Beispiel #1
0
        public void PkiTrustStoreProviderCreateWithoutCertificateRdnSelector()
        {
            ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
            {
                PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert), null);
            });

            Assert.AreEqual("certificateRdnSelector", ex.ParamName);
        }
Beispiel #2
0
        public void PkiTrustStoreProviderVerifyWithRootTest()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(new X509Store(StoreName.Root),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.KsiPublicationsFile);

            trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
        }
Beispiel #3
0
        public void PkiTrustStoreProviderCreateWithoutTrustStoreTest()
        {
            ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
            {
                PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(null, null);
            });

            Assert.AreEqual("trustStore", ex.ParamName);
        }
Beispiel #4
0
        public void PkiTrustStoreProviderVerifyCustomCertTest()
        {
            // test verify with custom cert

            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCert),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);

            trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
        }
Beispiel #5
0
        public void PkiTrustStoreProviderVerifyWithoutSignedBytes()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
            {
                trustStoreProvider.Verify(null, null);
            });

            Assert.AreEqual("signedBytes", ex.ParamName);
        }
Beispiel #6
0
        public void PkiTrustStoreProviderVerifyCustomCertInvalidTest()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);

            PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
            {
                trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
            });

            // separate error messages for Microsoft and Bouncy Castle
            Assert.That(ex.Message.StartsWith("Trust chain did not complete to the known authority anchor. Thumbprints did not match.") ||
                        (ex.Message.StartsWith("Could not build certificate path") &&
                         ex.InnerException.Message.StartsWith("Unable to find certificate chain.")),
                        "Unexpected exception message: " + ex.Message);
        }
Beispiel #7
0
        public void PkiTrustStoreProviderVerifyCustomCertExpiredInvalidTest()
        {
            PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCertExpired),
                                                                                 CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));

            PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCertExpired);

            PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
            {
                trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
            });

            // separate error messages for Microsoft and Bouncy Castle

            Assert.That(
                ex.Message.StartsWith(
                    "Trust chain did not complete to the known authority anchor. Errors: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.") ||
                (ex.Message.StartsWith("Could not build certificate path") &&
                 ex.InnerException.Message.StartsWith("Certification path could not be validated.") &&
                 ex.InnerException.InnerException.Message.StartsWith("Could not validate certificate: certificate expired on ")),
                "Unexpected exception message: " + ex.Message);
        }