public void ByFriendlyName_NoneMatching_ReturnsNull()
{
Mock <IX509Store> storeMock = new Mock <IX509Store>();
storeMock.Setup(mock => mock.Certificates).Returns(new X509Certificate2CollectionFake {
new X509Certificate2Fake()
});
Certificate result = new CertificateLookup("FindMe", new[] { StoreName.My }, name => storeMock.Object)
.ByFriendlyName();
Assert.Null(result);
}
public void LookupPrimesignCertificateTest()
{
var test = new ReceiptQrCode(QRCODE1);
string certSerial = test.CertificateSerial;
// Lookup needs serial in decimal
long certificateSerialDecimal = Convert.ToInt64(certSerial, 16);
Assert.Equal(491306597551448, certificateSerialDecimal);
// Sample Primesign lookup for above serial
var result = CertificateLookup.Primesign(certificateSerialDecimal);
string cert64Encoded = Convert.ToBase64String(result.CertificateBinary);
Assert.Equal(CERT64ENCODED, cert64Encoded);
}
public void LookupATrustCertificateTest()
{
var test = new ReceiptQrCode(QRCODE1);
string certSerial = test.CertificateSerial;
// Lookup needs serial in decimal
int certificateSerialDecimal = Convert.ToInt32(certSerial, 16);
Assert.Equal(2065058440, certificateSerialDecimal);
// Sample A-Trust lookup for above serial
var result = CertificateLookup.ATrust(certificateSerialDecimal);
string cert64Encoded = Convert.ToBase64String(result.CertificateBinary);
Assert.Equal(CERT64ENCODED, cert64Encoded);
}
public void ByThumbprint_MultipleMatching_ReturnsFirstMatchingCertificate()
{
Mock <IX509Store> storeMock = new Mock <IX509Store>();
storeMock.Setup(mock => mock.Certificates).Returns(new X509Certificate2CollectionFake
{
new X509Certificate2Fake(),
new X509Certificate2Fake(friendlyName: "FindMe", thumbprint: "FindMe"),
new X509Certificate2Fake(friendlyName: "NotMe", thumbprint: "FindMe")
});
Certificate result = new CertificateLookup("FindMe", new[] { StoreName.My }, name => storeMock.Object)
.ByThumbprint();
Assert.Equal(result.FriendlyName, "FindMe");
Assert.Equal(result.Thumbprint, "FindMe");
}
public void ByFriendlyName_OneMatchingInSecondaryStore_ReturnsCertificate()
{
Dictionary <StoreName, Mock <IX509Store> > storeMocks = new Dictionary <StoreName, Mock <IX509Store> >();
storeMocks[StoreName.My] = CreateX509StoreMock(new X509Certificate2CollectionFake
{
new X509Certificate2Fake(),
new X509Certificate2Fake()
});
storeMocks[StoreName.Root] = CreateX509StoreMock(new X509Certificate2CollectionFake
{
new X509Certificate2Fake(),
new X509Certificate2Fake(friendlyName: "FindMe", thumbprint: "FindMe")
});
Certificate result = new CertificateLookup("FindMe", new[] { StoreName.My, StoreName.Root }, name => storeMocks[name].Object)
.ByFriendlyName();
Assert.Equal(result.FriendlyName, "FindMe");
Assert.Equal(result.Thumbprint, "FindMe");
}
public static IActionResult Run([HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, TraceWriter log)
{
// TODO: Proper error handling, proper monitoring (Application Insights)
log.Info("C# HTTP trigger function processed a request.");
string requestBody = new StreamReader(req.Body).ReadToEnd();
var data = JsonConvert.DeserializeObject <VerificationParameters>(requestBody);
// Short-circuit out of here if signature is invalid anyways
byte[] signature = Convert.FromBase64String(data.Signature);
if (64 != signature.Length)
{
return(new BadRequestObjectResult("Signature is not 64 bytes in length"));
}
// TODO: A-Trust hardcoded, would be data.Authority switch
// TODO: Here we would be adding the caching logic for the certificates (hash of authority & cert# for lookup)
var certificateLookupResult = CertificateLookup.ATrust(data.CertificateNumber);
// TODO: Assuming valid lookup, would need checking certificateLookupResult.Found
var cert = new X509Certificate2(certificateLookupResult.CertificateBinary);
// https://stackoverflow.com/a/38235996/141927
using (ECDsa ecdsa = cert.GetECDsaPublicKey())
{
if (ecdsa != null)
{
bool valid = ecdsa.VerifyHash(Convert.FromBase64String(data.HashToVerify), signature);
return((ActionResult) new OkObjectResult(valid));
}
else
{
return(new NotFoundResult());
}
}
}
private async void ScanBon_Clicked(object sender, EventArgs e)
{
try
{
var scanner = DependencyService.Get <IQrScanningService>();
var result = await scanner.ScanAsync();
if (result != null)
{
System.Diagnostics.Debug.WriteLine("QR: " + result);
StringBuilder stb = new StringBuilder();
stb.AppendLine($"QR: {result}");
var qrCode = new ReceiptQrCode(result);
if (qrCode.IsValid)
{
stb.AppendLine($"Cipher Suite: {qrCode.CipherSuite}");
if (!qrCode.IstGeschlossenesSystem())
{
stb.AppendLine($"Cert Id: {qrCode.CertificateSerialAsDecimal}");
}
else
{
stb.AppendLine("Kassentyp: geschlossenes System");
}
stb.AppendLine($"Datum: {qrCode.Date}");
stb.AppendLine($"Beträge: {qrCode.BetragSatzNormal} / {qrCode.BetragSatzErmaessigt1} / {qrCode.BetragSatzErmaessigt2} / {qrCode.BetragSatzNull} / {qrCode.BetragSatzBesonders}");
if (!qrCode.IstGeschlossenesSystem())
{
var certificateLookupResult = CertificateLookup.Lookup(qrCode);
if (certificateLookupResult.Found)
{
bool verified = qrCode.ValidateSignatureBouncyCastle(certificateLookupResult.CertificateBinary);
stb.AppendLine($"Ergebnis Validierung Signatur: {verified}");
}
else
{
stb.AppendLine($"Fehler: Zertifikat nicht gefunden, {certificateLookupResult.ErrorMessage}");
}
}
else
{
stb.AppendLine($"Ordnungsbegriff des Unternehmers: {qrCode.CertificateSerial}");
}
}
else
{
stb.AppendLine("Fehler: QR Code ungültig");
}
VerificationResult.Text = stb.ToString();
}
}
catch (Exception ex)
{
await DisplayAlert("Scan Error", ex.ToString(), "OK");
}
}
