private static void Verify(Ksi ksi, IKsiSignature signature, DataHash documentHash)
{
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile()
};
AggregationHashChain.Link firstChainLink = signature.GetAggregationHashChains()[0].GetChainLinks()[0];
if (firstChainLink.Metadata != null && firstChainLink.Metadata.Padding == null)
{
throw new Exception("Metadata padding is missing.");
}
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
if (verificationResult.ResultCode != VerificationResultCode.Ok)
{
Console.WriteLine("Verification result code: " + verificationResult.ResultCode);
Console.WriteLine("Verification rule name: " + verificationResult.RuleName);
Console.WriteLine("Verification error: " + verificationResult.VerificationError);
}
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
public void CreateFromAggregationResponsePayloadTest()
{
KsiSignatureFactory signatureFactory = new KsiSignatureFactory();
AggregationResponsePayload aggregationResponsePayload =
new AggregationResponsePayload(new RawTag(0x2, false, false,
Base16.Decode(
"0108AFE5A27DEF7743A1040005094E6F206572726F72008801006702045A6EF58C03010B03012503010D03010B03010305210196BFBF3488DC0485775A5A2B0F9870100009630F4783AAAC73C0D72E2C3343B4060101072A04287E01016105616E6F6E0062116B736967772D74657374757365723A3100630064070563E79A43A003880100AB02045A6EF58C03010B03012503010D03010B0521013C7A08C4C6F62C5E42FEA933EC5B7EB59FA522A1664BA4560E8DAF0FBD1A810E060101072404227E0201016103475400620B414C65322D312D323A360063010A64070563E79A44C9A0072601010102210155ECF6F1FDD26FE579D3D81A6ADF93987C6DFA02D3504F313B81DD2FB95F51C40823022101C3D0F6018F79DCA5D2FEC42EF89ECC805FD288BFDD56AEDDDBE0AFB77A488D6F880100A302045A6EF58C03010B03012503010D0521011B30143F49B30B251614B2BDB98C4606E6B92F17BD967B27C2F75161C54FE100060101072204207E02010161034754006209415365322D303A310063010164070563E79A4AC5400823022101FC9E9054C97CBCE13F65CB0B733A2A227B5CE5D23C0980C3B284B27BE5ABE63407230221010F87C8F8E53E3DA5840B545AC90219617A4FEAB9F76E7DFF336D7A14814F4C70880100E802045A6EF58C03010B0301250521016F946BC6CA37CBAB00A5DE378FD7C191ADC257C7E2E67EA2F933555F9C15292E0601010720041E7E02010161034754006207414E65323A300063011364070563E79A4AFAE508230221014C7D57F20776DC3CE07742B66B6527E5286D7CA9B03762C71DC935BB6888D62D0723022101E69A7B97BF8DA43685BA8AE8375BE287FDDB548F0F6820C26B35669365C2B4C608230221019F16DB50A02F8D92AA4599841F6316707B1A662A39518A489588504B554D1B7608230221010E288C96225D2179DEF90F28BE4FE62BF2C3AD28EFB8A8F600DCCF8F6A9676F7880100A402045A6EF58C03010B0521017F0D9AE236EBE7B56FEACA0B6AC53033A6993E437E495F6CE50DA46C1096E4E10601010726010144022101D474205F20C49D3BA8D144293E6D4FD2087260D25539328035E97BF792E8F6BD072601012C0221016D6210425AAB8257DE2F6E2FDC36DBDB9E7E7C976906579EAE68C8F440C891540823022101488F69C2C30F862FDCBC1BE79BB87C81D1E47BA621BE9B88076E1AA8D2D734BB880202A501045A6EF58C02045A6EF58C0521017657A2D6FD236E05B6FB45F189B5845FED615138D3782E5D4D1DA375D66E200708210142B20235775AAEF836F21B5A12D16535A401076FC0DD40DB1C5D6C62F3349B24082101B11A0A6D1B5415EE802A8C1F0E8ADC413D52283EBD91F801F1D16DAD3AE2642D082101ADEE14D2FA3F684727AE6802CD421C76BC965AEBFA2E2010691853E968643211082101E4C451E413358603EFE08066EEDA908FB6ECB609CE0DAE3A3F835B894AA3371F082101BEE31E35A4C47ED8A44BC46DEBAD7A14A259B8CA515E80A7493FB57AD862808F0821017724A0A2A8EB1F36C89F53C4BA5884AAFD10A8DD68673E6BCFF8C7A6B969D461082101D9D4620A29065A193015C1E15A15F392E133F0A2FA19464F3C06F1E8E320D074082101582522AEB80C092A3019ADA6B1AE0ED63D0BFB46CBFC75BB5ABC9E6E17F93F6308210141C699CC60229704B2B748ADCCBCD6760483607D3CEC93F3D84FA1E5B9ED3F600821018E886DD92F0A028B9680F971E189E47C474808B5CA020B8237ADCAF84A107335082101ED4F4C983F9425003ED5F3139ACECFA58BBC3356E6ED42D0EF32EFBBB0BBE27E082101468742111669F6E9C3FF6D6EF588D4CA2E83CB019BF8294058D18D6803386FF808210146DD0425199FC10F742F8FF8FC1A6EA2F9607AEC95EF0C9345EBB619E9EA634E082101CEC119E2F9EEDA49B7CABA0BD16F39FC68B9763260C4EAFBBFCE8757A8C129C108210148DEA5B1AFDBDA4B016A138B7F52F763E6826FCB935CEA9D8B8FF1AAA6B5A53B082101EBC3AB1D86641581130AC3C7077B71B67BBA4C915530E9FE49B98769FC8DCAEB082101496FC0120D854E7534B992AB32EC3045B20D4BEE1BFBE4564FD092CEAFA08B72082101BB44FD36A5F3CDEE7B5C6DF3A6098A09E353335B6029F1477502588A7E37BE0088050151302902045A6EF58C0421012EEE26A5F6FF57C8F24A0CF0546C107E6285FA0FE5962B0691EC5FDF5AF15D0C800B01220116312E322E3834302E3131333534392E312E312E3131008002010034BA0861EC8545A9ADC70F08FA82D8D16D678554320025EC2255C92996D6F19FF41F3F1FFC0D5B14152A6AD6EED9C017E460E9A9E97CE73BAB5B43672388DDDEDE524A134DB9A54770373993F706ECBBFBF249CEFB16A37F7593D4B54B4ECD84499F23D81CA6D8BF21E414F96EB7FE8CFD7863506937266EF8948E5B823E63F2025F0CFBA62D6144E37C756B23BF5DE5559BA0F358EC5E311232CC02E5D73832AEB7BBFFCE41390B4FA051051DFFB5F96710D348A97138ED97A5ACFD23CF78ED560EC509880B57CEA57580824BF849B163665C958DEB8FD3F715A7346BC89FDE9F250F67D107654945D42E62EFF452793ACFC4DC8AF9F77BC8C3A31968570B4E03048DEA135F")));
IKsiSignature signature = signatureFactory.Create(aggregationResponsePayload,
new DataHash(Base16.Decode("0196BFBF3488DC0485775A5A2B0F9870100009630F4783AAAC73C0D72E2C3343B4")), 1);
Assert.AreEqual(5, signature.GetAggregationHashChains().Count, "Unexpected aggregation hash chain count.");
Assert.AreEqual(1, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Unexpected first aggregation hash chain first link level correction.");
Assert.IsNotNull(signature.CalendarHashChain, "Unexpected calendar hash chain: null");
Assert.IsNotNull(signature.CalendarAuthenticationRecord, "Unexpected calendar auth record: null");
}
public void VerifyKeyBased()
{
KSI.Ksi ksi = GetKsi();
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
VerificationPolicy policy = new KeyBasedVerificationPolicy(new X509Store(StoreName.Root), GetCertificateSubjectRdnSelector());
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyKeyBased > signature valid");
}
else
{
Console.WriteLine("VerifyKeyBased > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyExtendedSignatureUsingPublicationsCodeAutoExtend()
{
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM");
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
UserPublication = publicationData,
IsExtendingAllowed = true,
KsiService = GetKsiService(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCodeAutoExtend > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCodeAutoExtend > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyCalendarBasedUnextended()
{
IKsiSignature signature = LoadUnextendedSignature();
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
VerificationPolicy policy = new CalendarBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
KsiService = GetKsiService(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyCalendarBasedUnextended > signature valid");
}
else
{
Console.WriteLine("VerifyCalendarBasedUnextended > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void VerifyExtendedSignatureUsingPublicationsFile()
{
KSI.Ksi ksi = GetKsi();
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
// We need to compute the hash from the original data, to make sure it
// matches the one in the signature and has not been changed
// Use the same algorithm as the input hash in the signature
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsFile > verification failed with error > " + verificationResult.VerificationError);
}
}
/// <summary>
/// Create uni-signatures based on the root signature.
