C# (CSharp) SecTrust.GetCustomAnchorCertificates Beispiele

Programmiersprache: C# (CSharp)

Klasse / Typ: SecTrust

Methode / Funktion: GetCustomAnchorCertificates

Beispiele auf hotexamples.com: 4

C# (CSharp) SecTrust.GetCustomAnchorCertificates - 4 Beispiele gefunden. Dies sind die am besten bewerteten C# (CSharp) Beispiele für die SecTrust.GetCustomAnchorCertificates, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

Evaluate(7)

GetCustomAnchorCertificates(4)

GetExceptions(1)

Beispiel #1

Datei anzeigen

Datei: TrustTest.cs Projekt: seyi/xamarin-macios

        public void Client_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(false, null))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // a host name is not meaningful for client certificates
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        // by default there's no *custom* anchors
                        Assert.Null(trust.GetCustomAnchorCertificates(), "GetCustomAnchorCertificates");

                        using (var results = trust.GetResult()) {
                            Assert.That(CFGetRetainCount(results.Handle), Is.EqualTo((nint)1), "RetainCount");

                            SecTrustResult value = (SecTrustResult)(int)(NSNumber)results [SecTrustResultKey.ResultValue];
                            Assert.That(value, Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "ResultValue");
                        }
                    }
                }
        }

Beispiel #2

Datei anzeigen

        void Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs)
        {
            // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
            trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));

            SecTrustResult trust_result = SecTrustResult.Unspecified;
            var            ios9         = TestRuntime.CheckXcodeVersion(7, 0);
            var            ios10        = TestRuntime.CheckXcodeVersion(8, 0);
            var            ios11        = TestRuntime.CheckXcodeVersion(9, 0);

            if (ios10)
            {
                trust_result = SecTrustResult.FatalTrustFailure;
            }
            // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
            else if (ios9)
            {
                trust_result = SecTrustResult.RecoverableTrustFailure;
            }
            var result = Evaluate(trust, true);

            Assert.That(result, Is.EqualTo(trust_result), "Evaluate");

            // Evalute must be called prior to Count (Apple documentation)
            Assert.That(trust.Count, Is.EqualTo(3), "Count");

            using (SecCertificate sc1 = trust [0]) {
                // seems the leaf gets an extra one
                Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)");
            }
            using (SecCertificate sc2 = trust [1]) {
                Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)");
            }
            using (SecCertificate sc3 = trust [2]) {
                Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)");
            }

            if (TestRuntime.CheckXcodeVersion(5, 0))
            {
                Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult");

                trust.SetAnchorCertificates(certs);
                Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates");

                if (ios11)
                {
                    trust_result = SecTrustResult.Unspecified;
                }
                else
                {
                    trust_result = SecTrustResult.Invalid;
                }

                // since we modified the `trust` instance it's result was invalidated (marked as unspecified on iOS 11)
                Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult-2");
            }
        }

Beispiel #3

Datei anzeigen

        public void Trust_FullChain()
        {
            X509CertificateCollection certs = new X509CertificateCollection();

            certs.Add(new X509Certificate(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
                    var ios9   = TestRuntime.CheckiOSSystemVersion(9, 0);
                    var result = Evaluate(trust, ios9);
                    Assert.That(result, Is.EqualTo(ios9 ? SecTrustResult.RecoverableTrustFailure : SecTrustResult.Unspecified), "Evaluate");

                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecCertificate sc1 = trust [0]) {
                        // seems the leaf gets an extra one
                        Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                        Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)");
                    }
                    using (SecCertificate sc2 = trust [1]) {
                        Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                        Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)");
                    }
                    using (SecCertificate sc3 = trust [2]) {
                        Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                        Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)");
                    }

                    if (TestRuntime.CheckSystemAndSDKVersion(7, 0))
                    {
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(ios9 ? SecTrustResult.RecoverableTrustFailure : SecTrustResult.Unspecified), "GetTrustResult");

                        trust.SetAnchorCertificates(certs);
                        Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates");

                        // since we modified the `trust` instance it's result was invalidated
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(SecTrustResult.Invalid), "GetTrustResult");
                    }
                }
        }

Beispiel #4

Datei anzeigen

        void Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs)
        {
            // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
            trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));

            SecTrustResult trust_result = SecTrustResult.Unspecified;
            var            ios9         = TestRuntime.CheckXcodeVersion(7, 0);
            var            ios10        = TestRuntime.CheckXcodeVersion(8, 0);
            var            ios11        = TestRuntime.CheckXcodeVersion(9, 0);
            var            ios13        = TestRuntime.CheckXcodeVersion(11, 0);

            if (ios10)
            {
                trust_result = SecTrustResult.FatalTrustFailure;
            }
            // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
            else if (ios9)
            {
                trust_result = SecTrustResult.RecoverableTrustFailure;
            }
            var result = Evaluate(trust, true);

