private void VerifyTimestampData(
ISigningTestServer testServer,
TimestampService timestampService,
Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData)
{
using (testServer.RegisterResponder(timestampService))
{
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "peach");
var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
SigningSpecifications.V1,
messageHash,
timestampHashAlgorithm,
SignaturePlacement.PrimarySignature);
verifyTimestampData(timestampProvider, request);
}
}
}
private void VerifyTimestampData(
ISigningTestServer testServer,
TimestampService timestampService,
Action <Rfc3161TimestampProvider, TimestampRequest> verifyTimestampData)
{
using (testServer.RegisterResponder(timestampService))
{
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
using (var certificate = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var content = Encoding.UTF8.GetBytes("peach");
var signedCms = SigningTestUtility.GenerateSignedCms(certificate, content);
var request = new TimestampRequest()
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signedCms.Encode()
};
verifyTimestampData(timestampProvider, request);
}
}
}
public async Task GetTimestamp_WithValidInput_ReturnsTimestamp()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var primarySignature = PrimarySignature.Load(signedCms.Encode());
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signatureValue = primarySignature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Act
var timestampedCms = timestampProvider.GetTimestamp(request, logger, CancellationToken.None);
// Assert
timestampedCms.Should().NotBeNull();
timestampedCms.Detached.Should().BeFalse();
timestampedCms.ContentInfo.Should().NotBeNull();
timestampedCms.SignerInfos.Count.Should().Be(1);
}
}
public async Task GetTimestamp_WhenCancelled_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Act
Action timestampAction = () => timestampProvider.GetTimestamp(request, logger, new CancellationToken(canceled: true));
// Assert
timestampAction.ShouldThrow <OperationCanceledException>()
.WithMessage(_operationCancelledExceptionMessage);
}
}
public async Task TimestampData_WithValidInput_ReturnsTimestamp()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signatureValue
};
// Act
var timestampedData = timestampProvider.TimestampData(request, logger, CancellationToken.None);
var timestampedCms = new SignedCms();
timestampedCms.Decode(timestampedData);
// Assert
timestampedData.Should().NotBeNull();
timestampedCms.Should().NotBeNull();
timestampedCms.Detached.Should().BeFalse();
timestampedCms.ContentInfo.Should().NotBeNull();
timestampedCms.SignerInfos.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttribute);
}
}
public async Task TimestampData_WhenRequestNull_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var authorCertName = "*****@*****.**";
var data = "Test data to be signed and timestamped";
Action <X509V3CertificateGenerator> modifyGenerator = delegate(X509V3CertificateGenerator gen)
{
gen.SetNotBefore(DateTime.MinValue);
gen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromDays(1))); // cert has expired
};
using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signatureValue
};
// Act
Action timestampAction = () => timestampProvider.TimestampData(null, logger, CancellationToken.None);
// Assert
timestampAction.ShouldThrow <ArgumentNullException>()
.WithMessage(string.Format(_argumentNullExceptionMessage, nameof(request)));
}
}
public async Task TimestampData_WhenCancelled_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
Signature = signatureValue
};
// Act
Action timestampAction = () => timestampProvider.TimestampData(request, logger, new CancellationToken(canceled: true));
// Assert
timestampAction.ShouldThrow <OperationCanceledException>()
.WithMessage(_operationCancelledExceptionMessage);
}
}
public async Task GetTimestampAsync_WhenLoggerNull_ThrowsAsync()
{
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Assert
var exception = await Assert.ThrowsAsync <ArgumentNullException>(
() => timestampProvider.GetTimestampAsync(request, logger: null, CancellationToken.None));
Assert.Equal("logger", exception.ParamName);
Assert.StartsWith("Value cannot be null.", exception.Message);
}
}
public void Rfc3161TimestampProvider_Failure_Cancelled()
{
// Arrange
var logger = new TestLogger();
var timestampProvider = new Rfc3161TimestampProvider(new Uri(_testTimestampServer));
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
Certificate = authorCert,
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
SignatureValue = signatureValue
};
// Act
Action timestampAction = () => timestampProvider.TimestampData(request, logger, new CancellationToken(canceled: true));
// Assert
timestampAction.ShouldThrow <OperationCanceledException>()
.WithMessage(_operationCancelledExceptionMessage);
}
}
public async Task TimestampSignatureAsync_TimestampingPrimarySignature_Succeds()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var signatureContent = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, signatureContent.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
SigningSpecifications.V1,
