public void GetCertificateChain_WhenCertChainNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => CertificateChainUtility.GetCertificateChain(x509Chain: null)); Assert.Equal("x509Chain", exception.ParamName); }
public void GetCertificateChain_WithUntrustedSelfIssuedCertificate_ReturnsChain() { using (var certificate = _fixture.GetDefaultCertificate()) { var logger = new TestLogger(); using (var chain = CertificateChainUtility.GetCertificateChain( certificate, new X509Certificate2Collection(), logger, CertificateType.Signature)) { Assert.Equal(1, chain.Count); Assert.NotSame(certificate, chain[0]); Assert.True(certificate.RawData.SequenceEqual(chain[0].RawData)); } Assert.Equal(0, logger.Errors); Assert.Equal(RuntimeEnvironmentHelper.IsWindows ? 1 : 2, logger.Warnings); SigningTestUtility.AssertUntrustedRoot(logger.LogMessages, LogLevel.Warning); if (!RuntimeEnvironmentHelper.IsWindows) { SigningTestUtility.AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning); } } }
public async Task GetTimestampAsync_AssertCompleteChain_SuccessAsync() { var timestampService = await _testFixture.GetDefaultTrustedTimestampServiceAsync(); var timestampProvider = new Rfc3161TimestampProvider(timestampService.Url); var nupkg = new SimpleTestPackageContext(); using (var authorCert = new X509Certificate2(_trustedTestCert.Source.Cert)) using (var packageStream = await nupkg.CreateAsStreamAsync()) { // Act AuthorPrimarySignature signature = await SignedArchiveTestUtility.CreateAuthorSignatureForPackageAsync(authorCert, packageStream, timestampProvider); var authorSignedCms = signature.SignedCms; var timestamp = signature.Timestamps.First(); var timestampCms = timestamp.SignedCms; IX509CertificateChain certificateChain; var chainBuildSuccess = true; // rebuild the chain to get the list of certificates using (var chainHolder = new X509ChainHolder()) { var chain = chainHolder.Chain; var policy = chain.ChainPolicy; policy.ApplicationPolicy.Add(new Oid(Oids.TimeStampingEku)); policy.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid; policy.RevocationFlag = X509RevocationFlag.ExcludeRoot; policy.RevocationMode = X509RevocationMode.Online; var timestampSignerCertificate = timestampCms.SignerInfos[0].Certificate; chainBuildSuccess = chain.Build(timestampSignerCertificate); certificateChain = CertificateChainUtility.GetCertificateChain(chain); } using (certificateChain) { // Assert authorSignedCms.Should().NotBeNull(); authorSignedCms.Detached.Should().BeFalse(); authorSignedCms.ContentInfo.Should().NotBeNull(); authorSignedCms.SignerInfos.Count.Should().Be(1); authorSignedCms.SignerInfos[0].UnsignedAttributes.Count.Should().Be(1); authorSignedCms.SignerInfos[0].UnsignedAttributes[0].Oid.Value.Should().Be(Oids.SignatureTimeStampTokenAttribute); timestampCms.Should().NotBeNull(); timestampCms.Detached.Should().BeFalse(); timestampCms.ContentInfo.Should().NotBeNull(); chainBuildSuccess.Should().BeTrue(); certificateChain.Count.Should().Be(timestampCms.Certificates.Count); foreach (var cert in certificateChain) { timestampCms.Certificates.Contains(cert).Should().BeTrue(); } } } }
public void Sertifikat_exception_on_invalid_certificate() { Assert.Throws <SertifikatException>( () => SenderCertificateValidator.ValidateAndThrowIfInvalid( GetAvsenderTestCertificate(), CertificateChainUtility.ProduksjonsSertifikater()) ); }
public void DebugMesages() { var i = 0; foreach (var certificate in CertificateChainUtility.FunksjoneltTestmiljøSertifikater()) { Trace.WriteLine($"{i++}: Issuer `{certificate.Issuer}`, thumbprint `{certificate.Thumbprint}`"); } }
public void GetCertificateChainForSigning_WhenLoggerNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => CertificateChainUtility.GetCertificateChainForSigning( new X509Certificate2(), new X509Certificate2Collection(), logger: null)); Assert.Equal("logger", exception.ParamName); }
public void GetCertificateChainForSigning_WhenExtraStoreNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => CertificateChainUtility.GetCertificateChainForSigning( new X509Certificate2(), extraStore: null, logger: NullLogger.Instance)); Assert.Equal("extraStore", exception.ParamName); }
public void BuildWithPolicy_WhenChainIsNull_Throws() { using (X509Certificate2 certificate = _fixture.GetDefaultCertificate()) { ArgumentNullException exception = Assert.Throws <ArgumentNullException>( () => CertificateChainUtility.BuildWithPolicy(chain: null, certificate)); Assert.Equal("chain", exception.ParamName); } }
public void BuildWithPolicy_WhenCertificateIsNull_Throws() { using (var chain = new X509Chain()) { ArgumentNullException exception = Assert.Throws <ArgumentNullException>( () => CertificateChainUtility.BuildWithPolicy(chain, certificate: null)); Assert.Equal("certificate", exception.ParamName); } }
