public void CleaningChainWithOnlyLeafThrowsException() { // when we clean a valid chain var certsChain = Data.LoadCerts(Data.TEST_PRE_CERT_SIGNED_BY_PRECA_INTERMEDIATE); var builtChain = CertificateChainBuilder.Build(certsChain); Assert.AreEqual(builtChain, null); }
public void ReallyLargeValidChainThrowsException() { var rootCert = Data.LoadCerts(Data.ELEVEN_CERTS_ROOT_CERT)[0]; var certsChain = Data.LoadCerts(Data.ELEVEN_CERTS_CHAIN); var builtChain = CertificateChainBuilder.Build(certsChain, rootCert); // when we clean a chain with more than 10 certs (inc root) Assert.IsTrue(builtChain.Count > 10); }
public void CleaningIncompleteChainThrowsException() { // when we clean a chain with missing certs (TestData.PRE_CERT_SIGNING_BY_INTERMEDIATE) var certsChain = Data.LoadCerts( Data.TEST_PRE_CERT_SIGNED_BY_PRECA_INTERMEDIATE, Data.INTERMEDIATE_CA_CERT); var builtChain = CertificateChainBuilder.Build(certsChain); Assert.AreEqual(builtChain, null); }
public void TrustedSelfSignedRootCertReturnsSuccessfully() { var rootCert = Data.LoadCerts(Data.SELF_SIGNED_ROOT_CERT)[0]; var certsChain = new[] { rootCert }; var builtChain = CertificateChainBuilder.Build(certsChain, rootCert); // then the expected chain is returned Assert.True(certsChain.SequenceEqual(builtChain)); }
public void TrustedCertInMiddleOfChainReturnsSuccessfully() { var certsChain = Data.LoadCerts( Data.TEN_CERTS_CHAIN); var trustedCert = certsChain[5]; var builtChain = CertificateChainBuilder.Build(certsChain, trustedCert); // then the expected chain is returned Assert.True(certsChain.SequenceEqual(builtChain)); }
public void CleaningOutOfOrderChainReturnsSuccessfully() { // when we clean a valid chain var certsChain = Data.LoadCerts( Data.TEST_PRE_CERT_SIGNED_BY_PRECA_INTERMEDIATE, Data.INTERMEDIATE_CA_CERT, Data.PRE_CERT_SIGNING_BY_INTERMEDIATE); var builtChain = CertificateChainBuilder.Build(certsChain); // then the expected chain is returned Assert.True(_expectedChain.SequenceEqual(builtChain)); }
public void OriginalChainAllowedWhenHostNotChecked() { var ctv = GetCertVerifier(_includeRandom); var rootCert = Data.LoadCerts(Data.TEST_MITMPROXY_ROOT_CERT); var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ORIGINAL_CHAIN); var certsChain = CertificateChainBuilder.Build(certsToCheck, rootCert.Single()); var result = ctv.IsValidAsync(BabylonHealthCom, certsChain, default).Result; Assert.IsTrue(result.Result == CtResult.DisabledForHost); }
public void MitmDisallowedWhenHostChecked() { var ctv = GetCertVerifier(_includeBabylon); var rootCert = Data.LoadCerts(Data.TEST_MITMPROXY_ROOT_CERT); var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ATTACK_CHAIN); var certsChain = CertificateChainBuilder.Build(certsToCheck, rootCert.Single()); var result = ctv.IsValidAsync(BabylonHealthCom, certsChain, default).Result; Assert.IsTrue(result.Result == CtResult.NoScts); }
public void ExcludeHostsRuleOnlyBlocksSpecifiedSubdomainMatching() { var ctv = GetCertVerifier(new[] { "*.*" }, new[] { DisallowedRandomCom }); var rootCert = Data.LoadCerts(Data.TEST_MITMPROXY_ROOT_CERT); var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ORIGINAL_CHAIN); var certsChain = CertificateChainBuilder.Build(certsToCheck, rootCert.Single()); var result = ctv.IsValidAsync(AllowedRandomCom, certsChain, default).Result; Assert.IsTrue(result.Result == CtResult.Trusted); }
public void IncludeHostsRuleMatchesSubdomain() { var ctv = GetCertVerifier(_includeRandom); var rootCert = Data.LoadCerts(Data.TEST_MITMPROXY_ROOT_CERT); var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ORIGINAL_CHAIN); var certsChain = CertificateChainBuilder.Build(certsToCheck, rootCert.Single()); var result = ctv.IsValidAsync(AllowedRandomCom, certsChain, default).Result; Assert.IsTrue(result.Result == CtResult.Trusted); }
public void OriginalChainDisallowedWhenNullLogs() { var ctv = GetCertVerifierNoLogs(_includeBabylon); var rootCert = Data.LoadCerts(Data.TEST_MITMPROXY_ROOT_CERT); var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ORIGINAL_CHAIN); var certsChain = CertificateChainBuilder.Build(certsToCheck, rootCert.Single()); var result = ctv.IsValidAsync(BabylonHealthCom, certsChain, default).Result; Assert.IsTrue(result.Result == CtResult.LogServersFailed); }
public void LargeValidChainReturnsSuccessfully() { var rootCert = Data.LoadCerts(Data.TEN_CERTS_ROOT_CERT)[0]; var certsChain = Data.LoadCerts(Data.TEN_CERTS_CHAIN); var builtChain = CertificateChainBuilder.Build(certsChain, rootCert); var expected = certsChain.ToList(); expected.Add(rootCert); // then the expected chain is returned Assert.True(expected.SequenceEqual(builtChain)); }
public void UntrustedCertificateThrowsException() { var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ATTACK_CHAIN); try { var certsChain = CertificateChainBuilder.Build(certsToCheck); Assert.AreEqual(certsChain, null); } catch { Assert.IsTrue(true); } }
public void OriginalChainDisallowedWhenOnlyOneSct() { var ctv = GetCertVerifier(_includeBabylon); var rootCert = Data.LoadCerts(Data.TEST_MITMPROXY_ROOT_CERT); var certsToCheck = Data.LoadCerts(Data.TEST_MITMPROXY_ORIGINAL_CHAIN); var certsChain = CertificateChainBuilder.Build(certsToCheck, rootCert.Single()); var certWithSingleSct = SingleSctOnly(certsChain.First()); certsChain.RemoveAt(0); certsChain.Insert(0, certWithSingleSct); var result = ctv.IsValidAsync(BabylonHealthCom, certsChain, default).Result; Assert.IsTrue(result.Result == CtResult.TooFewSctsTrusted); }