public void kgss() { if (DateTime.Now > new DateTime(2015, 4, 22)) { Assert.Inconclusive("KGSS token must be updated"); } EncryptionToken receiver = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("etk/kgss.etk"))); CertificateSecurityInformation info = receiver.Verify(); Console.WriteLine(info.ToString()); Assert.IsNotNull(info.ToString()); Assert.AreEqual(ETEE::Status.TrustStatus.Full, info.TrustStatus); Assert.AreEqual(ValidationStatus.Valid, info.ValidationStatus); }
public static void InitializeClass(TestContext ctx) { //sign with generated key senderWKey = new WebKey(RSA.Create()); receiverWKey = new WebKey(new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }, RSA.Create()); //Bob as decryption bobEtk = new EncryptionToken(File.ReadAllBytes("bob/bobs_public_key.etk")); //Bob (and Alice) used for decryption alice = new EHealthP12("alice/alices_private_key_store.p12", "test"); bob = new EHealthP12("bob/bobs_private_key_store.p12", "test"); //create a tsa (fedict in this case) tsa = new Rfc3161TimestampProvider(); }
private void Mixed(IDataSealer sealer, IDataUnsealer unsealer) { String str = "This is a secret message from Alice to everybody"; SecretKey key = new SecretKey("btSefztkXjZmlZyHQIumLA==", "aaUnRynIwd3GFQmhXfW+VQ=="); EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("bob/bobs_public_key.etk"))); Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), key, receiver1); UnsealResult result = unsealer.Unseal(output, key); Console.WriteLine(result.SecurityInformation.ToString()); MemoryStream stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.IsNull(result.SecurityInformation.Encryption.Subject); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); output.Position = 0; result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); }
public void MultiAddressed() { String str = "This is a secret message from Alice for Bob and Herself"; //Get ETK EncryptionToken receiver1 = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("bob/bobs_public_key.etk"))); EncryptionToken receiver2 = new EncryptionToken(Utils.ReadFully(GetAbsoluteTestFilePath("alice/alices_public_key.etk"))); IDataSealer sealer = EhDataSealerFactory.Create(Level.B_Level, alice); Stream output = sealer.Seal(new MemoryStream(Encoding.UTF8.GetBytes(str)), receiver1, receiver2); IDataUnsealer unsealer = DataUnsealerFactory.Create(null, alice, bob); UnsealResult result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Position = 0; MemoryStream stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.IsTrue(result.IsNonRepudiatable); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); unsealer = DataUnsealerFactory.Create(null, alice); result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Position = 0; stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); //Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream)); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.IsTrue(result.IsNonRepudiatable); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(alice["1204544406096826217265"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); unsealer = DataUnsealerFactory.Create(null, bob); result = unsealer.Unseal(output); Console.WriteLine(result.SecurityInformation.ToString()); output.Position = 0; output.Close(); stream = new MemoryStream(); Utils.Copy(result.UnsealedData, stream); //Assert.IsInstanceOfType(result.UnsealedData, typeof(WindowsTempFileStream)); Assert.AreEqual(ValidationStatus.Valid, result.SecurityInformation.ValidationStatus); Assert.AreEqual(ETEE::Status.TrustStatus.Unsure, result.SecurityInformation.TrustStatus); Assert.IsTrue(result.IsNonRepudiatable); Assert.AreEqual(alice["Authentication"].Thumbprint, result.AuthenticationCertificate.Thumbprint); Assert.AreEqual(alice["Authentication"].Thumbprint, result.SigningCertificate.Thumbprint); Assert.AreEqual(bob["825373489"].Thumbprint, result.SecurityInformation.Encryption.Subject.Certificate.Thumbprint); Assert.AreEqual(str, Encoding.UTF8.GetString(stream.ToArray())); Assert.IsNotNull(result.SecurityInformation.ToString()); }
private EncryptionToken[] GetTokens(CodeActivityContext context, List<KnownRecipient> addressed) { EncryptionToken[] tokens = new EncryptionToken[0]; var binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; ServiceClient.EtkDepotPortTypeClient etkDepotClient = new ServiceClient.EtkDepotPortTypeClient(binding, new EndpointAddress(EtkDepotUri)); ServiceClient.GetEtkRequest request = new ServiceClient.GetEtkRequest(); request.SearchCriteria = new ServiceClient.IdentifierType[addressed.Count]; for (int i = 0; i < addressed.Count; i++) { request.SearchCriteria[i] = new ServiceClient.IdentifierType(); request.SearchCriteria[i].Type = addressed[i].Type; request.SearchCriteria[i].Value = addressed[i].Value; request.SearchCriteria[i].ApplicationID = addressed[i].ApplicationId; } ServiceClient.GetEtkResponse response = etkDepotClient.GetEtk(request); ServiceException.Check(response); tokens = new EncryptionToken[response.Items.Length]; for (int i = 0; i < response.Items.Length; i++) { byte[] etkRaw = null; if (response.Items[i] is ServiceClient.MatchingEtk) { StringBuilder builder = new StringBuilder(); builder.Append("["); foreach (ServiceClient.IdentifierType id in ((ServiceClient.MatchingEtk)response.Items[i]).Identifier) { builder.Append(id.Type) .Append("=") .Append(id.Value); if (id.ApplicationID != null) { builder.Append(", ") .Append(id.ApplicationID); } builder.Append("; "); } builder.Append("]"); throw new InvalidOperationException("The token could not be retrieved, none/multiple tokens match: " + builder.ToString()); } else if (response.Items[i] is byte[]) { etkRaw = (byte[])response.Items[i]; } tokens[i] = new EncryptionToken(etkRaw); CertificateSecurityInformation tokenInfo = tokens[i].Verify(); if (tokenInfo.ValidationStatus != ValidationStatus.Valid) throw new VerifyException<CertSecurityViolation>(tokenInfo); switch (MinimumTokenTrust) { case TrustStatus.Full: if (tokenInfo.TrustStatus != TrustStatus.Full) throw new VerifyException<CertSecurityViolation>(tokenInfo); break; case TrustStatus.Unsure: if (tokenInfo.TrustStatus == TrustStatus.None) throw new VerifyException<CertSecurityViolation>(tokenInfo); break; default: break; } } return tokens; }