public void ValidateChainedInValidEU()
{
var(root, intermediate, server, client) = SetupCerts();
// we only accept client certs when the ValidateCertificateUse is true
var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
root, intermediate, server, client,
X509RevocationFlag.ExcludeRoot,
X509RevocationMode.NoCheck,
true, true);
var chain = new X509Chain
{
ChainPolicy = x509ChainPolicy
};
var certificateIsValid = chain.Build(server);
Assert.False(certificateIsValid);
if (!certificateIsValid)
{
var chainErrors = new List <X509ChainStatusFlags>();
foreach (var validationFailure in chain.ChainStatus)
{
chainErrors.Add(validationFailure.Status);
}
Assert.True(chainErrors.Contains(X509ChainStatusFlags.NotValidForUsage), "expect NotValidForUsage");
}
}
public void ValidateChainedValidityPeriodNotActive()
{
// certs are not active till the future
var(root, intermediate, server, client) = SetupCerts();
var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
root, intermediate, server, client,
X509RevocationFlag.ExcludeRoot,
X509RevocationMode.NoCheck,
true, true);
var chain = new X509Chain
{
ChainPolicy = x509ChainPolicy
};
var certificateIsValid = chain.Build(client);
Assert.False(certificateIsValid);
if (!certificateIsValid)
{
var chainErrors = new List <X509ChainStatusFlags>();
foreach (var validationFailure in chain.ChainStatus)
{
chainErrors.Add(validationFailure.Status);
}
Assert.True(chainErrors.Contains(X509ChainStatusFlags.NotTimeValid), "expect NotValidForUsage");
}
}
public void ValidateSelfSignedValid()
{
var(root, intermediate, server, client) = SetupCerts();
var x509ChainPolicy = BuildChainUtil.BuildChainPolicySelfSigned(root, true, true);
var chain = new X509Chain
{
ChainPolicy = x509ChainPolicy
};
var certificateIsValid = chain.Build(root);
Assert.True(certificateIsValid);
}
public void ValidateChainedValid()
{
var(root, intermediate, server, client) = SetupCerts();
var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
root, intermediate, server, client,
X509RevocationFlag.ExcludeRoot,
X509RevocationMode.NoCheck,
true, true);
var chain = new X509Chain
{
ChainPolicy = x509ChainPolicy
};
var certificateIsValid = chain.Build(client);
Assert.True(certificateIsValid);
}
public void ValidateChainedInValidIntermediate()
{
var(root, intermediate, server, client) = SetupCerts();
// we only accept client certs when the ValidateCertificateUse is true
var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
root, intermediate, server, client,
X509RevocationFlag.ExcludeRoot,
X509RevocationMode.NoCheck,
true, true);
var chain = new X509Chain
{
ChainPolicy = x509ChainPolicy
};
var certificateIsValid = chain.Build(intermediate);
Assert.True(certificateIsValid);
}
