Adds support of organisation certificate

Added organisation certificate data extraction and appropriate tests.

Signed-off-by: Erkki Arus <[email protected]>

Author: arbuus

src/WebEid.Security.Tests/Certificate/CertificateDataTest.cs

@@ -0,0 +1,28 @@
+namespace WebEid.Security.Tests.Certificate
+{
+    using System.Security.Cryptography.X509Certificates;
+    using NUnit.Framework;
+    using WebEid.Security.Exceptions;
+    using WebEid.Security.Tests.TestUtils;
+    using WebEid.Security.Util;
+
+    public class CertificateTests
+    {
+        [Test]
+        public void WhenOrganizationCertificateThenSubjectCNAndIdCodeAndCountryCodeExtractionSucceeds()
+        {
+            X509Certificate organizationCert = Certificates.GetOrganizationCert();
+            Assert.That(organizationCert.GetSubjectCn(), Is.EqualTo("Testijad.ee isikutuvastus"));
+            Assert.That(organizationCert.GetSubjectIdCode(), Is.EqualTo("12276279"));
+            Assert.That(organizationCert.GetSubjectCountryCode(), Is.EqualTo("EE"));
+        }
+
+        [Test]
+        public void WhenOrganizationCertificateThenSubjectGivenNameAndSurnameExtractionFails()
+        {
+            X509Certificate organizationCert = Certificates.GetOrganizationCert();
+            Assert.Throws<CertificateEncodingException>(() => organizationCert.GetSubjectGivenName());
+            Assert.Throws<CertificateEncodingException>(() => organizationCert.GetSubjectSurname());
+        }
+    }
+}

