public void CreatePublicationsFileFromFileWithOu()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("OU=Verified Email: [email protected]"))).Create(stream);
}
}
public void TestDataHasherWithAlgorithmNull()
{
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
CryptoTestFactory.CreateDataHasher(null);
});
Assert.AreEqual("algorithm", ex.ParamName);
}
public void TestDataHasherWithRipemd160Algorithm()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher(HashAlgorithm.Ripemd160);
Assert.AreEqual(HashAlgorithm.Ripemd160.Length, hasher.GetHash().Value.Length, "Hash length should be correct");
byte[] bytes = new byte[hasher.GetHash().Value.Length];
hasher.GetHash().Value.CopyTo(bytes, 0);
Assert.AreEqual("9C-11-85-A5-C5-E9-FC-54-61-28-08-97-7E-E8-F5-48-B2-25-8D-31", BitConverter.ToString(bytes), "Hash value should be calculated correctly");
}
public void PkiTrustStoreProviderVerifyWithRootTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.KsiPublicationsFile);
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
}
public void TestDataHasherWithAlgorithmNotImplemented()
{
HashingException ex = Assert.Throws <HashingException>(delegate
{
CryptoTestFactory.CreateDataHasher(HashAlgorithm.Sha3256);
});
Assert.That(ex.Message, Does.StartWith("Hash algorithm(SHA3-256) is not supported"));
}
public void TestDataHasherWithNullICollection()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
hasher.AddData((byte[])null);
});
Assert.AreEqual("data", ex.ParamName);
}
public void TestDataHasherWithNullStream()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
hasher.AddData((Stream)null);
});
Assert.AreEqual("inStream", ex.ParamName);
}
public void CreatePublicationsFileWithBytesNull()
{
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create((byte[])null);
});
Assert.AreEqual("bytes", ex.ParamName, "Unexpected exception.");
}
public void TestDataHasherWithDefaultAlgorithmAndEmptyData()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
Assert.AreEqual(HashAlgorithm.Sha2256.Length, hasher.GetHash().Value.Length, "Hash length should be correct");
byte[] bytes = new byte[hasher.GetHash().Value.Length];
hasher.GetHash().Value.CopyTo(bytes, 0);
Assert.AreEqual("E3-B0-C4-42-98-FC-1C-14-9A-FB-F4-C8-99-6F-B9-24-27-AE-41-E4-64-9B-93-4C-A4-95-99-1B-78-52-B8-55", BitConverter.ToString(bytes),
"Hash value should be calculated correctly");
}
private static KsiService GetKsiService()
{
TestKsiServiceProtocol protocol = new TestKsiServiceProtocol();
return(new KsiService(protocol, new ServiceCredentials("test", "test", HashAlgorithm.Sha2256), protocol, new ServiceCredentials("test", "test", HashAlgorithm.Sha2256),
protocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
}
public void TestDataHasherWithNullBytesAndNoLength()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
hasher.AddData(null, 0, 0);
});
Assert.AreEqual("data", ex.ParamName);
}
public IKsiService GetPublicationsFileService(byte[] requestResult = null)
{
return(new TestKsiService(
null, null, null, null,
new TestKsiServiceProtocol {
PublicationsFileBytes = requestResult
},
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), 0, PduVersion.v1));
}
public void PkiTrustStoreProviderVerifyCustomCertTest()
{
// test verify with custom cert
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
}
protected static KsiService GetService(PduVersion version, HashAlgorithm aggregatorHmacAlgo, HashAlgorithm extenderHmacAlgo)
{
return(new KsiService(
new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass, aggregatorHmacAlgo),
new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass, extenderHmacAlgo),
new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), version));
}
public void TestDataHasherWithDefaultAlgorithmAndByteLength()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
byte[] data = System.Text.Encoding.UTF8.GetBytes(Resources.DataHasher_TestString);
hasher.AddData(data, 0, data.Length);
Assert.AreEqual(HashAlgorithm.Sha2256.Length, hasher.GetHash().Value.Length, "Hash length should be correct");
byte[] bytes = new byte[hasher.GetHash().Value.Length];
