public void TestVerifySizes(String subDir, string nestDir) { var subPath = Util.TestDataPath(TEST_DATA, subDir, nestDir); using (var ks = new FileSystemKeySet(subPath)) using (var verifier = new Verifier(ks)) using (var jwtVerifier = new JwtVerifier(ks)) { foreach (var size in ks.Metadata.GetKeyType(1).KeySizeOptions) { var dataPath = Path.Combine(subPath, $@"{size}.out"); if (Util.IsSizeTooSlow(size) && !File.Exists(dataPath)) { break; } var activeSignature = (WebBase64)File.ReadAllLines(dataPath).First(); Expect(verifier.Verify(input, activeSignature), Is.True); var jwtPath = Path.Combine(subPath, $@"{size}.jwt"); if (File.Exists(jwtPath)) { var activeToken = File.ReadAllLines(jwtPath).First(); Expect(jwtVerifier.VerifyCompact(activeToken), Is.True); } } } }
public void TestEncryptedKeysetForNonEncryptedData() { var nonEncryptedPath = Util.TestDataPath(TEST_DATA, "rsa"); using (var pbereader = KeySet.LayerSecurity( FileSystemKeySet.Creator(nonEncryptedPath), PbeKeySet.Creator(() => "dummy") )) { var key = pbereader.GetKey(1); Expect(key, Is.Not.Null); } using (var crypter = new Crypter(nonEncryptedPath)) using (var encreader = KeySet.LayerSecurity( FileSystemKeySet.Creator(nonEncryptedPath), EncryptedKeySet.Creator(crypter) )) { var key = encreader.GetKey(1); Expect(key, Is.Not.Null); } }
public void TestSymetricKeyExport() { var ks = new FileSystemKeySet(Util.TestDataPath(TEST_DATA, "aes")); Expect(() => ks.ExportPrimaryAsPkcs(Path.Combine(Path.GetTempPath(), "dummy.pem"), () => "dummy"), Throws.InstanceOf <InvalidKeyTypeException>()); }
public void TestDemoteRevoke() { string result; var path = Util.TestDataPath(TEST_DATA, "demote"); if (Directory.Exists(path)) { Directory.Delete(path, true); } result = Util.KeyczarTool(create: null, location: path, purpose: "crypt"); Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKeySet)); result = Util.KeyczarTool(addkey: null, location: path, status: "primary"); Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKey)); result = Util.KeyczarTool(demote: null, location: path, version: 1); Expect(result, Does.Contain("ACTIVE")); result = Util.KeyczarTool(demote: null, location: path, version: 1); Expect(result, Does.Contain("INACTIVE")); result = Util.KeyczarTool(revoke: null, location: path, version: 1); Expect(result, Does.Contain(KeyczarTool.Localized.MsgRevokedVersion)); var ks = new FileSystemKeySet(path); Expect(ks.Metadata.Versions.Any(), Is.False); Directory.Delete(path, true); }
public void TestGetPrimary() { // based on the checked in files, we know version 2 is primary. var reader = new FileSystemKeySet(Util.TestDataPath(TEST_DATA, "rsa")); var knownPrimaryKey = reader.GetKey(2 /* primary key version */); var readerKey = new GetPrimary(reader).GetPrimaryExposed(); Expect(readerKey.GetKeyHash(), Is.EqualTo(knownPrimaryKey.GetKeyHash())); }
public void TestPublicKeyExport() { var ks = new FileSystemKeySet(Util.TestDataPath(TEST_DATA, "rsa.public")); var path = Path.Combine(Path.GetTempPath(), "dummy.pem"); Console.WriteLine(path); ks.ExportPrimaryAsPkcs(path, () => "dummy"); var contents = File.ReadAllText(path); Expect(contents, Does.Contain("END PUBLIC KEY")); }
public void TestPrivateKeyExport() { var ks = new FileSystemKeySet(Util.TestDataPath(TEST_DATA, "rsa")); var path = Path.Combine(Path.GetTempPath(), "dummy-private-withpass.pem"); Console.WriteLine(path); ks.ExportPrimaryAsPkcs(path, () => "dummy"); var contents = File.ReadAllText(path); Expect(contents, Does.Contain("END ENCRYPTED PRIVATE KEY")); }
