public void ShouldCreateValidSignatureForStandardInputAndConsoleOutput()
{
const string input = "It's me, Mario!";
Certifier.Main(new[] { "-c", "signature", "--privatekey", "private.pem", "-i", input });
VerifySignature("", input);
}
public void ShouldCreateValidSignatureForStandardInputAndFileOutput()
{
const string input = @"FooBarBaz©®*Åäö! _<>#|?€ \n\t I said this. It is guaranteed.";
Certifier.Main(new[] { "-c", "signature", "--privatekey", "private.pem", "-i", input, "-o", "bar.file.signature" });
VerifySignature("bar.file.signature", input);
}
public void ShouldWriteBase64EncodedSignatureToStdoutWhenOutputIsNotSpecified()
{
Certifier.Main(new[] { "-c", "signature", "--privatekey", "private.pem", "-i", "foobarbaz" });
string signature = consoleOutput.Single();
Assert.IsNotEmpty(signature);
Assert.DoesNotThrow(() => { Convert.FromBase64String(signature); });
}
public void ShouldIndicateMissingPrivateKey()
{
var exception = Assert.Throws <ArgumentException>(() =>
{
Certifier.Main(new [] { "-c", "signature", "-i", "foobarbaz" });
});
Assert.AreEqual("Private key file or path is required.", exception.Message);
}
public void ShouldWriteBase64EncodedSignatureToFile()
{
Certifier.Main(new[] { "-c", "signature", "--privatekey", "private.pem", "-i", "foobarbaz", "-o", "foo.file.signature" });
byte[] signatureContent = fileOutput["foo.file.signature"];
string signature = encoding.GetString(signatureContent);
Assert.IsNotEmpty(signature);
Assert.DoesNotThrow(() => Convert.FromBase64String(signature));
}
public void ShouldWriteSsh2FormattedPublicKey()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", "P-256", "-t", "ssh2", "--privatekey", "private.pem", "--publickey", "public.ssh2" });
byte[] fileContent = fileOutput["public.ssh2"];
string content = encoding.GetString(fileContent);
Assert.IsTrue(content.StartsWith($"---- BEGIN SSH2 PUBLIC KEY ----{Environment.NewLine}"));
Assert.IsTrue(content.EndsWith($"---- END SSH2 PUBLIC KEY ----"));
}
public void ShouldWriteOpenSshPrivateKeyWhenKeyIsCurve25519()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", "curve25519", "-t", "openssh", "--privatekey", "private.pem", "--publickey", "public.openssh" });
byte[] fileContent = fileOutput["private.pem"];
string content = encoding.GetString(fileContent);
Assert.IsTrue(content.Length == 399);
Assert.IsTrue(content.StartsWith($"-----BEGIN OPENSSH PRIVATE KEY-----\n"));
Assert.IsTrue(content.EndsWith($"-----END OPENSSH PRIVATE KEY-----\n"));
}
public void ShouldWritePkcs8PemFormattedPrivateKey()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", "P-256", "-t", "ssh2", "--privatekey", "private.pem", "--publickey", "public.ssh2" });
byte[] fileContent = fileOutput["private.pem"];
string content = encoding.GetString(fileContent);
Assert.IsTrue(content.Length > 150 && content.Length < 170);
Assert.IsTrue(content.StartsWith($"-----BEGIN PRIVATE KEY-----{Environment.NewLine}"));
Assert.IsTrue(content.EndsWith($"-----END PRIVATE KEY-----{Environment.NewLine}"));
}
public void ShouldWritePkcs8PemFormattedEncryptedPrivateKey()
{
Certifier.Main(new[] { "-c", "key", "-b", "2048", "-t", "pem", "--privatekey", "private.pem", "--publickey", "public.pem", "-e", "aes", "-p", "foobar" });
byte[] fileContent = fileOutput["private.pem"];
string content = encoding.GetString(fileContent);
Assert.IsTrue(content.Length > 3100 && content.Length < 3300);
Assert.IsTrue(content.StartsWith($"-----BEGIN ENCRYPTED PRIVATE KEY-----{Environment.NewLine}"));
Assert.IsTrue(content.EndsWith($"-----END ENCRYPTED PRIVATE KEY-----{Environment.NewLine}"));
}
public void ShouldWriteX509PemFormattedPublicKey()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", "prime256v1", "-t", "sec1", "--privatekey", "private.pem", "--publickey", "public.pem" });
byte[] fileContent = fileOutput["public.pem"];
