Example #1
0
        public void CannotCreateNonRevokedResultWithRevocationDate(EndCertificateStatus status, X509ChainStatusFlags flags)
        {
            var exception = Assert.Throws <ArgumentException>(
                () => CreateResult()
                .WithStatus(status)
                .WithStatusFlags(flags)
                .WithRevocationTime(new DateTime(2000, 1, 2))
                .Build());

            Assert.StartsWith($"End certificate revoked at 1/2/2000 12:00:00 AM but status is {status}", exception.Message);
        }
Example #2
0
 private static object[] ValidateSigningCertificateArguments(
     Func <CertificateIntegrationTestFixture, Task <X509Certificate2> > createCertificateFunc,
     DateTime signatureTime,
     EndCertificateStatus expectedCertificateStatus,
     PackageSignatureStatus expectedStatusForSignatureAtIngestion,
     PackageSignatureStatus expectedStatusForSignatureInGracePeriod,
     PackageSignatureStatus expectedStatusForSignatureAfterGracePeriod)
 {
     return(new object[]
     {
         createCertificateFunc,
         signatureTime,
         expectedCertificateStatus,
         expectedStatusForSignatureAtIngestion,
         expectedStatusForSignatureInGracePeriod,
         expectedStatusForSignatureAfterGracePeriod,
     });
 }
Example #3
0
        public async Task ValidateSigningCertificate(
            Func <CertificateIntegrationTestFixture, Task <X509Certificate2> > createCertificateFunc,
            DateTime signatureTime,
            EndCertificateStatus expectedCertificateStatus,
            PackageSignatureStatus expectedStatusForSignatureAtIngestion,
            PackageSignatureStatus expectedStatusForSignatureInGracePeriod,
            PackageSignatureStatus expectedStatusForSignatureAfterGracePeriod)
        {
            // Arrange
            var certificate = await createCertificateFunc(_fixture);

            var endCertificateKey = 123;
            var validationId      = Guid.NewGuid();

            var packageSigningState1 = new PackageSigningState {
                SigningStatus = PackageSigningStatus.Valid
            };
            var packageSigningState2 = new PackageSigningState {
                SigningStatus = PackageSigningStatus.Valid
            };
            var packageSigningState3 = new PackageSigningState {
                SigningStatus = PackageSigningStatus.Valid
            };

            var signatureAtIngestion = new PackageSignature
            {
                Status = PackageSignatureStatus.Unknown,
                Type   = PackageSignatureType.Author,
            };
            var signatureInGracePeriod = new PackageSignature
            {
                Status = PackageSignatureStatus.InGracePeriod,
                Type   = PackageSignatureType.Author,
            };
            var signatureAfterGracePeriod = new PackageSignature
            {
                Status = PackageSignatureStatus.Valid,
                Type   = PackageSignatureType.Author,
            };

            var trustedTimestamp1 = new TrustedTimestamp {
                Status = TrustedTimestampStatus.Valid, Value = signatureTime
            };
            var trustedTimestamp2 = new TrustedTimestamp {
                Status = TrustedTimestampStatus.Valid, Value = signatureTime
            };
            var trustedTimestamp3 = new TrustedTimestamp {
                Status = TrustedTimestampStatus.Valid, Value = signatureTime
            };

            var endCertificate = new EndCertificate
            {
                Key    = endCertificateKey,
                Status = EndCertificateStatus.Unknown,
                Use    = EndCertificateUse.CodeSigning,
                CertificateChainLinks = new CertificateChainLink[0],
            };

            var validation = new EndCertificateValidation
            {
                EndCertificateKey = endCertificateKey,
                ValidationId      = validationId,
                Status            = null,
                EndCertificate    = endCertificate
            };

            signatureAtIngestion.PackageSigningState      = packageSigningState1;
            signatureAtIngestion.EndCertificate           = endCertificate;
            signatureAtIngestion.TrustedTimestamps        = new[] { trustedTimestamp1 };
            signatureInGracePeriod.PackageSigningState    = packageSigningState2;
            signatureInGracePeriod.EndCertificate         = endCertificate;
            signatureInGracePeriod.TrustedTimestamps      = new[] { trustedTimestamp2 };
            signatureAfterGracePeriod.PackageSigningState = packageSigningState3;
            signatureAfterGracePeriod.EndCertificate      = endCertificate;
            signatureAfterGracePeriod.TrustedTimestamps   = new[] { trustedTimestamp3 };

