public void kgss()
{
if (DateTime.Now > new DateTime(2015, 4, 22))
{
Assert.Inconclusive("KGSS token must be updated");
}
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/kgss.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Full, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
}
public static void InitializeClass(TestContext ctx)
{
//sign with generated key
senderWKey = new WebKey(RSA.Create());
receiverWKey = new WebKey(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }, RSA.Create());
//Bob as decryption
bobEtk = new EncryptionToken(File.ReadAllBytes("bob/bobs_public_key.etk"));
//Bob (and Alice) used for decryption
alice = new EHealthP12("alice/alices_private_key_store.p12", "test");
bob = new EHealthP12("bob/bobs_private_key_store.p12", "test");
//create a tsa (fedict in this case)
tsa = new Rfc3161TimestampProvider();
}
private void Mixed(IDataSealer sealer, IDataUnsealer unsealer)
{
String str = "This is a secret message from Alice to everybody";
SecretKey key = new SecretKey("btSefztkXjZmlZyHQIumLA==", "aaUnRynIwd3GFQmhXfW+VQ==");
EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("bob/bobs_public_key.etk")));
Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), key, receiver1);
UnsealResult result = unsealer.Unseal(output, key);
Console.WriteLine(result.SecurityInformation.ToString());
MemoryStream stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.IsNull(result.SecurityInformation.Encryption.Subject);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
output.Position = 0;
result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
}
public void MultiAddressed()
{
String str = "This is a secret message from Alice for Bob and Herself";
//Get ETK
EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("bob/bobs_public_key.etk")));
EncryptionToken receiver2 = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("alice/alices_public_key.etk")));
IDataSealer sealer = EhDataSealerFactory.Create(Level.B_Level, alice);
Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), receiver1, receiver2);
IDataUnsealer unsealer = DataUnsealerFactory.Create(null, alice, bob);
UnsealResult result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Position = 0;
MemoryStream stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.IsTrue(result.IsNonRepudiatable);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
unsealer = DataUnsealerFactory.Create(null, alice);
result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Position = 0;
stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
//Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream));
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.IsTrue(result.IsNonRepudiatable);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(alice["1204544406096826217265"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
unsealer = DataUnsealerFactory.Create(null, bob);
result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Position = 0;
output.Close();
stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
//Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream));
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.IsTrue(result.IsNonRepudiatable);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
}
private EncryptionToken[] GetTokens(CodeActivityContext context, List<KnownRecipient> addressed)
{
EncryptionToken[] tokens = new EncryptionToken[0];
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
ServiceClient.EtkDepotPortTypeClient etkDepotClient = new ServiceClient.EtkDepotPortTypeClient(binding, new EndpointAddress(EtkDepotUri));
ServiceClient.GetEtkRequest request = new ServiceClient.GetEtkRequest();
request.SearchCriteria = new ServiceClient.IdentifierType[addressed.Count];
for (int i = 0; i < addressed.Count; i++)
{
request.SearchCriteria[i] = new ServiceClient.IdentifierType();
request.SearchCriteria[i].Type = addressed[i].Type;
request.SearchCriteria[i].Value = addressed[i].Value;
request.SearchCriteria[i].ApplicationID = addressed[i].ApplicationId;
}
ServiceClient.GetEtkResponse response = etkDepotClient.GetEtk(request);
ServiceException.Check(response);
tokens = new EncryptionToken[response.Items.Length];
for (int i = 0; i < response.Items.Length; i++)
{
byte[] etkRaw = null;
if (response.Items[i] is ServiceClient.MatchingEtk)
{
StringBuilder builder = new StringBuilder();
builder.Append("[");
foreach (ServiceClient.IdentifierType id in ((ServiceClient.MatchingEtk)response.Items[i]).Identifier)
{
builder.Append(id.Type)
.Append("=")
.Append(id.Value);
if (id.ApplicationID != null)
{
builder.Append(", ")
.Append(id.ApplicationID);
}
builder.Append("; ");
}
builder.Append("]");
throw new InvalidOperationException("The token could not be retrieved, none/multiple tokens match: " + builder.ToString());
}
else if (response.Items[i] is byte[])
{
etkRaw = (byte[])response.Items[i];
}
tokens[i] = new EncryptionToken(etkRaw);
CertificateSecurityInformation tokenInfo = tokens[i].Verify();
if (tokenInfo.ValidationStatus != ValidationStatus.Valid) throw new VerifyException<CertSecurityViolation>(tokenInfo);
switch (MinimumTokenTrust)
{
case TrustStatus.Full:
if (tokenInfo.TrustStatus != TrustStatus.Full) throw new VerifyException<CertSecurityViolation>(tokenInfo);
break;
case TrustStatus.Unsure:
if (tokenInfo.TrustStatus == TrustStatus.None) throw new VerifyException<CertSecurityViolation>(tokenInfo);
break;
default:
break;
}
}
return tokens;
}