string content = encoding.GetString(fileContent);
Assert.IsTrue(content.Length > 160 && content.Length < 190);
Assert.IsTrue(content.StartsWith($"-----BEGIN PUBLIC KEY-----{Environment.NewLine}"));
Assert.IsTrue(content.EndsWith($"-----END PUBLIC KEY-----{Environment.NewLine}"));
}
public void ShouldWritePemFormattedPublicKey()
{
Certifier.Main(new[] { "-c", "key", "-b", "2048", "-k", "elgamal", "-t", "pem", "--privatekey", "private.pem", "--publickey", "public.pem", "-e", "pkcs", "-p", "foobar", "--fast" });
byte[] fileContent = fileOutput["public.pem"];
string content = encoding.GetString(fileContent);
Assert.IsTrue(content.Length > 800 && content.Length < 850);
Assert.IsTrue(content.StartsWith($"-----BEGIN PUBLIC KEY-----{Environment.NewLine}"));
Assert.IsTrue(content.EndsWith($"-----END PUBLIC KEY-----{Environment.NewLine}"));
}
public void ShouldWriteOpenSshFormattedPublicKey()
{
Certifier.Main(new[] { "-c", "key", "-b", "2048", "-t", "openssh", "--privatekey", "private.pem", "--publickey", "public.openssh" });
byte[] fileContent = fileOutput["public.openssh"];
string content = encoding.GetString(fileContent);
string[] splitContent = content.Split((' '));
Assert.AreEqual("ssh-rsa", splitContent[0]);
}
public string ShouldWriteOpenSshFormattedPublicKey(string curve)
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", curve, "-t", "openssh", "--privatekey", "private.pem", "--publickey", "public.openssh" });
byte[] fileContent = fileOutput["public.openssh"];
string content = encoding.GetString(fileContent);
string[] splitContent = content.Split((' '));
return(splitContent[0]);
}
public void ShouldThrowException()
{
IAsymmetricKeyPair rsaKeyPair = rsaKeyProvider.CreateKeyPair(2048);
string publicKey = pkcs8PemFormatter.GetAsPem(rsaKeyPair.PublicKey);
files.Add("public.rsa", encoding.GetBytes(publicKey));
IAsymmetricKeyPair dsaKeyPair = dsaKeyProvider.CreateKeyPair(2048);
string privateKey = pkcs8PemFormatter.GetAsPem(dsaKeyPair.PrivateKey);
files.Add("private.dsa", encoding.GetBytes(privateKey));
Assert.Throws <InvalidOperationException>(() => Certifier.Main(new[] { "-v", "key", "--publickey", "public.rsa", "--privatekey", "private.dsa" }));
}
public void ShouldCreateValidPkcs8DerFormattedKeyPair()
{
Certifier.Main(new[] { "-c", "key", "-b", "2048", "-k", "elgamal", "--privatekey", "private.der", "--publickey", "public.der", "--fast" });
byte[] privateKeyFileContent = fileOutput["private.der"];
byte[] publicKeyFileContent = fileOutput["public.der"];
var container = ContainerProvider.GetContainer();
var asymmetricKeyProvider = container.GetInstance <IAsymmetricKeyProvider>();
var elgamalKeyProvider = container.GetInstance <IElGamalKeyProvider>();
IAsymmetricKey privateKey = asymmetricKeyProvider.GetPrivateKey(privateKeyFileContent);
IAsymmetricKey publicKey = asymmetricKeyProvider.GetPublicKey(publicKeyFileContent);
Assert.IsTrue(elgamalKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidKeyPair()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", "prime256v1", "-t", "sec1", "--privatekey", "private.sec1", "--publickey", "public.pem" });
var container = ContainerProvider.GetContainer();
var ecKeyProvider = container.GetInstance <IEcKeyProvider>();
var pemFormattingProvider = container.GetInstance <IPemFormattingProvider <IAsymmetricKey> >();
var ecPemFormattingProvider = container.GetInstance <IPemFormattingProvider <IEcKey> >();
string privateKeyContent = encoding.GetString(fileOutput["private.sec1"]);
string publicKeyContent = encoding.GetString(fileOutput["public.pem"]);
IAsymmetricKey privateKey = ecPemFormattingProvider.GetAsDer(privateKeyContent);
IAsymmetricKey publicKey = pemFormattingProvider.GetAsDer(publicKeyContent);
Assert.IsTrue(ecKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidPkcs8KeyPairWithGivenCurve(string curve)
{
