public void PkiTrustStoreProviderCreateWithoutCertificateRdnSelector()
{
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert), null);
});
Assert.AreEqual("certificateRdnSelector", ex.ParamName);
}
public void PkiTrustStoreProviderVerifyWithRootTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(new X509Store(StoreName.Root),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.KsiPublicationsFile);
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
}
public void PkiTrustStoreProviderCreateWithoutTrustStoreTest()
{
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(null, null);
});
Assert.AreEqual("trustStore", ex.ParamName);
}
public void PkiTrustStoreProviderVerifyCustomCertTest()
{
// test verify with custom cert
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
}
public void PkiTrustStoreProviderVerifyWithoutSignedBytes()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
ArgumentNullException ex = Assert.Throws <ArgumentNullException>(delegate
{
trustStoreProvider.Verify(null, null);
});
Assert.AreEqual("signedBytes", ex.ParamName);
}
public void PkiTrustStoreProviderVerifyCustomCertInvalidTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_IdenTrustCert),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCert);
PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
{
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
});
// separate error messages for Microsoft and Bouncy Castle
Assert.That(ex.Message.StartsWith("Trust chain did not complete to the known authority anchor. Thumbprints did not match.") ||
(ex.Message.StartsWith("Could not build certificate path") &&
ex.InnerException.Message.StartsWith("Unable to find certificate chain.")),
"Unexpected exception message: " + ex.Message);
}
public void PkiTrustStoreProviderVerifyCustomCertExpiredInvalidTest()
{
PkiTrustStoreProvider trustStoreProvider = new PkiTrustStoreProvider(TestUtil.CreateCertStore(Resources.PkiTrustProvider_CustomCertExpired),
CryptoTestFactory.CreateCertificateSubjectRdnSelector("[email protected]"));
PublicationsFile publicationsFile = TestUtil.GetPublicationsFile(Resources.PkiTrustProvider_PubsFileCustomCertExpired);
PkiVerificationFailedException ex = Assert.Throws <PkiVerificationFailedException>(delegate
{
trustStoreProvider.Verify(publicationsFile.GetSignedBytes(), publicationsFile.GetSignatureValue());
});
// separate error messages for Microsoft and Bouncy Castle
Assert.That(
ex.Message.StartsWith(
"Trust chain did not complete to the known authority anchor. Errors: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.") ||
(ex.Message.StartsWith("Could not build certificate path") &&
ex.InnerException.Message.StartsWith("Certification path could not be validated.") &&
ex.InnerException.InnerException.Message.StartsWith("Could not validate certificate: certificate expired on ")),
"Unexpected exception message: " + ex.Message);
}
