public void VerifyKeyBased()
{
KSI.Ksi ksi = GetKsi();
// Read signature, assume to be not extended
IKsiSignature signature = LoadUnextendedSignature();
IDataHasher dataHasher = new DataHasher(signature.GetAggregationHashChains()[0].InputHash.Algorithm);
dataHasher.AddData(File.ReadAllBytes("Resources/infile.txt"));
VerificationPolicy policy = new KeyBasedVerificationPolicy(new X509Store(StoreName.Root), GetCertificateSubjectRdnSelector());
VerificationContext context = new VerificationContext(signature)
{
DocumentHash = dataHasher.GetHash(),
PublicationsFile = ksi.GetPublicationsFile(),
};
VerificationResult verificationResult = policy.Verify(context);
if (verificationResult.ResultCode == VerificationResultCode.Ok)
{
Console.WriteLine("VerifyKeyBased > signature valid");
}
else
{
Console.WriteLine("VerifyKeyBased > signature verification failed with error > " + verificationResult.VerificationError);
}
}
public void SignWithStreamAndLevelTest(Ksi ksi)
{
IKsiSignature signature;
using (MemoryStream stream = new MemoryStream())
{
byte[] data = Encoding.UTF8.GetBytes("This is my document");
stream.Write(data, 0, data.Length);
stream.Seek(0, SeekOrigin.Begin);
signature = ksi.Sign(stream, 3);
}
Assert.LessOrEqual(3, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Level correction is invalid.");
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = new DataHash(HashAlgorithm.Sha2256,
Base16.Decode("D439459856BEF5ED25772646F73A70A841FC078D3CBBC24AB7F47C464683768D")),
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
private static void Verify(Ksi ksi, IKsiSignature signature, DataHash documentHash)
{
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile()
};
AggregationHashChain.Link firstChainLink = signature.GetAggregationHashChains()[0].GetChainLinks()[0];
if (firstChainLink.Metadata != null && firstChainLink.Metadata.Padding == null)
{
throw new Exception("Metadata padding is missing.");
}
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
if (verificationResult.ResultCode != VerificationResultCode.Ok)
{
Console.WriteLine("Verification result code: " + verificationResult.ResultCode);
Console.WriteLine("Verification rule name: " + verificationResult.RuleName);
Console.WriteLine("Verification error: " + verificationResult.VerificationError);
}
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
private VerificationResult SignHash(Ksi ksi)
{
DataHash hash = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IKsiSignature signature = ksi.Sign(hash);
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = hash,
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
return(policy.Verify(verificationContext));
}
public void HttpSignSm3HashTest(Ksi ksi)
{
DataHash hash = new DataHash(HashAlgorithm.Sm3, Base16.Decode("9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IKsiSignature signature = ksi.Sign(hash);
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = hash,
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
public void SignByteArrayTest(Ksi ksi)
{
byte[] data = Encoding.UTF8.GetBytes("This is my document");
IKsiSignature signature = ksi.Sign(data);
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = new DataHash(HashAlgorithm.Sha2256,
Base16.Decode("D439459856BEF5ED25772646F73A70A841FC078D3CBBC24AB7F47C464683768D")),
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
public void HttpSignHashWithLevelTest(Ksi ksi)
{
DataHash documentHash = new DataHash(HashAlgorithm.Sha2256, Base16.Decode("9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"));
IKsiSignature signature = ksi.Sign(documentHash, 3);
Assert.LessOrEqual(3, signature.GetAggregationHashChains()[0].GetChainLinks()[0].LevelCorrection, "Level correction is invalid.");
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = documentHash,
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
VerificationResult verificationResult = policy.Verify(verificationContext);
Assert.AreEqual(VerificationResultCode.Ok, verificationResult.ResultCode, "Signature should verify with key based policy");
}
public void VerifySignedHashWithInvalidHashTest(Ksi ksi)
{
VerificationResult verificationResult;
using (MemoryStream memoryStream = new MemoryStream(Encoding.UTF8.GetBytes("test")))
{
IDataHasher dataHasher = CryptoTestFactory.CreateDataHasher(HashAlgorithm.Sha2256);
dataHasher.AddData(memoryStream);
IKsiSignature signature = ksi.Sign(dataHasher.GetHash());
VerificationContext verificationContext = new VerificationContext(signature)
{
DocumentHash = new DataHash(HashAlgorithm.Sha2256,
Base16.Decode("1f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08")),
PublicationsFile = ksi.GetPublicationsFile()
};
KeyBasedVerificationPolicy policy = new KeyBasedVerificationPolicy();
verificationResult = policy.Verify(verificationContext);
}
Assert.AreEqual(VerificationResultCode.Fail, verificationResult.ResultCode, "Invalid hash should not verify with key based policy");
Assert.AreEqual(VerificationError.Gen01, verificationResult.VerificationError);
}
