public static void CreateFromValue(string testDataName, bool viaTry)
{
TimestampTokenTestData testData = TimestampTokenTestData.GetTestData(testDataName);
ValidateTokenInfo(
testData.TokenInfoBytes,
testData,
viaTry ? testData.TokenInfoBytes.Length : (int?)null);
}
public static void ParseDocument_ExcessData(string testDataName)
{
TimestampTokenTestData testData = TimestampTokenTestData.GetTestData(testDataName);
int baseLen = testData.FullTokenBytes.Length;
byte[] tooMuchData = new byte[baseLen + 30];
testData.FullTokenBytes.CopyTo(tooMuchData);
// Look like an octet string of the remainder of the payload. Should be ignored.
tooMuchData[baseLen] = 0x04;
tooMuchData[baseLen + 1] = 28;
TestParseDocument(tooMuchData, testData, baseLen);
}
private static void ValidateTokenInfo(
ReadOnlyMemory <byte> tokenInfoBytes,
TimestampTokenTestData testData,
int?lengthFromTry)
{
Rfc3161TimestampTokenInfo tokenInfo;
Assert.True(
Rfc3161TimestampTokenInfo.TryDecode(tokenInfoBytes, out tokenInfo, out int bytesRead),
"Rfc3161TimestampTokenInfo.TryDecode");
Assert.NotNull(tokenInfo);
if (lengthFromTry != null)
{
Assert.Equal(lengthFromTry.Value, bytesRead);
}
AssertEqual(testData, tokenInfo);
}
public static void CreateFromParameters(string testDataName)
{
TimestampTokenTestData testData = TimestampTokenTestData.GetTestData(testDataName);
Oid policyId = new Oid(testData.PolicyId, testData.PolicyId);
Oid hashAlgorithmOid = new Oid(testData.HashAlgorithmId);
byte[] messageHash = testData.HashBytes.ToArray();
byte[] serial = testData.SerialNumberBytes.ToArray();
DateTimeOffset nonUtcTimestamp = testData.Timestamp.ToOffset(TimeSpan.FromHours(-8));
long? accuracyMicrosec = testData.AccuracyInMicroseconds;
byte[] nonce = testData.NonceBytes?.ToArray();
byte[] tsaNameBytes = testData.TsaNameBytes?.ToArray();
ReadOnlyMemory <byte>?nonceMemory = null;
ReadOnlyMemory <byte>?tsaMemory = null;
if (nonce != null)
{
nonceMemory = nonce;
}
if (tsaNameBytes != null)
{
tsaMemory = tsaNameBytes;
}
var tokenInfo = new Rfc3161TimestampTokenInfo(
policyId,
hashAlgorithmOid,
messageHash,
serial,
nonUtcTimestamp,
accuracyMicrosec,
testData.IsOrdering,
nonceMemory,
tsaMemory);
// Since AssertEqual will check all the fields the remaining checks in this method are about
// input/output value/reference associations.
AssertEqual(testData, tokenInfo);
Assert.NotSame(policyId, tokenInfo.PolicyId);
Assert.NotSame(hashAlgorithmOid, tokenInfo.HashAlgorithmId);
Assert.Equal(nonUtcTimestamp, tokenInfo.Timestamp);
Assert.Equal(TimeSpan.Zero, tokenInfo.Timestamp.Offset);
Assert.Equal(messageHash.ByteArrayToHex(), tokenInfo.GetMessageHash().ByteArrayToHex());
// Detached from the original data
messageHash[0] ^= 0xFF;
Assert.NotEqual(messageHash.ByteArrayToHex(), tokenInfo.GetMessageHash().ByteArrayToHex());
Assert.Equal(serial.ByteArrayToHex(), tokenInfo.GetSerialNumber().ByteArrayToHex());
// Detached from the original data
serial[1] ^= 0xFF;
Assert.NotEqual(serial.ByteArrayToHex(), tokenInfo.GetSerialNumber().ByteArrayToHex());
if (nonce != null)
{
ReadOnlyMemory <byte>?tokenNonce = tokenInfo.GetNonce();
Assert.True(tokenNonce.HasValue, "tokenInfo.GetNonce().HasValue");
Assert.Equal(nonce.ByteArrayToHex(), tokenNonce.Value.ByteArrayToHex());
// Detached from the original data
nonce[0] ^= 0xFF;
Assert.NotEqual(nonce.ByteArrayToHex(), tokenNonce.Value.ByteArrayToHex());
}
ReadOnlyMemory <byte>?nameFromToken = tokenInfo.GetTimestampAuthorityName();
if (tsaNameBytes != null)
{
Assert.True(nameFromToken.HasValue, "nameFromToken.HasValue");
Assert.Equal(tsaNameBytes.ByteArrayToHex(), nameFromToken.Value.ByteArrayToHex());
// Detached from the original data
tsaNameBytes[5] ^= 0xFF;
Assert.NotEqual(tsaNameBytes.ByteArrayToHex(), nameFromToken.Value.ByteArrayToHex());
}
if (testData.ExtensionsBytes == null)
{
Assert.False(tokenInfo.HasExtensions, "tokenInfo.HasExtensions");
Assert.NotNull(tokenInfo.GetExtensions());
Assert.Equal(0, tokenInfo.GetExtensions().Count);
// GetExtensions always returns a new collection.
