public void TestInvalidTrustDomain()
{
XkmsClient client = new XkmsClientImpl(TRUST_SERVICE_LOCATION);
try
{
client.validate("f00", this.invalidCertChain);
Assert.Fail();
}
catch (TrustDomainNotFoundException e)
{
// expected
}
}
public void TestInvalidChain()
{
XkmsClient client = new XkmsClientImpl(TRUST_SERVICE_LOCATION);
try
{
client.validate(TEST_TRUST_DOMAIN, this.invalidCertChain);
Assert.Fail();
}
catch (ValidationFailedException e)
{
// expected
}
}
public void TestInvalidChainValidWSSecuritySig()
{
X509Certificate2 serviceCertificate = new X509Certificate2(WS_SECURITY_CERT);
XkmsClient client = new XkmsClientImpl(TestXkms.TRUST_SERVICE_LOCATION);
client.configureWSSecurity(serviceCertificate, null);
try
{
client.validate("test", this.invalidCertChain);
Assert.Fail();
}
catch (ValidationFailedException e)
{
// expected
}
}
public void TestInvalidChainInvalidTslAuthn()
{
X509Certificate2 invalidSslCertificate = new X509Certificate2(INVALID_SSL_CERT_PATH);
XkmsClient client = new XkmsClientImpl(TRUST_SERVICE_LOCATION_SSL);
client.configureSsl(invalidSslCertificate);
try
{
client.validate(TEST_TRUST_DOMAIN, this.invalidCertChain);
Assert.Fail();
}
catch (SecurityNegotiationException e)
{
// expected
}
}
public void TestInvalidChainInvalidWSSecuritySig()
{
X509Certificate2 validCertificate = new X509Certificate2(WS_SECURITY_CERT);
AsymmetricCipherKeyPair keyPair = KeyStoreUtil.GenerateKeyPair();
X509Certificate2 serviceCertificate =
new X509Certificate2(DotNetUtilities.ToX509Certificate
(KeyStoreUtil.CreateCert(validCertificate.Subject, keyPair.Public, keyPair.Private)));
XkmsClient client = new XkmsClientImpl(TestXkms.TRUST_SERVICE_LOCATION);
client.configureWSSecurity(serviceCertificate, null);
try
{
client.validate("test", this.invalidCertChain);
Assert.Fail();
}
catch (MessageSecurityException e)
{
// expected
}
}