src/WebEid.Security.Tests/TestUtils/Certificates.cs

@@ -32,13 +32,15 @@ internal static class Certificates
 
         private const string JaakKristjanEsteid2018Cert = "MIIEAzCCA2WgAwIBAgIQOWkBWXNDJm1byFd3XsWkvjAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAxODA5NTA0N1oXDTIzMTAxNzIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR5k1lXzvSeI9O/1s1pZvjhEW8nItJoG0EBFxmLEY6S7ki1vF2Q3TEDx6dNztI1Xtx96cs8r4zYTwdiQoDg7k3diUuR9nTWGxQEMO1FDo4Y9fAmiPGWT++GuOVoZQY3XxijggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFOQsvTQJEBVMMSmhyZX5bibYJubAMGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBiwAwgYcCQgH1UsmMdtLZti51Fq2QR4wUkAwpsnhsBV2HQqUXFYBJ7EXnLCkaXjdZKkHpABfM0QEx7UUhaI4i53jiJ7E1Y7WOAAJBDX4z61pniHJapI1bkMIiJQ/ti7ha8fdJSMSpAds5CyHIyHkQzWlVy86f9mA7Eu3oRO/1q+eFUzDbNN3Vvy7gQWQ=";
         private const string MariliisEsteid2015Cert = "MIIFwjCCA6qgAwIBAgIQY+LgQ6n0BURZ048wIEiYHjANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgRVNURUlELVNLIDIwMTUwHhcNMTcxMDAzMTMyMjU2WhcNMjIxMDAyMjA1OTU5WjCBnjELMAkGA1UEBhMCRUUxDzANBgNVBAoMBkVTVEVJRDEaMBgGA1UECwwRZGlnaXRhbCBzaWduYXR1cmUxJjAkBgNVBAMMHU3DhE5OSUssTUFSSS1MSUlTLDYxNzEwMDMwMTYzMRAwDgYDVQQEDAdNw4ROTklLMRIwEAYDVQQqDAlNQVJJLUxJSVMxFDASBgNVBAUTCzYxNzEwMDMwMTYzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+nNdtmZ2Ve3XXtjBEGwpvVrDIg7slPfLlyHbCBFMXevfqW5KsXIOy6E2A+Yof+/cqRlY4IhsX2Ka9SsJSo8/EekasFasLFPw9ZBE3MG0nn5zaatg45VSjnPinMmrzFzxo4IB2jCCAdYwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwgYsGA1UdIASBgzCBgDBzBgkrBgEEAc4fAwEwZjAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9vcml1bS9DUFMwMwYIKwYBBQUHAgIwJwwlQWludWx0IHRlc3RpbWlzZWtzLiBPbmx5IGZvciB0ZXN0aW5nLjAJBgcEAIvsQAECMB0GA1UdDgQWBBTiw6M0uow+u6sfhgJAWCSvtkB/ejAiBggrBgEFBQcBAwQWMBQwCAYGBACORgEBMAgGBgQAjkYBBDAfBgNVHSMEGDAWgBRJwPJEOWXVm0Y7DThgg7HWLSiGpjCBgwYIKwYBBQUHAQEEdzB1MCwGCCsGAQUFBzABhiBodHRwOi8vYWlhLmRlbW8uc2suZWUvZXN0ZWlkMjAxNTBFBggrBgEFBQcwAoY5aHR0cHM6Ly9zay5lZS91cGxvYWQvZmlsZXMvVEVTVF9vZl9FU1RFSUQtU0tfMjAxNS5kZXIuY3J0MEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly93d3cuc2suZWUvY3Jscy9lc3RlaWQvdGVzdF9lc3RlaWQyMDE1LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAEWBdwmzo/yRncJXKvrE+A1G6yQaBNarKectI5uk18BewYEA4QkhmIwOCwD83jBDB9JF+kuODMHsnvz2mfhwaB/uJIPwfBDQ5JCMBdHPsxLN9nzW/UUzqv2UDMwFkibHCcfV5lTBcmOd7FagUHTUm+8gRlWbDiVl5yPochdJgGYPV+fs/jc5ttHaBvBon0z9LbI4qi0VXdRmV0iogErh8JF5yfGkbfGRaMkWkNYQtQ68i/hPe6MaUxL2/MMt4YTyXtVghmc3ZKZIyp4j0+jlK4vL+d4gaE+TvoQvh6HrmP145FqlMDurATWdB069+hdDLO5fI6AYkc79D5XPKwQ/f1MBufLtBYtOJmtpLT+tdBt/EqOEIO/0FeHcXZlFioNMuxBBeTE/QcDtJ2jxTcg8jNOoepS0wjuxBon9iI1710SR53DLGSWdL52lPoBFacnyPQI1htXVUkJ8icMQKYe3BLt1Ha2cvsA4n4IpjqVROX4mzoPL1hg/aJlD+W2uI2ppYRUNY5FX7C0R+AYzMpOahQ7STQfUxtEnKW98e1I33LWwpjJW9q4htsZeXs4Zatf9ssfUW0VA49tnI28kkN2D8aw1NgWfzVlnJKkEj0qa3ewLZK577j8MexAetT/7leH6mqewr9ewC/tKbYjhufieXx6RPcRC4OZsxtii7ih8TqRg=";
+        private const string OrganizationCert = "MIIF2zCCA8OgAwIBAgIQJs4xyGoNzixjYmV9gUjYljANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYwHhcNMjIxMTAyMTI0MTA0WhcNMjUxMjAxMTI0MTA0WjB7MREwDwYDVQQFEwgxMjI3NjI3OTERMA8GA1UECAwISGFyanVtYWExEDAOBgNVBAcMB1RhbGxpbm4xCzAJBgNVBAYTAkVFMRAwDgYDVQQKDAdUVFQgT8OcMSIwIAYDVQQDDBlUZXN0aWphZC5lZSBpc2lrdXR1dmFzdHVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSV4zydk5WY2AuUJ50lNpH3q2C+WH0dE/wqq4nFqpNYkyzFNHecFDFlU0YcpPrhFKDZfJtaAP/drvmdqaVdAcCGIPnXhZ+01pCvmlebe7//kQXaZ6ZHS3EAtwy0EBsVVOMapw1kC58YYymlJhTrdzDFrqjdgv1t1Ph9Gkg/PhaHvqGtKp3IY+v33EwxEV3nPIhZHHC/d0YnzVaN5QiSHbU+mRt8+d2vHPNPNY3qVDh8MPOrJIDeIHp9oSS1+FF4crnvfxmg99d7zemsSstR8/SXedYuvWZb6iSybAjhucp21uF0tcqJ2k6+ZH/976AEy0IC8r4tgf7r70hhYu6KOOQIDAQABo4IBRTCCAUEwCQYDVR0TBAIwADBUBgNVHSAETTBLMDIGCysGAQQBzh8HAQIGMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL2NwczAIBgYEAI96AQEwCwYJKwYBBAHOHwkDMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFC4bj7sBLzT42jAEi1zB8lwl49j3MA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUbNSRZSddDUofhxlpoSVEunofez8weQYIKwYBBQUHAQEEbTBrMC0GCCsGAQUFBzABhiFodHRwOi8vYWlhLmRlbW8uc2suZWUva2xhc3MzLTIwMTYwOgYIKwYBBQUHMAKGLmh0dHBzOi8vYy5zay5lZS9URVNUX29mX0tMQVNTMy1TS18yMDE2LmRlci5jcnQwDQYJKoZIhvcNAQELBQADggIBAE8Z/GIEfPWGMe1fHYqCQ2v3zSOuIzyeEId595wrknl7IcLY8ogG10oDUw6rDWQ6jMBS5PINUG+WpH6Wo8qxkPY5Dz4WQvBB2qnuJTH3Bvm/PFpsD1Jk7dOF35P4kfX63NnsCkccRxwlhjFE56WdxDOwhC+neF5FP4hvYvbIIK73DVxRg6yBe4i/Y/g5MOXKrzpHvRzMTURqR3lF0dAgIwMNluik4so/B2DIXMYHi6jZVJlwdQriyL7HI4/Ub3QwyTrbfJtXkwWINsMaCFG+Ccjae3TVRFDJvIIE/gQd4wEh+PK0RJBYfOnAypFEKyH+giID7LIAnO90MY6mNl1QSLQWrdlqMxv+fDdEi/JwGLZyHzEOxKs9C4S8zngwCiDFBHMtJcL9A1vq512yBz5aXYwlqcmjcQDegLT6s6otu+AXO8ZOdqsA+/ak7BEl0FUWlsc8yLKa4cuLiV68iArfl+VFVIZ+jgdMplwUuf5c2QN5f0gPZZxkiAXQ8D8qssW1yI+dLCuPXPwyMENGxWTzyodcSdkpZsdIyOg7/o+WK3RczvMjjT8X8F4XKo8JPjZBYyGBx5XkqhwVrX3SjEmRPFdcvy+glYRoTslgM2fsj5fSNxCIsq1fQN8yVjYnxk8/X53AsorcpWpLMHxtoxT+YvNZzryY00QjS5kgUQBNmFaU";
 
