private static AS4EncryptedKey GetEncryptedKey(
byte[] symmetricKey,
KeyEncryptionConfiguration keyEncryptionConfig)
{
return
(AS4EncryptedKey.CreateEncryptedKeyBuilderForKey(symmetricKey, keyEncryptionConfig)
.Build());
}
public void ThenCreateAS4EncryptedKeySucceeds()
{
byte[] encryptionKey = GenerateEncryptionKey();
AS4EncryptedKey key =
AS4EncryptedKey.CreateEncryptedKeyBuilderForKey(encryptionKey, new KeyEncryptionConfiguration(GetCertificate())).Build();
Assert.Equal(EncryptionStrategy.XmlEncRSAOAEPUrlWithMgf, key.GetEncryptionAlgorithm());
Assert.Equal(EncryptionStrategy.XmlEncSHA256Url, key.GetDigestAlgorithm());
}
public void ThenLoadEncryptedKeySucceeds()
{
// Arrange
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(Properties.Resources.as4_encrypted_envelope);
// Act
AS4EncryptedKey as4EncryptedKey = AS4EncryptedKey.LoadFromXmlDocument(xmlDocument);
// Assert
Assert.Equal("EK-501d4b2b-5d8459ed-c0c0-45a5-a0c4-4bde7cf06a38", as4EncryptedKey.GetReferenceId());
}
/// <summary>
/// Decrypts the <see cref="AS4Message"/>, replacing the encrypted content with the decrypted content.
/// </summary>
public void DecryptMessage()
{
IEnumerable <EncryptedData> encryptedDatas =
new EncryptedDataSerializer(_soapEnvelope).SerializeEncryptedDatas();
var as4EncryptedKey = AS4EncryptedKey.LoadFromXmlDocument(_soapEnvelope);
byte[] key = DecryptEncryptedKey(as4EncryptedKey, _certificate);
foreach (EncryptedData encryptedData in encryptedDatas)
{
DecryptEncryptedData(encryptedData, key);
}
}
/// <summary>
/// Encrypts the <see cref="AS4Message"/> and its attachments.
/// </summary>
public void EncryptMessage()
{
_encryptedDatas.Clear();
byte[] encryptionKey = GenerateSymmetricKey(_dataEncryptionConfig.AlgorithmKeySize);
AS4EncryptedKey as4EncryptedKey = GetEncryptedKey(encryptionKey, _keyEncryptionConfig);
_as4EncryptedKey = as4EncryptedKey;
using (SymmetricAlgorithm encryptionAlgorithm =
CreateSymmetricAlgorithm(_dataEncryptionConfig.EncryptionMethod, encryptionKey))
{
EncryptAttachmentsWithAlgorithm(as4EncryptedKey, encryptionAlgorithm);
}
}
private void EncryptAttachmentsWithAlgorithm(
AS4EncryptedKey encryptedKey,
SymmetricAlgorithm encryptionAlgorithm)
{
foreach (Attachment attachment in _attachments)
{
Stream encrypted = EncryptData(attachment.Content, encryptionAlgorithm);
EncryptedData encryptedData = CreateEncryptedDataForAttachment(attachment, encryptedKey);
_encryptedDatas.Add(encryptedData);
encryptedKey.AddDataReference(encryptedData.Id);
attachment.UpdateContent(encrypted, "application/octet-stream");
}
}
public void ThenGetReferenceIdSucceeds(string id)
{
// Arrange
var encryptedKey = new EncryptedKey {
Id = id
};
AS4EncryptedKey as4EncryptedKey = AS4EncryptedKey.FromEncryptedKey(encryptedKey);
// Act
string referenceId = as4EncryptedKey.GetReferenceId();
// Assert
Assert.Equal(id, referenceId);
}
public void ThenCreateCorrectEncoding()
{
// Arrange
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(Properties.Resources.EncryptedKeyWithMGFSpec);
AS4EncryptedKey as4EncryptedKey = AS4EncryptedKey.LoadFromXmlDocument(xmlDocument);
// Act
