public void GetRules_default_ones_and_injected()
        {
            //ARRANGE
            CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
            var configuration = new CertificateValidationConfiguration
            {
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };
            var rule1           = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
            var rule2           = typeof(CertificateValidationRuleMock).AssemblyQualifiedName;
            var rule3           = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName;
            var ruleDescriptor  = new ValidationRuleDescriptor(rule1);
            var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
            var ruleDescriptor3 = new ValidationRuleDescriptor(rule3);

            configuration.ValidationRules.Add(ruleDescriptor);
            configuration.ValidationRules.Add(ruleDescriptor2);
            configuration.ValidationRules.Add(ruleDescriptor3);
            //ACT
            var rules = CertificateValidationRulesFactory.GetRules(configuration)
                        .ToList();

            //ASSERT
            Assert.AreEqual(5, rules.Count);
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(EffectiveDateRule)));
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(ExpirationDateRule)));
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleMock1)));
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleMock)));
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleFailedMock)));
        }
예제 #2
0
        public void RemoteCertificateValidationRulesTest()
        {
            //ARRANGE
            var configuration = new CertificateValidationConfiguration
            {
                UsePinningValidation          = false,
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };
            var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
            var validator             = new BackchannelCertificateValidator(configurationProvider);

            var certificateStore = new X509Store("TestCertStore", StoreLocation.LocalMachine);
            var validationResult = false;

            //ACT
            try
            {
                certificateStore.Open(OpenFlags.ReadOnly);
                var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
                var x509Chain   = new X509Chain(true);
                x509Chain.Build(certificate);
                validationResult = validator.Validate(this, certificate, x509Chain, SslPolicyErrors.None);
            }
            finally
            {
                certificateStore.Close();
                certificateStore.Dispose();
            }
            //ASSERT
            Assert.True(validationResult);
        }
예제 #3
0
        public CertificateValidationConfiguration GetConfiguration(string federationPartyId)
        {
            var settings = this._dbContext.Set <FederationPartySettings>()
                           .Where(x => x.FederationPartyId == federationPartyId)
                           .Select(r => r.SecuritySettings)
                           .FirstOrDefault();

            if (settings is null)
            {
                throw new InvalidOperationException(String.Format("No federationParty configuration found for federationPartyId: {0}", federationPartyId));
            }

            var configuration = new CertificateValidationConfiguration
            {
                X509CertificateValidationMode = settings.X509CertificateValidationMode,
                UsePinningValidation          = settings.PinnedValidation,
                BackchannelValidatorResolver  = new Kernel.Data.TypeDescriptor(settings.PinnedTypeValidator)
            };
            var rules = settings.CertificateValidationRules.Where(x => x.Type != null)
                        .ToList();

            rules.Aggregate(configuration.ValidationRules, (t, next) =>
            {
                t.Add(new ValidationRuleDescriptor(next.Type));
                return(t);
            });
            return(configuration);
        }
        public CertificateValidationConfiguration GetConfiguration(string federationPartyId)
        {
            var settings = this._dbContext.Set <FederationPartySettings>()
                           .Where(x => x.FederationPartyId == federationPartyId)
                           .Select(r => new { r.SecuritySettings, Pins = r.CertificatePins.Select(p => new { p.PinType, p.Value, p.Algorithm }) })
                           .SingleOrDefault();

            if (settings == null)
            {
                throw new InvalidOperationException(String.Format("No federationParty configuration found for federationPartyId: {0}", federationPartyId));
            }

            var configuration = new CertificateValidationConfiguration
            {
                X509CertificateValidationMode = settings.SecuritySettings.X509CertificateValidationMode,
            };

            var rules = settings.SecuritySettings.CertificateValidationRules.Where(x => x.Type != null)
                        .ToList();

            rules.Aggregate(configuration.ValidationRules, (t, next) =>
            {
                t.Add(new ValidationRuleDescriptor(next.Type));
                return(t);
            });
            return(configuration);
        }
예제 #5
0
        public static IEnumerable <ICertificateValidationRule> GetRules(CertificateValidationConfiguration configuration)
        {
            var rules = ReflectionHelper.GetAllTypes(new[] { typeof(CertificateValidationRule).Assembly }, t =>
                                                     !t.IsAbstract && !t.IsInterface && typeof(ICertificateValidationRule).IsAssignableFrom(t))
                        .Select(t => (ICertificateValidationRule)Activator.CreateInstance(t));

