public async Task <RevocationResult> CheckCrlRevocation(string host, X509Certificate peerCertificate) { BcX509Certificate bcPeerCertificate = _certificateParser.ReadCertificate(peerCertificate.Raw); List <string> urls = GetCrlDistPoints(bcPeerCertificate); if (!urls.Any()) { _log.LogWarning("No urls present in crl distribution point extension for host {Host} certificate {CommonName}", host, peerCertificate.CommonName); return(new RevocationResult("No urls present in crl distribution point extension")); } RevocationResult result = null; foreach (var url in urls) { result = await GetCrlResponse(url, host, bcPeerCertificate); if (result.Revoked.HasValue) { return(result); } } return(result); }
public async Task GetCertificateGoToSourceForStateAfterTimeoutAndReturnsValue() { A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01)); string issuer = "CN=ABC, O=ABC, S=LONDON, C=uk"; X509Certificate x509Certificate = A.Fake <X509Certificate>(); A.CallTo(() => x509Certificate.Issuer).Returns(issuer); A.CallTo(() => x509Certificate.Subject).Returns(issuer); A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()) .Returns(Task.FromResult(new List <X509Certificate> { x509Certificate })); X509Certificate certificate1 = await _rootCertificateLookUp.GetCertificate(issuer); A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01).AddDays(7)); X509Certificate certificate2 = await _rootCertificateLookUp.GetCertificate(issuer); Assert.That(certificate1, Is.Not.Null); Assert.That(certificate1, Is.SameAs(certificate2)); A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()).MustHaveHappenedTwiceExactly(); }
public async Task <RevocationResult> CheckOcspRevocation(string host, X509Certificate peerCertificate, X509Certificate issuerCertificate) { BcX509Certificate bcPeerCertificate = _certificateParser.ReadCertificate(peerCertificate.Raw); BcX509Certificate bcIssuerCertificate = _certificateParser.ReadCertificate(issuerCertificate.Raw); List <string> urls = GetOcspEndPoints(bcPeerCertificate); if (!urls.Any()) { _log.LogWarning("No urls present in Authority Info Access extension for host {Host} certificate {CommonName}", host, peerCertificate.CommonName); return(new RevocationResult("No urls present in Authority Info Access extension")); } RevocationResult result = null; foreach (var url in urls) { result = await GetOcspResponse(url, host, bcPeerCertificate, bcIssuerCertificate); if (result.Revoked.HasValue) { return(result); } } return(result); }
public async Task GetCertificatesGoesToOriginForStateOnFirstCallAndReturnsValue() { A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01)); string issuer = "CN=ABC, O=ABC, S=LONDON, C=uk"; X509Certificate x509Certificate = A.Fake <X509Certificate>(); A.CallTo(() => x509Certificate.Issuer).Returns(issuer); A.CallTo(() => x509Certificate.Subject).Returns(issuer); A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()) .Returns(Task.FromResult(new List <X509Certificate> { x509Certificate })); X509Certificate certificate = await _rootCertificateLookUp.GetCertificate(issuer); Assert.That(certificate, Is.Not.Null); A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()).MustHaveHappenedOnceExactly(); }
public async Task GetCertificatesCertificateDoesntExistReturnsNull() { A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01)); string issuer = "CN=ABC, O=ABC, S=LONDON, C=uk"; string issuer1 = "CN=ABC, O=ABC, S=NEWYORK, C=us"; X509Certificate x509Certificate = A.Fake <X509Certificate>(); A.CallTo(() => x509Certificate.Issuer).Returns(issuer); A.CallTo(() => x509Certificate.Subject).Returns(issuer); A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()) .Returns(Task.FromResult(new List <X509Certificate> { x509Certificate })); X509Certificate certificate = await _rootCertificateLookUp.GetCertificate(issuer1); Assert.That(certificate, Is.Null); A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()).MustHaveHappenedOnceExactly(); }