From b7d7b6c6abb66a343ac9722fd0f80a4de203cc25 Mon Sep 17 00:00:00 2001 From: Megan Woods Date: Mon, 14 Jan 2019 19:19:55 +1100 Subject: Updated locations added initial example for EJBCA --- crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs | 174 --------- crypto/src/cmp/ProtectedPkiMessageBuilder.cs | 173 +++++++++ .../src/crmf/CertificateRequestMessageBuilder.cs | 2 + crypto/test/src/asn1/test/ProtectedMessageTest.cs | 429 --------------------- crypto/test/src/cmp/test/ProtectedMessageTest.cs | 1 + .../test/src/ejbca/test/EnrollmentExampleTest.cs | 84 ++++ 6 files changed, 260 insertions(+), 603 deletions(-) delete mode 100644 crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs create mode 100644 crypto/src/cmp/ProtectedPkiMessageBuilder.cs delete mode 100644 crypto/test/src/asn1/test/ProtectedMessageTest.cs create mode 100644 crypto/test/src/ejbca/test/EnrollmentExampleTest.cs (limited to 'crypto') diff --git a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs deleted file mode 100644 index a6a98d753..000000000 --- a/crypto/src/asn1/cmp/ProtectedPkiMessageBuilder.cs +++ /dev/null @@ -1,174 +0,0 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.IO; -using System.Text; -using Org.BouncyCastle.Asn1.Pkcs; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.IO; -using Org.BouncyCastle.Crypto.Macs; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Paddings; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.X509; - -namespace Org.BouncyCastle.Asn1.Cmp -{ - public class ProtectedPkiMessageBuilder - { - private PkiHeaderBuilder hdrBuilBuilder; - private PkiBody body; - private ArrayList generalInfos = new ArrayList(); - private ArrayList extraCerts = new ArrayList(); - - public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient) : this(PkiHeader.CMP_2000, sender, - recipient) - { - } - - - public ProtectedPkiMessageBuilder(int pvno, GeneralName sender, GeneralName recipient) - { - hdrBuilBuilder = new PkiHeaderBuilder(pvno, sender, recipient); - } - - public ProtectedPkiMessageBuilder SetTransactionId(byte[] tid) - { - hdrBuilBuilder.SetTransactionID(tid); - return this; - } - - public ProtectedPkiMessageBuilder SetFreeText(PkiFreeText freeText) - { - hdrBuilBuilder.SetFreeText(freeText); - return this; - } - - public ProtectedPkiMessageBuilder AddGeneralInfo(InfoTypeAndValue genInfo) - { - generalInfos.Add(genInfo); - return this; - } - - public ProtectedPkiMessageBuilder SetRecipKID(byte[] id) - { - hdrBuilBuilder.SetRecipKID(id); - return this; - } - - public ProtectedPkiMessageBuilder SetRecipNonce(byte[] nonce) - { - hdrBuilBuilder.SetRecipNonce(nonce); - return this; - } - - public ProtectedPkiMessageBuilder SetSenderKID(byte[] id) - { - hdrBuilBuilder.SetSenderKID(id); - return this; - } - - public ProtectedPkiMessageBuilder SetSenderNonce(byte[] nonce) - { - hdrBuilBuilder.SetSenderNonce(nonce); - return this; - } - - public ProtectedPkiMessageBuilder SetBody(PkiBody body) - { - this.body = body; - return this; - } - - public ProtectedPkiMessageBuilder AddCmpCertificate(X509Certificate certificate) - { - extraCerts.Add(certificate); - return this; - } - - public ProtectedPkiMessage Build(ISignatureFactory signatureFactory) - { - IStreamCalculator calculator = signatureFactory.CreateCalculator(); - - if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier)) - { - throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier"); - } - - FinalizeHeader((AlgorithmIdentifier) signatureFactory.AlgorithmDetails); - PkiHeader