public PackageModel GetFullGraph()
{
var package = new PackageModel();
package.Trust = new List <TrustModel>();
foreach (var address in Context.Graph.Address)
{
var issuer = new IssuerModel();
issuer.Id = address.Id;
var subjects = new List <SubjectModel>();
if (address.Edges != null)
{
foreach (var edge in address.Edges)
{
var child = new SubjectModel();
Context.InitSubjectModel(child, edge);
subjects.Add(child);
}
}
if (subjects.Count > 0)
{
issuer.Subjects = subjects.ToArray();
}
var trust = new TrustModel();
trust.Issuer = issuer;
package.Trust.Add(trust);
}
return(package);
}
public void TestIsCertPolicyCompiant_NoResolver_NoFilter_AssertTrue()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object);
Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>();
trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue();
}
public async Task <TrustModel> payfoneTrust(TrustRequestModel input) //trust endpoint
{
input.requestId = Guid.NewGuid().ToString(); //create UUID
input.consentStatus = "notCollected";
string body = JsonConvert.SerializeObject(input, Newtonsoft.Json.Formatting.None,
new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore //ignore null prop
});
String a = await ProcessToken();
var request = new HttpRequestMessage()
{
RequestUri = new Uri("https://api.staging.payfone.com/trust/v2"),
Method = HttpMethod.Post,
Content = new StringContent(body, Encoding.Default, "application/json")
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accesstoken);
request.Headers.Add("Accept", "application/json");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
var responseBody = await response.Content.ReadAsStringAsync();
TrustModel model = JsonConvert.DeserializeObject <TrustModel>(responseBody);
return(model);
}
/// <summary>
/// Create a Trust Model from the given settings
/// </summary>
/// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param>
/// <param name="policyFilter"><see cref="IPolicyFilter"/></param>
/// <returns>TrustModel</returns>
public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter)
{
TrustChainValidator validator = new TrustChainValidator();
validator.RevocationCheckMode = this.RevocationCheckMode;
validator.RevocationCheckGranularity = this.RevocationCheckGranularity;
if (this.MaxIssuerChainLength > 0)
{
validator.MaxIssuerChainLength = this.MaxIssuerChainLength;
}
if (this.TimeoutMilliseconds > 0)
{
validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds);
}
TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter);
if (this.ProblemFlags != null)
{
X509ChainStatusFlags flags = X509ChainStatusFlags.NoError;
foreach (X509ChainStatusFlags flag in this.ProblemFlags)
{
flags = (flags | flag);
}
trustModel.CertChainValidator.ProblemFlags = flags;
}
return(trustModel);
}
public static void EnsureTrustId(TrustModel trust, ITrustBinary trustBinary)
{
if (trust.TrustId != null && trust.TrustId.Length > 0)
{
return;
}
trust.TrustId = GetTrustId(trust);
}
public void TestIsCertPolicyCompiant_NoPolicyExpression_AssertTrue()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object);
Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>();
mockPolicyResolver.Setup(resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**")))
.Returns(new List <IPolicyExpression>());
trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue();
}
public void TestIsCertPolicyCompiant_NoPolicyExpression_AssertTrue()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object);
Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>();
mockPolicyResolver.Setup(resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**")))
.Returns(new List<IPolicyExpression>());
trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue();
}
public int Replace(TrustModel trust)
{
using (var command = new SQLiteCommand("REPLACE INTO " + TableName + " (trustid, version, script, issuerid, issuersignature, serverid, serversignature, timestamp) " +
"VALUES (@trustid, @version, @script, @issuerid, @issuersignature, @serverid, @serversignature, @timestamp)", Connection))
{
command.Parameters.Add(new SQLiteParameter("@trustid", trust.TrustId));
command.Parameters.Add(new SQLiteParameter("@version", trust.Head.Version));
command.Parameters.Add(new SQLiteParameter("@script", trust.Head.Script));
command.Parameters.Add(new SQLiteParameter("@issuerid", trust.Issuer.Id));
command.Parameters.Add(new SQLiteParameter("@issuersignature", trust.Issuer.Signature));
command.Parameters.Add(new SQLiteParameter("@serverid", (trust.Server != null) ? trust.Server.Id : new byte[] { }));
command.Parameters.Add(new SQLiteParameter("@serversignature", (trust.Server != null) ? trust.Server.Signature : new byte[] { }));
command.Parameters.Add(new SQLiteParameter("@timestamp", trust.Timestamp.SerializeObject()));
return(command.ExecuteNonQuery());
}
}
public void VerifyTrust(TrustModel trust)
{
var schema = new TrustSchema(trust);
if (!schema.Validate())
{
var msg = string.Join(". ", schema.Errors.ToArray());
throw new ApplicationException(msg);
}
var signature = new TrustECDSASignature(trust);
var errors = signature.VerifyTrustSignatureMessage();
if (errors.Count > 0)
{
throw new ApplicationException(string.Join(". ", errors.ToArray()));
}
}
public void TestIsCertPolicyCompiant_PolicyNotCompliant_AssertFalse()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object);
Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>();
mockPolicyFilter.Setup(
filter => filter.IsCompliant(It.IsAny<X509Certificate2>(), It.IsAny<IPolicyExpression>()))
.Returns(false);
Mock<IPolicyExpression> mockExpression = new Mock<IPolicyExpression>();
mockPolicyResolver.Setup(
resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**")))
.Returns(new List<IPolicyExpression> { mockExpression.Object });
trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeFalse();
mockPolicyFilter.VerifyAll();
}
/// <summary>
/// Creates a agent from settings.
