public void ParseCertificatesResponseInvalidCertificateShouldThrow()
{
ServerCertificateResponse cert = new ServerCertificateResponse()
{
Certificate = "InvalidCert"
};
Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(cert));
}
public void ValidateCertSuccess()
{
var trustedCACerts = Option.None <IList <X509Certificate2> >();
X509Certificate2 cert = TestCertificateHelper.GenerateSelfSignedCert("top secret");
(bool validated, Option <string> errors) = CertificateHelper.ValidateCert(cert, new[] { cert }, trustedCACerts);
Assert.True(validated);
Assert.False(errors.HasValue);
}
public void ParseCertificatesResponseInvalidCertificateShouldThrow()
{
var response = new CertificateResponse()
{
Certificate = "InvalidCert",
};
Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response));
}
public void ParseTrustedBundleFromFileRaisesExceptionWithInvalidTBFile()
{
string testFile = Path.GetRandomFileName();
Assert.Throws <ArgumentException>(() => CertificateHelper.ParseTrustedBundleFromFile(null));
Assert.Throws <ArgumentException>(() => CertificateHelper.ParseTrustedBundleFromFile(string.Empty));
Assert.Throws <ArgumentException>(() => CertificateHelper.ParseTrustedBundleFromFile(" "));
Assert.Throws <ArgumentException>(() => CertificateHelper.ParseTrustedBundleFromFile(testFile));
}
public void ParseECCCertificateAndKeyShouldReturnCertAndKey()
{
(X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateAndKey(TestCertificateHelper.ECCCertificatePem, TestCertificateHelper.ECCPrivateKeyPem);
var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem));
Assert.True(cert.HasPrivateKey);
Assert.Empty(chain);
}
public void ClientCertCallbackNullArgumentThrows()
{
var trustedCACerts = Option.None <IList <X509Certificate2> >();
Assert.Throws <ArgumentNullException>(() =>
CertificateHelper.ValidateClientCert(null, new List <X509Certificate2>(), trustedCACerts, Logger.Factory.CreateLogger("something")));
Assert.Throws <ArgumentNullException>(() =>
CertificateHelper.ValidateClientCert(new X509Certificate2(), null, trustedCACerts, Logger.Factory.CreateLogger("something")));
}
public void ValidateCertNoMatchFailure()
{
X509Certificate2 cert = TestCertificateHelper.GenerateSelfSignedCert("top secret");
X509Certificate2 root = TestCertificateHelper.GenerateSelfSignedCert("root");
(bool validated, Option <string> errors) = CertificateHelper.ValidateCert(cert, new[] { cert }, new[] { root });
Assert.False(validated);
Assert.True(errors.HasValue);
}
public void TestValidateCertificateWithCAExtentionFails()
{
var caCert = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", true);
Assert.False(CertificateHelper.ValidateClientCert(caCert, new List <X509Certificate2>()
{
caCert
}, Option.None <IList <X509Certificate2> >(), Logger.Factory.CreateLogger("something")));
}
public void ParseTrustBundleResponseWithMultipleCertReturnsNonEmptyList()
{
var response = new TrustBundleResponse()
{
Certificate = $"{TestCertificateHelper.CertificatePem}\n{TestCertificateHelper.CertificatePem}",
};
IEnumerable <X509Certificate2> certs = CertificateHelper.ParseTrustBundleResponse(response);
Assert.Equal(certs.Count(), 2);
}
public void ParseCertificatesResponseInvalidKeyShouldThrow()
{
var response = new ServerCertificateResponse()
{
Certificate = TestCertificateHelper.CertificatePem,
PrivateKey = "InvalidKey"
};
Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response));
}
public void ParseTrustBundleInvalidResponseReturnsEmptyList()
{
var response = new TrustBundleResponse()
{
Certificate = "somewhere over the rainbow",
};
IEnumerable <X509Certificate2> certs = CertificateHelper.ParseTrustBundleResponse(response);
Assert.Equal(certs.Count(), 0);
}
public void ParseTrustBundleEmptyResponseReturnsEmptyList()
{
var response = new TrustBundleResponse()
{
Certificate = " ",
};
IEnumerable <X509Certificate2> certs = CertificateHelper.ParseTrustBundleResponse(response);
