public void CreatePublicationsFileFromFileWithOu()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("OU=Verified Email: [email protected]"))).Create(stream);
}
}
public void PkiTrustStoreProviderVerifyWithRootTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.KsiPublicationsFile);
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
}
private static KsiService GetKsiService()
{
TestKsiServiceProtocol protocol = new TestKsiServiceProtocol();
return(new KsiService(protocol, new ServiceCredentials("test", "test", HashAlgorithm.Sha2256), protocol, new ServiceCredentials("test", "test", HashAlgorithm.Sha2256),
protocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
}
public void CreatePublicationsFileWithBytesNull()
{
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create((byte[])null);
});
Assert.AreEqual("bytes", ex.ParamName, "Unexpected exception.");
}
public IKsiService GetPublicationsFileService(byte[] requestResult = null)
{
return(new TestKsiService(
null, null, null, null,
new TestKsiServiceProtocol {
PublicationsFileBytes = requestResult
},
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), 0, PduVersion.v1));
}
public void PkiTrustStoreProviderVerifyCustomCertTest()
{
// test verify with custom cert
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
}
protected static KsiService GetService(PduVersion version, HashAlgorithm aggregatorHmacAlgo, HashAlgorithm extenderHmacAlgo)
{
return(new KsiService(
new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass, aggregatorHmacAlgo),
new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass, extenderHmacAlgo),
new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), version));
}
public void PkiTrustStoreProviderVerifyWithoutSignedBytes()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
trustStoreProvider.Verify(null, null);
});
Assert.AreEqual("signedBytes", ex.ParamName);
}
public void CreatePublicationsFileFromFileWithMultipleRdns()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector(new List <CertificateSubjectRdn>
{
new CertificateSubjectRdn("1.2.840.113549.1.9.1", "*****@*****.**"),
new CertificateSubjectRdn("OU", "Verified Email: [email protected]")
})))
.Create(stream);
}
}
public void CreatePublicationsFileFromFileWithEmptyRdn()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
ArgumentException ex = Assert.Throws <ArgumentException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector(""))).Create(stream);
});
Assert.That(ex.Message, Does.StartWith("RDN cannot be empty"));
}
}
protected static KsiService GetHttpKsiServiceWithDefaultPduVersion()
{
return(new KsiService(
GetHttpKsiServiceProtocol(),
new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass,
TestUtil.GetHashAlgorithm(Settings.Default.HttpSigningServiceHmacAlgorithm)),
GetHttpKsiServiceProtocol(),
new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass,
TestUtil.GetHashAlgorithm(Settings.Default.HttpExtendingServiceHmacAlgorithm)),
GetHttpKsiServiceProtocol(),
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
}
public void CreatePublicationsFileFromFileWithOidAndInvalidEmail()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
PublicationsFileException ex = Assert.Throws <PublicationsFileException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
});
Assert.That(ex.Message, Does.StartWith("Publications file verification failed."));
}
}
public void CreatePublicationsFileFromFileWithInvalidName()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
ArgumentException ex = Assert.Throws <ArgumentException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
});
// separate error messages for microsoft and bouncycastle crypto
Assert.That(ex.Message, Does.StartWith("Invalid RDN:") | Does.Contain("Unknown object id"));
}
}
private static IPublicationsFile GetPublicationsFile(string path, string certPath)
{
if (string.IsNullOrEmpty(path))
{
return(PubsFile);
}
X509Store certStore = string.IsNullOrEmpty(certPath) ? new X509Store(StoreName.Root) : TestUtil.CreateCertStore(certPath);
PublicationsFileFactory factory = new PublicationsFileFactory(
new PkiTrustStoreProvider(certStore, CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")));
return(factory.Create(File.ReadAllBytes(Path.Combine(TestSetup.LocalPath, path))));
}
protected static IKsiService GetStaticKsiService(TestKsiServiceProtocol protocol, ulong requestId = 0,
PduVersion pduVersion = PduVersion.v2,
HashAlgorithm signingMacAlgorithm = null, HashAlgorithm extendingMacAlgorithm = null)
{
return
(new TestKsiService(
protocol,
new ServiceCredentials(TestConstants.ServiceUser, TestConstants.ServicePass, signingMacAlgorithm),
protocol,
new ServiceCredentials(TestConstants.ServiceUser, TestConstants.ServicePass, extendingMacAlgorithm),
protocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), requestId, pduVersion));
}
public void CreateCertificateSubjectRdnSelectorTest()
{
string typeName = CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]").GetType().FullName;
switch (CryptoTestFactory.ProviderType)
{
case CryptoProviderType.Microsoft:
