public void FewerSctsThanRequiredReturnsFailure() { var rand = new Random(); foreach (var tp in _testParams) { var certMoq = new Moq.Mock <MoqX509Certificate2>(); certMoq.Setup(c => c.MoqNotBefore).Returns(tp.Start); certMoq.Setup(c => c.MoqNotAfter).Returns(tp.End); var cert = certMoq.Object; var scts = new Dictionary <string, SctVerificationResult>(); var numScts = rand.Next(tp.SctsRequired); for (var i = 0; i < numScts; i++) { scts[i.ToString()] = SctVerificationResult.Valid(DateTime.UtcNow, Guid.NewGuid().ToString()); } for (var i = 0; i < 10; i++) { scts[(i + 100).ToString()] = SctVerificationResult.FailedVerification(DateTime.UtcNow, Guid.NewGuid().ToString()); } var result = new CtPolicyDefault().PolicyVerificationResult(cert, scts); Assert.True(tp.SctsRequired == result.MinSctCount, tp.Description); Assert.True(result.Result == CtResult.TooFewSctsTrusted, tp.Description); } }
public void CorrectNumberOfSctsReturnsSuccessTrusted() { foreach (var tp in _testParams) { var certMoq = new Moq.Mock <MoqX509Certificate2>(); certMoq.Setup(c => c.MoqNotBefore).Returns(tp.Start); certMoq.Setup(c => c.MoqNotAfter).Returns(tp.End); var cert = certMoq.Object; var scts = new Dictionary <string, SctVerificationResult>(); for (var i = 0; i < tp.SctsRequired; i++) { scts[i.ToString()] = SctVerificationResult.Valid(DateTime.UtcNow, Guid.NewGuid().ToString()); } for (var i = 0; i < 10; i++) { scts[(i + 100).ToString()] = SctVerificationResult.FailedVerification(DateTime.UtcNow, Guid.NewGuid().ToString()); } var result = new CtPolicyDefault().PolicyVerificationResult(cert, scts); Assert.True(result.Result == CtResult.Trusted, tp.Description); } }
private static SctVerificationResult VerifySctSignatureOverBytes(this SignedCertificateTimestamp sct, Log logServer, byte[] toVerify) { var(oid, sigAlg) = GetKeyAlgorithm(logServer.KeyBytes); //var signer = sigAlg switch //{ // CtSignatureAlgorithm.Ecdsa => SignerUtilities.GetSigner(Constants.Sha256WithEcdsa), // CtSignatureAlgorithm.Rsa => SignerUtilities.GetSigner(Constants.Sha256WithRsa), // _ => throw new NotImplementedException($"Signature algothrim '{sigAlg}' not supported, with OID '{oid}'"), //}; ISigner signer; if (sigAlg == CtSignatureAlgorithm.Ecdsa) { signer = SignerUtilities.GetSigner(Constants.Sha256WithEcdsa); } else if (sigAlg == CtSignatureAlgorithm.Rsa) { signer = SignerUtilities.GetSigner(Constants.Sha256WithRsa); } else { throw new NotImplementedException($"Signature algothrim '{sigAlg}' not supported, with OID '{oid}'"); } var pubKey = PublicKeyFactory.CreateKey(logServer.KeyBytes); signer.Init(false, pubKey); signer.BlockUpdate(toVerify, 0, toVerify.Length); var isValid = signer.VerifySignature(sct.Signature.SignatureData); return(isValid ? SctVerificationResult.Valid(sct.TimestampUtc, logServer.LogId, logServer.Description) : SctVerificationResult.FailedVerification(sct.TimestampUtc, logServer.LogId, logServer.Description, "Invalid Signature")); }