public override int Run(string[] remainingArguments) { IKeySet ks = new FileSystemKeySet(_location); bool add = !ks.Metadata.Encrypted; Func <string> prompt = CachedPrompt.Password(Util.PromptForPassword).Prompt; if (!add) { Console.WriteLine(Localized.PasswordPromptOldPassword); ks = new PbeKeySet(ks, prompt); } using (ks as PbeKeySet) using (var keySet = new MutableKeySet(ks)) { keySet.ForceKeyDataChange(); IKeySetWriter writer = new FileSystemKeySetWriter(_location, overwrite: true); if (!_remove) { Console.WriteLine(Localized.PasswordPromptNewPassword); Func <string> newPrompt = CachedPrompt.Password(Util.DoublePromptForPassword).Prompt; writer = new PbeKeySetWriter(writer, newPrompt); } else { keySet.Metadata.Encrypted = false; } using (writer as PbeKeySetWriter) { if (keySet.Save(writer)) { if (_remove) { Console.WriteLine(Localized.MsgRemovedPassword); } else if (add) { Console.WriteLine(Localized.MsgAddedPasssword); } else { Console.WriteLine(Localized.MsgChangedPassword); } return(0); } return(-1); } } }
public void TestPriveKeyNoPassExport() { var ks = new FileSystemKeySet(Util.TestDataPath(TEST_DATA, "rsa")); var path = Path.Combine(Path.GetTempPath(), "dummy-private-nopass.pem"); Console.WriteLine(path); ks.ExportPrimaryAsPkcs(path, null); var contents = File.ReadAllText(path); Expect(contents, Does.Contain("END PUBLIC KEY")); Expect(contents, Does.Contain("END RSA PRIVATE KEY")); }
public void JWTIOVerifyKeyczarTest(string testData, bool pub) { var dataPath = Path.Combine(GetTestDirPath(), "jwt.io", testData + ".jwt"); var keySetPath = Path.Combine(GetTestDirPath(), "jwt.io", pub ? testData + ".pub" : testData); using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(keySetPath))) using (var jwtVerifier = new JwtVerifier(ks)) { var jwt = File.ReadAllText(dataPath).Trim(); var result = jwtVerifier.VerifyCompact(jwt); Expect(result, Is.True); } }
public void TestSignAndVerifyJwt(String subDir, string nestDir) { var subPath = Util.TestDataPath(TEST_DATA, subDir, nestDir); using (var ks = new FileSystemKeySet(subPath)) using (var signer = new JwtSigner(ks)) using (var verifier = new JwtVerifier(ks)) { var signedoutput = signer.SignCompact(JObject.Parse(jsonInput)); Console.WriteLine(signedoutput); Expect(verifier.VerifyCompact(signedoutput), Is.True); Expect(signer.VerifyCompact(signedoutput), Is.True); } }
public void TestAesEncryptedKeyDecrypt(string subDir, string nestedDir) { // Test reading and using encrypted keys var basePath = Util.TestDataPath(TEST_DATA, nestedDir); var keyPath = Path.Combine(basePath, subDir); var dataPath = Path.Combine(basePath, subDir + "-crypted"); using (var keyDecrypter = new Crypter(keyPath)) using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath), EncryptedKeySet.Creator(keyDecrypter))) using (var dataDecrypter = new Crypter(ks)) { HelperDecrypt(dataDecrypter, dataPath); } }
public void BasicThumbprintTest() { var dataPath = Path.Combine(GetTestDirPath(), "aes-gcm-certcrypted"); var activeCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "1.out")).First(); var primaryCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "2.out")).First(); using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath), CertEncryptedKeySet.Creator(GetThumbprint()))) using (var crypter = new Crypter(ks)) { var activeDecrypted = crypter.Decrypt(activeCiphertext); Expect(activeDecrypted, Is.EqualTo(CertEncryptedTest.Input)); var primaryDecrypted = crypter.Decrypt(primaryCiphertext); Expect(primaryDecrypted, Is.EqualTo(CertEncryptedTest.Input)); } }
public void BasicPfxTestPublicVerify() { var dataPath = Path.Combine(GetTestDirPath(), "rsa-sign-certcrypted"); var keySetPath = Path.Combine(GetTestDirPath(), "rsa-sign-certcrypted.public"); var activeSig = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "1.out")).First(); var primarySig = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "2.out")).First(); using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(keySetPath))) using (var verifier = new Verifier(ks)) { var activeDecrypted = verifier.Verify(Input, activeSig); Expect(activeDecrypted, Is.True); var primaryDecrypted = verifier.Verify(Input, primarySig); Expect(primaryDecrypted, Is.True); } }
