public void InvalidEncKeyUsage()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/invalid_encrkey_usage.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage));
}
public void ExpiredEnc()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/expired_encr.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid));
}
public void Bob2()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/Bob2_public_key.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.IssuerTrustUnknown));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.RevocationStatusUnknown));
}
public void MixedKeyAlgorithm()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/invalid_key_algorithm.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
}
public void NotYetAuth()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/not_yet_auth.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid));
}
public void DifferentDN()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/auth_and_encr_not_same_DN.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
//Assert.AreEqual(ValidationStatus.Unsure, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.InvalidBasicConstraints));
}
public void ValidButScrambledDN()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/valid_but_scrambledDN.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage));
}
public void InvalidKeySize()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/invalid_key_size.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
//This is no longer the case because we allow eID with 1024 bit keys.
//Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
}
public void kgss()
{
if (DateTime.Now > new DateTime(2015, 4, 22))
{
Assert.Inconclusive("KGSS token must be updated");
}
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/kgss.etk")));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Full, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
}