public HsmCryptographerFailureTests()
{
var privateRedmondCerts = AgentTester.LoadPrivateCerts("redmond");
var publicRedmondCerts = AgentTester.LoadPublicCerts(
Path.Combine(AgentTester.MakeCertificatesPath(Directory.GetCurrentDirectory(), "redmond")));
var privateKryptiqCerts = AgentTester.LoadPrivateCerts("nhind");
m_softSenderCertWithoutKey = publicRedmondCerts.Single(c =>
c.Subject.Contains("redmond.hsgincubator.com"));
//
// Get a dual-use certificate for the hsm.DirectInt.Lab domain.
// This is used for cut over tests. Meaning the transition from soft to hardware stored keys.
//
m_dualUseCertWithPrivateKey = privateKryptiqCerts.Single(c =>
c.Subject.Contains("hsm.DirectInt.lab") &&
c.FindKeyUsageExtension()?.KeyUsages == (X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature));
var pubCerts = AgentTester.LoadCertificates(@"Certificates\redmond\Public");
m_singleUseEnciphermentPublicCert = pubCerts.Single(c =>
c.Subject.Contains("hsm.DirectInt.lab") &&
c.FindKeyUsageExtension()?.KeyUsages == X509KeyUsageFlags.KeyEncipherment);
//
// Private is in token. Public side is in config store.
// We sign the hash with the private token based key. We include the public cert in the Signed Entity (S/MIME)
//
m_singleUseSigningPublicCert = privateRedmondCerts.Single(c =>
c.Subject.Contains("hsm.DirectInt.lab") &&
c.FindKeyUsageExtension()?.KeyUsages == X509KeyUsageFlags.DigitalSignature);
}
