C# (CSharp) ExpectedCertificate примеры использования

Пример #1

Файл: TestCertValidator.cs Проект: hivie7510/csharptest-net

		public void TestValidUnexpectedCert()
		{
			ExpectedCertificate allowed = new ExpectedCertificate("Some public key", IgnorePolicyErrors.None);
			SslCertValidator validator = new SslCertValidator(allowed);

			Assert.IsTrue(validator.CertRequired);
			Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.None));
		}

Пример #2

Файл: TestCertValidator.cs Проект: git-thinh/CSharpTest.Net-source-v2.12.810.409

        public void TestValidUnexpectedCert()
        {
            ExpectedCertificate allowed   = new ExpectedCertificate("Some public key", IgnorePolicyErrors.None);
            SslCertValidator    validator = new SslCertValidator(allowed);

            Assert.IsTrue(validator.CertRequired);
            Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.None));
        }

Пример #3

Файл: TestCertValidator.cs Проект: hivie7510/csharptest-net

		public void TestValidAndExpectedCert()
		{
			ExpectedCertificate allowed = new ExpectedCertificate(_clientCert.Certificate.GetPublicKeyString(), IgnorePolicyErrors.None);
			SslCertValidator validator = new SslCertValidator(allowed);

			Assert.IsTrue(validator.CertRequired);
			Assert.IsTrue(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.None));
			Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
		}

Пример #4

Файл: TestCertValidator.cs Проект: git-thinh/CSharpTest.Net-source-v2.12.810.409

        public void TestValidAndExpectedCert()
        {
            ExpectedCertificate allowed   = new ExpectedCertificate(_clientCert.Certificate.GetPublicKeyString(), IgnorePolicyErrors.None);
            SslCertValidator    validator = new SslCertValidator(allowed);

            Assert.IsTrue(validator.CertRequired);
            Assert.IsTrue(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.None));
            Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
        }

Пример #5

Файл: TestCertValidator.cs Проект: hivie7510/csharptest-net

		public void TestAllowByIssuer()
		{
			ExpectedCertificate allowed = new ExpectedCertificate();
			allowed.IssuedTo = _clientCert.Certificate.Subject;
			allowed.IgnoredErrors = IgnorePolicyErrors.All;
			SslCertValidator validator = new SslCertValidator(allowed);

			Assert.IsTrue(validator.CertRequired);
			Assert.IsTrue(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
		}

Пример #6

Файл: TestCertValidator.cs Проект: hivie7510/csharptest-net

		public void TestAllowAnyTrustedCert()
		{
			ExpectedCertificate allowed = new ExpectedCertificate();
			allowed.IgnoredErrors = IgnorePolicyErrors.NameMismatch;
			SslCertValidator validator = new SslCertValidator(allowed);

			Assert.IsTrue(validator.CertRequired);
			Assert.IsTrue(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateNameMismatch));
			Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
		}

Пример #7

Файл: TestCertValidator.cs Проект: git-thinh/CSharpTest.Net-source-v2.12.810.409

        public void TestAllowByHash()
        {
            ExpectedCertificate allowed = new ExpectedCertificate();

            allowed.Hash          = _clientCert.Certificate.GetCertHashString();
            allowed.IgnoredErrors = IgnorePolicyErrors.All;
            SslCertValidator validator = new SslCertValidator(allowed);

            Assert.IsTrue(validator.CertRequired);
            Assert.IsTrue(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
        }

Пример #8

Файл: TestCertValidator.cs Проект: git-thinh/CSharpTest.Net-source-v2.12.810.409

        public void TestAllowAnyTrustedCert()
        {
            ExpectedCertificate allowed = new ExpectedCertificate();

            allowed.IgnoredErrors = IgnorePolicyErrors.NameMismatch;
            SslCertValidator validator = new SslCertValidator(allowed);

            Assert.IsTrue(validator.CertRequired);
            Assert.IsTrue(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateNameMismatch));
            Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
        }