public void TestAddPadding() { string result; var path = Util.TestDataPath(TEST_DATA, "padding"); var path2 = Util.TestDataPath(TEST_DATA, "padding.public"); if (Directory.Exists(path)) { Directory.Delete(path, true); } if (Directory.Exists(path2)) { Directory.Delete(path2, true); } result = Util.KeyczarTool(create: null, location: path, purpose: "crypt", asymmetric: null); Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKeySet)); result = Util.KeyczarTool(addkey: null, location: path, status: "primary", padding: "PKCS", size: "1024"); Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKey)); var ks = new FileSystemKeySet(path); dynamic key = ks.GetKey(1); Expect((int)key.Size, Is.EqualTo(1024)); Expect((string)key.Padding, Is.EqualTo("PKCS")); result = Util.KeyczarTool(pubkey: null, location: path, destination: path2); Expect(result, Does.Contain(KeyczarTool.Localized.MsgNewPublicKeySet)); var ks2 = new FileSystemKeySet(path); dynamic key2 = ks2.GetKey(1); Expect((int)key2.Size, Is.EqualTo(1024)); Expect((string)key2.Padding, Is.EqualTo("PKCS")); Directory.Delete(path2, true); Directory.Delete(path, true); }
public void JWTBasicVerifyTest(string testDta, bool certCrypted) { var keySetPath = Path.Combine(GetTestDirPath(), testDta); var issueDate = DateTime.UtcNow; var expireDate = issueDate.AddDays(1); using (var pfxStream = File.OpenRead(PfxPath())) { var layers = new List <Func <IKeySet, ILayeredKeySet> >(); if (certCrypted) { layers.Add(CertEncryptedKeySet.Creator(pfxStream, () => PfxPass)); } using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(keySetPath), layers.ToArray())) { var signingKey = new KeyzureSigningCredentials(ks); var token = new JwtSecurityToken("http://test.issue", "http://test.audience", new ClaimsIdentity().Claims, issueDate, expireDate, signingKey); var handler = new JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); Console.WriteLine(jwt); var param = new TokenValidationParameters { IssuerSigningKey = new KeySetKey(ks), ValidAudience = "http://test.audience", ValidIssuer = "http://test.issue", }; var result = handler.ValidateToken(jwt, param, out var token2); Expect(result, Is.Not.Null); } } }
public void Decrypt() { var keyPath = TestData("aes"); var dataPath = TestData("aes-crypted"); var activeCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "1.out")).First(); var primaryCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "2.out")).First(); using (var keyDecrypter = new Crypter(keyPath)) using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath), EncryptedKeySet.Creator(keyDecrypter))) using (var crypter = new Crypter(ks)) { var activeDecrypted = crypter.Decrypt(activeCiphertext); Expect(activeDecrypted, Is.EqualTo(Input)); var primaryDecrypted = crypter.Decrypt(primaryCiphertext); Expect(primaryDecrypted, Is.EqualTo(Input)); } }
protected IKeySet ProduceKeySet(string location, string crypterLocation, bool password, out IDisposable d1, out IDisposable d2, out IDisposable d3) { if (String.IsNullOrWhiteSpace(location)) { d1 = null; d2 = null; d3 = null; return(null); } Crypter crypter = null; IKeySet ks = new FileSystemKeySet(location); Func <string> prompt = CachedPrompt.Password(Util.PromptForPassword).Prompt; IDisposable dks = null; if (!String.IsNullOrWhiteSpace(crypterLocation)) { if (password) { var cks = KeySet.LayerSecurity(FileSystemKeySet.Creator(crypterLocation), PbeKeySet.Creator(prompt) ); crypter = new Crypter(cks); dks = cks; } else { crypter = new Crypter(crypterLocation); } ks = new EncryptedKeySet(ks, crypter); } else if (_password) { ks = new PbeKeySet(ks, prompt); } d1 = crypter; d2 = dks; d3 = ks; return(ks); }
