveControl(rsaKeyPair, new CertificateRequestMessage(msg.GetEncoded())); + + checkCertReqMsgWithArchiveControl(rsaKeyPair,msg); + } + + private void checkCertReqMsgWithArchiveControl(AsymmetricCipherKeyPair kp, CertificateRequestMessage certReqMessage) + { + var archiveControl = + (PkiArchiveControl) certReqMessage.GetControl(CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions); + IsEquals("Archive type", PkiArchiveControl.encryptedPrivKey, archiveControl.ArchiveType); + + IsTrue(archiveControl.EnvelopedData); + RecipientInformationStore recips = archiveControl.GetEnvelopedData().GetRecipientInfos(); + + ArrayList collection = (ArrayList)recips.GetRecipients(); + + IsTrue(collection.Count == 1); + KeyTransRecipientInformation info = (KeyTransRecipientInformation)collection[0]; + + EncKeyWithID encKeyWithId = EncKeyWithID.GetInstance(info.GetContent(kp.Private)); + + IsTrue(encKeyWithId.HasIdentifier); + IsTrue(!encKeyWithId.IsIdentifierUtf8String); // GeneralName at this point. + + + IsTrue("Name", X509Name.GetInstance(GeneralName.GetInstance(encKeyWithId.Identifier).Name).Equivalent(new X509Name("CN=Test"))); + + PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(kp.Private); + IsTrue("Private Key", Arrays.AreEqual(privateKeyInfo.GetEncoded(), encKeyWithId.PrivateKey.GetEncoded())); + + } + + } +} \ No newline at end of file -- cgit 1.4.1