Assert.NotSame(tokenInfo.GetExtensions(), tokenInfo.GetExtensions());
}
else
{
Assert.True(tokenInfo.HasExtensions, "tokenInfo.HasExtensions");
Assert.NotNull(tokenInfo.GetExtensions());
Assert.True(false, "A test handler has been written for extensions...");
// GetExtensions always returns a new collection.
Assert.NotSame(tokenInfo.GetExtensions(), tokenInfo.GetExtensions());
}
// Because the token is DER encoded, we should produce byte-for-byte the same value.
Assert.Equal(testData.TokenInfoBytes.ByteArrayToHex(), tokenInfo.Encode().ByteArrayToHex());
}
private static void TestParseDocument(
ReadOnlyMemory <byte> tokenBytes,
TimestampTokenTestData testData,
int?expectedBytesRead)
{
int bytesRead;
Rfc3161TimestampToken token;
Assert.True(
Rfc3161TimestampToken.TryDecode(tokenBytes, out token, out bytesRead),
"Rfc3161TimestampToken.TryDecode");
if (expectedBytesRead != null)
{
Assert.Equal(expectedBytesRead.Value, bytesRead);
}
Assert.NotNull(token);
TimestampTokenInfoTests.AssertEqual(testData, token.TokenInfo);
SignedCms signedCms = token.AsSignedCms();
Assert.NotNull(signedCms);
Assert.Equal(Oids.TstInfo, signedCms.ContentInfo.ContentType.Value);
Assert.Equal(
testData.TokenInfoBytes.ByteArrayToHex(),
signedCms.ContentInfo.Content.ByteArrayToHex());
if (testData.EmbeddedSigningCertificate != null)
{
Assert.NotNull(signedCms.SignerInfos[0].Certificate);
Assert.Equal(
testData.EmbeddedSigningCertificate.Value.ByteArrayToHex(),
signedCms.SignerInfos[0].Certificate.RawData.ByteArrayToHex());
// Assert.NoThrow
signedCms.CheckSignature(true);
}
else
{
Assert.Null(signedCms.SignerInfos[0].Certificate);
using (var signerCert = new X509Certificate2(testData.ExternalCertificateBytes))
{
// Assert.NoThrow
signedCms.CheckSignature(
new X509Certificate2Collection(signerCert),
true);
}
}
X509Certificate2 returnedCert;
ReadOnlySpan <byte> messageContentSpan = testData.MessageContent.Span;
X509Certificate2Collection candidates = null;
if (testData.EmbeddedSigningCertificate != null)
{
Assert.True(
token.VerifySignatureForData(messageContentSpan, out returnedCert),
"token.VerifySignatureForData(correct)");
Assert.NotNull(returnedCert);
Assert.Equal(signedCms.SignerInfos[0].Certificate, returnedCert);
}
else
{
candidates = new X509Certificate2Collection
{
new X509Certificate2(testData.ExternalCertificateBytes),
};
Assert.False(
token.VerifySignatureForData(messageContentSpan, out returnedCert),
"token.VerifySignatureForData(correct, no cert)");
Assert.Null(returnedCert);
Assert.True(
token.VerifySignatureForData(messageContentSpan, out returnedCert, candidates),
"token.VerifySignatureForData(correct, certs)");
Assert.NotNull(returnedCert);
Assert.Equal(candidates[0], returnedCert);
}
X509Certificate2 previousCert = returnedCert;
Assert.False(
token.VerifySignatureForData(messageContentSpan.Slice(1), out returnedCert, candidates),
"token.VerifySignatureForData(incorrect)");
Assert.Null(returnedCert);
byte[] messageHash = testData.HashBytes.ToArray();
Assert.False(
token.VerifySignatureForHash(messageHash, HashAlgorithmName.MD5, out returnedCert, candidates),
"token.VerifyHash(correct, MD5)");
Assert.Null(returnedCert);
Assert.False(
token.VerifySignatureForHash(messageHash, new Oid(Oids.Md5), out returnedCert, candidates),
"token.VerifyHash(correct, Oid(MD5))");
Assert.Null(returnedCert);
Assert.True(
token.VerifySignatureForHash(messageHash, new Oid(testData.HashAlgorithmId), out returnedCert, candidates),
"token.VerifyHash(correct, Oid(algId))");
Assert.NotNull(returnedCert);
Assert.Equal(previousCert, returnedCert);
messageHash[0] ^= 0xFF;
Assert.False(
token.VerifySignatureForHash(messageHash, new Oid(testData.HashAlgorithmId), out returnedCert, candidates),
"token.VerifyHash(incorrect, Oid(algId))");
Assert.Null(returnedCert);
}
public static void ParseDocument(string testDataName)
{
TimestampTokenTestData testData = TimestampTokenTestData.GetTestData(testDataName);
TestParseDocument(testData.FullTokenBytes, testData, testData.FullTokenBytes.Length);
}
