Пример #1
0
 public void CreatePublicationsFileFromFileWithOu()
 {
     using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
     {
         new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                               CryptoTestFactory.CreateCertificateSubjectRdnSelector("OU=Verified Email: [email protected]"))).Create(stream);
     }
 }
Пример #2
0
        public void PkiTrustStoreProviderVerifyWithRootTest()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.KsiPublicationsFile);

            trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
        }
Пример #3
0
        private static KsiService GetKsiService()
        {
            TestKsiServiceProtocol protocol = new TestKsiServiceProtocol();

            return(new KsiService(protocol, new ServiceCredentials("test", "test", HashAlgorithm.Sha2256), protocol, new ServiceCredentials("test", "test", HashAlgorithm.Sha2256),
                                  protocol,
                                  new PublicationsFileFactory(
                                      new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
        }
Пример #4
0
        public void CreatePublicationsFileWithBytesNull()
        {
            ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
            {
                new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                      CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create((byte[])null);
            });

            Assert.AreEqual("bytes", ex.ParamName, "Unexpected exception.");
        }
Пример #5
0
 public IKsiService GetPublicationsFileService(byte[] requestResult = null)
 {
     return(new TestKsiService(
                null, null, null, null,
                new TestKsiServiceProtocol {
         PublicationsFileBytes = requestResult
     },
                new PublicationsFileFactory(
                    new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                              CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), 0, PduVersion.v1));
 }
Пример #6
0
        public void PkiTrustStoreProviderVerifyCustomCertTest()
        {
            // test verify with custom cert

            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCert),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);

            trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
        }
Пример #7
0
 protected static KsiService GetService(PduVersion version, HashAlgorithm aggregatorHmacAlgo, HashAlgorithm extenderHmacAlgo)
 {
     return(new KsiService(
                new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
                new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass, aggregatorHmacAlgo),
                new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
                new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass, extenderHmacAlgo),
                new HttpKsiServiceProtocol(Settings.Default.HttpSigningServiceUrl, Settings.Default.HttpExtendingServiceUrl, Settings.Default.HttpPublicationsFileUrl, 10000),
                new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                      CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), version));
 }
Пример #8
0
        public void PkiTrustStoreProviderVerifyWithoutSignedBytes()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
            {
                trustStoreProvider.Verify(null, null);
            });

            Assert.AreEqual("signedBytes", ex.ParamName);
        }
Пример #9
0
 public void CreatePublicationsFileFromFileWithMultipleRdns()
 {
     using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
     {
         new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                               CryptoTestFactory.CreateCertificateSubjectRdnSelector(new List <CertificateSubjectRdn>
         {
             new CertificateSubjectRdn("1.2.840.113549.1.9.1", "*****@*****.**"),
             new CertificateSubjectRdn("OU", "Verified Email: [email protected]")
         })))
         .Create(stream);
     }
 }
Пример #10
0
        public void CreatePublicationsFileFromFileWithEmptyRdn()
        {
            using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
            {
                ArgumentException ex = Assert.Throws <ArgumentException>(delegate
                {
                    new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                          CryptoTestFactory.CreateCertificateSubjectRdnSelector(""))).Create(stream);
                });

                Assert.That(ex.Message, Does.StartWith("RDN cannot be empty"));
            }
        }
Пример #11
0
 protected static KsiService GetHttpKsiServiceWithDefaultPduVersion()
 {
     return(new KsiService(
                GetHttpKsiServiceProtocol(),
                new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass,
                                       TestUtil.GetHashAlgorithm(Settings.Default.HttpSigningServiceHmacAlgorithm)),
                GetHttpKsiServiceProtocol(),
                new ServiceCredentials(Settings.Default.HttpExtendingServiceUser, Settings.Default.HttpExtendingServicePass,
                                       TestUtil.GetHashAlgorithm(Settings.Default.HttpExtendingServiceHmacAlgorithm)),
                GetHttpKsiServiceProtocol(),
                new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                      CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));
 }
Пример #12
0
        public void CreatePublicationsFileFromFileWithOidAndInvalidEmail()
        {
            using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
            {
                PublicationsFileException ex = Assert.Throws <PublicationsFileException>(delegate
                {
                    new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                          CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
                });

