public void FailsToEncrypt_IfInvalidKeySize()
{
// Arrange
AS4Message as4Message = CreateAS4Message();
var keyEncryptionConfig = new KeyEncryptionConfiguration(CreateEncryptionCertificate());
var dataEncryptionConfig = new DataEncryptionConfiguration(AS4.Model.PMode.Encryption.Default.Algorithm, -1);
// Act / Assert
Assert.ThrowsAny <Exception>(() => as4Message.Encrypt(keyEncryptionConfig, dataEncryptionConfig));
}
private static void EncryptAS4Message(
AS4Message message,
KeyEncryptionConfiguration keyEncryptionConfig,
DataEncryptionConfiguration dataEncryptionConfig)
{
try
{
message.Encrypt(keyEncryptionConfig, dataEncryptionConfig);
}
catch (Exception exception)
{
string description = $"Problems with encryption AS4Message: {exception}";
Logger.Error(description);
throw new CryptographicException(description, exception);
}
}
private static AS4Message SignedEncryptedAS4UserMessage(AS4Component msh, string ebmsMessageId)
{
string attachmentId = "attachment-" + Guid.NewGuid();
var user = new UserMessage(
ebmsMessageId,
new CollaborationInfo(
agreement: new AgreementReference(
value: "http://agreements.europa.org/agreement",
pmodeId: DefaultPModeId),
service: new Service(
value: "getting:started",
type: "eu:europa:services"),
action: "eu:sample:01",
conversationId: "eu:europe:conversation"),
Party.DefaultFrom,
Party.DefaultTo,
new [] { new PartInfo("cid:" + attachmentId) },
Enumerable.Empty <MessageProperty>());
AS4Message m = AS4Message.Create(user);
m.AddAttachment(
new Attachment(
id: attachmentId,
content: new MemoryStream(Properties.Resources.payload),
contentType: "image/jpg"));
var certRepo = new CertificateRepository(msh.GetConfiguration());
X509Certificate2 signingCert = certRepo.GetCertificate(X509FindType.FindBySubjectName, "AccessPointA");
m.Sign(new CalculateSignatureConfig(signingCert));
X509Certificate2 encryptCert = certRepo.GetCertificate(X509FindType.FindBySubjectName, "AccessPointB");
m.Encrypt(new KeyEncryptionConfiguration(encryptCert), DataEncryptionConfiguration.Default);
return(m);
}
public async Task CanDeserializeEncryptAndSerializeSignedMessageWithUntouchedMessagingHeader()
{
// Arrange: retrieve an existing signed AS4 Message and encrypt it.
// Serialize it again to inspect the Soap envelope of the modified message.
AS4Message deserializedAS4Message =
await DeserializeToAS4Message(
signed_holodeck_message,
@"multipart/related;boundary=""MIMEBoundary_bcb27a6f984295aa9962b01ef2fb3e8d982de76d061ab23f""");
XmlNode originalSecurityHeader = deserializedAS4Message.SecurityHeader.GetXml().CloneNode(deep: true);
var encryptionCertificate = new X509Certificate2(certificate_as4, certificate_password);
// Act: Encrypt the message
deserializedAS4Message.Encrypt(
new KeyEncryptionConfiguration(encryptionCertificate),
DataEncryptionConfiguration.Default);
// Assert: the soap envelope of the encrypted message should not be equal to the
// envelope of the original message since there should be modifications in
// the security header.
Assert.NotEqual(
originalSecurityHeader.OuterXml,
deserializedAS4Message.EnvelopeDocument.OuterXml);
// Serialize it again; the Soap envelope should remain intact, besides
// some changes that have been made to the security header.
AS4Message reserializedAS4Message = await AS4MessageUtils.SerializeDeserializeAsync(deserializedAS4Message);
// Assert: The soap envelopes of both messages should be equal if the
// SecurityHeader is not taken into consideration.
RemoveSecurityHeaderFromMessageEnvelope(reserializedAS4Message);
RemoveSecurityHeaderFromMessageEnvelope(deserializedAS4Message);
Assert.Equal(
reserializedAS4Message.EnvelopeDocument.OuterXml,
deserializedAS4Message.EnvelopeDocument.OuterXml);
}
public static AS4Message EncryptWithCertificate(AS4Message message, X509Certificate2 certificate)
{
message.Encrypt(new KeyEncryptionConfiguration(certificate), DataEncryptionConfiguration.Default);
return(message);
}