public static CardManager GetManagerWithConstAccessTokenProvider(ConstAccessTokenProvider constAccessTokenProvider)
{
Func <RawSignedModel, Task <RawSignedModel> > signCallBackFunc = async(model) =>
{
var response = await EmulateServerResponseToSignByAppRequest(model.ExportAsString());
return(RawSignedModelUtils.GenerateFromString(response));
};
var validator = new VirgilCardVerifier(new VirgilCardCrypto())
{
VerifySelfSignature = true, VerifyVirgilSignature = true
};
validator.ChangeServiceCreds(AppSettings.ServicePublicKeyDerBase64);
var manager = new CardManager(new CardManagerParams()
{
CardCrypto = CardCrypto,
ApiUrl = AppSettings.CardsServiceAddress,
AccessTokenProvider = constAccessTokenProvider,
SignCallBack = signCallBackFunc,
Verifier = validator
});
return(manager);
}
public void Verifier_Should_VerifyCard_IfCardHasAtLeastOneSignatureFromWhitelist()
{
//STC-10
var rawSignedModel = faker.PredefinedRawSignedModel(null, true, true, false);
var signer = new ModelSigner(new VirgilCardCrypto());
var crypto = new VirgilCrypto();
var keyPair = crypto.GenerateKeys();
signer.Sign(rawSignedModel, new SignParams()
{
SignerPrivateKey = keyPair.PrivateKey,
Signer = "extra"
});
var creds = new VerifierCredentials()
{
PublicKeyBase64 = Bytes.ToString(crypto.ExportPublicKey(keyPair.PublicKey),
StringEncoding.BASE64), Signer = "extra"
};
var cardManager = faker.CardManager();
var card = cardManager.ImportCardFromJson(rawSignedModel.ExportAsJson());
var verifier = new VirgilCardVerifier(new VirgilCardCrypto())
{
VerifySelfSignature = true,
VerifyVirgilSignature = true,
};
var vrigilPublicKeyBytes = new VirgilCrypto().ExportPublicKey(faker.PredefinedVirgilKeyPair().PublicKey);
verifier.ChangeServiceCreds(
Bytes.ToString(vrigilPublicKeyBytes, StringEncoding.BASE64)
);
var whiteList = new Whitelist()
{
VerifiersCredentials = new List <VerifierCredentials>()
{
creds,
faker.VerifierCredentialAndSignature("extra").Item1
}
};
verifier.Whitelists = new List <Whitelist>()
{
whiteList
};
Assert.IsTrue(verifier.VerifyCard(card));
}
public void Validate_Should_ValidateByAppSign()
{
var crypto = new VirgilCrypto();
var validator = new VirgilCardVerifier(new VirgilCardCrypto());
var vrigilPublicKeyBytes = crypto.ExportPublicKey(faker.PredefinedVirgilKeyPair().PublicKey);
validator.ChangeServiceCreds(
Bytes.ToString(vrigilPublicKeyBytes, StringEncoding.BASE64)
);
var appKeyPair = crypto.GenerateKeys();
var appPublicKey = Bytes.ToString(crypto.ExportPublicKey(crypto.ExtractPublicKey(appKeyPair.PrivateKey)),
StringEncoding.BASE64);
var list = new List <VerifierCredentials>
{
new VerifierCredentials()
{
Signer = "my_app", PublicKeyBase64 = appPublicKey
}
};
//validator.Whitelist = list;
var keypair = crypto.GenerateKeys();
var cardCrypto = new VirgilCardCrypto();
/* var csr = CSR.Generate(cardCrypto, new CardParams
* {
* Identity = "some_identity",
* PublicKey = crypto.ExtractPublicKey(keypair.PrivateKey),
* PrivateKey = keypair.PrivateKey
* });
*
*
* csr.Sign(cardCrypto, new ExtendedSignParams
* {
* SignerId = "",
* SignerType = SignerType.App.ToLowerString(),
* SignerPrivateKey = appKeyPair.PrivateKey
* });
*
* var card = CardUtils.Parse(cardCrypto, csr.RawSignedModel);
*
* var result = validator.VerifyCard(card);
* result.Should().BeTrue();*/
}
public void Verifier_ShouldNot_VerifyCard_IfVerifierHasEmptyWhitelist()
{
//STC-10
var rawSignedModel = faker.PredefinedRawSignedModel(null, true, true, false);
var cardManager = faker.CardManager();
