public void TestClientCertAuthRootCertsError()
{
byte[] caData;
using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client-ca.der"))
using (var reader = new BinaryReader(stream)) {
caData = reader.ReadBytes((int)stream.Length);
}
var rootCert = new X509Certificate2(caData);
var auth = new ListenerCertificateAuthenticator(new X509Certificate2Collection(rootCert));
_listener = CreateListener(true, true, auth);
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
// Create wrong client identity
var id = TLSIdentity.CreateIdentity(false,
new Dictionary <string, string>()
{
{ Certificate.CommonNameAttribute, "daniel" }
},
null,
_store,
ClientCertLabel,
null);
id.Should().NotBeNull();
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
new ClientCertificateAuthenticator(id),
true,
_listener.TlsIdentity.Certs[0],
(int)CouchbaseLiteError.TLSHandshakeFailed, //not TLSClientCertRejected as mac has..
CouchbaseLiteErrorType.CouchbaseLite
);
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
_listener.Stop();
}
public void TestClientCertAuthenticatorRootCerts()
{
byte[] caData, clientData;
using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client-ca.der"))
using (var reader = new BinaryReader(stream)) {
caData = reader.ReadBytes((int)stream.Length);
}
using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client.p12"))
using (var reader = new BinaryReader(stream)) {
clientData = reader.ReadBytes((int)stream.Length);
}
var rootCert = new X509Certificate2(caData);
var auth = new ListenerCertificateAuthenticator(new X509Certificate2Collection(rootCert));
_listener = CreateListener(true, true, auth);
var serverCert = _listener.TlsIdentity.Certs[0];
// Cleanup
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
// Create client identity
var id = TLSIdentity.ImportIdentity(_store, clientData, "123", ClientCertLabel, null);
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
new ClientCertificateAuthenticator(id),
true,
serverCert,
0,
0
);
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
_listener.Stop();
}
public void TestClientCertAuthWithCallback()
{
var auth = new ListenerCertificateAuthenticator((sender, cert) =>
{
if (cert.Count != 1)
{
return(false);
}
return(cert[0].SubjectName.Name?.Replace("CN=", "") == "daniel");
});
var badAuth = new ListenerCertificateAuthenticator((sender, cert) =>
{
return(cert.Count == 100); // Obviously fail
});
_listener = CreateListener(true, true, auth);
// User Identity
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
var id = TLSIdentity.CreateIdentity(false,
new Dictionary <string, string>()
{
{ Certificate.CommonNameAttribute, "daniel" }
},
null,
_store,
ClientCertLabel,
null);
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
new ClientCertificateAuthenticator(id),
false,
_listener.TlsIdentity.Certs[0],
0,
0
);
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
null, // Don't send client cert
false,
_listener.TlsIdentity.Certs[0],
(int)CouchbaseLiteError.TLSHandshakeFailed,
CouchbaseLiteErrorType.CouchbaseLite
);
_listener.Stop();
_listener = CreateListener(true, true, badAuth);
RunReplication(
_listener.LocalEndpoint(),
ReplicatorType.PushAndPull,
false,
new ClientCertificateAuthenticator(id), // send wrong client cert
false,
_listener.TlsIdentity.Certs[0],
(int)CouchbaseLiteError.TLSHandshakeFailed,
CouchbaseLiteErrorType.CouchbaseLite
);
TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null);
}
