public void Test502(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
//
// Now prove the standard dns resolver will return the greater than 512 byte dns cert.
//
pluginResolver = new Common.Certificates.DnsCertResolver(IPAddress.Parse("8.8.8.8"));
Assert.NotNull(pluginResolver);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
void InitAgent()
{
using (new MethodTracer(Logger))
{
m_agent = m_settings.CreateAgent();
}
}
public void TestD9(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Equal(2, certs.Count);
var cert = certs.FindByName("D9_invA");
//
// Assert cert chain fails
//
AssertCert(cert, false);
cert = certs.FindByName("D9_valA");
//
// Assert cert chain fails
//
AssertCert(cert, true);
}
public void TestD13(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Empty(certs);
Assert.Equal(0, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
}
public void TestD4(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
var cert = certs.FindByName("D4_valD");
Assert.Equal("domain2.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, true);
Assert.Equal(0, diagnosticsForDnsCertResolver.ActualErrorMessages.Count);
Assert.Equal(0, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
}
public void TestD1(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(subject, certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
//
// Now prove the standard dns resolver will also return the Address Cert.
//
resolver = new DnsCertResolver(IPAddress.Parse(Dns_Server));
Assert.NotNull(resolver);
certs = resolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(subject, certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestD16(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Equal(1, certs.Count);
var cert = certs.FindByName("D16_valC");
//
// Assert cert chain is good
//
AssertCert(cert, true);
//
// Note: this test has a second cert at priority 0 with a weight of 0, but the LDAP resolver does not retrieve it because it found one at priority 0, with a weight of 100
//
}
public static AgentTester CreateDefault()
{
DirectAgent agentA = new DirectAgent(AgentTester.DefaultDomainA);
DirectAgent agentB = new DirectAgent(AgentTester.DefaultDomainB);
return(new AgentTester(agentA, agentB));
}
public void TestD12(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Null(certs);
Assert.Equal(1, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.domain7.staging.direct-test.com:10389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
}
public static AgentTester CreateTest(string basePath)
{
DirectAgent agentA = CreateAgent(AgentTester.DefaultDomainA, MakeCertificatesPath(basePath, "redmond"));
DirectAgent agentB = CreateAgent(AgentTester.DefaultDomainB, MakeCertificatesPath(basePath, "nhind"));
return(new AgentTester(agentA, agentB));
}
private void IdleState()
{
DirectAgentMission currentStorylineMission = StorylineMission;
if (currentStorylineMission == null)
{
_nextStoryLineAttempt = DateTime.UtcNow.AddMinutes(15);
_States.CurrentStorylineState = StorylineState.Done;
Cache.Instance.MissionName = String.Empty;
return;
}
Cache.Instance.CurrentStorylineAgentId = currentStorylineMission.AgentId;
DirectAgent storylineagent = Cache.Instance.DirectEve.GetAgentById(Cache.Instance.CurrentStorylineAgentId);
if (storylineagent == null)
{
Logging.Log("Storyline", "Unknown agent [" + Cache.Instance.CurrentStorylineAgentId + "]", Logging.Yellow);
_States.CurrentStorylineState = StorylineState.Done;
return;
}
Logging.Log("Storyline", "Going to do [" + currentStorylineMission.Name + "] for agent [" + storylineagent.Name + "] AgentID[" + Cache.Instance.CurrentStorylineAgentId + "]", Logging.Yellow);
Cache.Instance.MissionName = currentStorylineMission.Name;
_highSecChecked = false;
_States.CurrentStorylineState = StorylineState.Arm;
_storyline = _storylines[Cache.Instance.FilterPath(currentStorylineMission.Name.ToLower())];
}
public void TestPluggedDomainResolver(string domain, bool result)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
Assert.True(agent.Domains.Domains.Count() > 0);
Assert.True(agent.Domains.IsManaged(new MailAddress("hobojoe@" + domain)) == result);
}
public void Test517(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var ldapCertResolver = LocateChild <ModSpec3.ResolverPlugins.LdapCertResolverProxy>(pluginResolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
Assert.Equal(3, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[1]);
Assert.Equal("Error=NoUserCertificateAttribute\r\[email protected]_ldap._tcp.direct3.direct-test.com:10389 Priority:1 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[2]);
//
// Ok no lets just use the modspec3 LDAP resolver because I don't really know that
// we fell back to LDAP with above test.
