33 lines
1.2 KiB
C#
33 lines
1.2 KiB
C#
using System.Security.Cryptography;
|
|
using System.Security.Cryptography.Pkcs;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using StellaOps.AirGap.Time.Models;
|
|
using StellaOps.AirGap.Time.Services;
|
|
|
|
namespace StellaOps.AirGap.Time.Tests;
|
|
|
|
public class Rfc3161VerifierTests
|
|
{
|
|
[Fact]
|
|
public void SignedCmsTokenVerifies()
|
|
{
|
|
using var rsa = RSA.Create(2048);
|
|
var req = new CertificateRequest("CN=tsa", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
|
|
var cert = req.CreateSelfSigned(DateTimeOffset.UtcNow.AddMinutes(-1), DateTimeOffset.UtcNow.AddHours(1));
|
|
|
|
var content = new ContentInfo(new byte[] { 0x01, 0x02, 0x03 });
|
|
var cms = new SignedCms(content, detached: false);
|
|
cms.ComputeSignature(new CmsSigner(cert));
|
|
var tokenBytes = cms.Encode();
|
|
|
|
var verifier = new Rfc3161Verifier();
|
|
var trust = new[] { new TimeTrustRoot("tsa-root", cert.GetPublicKey(), "rsa-pkcs1-sha256") };
|
|
|
|
var result = verifier.Verify(tokenBytes, trust, out var anchor);
|
|
|
|
Assert.True(result.IsValid);
|
|
Assert.Equal("rfc3161-verified", result.Reason);
|
|
Assert.Equal("RFC3161", anchor.Format);
|
|
}
|
|
}
|