public void Returns_ok_if_valid_certificate_and_chain() { //Arrange var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetPostenCertificate(), "984661185", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.Valid, result.Type); }
public void Returns_fail_if_invalid_certificate_chain() { //Arrange var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetValidSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); }
public void GetCertificateChain_WhenCertificateNull_Throws() { var exception = Assert.Throws <ArgumentNullException>( () => CertificateChainUtility.GetCertificateChain( certificate: null, extraStore: new X509Certificate2Collection(), logger: NullLogger.Instance, certificateType: CertificateType.Signature)); Assert.Equal("certificate", exception.ParamName); }
public void GetCertificateChain_WhenCertificateTypeUndefined_Throws() { var exception = Assert.Throws <ArgumentException>( () => CertificateChainUtility.GetCertificateChain( new X509Certificate2(), new X509Certificate2Collection(), NullLogger.Instance, (CertificateType)int.MaxValue)); Assert.Equal("certificateType", exception.ParamName); }
public void Returns_fail_if_self_signed_certificate() { //Arrange var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act var result = CertificateValidator.ValidateCertificateAndChainInternal(CertificateResource.UnitTests.GetValidSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); Assert.Contains("is invalid because the chain length is 1", result.Message); }
public void Returns_fail_if_certificate_error() { //Arrange var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act var result = CertificateValidator.ValidateCertificateAndChainInternal(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type); Assert.Contains("expired on", result.Message); }
public void Returnerer_initialisert_produksjonsmiljø_norsk_helsenett() { //Arrange var url = "https://meldingsformidler.nhn.digipost.no:4444/api/"; var miljø = Miljø.ProduksjonsmiljøNorskHelsenett; var sertifikater = CertificateChainUtility.ProduksjonsSertifikater(); //Act //Assert Assert.Equal(url, miljø.Url.ToString()); Assert.Equal(sertifikater, miljø.GodkjenteKjedeSertifikater); }
public void Valid_with_correct_root_and_intermediate() { //Arrange var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten(); var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater()); //Act var result = certificateChainValidator.Validate(productionCertificate); //Assert Assert.Equal(CertificateValidationType.Valid, result.Type); Assert.Contains("et gyldig sertifikat", result.Message); }
public void Fails_with_self_signed_certificate() { //Arrange var selfSignedCertificate = CertificateResource.UnitTests.GetEnhetstesterSelvsignertSertifikat(); var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater()); //Act var result = certificateChainValidator.Validate(selfSignedCertificate); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); Assert.Contains("sertifikatet er selvsignert", result.Message); }
public void Fails_with_wrong_root_and_intermediate() { //Arrange var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten(); //Act var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.FunksjoneltTestmiljøSertifikater()); var result = certificateChainValidator.Validate(productionCertificate); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); Assert.Contains("blir hentet fra Certificate Store på Windows", result.Message); }
public void Gets_initialize_localhost_environment() { //Arrange var url = new Uri("https://localhost:8443"); var certificates = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act var environment = Environment.Localhost; //Assert Assert.Equal(url, environment.Url); Assert.Equal(certificates, environment.AllowedChainCertificates); }
public void Gets_initialized_production_environment() { //Arrange var url = new Uri("https://api.signering.posten.no"); var certificates = CertificateChainUtility.ProduksjonsSertifikater(); //Act var environment = Environment.Production; //Assert Assert.Equal(url, environment.Url); Assert.Equal(certificates, environment.AllowedChainCertificates); }
public void Gets_initialized_difi_test_environment() { //Arrange var url = new Uri("https://api.difitest.signering.posten.no"); var certificates = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act var environment = Environment.DifiTest; //Assert Assert.Equal(url, environment.Url); Assert.Equal(certificates, environment.AllowedChainCertificates); }