            return(rules);
        }
        public CertificateValidationConfiguration GetConfiguration(string federationPartyId)
        {
            var configuration = new CertificateValidationConfiguration
            {
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };

            return(configuration);
        }
        public CertificateValidationConfiguration GetConfiguration()
        {
            var settings = this._dbContext.Set <SecuritySettings>()
                           .First();
            var configuration = new CertificateValidationConfiguration
            {
                X509CertificateValidationMode = settings.X509CertificateValidationMode,
                UsePinningValidation          = settings.PinnedValidation
            };

            return(configuration);
        }
        private CertificateValidationConfiguration GetConfiguration()
        {
            if (this._configuration == null)
            {
                this._configuration = this._configurationProvider.GetConfiguration(this.FederationPartyId);
            }
            if (this._configuration == null)
            {
                throw new InvalidOperationException("CertificateValidationConfiguration is null!");
            }

            return(this._configuration);
        }
예제 #9
0
        public void RemoteCertificateValidationCallbackTest()
        {
            //ARRANGE
            var configuration = new CertificateValidationConfiguration
            {
                UsePinningValidation          = false,
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };
            var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);
            var validator             = new BackchannelCertificateValidator(configurationProvider);

            //ACT

            //ASSERT
            Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None));
        }
        public void GetRules_default_ones()
        {
            //ARRANGE
            var configuration = new CertificateValidationConfiguration
            {
                X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
            };

            CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance;
            //ACT
            var rules = CertificateValidationRulesFactory.GetRules(configuration)
                        .ToList();

            //ASSERT
            Assert.AreEqual(2, rules.Count);
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(EffectiveDateRule)));
            Assert.IsTrue(rules.Any(x => x.GetType() == typeof(ExpirationDateRule)));
        }
예제 #11
0
        public void MetadataSerialisationCertificateTest_failed()
        {
            //ARRANGE
            var store = new X509Store("TestCertStore");

            try
            {
                store.Open(OpenFlags.ReadOnly);
                var certificate   = store.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0];
                var configuration = new CertificateValidationConfiguration
                {
                    UsePinningValidation          = false,
                    X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
                };

                var rule1           = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
                var rule2           = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName;
                var ruleDescriptor  = new ValidationRuleDescriptor(rule1);
                var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
                configuration.ValidationRules.Add(ruleDescriptor);
                configuration.ValidationRules.Add(ruleDescriptor2);

                configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
                var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);

                var validator = new CertificateValidator(configurationProvider);
                //ACT

                //ASSERT
                Assert.Throws <InvalidOperationException>(() => validator.Validate(certificate));
            }
            finally
            {
                store.Close();
                store.Dispose();
            }
        }
        public void MetadataSerialisationCertificateTest_success()
        {
            //ARRANGE
            var logger = new LogProviderMock();
            var store  = new X509Store("TestCertStore");

            try
            {
                store.Open(OpenFlags.ReadOnly);
                var certificate   = store.Certificates.Find(X509FindType.FindBySubjectName, "www.eca-international.com", false)[0];
                var configuration = new CertificateValidationConfiguration
                {
                    X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom
                };

                var rule1           = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName;
                var rule2           = typeof(CertificateValidationRuleMock).AssemblyQualifiedName;
                var ruleDescriptor  = new ValidationRuleDescriptor(rule1);
                var ruleDescriptor2 = new ValidationRuleDescriptor(rule2);
                configuration.ValidationRules.Add(ruleDescriptor);
                configuration.ValidationRules.Add(ruleDescriptor2);

                configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1));
                var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration);

                var validator = new CertificateValidator(configurationProvider, logger);
                //ACT
                validator.Validate(certificate);
                //ASSERT
            }
            finally
            {
                store.Close();
                store.Dispose();
            }
        }