            _context.Mock(
                packageSignatures: new[] { signatureAtIngestion, signatureInGracePeriod, signatureAfterGracePeriod },
                endCertificates: new[] { endCertificate },
                certificateValidations: new EndCertificateValidation[] { validation });

            _certificateStore.Setup(s => s.LoadAsync(It.IsAny <string>(), It.IsAny <CancellationToken>()))
            .Returns(Task.FromResult(certificate));

            // Act
            await _target.HandleAsync(new CertificateValidationMessage(certificateKey : endCertificateKey, validationId : validationId));

            // Assert
            Assert.Equal(expectedCertificateStatus, validation.Status);
            Assert.Equal(expectedCertificateStatus, endCertificate.Status);
            Assert.Equal(expectedStatusForSignatureAtIngestion, signatureAtIngestion.Status);
            Assert.Equal(expectedStatusForSignatureInGracePeriod, signatureInGracePeriod.Status);
            Assert.Equal(expectedStatusForSignatureAfterGracePeriod, signatureAfterGracePeriod.Status);

            _context.Verify(c => c.SaveChangesAsync(), Times.Once);
        }
        /// <summary>
        /// Create a new verification result.
        /// </summary>
        /// <param name="status">The determined status of the verified certificate.</param>
        /// <param name="statusFlags">The flags explaining the certificate's status.</param>
        /// <param name="statusUpdateTime">The time the revocation info was published.</param>
        /// <param name="revocationTime">The date the certificate was revoked, if applicable.</param>
        public CertificateVerificationResult(
            EndCertificateStatus status,
            X509ChainStatusFlags statusFlags,
            DateTime?statusUpdateTime = null,
            DateTime?revocationTime   = null)
        {
            if (revocationTime.HasValue &&
                status != EndCertificateStatus.Revoked &&
                status != EndCertificateStatus.Invalid)
            {
                throw new ArgumentException(
                          $"End certificate revoked at {revocationTime} but status is {status}",
                          nameof(status));
            }

            switch (status)
            {
            case EndCertificateStatus.Good:
                if (statusFlags != X509ChainStatusFlags.NoError)
                {
                    throw new ArgumentException(
                              $"Invalid flags '{statusFlags}' for status '{status}'",
                              nameof(statusFlags));
                }

                break;

            case EndCertificateStatus.Invalid:
                if (statusFlags == X509ChainStatusFlags.NoError)
                {
                    throw new ArgumentException(
                              $"Invalid flags '{statusFlags}' for status '{status}'",
                              nameof(statusFlags));
                }

                break;

            case EndCertificateStatus.Revoked:
                if ((statusFlags & X509ChainStatusFlags.Revoked) == 0)
                {
                    throw new ArgumentException(
                              $"Invalid flags '{statusFlags}' for status '{status}'",
                              nameof(statusFlags));
                }
                break;

            case EndCertificateStatus.Unknown:
                if ((statusFlags & (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation)) == 0)
                {
                    throw new ArgumentException(
                              $"Invalid flags '{statusFlags}' for status '{status}'",
                              nameof(statusFlags));
                }

                break;

            default:
                throw new ArgumentException($"Unknown status '{status}'", nameof(status));
            }

            Status           = status;
            StatusFlags      = statusFlags;
            StatusUpdateTime = statusUpdateTime;
            RevocationTime   = revocationTime;
        }
 public Builder WithStatus(EndCertificateStatus value)
 {
     _status = value;
     return(this);
 }