hasher.GetHash().Value.CopyTo(bytes, 0);
Assert.AreEqual("CF-00-FC-3A-72-A2-F7-1C-7D-E2-B7-18-C0-A4-DF-F3-8D-83-C0-E1-95-7E-C2-19-C3-B2-66-F8-CC-38-B9-EA", BitConverter.ToString(bytes),
"Hash value should be calculated correctly");
}
public void PkiTrustStoreProviderVerifyWithoutSignedBytes()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
trustStoreProvider.Verify(null, null);
});
Assert.AreEqual("signedBytes", ex.ParamName);
}
public void CreatePublicationsFileFromFileWithOidAndInvalidEmail()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
PublicationsFileException ex = Assert.Throws <PublicationsFileException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
});
Assert.That(ex.Message, Does.StartWith("Publications file verification failed."));
}
}
public void CreatePublicationsFileFromFileWithEmptyRdn()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
ArgumentException ex = Assert.Throws <ArgumentException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector(""))).Create(stream);
});
Assert.That(ex.Message, Does.StartWith("RDN cannot be empty"));
}
}
protected static KsiService GetHttpKsiServiceWithDefaultPduVersion()
{
return(new KsiService(
GetHttpKsiServiceProtocol(),
new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass,
TestUtil.GetHashAlgorithm(Settings.Default.HttpSigningServiceHmacAlgorithm)),
GetHttpKsiServiceProtocol(),
new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass,
TestUtil.GetHashAlgorithm(Settings.Default.HttpExtendingServiceHmacAlgorithm)),
GetHttpKsiServiceProtocol(),
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
}
public void TestDataHasherWithDefaultAlgorithmAndFileStreamLimitedBuffer()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.DataHasher_TestFile), FileMode.Open);
hasher.AddData(stream, 1);
Assert.AreEqual(HashAlgorithm.Sha2256.Length, hasher.GetHash().Value.Length, "Hash length should be correct");
byte[] bytes = new byte[hasher.GetHash().Value.Length];
hasher.GetHash().Value.CopyTo(bytes, 0);
Assert.AreEqual("54-66-E3-CB-A1-4A-84-3A-5E-93-B7-8E-3D-6A-B8-D3-49-1E-DC-AC-7E-06-43-1C-E1-A7-F4-98-28-C3-40-C3", BitConverter.ToString(bytes),
"Hash value should be calculated correctly");
stream.Close();
}
public void CreatePublicationsFileFromFileWithMultipleRdns()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector(new List <CertificateSubjectRdn>
{
new CertificateSubjectRdn("1.2.840.113549.1.9.1", "*****@*****.**"),
new CertificateSubjectRdn("OU", "Verified Email: [email protected]")
})))
.Create(stream);
}
}
public void CreatePublicationsFileFromFileWithInvalidName()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
ArgumentException ex = Assert.Throws <ArgumentException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
});
// separate error messages for microsoft and bouncycastle crypto
Assert.That(ex.Message, Does.StartWith("Invalid RDN:") | Does.Contain("Unknown object id"));
}
}
public void TestDataHasherWithAddingDataAfterHashHasBeenCalculated()
{
IDataHasher hasher = CryptoTestFactory.CreateDataHasher();
byte[] data = System.Text.Encoding.UTF8.GetBytes(Resources.DataHasher_TestString);
hasher.AddData(data);
hasher.GetHash();
HashingException ex = Assert.Throws <HashingException>(delegate
{
hasher.AddData(data);
});
Assert.That(ex.Message, Does.StartWith("Output hash has already been calculated"));
}
private static IPublicationsFile GetPublicationsFile(string path, string certPath)
{
if (string.IsNullOrEmpty(path))
{
return(PubsFile);
}
X509Store certStore = string.IsNullOrEmpty(certPath) ? new X509Store(StoreName.Root) : TestUtil.CreateCertStore(certPath);
PublicationsFileFactory factory = new PublicationsFileFactory(
new PkiTrustStoreProvider(certStore, CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")));
return(factory.Create(File.ReadAllBytes(Path.Combine(TestSetup.LocalPath, path))));
}
protected static IKsiService GetStaticKsiService(TestKsiServiceProtocol protocol, ulong requestId = 0,
PduVersion pduVersion = PduVersion.v2,
HashAlgorithm signingMacAlgorithm = null, HashAlgorithm extendingMacAlgorithm = null)
{
return
