public static CardManager GetManagerWithConstAccessTokenProvider(ConstAccessTokenProvider constAccessTokenProvider) { Func <RawSignedModel, Task <RawSignedModel> > signCallBackFunc = async(model) => { var response = await EmulateServerResponseToSignByAppRequest(model.ExportAsString()); return(RawSignedModelUtils.GenerateFromString(response)); }; var validator = new VirgilCardVerifier(new VirgilCardCrypto()) { VerifySelfSignature = true, VerifyVirgilSignature = true }; validator.ChangeServiceCreds(AppSettings.ServicePublicKeyDerBase64); var manager = new CardManager(new CardManagerParams() { CardCrypto = CardCrypto, ApiUrl = AppSettings.CardsServiceAddress, AccessTokenProvider = constAccessTokenProvider, SignCallBack = signCallBackFunc, Verifier = validator }); return(manager); }
public void Verifier_Should_VerifyCard_IfCardHasAtLeastOneSignatureFromWhitelist() { //STC-10 var rawSignedModel = faker.PredefinedRawSignedModel(null, true, true, false); var signer = new ModelSigner(new VirgilCardCrypto()); var crypto = new VirgilCrypto(); var keyPair = crypto.GenerateKeys(); signer.Sign(rawSignedModel, new SignParams() { SignerPrivateKey = keyPair.PrivateKey, Signer = "extra" }); var creds = new VerifierCredentials() { PublicKeyBase64 = Bytes.ToString(crypto.ExportPublicKey(keyPair.PublicKey), StringEncoding.BASE64), Signer = "extra" }; var cardManager = faker.CardManager(); var card = cardManager.ImportCardFromJson(rawSignedModel.ExportAsJson()); var verifier = new VirgilCardVerifier(new VirgilCardCrypto()) { VerifySelfSignature = true, VerifyVirgilSignature = true, }; var vrigilPublicKeyBytes = new VirgilCrypto().ExportPublicKey(faker.PredefinedVirgilKeyPair().PublicKey); verifier.ChangeServiceCreds( Bytes.ToString(vrigilPublicKeyBytes, StringEncoding.BASE64) ); var whiteList = new Whitelist() { VerifiersCredentials = new List <VerifierCredentials>() { creds, faker.VerifierCredentialAndSignature("extra").Item1 } }; verifier.Whitelists = new List <Whitelist>() { whiteList }; Assert.IsTrue(verifier.VerifyCard(card)); }
public void Validate_Should_ValidateByAppSign() { var crypto = new VirgilCrypto(); var validator = new VirgilCardVerifier(new VirgilCardCrypto()); var vrigilPublicKeyBytes = crypto.ExportPublicKey(faker.PredefinedVirgilKeyPair().PublicKey); validator.ChangeServiceCreds( Bytes.ToString(vrigilPublicKeyBytes, StringEncoding.BASE64) ); var appKeyPair = crypto.GenerateKeys(); var appPublicKey = Bytes.ToString(crypto.ExportPublicKey(crypto.ExtractPublicKey(appKeyPair.PrivateKey)), StringEncoding.BASE64); var list = new List <VerifierCredentials> { new VerifierCredentials() { Signer = "my_app", PublicKeyBase64 = appPublicKey } }; //validator.Whitelist = list; var keypair = crypto.GenerateKeys(); var cardCrypto = new VirgilCardCrypto(); /* var csr = CSR.Generate(cardCrypto, new CardParams * { * Identity = "some_identity", * PublicKey = crypto.ExtractPublicKey(keypair.PrivateKey), * PrivateKey = keypair.PrivateKey * }); * * * csr.Sign(cardCrypto, new ExtendedSignParams * { * SignerId = "", * SignerType = SignerType.App.ToLowerString(), * SignerPrivateKey = appKeyPair.PrivateKey * }); * * var card = CardUtils.Parse(cardCrypto, csr.RawSignedModel); * * var result = validator.VerifyCard(card); * result.Should().BeTrue();*/ }