/// </summary>
/// <returns>The configured agent instance.</returns>
public DirectAgent CreateAgent()
{
this.Validate();
ICertificateResolver privateCerts = this.PrivateCerts.CreateResolver();
ICertificateResolver publicCerts = this.PublicCerts.CreateResolver();
ITrustAnchorResolver trustAnchors = this.Anchors.Resolver.CreateResolver();
TrustModel trustModel = (this.Trust != null) ? this.Trust.CreateTrustModel() : TrustModel.Default;
SMIMECryptographer cryptographer = this.Cryptographer.Create();
IDomainResolver domainResolver = this.CreateResolver();
DirectAgent agent = new DirectAgent(domainResolver, privateCerts, publicCerts, trustAnchors, trustModel, cryptographer);
agent.AllowNonWrappedIncoming = m_allowNonWrappedIncoming;
agent.WrapMessages = m_wrapOutgoing;
return(agent);
}
public int AddTrust(TrustModel trust)
{
var result = Trust.Add(trust);
if (result < 1)
{
return(result);
}
foreach (var subject in trust.Issuer.Subjects)
{
subject.IssuerId = trust.Issuer.Id;
result = Subject.Add(subject);
if (result < 1)
{
break;
}
}
return(result);
}
public void TestIsCertPolicyCompiant_PolicyNotCompliant_AssertFalse()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object);
Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>();
mockPolicyFilter.Setup(
filter => filter.IsCompliant(It.IsAny <X509Certificate2>(), It.IsAny <IPolicyExpression>()))
.Returns(false);
Mock <IPolicyExpression> mockExpression = new Mock <IPolicyExpression>();
mockPolicyResolver.Setup(
resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**")))
.Returns(new List <IPolicyExpression> {
mockExpression.Object
});
trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeFalse();
mockPolicyFilter.VerifyAll();
}
public int AddTrust(TrustModel trust, TrustchainDatabase db)
{
var result = db.Trust.Add(trust);
if (result < 1)
{
return(result);
}
foreach (var subject in trust.Issuer.Subjects)
{
subject.IssuerId = trust.Issuer.Id;
subject.TrustId = trust.TrustId;
result = db.Subject.Add(subject);
if (result < 1)
{
break;
}
}
return(result);
}
public static TrustModel CreateTrust(string issuerName, string subjectName, JObject claim)
{
var issuerKey = new Key(Hashes.SHA256(Encoding.UTF8.GetBytes(issuerName)));
var subjectKey = new Key(Hashes.SHA256(Encoding.UTF8.GetBytes(subjectName)));
var serverKey = new Key(Hashes.SHA256(Encoding.UTF8.GetBytes("server")));
var trust = new TrustModel();
trust.Head = new HeadModel
{
Version = "standard 0.1.0",
Script = "btc-pkh"
};
trust.Server = new ServerModel();
trust.Server.Id = serverKey.PubKey.GetAddress(App.BitcoinNetwork).Hash.ToBytes();
trust.Issuer = new IssuerModel();
trust.Issuer.Id = issuerKey.PubKey.GetAddress(App.BitcoinNetwork).Hash.ToBytes();
var subjects = new List <SubjectModel>();
subjects.Add(new SubjectModel
{
Id = subjectKey.PubKey.GetAddress(App.BitcoinNetwork).Hash.ToBytes(),
IdType = "person",
Claim = (claim != null) ? claim : new JObject(
new JProperty("trust", "true")
),
Scope = "global"
});
trust.Issuer.Subjects = subjects.ToArray();
var binary = new TrustBinary(trust);
trust.TrustId = TrustECDSASignature.GetHashOfBinary(binary.GetIssuerBinary());
var trustHash = new uint256(trust.TrustId);
trust.Issuer.Signature = issuerKey.SignCompact(trustHash);
return(trust);
}
public void TestIsCertPolicyCompiant_PolicyExpressionError_AssertException()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object);
Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>();
mockPolicyFilter.Setup(
filter => filter.IsCompliant(It.IsAny <X509Certificate2>(), It.IsAny <IPolicyExpression>()))
.Throws <PolicyProcessException>();
Mock <IPolicyExpression> mockExpression = new Mock <IPolicyExpression>();
mockPolicyResolver.Setup(
resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**")))
.Returns(new List <IPolicyExpression> {
mockExpression.Object
});
