public void ValidateCommonNamesTest() { X509 validCertInfo = new X509() { ClusterCertificateCommonNames = ConstructServerCns(new string[] { "hia", "bia" }, new string[] { "59EC792004C56225DD6691132C713194D28098F1", "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }), ServerCertificateCommonNames = ConstructServerCns(new string[] { "hia", "bia" }, new string[] { "59EC792004C56225DD6691132C713194D28098F1", "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }), ReverseProxyCertificateCommonNames = ConstructServerCns(new string[] { "hia", "bia" }, null), ClientCertificateCommonNames = new List <ClientCertificateCommonName>() { new ClientCertificateCommonName() { CertificateCommonName = "lolo", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }, new ClientCertificateCommonName() { CertificateCommonName = "biabia", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }, new ClientCertificateCommonName() { CertificateCommonName = "lala", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }, } }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(validCertInfo); }, null); // IT is supported for certs except reverseProxy cert X509 invalidCertInfo; invalidCertInfo = new X509() { ReverseProxyCertificateCommonNames = ConstructServerCns(new string[] { "hia" }, new string[] { "59EC792004C56225DD6691132C713194D28098F1" }), ClientCertificateCommonNames = new List <ClientCertificateCommonName>() { new ClientCertificateCommonName() { CertificateCommonName = "lolo", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }, new ClientCertificateCommonName() { CertificateCommonName = "biabia", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }, new ClientCertificateCommonName() { CertificateCommonName = "lala", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F2" }, } }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(invalidCertInfo); }, ClusterManagementErrorCode.UnsupportedIssuerThumbprintPair); // cns must not be nullOrWhitespace invalidCertInfo = new X509() { ClientCertificateCommonNames = new List <ClientCertificateCommonName>() { new ClientCertificateCommonName() { CertificateCommonName = " " }, } }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(invalidCertInfo); }, ClusterManagementErrorCode.InvalidCommonName); // Issuer thumbprints must be separated by comma invalidCertInfo = new X509() { ServerCertificateCommonNames = ConstructServerCns("hia", "59EC792004C56225DD6691132C713194D28098F1;59EC792004C56225DD6691132C713194D28098F2"), }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(invalidCertInfo); }, ClusterManagementErrorCode.InvalidCertificateIssuerThumbprints); // Issuer thumbprints must not dupe under the same cn invalidCertInfo = new X509() { ClientCertificateCommonNames = new List <ClientCertificateCommonName>() { new ClientCertificateCommonName() { CertificateCommonName = "lolo", CertificateIssuerThumbprint = "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F1" }, }, ServerCertificateCommonNames = ConstructServerCns("hia", "59EC792004C56225DD6691132C713194D28098F1,59EC792004C56225DD6691132C713194D28098F1"), }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(invalidCertInfo); }, ClusterManagementErrorCode.InvalidCertificateIssuerThumbprints); // Up to 2 CNs are supported, except client CN invalidCertInfo = new X509() { ClusterCertificateCommonNames = ConstructServerCns(new string[] { "hia", "bia", "zaa" }, null), }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(invalidCertInfo); }, ClusterManagementErrorCode.InvalidCommonNameCount); // no dupe CN is allowed for the same cert type, except client CN invalidCertInfo = new X509() { ClusterCertificateCommonNames = ConstructServerCns(new string[] { "hia", "hia" }, null), }; this.RunWrapper(delegate { SettingsValidator.ValidateCommonNames(invalidCertInfo); }, ClusterManagementErrorCode.DupeCommonNameNotAllowedForClusterCert); }