public void Verifier_ShouldNot_VerifyCard_IfVerifierHasEmptyWhitelist() { //STC-10 var rawSignedModel = faker.PredefinedRawSignedModel(null, true, true, false); var cardManager = faker.CardManager(); var card = cardManager.ImportCardFromJson(rawSignedModel.ExportAsJson()); var verifier = new VirgilCardVerifier(new VirgilCardCrypto()) { VerifySelfSignature = true, VerifyVirgilSignature = true, Whitelists = new List <Whitelist>() { new Whitelist() } }; var vrigilPublicKeyBytes = new VirgilCrypto().ExportPublicKey(faker.PredefinedVirgilKeyPair().PublicKey); verifier.ChangeServiceCreds( Bytes.ToString(vrigilPublicKeyBytes, StringEncoding.BASE64) ); Assert.IsFalse(verifier.VerifyCard(card)); }
public async System.Threading.Tasks.Task Prepair_TestDataAsync() { var model = faker.PredefinedRawSignedModel(); var fullModel = faker.PredefinedRawSignedModel( "a666318071274adb738af3f67b8c7ec29d954de2cabfd71a942e6ea38e59fff9", true, true, true); var data = new Dictionary <string, string> { { "STC-1.as_string", model.ExportAsString() }, { "STC-1.as_json", model.ExportAsJson() }, { "STC-2.as_string", fullModel.ExportAsString() }, { "STC-2.as_json", fullModel.ExportAsJson() } }; var cardManager = faker.CardManager(); var card = cardManager.ImportCardFromString(model.ExportAsString()); var crypto = new VirgilCrypto(); data.Add("STC-3.as_string", cardManager.ExportCardAsString(card)); data.Add("STC-3.as_json", cardManager.ExportCardAsJson(card)); data.Add("STC-3.card_id", card.Id); data.Add("STC-3.public_key_base64", Bytes.ToString(crypto.ExportPublicKey(card.PublicKey), StringEncoding.BASE64)); fullModel = faker.PredefinedRawSignedModel(null, true, true, true); var fullCard = cardManager.ImportCardFromString(fullModel.ExportAsString()); data.Add("STC-4.as_string", cardManager.ExportCardAsString(fullCard)); data.Add("STC-4.as_json", cardManager.ExportCardAsJson(fullCard)); data.Add("STC-4.card_id", fullCard.Id); data.Add("STC-4.public_key_base64", Bytes.ToString(crypto.ExportPublicKey(fullCard.PublicKey), StringEncoding.BASE64)); foreach (var signature in fullCard.Signatures) { data.Add($"STC-4.signature_{signature.Signer}_base64", Bytes.ToString(signature.Signature, StringEncoding.BASE64)); } string apiPublicKeyId; string apiPublicKeyBase64; var(token, jwtGenerator) = faker.PredefinedToken( new VirgilAccessTokenSigner(), TimeSpan.FromMinutes(10), out apiPublicKeyId, out apiPublicKeyBase64); data.Add("STC-22.jwt", token.ToString()); data.Add("STC-22.api_public_key_base64", apiPublicKeyBase64); data.Add("STC-22.api_key_id", apiPublicKeyId); data.Add("STC-23.api_public_key_base64", apiPublicKeyBase64); data.Add("STC-23.api_key_id", apiPublicKeyId); data.Add("STC-23.app_id", jwtGenerator.AppId); data.Add("STC-23.api_private_key_base64", Bytes.ToString( crypto.ExportPrivateKey(jwtGenerator.ApiKey), StringEncoding.BASE64)); // STC-10 var cardKeyPair = crypto.GenerateKeys(); var cardIdentity = faker.Random.AlphaNumeric(10); var rawCardContent1 = new RawCardContent() { CreatedAt = DateTime.UtcNow, Identity = cardIdentity, PublicKey = crypto.ExportPublicKey(cardKeyPair.PublicKey), Version = "5.0", }; var rawSignedModel = new RawSignedModel() { ContentSnapshot = SnapshotUtils.TakeSnapshot(rawCardContent1) }; var signer = new ModelSigner(new VirgilCardCrypto()); signer.SelfSign(rawSignedModel, cardKeyPair.PrivateKey); var keyPair = crypto.GenerateKeys(); signer.Sign(rawSignedModel, new SignParams() { SignerPrivateKey = keyPair.PrivateKey, Signer = "extra" }); data.Add("STC-10.private_key1_base64", Bytes.ToString( crypto.ExportPrivateKey(keyPair.PrivateKey), StringEncoding.BASE64)); var accessTokenGenerator = new