public void Build(int keyCount, int seed)
{
//Arrange
var lf = new LoggerFactory();
var certProviderLogger = new EmbeddedCertProviderLoggingExtensions(lf.CreateLogger <EmbeddedCertProviderLoggingExtensions>());
var eksBuilderV1Logger = new EksBuilderV1LoggingExtensions(lf.CreateLogger <EksBuilderV1LoggingExtensions>());
var dtp = new StandardUtcDateTimeProvider();
var cmsCertLoc = new Mock <IEmbeddedResourceCertificateConfig>();
cmsCertLoc.Setup(x => x.Path).Returns("TestRSA.p12");
cmsCertLoc.Setup(x => x.Password).Returns("Covid-19!"); //Not a secret.
var cmsCertChainLoc = new Mock <IEmbeddedResourceCertificateConfig>();
cmsCertChainLoc.Setup(x => x.Path).Returns("StaatDerNLChain-Expires2020-08-28.p7b");
cmsCertChainLoc.Setup(x => x.Password).Returns(string.Empty); //Not a secret.
//resign some
var cmsSigner = new CmsSignerEnhanced(
new EmbeddedResourceCertificateProvider(cmsCertLoc.Object, certProviderLogger),
new EmbeddedResourcesCertificateChainProvider(cmsCertChainLoc.Object),
new StandardUtcDateTimeProvider()
);
var gaCertLoc = new Mock <IEmbeddedResourceCertificateConfig>();
gaCertLoc.Setup(x => x.Path).Returns("TestECDSA.p12");
gaCertLoc.Setup(x => x.Password).Returns(string.Empty); //Not a secret.
var sut = new EksBuilderV1(
new FakeEksHeaderInfoConfig(),
new EcdSaSigner(
new EmbeddedResourceCertificateProvider(
gaCertLoc.Object,
certProviderLogger)),
cmsSigner,
dtp,
new GeneratedProtobufEksContentFormatter(),
eksBuilderV1Logger
);
//Act
var result = sut.BuildAsync(GetRandomKeys(keyCount, seed)).GetAwaiter().GetResult();
Trace.WriteLine($"{keyCount} keys = {result.Length} bytes.");
//Assert
Assert.True(result.Length > 0);
using (var fs = new FileStream("EKS.zip", FileMode.Create, FileAccess.Write))
{
fs.Write(result, 0, result.Length);
}
}
public static EcdSaSigner CreateEcdsaSigner(ILoggerFactory lf)
{
var certProviderLogger = new EmbeddedCertProviderLoggingExtensions(
lf.CreateLogger <EmbeddedCertProviderLoggingExtensions>());
var gaCertLoc = new Mock <IEmbeddedResourceCertificateConfig>();
gaCertLoc.Setup(x => x.Path).Returns("TestECDSA.p12");
gaCertLoc.Setup(x => x.Password).Returns(string.Empty); //Not a secret.
return(new EcdSaSigner(
new EmbeddedResourceCertificateProvider(
gaCertLoc.Object,
certProviderLogger)));
}
public static CmsSignerEnhanced CreateCmsSignerEnhanced(ILoggerFactory lf)
{
var certProviderLogger = new EmbeddedCertProviderLoggingExtensions(
lf.CreateLogger <EmbeddedCertProviderLoggingExtensions>());
var cmsCertMock = new Mock <IEmbeddedResourceCertificateConfig>();
cmsCertMock.Setup(x => x.Path).Returns("TestRSA.p12");
cmsCertMock.Setup(x => x.Password).Returns("Covid-19!"); //Not a secret.
var cmsCertChainMock = new Mock <IEmbeddedResourceCertificateConfig>();
cmsCertChainMock.Setup(x => x.Path).Returns("StaatDerNLChain-EV-Expires-2022-12-05.p7b");
cmsCertChainMock.Setup(x => x.Password).Returns(string.Empty); //Not password-protected
return(new CmsSignerEnhanced(
new EmbeddedResourceCertificateProvider(cmsCertMock.Object, certProviderLogger),
new EmbeddedResourcesCertificateChainProvider(cmsCertChainMock.Object),
new StandardUtcDateTimeProvider()));
}
public void EksBuilderV1WithDummy_NLSigHasDummyText()
{
//Arrange
var KeyCount = 500;
var lf = new LoggerFactory();
var certProviderLogger = new EmbeddedCertProviderLoggingExtensions(lf.CreateLogger <EmbeddedCertProviderLoggingExtensions>());
var eksBuilderV1Logger = new EksBuilderV1LoggingExtensions(lf.CreateLogger <EksBuilderV1LoggingExtensions>());
var dtp = new StandardUtcDateTimeProvider();
var dummySigner = new DummyCmsSigner();
var gaCertLoc = new Mock <IEmbeddedResourceCertificateConfig>();
gaCertLoc.Setup(x => x.Path).Returns("TestECDSA.p12");
gaCertLoc.Setup(x => x.Password).Returns(string.Empty); //Not a secret.