         private static X509Certificate testEsteid2018Ca;
         private static X509Certificate testEsteid2015Ca;
 
         private static X509Certificate2 jaakKristjanEsteid2018Cert;
         private static X509Certificate mariliisEsteid2015Cert;
         private static X509Certificate testSkOcspResponder2020;
+        private static X509Certificate organizationCert;
 
         private static void LoadCertificates()
         {
@@ -95,5 +97,11 @@ public static X509Certificate GetMariliisEsteid2015Cert()
             }
             return mariliisEsteid2015Cert;
         }
+
+        public static X509Certificate GetOrganizationCert()
+        {
+            organizationCert ??= CertificateLoader.LoadCertificateFromBase64String(OrganizationCert);
+            return organizationCert;
+        }
     }
 }

src/WebEid.Security/Exceptions/CertificateEncodingException.cs

@@ -0,0 +1,59 @@
+namespace WebEid.Security.Exceptions
+{
+    using System;
+    using System.Runtime.Serialization;
+
+    /// <summary>
+    /// 
+    /// </summary>
+    [Serializable]
+    public class CertificateEncodingException : AuthTokenException
+    {
+        /// <summary>
+        /// Object identifier that was not found
+        /// </summary>
+        public string OID { get; }
+
+        /// <summary>
+        /// Default constructor.
+        /// </summary>
+        /// <remarks>
+        /// Constructs the instance of the class and sets the message of the exception to
+        /// "X500 name RDNs empty or first element is null".
+        /// </remarks>
+        public CertificateEncodingException() : base("X500 name RDNs empty or first element is null")
+        {
+            OID = String.Empty;
+        }
+
+        /// <summary>
+        /// Constructs the instance from given Object Identifier that was not found.
+        /// </summary>
+        /// <param name="oid">The Object Identifier that was not found.</param>
+        public CertificateEncodingException(string oid) : base($"Object Identifier {oid} was not found")
+        {
+            OID = oid;
+        }
+
+
+        /// <summary>
+        /// Constructs the instance from given Object Identifier, message and existing <see cref="Exception"/> object.
+        /// </summary>
+        /// <param name="oid">The Object Identifier that was not found.</param>
+        /// <param name="msg">Message of the exception.</param>
+        /// <param name="innerException">The exception that is the cause of the current exception.</param>
+        public CertificateEncodingException(string oid, string msg, Exception innerException) : base(msg, innerException)
+        {
+            OID = oid;
+        }
+
+        /// <summary>
+        /// Constructs the instance with serialized data.
+        /// </summary>
+        /// <param name="info">The <see cref="SerializationInfo"/> that holds the serialized object data about the exception being thrown.</param>
+        /// <param name="context">The <see cref="StreamingContext"/> that contains contextual information about the source or destination.</param>
+        protected CertificateEncodingException(SerializationInfo info, StreamingContext context) : base(info, context)
+        {
+        }
+    }
+}

