private void VerifyTimestampData(
ISigningTestServer testServer,
TimestampService timestampService,
Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData)
{
using (testServer.RegisterResponder(timestampService))
{
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var content = Encoding.UTF8.GetBytes("peach");
var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content);
var request = new TimestampRequest()
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signedCms.Encode()
};
verifyTimestampData(timestampProvider, request);
}
}
}
public async Task TimestampData_WithValidInput_ReturnsTimestamp()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signatureValue
};
// Act
var timestampedData = timestampProvider.TimestampData(request, logger, CancellationToken.None);
var timestampedCms = new SignedCms();
timestampedCms.Decode(timestampedData);
// Assert
timestampedData.Should().NotBeNull();
timestampedCms.Should().NotBeNull();
timestampedCms.Detached.Should().BeFalse();
timestampedCms.ContentInfo.Should().NotBeNull();
timestampedCms.SignerInfos.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttribute);
}
}
public async Task TimestampData_WhenRequestNull_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var authorCertName = "*****@*****.**";
var data = "Test data to be signed and timestamped";
Action <X509V3CertificateGenerator> modifyGenerator = delegate(X509V3CertificateGenerator gen)
{
gen.SetNotBefore(DateTime.MinValue);
gen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromDays(1))); // cert has expired
};
using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signatureValue
};
// Act
Action timestampAction = () => timestampProvider.TimestampData(null, logger, CancellationToken.None);
// Assert
timestampAction.ShouldThrow <ArgumentNullException>()
.WithMessage(string.Format(_argumentNullExceptionMessage, nameof(request)));
}
}
public async Task GetTimestampAsync_WhenLoggerNull_ThrowsAsync()
{
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Assert
var exception = await Assert.ThrowsAsync <ArgumentNullException>(
() => timestampProvider.GetTimestampAsync(request, logger: null, CancellationToken.None));
Assert.Equal("logger", exception.ParamName);
Assert.StartsWith("Value cannot be null.", exception.Message);
}
}
private void VerifyTimestampData(
ISigningTestServer testServer,
TimestampService timestampService,
Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData)
{
using (testServer.RegisterResponder(timestampService))
{
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "peach");
var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
SigningSpecifications.V1,
messageHash,
timestampHashAlgorithm,
SignaturePlacement.PrimarySignature);
verifyTimestampData(timestampProvider, request);
}
}
}
public void Rfc3161TimestampProvider_Failure_Cancelled()
{
// Arrange
var logger = new TestLogger();
var timestampProvider = new Rfc3161TimestampProvider(new Uri(_testTimestampServer));
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
Certificate = authorCert,
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
SignatureValue = signatureValue
};
// Act
Action timestampAction = () => timestampProvider.TimestampData(request, logger, new CancellationToken(canceled: true));
// Assert
timestampAction.ShouldThrow <OperationCanceledException>()
.WithMessage(_operationCancelledExceptionMessage);
}
}
public async Task GetTimestamp_WithValidInput_ReturnsTimestamp()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var primarySignature = PrimarySignature.Load(signedCms.Encode());
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signatureValue = primarySignature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Act
var timestampedCms = timestampProvider.GetTimestamp(request, logger, CancellationToken.None);
// Assert
timestampedCms.Should().NotBeNull();
timestampedCms.Detached.Should().BeFalse();
timestampedCms.ContentInfo.Should().NotBeNull();
timestampedCms.SignerInfos.Count.Should().Be(1);
}
}
public async Task GetTimestamp_WhenCancelled_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Act
Action timestampAction = () => timestampProvider.GetTimestamp(request, logger, new CancellationToken(canceled: true));
// Assert
timestampAction.ShouldThrow <OperationCanceledException>()
.WithMessage(_operationCancelledExceptionMessage);
}
}
public async Task TimestampData_WhenCancelled_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signatureValue
};
// Act
Action timestampAction = () => timestampProvider.TimestampData(request, logger, new CancellationToken(canceled: true));
// Assert
timestampAction.ShouldThrow <OperationCanceledException>()
.WithMessage(_operationCancelledExceptionMessage);
}
}
/// <summary>
/// Timestamps a signature for tests.