JwtGenerator( AppSettings.AppId, IntegrationHelper.ApiPrivateKey(), AppSettings.ApiPublicKeyId, TimeSpan.FromMinutes(10), new VirgilAccessTokenSigner() ); var accessTokenProvider = Substitute.For <IAccessTokenProvider>(); accessTokenProvider.GetTokenAsync(Arg.Any <TokenContext>()).Returns( accessTokenGenerator.GenerateToken(cardIdentity) ); var validator = new VirgilCardVerifier(new VirgilCardCrypto()) { VerifySelfSignature = true, VerifyVirgilSignature = true }; validator.ChangeServiceCreds(AppSettings.ServicePublicKeyDerBase64); var manager = new CardManager(new CardManagerParams() { CardCrypto = new VirgilCardCrypto(), AccessTokenProvider = accessTokenProvider, ApiUrl = AppSettings.CardsServiceAddress, Verifier = validator }); card = await manager.PublishCardAsync(rawSignedModel); data.Add("STC-10.as_string", manager.ExportCardAsString(card)); // STC - 11 rawSignedModel = faker.PredefinedRawSignedModel(null, false, false, false); data.Add("STC-11.as_string", rawSignedModel.ExportAsString()); // STC - 12 rawSignedModel = faker.PredefinedRawSignedModel(null, true, false, false); data.Add("STC-12.as_string", rawSignedModel.ExportAsString()); // STC - 14 rawSignedModel = faker.PredefinedRawSignedModel(null, false, true, false); data.Add("STC-14.as_string", rawSignedModel.ExportAsString()); // STC - 15 rawSignedModel = faker.PredefinedRawSignedModel(null, false, false, false); keyPair = crypto.GenerateKeys(); signer.Sign(rawSignedModel, new SignParams() { SignerPrivateKey = keyPair.PrivateKey, Signer = "self" }); data.Add("STC-15.as_string", rawSignedModel.ExportAsString()); // STC - 16 rawSignedModel = faker.PredefinedRawSignedModel(null, true, true, false); keyPair = crypto.GenerateKeys(); signer.Sign(rawSignedModel, new SignParams() { SignerPrivateKey = keyPair.PrivateKey, Signer = "extra" }); data.Add("STC-16.as_string", rawSignedModel.ExportAsString()); data.Add("STC-16.public_key1_base64", Bytes.ToString( crypto.ExportPublicKey(keyPair.PublicKey), StringEncoding.BASE64)); // STC - 28 (token, jwtGenerator) = faker.PredefinedToken( new VirgilAccessTokenSigner(), TimeSpan.FromMinutes(2), out apiPublicKeyId, out apiPublicKeyBase64); data.Add("STC-28.jwt", token.ToString()); data.Add("STC-28.jwt_identity", token.BodyContent.Identity); data.Add("STC-28.jwt_app_id", token.BodyContent.AppId); data.Add("STC-28.jw_issuer", token.BodyContent.Issuer); data.Add("STC-28.jwt_subject", token.BodyContent.Subject); data.Add("STC-28.jwt_additional_data", Configuration.Serializer.Serialize(token.BodyContent.AdditionalData)); data.Add("STC-28.jwt_expires_at", Configuration.Serializer.Serialize(token.BodyContent.ExpiresAt)); data.Add("STC-28.jwt_issued_at", Configuration.Serializer.Serialize(token.BodyContent.IssuedAt)); data.Add("STC-28.jwt_algorithm", token.HeaderContent.Algorithm); data.Add("STC-28.jwt_api_key_id", token.HeaderContent.KeyId); data.Add("STC-28.jwt_content_type", token.HeaderContent.ContentType); data.Add("STC-28.jwt_type", token.HeaderContent.Type); data.Add("STC-28.jwt_signature_base64", Bytes.ToString(token.SignatureData, StringEncoding.BASE64)); // STC - 29 (token, jwtGenerator) = faker.PredefinedToken( new VirgilAccessTokenSigner(), TimeSpan.FromDays(365), out apiPublicKeyId, out