public void SelfSignedTest() { var chain = new X509Chain(); var trusted = new X509Certificate2Collection(); Assert.IsFalse(chain.Build(Certificates.SelfSigned)); Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SelfSigned, trusted)); trusted.Add(Certificates.SelfSigned); Assert.IsTrue(chain.VerifyWithExtraRoots(Certificates.SelfSigned, trusted)); Assert.IsFalse(chain.Build(Certificates.SelfSigned)); trusted.Clear(); Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SelfSigned, trusted)); Assert.IsFalse(chain.Build(Certificates.SelfSigned)); }
public void SelfSignedRootTest() { var chain = new X509Chain(); var trusted = new X509Certificate2Collection(); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned)); Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted)); trusted.Add(Certificates.SelfSigned); Assert.IsTrue(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted)); Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned)); trusted.Clear(); Assert.IsFalse(chain.VerifyWithExtraRoots(Certificates.SignedBySelfSigned, trusted)); Assert.IsFalse(chain.Build(Certificates.SignedBySelfSigned)); }
/// <summary> /// Validates the Conjur appliance certificate. /// <see cref="RemoteCertificateValidationCallback"/> /// </summary> /// <returns><c>true</c>, if certificate was valid, <c>false</c> otherwise.</returns> /// <param name="sender">Sender of the validation request.</param> /// <param name="certificate">Certificate to be validated.</param> /// <param name="chain">Certificate chain, as resolved by the system.</param> /// <param name="sslPolicyErrors">SSL policy errors from the system.</param> private bool ValidateCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { switch (sslPolicyErrors) { case SslPolicyErrors.RemoteCertificateChainErrors: return chain.VerifyWithExtraRoots(certificate, this.TrustedCertificates); case SslPolicyErrors.None: return true; default: return false; } }