fileOutput = new Dictionary <string, byte[]>();
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", curve, "-t", "der", "--privatekey", "private.der", "--publickey", "public.der" });
byte[] privateKeyFileContent = fileOutput["private.der"];
byte[] publicKeyFileContent = fileOutput["public.der"];
var container = ContainerProvider.GetContainer();
var asymmetricKeyProvider = container.GetInstance <IAsymmetricKeyProvider>();
var ecKeyProvider = container.GetInstance <IEcKeyProvider>();
IAsymmetricKey privateKey = asymmetricKeyProvider.GetPrivateKey(privateKeyFileContent);
IAsymmetricKey publicKey = asymmetricKeyProvider.GetPublicKey(publicKeyFileContent);
Assert.IsTrue(ecKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidKeyPair(string curve)
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "--curve", curve, "-t", "ssh2", "--privatekey", "private.pem", "--publickey", "public.ssh2" });
byte[] fileContent = fileOutput["public.ssh2"];
string content = encoding.GetString(fileContent);
var container = ContainerProvider.GetContainer();
var sshFormattingProvider = container.GetInstance <ISshFormattingProvider>();
var ecKeyProvider = container.GetInstance <IEcKeyProvider>();
var pemFormattingProvider = container.GetInstance <IPemFormattingProvider <IAsymmetricKey> >();
string privateKeyContent = encoding.GetString(fileOutput["private.pem"]);
IAsymmetricKey privateKey = pemFormattingProvider.GetAsDer(privateKeyContent);
IAsymmetricKey publicKey = sshFormattingProvider.GetAsDer(content);
Assert.IsTrue(ecKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidKeyPair()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "-t", "der", "--privatekey", "private.der", "--publickey", "public.der", "-e", "pkcs", "-p", "foobar" });
byte[] privateKeyFileContent = fileOutput["private.der"];
byte[] publicKeyFileContent = fileOutput["public.der"];
var container = ContainerProvider.GetContainer();
var asymmetricKeyProvider = container.GetInstance <IAsymmetricKeyProvider>();
var ecKeyProvider = container.GetInstance <IEcKeyProvider>();
var encryptionProvider = container.GetInstance <KeyEncryptionProvider>();
IAsymmetricKey encryptedPrivateKey = asymmetricKeyProvider.GetEncryptedPrivateKey(privateKeyFileContent);
IAsymmetricKey privateKey = encryptionProvider.DecryptPrivateKey(encryptedPrivateKey, "foobar");
IAsymmetricKey publicKey = asymmetricKeyProvider.GetPublicKey(publicKeyFileContent);
Assert.IsTrue(ecKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidPkcs8PemFormattedKeyPair()
{
Certifier.Main(new[] { "-c", "key", "-b", "2048", "-k", "elgamal", "-t", "pem", "--privatekey", "private.pem", "--publickey", "public.pem", "--fast" });
byte[] privateKeyFileContent = fileOutput["private.pem"];
byte[] publicKeyFileContent = fileOutput["public.pem"];
string privateKeyContent = encoding.GetString(privateKeyFileContent);
string publicKeyContent = encoding.GetString(publicKeyFileContent);
var container = ContainerProvider.GetContainer();
var pkcs8FormattingProvider = container.GetInstance <IPemFormattingProvider <IAsymmetricKey> >();
var elgamalKeyProvider = container.GetInstance <IElGamalKeyProvider>();
IAsymmetricKey privateKey = pkcs8FormattingProvider.GetAsDer(privateKeyContent);
IAsymmetricKey publicKey = pkcs8FormattingProvider.GetAsDer(publicKeyContent);
Assert.IsTrue(elgamalKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidKeyPair()
{
Certifier.Main(new[] { "-c", "key", "-b", "2048", "-t", "openssh", "--privatekey", "private.pem", "--publickey", "public.openssh" });
byte[] fileContent = fileOutput["public.openssh"];
string content = encoding.GetString(fileContent);
string[] splitContent = content.Split((' '));
var container = ContainerProvider.GetContainer();
var sshKeyProvider = container.GetInstance <ISshKeyProvider>();
var rsaKeyProvider = container.GetInstance <RsaKeyProvider>();