messageHash,
timestampHashAlgorithm,
SignaturePlacement.PrimarySignature);
// Act
var primarySignature = await timestampProvider.TimestampSignatureAsync(signature, request, logger, CancellationToken.None);
// Assert
primarySignature.Should().NotBeNull();
primarySignature.SignedCms.Should().NotBeNull();
primarySignature.SignerInfo.Should().NotBeNull();
primarySignature.SignerInfo.UnsignedAttributes.Count.Should().BeGreaterOrEqualTo(1);
var hasTimestampUnsignedAttribute = false;
var timestampCms = new SignedCms();
foreach (var attr in primarySignature.SignerInfo.UnsignedAttributes)
{
if (string.Compare(attr.Oid.Value, Oids.SignatureTimeStampTokenAttribute, CultureInfo.CurrentCulture, CompareOptions.Ordinal) == 0)
{
hasTimestampUnsignedAttribute = true;
timestampCms.Decode(attr.Values[0].RawData);
}
}
hasTimestampUnsignedAttribute.Should().BeTrue();
timestampCms.CheckSignature(verifySignatureOnly: true);
}
}
public async Task GetTimestamp_WhenRequestNull_Throws()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var authorCertName = "*****@*****.**";
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
Action <X509V3CertificateGenerator> modifyGenerator = delegate(X509V3CertificateGenerator gen)
{
gen.SetNotBefore(DateTime.MinValue);
gen.SetNotBefore(DateTime.UtcNow.Subtract(TimeSpan.FromDays(1))); // cert has expired
};
using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Act
Action timestampAction = () => timestampProvider.GetTimestamp(null, logger, CancellationToken.None);
// Assert
timestampAction.ShouldThrow <ArgumentNullException>()
.WithMessage(string.Format(_argumentNullExceptionMessage, nameof(request)));
}
}
public async Task GetTimestampAsync_WhenRequestNull_ThrowsAsync()
{
var logger = new TestLogger();
var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var authorCertName = "*****@*****.**";
var content = new SignatureContent(SigningSpecifications.V1, Common.HashAlgorithmName.SHA256, "Test data to be signed and timestamped");
Action <TestCertificateGenerator> modifyGenerator = delegate(TestCertificateGenerator gen)
{
gen.NotBefore = DateTime.UtcNow.Subtract(TimeSpan.FromDays(1)); // cert has expired
};
using (var authorCert = SigningTestUtility.GenerateCertificate(authorCertName, modifyGenerator: modifyGenerator))
{
var timestampHashAlgorithm = Common.HashAlgorithmName.SHA256;
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, content.GetBytes());
var signature = PrimarySignature.Load(signedCms.Encode());
var signatureValue = signature.GetSignatureValue();
var messageHash = timestampHashAlgorithm.ComputeHash(signatureValue);
var request = new TimestampRequest(
signingSpecifications: SigningSpecifications.V1,
hashedMessage: messageHash,
hashAlgorithm: timestampHashAlgorithm,
target: SignaturePlacement.PrimarySignature
);
// Assert
var exception = await Assert.ThrowsAsync <ArgumentNullException>(
() => timestampProvider.GetTimestampAsync(request: null, logger, CancellationToken.None));
Assert.Equal("request", exception.ParamName);
Assert.StartsWith("Value cannot be null.", exception.Message);
}
}
public async Task TimestampData_WhenTimestampSigningCertificateRevoked_Throws()
{
var testServer = await _testFixture.GetSigningTestServerAsync();
var certificateAuthority = await _testFixture.GetDefaultTrustedCertificateAuthorityAsync();
var timestampService = TimestampService.Create(certificateAuthority);
certificateAuthority.Revoke(timestampService.Certificate, CrlReason.KeyCompromise, DateTimeOffset.UtcNow);
using (testServer.RegisterResponder(timestampService))
{
var logger = new TestLogger();
var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
SignatureValue = signatureValue
};
var exception = Assert.Throws <TimestampException>(
() => timestampProvider.TimestampData(request, logger, CancellationToken.None));
Assert.Equal(
"The timestamp service's certificate chain could not be built: The certificate is revoked.",
exception.Message);
}
}
}
public void Rfc3161TimestampProvider_Success()
{
// Arrange
var logger = new TestLogger();
var timestampProvider = new Rfc3161TimestampProvider(new Uri(_testTimestampServer));
var data = "Test data to be signed and timestamped";
using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
{
var signedCms = SigningTestUtility.GenerateSignedCms(authorCert, Encoding.ASCII.GetBytes(data));
var signatureValue = signedCms.Encode();
var request = new TimestampRequest
{
Certificate = authorCert,
SigningSpec = SigningSpecifications.V1,
TimestampHashAlgorithm = Common.HashAlgorithmName.SHA256,
SignatureValue = signatureValue
};
// Act
var timestampedData = timestampProvider.TimestampData(request, logger, CancellationToken.None);
var timestampedCms = new SignedCms();
timestampedCms.Decode(timestampedData);
// Assert
timestampedData.Should().NotBeNull();
timestampedCms.Should().NotBeNull();
timestampedCms.Detached.Should().BeFalse();
timestampedCms.ContentInfo.Should().NotBeNull();
timestampedCms.Certificates.Count.Should().Be(1);
timestampedCms.SignerInfos.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1);
timestampedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttributeOid);
}
}