public PackageModel GetFullGraph() { var package = new PackageModel(); package.Trust = new List <TrustModel>(); foreach (var address in Context.Graph.Address) { var issuer = new IssuerModel(); issuer.Id = address.Id; var subjects = new List <SubjectModel>(); if (address.Edges != null) { foreach (var edge in address.Edges) { var child = new SubjectModel(); Context.InitSubjectModel(child, edge); subjects.Add(child); } } if (subjects.Count > 0) { issuer.Subjects = subjects.ToArray(); } var trust = new TrustModel(); trust.Issuer = issuer; package.Trust.Add(trust); } return(package); }
public void TestIsCertPolicyCompiant_NoResolver_NoFilter_AssertTrue() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue(); }
public async Task <TrustModel> payfoneTrust(TrustRequestModel input) //trust endpoint { input.requestId = Guid.NewGuid().ToString(); //create UUID input.consentStatus = "notCollected"; string body = JsonConvert.SerializeObject(input, Newtonsoft.Json.Formatting.None, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore //ignore null prop }); String a = await ProcessToken(); var request = new HttpRequestMessage() { RequestUri = new Uri("https://api.staging.payfone.com/trust/v2"), Method = HttpMethod.Post, Content = new StringContent(body, Encoding.Default, "application/json") }; request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accesstoken); request.Headers.Add("Accept", "application/json"); var response = await client.SendAsync(request); response.EnsureSuccessStatusCode(); var responseBody = await response.Content.ReadAsStringAsync(); TrustModel model = JsonConvert.DeserializeObject <TrustModel>(responseBody); return(model); }
/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter) { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach (X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return(trustModel); }
public static void EnsureTrustId(TrustModel trust, ITrustBinary trustBinary) { if (trust.TrustId != null && trust.TrustId.Length > 0) { return; } trust.TrustId = GetTrustId(trust); }
public void TestIsCertPolicyCompiant_NoPolicyExpression_AssertTrue() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); mockPolicyResolver.Setup(resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**"))) .Returns(new List <IPolicyExpression>()); trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue(); }
public void TestIsCertPolicyCompiant_NoPolicyExpression_AssertTrue() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); mockPolicyResolver.Setup(resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**"))) .Returns(new List<IPolicyExpression>()); trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue(); }
public int Replace(TrustModel trust) { using (var command = new SQLiteCommand("REPLACE INTO " + TableName + " (trustid, version, script, issuerid, issuersignature, serverid, serversignature, timestamp) " + "VALUES (@trustid, @version, @script, @issuerid, @issuersignature, @serverid, @serversignature, @timestamp)", Connection)) { command.Parameters.Add(new SQLiteParameter("@trustid", trust.TrustId)); command.Parameters.Add(new SQLiteParameter("@version", trust.Head.Version)); command.Parameters.Add(new SQLiteParameter("@script", trust.Head.Script)); command.Parameters.Add(new SQLiteParameter("@issuerid", trust.Issuer.Id)); command.Parameters.Add(new SQLiteParameter("@issuersignature", trust.Issuer.Signature)); command.Parameters.Add(new SQLiteParameter("@serverid", (trust.Server != null) ? trust.Server.Id : new byte[] { })); command.Parameters.Add(new SQLiteParameter("@serversignature", (trust.Server != null) ? trust.Server.Signature : new byte[] { })); command.Parameters.Add(new SQLiteParameter("@timestamp", trust.Timestamp.SerializeObject())); return(command.ExecuteNonQuery()); } }
