Exemplo n.º 1
0
        public void ValidateChainedInValidEU()
        {
            var(root, intermediate, server, client) = SetupCerts();

            // we only accept client certs when the ValidateCertificateUse is true
            var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
                root, intermediate, server, client,
                X509RevocationFlag.ExcludeRoot,
                X509RevocationMode.NoCheck,
                true, true);

            var chain = new X509Chain
            {
                ChainPolicy = x509ChainPolicy
            };

            var certificateIsValid = chain.Build(server);

            Assert.False(certificateIsValid);

            if (!certificateIsValid)
            {
                var chainErrors = new List <X509ChainStatusFlags>();
                foreach (var validationFailure in chain.ChainStatus)
                {
                    chainErrors.Add(validationFailure.Status);
                }
                Assert.True(chainErrors.Contains(X509ChainStatusFlags.NotValidForUsage), "expect NotValidForUsage");
            }
        }
Exemplo n.º 2
0
        public void ValidateChainedValidityPeriodNotActive()
        {
            // certs are not active till the future
            var(root, intermediate, server, client) = SetupCerts();

            var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
                root, intermediate, server, client,
                X509RevocationFlag.ExcludeRoot,
                X509RevocationMode.NoCheck,
                true, true);

            var chain = new X509Chain
            {
                ChainPolicy = x509ChainPolicy
            };

            var certificateIsValid = chain.Build(client);

            Assert.False(certificateIsValid);

            if (!certificateIsValid)
            {
                var chainErrors = new List <X509ChainStatusFlags>();
                foreach (var validationFailure in chain.ChainStatus)
                {
                    chainErrors.Add(validationFailure.Status);
                }
                Assert.True(chainErrors.Contains(X509ChainStatusFlags.NotTimeValid), "expect NotValidForUsage");
            }
        }
Exemplo n.º 3
0
        public void ValidateChainedValid()
        {
            var(root, intermediate, server, client) = SetupCerts();

            var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
                root, intermediate, server, client,
                X509RevocationFlag.ExcludeRoot,
                X509RevocationMode.NoCheck,
                true, true);

            var chain = new X509Chain
            {
                ChainPolicy = x509ChainPolicy
            };

            var certificateIsValid = chain.Build(client);

            Assert.True(certificateIsValid);
        }
Exemplo n.º 4
0
        public void ValidateChainedInValidIntermediate()
        {
            var(root, intermediate, server, client) = SetupCerts();

            // we only accept client certs when the ValidateCertificateUse is true
            var x509ChainPolicy = BuildChainUtil.BuildChainPolicyChained(
                root, intermediate, server, client,
                X509RevocationFlag.ExcludeRoot,
                X509RevocationMode.NoCheck,
                true, true);

            var chain = new X509Chain
            {
                ChainPolicy = x509ChainPolicy
            };

            var certificateIsValid = chain.Build(intermediate);

            Assert.True(certificateIsValid);
        }