public void NewTsViaEHealth()
{
//Read this to enable TLS1.2 on old .Net Framework:
//https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry
var certs = new EHealthP12(@"EHealthP12/eHealth.acc-p12", File.ReadAllText(@"EHealthP12/eHealth.acc-p12.pwd"));
var tsa = new TimeStampAuthorityClient(new StsBinding(), new EndpointAddress(new Uri("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2")));
tsa.ClientCredentials.ClientCertificate.Certificate = certs["authentication"];
var provider = new EHealthTimestampProvider(tsa);
byte[] tsBytes = provider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256");
File.WriteAllBytes(@"files/eHTs2.ts", tsBytes);
TimeStampToken tst = tsBytes.ToTimeStampToken();
Assert.True(tst.IsMatch(new MemoryStream(msg)));
IList <CertificateList> crls = new List <CertificateList>();
IList <BasicOcspResponse> ocps = new List <BasicOcspResponse>();
tst.Validate(crls, ocps);
tst.Validate(crls, ocps, null);
}
public void NewTsViaEHealth()
{
//Read this to enable TLS1.2 on old .Net Framework:
//https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry
var tsa = new TimeStampAuthorityClient(
new StsBinding(),
new EndpointAddress(new Uri("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2")));
//tsa.Endpoint.Behaviors.Remove<ClientCredentials>();
//tsa.Endpoint.Behaviors.Add(new OptClientCredentials());
//tsa.ClientCredentials.ServiceCertificate.DefaultCertificate = ehSsl; //not really used, but better then the workaround
tsa.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "f794b1966a1bd1a1760bbe3a1e72f9cae1fa118c");
var provider = new EHealthTimestampProvider(tsa);
byte[] tsBytes = provider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256");
TimeStampToken tst = tsBytes.ToTimeStampToken();
Assert.IsTrue(tst.IsMatch(new MemoryStream(msg)));
IList <CertificateList> crls = new List <CertificateList>();
IList <BasicOcspResponse> ocps = new List <BasicOcspResponse>();
tst.Validate(crls, ocps);
tst.Validate(crls, ocps, null);
}
public void NewTsViaEHealth()
{
var tsa = new TimeStampAuthorityClient(
new StsBinding(),
new EndpointAddress(
new Uri("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2")
, EndpointIdentity.CreateDnsIdentity("*.int.pub.ehealth.fgov.be")
)
);
//tsa.Endpoint.Behaviors.Remove<ClientCredentials>();
//tsa.Endpoint.Behaviors.Add(new OptClientCredentials());
tsa.ClientCredentials.ServiceCertificate.DefaultCertificate = ehSsl; //not really used, but better then the workaround
tsa.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "684d0c3a2243cc2f59285be5234b89fc2bd33f6b");
var provider = new EHealthTimestampProvider(tsa);
byte[] tsBytes = provider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256");
TimeStampToken tst = tsBytes.ToTimeStampToken();
Assert.IsTrue(tst.IsMatch(new MemoryStream(msg)));
IList <CertificateList> crls = new List <CertificateList>();
IList <BasicOcspResponse> ocps = new List <BasicOcspResponse>();
tst.Validate(crls, ocps);
tst.Validate(crls, ocps, null);
}
public void Java2NetAddressedLTALevel()
{
RunJava("etee.crypto.test.Seal NONE");
File.Copy(GetAbsoluteTestFilePath("message_to_bob.msg"), GetAbsoluteTestFilePath("message_to_store.msg"), true);
String output = RunJava("etee.crypto.test.Verify OPTIONAL");
SHA256 sha = SHA256.Create();
byte[] hash = sha.ComputeHash(Convert.FromBase64String(output.Trim()));
var tsa = new TimeStampAuthorityClient(new StsBinding(), new EndpointAddress("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2"));
tsa.Endpoint.Behaviors.Remove <ClientCredentials>();
tsa.Endpoint.Behaviors.Add(new OptClientCredentials());
tsa.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "566fd3fe13e3ab185a7224bcec8ad9cffbf9e9c2");
var tsProvider = new EHealthTimestampProvider(tsa);
byte[] tst = tsProvider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256");
File.Copy(GetAbsoluteTestFilePath("message_to_bob.msg"), GetAbsoluteTestFilePath("message_to_store.msg"), true);
RunJava("etee.crypto.test.Stamp " + Convert.ToBase64String(tst));
UnsealResult result;
FileStream file = new FileStream(GetAbsoluteTestFilePath("message_to_bob.msg"), FileMode.Open);
using (file)
{
IDataUnsealer unsealer = DataUnsealerFactory.Create(Level.LTA_Level, bob);
result = unsealer.Unseal(file);
}
System.Console.WriteLine(result.SecurityInformation);
Assert.AreEqual(Egelke.EHealth.Etee.Crypto.Status.TrustStatus.Full, result.SecurityInformation.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual("SERIALNUMBER=79021802145, G=Bryan Eduard, SN=Brouckaert, CN=Bryan Brouckaert (Authentication), C=BE", result.AuthenticationCertificate.Subject);
byte[] bytes = new byte[result.UnsealedData.Length];
result.UnsealedData.Read(bytes, 0, bytes.Length);
String msg = Encoding.UTF8.GetString(bytes);
Assert.IsTrue(msg.StartsWith("This is a message to bob"));
}
