public void kgss()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/kgss.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Full, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
}
public void Bob2()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/Bob2_public_key.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.IssuerTrustUnknown));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.RevocationStatusUnknown));
}
public void ValidButScrambledDN()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/valid_but_scrambledDN.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage));
}
public void NotYetAuth()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/not_yet_auth.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid));
}
public void MixedKeyAlgorithm()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_key_algorithm.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeyType)); //this is why it is invailid, not because of the key type
}
public void InvalidKeySize()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_key_size.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
//This is no longer the case because we allow eID with 1024 bit keys.
//Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
}
public void InvalidEncKeyUsage()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_encrkey_usage.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage));
}
public void ExpiredEnc()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/expired_encr.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid));
}
public void DifferentDN()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/auth_and_encr_not_same_DN.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.HasNotPermittedNameConstraint));
}