private void VerifyTimestampData( ISigningTestServer testServer, TimestampService timestampService, Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData) { using (testServer.RegisterResponder(timestampService)) { var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var content = Encoding.UTF8.GetBytes("peach"); var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content); var request = new TimestampRequest() { SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, Signature = signedCms.Encode() }; verifyTimestampData(timestampProvider, request); } } }
public async Task TimestampData_WithValidInput_ReturnsTimestamp() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var data = "Test data to be signed and timestamped"; using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data)); var signatureValue = signedCms.Encode(); var request = new TimestampRequest { SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, Signature = signatureValue }; // Act var timestampedData = timestampProvider.TimestampData(request, logger, CancellationToken.None); var timestampedCms = new SignedCms(); timestampedCms.Decode(timestampedData); // Assert timestampedData.Should().NotBeNull(); timestampedCms.Should().NotBeNull(); timestampedCms.Detached.Should().BeFalse(); timestampedCms.ContentInfo.Should().NotBeNull(); timestampedCms.SignerInfos.Count.Should().Be(1); timestampedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1); timestampedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttribute); } }
public async Task TimestampData_WhenRequestNull_Throws() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var authorCertName = "*****@*****.**"; var data = "Test data to be signed and timestamped"; Action <X509V3CertificateGenerator> modifyGenerator = delegate(X509V3CertificateGenerator gen) { gen.SetNotBefore(DateTime.MinValue); gen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromDays(1))); // cert has expired }; using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data)); var signatureValue = signedCms.Encode(); var request = new TimestampRequest { SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, Signature = signatureValue }; // Act Action timestampAction = () => timestampProvider.TimestampData(null, logger, CancellationToken.None); // Assert timestampAction.ShouldThrow <ArgumentNullException>() .WithMessage(string.Format(_argumentNullExceptionMessage, nameof(request))); } }
public async Task GetTimestampAsync_WhenLoggerNull_ThrowsAsync() { var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped"); using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes()); var signature = PrimarySignature.Load(signedCms.Encode()); var signatureValue = signature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: timestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); // Assert var exception = await Assert.ThrowsAsync <ArgumentNullException>( () => timestampProvider.GetTimestampAsync(request, logger: null, CancellationToken.None)); Assert.Equal("logger", exception.ParamName); Assert.StartsWith("Value cannot be null.", exception.Message); } }
private void VerifyTimestampData( ISigningTestServer testServer, TimestampService timestampService, Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData) { using (testServer.RegisterResponder(timestampService)) { var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert)) { var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "peach"); var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content.GetBytes()); var signature = PrimarySignature.Load(signedCms.Encode()); var signatureValue = signature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( SigningSpecifications.V1, messageHash, timestampHashAlgorithm, SignaturePlacement.PrimarySignature); verifyTimestampData(timestampProvider, request); } } }
public void Rfc3161TimestampProvider_Failure_Cancelled() { // Arrange var logger = new TestLogger(); var timestampProvider = new Rfc3161TimestampProvider(new Uri(_testTimestampServer)); var data = "Test data to be signed and timestamped"; using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data)); var signatureValue = signedCms.Encode(); var request = new TimestampRequest { Certificate = authorCert, SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, SignatureValue = signatureValue }; // Act Action timestampAction = () => timestampProvider.TimestampData(request, logger, new CancellationToken(canceled: true)); // Assert timestampAction.ShouldThrow <OperationCanceledException>() .WithMessage(_operationCancelledExceptionMessage); } }
public async Task GetTimestamp_WithValidInput_ReturnsTimestamp() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped"); using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes()); var primarySignature = PrimarySignature.Load(signedCms.Encode()); var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var signatureValue = primarySignature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: timestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); // Act var timestampedCms = timestampProvider.GetTimestamp(request, logger, CancellationToken.None); // Assert timestampedCms.Should().NotBeNull(); timestampedCms.Detached.Should().BeFalse(); timestampedCms.ContentInfo.Should().NotBeNull(); timestampedCms.SignerInfos.Count.Should().Be(1); } }