apiPublicKeyBase64); data.Add("STC-29.jwt", token.ToString()); data.Add("STC-29.jwt_identity", token.BodyContent.Identity); data.Add("STC-29.jwt_app_id", token.BodyContent.AppId); data.Add("STC-29.jw_issuer", token.BodyContent.Issuer); data.Add("STC-29.jwt_subject", token.BodyContent.Subject); data.Add("STC-29.jwt_additional_data", Configuration.Serializer.Serialize(token.BodyContent.AdditionalData)); data.Add("STC-29.jwt_expires_at", Configuration.Serializer.Serialize(token.BodyContent.ExpiresAt)); data.Add("STC-29.jwt_issued_at", Configuration.Serializer.Serialize(token.BodyContent.IssuedAt)); data.Add("STC-29.jwt_algorithm", token.HeaderContent.Algorithm); data.Add("STC-29.jwt_api_key_id", token.HeaderContent.KeyId); data.Add("STC-29.jwt_content_type", token.HeaderContent.ContentType); data.Add("STC-29.jwt_type", token.HeaderContent.Type); data.Add("STC-29.jwt_signature_base64", Bytes.ToString(token.SignatureData, StringEncoding.BASE64)); // STC - 34 keyPair = crypto.GenerateKeys(); var rawCardContent = new RawCardContent() { CreatedAt = DateTime.UtcNow, Identity = "test", PublicKey = crypto.ExportPublicKey(keyPair.PublicKey), Version = "5.0" }; model = new RawSignedModel() { ContentSnapshot = SnapshotUtils.TakeSnapshot(rawCardContent) }; signer.SelfSign( model, keyPair.PrivateKey, new Dictionary <string, string>() { { "info", "some_additional_info" } } ); data.Add("STC-34.private_key_base64", Bytes.ToString( crypto.ExportPrivateKey(keyPair.PrivateKey), StringEncoding.BASE64)); data.Add("STC-34.public_key_base64", Bytes.ToString( crypto.ExportPublicKey(keyPair.PublicKey), StringEncoding.BASE64)); data.Add("STC-34.self_signature_snapshot_base64", Bytes.ToString(model.Signatures.First().Snapshot, StringEncoding.BASE64)); data.Add("STC-34.content_snapshot_base64", Bytes.ToString( SnapshotUtils.TakeSnapshot(rawCardContent), StringEncoding.BASE64)); data.Add("STC-34.as_string", model.ExportAsString()); System.IO.File.WriteAllText(AppSettings.OutputTestDataPath, Configuration.Serializer.Serialize(data)); }
public async Task CardManager_Should_SendSecondRequestToCliet_IfTokenExpiredAndRetryOnUnauthorizedAsync() { // STC-26 var expiredJwtGenerator = new JwtGenerator( AppSettings.AppId, IntegrationHelper.ApiPrivateKey(), AppSettings.ApiPublicKeyId, TimeSpan.FromSeconds(1), Substitute.For <VirgilAccessTokenSigner>()); var jwtGenerator = new JwtGenerator( AppSettings.AppId, IntegrationHelper.ApiPrivateKey(), AppSettings.ApiPublicKeyId, TimeSpan.FromMinutes(5), new VirgilAccessTokenSigner() ); var identity = faker.Random.AlphaNumeric(20); var expiredToken = expiredJwtGenerator.GenerateToken(identity); var accessTokenProvider = Substitute.For <IAccessTokenProvider>(); // suppose we have got expired token at the first attempt // and we have got valid token at the second attempt accessTokenProvider.GetTokenAsync(Arg.Any <TokenContext>() ).Returns( args => ((TokenContext)args[0]).ForceReload ? jwtGenerator.GenerateToken(identity) : expiredToken ); var validator = new VirgilCardVerifier(new VirgilCardCrypto()) { VerifySelfSignature = true, VerifyVirgilSignature = true }; validator.ChangeServiceCreds(AppSettings.ServicePublicKeyDerBase64); var manager = new CardManager(new CardManagerParams() { CardCrypto = new VirgilCardCrypto(), AccessTokenProvider = accessTokenProvider, ApiUrl = AppSettings.CardsServiceAddress, RetryOnUnauthorized = true, Verifier = validator }); var keypair = new VirgilCrypto().GenerateKeys(); var card = await manager.PublishCardAsync( new CardParams() { Identity = identity, PublicKey = keypair.PublicKey, PrivateKey = keypair.PrivateKey }); Assert.NotNull(card); var searchCard = await manager.SearchCardsAsync(identity); Assert.AreEqual(searchCard.Count, 1); var getCard = await manager.GetCardAsync(card.Id); Assert.NotNull(getCard); }