public void CreatePbeKeySet() { var kspath = Util.TestDataPath(WRITE_DATA, "pbe_json"); var writer = new FileSystemKeySetWriter(kspath, overwrite: true); Func <string> passPrompt = () => "cartman"; //hardcoded because this is a test; using (var encwriter = new PbeKeySetWriter(writer, passPrompt)) { using (var ks = CreateNewKeySet(KeyKind.Symmetric, KeyPurpose.DecryptAndEncrypt)) { var success = ks.Save(writer); Expect(success, Is.True); } using (var eks = KeySet.LayerSecurity( FileSystemKeySet.Creator(kspath), PbeKeySet.Creator(passPrompt))) { HelperCryptCreate(encwriter, eks, kspath, KeyType.Aes); } } }
public void CreateAndCrypted(string keyType, string topDir, string subDir) { KeyType type = keyType; var kspath = Util.TestDataPath(WRITE_DATA, topDir, subDir); var writer = new FileSystemKeySetWriter(kspath, overwrite: true); using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.DecryptAndEncrypt)) { var success = ks.Save(writer); Expect(success, Is.True); } HelperCryptCreate(writer, new FileSystemKeySet(kspath), kspath, type); var kscryptpath = Util.TestDataPath(WRITE_DATA, topDir + "-crypted", subDir); var baseWriter = new FileSystemKeySetWriter(kscryptpath, overwrite: true); using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.DecryptAndEncrypt)) { var success = ks.Save(baseWriter); Expect(success, Is.True); } using (var encrypter = new Crypter(kspath)) { var cryptedwriter = new EncryptedKeySetWriter(baseWriter, encrypter); using (var eks = KeySet.LayerSecurity(FileSystemKeySet.Creator(kscryptpath), EncryptedKeySet.Creator(encrypter))) { HelperCryptCreate(cryptedwriter, eks, kscryptpath, type, new FileSystemKeySet(kscryptpath), baseWriter); } } }
public void JWTIOVerifyOwinTest(string testData, bool pub) { var dataPath = Path.Combine(GetTestDirPath(), "jwt.io", testData + ".jwt"); var keySetPath = Path.Combine(GetTestDirPath(), "jwt.io", pub ? testData + ".pub" : testData); using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(keySetPath))) { var jwt = File.ReadAllText(dataPath).Trim(); var handler = new JwtSecurityTokenHandler(); var param = new TokenValidationParameters { IssuerSigningKey = new KeySetKey(ks), ValidateLifetime = false, ValidateAudience = false, ValidateIssuer = false, }; var result = handler.ValidateToken(jwt, param, out var token); Expect(result, Is.Not.Null); } }
public void TestPbeKeysetRead() { Func <string> password = () => "cartman"; //Hardcoded because this is a test using (var reader = KeySet.LayerSecurity(FileSystemKeySet.Creator(Util.TestDataPath(TEST_DATA, "pbe_json")), PbeKeySet.Creator(password) )) { Expect(reader.Metadata.Encrypted, Is.True); var data1 = Encoding.UTF8.GetString(reader.GetKeyData(1)); var data2 = Encoding.UTF8.GetString(reader.GetKeyData(1)); var token1 = JToken.Parse(data1); var size = token1["size"]; Expect(size.ToString(), Is.EqualTo("128")); var token2 = JToken.Parse(data2); var mode = token2["mode"]; Expect(mode.ToString(), Is.EqualTo("CBC")); } }
