public HsmCryptographerFailureTests() { var privateRedmondCerts = AgentTester.LoadPrivateCerts("redmond"); var publicRedmondCerts = AgentTester.LoadPublicCerts( Path.Combine(AgentTester.MakeCertificatesPath(Directory.GetCurrentDirectory(), "redmond"))); var privateKryptiqCerts = AgentTester.LoadPrivateCerts("nhind"); m_softSenderCertWithoutKey = publicRedmondCerts.Single(c => c.Subject.Contains("redmond.hsgincubator.com")); // // Get a dual-use certificate for the hsm.DirectInt.Lab domain. // This is used for cut over tests. Meaning the transition from soft to hardware stored keys. // m_dualUseCertWithPrivateKey = privateKryptiqCerts.Single(c => c.Subject.Contains("hsm.DirectInt.lab") && c.FindKeyUsageExtension()?.KeyUsages == (X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature)); var pubCerts = AgentTester.LoadCertificates(@"Certificates\redmond\Public"); m_singleUseEnciphermentPublicCert = pubCerts.Single(c => c.Subject.Contains("hsm.DirectInt.lab") && c.FindKeyUsageExtension()?.KeyUsages == X509KeyUsageFlags.KeyEncipherment); // // Private is in token. Public side is in config store. // We sign the hash with the private token based key. We include the public cert in the Signed Entity (S/MIME) // m_singleUseSigningPublicCert = privateRedmondCerts.Single(c => c.Subject.Contains("hsm.DirectInt.lab") && c.FindKeyUsageExtension()?.KeyUsages == X509KeyUsageFlags.DigitalSignature); }