var pkcs8FormattingProvider = container.GetInstance <IPemFormattingProvider <IAsymmetricKey> >();
string privateKeyContent = encoding.GetString(fileOutput["private.pem"]);
IAsymmetricKey privateKey = pkcs8FormattingProvider.GetAsDer(privateKeyContent);
IAsymmetricKey publicKey = sshKeyProvider.GetKeyFromSsh(splitContent[1]);
Assert.IsTrue(rsaKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(privateKey, publicKey)));
}
public void ShouldCreateValidKeyPair()
{
Certifier.Main(new[] { "-c", "key", "-k", "ec", "-t", "pem", "--privatekey", "private.pem", "--publickey", "public.pem", "-e", "pkcs", "-p", "foobar" });
byte[] privateKeyFileContent = fileOutput["private.pem"];
byte[] publicKeyFileContent = fileOutput["public.pem"];
string privateKeyContent = encoding.GetString(privateKeyFileContent);
string publicKeyContent = encoding.GetString(publicKeyFileContent);
var container = ContainerProvider.GetContainer();
var pkcs8FormattingProvider = container.GetInstance <IPemFormattingProvider <IAsymmetricKey> >();
var ecKeyProvider = container.GetInstance <IEcKeyProvider>();
var encryptionProvider = container.GetInstance <KeyEncryptionProvider>();
IAsymmetricKey privateKey = pkcs8FormattingProvider.GetAsDer(privateKeyContent);
IAsymmetricKey publicKey = pkcs8FormattingProvider.GetAsDer(publicKeyContent);
IAsymmetricKey decryptedPrivateKey = encryptionProvider.DecryptPrivateKey(privateKey, "foobar");
Assert.IsTrue(ecKeyProvider.VerifyKeyPair(new AsymmetricKeyPair(decryptedPrivateKey, publicKey)));
}
private static void InsertCertifiers(FeaturesContext db, DBBuffer buffer, Paths Paths, string log)
{
db.BulkInsert(Certifier.Import(Paths, log));
buffer.p_certifiers = db.Certifier.ToList();
}
public void ShouldNotThrowExceptionWhenValidSignatureIsGivenAsParameterForUserInput()
{
Assert.DoesNotThrow(() => Certifier.Main(new[] { "-v", "signature", "--publickey", "public.pem", "-i", "FooBarBaz", "-s", base64InputSignature }));
console.Verify(c => c.WriteLine(It.IsAny <string>()), Times.Never);
}
public void ShouldNotThrowExceptionForValidFileSignature(string[] applicationParameters)
{
Assert.DoesNotThrow(() => Certifier.Main(applicationParameters));
console.Verify(c => c.WriteLine(It.IsAny <string>()), Times.Never);
}
public void ShouldThrowExceptionWhenInvalidSignatureIsGivenAsParameterForUserInput()
{
string tamperedBase64InputSignature = TamperBase64Signature(base64InputSignature);
Assert.Throws <CryptographicException>(() => Certifier.Main(new[] { "-v", "signature", "--publickey", "public.pem", "-i", "FooBarBaz", "-s", tamperedBase64InputSignature }));
}
public void ShouldThrowExceptionWhenInvalidSignatureIsGivenAsParameterForFileContent()
{
string tamperedBase64FileSignature = TamperBase64Signature(base64FileSignature);
Assert.Throws <CryptographicException>(() => Certifier.Main(new[] { "-v", "signature", "--publickey", "public.pem", "-f", "content.file", "-s", tamperedBase64FileSignature }));
}
public void ShouldThrowExceptionForInvalidFileSignature(string[] applicationParameters)
{
Assert.Throws <CryptographicException>(() => Certifier.Main(applicationParameters));
}
public void ShouldIndicateSsh2Incompatibility()
{
var exception = Assert.Throws <InvalidOperationException>(() => { Certifier.Main(new[] { "-c", "key", "-b", "2048", "-k", "elgamal", "-t", "ssh2", "--privatekey", "private.pem", "--publickey", "public.pem", "--fast" }); });
Assert.AreEqual("Cipher type not supported for SSH2 key.", exception.Message);
}
public void ShouldIndicateMissingPassword()
{
var exception = Assert.Throws <ArgumentException>(() => { Certifier.Main(new[] { "-c", "key", "-b", "2048", "-k", "elgamal", "-e", "pkcs", "--privatekey", "private.pem", "--publickey", "public.pem", "--fast" }); });
Assert.AreEqual("Password is required for encryption.", exception.Message);
}