header = hdrBuilBuilder.Build(); - DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); - return FinalizeMessage(header, protection); - } - - public ProtectedPkiMessage Build(IMacFactory factory) - { - IStreamCalculator calculator = factory.CreateCalculator(); - FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); - PkiHeader header = hdrBuilBuilder.Build(); - DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); - return FinalizeMessage(header, protection); - } - - - private void FinalizeHeader(AlgorithmIdentifier algorithmIdentifier) - { - hdrBuilBuilder.SetProtectionAlg(algorithmIdentifier); - if (generalInfos.Count > 0) - { - InfoTypeAndValue[] genInfos = new InfoTypeAndValue[generalInfos.Count]; - for (int t = 0; t < genInfos.Length; t++) - { - genInfos[t] = (InfoTypeAndValue) generalInfos[t]; - } - - hdrBuilBuilder.SetGeneralInfo(genInfos); - } - } - - private ProtectedPkiMessage FinalizeMessage(PkiHeader header, DerBitString protection) - { - if (extraCerts.Count > 0) - { - CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count]; - for (int i = 0; i < cmpCertificates.Length; i++) - { - byte[] cert = ((X509Certificate) extraCerts[i]).GetEncoded(); - cmpCertificates[i] = CmpCertificate.GetInstance((Asn1Sequence.FromByteArray(cert))); - } - - return new ProtectedPkiMessage(new PkiMessage(header, body, protection, cmpCertificates)); - } - - return new ProtectedPkiMessage(new PkiMessage(header, body, protection)); - } - - private byte[] CalculateSignature(IStreamCalculator signer, PkiHeader header, PkiBody body) - { - Asn1EncodableVector avec = new Asn1EncodableVector(); - avec.Add(header); - avec.Add(body); - byte[] encoded = new DerSequence(avec).GetEncoded(); - signer.Stream.Write(encoded, 0, encoded.Length); - Object result = signer.GetResult(); - - - if (result is DefaultSignatureResult) - { - return ((DefaultSignatureResult) result).Collect(); - } - else if (result is DefaultMacAndDigestResult) - { - return ((DefaultMacAndDigestResult) result).MacResult; - } - else if (result is byte[]) - { - return (byte[]) result; - } - - throw new InvalidOperationException("result is not byte[] or DefaultSignatureResult"); - } - } -} \ No newline at end of file diff --git a/crypto/src/cmp/ProtectedPkiMessageBuilder.cs b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs new file mode 100644 index 000000000..22a004669 --- /dev/null +++ b/crypto/src/cmp/ProtectedPkiMessageBuilder.cs @@ -0,0 +1,173 @@ +using System; +using System.Collections; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.X509; + +namespace Org.BouncyCastle.Cmp +{ + public class ProtectedPkiMessageBuilder + { + private PkiHeaderBuilder hdrBuilBuilder; + private PkiBody body; + private ArrayList generalInfos = new ArrayList(); + private ArrayList extraCerts = new ArrayList(); + + public ProtectedPkiMessageBuilder(GeneralName sender, GeneralName recipient) : this(PkiHeader.CMP_2000, sender, + recipient) + { + } + + + public ProtectedPkiMessageBuilder(int pvno, GeneralName sender, GeneralName recipient) + { + hdrBuilBuilder = new PkiHeaderBuilder(pvno, sender, recipient); + } + + public ProtectedPkiMessageBuilder SetTransactionId(byte[] tid) + { + hdrBuilBuilder.SetTransactionID(tid); + return this; + } + + public ProtectedPkiMessageBuilder SetFreeText(PkiFreeText