public void TestTBSSerialNumber_AssertTrue() { using (Stream stream = "X509.TBS.SerialNumber = 00F74F1C4FE4E1762E".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } using (Stream stream = "X509.TBS.SerialNumber = 00f74f1c4fe4e1762e".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } using (Stream stream = "X509.TBS.SerialNumber = f74f1c4fe4e1762e".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
private void ValidateCertButton_Click(object sender, RoutedEventArgs e) { if (string.IsNullOrEmpty(CertificateLocation.Text)) { return; } var ms = new MemoryStream(); var textRange = new TextRange(PolicyRichTextBox.Document.ContentStart, PolicyRichTextBox.Document.ContentEnd); textRange.Save(ms, DataFormats.Text); ms.Position = 0; var cert = new X509Certificate2(CertificateLocation.Text); ICompiler compiler = new StackMachineCompiler(); compiler.ReportModeEnabled = true; IPolicyFilter filter = new PolicyFilter(compiler, new StackMachine(), new SimpleTextV1LexiconPolicyParser()); var sb = new StringBuilder(); sb.Append("Validation run at ") .AppendLine(DateTime.Now.ToString("ddd, MMM d yyyy HH:mm:ss")) .AppendLine(); try { if (filter.IsCompliant(cert, ms)) { sb.Append("Certificate is compliant with the provided policy."); } else { sb.AppendLine("Certificate is NOT compliant with the provided policy.").AppendLine(); foreach (string item in compiler.CompiliationReport) { sb.AppendLine(item); } } } catch (PolicyRequiredException ex) { sb.AppendLine("Validation Successful") .AppendLine("Certificate is missing a required field \t") .AppendLine(ex.Message); } catch (PolicyGrammarException ex) { sb.AppendLine("Validation Failed:") .AppendLine("Error compiling policy\t") .AppendLine(ex.Message); } catch (Exception ex) { sb.AppendLine("Validation Failed:") .AppendLine("Error compiling or proccessing policy\t" + ex.Message) .AppendLine(ex.StackTrace); } ValidationResults.Text = sb.ToString(); }
public void TestTBSSerialNumber_AssertTrue() { using (Stream stream = "X509.TBS.SerialNumber = 00F74F1C4FE4E1762E".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } using (Stream stream = "X509.TBS.SerialNumber = 00f74f1c4fe4e1762e".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } using (Stream stream = "X509.TBS.SerialNumber = f74f1c4fe4e1762e".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void testCompliance_simpleTextLexicon_bitWiseOrIntegerCertValue_assertNotEquals() { using (Stream stream = "(X509.TBS.EXTENSION.KeyUsage | 255) != 224".ToStream()) { var cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestX509SignatureAlgorithm_Equals_AssertTrue() { using (Stream stream = "X509.Algorithm = 1.2.840.113549.1.1.5".ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void testCompliance_simpleTextLexicon_bitWiseAndIntegerCertValue_assertNotEquals() { using (Stream stream = "(X509.TBS.EXTENSION.KeyUsage & 200) != 224".ToStream()) { var cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionPolicy_OIDS_Empty_AssertTrue() { using (Stream stream = ("{}X509.TBS.EXTENSION.CertificatePolicies.PolicyOIDs").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionPolicy_PolicyURL_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.CertificatePolicies.CPSUrls {?} https://www.phicert.com/cps").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/policyMixedQualifier.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionExtendedKeyUsage_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.ExtKeyUsageSyntax {?} 1.3.6.1.5.5.7.3.4").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void testIsCompliant_missingEngine_assertException() { Mock<ICompiler> mockCompiler = new Mock<ICompiler>(); Mock<IPolicyExpression> mockExpression = new Mock<IPolicyExpression>(); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); PolicyFilter filter = new PolicyFilter(mockCompiler.Object, null); Action action = () => filter.IsCompliant(mockCert.Object, mockExpression.Object); action.ShouldThrow<InvalidOperationException>().WithMessage("Execution engine cannot be null"); }