/// </summary>
/// <returns></returns>
private IEnumerable <IKsiSignature> CreateUniSignatures(IKsiSignature rootSignature)
{
Logger.Debug("Start creating uni-signatures.");
AggregationHashChain existingAggregationHashChain = rootSignature.GetAggregationHashChains()[0];
byte[] rootSignatureData = rootSignature.EncodeValue();
ulong[] chainIndex = PrepareChainIndex(existingAggregationHashChain);
foreach (TreeNode node in _leafNodes)
{
using (MemoryStream stream = new MemoryStream())
{
AggregationHashChain aggregationHashChain = GetAggregationHashChain(existingAggregationHashChain, node, chainIndex);
aggregationHashChain.WriteTo(stream);
// Take root node signature data and add aggregation hash chain.
byte[] signatureData = new byte[rootSignatureData.Length + stream.Length];
Array.Copy(stream.ToArray(), signatureData, stream.Length);
Array.Copy(rootSignatureData, 0, signatureData, stream.Length, rootSignatureData.Length);
// Create new signature from the signature data.
yield return(_signatureFactory.CreateByContent(signatureData, node.Hash));
}
}
Logger.Debug("End creating uni-signatures.");
}
public void VerifyExtendedSignatureUsingPublicationsCode()
{
// Read the existing signature, assume it is extended
IKsiSignature signature = LoadExtendedSignature();
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
// The trust anchor in this example is the publication code in Financial Times or on Twitter
PublicationData publicationData = new PublicationData("AAAAAA-CWYEKQ-AAIYPA-UJ4GRT-HXMFBE-OTB4AB-XH3PT3-KNIKGV-PYCJXU-HL2TN4-RG6SCC-3ZGSBM");
// Do the verification and check the result
VerificationPolicy policy = new PublicationBasedVerificationPolicy();
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
UserPublication = publicationData
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCode > signature valid");
}
else
{
Console.WriteLine("VerifyExtendedSignatureUsingPublicationsCode > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void PrintAggregationHashChain()
{
IKsiSignature signature = LoadExtendedSignature();
foreach (AggregationHashChain ahc in signature.GetAggregationHashChains())
{
Console.WriteLine("PrintAggregationHashChain > chain identity > " + ahc.GetChainIdentity());
}
}
public void SignStaticWithLevelTest()
{
Ksi ksi = GetStaticKsi(Resources.KsiService_AggregationResponsePdu_SignedLevel2_LevelCorrection1, 3306651419058286509);
DataHash documentHash = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IKsiSignature signature = ksi.Sign(documentHash, 2);
Assert.AreEqual(3, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Level correction is invalid.");
}
public void BlockSignerSignOneHashWithBlindingMaskTest(Ksi ksi)
{
BlockSigner blockSigner = new BlockSigner(GetHttpKsiService(), true, new byte[] { 1, 2, 3 });
DataHash hash = new DataHash(Base16.Decode("01580192B0D06E48884432DFFC26A67C6C685BEAF0252B9DD2A0B4B05D1724C5F2"));
blockSigner.Add(hash);
IEnumerator <IKsiSignature> signatures = blockSigner.Sign().GetEnumerator();
Assert.True(signatures.MoveNext(), "Invalid signature count: 0");
IKsiSignature signature = signatures.Current;
Assert.False(signatures.MoveNext(), "Invalid signature count: > 1");
Assert.Less(0, signature.GetAggregationHashChains()[0].GetChainLinks().Count, "Invalid links count.");
Assert.IsNull(signature.GetAggregationHashChains()[0].GetChainLinks()[0].Metadata, "Unexpected right sibling type.");
VerifyChainAlgorithm(signature, HashAlgorithm.Default);
Verify(ksi, signature, hash);
}
/// <see cref="VerificationRule.Verify" />
public override VerificationResult Verify(IVerificationContext context)
{
IKsiSignature signature = GetSignature(context);
ulong levelCorrection = signature.IsRfc3161Signature ? 0 : signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection;
