public TimestampServiceOptions()
{
Accuracy = new BcAccuracy(seconds: new DerInteger(1), micros: null, millis: null);
Policy = new Oid("2.999");
ReturnSigningCertificate = true;
SignatureHashAlgorithm = new Oid(Oids.Sha256);
SigningCertificateUsage = SigningCertificateUsage.V2;
}
public async Task GetTimestampCertificateChain_WithMismatchedEssCertIdCertificateHash_ReturnsChain(
SigningCertificateUsage signingCertificateUsage)
{
ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync();
CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync();
var options = new TimestampServiceOptions()
{
SigningCertificateUsage = signingCertificateUsage,
SigningCertificateV1Hash = new byte[SHA1HashLength]
};
TimestampService timestampService = TimestampService.Create(rootCa, options);
using (testServer.RegisterResponder(timestampService))
{
var nupkg = new SimpleTestPackageContext();
using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert))
using (var directory = TestDirectory.Create())
{
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
certificate,
nupkg,
directory,
timestampService.Url);
using (FileStream stream = File.OpenRead(signedPackagePath))
using (var reader = new PackageArchiveReader(stream))
{
PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None);
using (IX509CertificateChain actualChain = SignatureUtility.GetTimestampCertificateChain(signature))
{
Assert.NotEmpty(actualChain);
IReadOnlyList <Org.BouncyCastle.X509.X509Certificate> expectedChain = GetExpectedCertificateChain(timestampService);
Assert.Equal(expectedChain.Count, actualChain.Count);
for (var i = 0; i < expectedChain.Count; ++i)
{
Org.BouncyCastle.X509.X509Certificate expectedCertificate = expectedChain[i];
X509Certificate2 actualCertificate = actualChain[i];
Assert.True(
expectedCertificate.GetEncoded().SequenceEqual(actualCertificate.RawData),
$"The certificate at index {i} in the chain is unexpected.");
}
}
}
}
}
}
public async Task GetTimestampCertificateChain_WithShortEssCertIdCertificateHash_Throws(
SigningCertificateUsage signingCertificateUsage)
{
ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync();
CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync();
var options = new TimestampServiceOptions()
{
SigningCertificateUsage = signingCertificateUsage,
SigningCertificateV1Hash = new byte[SHA1HashLength - 1]
};
TimestampService timestampService = TimestampService.Create(rootCa, options);
using (testServer.RegisterResponder(timestampService))
{
var nupkg = new SimpleTestPackageContext();
using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert))
using (var directory = TestDirectory.Create())
{
var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
certificate,
nupkg,
directory,
timestampService.Url);
using (FileStream stream = File.OpenRead(signedPackagePath))
using (var reader = new PackageArchiveReader(stream))
{
PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None);
var exception = Assert.Throws <SignatureException>(
() => SignatureUtility.GetTimestampCertificateChain(signature));
Assert.Equal(
"A certificate referenced by the signing-certificate attribute could not be found.",
exception.Message);
}
}
}
}
public async Task GetTimestampCertificateChain_WithMismatchedEssCertIdCertificateHash_ReturnsChain(
SigningCertificateUsage signingCertificateUsage)
{
ISigningTestServer testServer = await _testFixture.GetSigningTestServerAsync();
CertificateAuthority rootCa = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();
var options = new TimestampServiceOptions()
{
SigningCertificateUsage = signingCertificateUsage,
SigningCertificateV1Hash = new byte[SHA1HashLength]
};
TimestampService timestampService = TimestampService.Create(rootCa, options);
using (testServer.RegisterResponder(timestampService))
{
var nupkg = new SimpleTestPackageContext();
using (var certificate = new X509Certificate2(_testFixture.TrustedTestCertificate.Source.Cert))
using (TestDirectory directory = TestDirectory.Create())
{
string signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync(
certificate,
nupkg,
directory,
timestampService.Url);
// Act
CommandRunnerResult result = RunVerifyCommand(signedPackagePath);
// Assert
result.Success.Should().BeTrue(because: result.AllOutput);
result.AllOutput.Should().Contain(_successfullyVerified);
Regex.Matches(result.AllOutput, _noTimestamperWarning).Count.Should().Be(0);
}
}
}