public void TestExtensionAIA_OCSPLocation_Size_AssertTrue() { using (Stream stream = ("^X509.TBS.EXTENSION.AuthorityInfoAccessSyntax.OCSPLocation = 1").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/CernerDirectProviderCA.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionPolicy_Intersection_MultipleQueryOID_MultipleIntersection_AssertTrue() { using (Stream stream = ("^(X509.TBS.EXTENSION.CertificatePolicies.PolicyOIDs {}& 1.3.6.1.4.1.41179.0.1.2,1.3.6.1.4.1.41179.1.3) = 2").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/policyMixedQualifier.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void testIsCompliant_missingComplier_assertException() { Mock <IPolicyExpression> mockExpression = new Mock <IPolicyExpression>(); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); PolicyFilter filter = new PolicyFilter(null, null); Action action = () => filter.IsCompliant(mockCert.Object, mockExpression.Object); action.ShouldThrow <InvalidOperationException>().WithMessage("Compiler cannot be null"); }
public void TestExtensionBasicContraint_CA_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.BasicConstraints.CA = true").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/CernerDirect DevCert Provider CA.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestTBSPublicKeySize_AssertTrue() { using (Stream stream = ("X509.TBS.SubjectPublicKeyInfo.Size = 2024").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionSubjectAltName_NotEmpty_AssertTrue() { using (Stream stream = ("{}!X509.TBS.EXTENSION.SubjectAltName").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionSubjectKeyId_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.SubjectKeyIdentifier = e0f63ccfeb5ce3eef5c04efe8084c92bc628682c").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionAuthorityKeyIdent_KeyId_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.AuthorityKeyIdentifier.KeyId = 3aa0074b77b2493efb447de5ce6cd055085de3f0").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void testIsCompliant_engineReturnsCompliant_assertTrue() { Mock<ICompiler> mockCompiler = new Mock<ICompiler>(); Mock<IExecutionEngine> mockEngine = new Mock<IExecutionEngine>(); Mock<IPolicyExpression> mockExpression = new Mock<IPolicyExpression>(); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); mockEngine.Setup(e => e.Evaluate(It.IsAny<IList<IOpCode>>())).Returns(true); PolicyFilter filter = new PolicyFilter(mockCompiler.Object, mockEngine.Object); filter.IsCompliant(mockCert.Object, mockExpression.Object); }
public void TestTBSSubject_AssertTrue_WithState_ST() { using (Stream stream = ("(X509.TBS.Subject.CN {?} umesh) && (X509.TBS.Subject.C {?} US) && (X509.TBS.Subject.ST {?} Missouri) " + " && (X509.TBS.Subject.E {?} [email protected]) && (X509.TBS.Subject.OU {?} Medical Informatics)").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestTBSIssuer_AssertTrue_WithState_ST() { using (Stream stream = ("(X509.TBS.Issuer.CN {?} SimpleInterop) && (X509.TBS.Issuer.C {?} US) && (X509.TBS.Issuer.ST {?} Missouri) " + " && (X509.TBS.Issuer.E {?} [email protected]) && (X509.TBS.Issuer.OU {?} Medical Informatics)").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionAIA_URL_Caissues_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.AuthorityInfoAccessSyntax.Url " + "{?} caIssuers:http://ca.cerner.com/public/root.der").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/CernerDirectProviderCA.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestTBSIssuer_AssertTrue_WithState_S() { using (Stream stream = ("(X509.TBS.Issuer.CN {?} SimpleInterop) && (X509.TBS.Issuer.C {?} US) && (X509.TBS.Issuer.S {?} Missouri) " + " && (X509.TBS.Issuer.E {?} [email protected]) && (X509.TBS.Issuer.OU {?} Medical Informatics)").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void testIsCompliant_engineReturnsCompliant_assertTrue() { Mock <ICompiler> mockCompiler = new Mock <ICompiler>(); Mock <IExecutionEngine> mockEngine = new Mock <IExecutionEngine>(); Mock <IPolicyExpression> mockExpression = new Mock <IPolicyExpression>(); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); mockEngine.Setup(e => e.Evaluate(It.IsAny <IList <IOpCode> >())).Returns(true); PolicyFilter filter = new PolicyFilter(mockCompiler.Object, mockEngine.Object); filter.IsCompliant(mockCert.Object, mockExpression.Object); }