Assert.Equal(certs.Count(), 0);
}
public void TestValidateCertificateWithFutureValidityFails()
{
var notBefore = DateTime.Now.AddYears(1);
var notAfter = DateTime.Now.AddYears(2);
var clientCert = TestCertificateHelper.GenerateSelfSignedCert("MyTestClient", notBefore, notAfter, false);
Assert.False(CertificateHelper.ValidateClientCert(clientCert, new List <X509Certificate2>()
{
clientCert
}, Option.None <IList <X509Certificate2> >(), Logger.Factory.CreateLogger("something")));
}
public void TestValidateCertificateWithExpiredValidityFails()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.Subtract(TimeSpan.FromDays(1));
var(clientCert, clientKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestClient", notBefore, notAfter, false);
Assert.False(CertificateHelper.ValidateClientCert(clientCert, new List <X509Certificate2>()
{
clientCert
}, Option.None <IList <X509Certificate2> >(), Logger.Factory.CreateLogger("something")));
}
public void ParseRSACertificateAndKeyShouldReturnCertAndKey()
{
TestCertificateHelper.GenerateSelfSignedCert("top secret").Export(X509ContentType.Cert);
(X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateAndKey(TestCertificateHelper.CertificatePem, TestCertificateHelper.PrivateKeyPem);
var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem));
Assert.Equal(expected, cert);
Assert.True(cert.HasPrivateKey);
Assert.Empty(chain);
}
public void ClientCertCallbackNullArgumentThrows()
{
var trustedCACerts = Option.None <IList <X509Certificate2> >();
X509Certificate2 cert = TestCertificateHelper.GenerateSelfSignedCert("top secret");
Assert.Throws <ArgumentNullException>(
() =>
CertificateHelper.ValidateClientCert(null, new List <X509Certificate2>(), trustedCACerts, Logger.Factory.CreateLogger("something")));
Assert.Throws <ArgumentNullException>(
() =>
CertificateHelper.ValidateClientCert(cert, null, trustedCACerts, Logger.Factory.CreateLogger("something")));
}
public void ClientCertCallbackNullArgumentThrows()
{
Assert.Throws <ArgumentNullException>(() =>
CertificateHelper.ValidateClientCert(null, new X509Chain(),
Option.Some <IList <X509Certificate2> >(new X509Certificate2[] { }), Logger.Factory.CreateLogger("something")));
Assert.Throws <ArgumentNullException>(() =>
CertificateHelper.ValidateClientCert(new X509Certificate2(), null,
Option.Some <IList <X509Certificate2> >(new X509Certificate2[] { }), Logger.Factory.CreateLogger("something")));
Assert.Throws <ArgumentNullException>(() =>
CertificateHelper.ValidateClientCert(new X509Certificate2(), new X509Chain(),
Option.Some <IList <X509Certificate2> >(new X509Certificate2[] { }), null));
}
public void TestValidateCertificateAndChainSucceeds()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var caCert = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
var issuedClientCert = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, false, null, null);
Assert.True(CertificateHelper.ValidateClientCert(issuedClientCert, new List <X509Certificate2>()
{
caCert
}, Option.None <IList <X509Certificate2> >(), Logger.Factory.CreateLogger("something")));
}
public void TestIfCACertificate()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var(caCert, caKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
Assert.True(CertificateHelper.IsCACertificate(caCert));
var(clientCert, clientKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestClient", notBefore, notAfter, false);
Assert.False(CertificateHelper.IsCACertificate(clientCert));
var(issuedClientCert, issuedClientKeyPair) = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, caKeyPair, false, null, null);
Assert.False(CertificateHelper.IsCACertificate(issuedClientCert));
}
public void ParseCertificatesResponseInvalidKeyShouldThrow()
{
var response = new CertificateResponse()
{
Certificate = TestCertificateHelper.CertificatePem,
Expiration = DateTime.UtcNow.AddDays(1),
