public void TestClientCertAuthRootCertsError() { byte[] caData; using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client-ca.der")) using (var reader = new BinaryReader(stream)) { caData = reader.ReadBytes((int)stream.Length); } var rootCert = new X509Certificate2(caData); var auth = new ListenerCertificateAuthenticator(new X509Certificate2Collection(rootCert)); _listener = CreateListener(true, true, auth); TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null); // Create wrong client identity var id = TLSIdentity.CreateIdentity(false, new Dictionary <string, string>() { { Certificate.CommonNameAttribute, "daniel" } }, null, _store, ClientCertLabel, null); id.Should().NotBeNull(); RunReplication( _listener.LocalEndpoint(), ReplicatorType.PushAndPull, false, new ClientCertificateAuthenticator(id), true, _listener.TlsIdentity.Certs[0], (int)CouchbaseLiteError.TLSHandshakeFailed, //not TLSClientCertRejected as mac has.. CouchbaseLiteErrorType.CouchbaseLite ); TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null); _listener.Stop(); }
public void TestClientCertAuthenticatorRootCerts() { byte[] caData, clientData; using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client-ca.der")) using (var reader = new BinaryReader(stream)) { caData = reader.ReadBytes((int)stream.Length); } using (var stream = typeof(URLEndpointListenerTest).Assembly.GetManifestResourceStream("client.p12")) using (var reader = new BinaryReader(stream)) { clientData = reader.ReadBytes((int)stream.Length); } var rootCert = new X509Certificate2(caData); var auth = new ListenerCertificateAuthenticator(new X509Certificate2Collection(rootCert)); _listener = CreateListener(true, true, auth); var serverCert = _listener.TlsIdentity.Certs[0]; // Cleanup TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null); // Create client identity var id = TLSIdentity.ImportIdentity(_store, clientData, "123", ClientCertLabel, null); RunReplication( _listener.LocalEndpoint(), ReplicatorType.PushAndPull, false, new ClientCertificateAuthenticator(id), true, serverCert, 0, 0 ); TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null); _listener.Stop(); }
public void TestClientCertAuthWithCallback() { var auth = new ListenerCertificateAuthenticator((sender, cert) => { if (cert.Count != 1) { return(false); } return(cert[0].SubjectName.Name?.Replace("CN=", "") == "daniel"); }); var badAuth = new ListenerCertificateAuthenticator((sender, cert) => { return(cert.Count == 100); // Obviously fail }); _listener = CreateListener(true, true, auth); // User Identity TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null); var id = TLSIdentity.CreateIdentity(false, new Dictionary <string, string>() { { Certificate.CommonNameAttribute, "daniel" } }, null, _store, ClientCertLabel, null); RunReplication( _listener.LocalEndpoint(), ReplicatorType.PushAndPull, false, new ClientCertificateAuthenticator(id), false, _listener.TlsIdentity.Certs[0], 0, 0 ); RunReplication( _listener.LocalEndpoint(), ReplicatorType.PushAndPull, false, null, // Don't send client cert false, _listener.TlsIdentity.Certs[0], (int)CouchbaseLiteError.TLSHandshakeFailed, CouchbaseLiteErrorType.CouchbaseLite ); _listener.Stop(); _listener = CreateListener(true, true, badAuth); RunReplication( _listener.LocalEndpoint(), ReplicatorType.PushAndPull, false, new ClientCertificateAuthenticator(id), // send wrong client cert false, _listener.TlsIdentity.Certs[0], (int)CouchbaseLiteError.TLSHandshakeFailed, CouchbaseLiteErrorType.CouchbaseLite ); TLSIdentity.DeleteIdentity(_store, ClientCertLabel, null); }