return(context.DocumentHashLevel > levelCorrection
? new VerificationResult(GetRuleName(), VerificationResultCode.Fail, VerificationError.Gen03)
: new VerificationResult(GetRuleName(), VerificationResultCode.Ok));
}
public void PrintAggregationHashChain()
{
IKsiSignature signature = LoadExtendedSignature();
foreach (AggregationHashChain ahc in signature.GetAggregationHashChains())
{
Console.WriteLine("PrintAggregationHashChain > chain identity > " +
string.Join("::", ahc.GetIdentity().Select(i => i.ClientId).ToArray()));
}
}
public void HASignWithLevelTest()
{
Ksi ksi = new Ksi(new HAKsiService(SigningServices, null, null));
DataHash hash = new DataHash(Base16.Decode("019f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a10"));
IKsiSignature signature = ksi.Sign(hash, 3);
Assert.NotNull(signature);
Assert.AreEqual(hash, signature.InputHash);
Assert.AreEqual(3L, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection);
}
public void BlockSignerSignOneWithMetadaHashTest(Ksi ksi)
{
BlockSigner blockSigner = new BlockSigner(GetHttpKsiService());
DataHash hash = new DataHash(Base16.Decode("01580192B0D06E48884432DFFC26A67C6C685BEAF0252B9DD2A0B4B05D1724C5F2"));
IdentityMetadata metadata = new IdentityMetadata("test client id");
blockSigner.Add(hash, metadata);
IEnumerator <IKsiSignature> signatures = blockSigner.Sign().GetEnumerator();
Assert.True(signatures.MoveNext(), "Invalid signature count: 0");
IKsiSignature signature = signatures.Current;
Assert.False(signatures.MoveNext(), "Invalid signature count: > 1");
Assert.AreEqual(1, signature.GetAggregationHashChains()[0].GetChainLinks().Count, "Invalid links count.");
Assert.AreEqual(metadata.ClientId, signature.GetAggregationHashChains()[0].GetChainLinks()[0].Metadata.ClientId, "Invalid metadata.");
VerifyChainAlgorithm(signature, HashAlgorithm.Default);
Verify(ksi, signature, hash);
}
/// <summary>
/// Get aggregation hash chain collection from KSI signature
/// </summary>
/// <param name="signature">KSI signature</param>
/// <param name="canBeEmpty">indicates if aggregation has chain collection can be empty</param>
/// <returns>aggregation hash chain collection</returns>
public static ReadOnlyCollection <AggregationHashChain> GetAggregationHashChains(IKsiSignature signature, bool canBeEmpty)
{
ReadOnlyCollection <AggregationHashChain> aggregationHashChains = signature.GetAggregationHashChains();
if (!canBeEmpty && (aggregationHashChains == null || aggregationHashChains.Count == 0))
{
throw new KsiVerificationException("Aggregation hash chains are missing from KSI signature.");
}
return(aggregationHashChains ?? new ReadOnlyCollection <AggregationHashChain>(new AggregationHashChain[] { }));
}
public void BlockSignerSignOneHashWithLevelTest(Ksi ksi)
{
BlockSigner blockSigner = new BlockSigner(GetHttpKsiService());
DataHash hash = new DataHash(Base16.Decode("01580192B0D06E48884432DFFC26A67C6C685BEAF0252B9DD2A0B4B05D1724C5F2"));
blockSigner.Add(hash, null, 2);
IEnumerator <IKsiSignature> signatures = blockSigner.Sign().GetEnumerator();
Assert.True(signatures.MoveNext(), "Invalid signature count: 0");
IKsiSignature signature = signatures.Current;
Assert.False(signatures.MoveNext(), "Invalid signature count: > 1");
Assert.Less(0, signature.GetAggregationHashChains()[0].GetChainLinks().Count, "Invalid links count.");
Assert.AreEqual(Properties.Settings.Default.HttpSigningServiceUser, signature.GetAggregationHashChains()[0].GetChainLinks()[0].Metadata.ClientId,
"Unexpected metadata.");
Assert.LessOrEqual(2, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Level correction is invalid.");
VerifyChainAlgorithm(signature, HashAlgorithm.Default);
Verify(ksi, signature, hash);
}
/// <summary>
/// Create KSI signature instance from given signature by adding a new aggregation hash chain as the lowest level chain.