//
pluginResolver = LocateChild <ModSpec3.ResolverPlugins.LdapCertResolverProxy>(agent.PublicCertResolver);
Assert.NotNull(pluginResolver);
ldapCertResolver = pluginResolver;
diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
email = new MailAddress(subject);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
Assert.Equal(3, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[1]);
Assert.Equal("Error=NoUserCertificateAttribute\r\[email protected]_ldap._tcp.direct3.direct-test.com:10389 Priority:1 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[2]);
}
internal void OnGeneralError(DirectAgent agent, Exception error)
{
if (Logger.IsDebugEnabled)
{
Logger.Error(error);
}
else
{
Logger.Error(error.Message);
}
}
public void TestAnchorResolverPlugin()
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
Assert.NotNull(agent.TrustAnchors);
Assert.True(agent.TrustAnchors is MachineAnchorResolverProxy);
X509Certificate2Collection certs = agent.TrustAnchors.IncomingAnchors.GetCertificatesForDomain("nhind.hsgincubator.com");
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void TestLdapCertResolverPlugin(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = LocateChild <LdapCertResolverProxy>(agent.PublicCertResolver);
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificatesForDomain(subject);
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void Test512(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.True(certs == null || certs.Count == 0, string.Format("Oops found cert: {0}", certs == null ? "" : certs[0].ExtractEmailNameOrName()));
}
public void TestD11(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Null(certs);
}
public void Test501(string subject)
{
//Debugger.Launch();
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
var dnsCertResolver = LocateChild <DnsCertResolverProxy>(pluginResolver);
var diagnostics = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnostics.OnResolverError;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("direct1.direct-test.com", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
Assert.Equal(1, diagnostics.ActualErrorMessages.Count);
Assert.Equal("Chain Element has problem [email protected];NotTimeValid", diagnostics.ActualErrorMessages[0]);
//
// Now prove we can get it from as a domain with no fail over.
//
certs = pluginResolver.GetCertificatesForDomain(email.Host);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("direct1.direct-test.com", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
//
// Now prove the standard dns resolver will return the invalid Address Cert.
//
pluginResolver = new Common.Certificates.DnsCertResolver(IPAddress.Parse("8.8.8.8"));
Assert.NotNull(pluginResolver);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], false);
}
public void TestCertResolverPlugin()
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = LocateChild <MachineResolverProxy>(agent.PrivateCertResolver);
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificatesForDomain("nhind.hsgincubator.com");
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void Test_PluginRouter_Under_Parallel_Load()
{
string configPath = GetSettingsPath("TestReceiverPlugin.xml");
var settings = SmtpAgentSettings.LoadSettings(configPath);
settings.InternalMessage.PickupFolder = TestPickupFolder;
//
// Create the SmtpAgent. This is the adapter between IIS SMTP and the DirectAgent (security and trust code)
//
m_agent = SmtpAgentFactory.Create(settings);
CleanMessages(m_agent.Settings);
//
// Mocks use the AddressMemoryStore
//
AddressMemoryStore.Clear();
AddressMemoryStore.AddRange(new Address[]
{
new Address {
EmailAddress = "*****@*****.**", Status = EntityStatus.Enabled, Type = "STUB"
}
});
var mockAddressClientSettings = MockAddressClientSettings();
m_agent.Settings.AddressManager = mockAddressClientSettings.Object;
DirectAgent agentA = new DirectAgent("redmond.hsgincubator.com");
Parallel.For(0, 50, new ParallelOptions {
MaxDegreeOfParallelism = 10
}, i =>
{
var message = string.Format(TestMessageLoad, Guid.NewGuid().ToString("N"), i);
//
// Prep and encrypted message.