var card = cardManager.ImportCardFromJson(rawSignedModel.ExportAsJson());
var verifier = new VirgilCardVerifier(new VirgilCardCrypto())
{
VerifySelfSignature = true,
VerifyVirgilSignature = true,
Whitelists = new List <Whitelist>()
{
new Whitelist()
}
};
var vrigilPublicKeyBytes = new VirgilCrypto().ExportPublicKey(faker.PredefinedVirgilKeyPair().PublicKey);
verifier.ChangeServiceCreds(
Bytes.ToString(vrigilPublicKeyBytes, StringEncoding.BASE64)
);
Assert.IsFalse(verifier.VerifyCard(card));
}
public async System.Threading.Tasks.Task Prepair_TestDataAsync()
{
var model = faker.PredefinedRawSignedModel();
var fullModel = faker.PredefinedRawSignedModel(
"a666318071274adb738af3f67b8c7ec29d954de2cabfd71a942e6ea38e59fff9",
true, true, true);
var data = new Dictionary <string, string>
{
{ "STC-1.as_string", model.ExportAsString() },
{ "STC-1.as_json", model.ExportAsJson() },
{ "STC-2.as_string", fullModel.ExportAsString() },
{ "STC-2.as_json", fullModel.ExportAsJson() }
};
var cardManager = faker.CardManager();
var card = cardManager.ImportCardFromString(model.ExportAsString());
var crypto = new VirgilCrypto();
data.Add("STC-3.as_string", cardManager.ExportCardAsString(card));
data.Add("STC-3.as_json", cardManager.ExportCardAsJson(card));
data.Add("STC-3.card_id", card.Id);
data.Add("STC-3.public_key_base64", Bytes.ToString(crypto.ExportPublicKey(card.PublicKey), StringEncoding.BASE64));
fullModel = faker.PredefinedRawSignedModel(null, true, true, true);
var fullCard = cardManager.ImportCardFromString(fullModel.ExportAsString());
data.Add("STC-4.as_string", cardManager.ExportCardAsString(fullCard));
data.Add("STC-4.as_json", cardManager.ExportCardAsJson(fullCard));
data.Add("STC-4.card_id", fullCard.Id);
data.Add("STC-4.public_key_base64", Bytes.ToString(crypto.ExportPublicKey(fullCard.PublicKey),
StringEncoding.BASE64));
foreach (var signature in fullCard.Signatures)
{
data.Add($"STC-4.signature_{signature.Signer}_base64", Bytes.ToString(signature.Signature,
StringEncoding.BASE64));
}
string apiPublicKeyId;
string apiPublicKeyBase64;
var(token, jwtGenerator) = faker.PredefinedToken(
new VirgilAccessTokenSigner(),
TimeSpan.FromMinutes(10),
out apiPublicKeyId,
out apiPublicKeyBase64);
data.Add("STC-22.jwt", token.ToString());
data.Add("STC-22.api_public_key_base64", apiPublicKeyBase64);
data.Add("STC-22.api_key_id", apiPublicKeyId);
data.Add("STC-23.api_public_key_base64", apiPublicKeyBase64);
data.Add("STC-23.api_key_id", apiPublicKeyId);
data.Add("STC-23.app_id", jwtGenerator.AppId);
data.Add("STC-23.api_private_key_base64", Bytes.ToString(
crypto.ExportPrivateKey(jwtGenerator.ApiKey), StringEncoding.BASE64));
// STC-10
var cardKeyPair = crypto.GenerateKeys();
var cardIdentity = faker.Random.AlphaNumeric(10);
var rawCardContent1 = new RawCardContent()
{
CreatedAt = DateTime.UtcNow,
Identity = cardIdentity,
PublicKey = crypto.ExportPublicKey(cardKeyPair.PublicKey),
Version = "5.0",
};
var rawSignedModel = new RawSignedModel()
{
ContentSnapshot = SnapshotUtils.TakeSnapshot(rawCardContent1)
};
var signer = new ModelSigner(new VirgilCardCrypto());
signer.SelfSign(rawSignedModel, cardKeyPair.PrivateKey);
var keyPair = crypto.GenerateKeys();
signer.Sign(rawSignedModel, new SignParams()
{
SignerPrivateKey = keyPair.PrivateKey,
Signer = "extra"
});
data.Add("STC-10.private_key1_base64", Bytes.ToString(
crypto.ExportPrivateKey(keyPair.PrivateKey), StringEncoding.BASE64));
var accessTokenGenerator = new JwtGenerator(
AppSettings.AppId,
IntegrationHelper.ApiPrivateKey(),
