public async Task AuthenticateAsyncWithModuleCAX509InScopeCacheFails()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var(caCert, caKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
var(issuedClientCert, issuedClientKeyPair) = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, caKeyPair, false, null, null);
IList <X509Certificate2> issuedClientCertChain = new List <X509Certificate2>()
{
caCert
};
IList <X509Certificate2> trustBundle = new List <X509Certificate2>()
{
caCert
};
string deviceId = "d1";
string moduleId = "MyIssuedTestClient";
string identity = FormattableString.Invariant($"{deviceId}/{moduleId}");
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
var clientCredentials = Mock.Of <ICertificateCredentials>(c =>
c.Identity == Mock.Of <IModuleIdentity>(i => i.DeviceId == deviceId && i.ModuleId == moduleId &&
i.Id == identity) &&
c.AuthenticationType == AuthenticationType.X509Cert &&
c.ClientCertificate == issuedClientCert && c.ClientCertificateChain == issuedClientCertChain);
var serviceIdentity = new ServiceIdentity(deviceId, moduleId, "1234", new string[0],
new ServiceAuthentication(ServiceAuthenticationType.CertificateAuthority), ServiceIdentityStatus.Enabled);
var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache.Object, UnderlyingAuthenticator, trustBundle, true);
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == identity), false)).ReturnsAsync(Option.Some(serviceIdentity));
Assert.False(await authenticator.AuthenticateAsync(clientCredentials));
}
public async Task AuthenticateAsyncWithEmptyChainDeviceCAX509InScopeCacheFails()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var caCert = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
var issuedClientCert = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, false, null, null);
IList <X509Certificate2> issuedClientCertChain = new List <X509Certificate2>()
{
}; // empty chain supplied
IList <X509Certificate2> trustBundle = new List <X509Certificate2>()
{
caCert
};
string deviceId = "different from CN";
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
var clientCredentials = Mock.Of <ICertificateCredentials>(
c =>
c.Identity == Mock.Of <IDeviceIdentity>(i => i.DeviceId == deviceId && i.Id == deviceId) &&
c.AuthenticationType == AuthenticationType.X509Cert &&
c.ClientCertificate == issuedClientCert && c.ClientCertificateChain == issuedClientCertChain);
var serviceIdentity = new ServiceIdentity(
deviceId,
"1234",
new string[0],
new ServiceAuthentication(ServiceAuthenticationType.CertificateAuthority),
ServiceIdentityStatus.Enabled);
var authenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache.Object, UnderlyingAuthenticator, trustBundle, true);
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId))).ReturnsAsync(Option.Some(serviceIdentity));
Assert.False(await authenticator.AuthenticateAsync(clientCredentials));
}
public void TestValidateCertificateAndChainSucceeds()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var caCert = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
var issuedClientCert = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, false, null, null);
Assert.True(CertificateHelper.ValidateClientCert(issuedClientCert, new List <X509Certificate2>()
{
caCert
}, Option.None <IList <X509Certificate2> >(), Logger.Factory.CreateLogger("something")));
}
public void TestIfCACertificate()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var(caCert, caKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
Assert.True(CertificateHelper.IsCACertificate(caCert));
var(clientCert, clientKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestClient", notBefore, notAfter, false);
Assert.False(CertificateHelper.IsCACertificate(clientCert));
var(issuedClientCert, issuedClientKeyPair) = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, caKeyPair, false, null, null);
Assert.False(CertificateHelper.IsCACertificate(issuedClientCert));
}
public void TestValidateTrustedCACertificateAndEmptyChainFails()
{
var notBefore = DateTime.Now.Subtract(TimeSpan.FromDays(2));
var notAfter = DateTime.Now.AddYears(1);
var(caCert, caKeyPair) = TestCertificateHelper.GenerateSelfSignedCert("MyTestCA", notBefore, notAfter, true);
var(issuedClientCert, issuedClientKeyPair) = TestCertificateHelper.GenerateCertificate("MyIssuedTestClient", notBefore, notAfter, caCert, caKeyPair, false, null, null);
IList <X509Certificate2> trustedCACerts = new List <X509Certificate2>()
{
caCert
};
Assert.False(CertificateHelper.ValidateClientCert(issuedClientCert, new List <X509Certificate2>()
{
}, Option.Some(trustedCACerts), Logger.Factory.CreateLogger("something")));
}