Assert.AreEqual("Guardtime.KSI.Crypto.Microsoft.Crypto.CertificateSubjectRdnSelector", typeName, "Invalid CertificateSubjectRdnSelector type name.");
break;
case CryptoProviderType.BouncyCastle:
Assert.AreEqual("Guardtime.KSI.Crypto.BouncyCastle.Crypto.CertificateSubjectRdnSelector", typeName, "Invalid CertificateSubjectRdnSelector type name.");
break;
}
}
public void CreatePublicationsFileFromFileWithInvalidOid()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
ArgumentException ex = Assert.Throws <ArgumentException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector(new List <CertificateSubjectRdn>
{
new CertificateSubjectRdn("1.2.840.113549.1.9.1X", "*****@*****.**")
})))
.Create(stream);
});
Assert.That(ex.Message, Does.StartWith("Rdn contains invalid Oid or Value."));
}
}
private static IVerificationContext GetVerificationContext(TestingRow testingRow, IKsiSignature signature, string testDataDir, bool setUserPublication = false)
{
IPublicationsFile publicationsFile = null;
IKsiService service;
if (!setUserPublication)
{
publicationsFile = GetPublicationsFile(string.IsNullOrEmpty(testingRow.PublicationsFilePath) ? null : testDataDir + testingRow.PublicationsFilePath,
string.IsNullOrEmpty(testingRow.CertFilePath) ? null : testDataDir + testingRow.CertFilePath);
}
if (string.IsNullOrEmpty(testingRow.ResourceFile))
{
service = IntegrationTests.GetHttpKsiService();
}
else
{
TestKsiServiceProtocol protocol = new TestKsiServiceProtocol
{
RequestResult = File.ReadAllBytes(Path.Combine(TestSetup.LocalPath, testDataDir + testingRow.ResourceFile))
};
service =
new TestKsiService(
protocol,
new ServiceCredentials(Properties.Settings.Default.HttpSigningServiceUser, Properties.Settings.Default.HttpSigningServicePass,
TestUtil.GetHashAlgorithm(Properties.Settings.Default.HttpSigningServiceHmacAlgorithm)),
protocol,
new ServiceCredentials(Properties.Settings.Default.HttpExtendingServiceUser, Properties.Settings.Default.HttpExtendingServicePass,
TestUtil.GetHashAlgorithm(Properties.Settings.Default.HttpExtendingServiceHmacAlgorithm)),
protocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), 1, PduVersion.v2);
}
return(new VerificationContext(signature)
{
DocumentHash = testingRow.InputHash,
UserPublication = setUserPublication ? testingRow.PublicationData : null,
IsExtendingAllowed = testingRow.IsExtendingAllowed,
KsiService = service,
PublicationsFile = publicationsFile,
DocumentHashLevel = testingRow.InputHashLevel
});
}
public void PkiTrustStoreProviderVerifyCustomCertInvalidTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
{
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
});
// separate error messages for Microsoft and Bouncy Castle
Assert.That(ex.Message.StartsWith("Trust chain did not complete to the known authority anchor. Thumbprints did not match.") ||
(ex.Message.StartsWith("Could not build certificate path") &&
ex.InnerException.Message.StartsWith("Unable to find certificate chain.")),
"Unexpected exception message: " + ex.Message);
}
public void CreatePublicationsFileFromFileWithLongEmailName()
{
if (CryptoTestFactory.ProviderType == CryptoProviderType.BouncyCastle)
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
}
}
else if (CryptoTestFactory.ProviderType == CryptoProviderType.Microsoft)
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
}
}
}
public void PkiTrustStoreProviderVerifyCustomCertExpiredInvalidTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCertExpired),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCertExpired);
PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
{
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
});
// separate error messages for Microsoft and Bouncy Castle
Assert.That(
ex.Message.StartsWith(
"Trust chain did not complete to the known authority anchor. Errors: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.") ||
(ex.Message.StartsWith("Could not build certificate path") &&
ex.InnerException.Message.StartsWith("Certification path could not be validated.") &&
ex.InnerException.InnerException.Message.StartsWith("Could not validate certificate: certificate expired on ")),
"Unexpected exception message: " + ex.Message);
}
public void SignHashWithTcpTimeoutAndBufferSizeTest()
{
uint requestTimeout = 9000;
uint bufferSize = 1024;
TcpKsiSigningServiceProtocol protocol = new TcpKsiSigningServiceProtocol(
IPAddress.Parse(Settings.Default.TcpExtendingServiceIp),
Settings.Default.TcpSigningServicePort,
requestTimeout,
bufferSize);
HttpKsiServiceProtocol publicationsFileProtocol = new HttpKsiServiceProtocol(
null,
null,
Settings.Default.HttpPublicationsFileUrl);
Ksi ksi = new Ksi(new KsiService(
protocol,
new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass,
TestUtil.GetHashAlgorithm(Settings.Default.HttpSigningServiceHmacAlgorithm)),
null, null, publicationsFileProtocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root), CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
VerificationResult verificationResult = SignHash(ksi);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}