public void VerifyTrust(TrustModel trust) { var schema = new TrustSchema(trust); if (!schema.Validate()) { var msg = string.Join(". ", schema.Errors.ToArray()); throw new ApplicationException(msg); } var signature = new TrustECDSASignature(trust); var errors = signature.VerifyTrustSignatureMessage(); if (errors.Count > 0) { throw new ApplicationException(string.Join(". ", errors.ToArray())); } }
public void TestIsCertPolicyCompiant_PolicyNotCompliant_AssertFalse() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); mockPolicyFilter.Setup( filter => filter.IsCompliant(It.IsAny<X509Certificate2>(), It.IsAny<IPolicyExpression>())) .Returns(false); Mock<IPolicyExpression> mockExpression = new Mock<IPolicyExpression>(); mockPolicyResolver.Setup( resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**"))) .Returns(new List<IPolicyExpression> { mockExpression.Object }); trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeFalse(); mockPolicyFilter.VerifyAll(); }
/// <summary> /// Creates a agent from settings. /// </summary> /// <returns>The configured agent instance.</returns> public DirectAgent CreateAgent() { this.Validate(); ICertificateResolver privateCerts = this.PrivateCerts.CreateResolver(); ICertificateResolver publicCerts = this.PublicCerts.CreateResolver(); ITrustAnchorResolver trustAnchors = this.Anchors.Resolver.CreateResolver(); TrustModel trustModel = (this.Trust != null) ? this.Trust.CreateTrustModel() : TrustModel.Default; SMIMECryptographer cryptographer = this.Cryptographer.Create(); IDomainResolver domainResolver = this.CreateResolver(); DirectAgent agent = new DirectAgent(domainResolver, privateCerts, publicCerts, trustAnchors, trustModel, cryptographer); agent.AllowNonWrappedIncoming = m_allowNonWrappedIncoming; agent.WrapMessages = m_wrapOutgoing; return(agent); }
public int AddTrust(TrustModel trust) { var result = Trust.Add(trust); if (result < 1) { return(result); } foreach (var subject in trust.Issuer.Subjects) { subject.IssuerId = trust.Issuer.Id; result = Subject.Add(subject); if (result < 1) { break; } } return(result); }
public void TestIsCertPolicyCompiant_PolicyNotCompliant_AssertFalse() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); mockPolicyFilter.Setup( filter => filter.IsCompliant(It.IsAny <X509Certificate2>(), It.IsAny <IPolicyExpression>())) .Returns(false); Mock <IPolicyExpression> mockExpression = new Mock <IPolicyExpression>(); mockPolicyResolver.Setup( resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**"))) .Returns(new List <IPolicyExpression> { mockExpression.Object }); trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeFalse(); mockPolicyFilter.VerifyAll(); }
public int AddTrust(TrustModel trust, TrustchainDatabase db) { var result = db.Trust.Add(trust); if (result < 1) { return(result); } foreach (var subject in trust.Issuer.Subjects) { subject.IssuerId = trust.Issuer.Id; subject.TrustId = trust.TrustId; result = db.Subject.Add(subject); if (result < 1) { break; } } return(result); }
public static TrustModel CreateTrust(string issuerName, string subjectName, JObject claim) { var issuerKey = new Key(Hashes.SHA256(Encoding.UTF8.GetBytes(issuerName))); var subjectKey = new Key(Hashes.SHA256(Encoding.UTF8.GetBytes(subjectName))); var serverKey = new Key(Hashes.SHA256(Encoding.UTF8.GetBytes("server"))); var trust = new TrustModel(); trust.Head = new HeadModel { Version = "standard 0.1.0", Script = "btc-pkh" }; trust.Server = new ServerModel(); trust.Server.Id = serverKey.PubKey.GetAddress(App.BitcoinNetwork).Hash.ToBytes(); trust.Issuer = new IssuerModel(); trust.Issuer.Id = issuerKey.PubKey.GetAddress(App.BitcoinNetwork).Hash.ToBytes(); var subjects = new List <SubjectModel>(); subjects.Add(new SubjectModel { Id = subjectKey.PubKey.GetAddress(App.BitcoinNetwork).Hash.ToBytes(), IdType = "person", Claim = (claim != null) ? claim : new JObject( new JProperty("trust", "true") ), Scope = "global" }); trust.Issuer.Subjects = subjects.ToArray(); var binary = new TrustBinary(trust); trust.TrustId = TrustECDSASignature.GetHashOfBinary(binary.GetIssuerBinary()); var trustHash = new uint256(trust.TrustId); trust.Issuer.Signature = issuerKey.SignCompact(trustHash); return(trust); }
