protected static TokenResolverSettings MockTokenResolverSettings(TokenSettings tokensettings)
{
var resolverSettings = new TokenResolverSettings();
var clientSettingsMock = new Mock <ClientSettings>();
var settingManagerClient = new Mock <IPropertyManager>();
resolverSettings.ClientSettings = clientSettingsMock.Object;
Property[] properties = new Property[1];
properties[0] = new Property("TokenSettings", tokensettings.ToXml());
settingManagerClient.Setup(c => c.GetProperties(It.Is <string[]>(s => s.Single() == "TokenSettings")))
.Returns(properties);
clientSettingsMock.Setup(s => s.CreatePropertyManagerClient())
.Returns(settingManagerClient.Object);
return(resolverSettings);
}
public void TestPluginInitFailures()
{
var pluginDef = new Mock <PluginDefinition>();
pluginDef.Object.TypeName = "Surescripts.Health.Direct.Hsm.HsmCryptographerProxy, Surescripts.Health.Direct.Hsm";
var tokenSettings =
@"<TokenSettings>
<TokenSerial>Serial #</TokenSerial>
<TokenLabel>partition_name</TokenLabel>
<UserPin>password</UserPin>
<DefaultEncryption>AES256</DefaultEncryption>
<DefaultDigest>SHA256</DefaultDigest>
</TokenSettings>";
var resolverSettings = MockTokenResolverSettings(tokenSettings.FromXml <TokenSettings>());
pluginDef.Setup(p => p.DeserializeSettings <TokenResolverSettings>())
.Returns(resolverSettings);
using (var hsmCryptographer = new HsmCryptographerProxy())
{
var diagnostics = new FakeDiagnostics(typeof(HsmCryptographerProxy));
hsmCryptographer.ProxyError += diagnostics.OnResolverError;
hsmCryptographer.Init(pluginDef.Object);
Assert.Equal(1, diagnostics.ActualErrorMessages.Count);
Assert.Equal(
"Unable to load DLL '__Internal': The specified module could not be found. (Exception from HRESULT: 0x8007007E)",
diagnostics.ActualErrorMessages[0]);
hsmCryptographer.Error += diagnostics.OnResolverError;
hsmCryptographer.Warning += diagnostics.OnResolverWarning;
var agentB = AgentTester.CreateAgent(
"hsm.DirectInt.lab",
AgentTester.MakeCertificatesPath(Directory.GetCurrentDirectory(), "nhind"),
hsmCryptographer);
var tester = new AgentTester(new DirectAgent(AgentTester.DefaultDomainA), agentB);
string messageText = tester.ReadMessageText("simpleSoftToHsm.eml");
var message = MimeSerializer.Default.Deserialize <Message>(messageText);
var signed = tester.AgentB.Cryptographer
.Sign(
message,
new X509Certificate2Collection(m_singleUseSigningPublicCert));
Assert.Null(signed);
Assert.Equal(3, diagnostics.ActualErrorMessages.Count);
Assert.Equal(1, diagnostics.ActualWarningMessages.Count);
Assert.Equal("Attempting to connect to Token", diagnostics.ActualWarningMessages[0]);
// while signing the we tried to initialize the token again.