//
var outMessage = agentA.ProcessOutgoing(message).SerializeMessage();
var cdoMessage = new CDOSmtpMessage(base.LoadMessage(outMessage));
m_agent.ProcessMessage(cdoMessage);
});
Assert.Equal(49, Directory.GetFiles(TestIncomingFolder).Length);
Assert.Equal(1, Directory.GetFiles(TestPickupFolder).Length);
}
public void TestDnsFallbackToLdapCertResolverPlugin(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificates(new MailAddress(subject));
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public AgentTester(DirectAgent agentA, DirectAgent agentB)
{
if (agentA == null)
{
throw new ArgumentNullException("agentA");
}
if (agentB == null)
{
throw new ArgumentNullException("agentB");
}
m_agentA = agentA;
m_agentB = agentB;
m_messageFolder = Path.Combine(Directory.GetCurrentDirectory(), "TestMessages");
}
public void TestDnsFallbackToLdapCertResolverBackupIPPlugin(string subject)
{
// System.Diagnostics.Debugger.Break();
AgentSettings settings = AgentSettings.Load(TestXmlBackupServerIP);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificates(new MailAddress(subject));
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void TestPrivateKeyLookupFailure()
{
string fileName = "simple.eml";
string messageText = m_tester.ReadMessageText(fileName);
Message message = MailParser.ParseMessage(messageText);
message.ToValue = "*****@*****.**"; // this should force a key lookup failure
AgentTester.CheckErrorCode <AgentException, AgentError>(
() => m_tester.AgentA.ProcessOutgoing(new OutgoingMessage(message)),
AgentError.NoTrustedRecipients
);
DirectAgent badAgent = new DirectAgent(new StaticDomainResolver(m_tester.AgentA.Domains.Domains.ToArray()),
new NullResolver(), // returns null private certs
m_tester.AgentA.PublicCertResolver,
m_tester.AgentA.TrustAnchors);
message = MailParser.ParseMessage(messageText);
AgentTester.CheckErrorCode <AgentException, AgentError>(
() => badAgent.ProcessOutgoing(new OutgoingMessage(message)),
AgentError.CouldNotResolvePrivateKey
);
OutgoingMessage outgoing = m_tester.AgentA.ProcessOutgoing(messageText);
badAgent = new DirectAgent(new StaticDomainResolver(m_tester.AgentB.Domains.Domains.ToArray()),
new NullResolver(), // returns null private certs
m_tester.AgentB.PublicCertResolver,
m_tester.AgentB.TrustAnchors);
AgentTester.CheckErrorCode <AgentException, AgentError>(
() => badAgent.ProcessIncoming(outgoing.SerializeMessage()),
AgentError.CouldNotResolvePrivateKey
);
badAgent = new DirectAgent(new StaticDomainResolver(m_tester.AgentB.Domains.Domains.ToArray()),
new NullResolver(true), // returns empty private cert collections
m_tester.AgentB.PublicCertResolver,
m_tester.AgentB.TrustAnchors);
AgentTester.CheckErrorCode <AgentException, AgentError>(
() => badAgent.ProcessIncoming(outgoing.SerializeMessage()),
AgentError.CouldNotResolvePrivateKey
);
}
public void Test507(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.Equal(1, certs.Count);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
/// <summary>
/// Invalidate the cached items
/// </summary>
public void InvalidateCache()
{
_windows = null;
_unlootedContainers = null;
_star = null;
_stations = null;
_modules = null;
_targets = null;
_targeting = null;
_targetedBy = null;
_entities = null;
_agent = null;
_approaching = null;
_activeDrones = null;
_containers = null;
_priorityTargets.ForEach(pt => pt.ClearCache());
_entitiesById.Clear();
}
public void TestD3(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(subject, certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestD2(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnostics = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnostics.OnResolverError;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Equal(2, certs.Count);
//
// find invalid cert
//
var cert = certs.FindByName("D1_invB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, false);
cert = certs.FindByName("D2_valB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, true);
//
// Now prove we can get it as a domain with no fail over.
//
certs = resolver.GetCertificatesForDomain(email.Host);
cert = certs.FindByName("D1_invB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, false);
cert = certs.FindByName("D2_valB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, true);
}
/// <summary>
/// Creates a agent from settings.