freeText) + { + hdrBuilBuilder.SetFreeText(freeText); + return this; + } + + public ProtectedPkiMessageBuilder AddGeneralInfo(InfoTypeAndValue genInfo) + { + generalInfos.Add(genInfo); + return this; + } + + public ProtectedPkiMessageBuilder SetMessageTime(DerGeneralizedTime generalizedTime) + { + hdrBuilBuilder.SetMessageTime(generalizedTime); + return this; + } + + public ProtectedPkiMessageBuilder SetRecipKID(byte[] id) + { + hdrBuilBuilder.SetRecipKID(id); + return this; + } + + public ProtectedPkiMessageBuilder SetRecipNonce(byte[] nonce) + { + hdrBuilBuilder.SetRecipNonce(nonce); + return this; + } + + public ProtectedPkiMessageBuilder SetSenderKID(byte[] id) + { + hdrBuilBuilder.SetSenderKID(id); + return this; + } + + public ProtectedPkiMessageBuilder SetSenderNonce(byte[] nonce) + { + hdrBuilBuilder.SetSenderNonce(nonce); + return this; + } + + public ProtectedPkiMessageBuilder SetBody(PkiBody body) + { + this.body = body; + return this; + } + + public ProtectedPkiMessageBuilder AddCmpCertificate(X509Certificate certificate) + { + extraCerts.Add(certificate); + return this; + } + + public ProtectedPkiMessage Build(ISignatureFactory signatureFactory) + { + IStreamCalculator calculator = signatureFactory.CreateCalculator(); + + if (!(signatureFactory.AlgorithmDetails is AlgorithmIdentifier)) + { + throw new ArgumentException("AlgorithmDetails is not AlgorithmIdentifier"); + } + + FinalizeHeader((AlgorithmIdentifier) signatureFactory.AlgorithmDetails); + PkiHeader header = hdrBuilBuilder.Build(); + DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); + return FinalizeMessage(header, protection); + } + + public ProtectedPkiMessage Build(IMacFactory factory) + { + IStreamCalculator calculator = factory.CreateCalculator(); + FinalizeHeader((AlgorithmIdentifier)factory.AlgorithmDetails); + PkiHeader header = hdrBuilBuilder.Build(); + DerBitString protection = new DerBitString(CalculateSignature(calculator, header, body)); + return FinalizeMessage(header, protection); + } + + + private void FinalizeHeader(AlgorithmIdentifier algorithmIdentifier) + { + hdrBuilBuilder.SetProtectionAlg(algorithmIdentifier); + if (generalInfos.Count > 0) + { + InfoTypeAndValue[] genInfos = new InfoTypeAndValue[generalInfos.Count]; + for (int t = 0; t < genInfos.Length; t++) + { + genInfos[t] = (InfoTypeAndValue) generalInfos[t]; + } + + hdrBuilBuilder.SetGeneralInfo(genInfos); + } + } + + private ProtectedPkiMessage FinalizeMessage(PkiHeader header, DerBitString protection) + { + if (extraCerts.Count > 0) + { + CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count]; + for (int i = 0; i < cmpCertificates.Length; i++) + { + byte[] cert = ((X509Certificate) extraCerts[i]).GetEncoded(); + cmpCertificates[i] = CmpCertificate.GetInstance((Asn1Sequence.FromByteArray(cert))); + } + + return new ProtectedPkiMessage(new PkiMessage(header, body, protection, cmpCertificates)); + } + + return new ProtectedPkiMessage(new PkiMessage(header, body, protection)); + } + + private byte[] CalculateSignature(IStreamCalculator signer, PkiHeader header, PkiBody body) + { + Asn1EncodableVector avec = new Asn1EncodableVector(); + avec.Add(header); + avec.Add(body); + byte[] encoded = new DerSequence(avec).GetEncoded(); + signer.Stream.Write(encoded, 0, encoded.Length); + Object result = signer.GetResult(); + + + if (result is DefaultSignatureResult) + { + return ((DefaultSignatureResult) result).Collect(); + } + else if (result is DefaultMacAndDigestResult) + { + return ((DefaultMacAndDigestResult) result).MacResult; + } + else if (result is byte[]) + { + return (byte[]) result; + } + + throw new InvalidOperationException("result is not byte[] or DefaultSignatureResult"); + } + } +} \ No newline at end of file diff --git a/crypto/src/crmf/CertificateRequestMessageBuilder.cs b/crypto/src/crmf/CertificateRequestMessageBuilder.cs index 53ebdf3f5..10a575abe 100644 --- a/crypto/src/crmf/CertificateRequestMessageBuilder.cs +++ b/crypto/src/crmf/CertificateRequestMessageBuilder.cs @@ -3,6 +3,8 @@ using System.Collections; using System.Collections.Generic; using System.Security.Cryptography.X509Certificates; using System.Text; +using Org.BouncyCastle.Asn1; +using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Operators; diff --git a/crypto/test/src/asn1/test/ProtectedMessageTest.cs b/crypto/test/src/asn1/test/ProtectedMessageTest.cs deleted file mode 100644 index 5ff51ba1a..000000000 --- a/crypto/test/src/asn1/test/ProtectedMessageTest.cs +++ /dev/null @@ -1,429 +0,0 @@ -using System; -using System.Collections; -using System.Collections.Generic; - -using System.Text; -using NUnit.Framework; -using Org.BouncyCastle.Asn1.Cmp; -using Org.BouncyCastle.Asn1.Crmf; -using Org.BouncyCastle.Asn1.Nist; -using Org.BouncyCastle.Asn1.Pkcs; -using Org.BouncyCastle.Asn1.X509; -using Org.BouncyCastle.Cms; -using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Generators; -using Org.BouncyCastle.Crypto.Operators; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Crypto.Signers; -using Org.BouncyCastle.Math; -using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; -using Org.BouncyCastle.X509; - -namespace Org.BouncyCastle.Asn1.Tests -{ - [TestFixture] - public class ProtectedMessageTest : SimpleTest - { - public override string Name - { - get { return "ProtectedMessageTest"; } - } - - public override void PerformTest() - { - TestVerifyBCJavaGeneratedMessage(); - TestSubsequentMessage(); - TestMacProtectedMessage(); - TestProtectedMessage(); - TestConfirmationMessage(); - TestSampleCr(); - } - -// [Test] -// public void TestServerSideKey() -// { -// RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); -// rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); -// AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); -// -// TestCertBuilder builder = new TestCertBuilder() -// { -// Issuer = new X509Name("CN=Test"), -// Subject = new X509Name("CN=Test"), -// NotBefore = DateTime.UtcNow.AddDays(-1), -// NotAfter = DateTime.UtcNow.AddDays(1), -// PublicKey = rsaKeyPair.Public, -// SignatureAlgorithm = "MD5WithRSAEncryption" -// }; -// -// builder.AddAttribute(X509Name.C, "Foo"); -// X509Certificate cert = builder.Build(rsaKeyPair.Private); -// -// GeneralName sender = new GeneralName(new X509Name("CN=Sender")); -// GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); -// -// -// -// } - - [Test] - public void TestNotBeforeNotAfter() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1,1,1,0,0,1), new DateTime(1,1,1,0,0,10)); - doNotBeforeNotAfterTest(rsaKeyPair, DateTime.MinValue, new DateTime(1, 1, 1, 0, 0, 10)); - doNotBeforeNotAfterTest(rsaKeyPair, new DateTime(1, 1, 1, 0, 0, 1), DateTime.MinValue); - } - - - private void doNotBeforeNotAfterTest(AsymmetricCipherKeyPair kp, DateTime notBefore, DateTime notAfter) - { - CertificateRequestMessageBuilder builder = new CertificateRequestMessageBuilder(BigInteger.One) - .