var sut = new EksBuilderV1(
new FakeEksHeaderInfoConfig(),
new EcdSaSigner(
new EmbeddedResourceCertificateProvider(
gaCertLoc.Object,
certProviderLogger)
),
dummySigner,
dtp,
new GeneratedProtobufEksContentFormatter(),
eksBuilderV1Logger
);
//Act
var result = sut.BuildAsync(GetRandomKeys(KeyCount, 123)).GetAwaiter().GetResult();
//Assert
using var zipFileInMemory = new MemoryStream();
zipFileInMemory.Write(result, 0, result.Length);
using (var zipFileContent = new ZipArchive(zipFileInMemory, ZipArchiveMode.Read, false))
{
var NlSignature = zipFileContent.ReadEntry(ZippedContentEntryNames.NLSignature);
Assert.NotNull(NlSignature);
Assert.Equal(NlSignature, dummySigner.DummyContent);
}
}
public void Re_sign_content_that_does_not_already_have_an_equivalent_resigned_entry()
{
var lf = new LoggerFactory();
var certProviderLogger = new EmbeddedCertProviderLoggingExtensions(lf.CreateLogger <EmbeddedCertProviderLoggingExtensions>());
var resignerLogger = new ResignerLoggingExtensions(lf.CreateLogger <ResignerLoggingExtensions>());
//Add some db rows to Content
var dbc = _contentDbProvider.CreateNew();
var d = DateTime.Now;
var laterDate = d.AddDays(1);
var publishingId = "1";
using var testContentStream = ResourcesHook.GetManifestResourceStream("Resources.ResignAppConfig.zip");
using var m = new MemoryStream();
testContentStream.CopyTo(m);
var zipContent = m.ToArray();
//Adding identical content items
var sourceAppConfigContent1 = new ContentEntity {
Content = zipContent, PublishingId = publishingId, ContentTypeName = ".", Type = ContentTypes.AppConfig, Created = d, Release = laterDate
};
var sourceAppConfigContent2 = new ContentEntity {
Content = zipContent, PublishingId = publishingId, ContentTypeName = ".", Type = ContentTypes.AppConfig, Created = d, Release = laterDate
};
var sourceAppConfigContent3 = new ContentEntity {
Content = zipContent, PublishingId = publishingId, ContentTypeName = ".", Type = ContentTypes.AppConfig, Created = d, Release = laterDate
};
dbc.Content.AddRange(
sourceAppConfigContent1,
sourceAppConfigContent2,
sourceAppConfigContent3
);
dbc.SaveChanges();
Assert.Equal(3, dbc.Content.Count());
var resigner = new NlContentResignCommand(_contentDbProvider.CreateNew, TestSignerHelpers.CreateCmsSignerEnhanced(lf), resignerLogger);
resigner.ExecuteAsync(ContentTypes.AppConfig, ContentTypes.AppConfigV2, ZippedContentEntryNames.Content).GetAwaiter().GetResult();
//check the numbers
Assert.Equal(4, dbc.Content.Count());
var resignedAppConfigContent = dbc.Content.Where(x => x.PublishingId == publishingId && x.Type == ContentTypes.AppConfigV2);
var originalContentStream = new MemoryStream(zipContent);
using var originalZipArchive = new ZipArchive(originalContentStream);
foreach (var i in resignedAppConfigContent)
{
Assert.Equal(sourceAppConfigContent1.Created, i.Created);
Assert.Equal(sourceAppConfigContent1.Release, i.Release);
var s = new MemoryStream(i.Content);
using var z = new ZipArchive(s);
Assert.True(Enumerable.SequenceEqual(originalZipArchive.ReadEntry(ZippedContentEntryNames.Content), z.ReadEntry(ZippedContentEntryNames.Content)));
Assert.NotEqual(originalZipArchive.GetEntry(ZippedContentEntryNames.NlSignature), z.GetEntry(ZippedContentEntryNames.NlSignature));
}
//Repeating should have no effect
resigner.ExecuteAsync(ContentTypes.AppConfig, ContentTypes.AppConfigV2, ZippedContentEntryNames.Content).GetAwaiter().GetResult();
Assert.Equal(4, dbc.Content.Count());
}