(new TestKsiService(
protocol,
new ServiceCredentials(TestConstants.ServiceUser, TestConstants.ServicePass, signingMacAlgorithm),
protocol,
new ServiceCredentials(TestConstants.ServiceUser, TestConstants.ServicePass, extendingMacAlgorithm),
protocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), requestId, pduVersion));
}
public void CreateCertificateSubjectRdnSelectorTest()
{
string typeName = CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]").GetType().FullName;
switch (CryptoTestFactory.ProviderType)
{
case CryptoProviderType.Microsoft:
Assert.AreEqual("Guardtime.KSI.Crypto.Microsoft.Crypto.CertificateSubjectRdnSelector", typeName, "Invalid CertificateSubjectRdnSelector type name.");
break;
case CryptoProviderType.BouncyCastle:
Assert.AreEqual("Guardtime.KSI.Crypto.BouncyCastle.Crypto.CertificateSubjectRdnSelector", typeName, "Invalid CertificateSubjectRdnSelector type name.");
break;
}
}
public void CreateDataHasherTest()
{
string typeName = CryptoTestFactory.CreateDataHasher().GetType().FullName;
switch (CryptoTestFactory.ProviderType)
{
case CryptoProviderType.Microsoft:
Assert.AreEqual("Guardtime.KSI.Crypto.Microsoft.Hashing.DataHasher", typeName, "Invalid data hasher type name.");
break;
case CryptoProviderType.BouncyCastle:
Assert.AreEqual("Guardtime.KSI.Crypto.BouncyCastle.Hashing.DataHasher", typeName, "Invalid data hasher type name.");
break;
}
}
public void CreatePublicationsFileFromFileWithInvalidOid()
{
using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
{
ArgumentException ex = Assert.Throws <ArgumentException>(delegate
{
new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector(new List <CertificateSubjectRdn>
{
new CertificateSubjectRdn("1.2.840.113549.1.9.1X", "*****@*****.**")
})))
.Create(stream);
});
Assert.That(ex.Message, Does.StartWith("Rdn contains invalid Oid or Value."));
}
}
private static IVerificationContext GetVerificationContext(TestingRow testingRow, IKsiSignature signature, string testDataDir, bool setUserPublication = false)
{
IPublicationsFile publicationsFile = null;
IKsiService service;
if (!setUserPublication)
{
publicationsFile = GetPublicationsFile(string.IsNullOrEmpty(testingRow.PublicationsFilePath) ? null : testDataDir + testingRow.PublicationsFilePath,
string.IsNullOrEmpty(testingRow.CertFilePath) ? null : testDataDir + testingRow.CertFilePath);
}
if (string.IsNullOrEmpty(testingRow.ResourceFile))
{
service = IntegrationTests.GetHttpKsiService();
}
else
{
TestKsiServiceProtocol protocol = new TestKsiServiceProtocol
{
RequestResult = File.ReadAllBytes(Path.Combine(TestSetup.LocalPath, testDataDir + testingRow.ResourceFile))
};
service =
new TestKsiService(
protocol,
new ServiceCredentials(Properties.Settings.Default.HttpSigningServiceUser, Properties.Settings.Default.HttpSigningServicePass,
TestUtil.GetHashAlgorithm(Properties.Settings.Default.HttpSigningServiceHmacAlgorithm)),
protocol,
new ServiceCredentials(Properties.Settings.Default.HttpExtendingServiceUser, Properties.Settings.Default.HttpExtendingServicePass,
TestUtil.GetHashAlgorithm(Properties.Settings.Default.HttpExtendingServiceHmacAlgorithm)),
protocol,
new PublicationsFileFactory(
new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), 1, PduVersion.v2);
}
return(new VerificationContext(signature)
{
DocumentHash = testingRow.InputHash,
UserPublication = setUserPublication ? testingRow.PublicationData : null,
IsExtendingAllowed = testingRow.IsExtendingAllowed,
KsiService = service,
PublicationsFile = publicationsFile,
DocumentHashLevel = testingRow.InputHashLevel
});
}
public void PkiTrustStoreProviderVerifyCustomCertInvalidTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
{
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
});
// separate error messages for Microsoft and Bouncy Castle
Assert.That(ex.Message.StartsWith("Trust chain did not complete to the known authority anchor. Thumbprints did not match.") ||
(ex.Message.StartsWith("Could not build certificate path") &&
ex.InnerException.Message.StartsWith("Unable to find certificate chain.")),
"Unexpected exception message: " + ex.Message);
}