AppSettings.ApiPublicKeyId,
TimeSpan.FromMinutes(10),
new VirgilAccessTokenSigner()
);
var accessTokenProvider = Substitute.For <IAccessTokenProvider>();
accessTokenProvider.GetTokenAsync(Arg.Any <TokenContext>()).Returns(
accessTokenGenerator.GenerateToken(cardIdentity)
);
var validator = new VirgilCardVerifier(new VirgilCardCrypto())
{
VerifySelfSignature = true, VerifyVirgilSignature = true
};
validator.ChangeServiceCreds(AppSettings.ServicePublicKeyDerBase64);
var manager = new CardManager(new CardManagerParams()
{
CardCrypto = new VirgilCardCrypto(),
AccessTokenProvider = accessTokenProvider,
ApiUrl = AppSettings.CardsServiceAddress,
Verifier = validator
});
card = await manager.PublishCardAsync(rawSignedModel);
data.Add("STC-10.as_string", manager.ExportCardAsString(card));
// STC - 11
rawSignedModel = faker.PredefinedRawSignedModel(null, false, false, false);
data.Add("STC-11.as_string", rawSignedModel.ExportAsString());
// STC - 12
rawSignedModel = faker.PredefinedRawSignedModel(null, true, false, false);
data.Add("STC-12.as_string", rawSignedModel.ExportAsString());
// STC - 14
rawSignedModel = faker.PredefinedRawSignedModel(null, false, true, false);
data.Add("STC-14.as_string", rawSignedModel.ExportAsString());
// STC - 15
rawSignedModel = faker.PredefinedRawSignedModel(null, false, false, false);
keyPair = crypto.GenerateKeys();
signer.Sign(rawSignedModel, new SignParams()
{
SignerPrivateKey = keyPair.PrivateKey,
Signer = "self"
});
data.Add("STC-15.as_string", rawSignedModel.ExportAsString());
// STC - 16
rawSignedModel = faker.PredefinedRawSignedModel(null, true, true, false);
keyPair = crypto.GenerateKeys();
signer.Sign(rawSignedModel, new SignParams()
{
SignerPrivateKey = keyPair.PrivateKey,
Signer = "extra"
});
data.Add("STC-16.as_string", rawSignedModel.ExportAsString());
data.Add("STC-16.public_key1_base64", Bytes.ToString(
crypto.ExportPublicKey(keyPair.PublicKey), StringEncoding.BASE64));
// STC - 28
(token, jwtGenerator) = faker.PredefinedToken(
new VirgilAccessTokenSigner(),
TimeSpan.FromMinutes(2),
out apiPublicKeyId,
out apiPublicKeyBase64);
data.Add("STC-28.jwt", token.ToString());
data.Add("STC-28.jwt_identity", token.BodyContent.Identity);
data.Add("STC-28.jwt_app_id", token.BodyContent.AppId);
data.Add("STC-28.jw_issuer", token.BodyContent.Issuer);
data.Add("STC-28.jwt_subject", token.BodyContent.Subject);
data.Add("STC-28.jwt_additional_data", Configuration.Serializer.Serialize(token.BodyContent.AdditionalData));
data.Add("STC-28.jwt_expires_at", Configuration.Serializer.Serialize(token.BodyContent.ExpiresAt));
data.Add("STC-28.jwt_issued_at", Configuration.Serializer.Serialize(token.BodyContent.IssuedAt));
data.Add("STC-28.jwt_algorithm", token.HeaderContent.Algorithm);
data.Add("STC-28.jwt_api_key_id", token.HeaderContent.KeyId);
data.Add("STC-28.jwt_content_type", token.HeaderContent.ContentType);
data.Add("STC-28.jwt_type", token.HeaderContent.Type);
data.Add("STC-28.jwt_signature_base64", Bytes.ToString(token.SignatureData, StringEncoding.BASE64));
// STC - 29
(token, jwtGenerator) = faker.PredefinedToken(
new VirgilAccessTokenSigner(),
TimeSpan.FromDays(365),
out apiPublicKeyId,
out apiPublicKeyBase64);
data.Add("STC-29.jwt", token.ToString());
data.Add("STC-29.jwt_identity", token.BodyContent.Identity);
data.Add("STC-29.jwt_app_id", token.BodyContent.AppId);
data.Add("STC-29.jw_issuer", token.BodyContent.Issuer);
data.Add("STC-29.jwt_subject", token.BodyContent.Subject);