public async Task GetTimestamp_WhenCancelled_Throws() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped"); using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes()); var signature = PrimarySignature.Load(signedCms.Encode()); var signatureValue = signature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: timestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); // Act Action timestampAction = () => timestampProvider.GetTimestamp(request, logger, new CancellationToken(canceled: true)); // Assert timestampAction.ShouldThrow <OperationCanceledException>() .WithMessage(_operationCancelledExceptionMessage); } }
public async Task TimestampData_WhenCancelled_Throws() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var data = "Test data to be signed and timestamped"; using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data)); var signatureValue = signedCms.Encode(); var request = new TimestampRequest { SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, Signature = signatureValue }; // Act Action timestampAction = () => timestampProvider.TimestampData(request, logger, new CancellationToken(canceled: true)); // Assert timestampAction.ShouldThrow <OperationCanceledException>() .WithMessage(_operationCancelledExceptionMessage); } }
/// <summary> /// Timestamps a signature for tests. /// </summary> /// <param name="timestampProvider">Timestamp provider.</param> /// <param name="signatureRequest">SignPackageRequest containing metadata for timestamp request.</param> /// <param name="signature">Signature that needs to be timestamped.</param> /// <param name="logger">ILogger.</param> /// <returns>Timestamped Signature.</returns> public static Task <Signature> TimestampSignature(ITimestampProvider timestampProvider, SignPackageRequest signatureRequest, Signature signature, ILogger logger) { var timestampRequest = new TimestampRequest { SignatureValue = signature.GetBytes(), SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = signatureRequest.TimestampHashAlgorithm }; return(TimestampSignature(timestampProvider, timestampRequest, signature, logger)); }
Task <Signature> TimestampSignature(SignPackageRequest request, ILogger logger, byte[] signature, CancellationToken token) { var timestampRequest = new TimestampRequest { SignatureValue = signature, Certificate = request.Certificate, SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = request.TimestampHashAlgorithm }; return(timestampProvider.TimestampSignatureAsync(timestampRequest, logger, token)); }
/// <summary> /// Timestamps a signature for tests. /// </summary> /// <param name="timestampProvider">Timestamp provider.</param> /// <param name="signatureRequest">SignPackageRequest containing metadata for timestamp request.</param> /// <param name="signature">Signature that needs to be timestamped.</param> /// <param name="logger">ILogger.</param> /// <returns>Timestamped Signature.</returns> public static Task <PrimarySignature> TimestampPrimarySignature(ITimestampProvider timestampProvider, SignPackageRequest signatureRequest, PrimarySignature signature, ILogger logger) { var signatureValue = signature.GetSignatureValue(); var messageHash = signatureRequest.TimestampHashAlgorithm.ComputeHash(signatureValue); var timestampRequest = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: signatureRequest.TimestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); return(TimestampPrimarySignature(timestampProvider, timestampRequest, signature, logger)); }
Task <PrimarySignature> TimestampPrimarySignatureAsync(SignPackageRequest request, ILogger logger, PrimarySignature signature, CancellationToken token) { var signatureValue = signature.GetSignatureValue(); var messageHash = request.TimestampHashAlgorithm.ComputeHash(signatureValue); var timestampRequest = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: request.TimestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); return(timestampProvider.TimestampSignatureAsync(signature, timestampRequest, logger, token)); }
public async Task TimestampSignatureAsync_TimestampingCountersignature_Succeeds() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var signatureContent = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped"); using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var signedCms = SigningTestUtility.GenerateRepositoryCountersignedSignedCms(authorCert, signatureContent.GetBytes()); var signature = PrimarySignature.Load(signedCms.Encode()); var signatureValue = signature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( SigningSpecifications.V1, messageHash, timestampHashAlgorithm, SignaturePlacement.Countersignature); // Act var primarySignature = await timestampProvider.TimestampSignatureAsync(signature, request, logger, CancellationToken.None); var repositoryCountersignature = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); // Assert repositoryCountersignature.Should().NotBeNull(); repositoryCountersignature.SignerInfo.Should().NotBeNull(); repositoryCountersignature.SignerInfo.UnsignedAttributes.Count.Should().BeGreaterOrEqualTo(1); var hasTimestampUnsignedAttribute = false; var timestampCms = new SignedCms(); foreach (var attr in repositoryCountersignature.SignerInfo.UnsignedAttributes) { if (string.Compare(attr.Oid.Value, Oids.SignatureTimeStampTokenAttribute, CultureInfo.CurrentCulture, CompareOptions.Ordinal) == 0) { hasTimestampUnsignedAttribute = true; timestampCms.Decode(attr.Values[0].RawData); } } hasTimestampUnsignedAttribute.Should().BeTrue(); timestampCms.CheckSignature(verifySignatureOnly: true); } }