OaepEncoding encoding = EncodingFactory.Instance.Create(
as4EncryptedKey.GetDigestAlgorithm(),
as4EncryptedKey.GetMaskGenerationFunction());
// Assert
AssertMgf1Hash(encoding, "SHA-256");
}
public void ThenGetCipherDataSucceeds()
{
// Arrange
var cipherData = new CipherData {
CipherValue = new byte[] { 20 }
};
var encryptedKey = new EncryptedKey {
CipherData = cipherData
};
AS4EncryptedKey as4EncryptedKey = AS4EncryptedKey.FromEncryptedKey(encryptedKey);
// Act
CipherData as4CipherData = as4EncryptedKey.GetCipherData();
// Assert
Assert.Equal(cipherData, as4CipherData);
}
public void ThenAppendEncryptedKeySucceeds()
{
// Arrange
var xmlDocument = new XmlDocument();
xmlDocument.LoadXml(Properties.Resources.as4_encrypted_envelope);
AS4EncryptedKey as4EncryptedKey = AS4EncryptedKey.LoadFromXmlDocument(xmlDocument);
xmlDocument = new XmlDocument();
XmlElement securityElement = xmlDocument.CreateElement(
"wsse",
"Security",
Constants.Namespaces.WssSecuritySecExt);
// Act
as4EncryptedKey.AppendEncryptedKey(securityElement);
// Assert
Assert.Equal("EncryptedKey", securityElement.FirstChild.LocalName);
}
public void ThenCreateAS4EncryptedKeySucceeds(string algorithm, string digest, string mgf)
{
byte[] encryptionKey = GenerateEncryptionKey();
var keyEncryption = new KeyEncryption
{
TransportAlgorithm = algorithm,
DigestAlgorithm = digest,
MgfAlgorithm = mgf
};
var keyEncryptionConfiguration = new KeyEncryptionConfiguration(GetCertificate(), keyEncryption);
AS4EncryptedKey key =
AS4EncryptedKey.CreateEncryptedKeyBuilderForKey(encryptionKey, keyEncryptionConfiguration)
.Build();
Assert.Equal(algorithm, key.GetEncryptionAlgorithm());
Assert.Equal(digest, key.GetDigestAlgorithm());
Assert.Equal(mgf, key.GetMaskGenerationFunction());
}
private static byte[] DecryptEncryptedKey(AS4EncryptedKey encryptedKey, X509Certificate2 certificate)
{
OaepEncoding encoding = EncodingFactory.Instance
.Create(encryptedKey.GetDigestAlgorithm(), encryptedKey.GetMaskGenerationFunction());
// We do not look at the KeyInfo element in here, but rather decrypt it with the certificate provided as argument.
// Call GetRSAPrivateKey to avoid KeySet does not exist exceptions that might be thrown.
RSA privateKey = certificate.GetRSAPrivateKey();
if (privateKey == null)
{
throw new CryptographicException("The decryption certificate does not contain a private key.");
}
AsymmetricCipherKeyPair encryptionCertificateKeyPair =
DotNetUtilities.GetRsaKeyPair(privateKey);
encoding.Init(false, encryptionCertificateKeyPair.Private);
CipherData cipherData = encryptedKey.GetCipherData();
return(encoding.ProcessBlock(
inBytes: cipherData.CipherValue, inOff: 0, inLen: cipherData.CipherValue.Length));
}
private EncryptedData CreateEncryptedDataForAttachment(Attachment attachment, AS4EncryptedKey encryptedKey)
{
return(new EncryptedDataBuilder()
.WithDataEncryptionConfiguration(_dataEncryptionConfig)
.WithMimeType(attachment.ContentType)
.WithEncryptionKey(encryptedKey)
.WithUri(attachment.Id)
.Build());
}
public EncryptedDataBuilder WithEncryptionKey(AS4EncryptedKey encryptionKey)
{
_encryptionKey = encryptionKey;
return(this);
}