public void testIsCompliant_parse_engineReturnsCompliant_assertTrue() { using (Stream stream = File.OpenRead("./resources/policies/dataEnciphermentOnlyRequired.xml")) { Mock <ICompiler> mockCompiler = new Mock <ICompiler>(); Mock <IExecutionEngine> mockEngine = new Mock <IExecutionEngine>(); Mock <X509Certificate2> mockCert = new Mock <X509Certificate2>(); mockEngine.Setup(e => e.Evaluate(It.IsAny <IList <IOpCode> >())).Returns(true); PolicyFilter filter = new PolicyFilter(mockCompiler.Object, new XMLLexiconPolicyParser()); filter.IsCompliant(mockCert.Object, stream); } }
public void testIsCompliant_parse_engineReturnsCompliant_assertTrue() { using (Stream stream = File.OpenRead("./resources/policies/dataEnciphermentOnlyRequired.xml")) { Mock<ICompiler> mockCompiler = new Mock<ICompiler>(); Mock<IExecutionEngine> mockEngine = new Mock<IExecutionEngine>(); Mock<X509Certificate2> mockCert = new Mock<X509Certificate2>(); mockEngine.Setup(e => e.Evaluate(It.IsAny<IList<IOpCode>>())).Returns(true); PolicyFilter filter = new PolicyFilter(mockCompiler.Object, mockEngine.Object, new XMLLexiconPolicyParser()); filter.IsCompliant(mockCert.Object, stream); } }
public void TestTBSPublicKeySize_AssertTrue() { using (Stream stream = ("X509.TBS.SubjectPublicKeyInfo.Size = 2024").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionSubjectAltName_NotEmpty_AssertTrue() { using (Stream stream = ("{}!X509.TBS.EXTENSION.SubjectAltName").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionSubjectKeyId_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.SubjectKeyIdentifier = e0f63ccfeb5ce3eef5c04efe8084c92bc628682c").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionAuthorityKeyIdent_KeyId_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.AuthorityKeyIdentifier.KeyId = 3aa0074b77b2493efb447de5ce6cd055085de3f0").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionPolicy_PolicyURL_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.CertificatePolicies.CPSUrls {?} https://www.phicert.com/cps").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/policyMixedQualifier.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionBasicContraint_CA_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.BasicConstraints.CA = true").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/CernerDirect DevCert Provider CA.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionExtendedKeyUsage_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.ExtKeyUsageSyntax {?} 1.3.6.1.5.5.7.3.4").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/[email protected]"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionAIA_URL_Caissues_AssertTrue() { using (Stream stream = ("X509.TBS.EXTENSION.AuthorityInfoAccessSyntax.Url " + "{?} caIssuers:http://ca.cerner.com/public/root.der").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/CernerDirectProviderCA.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestTBSSubject_AssertTrue_WithState_ST() { using (Stream stream = ("(X509.TBS.Subject.CN {?} umesh) && (X509.TBS.Subject.C {?} US) && (X509.TBS.Subject.ST {?} Missouri) " + " && (X509.TBS.Subject.E {?} [email protected]) && (X509.TBS.Subject.OU {?} Medical Informatics)").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionPolicy_OIDS_Empty_AssertTrue() { using (Stream stream = ("{}X509.TBS.EXTENSION.CertificatePolicies.PolicyOIDs").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/umesh.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionPolicy_Intersection_MultipleQueryOID_MultipleIntersection_AssertTrue() { using (Stream stream = ("^(X509.TBS.EXTENSION.CertificatePolicies.PolicyOIDs {}& 1.3.6.1.4.1.41179.0.1.2,1.3.6.1.4.1.41179.1.3) = 2").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/policyMixedQualifier.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }
public void TestExtensionAIA_OCSPLocation_Size_AssertTrue() { using (Stream stream = ("^X509.TBS.EXTENSION.AuthorityInfoAccessSyntax.OCSPLocation = 1").ToStream()) { X509Certificate2 cert = new X509Certificate2(@"resources/certs/CernerDirectProviderCA.der"); IPolicyFilter filter = new PolicyFilter(new StackMachineCompiler(), new StackMachine(), new SimpleTextV1LexiconPolicyParser()); filter.IsCompliant(cert, stream).Should().BeTrue(); } }