Пример #9

Файл: TestCertValidator.cs Проект: git-thinh/CSharpTest.Net-source-v2.12.810.409

        public void TestDenyByPublicKey()
        {
            ExpectedCertificate allowed = new ExpectedCertificate();

            allowed.PublicKey     = _serverCert.Certificate.GetPublicKeyString();
            allowed.IgnoredErrors = IgnorePolicyErrors.All;
            SslCertValidator validator = new SslCertValidator(allowed);

            Assert.IsTrue(validator.CertRequired);
            Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
        }

Пример #10

Файл: CertificateValidator.cs Проект: eveneveneven/Fm.EHF

        /// <summary>
        /// "When validating a signed response message, the sender Access Point SHOULD check
        ///  that the certificate in the response matches the metadata received from the Service
        ///  Metadata Publisher. This is done by comparing the subject common name in the
        ///  certificate to the value stated in the metadata. This check ensures that only the
        ///  legitimate Access Point stated in the service metadata will be able to produce
        ///  correct responses."
        /// </summary>
        /// <param name="certificate">The certificate to be checked.</param>
        private void ValidateAgainstExpectedCertificate(X509Certificate2 certificate)
        {
            // The same validator might also be used for communication with a START client. In
            // this case, no identifier is expected, and this validation step is skipped:
            if (ExpectedCertificate == null)
            {
                return;
            }

            if (!ExpectedCertificate.Equals(certificate))
            {
                throw new SecurityTokenValidationException("Validation failed. Certificate in the response does not match the metadata from the SMP.");
            }
        }

Пример #11

Файл: SslCertValidator.cs Проект: hivie7510/csharptest-net

		bool IsMatch(ExpectedCertificate allow, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
		{
			if (allow.IgnoredErrors == IgnorePolicyErrors.All || allow.IgnoredErrors == IgnorePolicyErrors.ChainErrors)
				sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateChainErrors;
			if (allow.IgnoredErrors == IgnorePolicyErrors.All || allow.IgnoredErrors == IgnorePolicyErrors.NameMismatch)
				sslPolicyErrors &= ~SslPolicyErrors.RemoteCertificateNameMismatch;

			if (sslPolicyErrors != SslPolicyErrors.None)
				return false;

			if (!String.IsNullOrEmpty(allow.IssuedTo) &&
				false == StringComparer.Ordinal.Equals(allow.IssuedTo, certificate.Subject))
				return false;

			if (!String.IsNullOrEmpty(allow.Hash) &&
				false == StringComparer.Ordinal.Equals(allow.Hash, certificate.GetCertHashString()))
				return false;

			if (!String.IsNullOrEmpty(allow.PublicKey) &&
				false == StringComparer.Ordinal.Equals(allow.PublicKey, certificate.GetPublicKeyString()))
				return false;

			return true;
		}

Пример #12

Файл: TestCertValidator.cs Проект: hivie7510/csharptest-net

		public void TestDenyByPublicKey()
		{
			ExpectedCertificate allowed = new ExpectedCertificate();
			allowed.PublicKey = _serverCert.Certificate.GetPublicKeyString();
			allowed.IgnoredErrors = IgnorePolicyErrors.All;
			SslCertValidator validator = new SslCertValidator(allowed);

			Assert.IsTrue(validator.CertRequired);
			Assert.IsFalse(validator.IsValid(null, _clientCert.Certificate, EmptyX509Chain, SslPolicyErrors.RemoteCertificateChainErrors));
		}

Пример #13

Файл: SslClient.cs Проект: hivie7510/csharptest-net

        /// <summary>
        /// Creates the client with the specified client certificiate and the expected server information
        /// </summary>
		public SslClient(string serverName, int bindingPort, X509Certificate certificate, ExpectedCertificate expectedCert)
			: this(serverName, bindingPort, certificate, new SslCertValidator(expectedCert))
		{ }

Пример #14

Файл: SslServer.cs Проект: hivie7510/csharptest-net

        /// <summary>
        /// Constructs the server with the specified certificate and optionally allowable client certificates
        /// </summary>
		public SslServer(string bindingName, int bindingPort, X509Certificate certificate, ExpectedCertificate[] allowClients)
			: base(bindingName, bindingPort)
		{
			_cert = certificate;
			_certVerify = new SslCertValidator(allowClients);
		}