Assert.Equal(
"Unable to load DLL '__Internal': The specified module could not be found. (Exception from HRESULT: 0x8007007E)",
diagnostics.ActualErrorMessages[1]);
Assert.Equal(
"Unable to load DLL '__Internal': The specified module could not be found. (Exception from HRESULT: 0x8007007E)",
diagnostics.ActualErrorMessages[2]);
var encryptedMessage = tester.AgentA.Cryptographer.Encrypt(message, m_singleUseEnciphermentPublicCert);
tester.AgentB.Cryptographer // Decrypt Test
.DecryptEntity(
hsmCryptographer.GetEncryptedBytes(encryptedMessage),
m_singleUseEnciphermentPublicCert);
Assert.Equal(5, diagnostics.ActualErrorMessages.Count);
Assert.Equal(
"Unable to load DLL '__Internal': The specified module could not be found. (Exception from HRESULT: 0x8007007E)",
diagnostics.ActualErrorMessages[3]);
Assert.Equal(
"Unable to load DLL '__Internal': The specified module could not be found. (Exception from HRESULT: 0x8007007E)",
diagnostics.ActualErrorMessages[4]);
}
TokenSettings ts = TokenSettings;
ts.NormalUserPin = null;
tokenSettings = ts.ToXml();
resolverSettings = MockTokenResolverSettings(tokenSettings.FromXml <TokenSettings>());
pluginDef.Setup(p => p.DeserializeSettings <TokenResolverSettings>())
.Returns(resolverSettings);
using (var hsmCryptographer = new HsmCryptographerProxy())
{
var diagnostics = new FakeDiagnostics(typeof(HsmCryptographerProxy));
hsmCryptographer.ProxyError += diagnostics.OnResolverError;
hsmCryptographer.Init(pluginDef.Object);
var agentB = AgentTester.CreateAgent(
"hsm.DirectInt.lab",
AgentTester.MakeCertificatesPath(Directory.GetCurrentDirectory(), "nhind"),
hsmCryptographer);
var tester = new AgentTester(new DirectAgent(AgentTester.DefaultDomainA), agentB);
string messageText = tester.ReadMessageText("simpleSoftToHsm.eml");
var message = MimeSerializer.Default.Deserialize <Message>(messageText);
var signed = tester.AgentB.Cryptographer.Sign(message, m_singleUseSigningPublicCert); //Sign Test
Assert.Null(signed);
Assert.Equal(2, diagnostics.ActualErrorMessages.Count);
Assert.Equal(
"Method C_Login returned CKR_PIN_INCORRECT",
diagnostics.ActualErrorMessages[0]);
Assert.Equal(
"Method C_Login returned CKR_PIN_INCORRECT",
diagnostics.ActualErrorMessages[1]);
var encryptedMessage = tester.AgentA.Cryptographer.Encrypt(message, m_singleUseEnciphermentPublicCert);
tester.AgentB.Cryptographer // Decrypt Test
.DecryptEntity(
hsmCryptographer.GetEncryptedBytes(encryptedMessage),
m_singleUseEnciphermentPublicCert);
Assert.Equal(3, diagnostics.ActualErrorMessages.Count);
Assert.Equal(
"Method C_Login returned CKR_PIN_INCORRECT",
diagnostics.ActualErrorMessages[2]);
}
tokenSettings =
@"<TokenSettings>
<Library>C:\Program Files\SafeNet\LunaClient\cryptoki.dll</Library>
<TokenSerial>Serial #</TokenSerial>
<UserPin>password</UserPin>
<DefaultEncryption>AES256</DefaultEncryption>
<DefaultDigest>SHA256</DefaultDigest>
</TokenSettings>";
resolverSettings = MockTokenResolverSettings(tokenSettings.FromXml <TokenSettings>());
pluginDef.Setup(p => p.DeserializeSettings <TokenResolverSettings>())
.Returns(resolverSettings);
using (var hsmCryptographer = new HsmCryptographerProxy())
{
var diagnostics = new FakeDiagnostics(typeof(HsmCryptographerProxy));
hsmCryptographer.ProxyError += diagnostics.OnResolverError;
hsmCryptographer.Init(resolverSettings);
var agentB = AgentTester.CreateAgent(
"hsm.DirectInt.lab",
AgentTester.MakeCertificatesPath(Directory.GetCurrentDirectory(), "nhind"),
hsmCryptographer);
var tester = new AgentTester(new DirectAgent(AgentTester.DefaultDomainA), agentB);
string messageText = tester.ReadMessageText("simpleSoftToHsm.eml");
var message = MimeSerializer.Default.Deserialize <Message>(messageText);
var signed = tester.AgentB.Cryptographer.Sign(message, m_singleUseSigningPublicCert); //Sign Test
//
// Yes you can sign without a TokenLabel. You need the TokenSerial and TokenLabel for searching for objects, not signing.
//
Assert.Null(signed);
Assert.Equal(2, diagnostics.ActualErrorMessages.Count);
Assert.Equal(
"Did not find an available slot with TokenLable:",
diagnostics.ActualErrorMessages[0]);
Assert.Equal(
"Did not find an available slot with TokenLable:",
diagnostics.ActualErrorMessages[1]);
var encryptedMessage = tester.AgentA.Cryptographer.Encrypt(message, m_singleUseEnciphermentPublicCert);
tester.AgentB.Cryptographer // Decrypt Test
.DecryptEntity(
hsmCryptographer.GetEncryptedBytes(encryptedMessage),
m_singleUseEnciphermentPublicCert);
Assert.Equal(3, diagnostics.ActualErrorMessages.Count);
Assert.Equal(
"Did not find an available slot with TokenLable:",
diagnostics.ActualErrorMessages[2]);
}
}