public void NewTsViaEHealth() { //Read this to enable TLS1.2 on old .Net Framework: //https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry var certs = new EHealthP12(@"EHealthP12/eHealth.acc-p12", File.ReadAllText(@"EHealthP12/eHealth.acc-p12.pwd")); var tsa = new TimeStampAuthorityClient(new StsBinding(), new EndpointAddress(new Uri("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2"))); tsa.ClientCredentials.ClientCertificate.Certificate = certs["authentication"]; var provider = new EHealthTimestampProvider(tsa); byte[] tsBytes = provider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256"); File.WriteAllBytes(@"files/eHTs2.ts", tsBytes); TimeStampToken tst = tsBytes.ToTimeStampToken(); Assert.True(tst.IsMatch(new MemoryStream(msg))); IList <CertificateList> crls = new List <CertificateList>(); IList <BasicOcspResponse> ocps = new List <BasicOcspResponse>(); tst.Validate(crls, ocps); tst.Validate(crls, ocps, null); }
public void NewTsViaEHealth() { //Read this to enable TLS1.2 on old .Net Framework: //https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#configuring-security-via-the-windows-registry var tsa = new TimeStampAuthorityClient( new StsBinding(), new EndpointAddress(new Uri("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2"))); //tsa.Endpoint.Behaviors.Remove<ClientCredentials>(); //tsa.Endpoint.Behaviors.Add(new OptClientCredentials()); //tsa.ClientCredentials.ServiceCertificate.DefaultCertificate = ehSsl; //not really used, but better then the workaround tsa.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "f794b1966a1bd1a1760bbe3a1e72f9cae1fa118c"); var provider = new EHealthTimestampProvider(tsa); byte[] tsBytes = provider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256"); TimeStampToken tst = tsBytes.ToTimeStampToken(); Assert.IsTrue(tst.IsMatch(new MemoryStream(msg))); IList <CertificateList> crls = new List <CertificateList>(); IList <BasicOcspResponse> ocps = new List <BasicOcspResponse>(); tst.Validate(crls, ocps); tst.Validate(crls, ocps, null); }
public void NewTsViaEHealth() { var tsa = new TimeStampAuthorityClient( new StsBinding(), new EndpointAddress( new Uri("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2") , EndpointIdentity.CreateDnsIdentity("*.int.pub.ehealth.fgov.be") ) ); //tsa.Endpoint.Behaviors.Remove<ClientCredentials>(); //tsa.Endpoint.Behaviors.Add(new OptClientCredentials()); tsa.ClientCredentials.ServiceCertificate.DefaultCertificate = ehSsl; //not really used, but better then the workaround tsa.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "684d0c3a2243cc2f59285be5234b89fc2bd33f6b"); var provider = new EHealthTimestampProvider(tsa); byte[] tsBytes = provider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256"); TimeStampToken tst = tsBytes.ToTimeStampToken(); Assert.IsTrue(tst.IsMatch(new MemoryStream(msg))); IList <CertificateList> crls = new List <CertificateList>(); IList <BasicOcspResponse> ocps = new List <BasicOcspResponse>(); tst.Validate(crls, ocps); tst.Validate(crls, ocps, null); }
public void Java2NetAddressedLTALevel() { RunJava("etee.crypto.test.Seal NONE"); File.Copy(GetAbsoluteTestFilePath("message_to_bob.msg"), GetAbsoluteTestFilePath("message_to_store.msg"), true); String output = RunJava("etee.crypto.test.Verify OPTIONAL"); SHA256 sha = SHA256.Create(); byte[] hash = sha.ComputeHash(Convert.FromBase64String(output.Trim())); var tsa = new TimeStampAuthorityClient(new StsBinding(), new EndpointAddress("https://services-acpt.ehealth.fgov.be/TimestampAuthority/v2")); tsa.Endpoint.Behaviors.Remove <ClientCredentials>(); tsa.Endpoint.Behaviors.Add(new OptClientCredentials()); tsa.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, "566fd3fe13e3ab185a7224bcec8ad9cffbf9e9c2"); var tsProvider = new EHealthTimestampProvider(tsa); byte[] tst = tsProvider.GetTimestampFromDocumentHash(hash, "http://www.w3.org/2001/04/xmlenc#sha256"); File.Copy(GetAbsoluteTestFilePath("message_to_bob.msg"), GetAbsoluteTestFilePath("message_to_store.msg"), true); RunJava("etee.crypto.test.Stamp " + Convert.ToBase64String(tst)); UnsealResult result; FileStream file = new FileStream(GetAbsoluteTestFilePath("message_to_bob.msg"), FileMode.Open); using (file) { IDataUnsealer unsealer = DataUnsealerFactory.Create(Level.LTA_Level, bob); result = unsealer.Unseal(file); } System.Console.WriteLine(result.SecurityInformation); Assert.AreEqual(Egelke.EHealth.Etee.Crypto.Status.TrustStatus.Full, result.SecurityInformation.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual("SERIALNUMBER=79021802145, G=Bryan Eduard, SN=Brouckaert, CN=Bryan Brouckaert (Authentication), C=BE", result.AuthenticationCertificate.Subject); byte[] bytes = new byte[result.UnsealedData.Length]; result.UnsealedData.Read(bytes, 0, bytes.Length); String msg = Encoding.UTF8.GetString(bytes); Assert.IsTrue(msg.StartsWith("This is a message to bob")); }