public void ValidateChainedInValidEU() { var(root, intermediate, server, client) = SetupCerts(); // we only accept client certs when the ValidateCertificateUse is true var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained( root, intermediate, server, client, X509RevocationFlag.ExcludeRoot, X509RevocationMode.NoCheck, true, true); var chain = new X509Chain { ChainPolicy = x509ChainPolicy }; var certificateIsValid = chain.Build(server); Assert.False(certificateIsValid); if (!certificateIsValid) { var chainErrors = new List <X509ChainStatusFlags>(); foreach (var validationFailure in chain.ChainStatus) { chainErrors.Add(validationFailure.Status); } Assert.True(chainErrors.Contains(X509ChainStatusFlags.NotValidForUsage), "expect NotValidForUsage"); } }
public void ValidateChainedValidityPeriodNotActive() { // certs are not active till the future var(root, intermediate, server, client) = SetupCerts(); var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained( root, intermediate, server, client, X509RevocationFlag.ExcludeRoot, X509RevocationMode.NoCheck, true, true); var chain = new X509Chain { ChainPolicy = x509ChainPolicy }; var certificateIsValid = chain.Build(client); Assert.False(certificateIsValid); if (!certificateIsValid) { var chainErrors = new List <X509ChainStatusFlags>(); foreach (var validationFailure in chain.ChainStatus) { chainErrors.Add(validationFailure.Status); } Assert.True(chainErrors.Contains(X509ChainStatusFlags.NotTimeValid), "expect NotValidForUsage"); } }
public void ValidateChainedValid() { var(root, intermediate, server, client) = SetupCerts(); var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained( root, intermediate, server, client, X509RevocationFlag.ExcludeRoot, X509RevocationMode.NoCheck, true, true); var chain = new X509Chain { ChainPolicy = x509ChainPolicy }; var certificateIsValid = chain.Build(client); Assert.True(certificateIsValid); }
public void ValidateChainedInValidIntermediate() { var(root, intermediate, server, client) = SetupCerts(); // we only accept client certs when the ValidateCertificateUse is true var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained( root, intermediate, server, client, X509RevocationFlag.ExcludeRoot, X509RevocationMode.NoCheck, true, true); var chain = new X509Chain { ChainPolicy = x509ChainPolicy }; var certificateIsValid = chain.Build(intermediate); Assert.True(certificateIsValid); }