/// </summary>
/// <returns>The configured agent instance.</returns>
public DirectAgent CreateAgent()
{
this.Validate();
ICertificateResolver privateCerts = this.PrivateCerts.CreateResolver();
ICertificateResolver publicCerts = this.PublicCerts.CreateResolver();
ITrustAnchorResolver trustAnchors = this.Anchors.Resolver.CreateResolver();
TrustModel trustModel = (this.Trust != null) ? this.Trust.CreateTrustModel() : TrustModel.Default;
SMIMECryptographer cryptographer = this.Cryptographer.Create();
IDomainResolver domainResolver = this.CreateResolver();
DirectAgent agent = new DirectAgent(domainResolver, privateCerts, publicCerts, trustAnchors, trustModel, cryptographer);
agent.AllowNonWrappedIncoming = m_allowNonWrappedIncoming;
agent.WrapMessages = m_wrapOutgoing;
return(agent);
}
public void TestDecryptionFailure(string filename)
{
//
// Return the wrong certificate, forcing decryption to fail
//
DirectAgent baseAgent = m_tester.AgentB;
DirectAgent badAgent = new DirectAgent(new StaticDomainResolver(baseAgent.Domains.Domains.ToArray()),
new BadCertResolver(m_tester.AgentA.PrivateCertResolver, baseAgent.PrivateCertResolver, false), // returns the wrong private certs
baseAgent.PublicCertResolver,
baseAgent.TrustAnchors);
m_tester.AgentB = badAgent;
Assert.Throws<AgentException>(() => m_tester.TestEndToEndFile(filename));
//
// Now, it returns BOTH wrong and right certs, so decryption should eventually succeed
//
badAgent = new DirectAgent(new StaticDomainResolver(baseAgent.Domains.Domains.ToArray()),
new BadCertResolver(m_tester.AgentA.PrivateCertResolver, baseAgent.PrivateCertResolver, true), // returns both wrong and right certs
baseAgent.PublicCertResolver,
baseAgent.TrustAnchors);
m_tester.AgentB = badAgent;
Assert.DoesNotThrow(() => m_tester.TestEndToEndFile(filename));
}
public void TestPrivateKeyLookupFailure()
{
string fileName = "simple.eml";
string messageText = m_tester.ReadMessageText(fileName);
Message message = MailParser.ParseMessage(messageText);
message.ToValue = "*****@*****.**"; // this should force a key lookup failure
AgentTester.CheckErrorCode<AgentException, AgentError>(
() => m_tester.AgentA.ProcessOutgoing(new OutgoingMessage(message)),
AgentError.NoTrustedRecipients
);
DirectAgent badAgent = new DirectAgent(new StaticDomainResolver(m_tester.AgentA.Domains.Domains.ToArray()),
new NullResolver(), // returns null private certs
m_tester.AgentA.PublicCertResolver,
m_tester.AgentA.TrustAnchors);
message = MailParser.ParseMessage(messageText);
AgentTester.CheckErrorCode<AgentException, AgentError>(
() => badAgent.ProcessOutgoing(new OutgoingMessage(message)),
AgentError.CouldNotResolvePrivateKey
);
OutgoingMessage outgoing = m_tester.AgentA.ProcessOutgoing(messageText);
badAgent = new DirectAgent(new StaticDomainResolver(m_tester.AgentB.Domains.Domains.ToArray()),
new NullResolver(), // returns null private certs
m_tester.AgentB.PublicCertResolver,
m_tester.AgentB.TrustAnchors);
AgentTester.CheckErrorCode<AgentException, AgentError>(
() => badAgent.ProcessIncoming(outgoing.SerializeMessage()),
AgentError.CouldNotResolvePrivateKey
);
badAgent = new DirectAgent(new StaticDomainResolver(m_tester.AgentB.Domains.Domains.ToArray()),
new NullResolver(true), // returns empty private cert collections
m_tester.AgentB.PublicCertResolver,
m_tester.AgentB.TrustAnchors);
AgentTester.CheckErrorCode<AgentException, AgentError>(
() => badAgent.ProcessIncoming(outgoing.SerializeMessage()),
AgentError.CouldNotResolvePrivateKey
);
}
