Esempi in C# (CSharp) per X509ChainHolder

Esempio n. 1

File: CertificateChainUtilityTests.cs Progetto: bojanrajkovic/NuGet.Client

        public void GetCertificateChainForSigning_WithUntrustedRoot_Throws()
        {
            using (var chainHolder = new X509ChainHolder())
                using (var rootCertificate = SignTestUtility.GetCertificate("root.crt"))
                    using (var intermediateCertificate = SignTestUtility.GetCertificate("intermediate.crt"))
                        using (var leafCertificate = SignTestUtility.GetCertificate("leaf.crt"))
                        {
                            var chain      = chainHolder.Chain;
                            var extraStore = new X509Certificate2Collection()
                            {
                                rootCertificate, intermediateCertificate
                            };
                            var logger = new TestLogger();

                            var exception = Assert.Throws <SignatureException>(
                                () => CertificateChainUtility.GetCertificateChainForSigning(
                                    leafCertificate,
                                    extraStore,
                                    logger));

                            Assert.Equal(NuGetLogCode.NU3018, exception.Code);
                            Assert.Equal("Certificate chain validation failed.", exception.Message);

                            Assert.Equal(1, logger.Errors);
                            Assert.Equal(RuntimeEnvironmentHelper.IsWindows ? 2 : 1, logger.Warnings);

                            AssertUntrustedRoot(logger.LogMessages, LogLevel.Error);
                            AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning);

                            if (RuntimeEnvironmentHelper.IsWindows)
                            {
                                AssertRevocationStatusUnknown(logger.LogMessages, LogLevel.Warning);
                            }
                        }
        }

Esempio n. 2

        public async Task GetTimestampAsync_AssertCompleteChain_SuccessAsync()
        {
            var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync();

            var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url);
            var nupkg             = new SimpleTestPackageContext();

            using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert))
                using (var packageStream = await nupkg.CreateAsStreamAsync())
                {
                    // Act
                    AuthorPrimarySignature signature = await SignedArchiveTestUtility.CreateAuthorSignatureForPackageAsync(authorCert, packageStream, timestampProvider);

                    var authorSignedCms = signature.SignedCms;
                    var timestamp       = signature.Timestamps.First();
                    var timestampCms    = timestamp.SignedCms;
                    IX509CertificateChain certificateChain;
                    var chainBuildSuccess = true;

                    // rebuild the chain to get the list of certificates
                    using (var chainHolder = new X509ChainHolder())
                    {
                        var chain  = chainHolder.Chain;
                        var policy = chain.ChainPolicy;

                        policy.ApplicationPolicy.Add(new Oid(Oids.TimeStampingEku));
                        policy.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid;
                        policy.RevocationFlag    = X509RevocationFlag.ExcludeRoot;
                        policy.RevocationMode    = X509RevocationMode.Online;

                        var timestampSignerCertificate = timestampCms.SignerInfos[0].Certificate;
                        chainBuildSuccess = chain.Build(timestampSignerCertificate);
                        certificateChain  = CertificateChainUtility.GetCertificateChain(chain);
                    }

                    using (certificateChain)
                    {
                        // Assert
                        authorSignedCms.Should().NotBeNull();
                        authorSignedCms.Detached.Should().BeFalse();
                        authorSignedCms.ContentInfo.Should().NotBeNull();
                        authorSignedCms.SignerInfos.Count.Should().Be(1);
                        authorSignedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1);
                        authorSignedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttribute);

                        timestampCms.Should().NotBeNull();
                        timestampCms.Detached.Should().BeFalse();
                        timestampCms.ContentInfo.Should().NotBeNull();

                        chainBuildSuccess.Should().BeTrue();
                        certificateChain.Count.Should().Be(timestampCms.Certificates.Count);

                        foreach (var cert in certificateChain)
                        {
                            timestampCms.Certificates.Contains(cert).Should().BeTrue();
                        }
                    }
                }
        }

Esempio n. 3

        public void GetCertificateListFromChain_ReturnsCertificatesInOrder()
        {
            using (var chainHolder = new X509ChainHolder())
                using (var rootCertificate = SignTestUtility.GetCertificate("root.crt"))
                    using (var intermediateCertificate = SignTestUtility.GetCertificate("intermediate.crt"))
                        using (var leafCertificate = SignTestUtility.GetCertificate("leaf.crt"))
                        {
                            var chain = chainHolder.Chain;

                            chain.ChainPolicy.ExtraStore.Add(rootCertificate);
                            chain.ChainPolicy.ExtraStore.Add(intermediateCertificate);

                            chain.Build(leafCertificate);

                            var certificateChain = CertificateChainUtility.GetCertificateListFromChain(chain);

                            Assert.Equal(3, certificateChain.Count);
                            Assert.Equal(leafCertificate.Thumbprint, certificateChain[0].Thumbprint);
                            Assert.Equal(intermediateCertificate.Thumbprint, certificateChain[1].Thumbprint);
                            Assert.Equal(rootCertificate.Thumbprint, certificateChain[2].Thumbprint);
                        }
        }