data.Add("STC-29.jwt_additional_data", Configuration.Serializer.Serialize(token.BodyContent.AdditionalData));
data.Add("STC-29.jwt_expires_at", Configuration.Serializer.Serialize(token.BodyContent.ExpiresAt));
data.Add("STC-29.jwt_issued_at", Configuration.Serializer.Serialize(token.BodyContent.IssuedAt));
data.Add("STC-29.jwt_algorithm", token.HeaderContent.Algorithm);
data.Add("STC-29.jwt_api_key_id", token.HeaderContent.KeyId);
data.Add("STC-29.jwt_content_type", token.HeaderContent.ContentType);
data.Add("STC-29.jwt_type", token.HeaderContent.Type);
data.Add("STC-29.jwt_signature_base64", Bytes.ToString(token.SignatureData, StringEncoding.BASE64));
// STC - 34
keyPair = crypto.GenerateKeys();
var rawCardContent = new RawCardContent()
{
CreatedAt = DateTime.UtcNow,
Identity = "test",
PublicKey = crypto.ExportPublicKey(keyPair.PublicKey),
Version = "5.0"
};
model = new RawSignedModel()
{
ContentSnapshot = SnapshotUtils.TakeSnapshot(rawCardContent)
};
signer.SelfSign(
model, keyPair.PrivateKey, new Dictionary <string, string>()
{
{ "info", "some_additional_info" }
}
);
data.Add("STC-34.private_key_base64", Bytes.ToString(
crypto.ExportPrivateKey(keyPair.PrivateKey), StringEncoding.BASE64));
data.Add("STC-34.public_key_base64", Bytes.ToString(
crypto.ExportPublicKey(keyPair.PublicKey), StringEncoding.BASE64));
data.Add("STC-34.self_signature_snapshot_base64",
Bytes.ToString(model.Signatures.First().Snapshot, StringEncoding.BASE64));
data.Add("STC-34.content_snapshot_base64",
Bytes.ToString(
SnapshotUtils.TakeSnapshot(rawCardContent), StringEncoding.BASE64));
data.Add("STC-34.as_string", model.ExportAsString());
System.IO.File.WriteAllText(AppSettings.OutputTestDataPath,
Configuration.Serializer.Serialize(data));
}
public async Task CardManager_Should_SendSecondRequestToCliet_IfTokenExpiredAndRetryOnUnauthorizedAsync()
{
// STC-26
var expiredJwtGenerator = new JwtGenerator(
AppSettings.AppId,
IntegrationHelper.ApiPrivateKey(),
AppSettings.ApiPublicKeyId,
TimeSpan.FromSeconds(1),
Substitute.For <VirgilAccessTokenSigner>());
var jwtGenerator = new JwtGenerator(
AppSettings.AppId,
IntegrationHelper.ApiPrivateKey(),
AppSettings.ApiPublicKeyId,
TimeSpan.FromMinutes(5),
new VirgilAccessTokenSigner()
);
var identity = faker.Random.AlphaNumeric(20);
var expiredToken = expiredJwtGenerator.GenerateToken(identity);
var accessTokenProvider = Substitute.For <IAccessTokenProvider>();
// suppose we have got expired token at the first attempt
// and we have got valid token at the second attempt
accessTokenProvider.GetTokenAsync(Arg.Any <TokenContext>()
).Returns(
args =>
((TokenContext)args[0]).ForceReload ?
jwtGenerator.GenerateToken(identity) :
expiredToken
);
var validator = new VirgilCardVerifier(new VirgilCardCrypto())
{
VerifySelfSignature = true, VerifyVirgilSignature = true
};
validator.ChangeServiceCreds(AppSettings.ServicePublicKeyDerBase64);
var manager = new CardManager(new CardManagerParams()
{
CardCrypto = new VirgilCardCrypto(),
AccessTokenProvider = accessTokenProvider,
ApiUrl = AppSettings.CardsServiceAddress,
RetryOnUnauthorized = true,
Verifier = validator
});
var keypair = new VirgilCrypto().GenerateKeys();
var card = await manager.PublishCardAsync(
new CardParams()
{
Identity = identity,
PublicKey = keypair.PublicKey,
PrivateKey = keypair.PrivateKey
});
Assert.NotNull(card);
var searchCard = await manager.SearchCardsAsync(identity);
Assert.AreEqual(searchCard.Count, 1);
var getCard = await manager.GetCardAsync(card.Id);
Assert.NotNull(getCard);
}
