public void kgss()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/kgss.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Full, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
}
public static void InitializeClass()
{
//Bob as decryption
bobEtk = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk"));
//Bob (and Alice) used for decryption
alice = new EHealthP12("../../alice/alices_private_key_store.p12", "test");
bob = new EHealthP12("../../bob/bobs_private_key_store.p12", "test");
//create a tsa (fedict in this case)
tsa = new Rfc3161TimestampProvider();
}
public void Bob2()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/Bob2_public_key.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.IssuerTrustUnknown));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.RevocationStatusUnknown));
}
public void ValidButScrambledDN()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/valid_but_scrambledDN.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage));
}
public void NotYetAuth()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/not_yet_auth.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid));
}
public void MixedKeyAlgorithm()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_key_algorithm.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.UntrustedIssuer));
Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeyType)); //this is why it is invailid, not because of the key type
}
public void InvalidKeySize()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_key_size.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
//This is no longer the case because we allow eID with 1024 bit keys.
//Assert.IsTrue(info.IssuerInfo.SecurityViolations.Contains(CertSecurityViolation.NotValidKeySize));
}
public void InvalidEncKeyUsage()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/invalid_encrkey_usage.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotValidForUsage));
}
public void ExpiredEnc()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/expired_encr.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.NotTimeValid));
}
public void DifferentDN()
{
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../etk/auth_and_encr_not_same_DN.etk"));
CertificateSecurityInformation info = receiver.Verify();
Console.WriteLine(info.ToString());
Assert.IsNotNull(info.ToString());
Assert.AreEqual(ETEE::Status.TrustStatus.None, info.TrustStatus);
Assert.AreEqual(ValidationStatus.Invalid, info.ValidationStatus);
Assert.IsTrue(info.SecurityViolations.Contains(CertSecurityViolation.HasNotPermittedNameConstraint));
}
private X509Certificate2[] ConverToX509Certificates(EncryptionToken[] tokens)
{
X509Certificate2[] certs = new X509Certificate2[tokens.Length];
for (int i = 0; i < tokens.Length; i++)
{
certs[i] = tokens[i].ToCertificate();
}
return certs;
}
public void HudgeFile()
{
Random rand = new Random();
byte[] buffer = new byte[10240]; //10k blocks
String file = Path.GetTempFileName();
FileStream hudgeFile = new FileStream(file, FileMode.Open);
try
{
//Write random stuff into it, for 500 MB
for (int i = 0; i < 51200; i++)
{
rand.NextBytes(buffer);
hudgeFile.Write(buffer, 0, buffer.Length);
}
//Rest
hudgeFile.Position = 0;
//Get ETK
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk"));
//Seal
IDataSealer sealer = EhDataSealerFactory.Create(Level.B_Level, alice);
Stream output = sealer.Seal(hudgeFile, receiver);
hudgeFile.Position = 0;
UnsealResult result;
using (output)
{
//Unseal again
IDataUnsealer unsealer = DataUnsealerFactory.Create(null, alice, bob);
result = unsealer.Unseal(output);
}
Console.WriteLine(result.SecurityInformation.ToString());
//check the lenth and the first bytes
Assert.AreEqual(hudgeFile.Length, result.UnsealedData.Length);
Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte());
Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte());
Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte());
Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte());
Assert.AreEqual(hudgeFile.ReadByte(), result.UnsealedData.ReadByte());
result.UnsealedData.Dispose();
}
finally {
hudgeFile.Close();
File.Delete(file);
}
}
private void Mixed(IDataSealer sealer, IDataUnsealer unsealer)
{
String str = "This is a secret message from Alice to everybody";
SecretKey key = new SecretKey("btSefztkXjZmlZyHQIumLA==", "aaUnRynIwd3GFQmhXfW+VQ==");
EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk"));
Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), key, receiver1);
UnsealResult result = unsealer.Unseal(output, key);
Console.WriteLine(result.SecurityInformation.ToString());
MemoryStream stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.IsNull(result.SecurityInformation.Encryption.Subject);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
output.Position = 0;
result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
}
private void Addressed(IDataSealer sealer, IDataUnsealer unsealer)
{
String str = "This is a secret message from Alice for Bob";
//Get ETK
EncryptionToken receiver = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk"));
//receiver.Verify();
Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), receiver);
UnsealResult result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Close();
MemoryStream stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
//Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream));
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
}
public void MultiAddressed()
{
String str = "This is a secret message from Alice for Bob and Herself";
//Get ETK
EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully("../../bob/bobs_public_key.etk"));
EncryptionToken receiver2 = new EncryptionToken(Utils.ReadFully("../../alice/alices_public_key.etk"));
IDataSealer sealer = EhDataSealerFactory.Create(Level.B_Level, alice);
Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), receiver1, receiver2);
IDataUnsealer unsealer = DataUnsealerFactory.Create(null, alice, bob);
UnsealResult result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Position = 0;
MemoryStream stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
unsealer = DataUnsealerFactory.Create(null, alice);
result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Position = 0;
stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
//Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream));
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(alice["1204544406096826217265"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
unsealer = DataUnsealerFactory.Create(null, bob);
result = unsealer.Unseal(output);
Console.WriteLine(result.SecurityInformation.ToString());
output.Position = 0;
output.Close();
stream = new MemoryStream();
Utils.Copy(result.UnsealedData, stream);
//Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream));
Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus);
Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint);
Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint);
Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint);
Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray()));
Assert.IsNotNull(result.SecurityInformation.ToString());
}