src/WebEid.Security/Util/X509CertificateExtensions.cs

@@ -32,6 +32,7 @@ namespace WebEid.Security.Util
     using Org.BouncyCastle.Asn1;
     using Org.BouncyCastle.Asn1.X509;
     using Org.BouncyCastle.Security;
+    using Org.BouncyCastle.Security.Certificates;
 
     public static class X509CertificateExtensions
     {
@@ -58,11 +59,11 @@ public static void ValidateCertificateExpiry(this Org.BouncyCastle.X509.X509Cert
             }
             catch (Org.BouncyCastle.Security.Certificates.CertificateNotYetValidException e)
             {
-                throw new CertificateNotYetValidException(subject, e);
+                throw new Exceptions.CertificateNotYetValidException(subject, e);
             }
             catch (Org.BouncyCastle.Security.Certificates.CertificateExpiredException e)
             {
-                throw new CertificateExpiredException(subject, e);
+                throw new Exceptions.CertificateExpiredException(subject, e);
             }
         }
 
@@ -132,24 +133,32 @@ public static X509Certificate2 ParseCertificate(string certificateInBase64, stri
         }
 
         public static string GetSubjectCn(this X509Certificate certificate) =>
-            certificate.GetSubjectCnFieldValue(X509Name.CN);
+            certificate.GetSubjectFieldValue(X509Name.CN);
 
         public static string GetSubjectIdCode(this X509Certificate certificate) =>
-            certificate.GetSubjectCnFieldValue(X509Name.SerialNumber);
+            certificate.GetSubjectFieldValue(X509Name.SerialNumber);
 
         public static string GetSubjectGivenName(this X509Certificate certificate) =>
-            certificate.GetSubjectCnFieldValue(X509Name.GivenName);
+            certificate.GetSubjectFieldValue(X509Name.GivenName);
 
         public static string GetSubjectSurname(this X509Certificate certificate) =>
-            certificate.GetSubjectCnFieldValue(X509Name.Surname);
+            certificate.GetSubjectFieldValue(X509Name.Surname);
 
         public static string GetSubjectCountryCode(this X509Certificate certificate) =>
-            certificate.GetSubjectCnFieldValue(X509Name.C);
+            certificate.GetSubjectFieldValue(X509Name.C);
 
-        private static string GetSubjectCnFieldValue(this X509Certificate certificate, DerObjectIdentifier oid)
+        private static string GetSubjectFieldValue(this X509Certificate certificate, DerObjectIdentifier oid)
         {
             var bcCertificate = DotNetUtilities.FromX509Certificate(certificate);
-            return bcCertificate.SubjectDN.GetValueList(oid)[0].ToString();
+            var valueList = bcCertificate.SubjectDN.GetValueList(oid);
+            if (valueList.Count == 0 || valueList[0] is null)
+            {
+                throw new Exceptions.CertificateEncodingException(oid.ToString());
+            }
+            else
+            {
+                return valueList[0].ToString();
+            }
         }
 
         public static AsymmetricAlgorithm GetAsymmetricPublicKey(this X509Certificate2 certificate2) =>

src/WebEid.Security/WebEid.Security.csproj

@@ -7,9 +7,11 @@
     <TargetFramework>netstandard2.1</TargetFramework>
     <RootNamespace>WebEid.Security</RootNamespace>
     <AssemblyName>WebEid.Security</AssemblyName>
+    <GenerateDocumentationFile>True</GenerateDocumentationFile>
     <PublisherName>RIA</PublisherName>
     <Authors>RIA</Authors>
-    <Copyright>RIA</Copyright>
+    <Copyright>Copyright © Republic of Estonia Information System Authority 2023</Copyright>
+    <Version>1.1.1</Version>
   </PropertyGroup>
 
   <ItemGroup>