public void GetRules_default_ones_and_injected()
{
//ARRANGE
CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
var rule2 = typeof(CertificateValidationRuleMock).AssemblyQualifiedName;
var rule3 = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName;
var ruleDescriptor = new ValidationRuleDescriptor(rule1);
var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
var ruleDescriptor3 = new ValidationRuleDescriptor(rule3);
configuration.ValidationRules.Add(ruleDescriptor);
configuration.ValidationRules.Add(ruleDescriptor2);
configuration.ValidationRules.Add(ruleDescriptor3);
//ACT
var rules = CertificateValidationRulesFactory.GetRules(configuration)
.ToList();
//ASSERT
Assert.AreEqual(5, rules.Count);
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(EffectiveDateRule)));
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(ExpirationDateRule)));
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleMock1)));
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleMock)));
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleFailedMock)));
}
public void RemoteCertificateValidationRulesTest()
{
//ARRANGE
var configuration = new CertificateValidationConfiguration
{
UsePinningValidation = false,
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new BackchannelCertificateValidator(configurationProvider);
var certificateStore = new X509Store("TestCertStore", StoreLocation.LocalMachine);
var validationResult = false;
//ACT
try
{
certificateStore.Open(OpenFlags.ReadOnly);
var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
var x509Chain = new X509Chain(true);
x509Chain.Build(certificate);
validationResult = validator.Validate(this, certificate, x509Chain, SslPolicyErrors.None);
}
finally
{
certificateStore.Close();
certificateStore.Dispose();
}
//ASSERT
Assert.True(validationResult);
}
public CertificateValidationConfiguration GetConfiguration(string federationPartyId)
{
var settings = this._dbContext.Set <FederationPartySettings>()
.Where(x => x.FederationPartyId == federationPartyId)
.Select(r => r.SecuritySettings)
.FirstOrDefault();
if (settings is null)
{
throw new InvalidOperationException(String.Format("No federationParty configuration found for federationPartyId: {0}", federationPartyId));
}
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = settings.X509CertificateValidationMode,
UsePinningValidation = settings.PinnedValidation,
BackchannelValidatorResolver = new Kernel.Data.TypeDescriptor(settings.PinnedTypeValidator)
};
var rules = settings.CertificateValidationRules.Where(x => x.Type != null)
.ToList();
rules.Aggregate(configuration.ValidationRules, (t, next) =>
{
t.Add(new ValidationRuleDescriptor(next.Type));
return(t);
});
return(configuration);
}
public CertificateValidationConfiguration GetConfiguration(string federationPartyId)
{
var settings = this._dbContext.Set <FederationPartySettings>()
.Where(x => x.FederationPartyId == federationPartyId)
.Select(r => new { r.SecuritySettings, Pins = r.CertificatePins.Select(p => new { p.PinType, p.Value, p.Algorithm }) })
.SingleOrDefault();
if (settings == null)
{
throw new InvalidOperationException(String.Format("No federationParty configuration found for federationPartyId: {0}", federationPartyId));
}
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = settings.SecuritySettings.X509CertificateValidationMode,
};
var rules = settings.SecuritySettings.CertificateValidationRules.Where(x => x.Type != null)
.ToList();
rules.Aggregate(configuration.ValidationRules, (t, next) =>
{
t.Add(new ValidationRuleDescriptor(next.Type));
return(t);
});
return(configuration);
}
public static IEnumerable <ICertificateValidationRule> GetRules(CertificateValidationConfiguration configuration)
{
var rules = ReflectionHelper.GetAllTypes(new[] { typeof(CertificateValidationRule).Assembly }, t =>
!t.IsAbstract && !t.IsInterface && typeof(ICertificateValidationRule).IsAssignableFrom(t))
.Select(t => (ICertificateValidationRule)Activator.CreateInstance(t));
return(rules);
}
public CertificateValidationConfiguration GetConfiguration(string federationPartyId)
{
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
return(configuration);
}
public CertificateValidationConfiguration GetConfiguration()
{
var settings = this._dbContext.Set <SecuritySettings>()
.First();
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = settings.X509CertificateValidationMode,
UsePinningValidation = settings.PinnedValidation
};
return(configuration);
}
private CertificateValidationConfiguration GetConfiguration()
{
if (this._configuration == null)
{
this._configuration = this._configurationProvider.GetConfiguration(this.FederationPartyId);
}
if (this._configuration == null)
{
throw new InvalidOperationException("CertificateValidationConfiguration is null!");
}
return(this._configuration);
}
public void RemoteCertificateValidationCallbackTest()
{
//ARRANGE
var configuration = new CertificateValidationConfiguration
{
UsePinningValidation = false,
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new BackchannelCertificateValidator(configurationProvider);
//ACT
//ASSERT
Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None));
}
public void GetRules_default_ones()
{
//ARRANGE
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
//ACT
var rules = CertificateValidationRulesFactory.GetRules(configuration)
.ToList();
//ASSERT
Assert.AreEqual(2, rules.Count);
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(EffectiveDateRule)));
Assert.IsTrue(rules.Any(x => x.GetType() == typeof(ExpirationDateRule)));
}
public void MetadataSerialisationCertificateTest_failed()
{
//ARRANGE
var store = new X509Store("TestCertStore");
try
{
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
var configuration = new CertificateValidationConfiguration
{
UsePinningValidation = false,
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
var rule2 = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName;
var ruleDescriptor = new ValidationRuleDescriptor(rule1);
var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
configuration.ValidationRules.Add(ruleDescriptor);
configuration.ValidationRules.Add(ruleDescriptor2);
configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new CertificateValidator(configurationProvider);
//ACT
//ASSERT
Assert.Throws <InvalidOperationException>(() => validator.Validate(certificate));
}
finally
{
store.Close();
store.Dispose();
}
}
public void MetadataSerialisationCertificateTest_success()
{
//ARRANGE
var logger = new LogProviderMock();
var store = new X509Store("TestCertStore");
try
{
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "www.eca-international.com", false)[0];
var configuration = new CertificateValidationConfiguration
{
X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
};
var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
var rule2 = typeof(CertificateValidationRuleMock).AssemblyQualifiedName;
var ruleDescriptor = new ValidationRuleDescriptor(rule1);
var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
configuration.ValidationRules.Add(ruleDescriptor);
configuration.ValidationRules.Add(ruleDescriptor2);
configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
var validator = new CertificateValidator(configurationProvider, logger);
//ACT
validator.Validate(certificate);
//ASSERT
}
finally
{
store.Close();
store.Dispose();
}
}