PrivateKey = new PrivateKey()
{
Bytes = "InvalidKey"
}
};
Assert.Throws <InvalidOperationException>(() => CertificateHelper.ParseCertificateResponse(response));
}
public void ParseMultipleCertificateAndKeyShouldReturnCertAndKey()
{
TestCertificateHelper.GenerateSelfSignedCert("top secret").Export(X509ContentType.Cert);
string certificate = $"{TestCertificateHelper.CertificatePem}\n{TestCertificateHelper.CertificatePem}";
(X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateAndKey(certificate, TestCertificateHelper.PrivateKeyPemPkcs8);
var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem));
Assert.Equal(expected, cert);
Assert.True(cert.HasPrivateKey);
Assert.Single(chain);
Assert.Equal(expected, chain.First());
}
public void TestValidateTrustedCACertificateAndEmptyChainFails()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var(caCert, caKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
var(issuedClientCert, issuedClientKeyPair) = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, caKeyPair, false, null, null);
IList <X509Certificate2> trustedCACerts = new List <X509Certificate2>()
{
caCert
};
Assert.False(CertificateHelper.ValidateClientCert(issuedClientCert, new List <X509Certificate2>()
{
}, Option.Some(trustedCACerts), Logger.Factory.CreateLogger("something")));
}
public void ParseCertificatesResponseShouldReturnCert()
{
TestCertificateHelper.GenerateSelfSignedCert("top secret").Export(X509ContentType.Cert);
var response = new ServerCertificateResponse()
{
Certificate = $"{TestCertificateHelper.CertificatePem}\n{TestCertificateHelper.CertificatePem}",
PrivateKey = TestCertificateHelper.PrivateKeyPem
};
(X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateResponse(response);
var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem));
Assert.Equal(expected, cert);
Assert.True(cert.HasPrivateKey);
Assert.Single(chain);
Assert.Equal(expected, chain.First());
}
public void ParseCertificatesResponseShouldReturnCert()
{
TestCertificateHelper.GenerateSelfSignedCert("top secret").Export(X509ContentType.Cert);
var response = new CertificateResponse()
{
Certificate = $"{TestCertificateHelper.CertificatePem}\n{TestCertificateHelper.CertificatePem}",
Expiration = DateTime.UtcNow.AddDays(1),
PrivateKey = new PrivateKey()
{
Bytes = TestCertificateHelper.PrivateKeyPem
}
};
(X509Certificate2 cert, IEnumerable <X509Certificate2> chain) = CertificateHelper.ParseCertificateResponse(response);
var expected = new X509Certificate2(Encoding.UTF8.GetBytes(TestCertificateHelper.CertificatePem));
Assert.Equal(expected, cert);
Assert.True(cert.HasPrivateKey);
Assert.Equal(chain.Count(), 1);
Assert.Equal(expected, chain.First());
}
public void ExtractCertsNullArgumentFails()
{
Assert.Throws <ArgumentException>(() => CertificateHelper.ExtractCertsFromPem(null));
Assert.Throws <ArgumentException>(() => CertificateHelper.ExtractCertsFromPem(string.Empty));
}
public void ValidateCertNullArgumentsThrows()
{
Assert.Throws <ArgumentNullException>(() => CertificateHelper.ValidateCert(null, new X509Certificate2[] { }, new X509Certificate2[] { }));
Assert.Throws <ArgumentNullException>(() => CertificateHelper.ValidateCert(new X509Certificate2(), null, new X509Certificate2[] { }));
Assert.Throws <ArgumentNullException>(() => CertificateHelper.ValidateCert(new X509Certificate2(), new X509Certificate2[] { }, null));
}
public void GetCertsAtPathNullArgumentFails()
{
Assert.Throws <ArgumentException>(() => CertificateHelper.GetCertsAtPath(null));
Assert.Throws <ArgumentException>(() => CertificateHelper.GetCertsAtPath(""));
}
public void GetThumbprintNullCertThrows()
{
Assert.Throws <ArgumentNullException>(() => CertificateHelper.GetSha256Thumbprint(null));
}
public void ParseTrustBundleNullResponseRaisesException()
{
string response = null;
Assert.Throws <ArgumentNullException>(() => CertificateHelper.ParseTrustedBundleCerts(response));
}