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)) - .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); - - builder.SetValidity(new Time(notBefore), new Time(notAfter)); - CertificateRequestMessage msg = builder.Build(); - - if (!notBefore.Equals(DateTime.MinValue)) - { - IsTrue("NotBefore did not match",(notBefore.Equals(msg.GetCertTemplate().Validity.NotBefore.ToDateTime()))); - } - else - { - IsTrue("Expected NotBefore to empty.",DateTime.MinValue == msg.GetCertTemplate().Validity.NotBefore.ToDateTime()); - } - - if (!notAfter.Equals(DateTime.MinValue)) - { - IsTrue("NotAfter did not match", (notAfter.Equals(msg.GetCertTemplate().Validity.NotAfter.ToDateTime()))); - } - else - { - IsTrue("Expected NotAfter to be empty.", DateTime.MinValue == msg.GetCertTemplate().Validity.NotAfter.ToDateTime()); - } - - } - - - [Test] - public void TestSubsequentMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName user = new GeneralName(new X509Name("CN=Test")); - - CertificateRequestMessageBuilder crmBuiler = new CertificateRequestMessageBuilder(BigInteger.One) - .SetPublicKey(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public)) - .SetProofOfPossessionSubsequentMessage(SubsequentMessage.encrCert); - - ISignatureFactory sigFact = new Asn1SignatureFactory("SHA256WithRSA", rsaKeyPair.Private); - - ProtectedPkiMessage certRequestMsg = new ProtectedPkiMessageBuilder(user,user) - .SetTransactionId(new byte[]{1,2,3,4,5}) - .SetBody(new PkiBody(PkiBody.TYPE_KEY_RECOVERY_REQ, new CertReqMessages(new CertReqMsg[]{crmBuiler.Build().ToAsn1Structure()}))) - .AddCmpCertificate(cert) - .Build(sigFact); - - ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(certRequestMsg.ToAsn1Message().GetDerEncoded())); - CertReqMessages reqMsgs = CertReqMessages.GetInstance(msg.Body.Content); - CertReqMsg reqMsg = reqMsgs.ToCertReqMsgArray()[0]; - IsEquals(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, reqMsg.Popo.Type); - - } - - - - [Test] - public void TestSampleCr() - { - byte[] raw = Base64.Decode( - "MIIB5TCB3AIBAqQdMBsxDDAKBgNVBAMMA0FSUDELMAkGA1UEBhMCQ0ikOTA3MREwDwYDVQQDDAhBZG1pbkNBM" + - "TEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRaFGMEQGCSqGSIb2fQdCDTA3BBxzYWx0Tm9NYX" + - "R0ZXJXaGF0VGhpc1N0cmluZ0lzMAcGBSsOAwIaAgIEADAKBggrBgEFBQgBAqIQBA5TZW5kZXJLSUQtMjAwOKQ" + - "PBA0xMjAzNjA3MDE1OTQ0pRIEEOPfE1DMncRUdrBj8KelgsCigeowgecwgeQwgd0CAQAwgcGlHTAbMQwwCgYD" + - "VQQDDANBUlAxCzAJBgNVBAYTAkNIpoGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrrv4e42olM2YJqSbCN" + - "d19EtW7d6T8HYvcSU5wsm5icKFkxyD5jrO/2xYh3zqUFYwZap0pA7qbhxk5sEne2ywVpt2lGSmpAU8M7hC9oh" + - "Ep9wvv+3+td5MEO+qMuWWxF8OZBlYIFBZ/k+pGlU+4XlBP5Ai6pu/EI/0A+1/bcGs0sQIDAQABMBQwEgYJKwY" + - "BBQUHBQEBDAVEVU1NWaACBQCgFwMVAO73HUPF//mY5+E714Cv5oprt0kO\r\n"); - - ProtectedPkiMessage msg = new ProtectedPkiMessage(new GeneralPKIMessage(raw)); - - - - IsTrue(msg.Verify(new Asn1MacFactoryProvider(),Strings.ToAsciiByteArray("TopSecret1234"))); - - } - - - [Test] - public void TestConfirmationMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - builder.AddAttribute(X509Name.C, "Foo"); - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - - CertificateConfirmationContent content = new CertificateConfirmationContentBuilder() - .AddAcceptedCertificate(cert, BigInteger.One) - .Build(); - - ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); - msgBuilder.SetBody(new PkiBody(PkiBody.TYPE_CERT_CONFIRM, content.ToAsn1Structure())); - msgBuilder.AddCmpCertificate(cert); - - ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA", rsaKeyPair.Private); - ProtectedPkiMessage msg = msgBuilder.Build(sigFact); - - IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); - - IsTrue("PKIMessage must verify (MD5withRSA)", msg.Verify(verifierFactory)); - - IsEquals(sender,msg.Header.Sender); - IsEquals(recipient,msg.Header.Recipient); - - content = new CertificateConfirmationContent(CertConfirmContent.GetInstance(msg.Body.Content), new DefaultDigestAlgorithmIdentifierFinder()); - CertificateStatus[] statusList = content.GetStatusMessages(); - IsEquals(1,statusList.Length); - IsTrue(statusList[0].IsVerified(cert)); - } - - - - [Test] - public void TestProtectedMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537),new SecureRandom(),2048,100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - builder.AddAttribute(X509Name.C, "Foo"); - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - - ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender,recipient); - msgBuilder.AddCmpCertificate(cert); - - ISignatureFactory sigFact = new Asn1SignatureFactory("MD5WithRSA",rsaKeyPair.Private); - - ProtectedPkiMessage msg = msgBuilder.Build(sigFact); - - X509Certificate certificate = msg.GetCertificates()[0]; - - IVerifierFactory verifierFactory = new Asn1VerifierFactory("MD5WithRSA", rsaKeyPair.Public); - - IsTrue("PKIMessage must verify (MD5withRSA)",msg.Verify(verifierFactory)); - } - - [Test] - public void TestMacProtectedMessage() - { - RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); - rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, - 100)); - AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); - - TestCertBuilder builder = new TestCertBuilder() - { - NotBefore = DateTime.UtcNow.AddDays(-1), - NotAfter = DateTime.UtcNow.AddDays(1), - PublicKey = rsaKeyPair.Public, - SignatureAlgorithm = "Sha1WithRSAEncryption" - - }; - - builder.AddAttribute(X509Name.C, "Foo"); - X509Certificate cert = builder.Build(rsaKeyPair.Private); - - GeneralName sender = new GeneralName(new X509Name("CN=Sender")); - GeneralName recipient = new GeneralName(new X509Name("CN=Recip")); - - ProtectedPkiMessageBuilder msgBuilder = new ProtectedPkiMessageBuilder(sender, recipient); - msgBuilder.AddCmpCertificate(cert); - - // - // Default instance. - // - - - PkMacFactory macFactory = new PkMacFactory(new SecureRandom()); - macFactory.Password = Strings.ToAsciiByteArray("testpass"); - ProtectedPkiMessage msg = msgBuilder.Build(macFactory); - - - MacVerifierFactory verifierFactory = new MacVerifierFactory( - new PkMacFactory((PbmParameter) msg.Header.ProtectionAlg.Parameters) - {Password = Strings.ToAsciiByteArray("testpass")} - ); - IsTrue(msg.Verify(verifierFactory)); - } - - - - - [Test] - public void TestVerifyBCJavaGeneratedMessage() - { - // - // Test with content generated by BC-JAVA version. - // - - ICipherParameters publicKey = PublicKeyFactory.CreateKey(Hex.Decode( - "305c300d06092a864886f70d0101010500034b003048024100ac1e59ba5f96" + - "ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af365d05b26970cbd2" + - "6e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87f683774502030100" + - "01")); - ICipherParameters privateKey = PrivateKeyFactory.CreateKey(Hex.Decode( - "30820155020100300d06092a864886f70d01010105000482013f3082013b02" + - "0100024100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb32038" + - "8b58af365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e" + - "464b87f68377450203010001024046f3f208570c735349bfe00fdaa1fbcc00" + - "c0f2eebe42279876a168ac43fa74a8cdf9a1bb49066c07cfcfa7196f69f2b9" + - "419d378109db967891428c50273dcc37022100d488dc3fb86f404d726a8166" + - "b2a9aba9bee12fdbf38470a62403a2a20bad0977022100cf51874e479b141f" + - "9915533bf54d68f1940f84d7fe6130538ff01a23e3493423022100986f94f1" + - "0afa9837341219bfabf32fd16ebb9a94fa630a5ccf45e036b383275f02201b" + - "6dff07f563684b31f6e757548254733a12bf91d05f4d8490d3c4b1a0ddcb9f" + - "02210087c3b2049e9a3edfc4cb40a3a275dabf7ffff80b467157e384603042" + - "3fe91d68")); - - byte[] ind = Hex.Decode( - "308201ac306e020102a4133011310f300d06035504030c0653656e646572a4" + - "123010310e300c06035504030c055265636970a140303e06092a864886f67d" + - "07420d30310414fdccb4ffd7848e6a697bee36cbe0f3722ed7fe2f30070605" + - "2b0e03021a020203e8300c06082b060105050801020500a10430023000a017" + - "031500c131c357441daa78eb538bfd9c24870e220fdafaa182011930820115" + - "308201113081bca003020102020601684a515d5b300d06092a864886f70d01" + - "01050500300f310d300b06035504030c0454657374301e170d313930313134" + - "3033303433325a170d3139303432343033303433325a300f310d300b060355" + - "04030c0454657374305c300d06092a864886f70d0101010500034b00304802" + - "4100ac1e59ba5f96ba86c86e6d8bbfd43ece04265fa29e6ebdb320388b58af" + - "365d05b26970cbd26e5b0fa7df2074b90b42a1d16ab270cdb851b53e464b87" + - "f68377450203010001300d06092a864886f70d0101050500034100264b5b76" + - "f268e2a992f05ad83783b091ce806a6726912c6200d06b33375ae58fe3c474" + - "c3a42ad6e572a2c48ae3bf914a7510bb995c3474829cfe71ab679a3db0"); - - - ProtectedPkiMessage pkiMsg = new ProtectedPkiMessage(PkiMessage.GetInstance(ind)); - - PbmParameter pbmParameters = PbmParameter.GetInstance(pkiMsg.Header.ProtectionAlg.Parameters); - - MacVerifierFactory verifierFactory = new MacVerifierFactory(new PkMacFactory(pbmParameters) - { - Password = Strings.ToAsciiByteArray("secret") - }); - - IsTrue(pkiMsg.Verify(verifierFactory)); - } - - - -} - - public class TestCertBuilder - { - IDictionary attrs = new Hashtable(); - IList ord = new ArrayList(); - IList values = new ArrayList(); - - public DateTime NotBefore { get; set; } - - public DateTime NotAfter { get; set; } - - public AsymmetricKeyParameter PublicKey { get; set; } - - public String SignatureAlgorithm { get; set; } - - public X509Name Issuer { get; set; } - public X509Name Subject { get; set; } - - public TestCertBuilder AddAttribute(DerObjectIdentifier name, Object value) - { - attrs[name] = value; - ord.Add(name); - values.Add(value); - return this; - } - - public X509Certificate Build(AsymmetricKeyParameter privateKey) - { - X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); - - certGen.SetSerialNumber(BigInteger.One); - - if (Issuer != null) - { - certGen.SetIssuerDN(Issuer); - } - else - { - certGen.SetIssuerDN(new X509Name(ord, attrs)); - } - - - certGen.SetNotBefore(NotBefore); - certGen.SetNotAfter(NotAfter); - - if (Subject != null) - { - certGen.SetSubjectDN(Subject); - } - else - { - certGen.SetSubjectDN(new X509Name(ord, attrs)); - } - - - certGen.SetPublicKey(PublicKey); - certGen.SetSignatureAlgorithm(SignatureAlgorithm); - - return