public void GetRules_default_ones_and_injected() { //ARRANGE CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance; var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName; var rule2 = typeof(CertificateValidationRuleMock).AssemblyQualifiedName; var rule3 = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName; var ruleDescriptor = new ValidationRuleDescriptor(rule1); var ruleDescriptor2 = new ValidationRuleDescriptor(rule2); var ruleDescriptor3 = new ValidationRuleDescriptor(rule3); configuration.ValidationRules.Add(ruleDescriptor); configuration.ValidationRules.Add(ruleDescriptor2); configuration.ValidationRules.Add(ruleDescriptor3); //ACT var rules = CertificateValidationRulesFactory.GetRules(configuration) .ToList(); //ASSERT Assert.AreEqual(5, rules.Count); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(EffectiveDateRule))); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(ExpirationDateRule))); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleMock1))); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleMock))); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(CertificateValidationRuleFailedMock))); }
public void RemoteCertificateValidationRulesTest() { //ARRANGE var configuration = new CertificateValidationConfiguration { UsePinningValidation = false, X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration); var validator = new BackchannelCertificateValidator(configurationProvider); var certificateStore = new X509Store("TestCertStore", StoreLocation.LocalMachine); var validationResult = false; //ACT try { certificateStore.Open(OpenFlags.ReadOnly); var certificate = certificateStore.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0]; var x509Chain = new X509Chain(true); x509Chain.Build(certificate); validationResult = validator.Validate(this, certificate, x509Chain, SslPolicyErrors.None); } finally { certificateStore.Close(); certificateStore.Dispose(); } //ASSERT Assert.True(validationResult); }
public CertificateValidationConfiguration GetConfiguration(string federationPartyId) { var settings = this._dbContext.Set <FederationPartySettings>() .Where(x => x.FederationPartyId == federationPartyId) .Select(r => r.SecuritySettings) .FirstOrDefault(); if (settings is null) { throw new InvalidOperationException(String.Format("No federationParty configuration found for federationPartyId: {0}", federationPartyId)); } var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = settings.X509CertificateValidationMode, UsePinningValidation = settings.PinnedValidation, BackchannelValidatorResolver = new Kernel.Data.TypeDescriptor(settings.PinnedTypeValidator) }; var rules = settings.CertificateValidationRules.Where(x => x.Type != null) .ToList(); rules.Aggregate(configuration.ValidationRules, (t, next) => { t.Add(new ValidationRuleDescriptor(next.Type)); return(t); }); return(configuration); }
public CertificateValidationConfiguration GetConfiguration(string federationPartyId) { var settings = this._dbContext.Set <FederationPartySettings>() .Where(x => x.FederationPartyId == federationPartyId) .Select(r => new { r.SecuritySettings, Pins = r.CertificatePins.Select(p => new { p.PinType, p.Value, p.Algorithm }) }) .SingleOrDefault(); if (settings == null) { throw new InvalidOperationException(String.Format("No federationParty configuration found for federationPartyId: {0}", federationPartyId)); } var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = settings.SecuritySettings.X509CertificateValidationMode, }; var rules = settings.SecuritySettings.CertificateValidationRules.Where(x => x.Type != null) .ToList(); rules.Aggregate(configuration.ValidationRules, (t, next) => { t.Add(new ValidationRuleDescriptor(next.Type)); return(t); }); return(configuration); }
public static IEnumerable <ICertificateValidationRule> GetRules(CertificateValidationConfiguration configuration) { var rules = ReflectionHelper.GetAllTypes(new[] { typeof(CertificateValidationRule).Assembly }, t => !t.IsAbstract && !t.IsInterface && typeof(ICertificateValidationRule).IsAssignableFrom(t)) .Select(t => (ICertificateValidationRule)Activator.CreateInstance(t)); return(rules); }
public CertificateValidationConfiguration GetConfiguration(string federationPartyId) { var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; return(configuration); }
public CertificateValidationConfiguration GetConfiguration() { var settings = this._dbContext.Set <SecuritySettings>() .First(); var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = settings.X509CertificateValidationMode, UsePinningValidation = settings.PinnedValidation }; return(configuration); }
private CertificateValidationConfiguration GetConfiguration() { if (this._configuration == null) { this._configuration = this._configurationProvider.GetConfiguration(this.FederationPartyId); } if (this._configuration == null) { throw new InvalidOperationException("CertificateValidationConfiguration is null!"); } return(this._configuration); }
public void RemoteCertificateValidationCallbackTest() { //ARRANGE var configuration = new CertificateValidationConfiguration { UsePinningValidation = false, X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration); var validator = new BackchannelCertificateValidator(configurationProvider); //ACT //ASSERT Assert.Throws <NotImplementedException>(() => validator.Validate(null, null, null, System.Net.Security.SslPolicyErrors.None)); }
public void GetRules_default_ones() { //ARRANGE var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; CertificateValidationRulesFactory.InstanceCreator = ValidationRuleInstanceCreatorMock.CreateInstance; //ACT var rules = CertificateValidationRulesFactory.GetRules(configuration) .ToList(); //ASSERT Assert.AreEqual(2, rules.Count); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(EffectiveDateRule))); Assert.IsTrue(rules.Any(x => x.GetType() == typeof(ExpirationDateRule))); }
public void MetadataSerialisationCertificateTest_failed() { //ARRANGE var store = new X509Store("TestCertStore"); try { store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "ApiraTestCertificate", false)[0]; var configuration = new CertificateValidationConfiguration { UsePinningValidation = false, X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName; var rule2 = typeof(CertificateValidationRuleFailedMock).AssemblyQualifiedName; var ruleDescriptor = new ValidationRuleDescriptor(rule1); var ruleDescriptor2 = new ValidationRuleDescriptor(rule2); configuration.ValidationRules.Add(ruleDescriptor); configuration.ValidationRules.Add(ruleDescriptor2); configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1)); var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration); var validator = new CertificateValidator(configurationProvider); //ACT //ASSERT Assert.Throws <InvalidOperationException>(() => validator.Validate(certificate)); } finally { store.Close(); store.Dispose(); } }
public void MetadataSerialisationCertificateTest_success() { //ARRANGE var logger = new LogProviderMock(); var store = new X509Store("TestCertStore"); try { store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates.Find(X509FindType.FindBySubjectName, "www.eca-international.com", false)[0]; var configuration = new CertificateValidationConfiguration { X509CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom }; var rule1 = typeof(CertificateValidationRuleMock1).AssemblyQualifiedName; var rule2 = typeof(CertificateValidationRuleMock).AssemblyQualifiedName; var ruleDescriptor = new ValidationRuleDescriptor(rule1); var ruleDescriptor2 = new ValidationRuleDescriptor(rule2); configuration.ValidationRules.Add(ruleDescriptor); configuration.ValidationRules.Add(ruleDescriptor2); configuration.ValidationRules.Add(new ValidationRuleDescriptor(rule1)); var configurationProvider = new CertificateValidationConfigurationProvider(() => configuration); var validator = new CertificateValidator(configurationProvider, logger); //ACT validator.Validate(certificate); //ASSERT } finally { store.Close(); store.Dispose(); } }