/// </summary>
/// <param name="timestampProvider">Timestamp provider.</param>
/// <param name="signatureRequest">SignPackageRequest containing metadata for timestamp request.</param>
/// <param name="signature">Signature that needs to be timestamped.</param>
/// <param name="logger">ILogger.</param>
/// <returns>Timestamped Signature.</returns>
public static Task <Signature> TimestampSignature(ITimestampProvider timestampProvider, SignPackageRequest signatureRequest, Signature signature, ILogger logger)
{
var timestampRequest = new TimestampRequest
{
SignatureValue = signature.GetBytes(),
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = signatureRequest.TimestampHashAlgorithm
};
return(TimestampSignature(timestampProvider, timestampRequest, signature, logger));
}
Task <Signature> TimestampSignature(SignPackageRequest request, ILogger logger, byte[] signature, CancellationToken token)
{
var timestampRequest = new TimestampRequest
{
SignatureValue = signature,
Certificate = request.Certificate,
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = request.TimestampHashAlgorithm
};
return(timestampProvider.TimestampSignatureAsync(timestampRequest, logger, token));
}
/// <summary>
/// Timestamps a signature for tests.
/// </summary>
/// <param name="timestampProvider">Timestamp provider.</param>
/// <param name="signatureRequest">SignPackageRequest containing metadata for timestamp request.</param>
/// <param name="signature">Signature that needs to be timestamped.</param>
/// <param name="logger">ILogger.</param>
/// <returns>Timestamped Signature.</returns>
public static Task <PrimarySignature> TimestampPrimarySignature(ITimestampProvider timestampProvider, SignPackageRequest signatureRequest, PrimarySignature signature, ILogger logger)
{
var signatureValue = signature.GetSignatureValue();
var messageHash = signatureRequest.TimestampHashAlgorithm.ComputeHash(signatureValue);
var timestampRequest = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: signatureRequest.TimestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
return(TimestampPrimarySignature(timestampProvider, timestampRequest, signature, logger));
}
Task <PrimarySignature> TimestampPrimarySignatureAsync(SignPackageRequest request, ILogger logger, PrimarySignature signature, CancellationToken token)
{
var signatureValue = signature.GetSignatureValue();
var messageHash = request.TimestampHashAlgorithm.ComputeHash(signatureValue);
var timestampRequest = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: request.TimestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
return(timestampProvider.TimestampSignatureAsync(signature, timestampRequest, logger, token));
}
public async Task TimestampSignatureAsync_TimestampingCountersignature_Succeeds()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var signatureContent = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateRepositoryCountersignedSignedCms(authorCert, signatureContent.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
SigningSpecifications.V1,
messageHash,
timestampHashAlgorithm,
SignaturePlacement.Countersignature);
// Act
var primarySignature = await timestampProvider.TimestampSignatureAsync(signature, request, logger, CancellationToken.None);
var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature);
// Assert
repositoryCountersignature.Should().NotBeNull();
repositoryCountersignature.SignerInfo.Should().NotBeNull();
repositoryCountersignature.SignerInfo.UnsignedAttributes.Count.Should().BeGreaterOrEqualTo(1);
var hasTimestampUnsignedAttribute = false;
var timestampCms = new SignedCms();
foreach (var attr in repositoryCountersignature.SignerInfo.UnsignedAttributes)
{
if (string.Compare(attr.Oid.Value, Oids.SignatureTimeStampTokenAttribute, CultureInfo.CurrentCulture, CompareOptions.Ordinal) == 0)
{
hasTimestampUnsignedAttribute = true;
timestampCms.Decode(attr.Values[0].RawData);
}
}
hasTimestampUnsignedAttribute.Should().BeTrue();
timestampCms.CheckSignature(verifySignatureOnly: true);
}
}
public static Task <PrimarySignature> TimestampSignature(ITimestampProvider timestampProvider, PrimarySignature primarySignature, HashAlgorithmName hashAlgorithm, SignaturePlacement target, ILogger logger)
{
Signature signatureToTimestamp = primarySignature;