public void TestIsCertPolicyCompiant_PolicyExpressionError_AssertException() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); mockPolicyFilter.Setup( filter => filter.IsCompliant(It.IsAny <X509Certificate2>(), It.IsAny <IPolicyExpression>())) .Throws <PolicyProcessException>(); Mock <IPolicyExpression> mockExpression = new Mock <IPolicyExpression>(); mockPolicyResolver.Setup( resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**"))) .Returns(new List <IPolicyExpression> { mockExpression.Object }); Action action = () => trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object); action.ShouldThrow <AgentException>().WithInnerException <PolicyProcessException>(); mockPolicyFilter.VerifyAll(); }
public TrustSchema(TrustModel t) { trust = t; Errors = new List <string>(); }
/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel() { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach(X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return trustModel; }
private void BuildSubject(TrustModel trust, List <EdgeModel> issuerEdges, SubjectModel subject) { var subjectEdge = Context.CreateEdgeModel(subject, (int)trust.Issuer.Timestamp); var ids = new List <int>(); // Find all edges that matchs for (var i = 0; i < issuerEdges.Count; i++) { if (issuerEdges[i].SubjectId != subjectEdge.SubjectId) { continue; } if (issuerEdges[i].SubjectType != subjectEdge.SubjectType) { continue; } if (issuerEdges[i].Scope != subjectEdge.Scope) { continue; } if ((issuerEdges[i].Claim.Types & subjectEdge.Claim.Types) == 0) { continue; } // Edge to be updated! ids.Add(i); } var flagTypes = subjectEdge.Claim.Types.GetFlags(); foreach (ClaimType flagtype in flagTypes) { var i = -1; if (ids.Count > 0) { i = ids.FirstOrDefault(p => (issuerEdges[p].Claim.Types & flagtype) > 0); if (issuerEdges[i].Timestamp > subjectEdge.Timestamp) // Make sure that we cannot overwrite with old data { continue; } } var nodeEdge = subjectEdge; // Copy the subjectEdge object nodeEdge.Claim.Types = flagtype; // overwrite the flags nodeEdge.Claim.Flags = subjectEdge.Claim.Flags & flagtype; // overwrite the flags nodeEdge.Claim.Rating = (flagtype == ClaimType.Rating) ? subjectEdge.Claim.Rating : (byte)0; if (i >= 0 && i < issuerEdges.Count) { issuerEdges[i] = nodeEdge; } else { issuerEdges.Add(nodeEdge); } } }
public static byte[] GetTrustId(TrustModel trust) { return(TrustECDSASignature.GetHashOfBinary(GetTrustBinary(trust))); }
public static byte[] GetTrustBinary(TrustModel trust) { var trustBinary = new TrustBinary(trust); return(trustBinary.GetIssuerBinary()); }
public void TestIsCertPolicyCompiant_PolicyExpressionError_AssertException() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); mockPolicyFilter.Setup( filter => filter.IsCompliant(It.IsAny<X509Certificate2>(), It.IsAny<IPolicyExpression>())) .Throws<PolicyProcessException>(); Mock<IPolicyExpression> mockExpression = new Mock<IPolicyExpression>(); mockPolicyResolver.Setup( resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**"))) .Returns(new List<IPolicyExpression> { mockExpression.Object }); Action action = () => trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object); action.ShouldThrow<AgentException>().WithInnerException<PolicyProcessException>(); mockPolicyFilter.VerifyAll(); }
public void TestIsCertPolicyCompiant_NoResolver_NoFilter_AssertTrue() { TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue(); }