/// </summary>
/// <param name="signature">Base KSI signature</param>
/// <param name="inputHash">Input hash of the aggregation chain to be added.</param>
/// <param name="aggregationAlgorithm">Aggregation algorithm of the aggregation chain to be added.</param>
/// <param name="chainLinks">Hash chain links of the aggregation chain to be added.</param>
/// <returns></returns>
public IKsiSignature CreateSignatureWithAggregationChain(IKsiSignature signature, DataHash inputHash, HashAlgorithm aggregationAlgorithm,
AggregationHashChain.Link[] chainLinks)
{
AggregationHashChain lowestChain = signature.GetAggregationHashChains()[0];
// create chain index
ulong[] firstLevelChainIndex = lowestChain.GetChainIndex();
ulong[] chainIndex = new ulong[firstLevelChainIndex.Length + 1];
Array.Copy(firstLevelChainIndex, 0, chainIndex, 0, firstLevelChainIndex.Length);
chainIndex[chainIndex.Length - 1] = AggregationHashChain.CalcLocationPointer(chainLinks);
// Create new lowest chain
AggregationHashChain newAggregationHashChain = new AggregationHashChain(lowestChain.AggregationTime, chainIndex, inputHash, aggregationAlgorithm.Id, chainLinks);
// check level correction
AggregationHashChainResult chainResult = newAggregationHashChain.GetOutputHash(new AggregationHashChainResult(0, inputHash));
ulong levelCorrection = lowestChain.GetChainLinks()[0].LevelCorrection;
if (chainResult.Level > levelCorrection)
{
throw new KsiException(string.Format(
"The aggregation hash chain cannot be added as lowest level chain. It's output level ({0}) is bigger than level correction of the first link of the first aggregation hash chain of the base signature ({1}).",
chainResult.Level, levelCorrection));
}
if (chainResult.Hash != lowestChain.InputHash)
{
throw new KsiException("The aggregation hash chain cannot be added as lowest level chain. It's output hash does not match base signature input hash.");
}
// Create list on new signature child tags.
// Add new aggregation hash chain as the first element.
// Add the chain that was initally the lowest (with corrected level correction) as second element
List <ITlvTag> childTags = new List <ITlvTag>
{
newAggregationHashChain,
CreateAggregationHashChainWithLevelCorrection(lowestChain, levelCorrection - chainResult.Level)
};
foreach (ITlvTag tag in signature)
{
// Add all the signature components except the chain that was initially the lowest.
if (!ReferenceEquals(tag, lowestChain))
{
childTags.Add(tag);
}
}
KsiSignature resultSignature = new KsiSignature(false, false, childTags.ToArray());
Verify(resultSignature, inputHash);
return(resultSignature);
}
public void TestGetLocationPointerWithMixedAggregationChains()
{
IKsiSignature signature = TestUtil.GetSignature(Resources.KsiSignature_Ok_With_Mixed_Aggregation_Chains);
ReadOnlyCollection <AggregationHashChain> hashChains = signature.GetAggregationHashChains();
ulong[] index = hashChains[0].GetChainIndex();
int i = index.Length - 1;
foreach (AggregationHashChain chain in hashChains)
{
ReadOnlyCollection <AggregationHashChain.Link> links = chain.GetChainLinks();
Assert.AreEqual(index[i--], AggregationHashChain.CalcLocationPointer(links.ToArray()), "Location pointers do not match.");
}
}
public void HttpSignHashWithLevelTest(Ksi ksi)
{
DataHash documentHash = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IKsiSignature signature = ksi.Sign(documentHash, 3);
Assert.LessOrEqual(3, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Level correction is invalid.");
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
public void SignByteArrayWithLevelTest(Ksi ksi)
{
byte[] data = Encoding.UTF8.GetBytes("This is my document");
IKsiSignature signature = ksi.Sign(data, 3);
Assert.LessOrEqual(3, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Level correction is invalid.");
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = new DataHash(HashAlgorithm.Sha2256,
Base16.Decode("D439459856BEF5ED25772646F73A70A841FC078D3CBBC24AB7F47C464683768D")),
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
private static void VerifyChainAlgorithm(IKsiSignature ksiSignature, HashAlgorithm expectedAlgorithm)
{
AggregationHashChain aggregationHashChain = ksiSignature.GetAggregationHashChains()[0];
Assert.AreEqual(expectedAlgorithm.Id, aggregationHashChain.AggregationAlgorithm.Id, "Aggregation hash chain hash algorithm should match");
}