            Assert.That(result, Is.EqualTo(trust_result), "Evaluate");

            // Evalute must be called prior to Count (Apple documentation)
            Assert.That(trust.Count, Is.EqualTo(3), "Count");

            using (SecCertificate sc1 = trust [0]) {
                // seems the leaf gets an extra one
                Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)");
            }
            using (SecCertificate sc2 = trust [1]) {
                Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)");
            }
            using (SecCertificate sc3 = trust [2]) {
                Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)");
            }

            if (TestRuntime.CheckXcodeVersion(5, 0))
            {
                Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult");

                trust.SetAnchorCertificates(certs);
                Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates");

#if __MACOS__
                if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 15))
                {
                    trust_result = SecTrustResult.RecoverableTrustFailure;
                }
                else if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 13))
                {
                    trust_result = SecTrustResult.Unspecified;
                }
                else if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 12))
                {
                    trust_result = SecTrustResult.Invalid;
                }
                else if (TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 11))
                {
                    trust_result = SecTrustResult.RecoverableTrustFailure;
                }
                else
                {
                    trust_result = SecTrustResult.Unspecified;
                }
#else
                if (ios13)
                {
                    trust_result = SecTrustResult.RecoverableTrustFailure;
                }
                else if (ios11)
                {
                    trust_result = SecTrustResult.Unspecified;
                }
                else
                {
                    trust_result = SecTrustResult.Invalid;
                }
#endif

                // since we modified the `trust` instance it's result was invalidated (marked as unspecified on iOS 11)
                Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult-2");
            }
            if (TestRuntime.CheckXcodeVersion(12, 0))
            {
                // old certificate (built in our tests) was not quite up to spec and it eventually became important
                Assert.False(trust.Evaluate(out var error), "Evaluate");
                Assert.NotNull(error, "error");
                Assert.That(error.LocalizedDescription, Is.EqualTo("“mail.google.com” certificate is not standards compliant"), "desc");
            }
            else if (TestRuntime.CheckXcodeVersion(11, 0))
            {
                Assert.False(trust.Evaluate(out var error), "Evaluate");
                Assert.NotNull(error, "error");
                Assert.That(error.LocalizedDescription, Does.Contain("\"mail.google.com\",\"Thawte SGC CA\",\"Class 3 Public Primary Certification Authority\" certificates do not meet pinning requirements"));
                var underlyingError = (NSError)error.UserInfo [NSError.UnderlyingErrorKey];
                // Error is:
                // Certificate 0 “mail.google.com” has errors: Key size is not permitted for this use, SSL hostname does not match name(s) in certificate, Signature hash algorithm is not permitted for this use;Certificate 1 “Thawte SGC CA” has errors: Key size is not permitted for this use, Signature hash algorithm is not permitted for this use;Certificate 2 “Class 3 Public Primary Certification Authority” has errors: Key size is not permitted for this use;
                // But the exact format can vary
                // watchOS reports this:
                // Certificate 0 “mail.google.com” has errors: Key size is not permitted for this use, Signature hash algorithm is not permitted for this use, SSL hostname does not match name(s) in certificate;Certificate 1 “Thawte SGC CA” has errors: Key size is not permitted for this use, Signature hash algorithm is not permitted for this use;Certificate 2 “Class 3 Public Primary Certification Authority” has errors: Key size is not permitted for this use;
                Assert.That(underlyingError.LocalizedDescription, Does.Contain("Certificate 0 “mail.google.com” has errors: "));
                Assert.That(underlyingError.LocalizedDescription, Does.Contain("Key size is not permitted for this use"));
                Assert.That(underlyingError.LocalizedDescription, Does.Contain("SSL hostname does not match name(s) in certificate").Or.Contain("Signature hash algorithm is not permitted for this use"));
                Assert.That(underlyingError.LocalizedDescription, Does.Contain("Certificate 1 “Thawte SGC CA” has errors: Key size is not permitted for this use"));
                Assert.That(underlyingError.LocalizedDescription, Does.Contain("Certificate 2 “Class 3 Public Primary Certification Authority” has errors:"));
            }
            else if (TestRuntime.CheckXcodeVersion(10, 0))
            {
                Assert.True(trust.Evaluate(out var error), "Evaluate");
                Assert.Null(error, "error");
            }
        }