public override int Run(string[] remainingArguments) { var ret = 0; Crypter crypter = null; IKeySet ks = new FileSystemKeySet(_location); Func <string> singlePrompt = CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForKeySet); return(Util.PromptForPassword()); }).Prompt; var prompt = ks.Metadata.Encrypted ? singlePrompt : CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForKeySet); return(Util.PromptForPassword()); }).Prompt; IDisposable dks = null; if (!String.IsNullOrWhiteSpace(_crypterLocation)) { if (_password) { var cks = KeySet.LayerSecurity(FileSystemKeySet.Creator(_crypterLocation), PbeKeySet.Creator(singlePrompt)); crypter = new Crypter(cks); dks = cks; } else { crypter = new Crypter(_crypterLocation); } ks = new EncryptedKeySet(ks, crypter); } else if (_password) { ks = new PbeKeySet(ks, prompt); } var d2ks = ks as IDisposable; using (crypter) using (dks) using (d2ks) using (var keySet = new MutableKeySet(ks)) { var official = keySet.Metadata.OriginallyOfficial && keySet.Metadata.ValidOfficial() && !_force; KeyType hint = null; if (!String.IsNullOrWhiteSpace(_type)) { hint = AddKey.KeyTypeForString(_type); } if (_status != KeyStatus.Primary && _status != KeyStatus.Active) { Console.WriteLine("{0} {1}.", Localized.Status, _status.Identifier); return(-1); } ImportedKeySet importedKeySet = null; try { importedKeySet = ImportedKeySet.Import.X509Certificate(keySet.Metadata.Purpose, _importLocation, official, hint); } catch { if (_importLocation.EndsWith("pfx", StringComparison.Ordinal) || _importLocation.EndsWith("p12", StringComparison.Ordinal) ) { importedKeySet = ImportedKeySet.Import.Pkcs12Keys( keySet.Metadata.Purpose, _importLocation, CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForImport); return(Util.PromptForPassword()); }).Prompt, official, hint); } else { importedKeySet = ImportedKeySet.Import.PkcsKey( keySet.Metadata.Purpose, _importLocation, CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForImport); return(Util.PromptForPassword()); }).Prompt, official, hint); } } if (importedKeySet == null) { Console.WriteLine(Localized.MsgUnparsableImport); ret = -1; } else { if (keySet.Metadata.OriginallyOfficial && keySet.Metadata.ValidOfficial()) { if (!_force && !importedKeySet.Metadata.ValidOfficial()) { var keySetKeyType = keySet.Metadata.OfficialKeyType(); ret = -1; Console.WriteLine(Localized.MsgMismatchedType, "Multiple Types", keySetKeyType); } else { var importedKeyType = importedKeySet.Metadata.OfficialKeyType(); var keySetKeyType = keySet.Metadata.OfficialKeyType(); if (importedKeyType != keySetKeyType && !_force) { ret = -1; Console.WriteLine(Localized.MsgMismatchedType, importedKeyType, keySetKeyType); } } } if (keySet.Metadata.Kind != importedKeySet.Metadata.Kind) { if (!keySet.Metadata.Versions.Any()) { keySet.Metadata.Kind = importedKeySet.Metadata.Kind; } else { ret = -1; Console.WriteLine(Localized.MsgConflictingKeyTypes, keySet.Metadata.Kind.Identifier, importedKeySet.Metadata.Kind); } } using (importedKeySet) { if (ret != -1) { var count = importedKeySet.Metadata.Versions.Count(); var outMsg = ""; foreach (var v in importedKeySet.Metadata.Versions) { var status = v.Status; if (count == 1 || _status != KeyStatus.Primary) { status = _status; } var ver = keySet.AddKey(status, importedKeySet.GetKey(v.VersionNumber)); outMsg = ver.ToString(); } if (count > 1) { outMsg = $"{count} keys"; } IKeySetWriter writer = new FileSystemKeySetWriter(_location, overwrite: true); if (crypter != null) { writer = new EncryptedKeySetWriter(writer, crypter); } else if (_password) { writer = new PbeKeySetWriter(writer, prompt); } if (keySet.Save(writer)) { Console.WriteLine("{0} {1}.", Localized.MsgImportedNewKey, outMsg); ret = 0; } else { ret = -1; } } } } } return(ret); }
