public void TestD16(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Equal(1, certs.Count);
var cert = certs.FindByName("D16_valC");
//
// Assert cert chain is good
//
AssertCert(cert, true);
//
// Note: this test has a second cert at priority 0 with a weight of 0, but the LDAP resolver does not retrieve it because it found one at priority 0, with a weight of 100
//
}
public void Test502(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
//
// Now prove the standard dns resolver will return the greater than 512 byte dns cert.
//
pluginResolver = new Common.Certificates.DnsCertResolver(IPAddress.Parse("8.8.8.8"));
Assert.NotNull(pluginResolver);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestD1(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(subject, certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
//
// Now prove the standard dns resolver will also return the Address Cert.
//
resolver = new DnsCertResolver(IPAddress.Parse(Dns_Server));
Assert.NotNull(resolver);
certs = resolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(subject, certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestD12(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Null(certs);
Assert.Equal(1, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.domain7.staging.direct-test.com:10389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
}
public void TestD9(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Equal(2, certs.Count);
var cert = certs.FindByName("D9_invA");
//
// Assert cert chain fails
//
AssertCert(cert, false);
cert = certs.FindByName("D9_valA");
//
// Assert cert chain fails
//
AssertCert(cert, true);
}
public void TestD4(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
var cert = certs.FindByName("D4_valD");
Assert.Equal("domain2.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, true);
Assert.Equal(0, diagnosticsForDnsCertResolver.ActualErrorMessages.Count);
Assert.Equal(0, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
}
public void TestD13(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(resolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Empty(certs);
Assert.Equal(0, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
}
public void TestPluggedDomainResolver(string domain, bool result)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
Assert.True(agent.Domains.Domains.Count() > 0);
Assert.True(agent.Domains.IsManaged(new MailAddress("hobojoe@" + domain)) == result);
}
public void Test517(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var ldapCertResolver = LocateChild <ModSpec3.ResolverPlugins.LdapCertResolverProxy>(pluginResolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
Assert.Equal(3, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[1]);
Assert.Equal("Error=NoUserCertificateAttribute\r\[email protected]_ldap._tcp.direct3.direct-test.com:10389 Priority:1 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[2]);
//
// Ok no lets just use the modspec3 LDAP resolver because I don't really know that
// we fell back to LDAP with above test.
//
pluginResolver = LocateChild <ModSpec3.ResolverPlugins.LdapCertResolverProxy>(agent.PublicCertResolver);
Assert.NotNull(pluginResolver);
ldapCertResolver = pluginResolver;
diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
email = new MailAddress(subject);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
Assert.Equal(3, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
Assert.Equal("Error=BindFailure\r\n_ldap._tcp.direct3.direct-test.com:389 Priority:0 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[1]);
Assert.Equal("Error=NoUserCertificateAttribute\r\[email protected]_ldap._tcp.direct3.direct-test.com:10389 Priority:1 Weight:0", diagnosticsForLdapCertResolver.ActualErrorMessages[2]);
}
public void TestAnchorResolverPlugin()
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
Assert.NotNull(agent.TrustAnchors);
Assert.True(agent.TrustAnchors is MachineAnchorResolverProxy);
X509Certificate2Collection certs = agent.TrustAnchors.IncomingAnchors.GetCertificatesForDomain("nhind.hsgincubator.com");
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void TestLdapCertResolverPlugin(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = LocateChild <LdapCertResolverProxy>(agent.PublicCertResolver);
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificatesForDomain(subject);
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void Test512(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.True(certs == null || certs.Count == 0, string.Format("Oops found cert: {0}", certs == null ? "" : certs[0].ExtractEmailNameOrName()));
}
public void TestCertResolverPlugin()
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = LocateChild <MachineResolverProxy>(agent.PrivateCertResolver);
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificatesForDomain("nhind.hsgincubator.com");
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void Test501(string subject)
{
//Debugger.Launch();
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
var dnsCertResolver = LocateChild <DnsCertResolverProxy>(pluginResolver);
var diagnostics = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnostics.OnResolverError;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("direct1.direct-test.com", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
Assert.Equal(1, diagnostics.ActualErrorMessages.Count);
Assert.Equal("Chain Element has problem [email protected];NotTimeValid", diagnostics.ActualErrorMessages[0]);
//
// Now prove we can get it from as a domain with no fail over.