                Assert.That(ex.Message, Does.StartWith("Publications file verification failed."));
            }
        }
Пример #13
0
        public void CreatePublicationsFileFromFileWithInvalidName()
        {
            using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
            {
                ArgumentException ex = Assert.Throws <ArgumentException>(delegate
                {
                    new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                          CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
                });

                // separate error messages for microsoft and bouncycastle crypto
                Assert.That(ex.Message, Does.StartWith("Invalid RDN:") | Does.Contain("Unknown object id"));
            }
        }
Пример #14
0
        private static IPublicationsFile GetPublicationsFile(string path, string certPath)
        {
            if (string.IsNullOrEmpty(path))
            {
                return(PubsFile);
            }

            X509Store certStore = string.IsNullOrEmpty(certPath) ? new X509Store(StoreName.Root) : TestUtil.CreateCertStore(certPath);

            PublicationsFileFactory factory = new PublicationsFileFactory(
                new PkiTrustStoreProvider(certStore, CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")));

            return(factory.Create(File.ReadAllBytes(Path.Combine(TestSetup.LocalPath, path))));
        }
Пример #15
0
 protected static IKsiService GetStaticKsiService(TestKsiServiceProtocol protocol, ulong requestId = 0,
                                                  PduVersion pduVersion             = PduVersion.v2,
                                                  HashAlgorithm signingMacAlgorithm = null, HashAlgorithm extendingMacAlgorithm = null)
 {
     return
         (new TestKsiService(
              protocol,
              new ServiceCredentials(TestConstants.ServiceUser, TestConstants.ServicePass, signingMacAlgorithm),
              protocol,
              new ServiceCredentials(TestConstants.ServiceUser, TestConstants.ServicePass, extendingMacAlgorithm),
              protocol,
              new PublicationsFileFactory(
                  new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                            CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), requestId, pduVersion));
 }
Пример #16
0
        public void CreateCertificateSubjectRdnSelectorTest()
        {
            string typeName = CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]").GetType().FullName;

            switch (CryptoTestFactory.ProviderType)
            {
            case CryptoProviderType.Microsoft:
                Assert.AreEqual("Guardtime.KSI.Crypto.Microsoft.Crypto.CertificateSubjectRdnSelector", typeName, "Invalid CertificateSubjectRdnSelector type name.");
                break;

            case CryptoProviderType.BouncyCastle:
                Assert.AreEqual("Guardtime.KSI.Crypto.BouncyCastle.Crypto.CertificateSubjectRdnSelector", typeName, "Invalid CertificateSubjectRdnSelector type name.");
                break;
            }
        }
Пример #17
0
        public void CreatePublicationsFileFromFileWithInvalidOid()
        {
            using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
            {
                ArgumentException ex = Assert.Throws <ArgumentException>(delegate
                {
                    new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                          CryptoTestFactory.CreateCertificateSubjectRdnSelector(new List <CertificateSubjectRdn>
                    {
                        new CertificateSubjectRdn("1.2.840.113549.1.9.1X", "*****@*****.**")
                    })))
                    .Create(stream);
                });

                Assert.That(ex.Message, Does.StartWith("Rdn contains invalid Oid or Value."));
            }
        }
Пример #18
0
        private static IVerificationContext GetVerificationContext(TestingRow testingRow, IKsiSignature signature, string testDataDir, bool setUserPublication = false)
        {
            IPublicationsFile publicationsFile = null;
            IKsiService       service;

            if (!setUserPublication)
            {
                publicationsFile = GetPublicationsFile(string.IsNullOrEmpty(testingRow.PublicationsFilePath) ? null : testDataDir + testingRow.PublicationsFilePath,
                                                       string.IsNullOrEmpty(testingRow.CertFilePath) ? null : testDataDir + testingRow.CertFilePath);
            }

