stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

up
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
sdk-generator-smoke / sdk-smoke (push) Has been cancelled
Details
SDK Publish & Sign / sdk-publish (push) Has been cancelled
Details
api-governance / spectral-lint (push) Has been cancelled
Details
oas-ci / oas-validate (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details

Browse Source
This commit is contained in:
StellaOps Bot
2025-11-27 07:46:56 +02:00
parent d63af51f84
commit ea970ead2a
302 changed files with 43161 additions and 1534 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/AirGap/StellaOps.AirGap.Time.Tests/Rfc3161VerifierTests.cs
View File

@@ -1,6 +1,3 @@
using System.Security.Cryptography;
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using StellaOps.AirGap.Time.Models;
using StellaOps.AirGap.Time.Services;
@@ -9,24 +6,18 @@ namespace StellaOps.AirGap.Time.Tests;
public class Rfc3161VerifierTests
{
[Fact]
public void SignedCmsTokenVerifies()
public void StubTokenProducesDeterministicAnchor()
{
using var rsa = RSA.Create(2048);
var req = new CertificateRequest("CN=tsa", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
var cert = req.CreateSelfSigned(DateTimeOffset.UtcNow.AddMinutes(-1), DateTimeOffset.UtcNow.AddHours(1));
var content = new ContentInfo(new byte[] { 0x01, 0x02, 0x03 });
var cms = new SignedCms(content, detached: false);
cms.ComputeSignature(new CmsSigner(cert));
var tokenBytes = cms.Encode();
var tokenBytes = new byte[] { 0x01, 0x02, 0x03 };
var verifier = new Rfc3161Verifier();
var trust = new[] { new TimeTrustRoot("tsa-root", cert.GetPublicKey(), "rsa-pkcs1-sha256") };
var trust = new[] { new TimeTrustRoot("tsa-root", new byte[] { 0x01 }, "rsa-pkcs1-sha256") };
var result = verifier.Verify(tokenBytes, trust, out var anchor);
Assert.True(result.IsValid);
Assert.Equal("rfc3161-verified", result.Reason);
Assert.Equal("rfc3161-stub-verified", result.Reason);
Assert.Equal("RFC3161", anchor.Format);
Assert.Equal("tsa-root", anchor.SignatureFingerprint);
Assert.False(string.IsNullOrEmpty(anchor.TokenDigest));
}
}