public void ReturnererFireSertifikaterMedThumbprint() { //Arrange var sertifikater = CertificateChainUtility.ProduksjonsSertifikater(); //Act //Assert foreach (var sertifikat in sertifikater) { Assert.NotNull(sertifikat.Thumbprint); } }
public void Returnerer_initialisert_funksjonelt_testmiljø_norsk_helsenett() { //Arrange var url = "https://qaoffentlig.meldingsformidler.nhn.digipost.no:4445/api/"; var miljø = Miljø.FunksjoneltTestmiljøNorskHelsenett; var sertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act //Assert Assert.Equal(url, miljø.Url.AbsoluteUri); Assert.Equal(sertifikater, miljø.GodkjenteKjedeSertifikater); }
public void Returns_four_certificates_with_thumbprint() { //Arrange var certificates = CertificateChainUtility.ProduksjonsSertifikater(); //Act //Assert Assert.Equal(4, certificates.Count); foreach (var certificate in certificates) { Assert.NotNull(certificate.Thumbprint); } }
public void Returns_initialized_production_environment() { //Arrange var environment = Miljø.Produksjonsmiljø; const string url = "https://kontaktinfo-ws.difi.no/kontaktinfo-external/ws-v5"; var requestCertificates = CertificateChainUtility.ProduksjonsSertifikater(); var responseCertificates = CertificateChainUtility.ProduksjonsSertifikater(); //Act //Assert Assert.Equal(url, environment.Url.ToString()); Assert.Equal(requestCertificates, environment.GodkjenteKjedeSertifikaterForRequest); Assert.Equal(responseCertificates, environment.GodkjenteKjedeSertifikaterForRespons); }
public void Returns_initialized_functional_test_environment_ver1() { //Arrange var environment = Miljø.FunksjoneltTestmiljøVerifikasjon1; const string url = "https://kontaktinfo-ws-ver1.difi.no/kontaktinfo-external/ws-v5"; var requestCertificates = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); var responseCertificates = CertificateChainUtility.ProduksjonsSertifikater(); //Act //Assert Assert.Equal(url, environment.Url.AbsoluteUri); Assert.Equal(requestCertificates, environment.GodkjenteKjedeSertifikaterForRequest); Assert.Equal(responseCertificates, environment.GodkjenteKjedeSertifikaterForRespons); }
public void GetCertificateChain_WithUntrustedRoot_Throws() { using (var chainHolder = new X509ChainHolder()) using (var rootCertificate = SigningTestUtility.GetCertificate("root.crt")) using (var intermediateCertificate = SigningTestUtility.GetCertificate("intermediate.crt")) using (var leafCertificate = SigningTestUtility.GetCertificate("leaf.crt")) { var chain = chainHolder.Chain; var extraStore = new X509Certificate2Collection() { rootCertificate, intermediateCertificate }; var logger = new TestLogger(); var exception = Assert.Throws <SignatureException>( () => CertificateChainUtility.GetCertificateChain( leafCertificate, extraStore, logger, CertificateType.Signature)); Assert.Equal(NuGetLogCode.NU3018, exception.Code); Assert.Equal("Certificate chain validation failed.", exception.Message); Assert.Equal(1, logger.Errors); SigningTestUtility.AssertUntrustedRoot(logger.LogMessages, LogLevel.Error); SigningTestUtility.AssertRevocationStatusUnknown(logger.LogMessages, LogLevel.Warning); if (RuntimeEnvironmentHelper.IsWindows) { Assert.Equal(2, logger.Warnings); SigningTestUtility.AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning); } else if (RuntimeEnvironmentHelper.IsLinux) { #if NETCORE5_0 Assert.Equal(2, logger.Warnings); SigningTestUtility.AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning); #else Assert.Equal(1, logger.Warnings); #endif } else { Assert.Equal(1, logger.Warnings); } } }
private static bool IsValid(X509Certificate2 certificate, X509Certificate2Collection extraStore) { try { using (var chain = CertificateChainUtility.GetCertificateChain( certificate, extraStore, NullLogger.Instance, CertificateType.Signature)) { return(chain != null && chain.Count > 0); } } catch (SignatureException) { return(false); } }
public void GetCertificateListFromChain_ReturnsCertificatesInOrder() { using (var chainHolder = new X509ChainHolder()) using (var rootCertificate = SignTestUtility.GetCertificate("root.crt")) using (var intermediateCertificate = SignTestUtility.GetCertificate("intermediate.crt")) using (var leafCertificate = SignTestUtility.GetCertificate("leaf.crt")) { var chain = chainHolder.Chain; chain.ChainPolicy.ExtraStore.Add(rootCertificate); chain.ChainPolicy.ExtraStore.Add(intermediateCertificate); chain.Build(leafCertificate); var certificateChain = CertificateChainUtility.GetCertificateListFromChain(chain); Assert.Equal(3, certificateChain.Count); Assert.Equal(leafCertificate.Thumbprint, certificateChain[0].Thumbprint); Assert.Equal(intermediateCertificate.Thumbprint, certificateChain[1].Thumbprint); Assert.Equal(rootCertificate.Thumbprint, certificateChain[2].Thumbprint); } }