public override int Run(string[] remainingArguments) { var ret = 0; Crypter crypter = null; IKeySet ks = new FileSystemKeySet(_location); Func <string> crypterPrompt = CachedPrompt.Password(Util.PromptForPassword).Prompt; var prompt = ks.Metadata.Encrypted ? new Func <string>(CachedPrompt.Password(Util.PromptForPassword).Prompt) : new Func <string>(CachedPrompt.Password(Util.DoublePromptForPassword).Prompt); IDisposable dks = null; if (!String.IsNullOrWhiteSpace(_crypterLocation)) { if (_password) { var cks = KeySet.LayerSecurity( FileSystemKeySet.Creator(_crypterLocation), PbeKeySet.Creator(crypterPrompt) ); crypter = new Crypter(cks); dks = cks; } else { crypter = new Crypter(_crypterLocation); } ks = new EncryptedKeySet(ks, crypter); } else if (_password) { ks = new PbeKeySet(ks, prompt); } var d2ks = ks as IDisposable; using (crypter) using (dks) using (d2ks) using (var keySet = new MutableKeySet(ks)) { if (_status != KeyStatus.Primary && _status != KeyStatus.Active) { Console.WriteLine("{0} {1}.", Localized.MsgInvalidStatus, _status.Identifier); return(-1); } object options = null; if (!String.IsNullOrWhiteSpace(_padding)) { options = new { Padding = _padding }; } int ver; var type = KeyTypeForString(_type); if (ks.Metadata.OriginallyOfficial && ks.Metadata.ValidOfficial()) { var keytype = ks.Metadata.OfficialKeyType(); if (type == null) { type = keytype; } else if (type != keytype && !_force) { throw new ConsoleHelpAsException(String.Format(Localized.MsgMismatchedType, type, keytype)); } } try { ver = keySet.AddKey(_status, _size, type, options); } #pragma warning disable 168 catch (InvalidKeyTypeException ex) #pragma warning restore 168 { throw new ConsoleHelpAsException(String.Format(Localized.MsgMismatchedKind, type?.Kind, keySet.Metadata.Kind)); } IKeySetWriter writer = new FileSystemKeySetWriter(_location, overwrite: true); if (crypter != null) { writer = new EncryptedKeySetWriter(writer, crypter); } else if (_password) { writer = new PbeKeySetWriter(writer, prompt); } using (writer as IDisposable) { try { if (keySet.Save(writer)) { Console.WriteLine("{0} {1}.", Localized.MsgCreatedKey, ver); ret = 0; } else { ret = -1; } } catch { ret = -1; } } } if (ret != 0) { Console.WriteLine("{0} {1}.", Localized.MsgCouldNotWrite, _location); } return(ret); }
public override int Run(string[] remainingArguments) { var ret = 0; Crypter crypter = null; IKeySet ks = new FileSystemKeySet(_location); Func <string> prompt = CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForKeySet); return(Util.PromptForPassword()); }).Prompt; IDisposable dks = null; if (!String.IsNullOrWhiteSpace(_crypterLocation)) { if (_password) { var cks = KeySet.LayerSecurity(FileSystemKeySet.Creator(_crypterLocation), PbeKeySet.Creator(prompt) ); crypter = new Crypter(cks); dks = cks; } else { crypter = new Crypter(_crypterLocation); } ks = new EncryptedKeySet(ks, crypter); } else if (_password) { ks = new PbeKeySet(ks, prompt); } var d2ks = ks as IDisposable; using (crypter) using (dks) using (d2ks) { if (_pkcs12) { if (!ks.ExportAsPkcs12(_destination, CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForExport); return(Util.DoublePromptForPassword ()); }).Prompt)) { ret = -1; } else { Console.WriteLine(Localized.MsgExportedPem); } } else { if (!ks.ExportPrimaryAsPkcs(_destination, CachedPrompt.Password(() => { Console.WriteLine(Localized.MsgForExport); return(Util.DoublePromptForPassword()); }).Prompt)) { ret = -1; } else { Console.WriteLine(Localized.MsgExportedPem); } } } return(ret); }
public void TestGetPrimaryFails() { var reader = new FileSystemKeySet(Util.TestDataPath(TEST_DATA, "aes-noprimary")); Expect(() => new GetPrimary(reader).GetPrimaryExposed(), Throws.TypeOf <MissingPrimaryKeyException>()); }
