private void SubjectKeyIDTest(
IAsymmetricCipherKeyPair signaturePair,
X509Certificate signatureCert,
string digestAlgorithm)
{
IList certList = new ArrayList();
IList crlList = new ArrayList();
CmsProcessable msg = new CmsProcessableByteArray(Encoding.ASCII.GetBytes("Hello World!"));
certList.Add(signatureCert);
certList.Add(OrigCert);
crlList.Add(SignCrl);
IX509Store x509Certs = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(certList));
IX509Store x509Crls = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(crlList));
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
gen.AddSigner(signaturePair.Private,
CmsTestUtil.CreateSubjectKeyId(signatureCert.GetPublicKey()).GetKeyIdentifier(),
digestAlgorithm);
gen.AddCertificates(x509Certs);
gen.AddCrls(x509Crls);
CmsSignedData s = gen.Generate(msg, true);
Assert.AreEqual(3, s.Version);
MemoryStream bIn = new MemoryStream(s.GetEncoded(), false);
Asn1InputStream aIn = new Asn1InputStream(bIn);
s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject()));
x509Certs = s.GetCertificates("Collection");
x509Crls = s.GetCrls("Collection");
SignerInformationStore signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
}
//
// check for CRLs
//
ArrayList crls = new ArrayList(x509Crls.GetMatches(null));
Assert.AreEqual(1, crls.Count);
Assert.IsTrue(crls.Contains(SignCrl));
//
// try using existing signer
//
gen = new CmsSignedDataGenerator();
gen.AddSigners(s.GetSignerInfos());
gen.AddCertificates(s.GetCertificates("Collection"));
gen.AddCrls(s.GetCrls("Collection"));
s = gen.Generate(msg, true);
bIn = new MemoryStream(s.GetEncoded(), false);
aIn = new Asn1InputStream(bIn);
s = new CmsSignedData(ContentInfo.GetInstance(aIn.ReadObject()));
x509Certs = s.GetCertificates("Collection");
x509Crls = s.GetCrls("Collection");
signers = s.GetSignerInfos();
foreach (SignerInformation signer in signers.GetSigners())
{
ICollection certCollection = x509Certs.GetMatches(signer.SignerID);
IEnumerator certEnum = certCollection.GetEnumerator();
certEnum.MoveNext();
X509Certificate cert = (X509Certificate) certEnum.Current;
Assert.IsTrue(signer.Verify(cert));
}
CheckSignerStoreReplacement(s, signers);
}