certGen.Generate(privateKey); - } - } -} diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs index ef1919779..c22ba3297 100644 --- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs +++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs @@ -4,6 +4,7 @@ using System.Collections.Generic; using System.Text; using NUnit.Framework; +using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Cmp; using Org.BouncyCastle.Asn1.Crmf; using Org.BouncyCastle.Crmf; diff --git a/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs new file mode 100644 index 000000000..ce023549e --- /dev/null +++ b/crypto/test/src/ejbca/test/EnrollmentExampleTest.cs @@ -0,0 +1,84 @@ +using NUnit.Framework; +using Org.BouncyCastle.Asn1.Cmp; +using Org.BouncyCastle.Asn1.Crmf; +using Org.BouncyCastle.Asn1.X509; +using Org.BouncyCastle.Cmp; +using Org.BouncyCastle.Crmf; +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Operators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.X509; + +namespace crypto.test.src.ejbca.test +{ + [TestFixture] + public class EnrollmentExampleTest + { + + [Test] + public void TestEnrollmentRAWithSharedSecret() + { + long certReqId = 1; + SecureRandom secureRandom = new SecureRandom(); + + byte[] senderNonce = new byte[20]; + secureRandom.NextBytes(senderNonce); + + byte[] transactionId = Strings.ToAsciiByteArray("MyTransactionId"); + + + RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator(); + rsaKeyPairGenerator.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(65537), new SecureRandom(), 2048, 100)); + AsymmetricCipherKeyPair rsaKeyPair = rsaKeyPairGenerator.GenerateKeyPair(); + + + CertificateRequestMessageBuilder msgbuilder = new CertificateRequestMessageBuilder(BigInteger.ValueOf(certReqId)); + X509NameEntryConverter dnconverter = new X509DefaultEntryConverter(); + + X509Name issuerDN = X509Name.GetInstance(new X509Name("CN=AdminCA1").ToAsn1Object()); + X509Name subjectDN = X509Name.GetInstance(new X509Name("CN=user", dnconverter).ToAsn1Object()); + msgbuilder.SetIssuer(issuerDN); + msgbuilder.SetSubject(subjectDN); + SubjectPublicKeyInfo keyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(rsaKeyPair.Public); + + msgbuilder.SetPublicKey(keyInfo); + GeneralName sender = new GeneralName(subjectDN); + msgbuilder.SetAuthInfoSender(sender); + // RAVerified POP + msgbuilder.SetProofOfPossessionRaVerified(); + CertificateRequestMessage msg = msgbuilder.Build(); + GeneralName recipient = new GeneralName(issuerDN); + + ProtectedPkiMessageBuilder pbuilder = new ProtectedPkiMessageBuilder(sender, recipient); + // pbuilder. SetMessageTime(new Date()); + // senderNonce + pbuilder.SetSenderNonce(senderNonce); + // TransactionId + pbuilder.SetTransactionId(transactionId); + // Key Id used (required) by the recipient to do a lot of stuff + pbuilder.SetSenderKID(Strings.ToAsciiByteArray("KeyId")); + + + CertReqMessages msgs = new CertReqMessages(msg.ToAsn1Structure()); + PkiBody pkibody = new PkiBody(PkiBody.TYPE_INIT_REQ, msgs); + pbuilder.SetBody(pkibody); + + + + AlgorithmIdentifier digAlg = new AlgorithmIdentifier("1.3.14.3.2.26"); // SHA1 + AlgorithmIdentifier macAlg = new AlgorithmIdentifier("1.2.840.113549.2.7"); // HMAC/SHA1 + + PkMacFactory macFactory = new PkMacFactory(digAlg,macAlg); + macFactory.Password = Strings.ToAsciiByteArray("password"); + + ProtectedPkiMessage message = pbuilder.Build(macFactory); + + + } + + } +} \ No newline at end of file -- cgit 1.5.1