            if (string.IsNullOrEmpty(testingRow.ResourceFile))
            {
                service = IntegrationTests.GetHttpKsiService();
            }
            else
            {
                TestKsiServiceProtocol protocol = new TestKsiServiceProtocol
                {
                    RequestResult = File.ReadAllBytes(Path.Combine(TestSetup.LocalPath, testDataDir + testingRow.ResourceFile))
                };
                service =
                    new TestKsiService(
                        protocol,
                        new ServiceCredentials(Properties.Settings.Default.HttpSigningServiceUser, Properties.Settings.Default.HttpSigningServicePass,
                                               TestUtil.GetHashAlgorithm(Properties.Settings.Default.HttpSigningServiceHmacAlgorithm)),
                        protocol,
                        new ServiceCredentials(Properties.Settings.Default.HttpExtendingServiceUser, Properties.Settings.Default.HttpExtendingServicePass,
                                               TestUtil.GetHashAlgorithm(Properties.Settings.Default.HttpExtendingServiceHmacAlgorithm)),
                        protocol,
                        new PublicationsFileFactory(
                            new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                      CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))), 1, PduVersion.v2);
            }

            return(new VerificationContext(signature)
            {
                DocumentHash = testingRow.InputHash,
                UserPublication = setUserPublication ? testingRow.PublicationData : null,
                IsExtendingAllowed = testingRow.IsExtendingAllowed,
                KsiService = service,
                PublicationsFile = publicationsFile,
                DocumentHashLevel = testingRow.InputHashLevel
            });
        }
Пример #19
0
        public void PkiTrustStoreProviderVerifyCustomCertInvalidTest()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);

            PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
            {
                trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
            });

            // separate error messages for Microsoft and Bouncy Castle
            Assert.That(ex.Message.StartsWith("Trust chain did not complete to the known authority anchor. Thumbprints did not match.") ||
                        (ex.Message.StartsWith("Could not build certificate path") &&
                         ex.InnerException.Message.StartsWith("Unable to find certificate chain.")),
                        "Unexpected exception message: " + ex.Message);
        }
Пример #20
0
 public void CreatePublicationsFileFromFileWithLongEmailName()
 {
     if (CryptoTestFactory.ProviderType == CryptoProviderType.BouncyCastle)
     {
         using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
         {
             new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                   CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
         }
     }
     else if (CryptoTestFactory.ProviderType == CryptoProviderType.Microsoft)
     {
         using (FileStream stream = new FileStream(Path.Combine(TestSetup.LocalPath, Resources.KsiPublicationsFile), FileMode.Open, FileAccess.Read))
         {
             new PublicationsFileFactory(new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                   CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"))).Create(stream);
         }
     }
 }
Пример #21
0
        public void PkiTrustStoreProviderVerifyCustomCertExpiredInvalidTest()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCertExpired),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCertExpired);

            PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
            {
                trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
            });

            // separate error messages for Microsoft and Bouncy Castle

            Assert.That(
                ex.Message.StartsWith(
                    "Trust chain did not complete to the known authority anchor. Errors: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.") ||
                (ex.Message.StartsWith("Could not build certificate path") &&
                 ex.InnerException.Message.StartsWith("Certification path could not be validated.") &&
                 ex.InnerException.InnerException.Message.StartsWith("Could not validate certificate: certificate expired on ")),
                "Unexpected exception message: " + ex.Message);
        }
Пример #22
0
        public void SignHashWithTcpTimeoutAndBufferSizeTest()
        {
            uint requestTimeout = 9000;
            uint bufferSize     = 1024;
            TcpKsiSigningServiceProtocol protocol = new TcpKsiSigningServiceProtocol(
                IPAddress.Parse(Settings.Default.TcpExtendingServiceIp),
                Settings.Default.TcpSigningServicePort,
                requestTimeout,
                bufferSize);
            HttpKsiServiceProtocol publicationsFileProtocol = new HttpKsiServiceProtocol(
                null,
                null,
                Settings.Default.HttpPublicationsFileUrl);
            Ksi ksi = new Ksi(new KsiService(
                                  protocol,
                                  new ServiceCredentials(Settings.Default.HttpSigningServiceUser, Settings.Default.HttpSigningServicePass,
                                                         TestUtil.GetHashAlgorithm(Settings.Default.HttpSigningServiceHmacAlgorithm)),
                                  null, null, publicationsFileProtocol,
                                  new PublicationsFileFactory(
                                      new PkiTrustStoreProvider(new X509Store(StoreName.Root), CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]")))));

            VerificationResult verificationResult = SignHash(ksi);

            Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
        }