Action action = () => trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object);
action.ShouldThrow <AgentException>().WithInnerException <PolicyProcessException>();
mockPolicyFilter.VerifyAll();
}
public TrustSchema(TrustModel t)
{
trust = t;
Errors = new List <string>();
}
/// <summary>
/// Create a Trust Model from the given settings
/// </summary>
/// <returns>TrustModel</returns>
public TrustModel CreateTrustModel()
{
TrustChainValidator validator = new TrustChainValidator();
validator.RevocationCheckMode = this.RevocationCheckMode;
validator.RevocationCheckGranularity = this.RevocationCheckGranularity;
if (this.MaxIssuerChainLength > 0)
{
validator.MaxIssuerChainLength = this.MaxIssuerChainLength;
}
if (this.TimeoutMilliseconds > 0)
{
validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds);
}
TrustModel trustModel = new TrustModel(validator);
if (this.ProblemFlags != null)
{
X509ChainStatusFlags flags = X509ChainStatusFlags.NoError;
foreach(X509ChainStatusFlags flag in this.ProblemFlags)
{
flags = (flags | flag);
}
trustModel.CertChainValidator.ProblemFlags = flags;
}
return trustModel;
}
private void BuildSubject(TrustModel trust, List <EdgeModel> issuerEdges, SubjectModel subject)
{
var subjectEdge = Context.CreateEdgeModel(subject, (int)trust.Issuer.Timestamp);
var ids = new List <int>();
// Find all edges that matchs
for (var i = 0; i < issuerEdges.Count; i++)
{
if (issuerEdges[i].SubjectId != subjectEdge.SubjectId)
{
continue;
}
if (issuerEdges[i].SubjectType != subjectEdge.SubjectType)
{
continue;
}
if (issuerEdges[i].Scope != subjectEdge.Scope)
{
continue;
}
if ((issuerEdges[i].Claim.Types & subjectEdge.Claim.Types) == 0)
{
continue;
}
// Edge to be updated!
ids.Add(i);
}
var flagTypes = subjectEdge.Claim.Types.GetFlags();
foreach (ClaimType flagtype in flagTypes)
{
var i = -1;
if (ids.Count > 0)
{
i = ids.FirstOrDefault(p => (issuerEdges[p].Claim.Types & flagtype) > 0);
if (issuerEdges[i].Timestamp > subjectEdge.Timestamp) // Make sure that we cannot overwrite with old data
{
continue;
}
}
var nodeEdge = subjectEdge; // Copy the subjectEdge object
nodeEdge.Claim.Types = flagtype; // overwrite the flags
nodeEdge.Claim.Flags = subjectEdge.Claim.Flags & flagtype; // overwrite the flags
nodeEdge.Claim.Rating = (flagtype == ClaimType.Rating) ? subjectEdge.Claim.Rating : (byte)0;
if (i >= 0 && i < issuerEdges.Count)
{
issuerEdges[i] = nodeEdge;
}
else
{
issuerEdges.Add(nodeEdge);
}
}
}
public static byte[] GetTrustId(TrustModel trust)
{
return(TrustECDSASignature.GetHashOfBinary(GetTrustBinary(trust)));
}
public static byte[] GetTrustBinary(TrustModel trust)
{
var trustBinary = new TrustBinary(trust);
return(trustBinary.GetIssuerBinary());
}
public void TestIsCertPolicyCompiant_PolicyExpressionError_AssertException()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object, mockPolicyResolver.Object, mockPolicyFilter.Object);
Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>();
mockPolicyFilter.Setup(
filter => filter.IsCompliant(It.IsAny<X509Certificate2>(), It.IsAny<IPolicyExpression>()))
.Throws<PolicyProcessException>();
Mock<IPolicyExpression> mockExpression = new Mock<IPolicyExpression>();
mockPolicyResolver.Setup(
resolver => resolver.GetIncomingPolicy(new MailAddress("*****@*****.**")))
.Returns(new List<IPolicyExpression> { mockExpression.Object });
Action action = () => trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object);
action.ShouldThrow<AgentException>().WithInnerException<PolicyProcessException>();
mockPolicyFilter.VerifyAll();
}
public void TestIsCertPolicyCompiant_NoResolver_NoFilter_AssertTrue()
{
TrustModel trustModel = new TrustModel(mockTrustChainValidator.Object);
Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>();
trustModel.IsCertPolicyCompliant(new MailAddress("*****@*****.**"), mockCert.Object).Should().BeTrue();
}