//
certs = pluginResolver.GetCertificatesForDomain(email.Host);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("direct1.direct-test.com", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
//
// Now prove the standard dns resolver will return the invalid Address Cert.
//
pluginResolver = new Common.Certificates.DnsCertResolver(IPAddress.Parse("8.8.8.8"));
Assert.NotNull(pluginResolver);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], false);
}
public void TestD11(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Null(certs);
}
public void TestDnsFallbackToLdapCertResolverPlugin(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificates(new MailAddress(subject));
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void TestDnsFallbackToLdapCertResolverBackupIPPlugin(string subject)
{
// System.Diagnostics.Debugger.Break();
AgentSettings settings = AgentSettings.Load(TestXmlBackupServerIP);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificates(new MailAddress(subject));
Assert.NotNull(certs);
Assert.True(certs.Count > 0);
}
public void Test507(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.Equal(1, certs.Count);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestD3(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(subject, certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestD2(string subject)
{
AgentSettings settings = AgentSettings.Load(TestRealResolversXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver resolver = agent.PublicCertResolver;
var dnsCertResolver = LocateChild <DnsCertResolver>(resolver);
var diagnostics = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnostics.OnResolverError;
Assert.NotNull(resolver);
var email = new MailAddress(subject);
X509Certificate2Collection certs = resolver.GetCertificates(email);
Assert.Equal(2, certs.Count);
//
// find invalid cert
//
var cert = certs.FindByName("D1_invB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, false);
cert = certs.FindByName("D2_valB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, true);
//
// Now prove we can get it as a domain with no fail over.
//
certs = resolver.GetCertificatesForDomain(email.Host);
cert = certs.FindByName("D1_invB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, false);
cert = certs.FindByName("D2_valB");
Assert.Equal("domain1.staging.direct-test.com", cert.GetNameInfo(X509NameType.DnsName, false));
AssertCert(cert, true);
}
public void Test506(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
var email = new MailAddress(subject);
//
// Proving the 506 test contains a Background Cert in dns domain that should not be there. This is not documented
// in the 506 test.
//
ICertificateResolver pluginResolver = new Common.Certificates.DnsCertResolver(IPAddress.Parse("8.8.8.8"));
Assert.NotNull(pluginResolver);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("direct2.direct-test.com", certs[0].ExtractEmailNameOrName());
//This is not expected according to the 506 test Background Cert info we should not have found a domain cert at all
AssertCert(certs[0], false);
//
// Lets get back to testing the ModSpec3 Resolvers.
//
pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal("*****@*****.**", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestLoadFail()
{
try
{
AgentSettings settings = AgentSettings.Load(TestXmlFailCert);
settings.Validate();
}
catch (AgentConfigException ex)
{
Assert.True(ex.Error == AgentConfigError.MissingPluginResolverType);
}
try
{
AgentSettings settings = AgentSettings.Load(TestXmlFailAnchor);
settings.Validate();
}
catch (AgentConfigException ex)
{
Assert.True(ex.Error == AgentConfigError.MissingPluginAnchorResolverType);
}
}
public void Test515(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var dnsCertResolver = LocateChild <DnsCertResolverProxy>(pluginResolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(pluginResolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(2, diagnosticsForDnsCertResolver.ActualErrorMessages.Count);
Assert.Equal("Chain Element has problem [email protected];NotTimeValid", diagnosticsForDnsCertResolver.ActualErrorMessages[0]);
Assert.Equal("Chain Element has problem direct2.direct-test.com;NotTimeValid", diagnosticsForDnsCertResolver.ActualErrorMessages[1]);
Assert.Equal(1, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Chain Element has problem [email protected];NotTimeValid", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
Assert.Equal("direct2.direct-test.com", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public void TestConfig()
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
}
public void TestMissingPluggedDomainResolver()
{
AgentSettings settings = AgentSettings.Load(TestMissingDomainsXml);
Assert.Throws <ArgumentException>(() => settings.CreateAgent());
}
