public void kgss() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/kgss.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.Full, info.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus); }
public static void InitializeClass() { //Bob as decryption bobEtk = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk")); //Bob (and Alice) used for decryption alice = new EHealthP12("../../alice/alices_private_key_store.p12", "test"); bob = new EHealthP12("../../bob/bobs_private_key_store.p12", "test"); //create a tsa (fedict in this case) tsa = new Rfc3161TimestampProvider(); }
public void Bob2() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/Bob2_public_key.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.IssuerTrustUnknown)); Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.RevocationStatusUnknown)); }
public void ValidButScrambledDN() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/valid_but_scrambledDN.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer)); Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage)); }
public void NotYetAuth() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/not_yet_auth.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer)); Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid)); }
public void MixedKeyAlgorithm() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_key_algorithm.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer)); Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeyType)); //this is why it is invailid, not because of the key type }
public void InvalidKeySize() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_key_size.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus); Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize)); //This is no longer the case because we allow eID with 1024 bit keys. //Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize)); }
public void InvalidEncKeyUsage() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_encrkey_usage.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus); Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage)); }
public void ExpiredEnc() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/expired_encr.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus); Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid)); }
public void DifferentDN() { EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/auth_and_encr_not_same_DN.etk")); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus); Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus); Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.HasNotPermittedNameConstraint)); }
private X509Certificate2[] ConverToX509Certificates(EncryptionToken[] tokens) { X509Certificate2[] certs = new X509Certificate2[tokens.Length]; for (int i = 0; i < tokens.Length; i++) { certs[i] = tokens[i].ToCertificate(); } return certs; }
public void HudgeFile() { Random rand = new Random(); byte[] buffer = new byte[10240]; //10k blocks String file = Path.GetTempFileName(); FileStream hudgeFile = new FileStream(file, FileMode.Open); try { //Write random stuff into it, for 500 MB for (int i = 0; i < 51200; i++) { rand.NextBytes(buffer); hudgeFile.Write(buffer, 0, buffer.Length); } //Rest hudgeFile.Position = 0; //Get ETK EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk")); //Seal IDataSealer sealer = EhDataSealerFactory.Create(Level.B_Level, alice); Stream output = sealer.Seal(hudgeFile, receiver); hudgeFile.Position = 0; UnsealResult result; using (output) { //Unseal again IDataUnsealer unsealer = DataUnsealerFactory.Create(null, alice, bob); result = unsealer.Unseal(output); } Console.WriteLine(result.SecurityInformation.ToString()); //check the lenth and the first bytes Assert.AreEqual(hudgeFile.Length, result.UnsealedData.Length); Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte()); Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte()); Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte()); Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte()); Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte()); result.UnsealedData.Dispose(); } finally { hudgeFile.Close(); File.Delete(file); } }
private void Mixed(IDataSealer sealer, IDataUnsealer unsealer) { String str = "This is a secret message from Alice to everybody"; SecretKey key = new SecretKey("btSefztkXjZmlZyHQIumLA==", "aaUnRynIwd3GFQmhXfW+VQ=="); EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk")); Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), key, receiver1); UnsealResult result = unsealer.Unseal(output, key); Console.WriteLine(result.SecurityInformation.ToString()); MemoryStream stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.IsNull(result.SecurityInformation.Encryption.Subject); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); output.Position = 0; result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); }
private void Addressed(IDataSealer sealer, IDataUnsealer unsealer) { String str = "This is a secret message from Alice for Bob"; //Get ETK EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk")); //receiver.Verify(); Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), receiver); UnsealResult result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Close(); MemoryStream stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); //Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream)); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); }
public void MultiAddressed() { String str = "This is a secret message from Alice for Bob and Herself"; //Get ETK EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk")); EncryptionToken receiver2 = new EncryptionToken(Utils.ReadFully("../../alice/alices_public_key.etk")); IDataSealer sealer = EhDataSealerFactory.Create(Level.B_Level, alice); Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), receiver1, receiver2); IDataUnsealer unsealer = DataUnsealerFactory.Create(null, alice, bob); UnsealResult result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Position = 0; MemoryStream stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); unsealer = DataUnsealerFactory.Create(null, alice); result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Position = 0; stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); //Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream)); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(alice["1204544406096826217265"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); unsealer = DataUnsealerFactory.Create(null, bob); result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Position = 0; output.Close(); stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); //Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream)); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); }