if (target == SignaturePlacement.Countersignature)
{
signatureToTimestamp = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature);
}
var signatureValue = signatureToTimestamp.GetSignatureValue();
var messageHash = hashAlgorithm.ComputeHash(signatureValue);
var timestampRequest = new TimestampRequest(
SigningSpecifications.V1,
messageHash,
hashAlgorithm,
target);
return(timestampProvider.TimestampSignatureAsync(primarySignature, timestampRequest, logger, CancellationToken.None));
}
public async Task GetTimestamp_WhenRequestNull_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var authorCertName = "*****@*****.**";
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
Action <X509V3CertificateGenerator> modifyGenerator = delegate(X509V3CertificateGenerator gen)
{
gen.SetNotBefore(DateTime.MinValue);
gen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromDays(1))); // cert has expired
};
using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Act
Action timestampAction = () => timestampProvider.GetTimestamp(null, logger, CancellationToken.None);
// Assert
timestampAction.ShouldThrow <ArgumentNullException>()
.WithMessage(string.Format(_argumentNullExceptionMessage, nameof(request)));
}
}
public async Task GetTimestampAsync_WhenRequestNull_ThrowsAsync()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var authorCertName = "*****@*****.**";
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
Action <TestCertificateGenerator> modifyGenerator = delegate(TestCertificateGenerator gen)
{
gen.NotBefore = DateTime.UtcNow.Subtract(TimeSpan.FromDays(1)); // cert has expired
};
using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Assert
var exception = await Assert.ThrowsAsync <ArgumentNullException>(
() => timestampProvider.GetTimestampAsync(request: null, logger, CancellationToken.None));
Assert.Equal("request", exception.ParamName);
Assert.StartsWith("Value cannot be null.", exception.Message);
}
}
public async Task TimestampData_WhenTimestampSigningCertificateRevoked_Throws()
{
var testServer = await _testFixture.GetSigningTestServerAsync();
var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();
var timestampService = TimestampService.Create(certificateAuthority);
certificateAuthority.Revoke(timestampService.Certificate, CrlReason.KeyCompromise, DateTimeOffset.UtcNow);
using (testServer.RegisterResponder(timestampService))
{
var logger = new TestLogger();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
SignatureValue = signatureValue
};
var exception = Assert.Throws <TimestampException>(
() => timestampProvider.TimestampData(request, logger, CancellationToken.None));
Assert.Equal(
"The timestamp service's certificate chain could not be built: The certificate is revoked.",
exception.Message);
}
}
}
public void Rfc3161TimestampProvider_Success()
{
// Arrange
var logger = new TestLogger();
var timestampProvider = new Rfc3161TimestampProvider(new Uri(_testTimestampServer));
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
Certificate = authorCert,
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
SignatureValue = signatureValue
};
// Act
var timestampedData = timestampProvider.TimestampData(request, logger, CancellationToken.None);
var timestampedCms = new SignedCms();
timestampedCms.Decode(timestampedData);
// Assert
timestampedData.Should().NotBeNull();
timestampedCms.Should().NotBeNull();
timestampedCms.Detached.Should().BeFalse();
timestampedCms.ContentInfo.Should().NotBeNull();
timestampedCms.Certificates.Count.Should().Be(1);
timestampedCms.SignerInfos.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttributeOid);
}
}
/// <summary>
/// Timestamps a signature for tests.
/// </summary>
/// <param name="timestampProvider">Timestamp provider.</param>
/// <param name="signature">Signature that needs to be timestamped.</param>
/// <param name="logger">ILogger.</param>
/// <param name="timestampRequest">timestampRequest containing metadata for timestamp request.</param>
/// <returns>Timestamped Signature.</returns>
public static Task <Signature> TimestampSignature(ITimestampProvider timestampProvider, TimestampRequest timestampRequest, Signature signature, ILogger logger)
{
return(timestampProvider.TimestampSignatureAsync(timestampRequest, logger, CancellationToken.None));
}