public void TestOperateOnPbeKeys() { string result; var pathc = Util.TestDataPath(TEST_DATA, "rsa-pbe"); if (Directory.Exists(pathc)) { Directory.Delete(pathc, true); } result = Util.KeyczarTool(create: null, location: pathc, purpose: "crypt", asymmetric: null); Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKeySet)); result = Util.KeyczarTool("cartman", "cartman", addkey: null, location: pathc, password: null, status: "primary"); Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKey)); var pathi = Path.Combine(pathc, "out.pem"); result = Util.KeyczarTool( "cartman", "pass", "pass", export: null, location: pathc, password: null, destination: pathi); Expect(result, Does.Contain(KeyczarTool.Localized.MsgExportedPem)); result = Util.KeyczarTool("cartman", "pass", importkey: null, location: pathc, status: "primary", password: null, importlocation: pathi); Expect(result, Does.Contain(KeyczarTool.Localized.MsgImportedNewKey)); var pathp = Path.Combine(pathc, "export"); result = Util.KeyczarTool( "cartman", pubkey: null, location: pathc, password: null, destination: pathp ); Expect(result, Does.Contain(KeyczarTool.Localized.MsgNewPublicKeySet)); var patho = Path.Combine(pathc, "1.out"); result = Util.KeyczarTool( "cartman", usekey: null, location: pathc, password: null, destination: patho, additionalArgs: new[] { input } ); using (var pks = KeySet.LayerSecurity( FileSystemKeySet.Creator(pathc), PbeKeySet.Creator(() => "cartman" /*hardcoding because this is a test*/))) using (var crypter = new Crypter(pks)) { Expect(pks.Metadata.Encrypted, Is.True); result = crypter.Decrypt((WebBase64)File.ReadAllText(patho)); Expect(result, Is.EqualTo(input)); } Directory.Delete(pathc, true); }
public override int Run(string[] remainingArguments) { var ret = 0; Crypter crypter = null; IKeySet ks = new FileSystemKeySet(_location); Func <string> prompt = CachedPrompt.Password(Util.PromptForPassword).Prompt; IDisposable dks = null; if (!String.IsNullOrWhiteSpace(_crypterLocation)) { if (_password) { var cks = KeySet.LayerSecurity(FileSystemKeySet.Creator(_crypterLocation), PbeKeySet.Creator(prompt) ); crypter = new Crypter(cks); dks = cks; } else { crypter = new Crypter(_crypterLocation); } ks = new EncryptedKeySet(ks, crypter); } else if (_password) { ks = new PbeKeySet(ks, prompt); } var d2ks = ks as IDisposable; using (crypter) using (dks) using (d2ks) using (var keySet = new MutableKeySet(ks)) { var pubKeySet = keySet.PublicKey(); if (pubKeySet != null) { using (pubKeySet) { IKeySetWriter writer = new FileSystemKeySetWriter(_destination, overwrite: false); if (pubKeySet.Save(writer)) { Console.WriteLine(Localized.MsgNewPublicKeySet); ret = 0; } else { ret = -1; } } } else { ret = -1; } } return(ret); }
public void CreateSignAndPublicSized(string keyType, string topDir, string nestDir) { KeyType type = keyType; topDir += "-sizes"; var kspath = Util.TestDataPath(WRITE_DATA, topDir, nestDir); var writer = new FileSystemKeySetWriter(kspath, overwrite: true); using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.SignAndVerify)) { var success = ks.Save(writer); Expect(success, Is.True); } int i = 0; foreach (int size in type.KeySizeOptions) { if (Util.IsSizeTooSlow(size)) { break; } i++; using (var ks = new MutableKeySet(kspath)) { var ver = ks.AddKey(KeyStatus.Primary, size, type: type); Expect(ver, Is.EqualTo(i)); var success = ks.Save(writer); Expect(success, Is.True); } using (var ks = new FileSystemKeySet(kspath)) using (var signer = new Signer(ks)) using (var jwtSigner = new JwtSigner(ks)) { var ciphertext = signer.Sign(input); File.WriteAllText(Path.Combine(kspath, $"{size}.out"), ciphertext); var key = ks.GetPrimaryKey(); if (Jwt.AlgForKey(key) != null) { var token = jwtSigner.SignCompact(JObject.Parse(jsonInput)); File.WriteAllText(Path.Combine(kspath, $"{size}.jwt"), token); } } } if (type.Asymmetric) { var kspath2 = Util.TestDataPath(WRITE_DATA, topDir + ".public", nestDir); var writer2 = new FileSystemKeySetWriter(kspath2, overwrite: true); using (var ks = new MutableKeySet(kspath)) { var pubKs = ks.PublicKey(); var success = pubKs.Save(writer2); Expect(success, Is.True); } } }