public static Task <PrimarySignature> TimestampSignature(ITimestampProvider timestampProvider, PrimarySignature primarySignature, HashAlgorithmName hashAlgorithm, SignaturePlacement target, ILogger logger) { Signature signatureToTimestamp = primarySignature; if (target == SignaturePlacement.Countersignature) { signatureToTimestamp = RepositoryCountersignature.GetRepositoryCountersignature(primarySignature); } var signatureValue = signatureToTimestamp.GetSignatureValue(); var messageHash = hashAlgorithm.ComputeHash(signatureValue); var timestampRequest = new TimestampRequest( SigningSpecifications.V1, messageHash, hashAlgorithm, target); return(timestampProvider.TimestampSignatureAsync(primarySignature, timestampRequest, logger, CancellationToken.None)); }
public async Task GetTimestamp_WhenRequestNull_Throws() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var authorCertName = "*****@*****.**"; var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped"); Action <X509V3CertificateGenerator> modifyGenerator = delegate(X509V3CertificateGenerator gen) { gen.SetNotBefore(DateTime.MinValue); gen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromDays(1))); // cert has expired }; using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator)) { var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes()); var signature = PrimarySignature.Load(signedCms.Encode()); var signatureValue = signature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: timestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); // Act Action timestampAction = () => timestampProvider.GetTimestamp(null, logger, CancellationToken.None); // Assert timestampAction.ShouldThrow <ArgumentNullException>() .WithMessage(string.Format(_argumentNullExceptionMessage, nameof(request))); } }
public async Task GetTimestampAsync_WhenRequestNull_ThrowsAsync() { var logger = new TestLogger(); var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var authorCertName = "*****@*****.**"; var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped"); Action <TestCertificateGenerator> modifyGenerator = delegate(TestCertificateGenerator gen) { gen.NotBefore = DateTime.UtcNow.Subtract(TimeSpan.FromDays(1)); // cert has expired }; using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator)) { var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256; var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes()); var signature = PrimarySignature.Load(signedCms.Encode()); var signatureValue = signature.GetSignatureValue(); var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue); var request = new TimestampRequest( signingSpecifications: SigningSpecifications.V1, hashedMessage: messageHash, hashAlgorithm: timestampHashAlgorithm, target: SignaturePlacement.PrimarySignature ); // Assert var exception = await Assert.ThrowsAsync <ArgumentNullException>( () => timestampProvider.GetTimestampAsync(request: null, logger, CancellationToken.None)); Assert.Equal("request", exception.ParamName); Assert.StartsWith("Value cannot be null.", exception.Message); } }
public async Task TimestampData_WhenTimestampSigningCertificateRevoked_Throws() { var testServer = await _testFixture.GetSigningTestServerAsync(); var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync(); var timestampService = TimestampService.Create(certificateAuthority); certificateAuthority.Revoke(timestampService.Certificate, CrlReason.KeyCompromise, DateTimeOffset.UtcNow); using (testServer.RegisterResponder(timestampService)) { var logger = new TestLogger(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var data = "Test data to be signed and timestamped"; using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data)); var signatureValue = signedCms.Encode(); var request = new TimestampRequest { SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, SignatureValue = signatureValue }; var exception = Assert.Throws <TimestampException>( () => timestampProvider.TimestampData(request, logger, CancellationToken.None)); Assert.Equal( "The timestamp service's certificate chain could not be built: The certificate is revoked.", exception.Message); } } }
public void Rfc3161TimestampProvider_Success() { // Arrange var logger = new TestLogger(); var timestampProvider = new Rfc3161TimestampProvider(new Uri(_testTimestampServer)); var data = "Test data to be signed and timestamped"; using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) { var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data)); var signatureValue = signedCms.Encode(); var request = new TimestampRequest { Certificate = authorCert, SigningSpec = SigningSpecifications.V1, TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256, SignatureValue = signatureValue }; // Act var timestampedData = timestampProvider.TimestampData(request, logger, CancellationToken.None); var timestampedCms = new SignedCms(); timestampedCms.Decode(timestampedData); // Assert timestampedData.Should().NotBeNull(); timestampedCms.Should().NotBeNull(); timestampedCms.Detached.Should().BeFalse(); timestampedCms.ContentInfo.Should().NotBeNull(); timestampedCms.Certificates.Count.Should().Be(1); timestampedCms.SignerInfos.Count.Should().Be(1); timestampedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1); timestampedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttributeOid); } }
/// <summary> /// Timestamps a signature for tests. /// </summary> /// <param name="timestampProvider">Timestamp provider.</param> /// <param name="signature">Signature that needs to be timestamped.</param> /// <param name="logger">ILogger.</param> /// <param name="timestampRequest">timestampRequest containing metadata for timestamp request.</param> /// <returns>Timestamped Signature.</returns> public static Task <Signature> TimestampSignature(ITimestampProvider timestampProvider, TimestampRequest timestampRequest, Signature signature, ILogger logger) { return(timestampProvider.TimestampSignatureAsync(timestampRequest, logger, CancellationToken.None)); }