public void LoadCertificate_PfxFileNotFound_Throws()
{
var loader = new CertificateConfigLoader(GetHostEnvironment());
var options = new CertificateConfigData
{
Path = TestResources.GetCertPath("missingfile.pfx"),
Password = "******"
};
if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
{
Assert.ThrowsAny <FileNotFoundException>(() => loader.LoadCertificate(options));
}
else
{
Assert.ThrowsAny <CryptographicException>(() => loader.LoadCertificate(options));
}
}
public void ThrowsForCertificatesMissingServerEku(string testCertName)
{
var certPath = TestResources.GetCertPath(testCertName);
TestOutputHelper.WriteLine("Loading " + certPath);
var cert = new X509Certificate2(certPath, "testPassword");
Assert.NotEmpty(cert.Extensions);
var eku = Assert.Single(cert.Extensions.OfType <X509EnhancedKeyUsageExtension>());
Assert.NotEmpty(eku.EnhancedKeyUsages);
var ex = Assert.Throws <InvalidOperationException>(() =>
new HttpsConnectionAdapter(new HttpsConnectionAdapterOptions
{
ServerCertificate = cert,
}));
Assert.Equal(CoreStrings.FormatInvalidServerCertificateEku(cert.Thumbprint), ex.Message);
}
public void ConfigureEndpoint_ThrowsWhen_The_PasswordIsMissing()
{
var serverOptions = CreateServerOptions();
var certificate = new X509Certificate2(TestResources.GetCertPath("https-aspnet.crt"));
var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
{
new KeyValuePair <string, string>("Endpoints:End1:Url", "https://*:5001"),
new KeyValuePair <string, string>("Certificates:Default:Path", Path.Combine("shared", "TestCertificates", "https-aspnet.crt")),
new KeyValuePair <string, string>("Certificates:Default:KeyPath", Path.Combine("shared", "TestCertificates", "https-aspnet.key"))
}).Build();
var ex = Assert.Throws <ArgumentException>(() =>
{
serverOptions
.Configure(config)
.Endpoint("End1", opt =>
{
Assert.True(opt.IsHttps);
}).Load();
});
}
public void FallsBackToHttpsConnectionAdapterCertificate()
{
var sniDictionary = new Dictionary <string, SniConfig>
{
{ "www.example.org", new SniConfig() }
};
var fallbackOptions = new HttpsConnectionAdapterOptions
{
ServerCertificate = new X509Certificate2(TestResources.GetCertPath("aspnetdevcert.pfx"), "testPassword")
};
var sniOptionsSelector = new SniOptionsSelector(
"TestEndpointName",
sniDictionary,
new MockCertificateConfigLoader(),
fallbackOptions,
fallbackHttpProtocols: HttpProtocols.Http1AndHttp2,
logger: Mock.Of <ILogger <HttpsConnectionMiddleware> >());
var(options, _) = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org");
Assert.Same(fallbackOptions.ServerCertificate, options.ServerCertificate);
}
public void ConfigureEndpointDevelopmentCertificateGetsLoadedWhenPresent()
{
try
{
var serverOptions = CreateServerOptions();
var certificate = new X509Certificate2(TestResources.GetCertPath("aspnetdevcert.pfx"), "aspnetdevcert", X509KeyStorageFlags.Exportable);
var bytes = certificate.Export(X509ContentType.Pkcs12, "1234");
var path = GetCertificatePath();
Directory.CreateDirectory(Path.GetDirectoryName(path));
File.WriteAllBytes(path, bytes);
var ran1 = false;
var config = new ConfigurationBuilder().AddInMemoryCollection(new[]
{
new KeyValuePair <string, string>("Endpoints:End1:Url", "https://*:5001"),
new KeyValuePair <string, string>("Certificates:Development:Password", "1234"),
}).Build();
serverOptions
.Configure(config)
.Endpoint("End1", opt =>
{
ran1 = true;
Assert.True(opt.IsHttps);
Assert.Equal(opt.HttpsOptions.ServerCertificate.SerialNumber, certificate.SerialNumber);
}).Load();
Assert.True(ran1);
Assert.NotNull(serverOptions.DefaultCertificate);
}
finally
{
if (File.Exists(GetCertificatePath()))
{
File.Delete(GetCertificatePath());
}
}
}
