public async Task <RevocationResult> CheckCrlRevocation(string host, X509Certificate peerCertificate)
{
BcX509Certificate bcPeerCertificate = _certificateParser.ReadCertificate(peerCertificate.Raw);
List <string> urls = GetCrlDistPoints(bcPeerCertificate);
if (!urls.Any())
{
_log.LogWarning("No urls present in crl distribution point extension for host {Host} certificate {CommonName}", host, peerCertificate.CommonName);
return(new RevocationResult("No urls present in crl distribution point extension"));
}
RevocationResult result = null;
foreach (var url in urls)
{
result = await GetCrlResponse(url, host, bcPeerCertificate);
if (result.Revoked.HasValue)
{
return(result);
}
}
return(result);
}
public async Task GetCertificateGoToSourceForStateAfterTimeoutAndReturnsValue()
{
A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01));
string issuer = "CN=ABC, O=ABC, S=LONDON, C=uk";
X509Certificate x509Certificate = A.Fake <X509Certificate>();
A.CallTo(() => x509Certificate.Issuer).Returns(issuer);
A.CallTo(() => x509Certificate.Subject).Returns(issuer);
A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates())
.Returns(Task.FromResult(new List <X509Certificate> {
x509Certificate
}));
X509Certificate certificate1 = await _rootCertificateLookUp.GetCertificate(issuer);
A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01).AddDays(7));
X509Certificate certificate2 = await _rootCertificateLookUp.GetCertificate(issuer);
Assert.That(certificate1, Is.Not.Null);
Assert.That(certificate1, Is.SameAs(certificate2));
A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()).MustHaveHappenedTwiceExactly();
}
public async Task <RevocationResult> CheckOcspRevocation(string host, X509Certificate peerCertificate, X509Certificate issuerCertificate)
{
BcX509Certificate bcPeerCertificate = _certificateParser.ReadCertificate(peerCertificate.Raw);
BcX509Certificate bcIssuerCertificate = _certificateParser.ReadCertificate(issuerCertificate.Raw);
List <string> urls = GetOcspEndPoints(bcPeerCertificate);
if (!urls.Any())
{
_log.LogWarning("No urls present in Authority Info Access extension for host {Host} certificate {CommonName}", host, peerCertificate.CommonName);
return(new RevocationResult("No urls present in Authority Info Access extension"));
}
RevocationResult result = null;
foreach (var url in urls)
{
result = await GetOcspResponse(url, host, bcPeerCertificate, bcIssuerCertificate);
if (result.Revoked.HasValue)
{
return(result);
}
}
return(result);
}
public async Task GetCertificatesGoesToOriginForStateOnFirstCallAndReturnsValue()
{
A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01));
string issuer = "CN=ABC, O=ABC, S=LONDON, C=uk";
X509Certificate x509Certificate = A.Fake <X509Certificate>();
A.CallTo(() => x509Certificate.Issuer).Returns(issuer);
A.CallTo(() => x509Certificate.Subject).Returns(issuer);
A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates())
.Returns(Task.FromResult(new List <X509Certificate> {
x509Certificate
}));
X509Certificate certificate = await _rootCertificateLookUp.GetCertificate(issuer);
Assert.That(certificate, Is.Not.Null);
A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()).MustHaveHappenedOnceExactly();
}
public async Task GetCertificatesCertificateDoesntExistReturnsNull()
{
A.CallTo(() => _clock.GetDateTimeUtc()).Returns(new DateTime(2018, 01, 01));
string issuer = "CN=ABC, O=ABC, S=LONDON, C=uk";
string issuer1 = "CN=ABC, O=ABC, S=NEWYORK, C=us";
X509Certificate x509Certificate = A.Fake <X509Certificate>();
A.CallTo(() => x509Certificate.Issuer).Returns(issuer);
A.CallTo(() => x509Certificate.Subject).Returns(issuer);
A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates())
.Returns(Task.FromResult(new List <X509Certificate> {
x509Certificate
}));
X509Certificate certificate = await _rootCertificateLookUp.GetCertificate(issuer1);
Assert.That(certificate, Is.Null);
A.CallTo(() => _rootCertificateProvider.GetRootCaCertificates()).MustHaveHappenedOnceExactly();
}
