public void TestDisposal()
{
// this test is still bad.
// "default" disposal
byte[] symkey = SecretBox.GenerateKey();
SymmetricEncrypter abc = new SymmetricEncrypter(symkey);
abc.Dispose();
SymmetricEncrypter def;
try
{
def = new SymmetricEncrypter("Not a valid base64 code triggering an exception!");
}
catch (FormatException)
{
// disposal is called although constructor failed.
}
bool exceptionThrown = false;
try
{
def = null;
}
catch (Exception)
{
exceptionThrown = true;
}
_ = new SymmetricEncrypter(symkey);
Assert.IsFalse(exceptionThrown);
}
public void ShowCaseTestSymmetric()
{
Assert.IsTrue(maLo.IsValid()); // as the encryption relies on serializing the BO invalid BOs cannot be encrypted.
byte[] sharedSecret = Sodium.SecretBox.GenerateKey();
EncryptedObject encryptedBo;
using (var encrypter = new SymmetricEncrypter(sharedSecret))
{
encryptedBo = encrypter.Encrypt(maLo, "test case");
}
Debug.Write(JsonConvert.SerializeObject(encryptedBo, new StringEnumConverter()));
//{
// "boTyp": "ENCRYPTEDOBJECTAEAD",
// "versionStruktur": 1,
// "AssociatedData": "test case",
// "encryptionScheme": "SodiumSymmetricAEAD",
// "nonce": "hTbQKm/hAwY=",
// "cipherText": "iORhQsADEviVhjDP3d ... fnGfLF+AsL1F"
//}
Marktlokation decryptedMaLo;
using (var decrypter = new SymmetricEncrypter(sharedSecret))
{
decryptedMaLo = decrypter.Decrypt <Marktlokation>(encryptedBo);
}
Assert.AreEqual(maLo.Lokationsadresse, decryptedMaLo.Lokationsadresse);
}
public void TestBOEncryption()
{
//hubnet.StaticLogger.Logger = new Microsoft.Extensions.Logging.Debug.DebugLogger("Testlogger", (log, level) => { return true; });
string[] files = Directory.GetFiles($"encrypterTests/bo/", "*.json"); //
foreach (string testFile in files)
{
JObject json;
using (StreamReader r = new StreamReader(testFile))
{
string jsonString = r.ReadToEnd();
json = JsonConvert.DeserializeObject <JObject>(jsonString);
}
Assert.IsNotNull(json, $"The content of file {testFile} seems to be no valid JSON.");
string boType = (string)json["boTyp"];
Assert.IsNotNull(boType, $"The JSON content of file {testFile} is missing the obligatory 'boTyp' attribute.");
BusinessObject bo = BO4E.BoMapper.MapObject(boType, json);
Assert.IsNotNull(bo, $"The business object in file {testFile} is not a valid BO4E.");
/******* symmetric test ******/
byte[] symkey = SecretBox.GenerateKey();
string symkeyString = Convert.ToBase64String(symkey);
EncryptedObject eo;
using (SymmetricEncrypter se0 = new SymmetricEncrypter(symkey))
{
eo = se0.Encrypt(bo, "Associated");
}
BusinessObject boDecrypted;
using (SymmetricEncrypter se1 = new SymmetricEncrypter(symkeyString))
{
boDecrypted = se1.Decrypt(eo);
}
string expectedString = JsonConvert.SerializeObject(bo);
string actualString = JsonConvert.SerializeObject(boDecrypted);
Assert.AreEqual(expectedString, actualString, "Original and encrypted->decrypted object do not match!");
/******* asymmetric test ******/
var asykeyPairSender = PublicKeyBox.GenerateKeyPair();
var asykeyPairRecipient = PublicKeyBox.GenerateKeyPair();
using (AsymmetricEncrypter asyenc = new AsymmetricEncrypter(asykeyPairSender))
{
eo = asyenc.Encrypt(bo, Convert.ToBase64String(asykeyPairRecipient.PublicKey));
}
using (AsymmetricEncrypter asydec = new AsymmetricEncrypter(asykeyPairRecipient.PrivateKey))
{
boDecrypted = asydec.Decrypt(eo);
}
expectedString = JsonConvert.SerializeObject(bo);
actualString = JsonConvert.SerializeObject(boDecrypted);
Assert.AreEqual(expectedString, actualString, "Original and encrypted->decrypted object do not match!");
/******* X509 + RSA test ******/
// encrypt (without needing a private key)
X509Certificate2 x509certPubl = new X509Certificate2(X509Certificate2.CreateFromCertFile("encrypterTests/publickey.cer"));
using (X509AsymmetricEncrypter xasyEnc = new X509AsymmetricEncrypter(x509certPubl))// encrypter needs no private key!
{
eo = xasyEnc.Encrypt(bo);
}
// decrypt (using a private key)
AsymmetricCipherKeyPair keyPair;
using (var reader = File.OpenText(@"encrypterTests/privatekey.pem")) // file containing RSA PKCS1 private key
{
keyPair = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject();
}
// openssl genrsa -out privatekey.pem 2048
// openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 3650
using (X509AsymmetricEncrypter xasydec = new X509AsymmetricEncrypter(keyPair.Private))
{
boDecrypted = xasydec.Decrypt(eo);
}
expectedString = JsonConvert.SerializeObject(bo);
actualString = JsonConvert.SerializeObject(boDecrypted);
Assert.IsTrue(expectedString == actualString, "Original and encrypted->decrypted object do not match!");
/********** X509 + RSA multiple recipients *******/
X509Certificate2 x509certPubl2 = new X509Certificate2(X509Certificate2.CreateFromCertFile("encrypterTests/publickey2.cer"));
EncryptedObject eoMultiple;
using (X509AsymmetricEncrypter xasyEncMultiple = new X509AsymmetricEncrypter(new HashSet <X509Certificate2> {
x509certPubl, x509certPubl2
})) // encrypter needs not private key!
{
eoMultiple = xasyEncMultiple.Encrypt(bo);
}
// decrypt (using both private keys)
AsymmetricCipherKeyPair keyPair2;
using (var reader = File.OpenText(@"encrypterTests/privatekey2.pem")) // file containing RSA PKCS1 private key
{
keyPair2 = (AsymmetricCipherKeyPair) new PemReader(reader).ReadObject();
}
using (X509AsymmetricEncrypter xasydecMultiple = new X509AsymmetricEncrypter(keyPair.Private))
{
using X509AsymmetricEncrypter xasydecMultiple2 = new X509AsymmetricEncrypter(keyPair2.Private);
boDecrypted = xasydecMultiple.Decrypt(eoMultiple);
BusinessObject boDecrypted2 = xasydecMultiple2.Decrypt(eoMultiple);
string actualString2 = JsonConvert.SerializeObject(boDecrypted2);
Assert.AreEqual(expectedString, actualString2, "Original and encrypted->decrypted object do not match!");
}
expectedString = JsonConvert.SerializeObject(bo);
actualString = JsonConvert.SerializeObject(boDecrypted);
Assert.AreEqual(expectedString, actualString, "Original and encrypted->decrypted object do not match!");
}
}
