private static void EnsureCertificateIsAllowedForServerAuth(X509Certificate2 certificate)
 {
     if (!CertificateLoader.IsCertificateAllowedForServerAuth(certificate))
     {
         throw new InvalidOperationException($@"Certificate {certificate.Thumbprint} cannot be used as an SSL server certificate. It has an Extended Key Usage extension but the usages do not include Server Authentication (OID 1.3.6.1.5.5.7.3.1).");
     }
 }
Esempio n. 2
0
        public void IsCertificateAllowedForServerAuth_AllowWithNoExtensions(string testCertName)
        {
            var certPath = TestResources.GetCertPath(testCertName);
            TestOutputHelper.WriteLine("Loading " + certPath);
            var cert = new X509Certificate2(certPath, "testPassword");
            Assert.Empty(cert.Extensions.OfType<X509EnhancedKeyUsageExtension>());

            Assert.True(CertificateLoader.IsCertificateAllowedForServerAuth(cert));
        }
Esempio n. 3
0
        public void IsCertificateAllowedForServerAuth_RejectsCertificatesMissingServerEku(string testCertName)
        {
            var certPath = TestResources.GetCertPath(testCertName);
            TestOutputHelper.WriteLine("Loading " + certPath);
            var cert = new X509Certificate2(certPath, "testPassword");
            Assert.NotEmpty(cert.Extensions);
            var eku = Assert.Single(cert.Extensions.OfType<X509EnhancedKeyUsageExtension>());
            Assert.NotEmpty(eku.EnhancedKeyUsages);

            Assert.False(CertificateLoader.IsCertificateAllowedForServerAuth(cert));
        }
Esempio n. 4
0
        public void IsCertificateAllowedForServerAuth_ValidatesEnhancedKeyUsageOnCertificate(string testCertName)
        {
            var certPath = TestResources.GetCertPath(testCertName);

            _output.WriteLine("Loading " + certPath);
            var cert = new X509Certificate2(certPath, "testPassword");

            Assert.NotEmpty(cert.Extensions);
            var eku = Assert.Single(cert.Extensions.OfType <X509EnhancedKeyUsageExtension>());

            Assert.NotEmpty(eku.EnhancedKeyUsages);

            Assert.True(CertificateLoader.IsCertificateAllowedForServerAuth(cert));
        }