public void Ignores_issued_to_organization_if_no_organization_number()
{
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate(), string.Empty);
//Assert
Assert.Equal(CertificateValidationType.Valid, result.Type);
Assert.Contains("is a valid certificate", result.Message);
}
public void Returns_ok_if_valid()
{
//Arrange
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate());
//Assert
Assert.Equal(CertificateValidationType.Valid, result.Type);
Assert.Contains("is a valid certificate", result.Message);
}
public void Returns_fail_if_not_activated()
{
//Arrange
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.NotActivatedSelfSignedTestCertificate());
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("is not active until", result.Message);
}
public void Returns_fail_with_null_certificate()
{
//Arrange
//Act
var result = CertificateValidator.ValidateCertificate(null);
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("is null", result.Message);
}
public void Returns_fail_if_expired()
{
//Arrange
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate());
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("expired on", result.Message);
}
/// <summary>
/// The implementation of the interface ICertificateLookups function.
///
/// It takes the subject string and queries the ldap server for a certificate
/// that satifies the condition in the subject string.
///
/// Also implements a certificate cache, which removes unused certificates after 14 days.
/// </summary>
/// <param name="subject">The subject string of an OCES certificate.</param>
/// <returns>The certificate that satifies the conditions of the subject string.</returns>
public X509Certificate2 GetCertificate(CertificateSubject subject)
{
if (subject == null)
{
throw new ArgumentNullException("subject");
}
X509Certificate2 certificateToBeReturned;
if (!certiticateCache.TryGetValue(subject, out certificateToBeReturned))
{
LdapConnection ldapConnection = null;
try
{
ldapConnection = ConnectToServer();
LdapSearchResults results = Search(ldapConnection, subject);
certificateToBeReturned = GetCertificate(results, subject);
}
finally
{
if (ldapConnection != null)
{
ldapConnection.Disconnect();
}
}
// Check the certificate
// Check for activation date and expire date
// Check the certificate chain
CertificateValidator.ValidateCertificate(certificateToBeReturned);
// everything is okay, add it to the cache
this.certiticateCache.Set(subject, certificateToBeReturned);
}
else
{
// certificate found in cache
// check it is not expired
try
{
CertificateValidator.ValidateCertificate(certificateToBeReturned);
}
catch
{
// if any error is thrown, move the certificate from the cache
this.certiticateCache.Remove(subject);
// throw the original error
throw;
}
}
return(certificateToBeReturned);
}
public void Returns_ok_if_valid()
{
//Arrange
const string certificateOrganizationNumber = "984661185";
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate(), certificateOrganizationNumber);
//Assert
Assert.Equal(CertificateValidationType.Valid, result.Type);
Assert.Contains("is a valid certificate", result.Message);
}
public void Returns_fail_if_not_issued_to_organization_number()
{
//Arrange
const string certificateOrganizationNumber = "123456789";
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.TestIntegrasjonssertifikat(), certificateOrganizationNumber);
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("is not issued to organization number", result.Message);
}
public void Calls_validate_certificate_overload_with_no_organization_number()
{
//Arrange
const string organizationNumber = "988015814";
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), organizationNumber);
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("expired on", result.Message);
}
public void Returns_fail_with_null_certificate()
{
//Arrange
const string organizationNumber = "123456789";
//Act
var result = CertificateValidator.ValidateCertificate(null, organizationNumber);
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("var null", result.Message);
}
public void Returns_fail_if_not_activated()
{
//Arrange
const string certificateOrganizationNumber = "988015814";
//Act
var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.NotActivatedSelfSignedTestCertificate(), certificateOrganizationNumber);
//Assert
Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
Assert.Contains("aktiveres ikke før", result.Message);
}
/// <summary>
/// Performs a certificate chain validation
/// </summary>
/// <param name="certificate">the certificate to validate</param>
/// <param name="result">the object to store the result</param>
/// <exception cref="CheckCertificateChainUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception>
private void CheckCertificateChain(X509Certificate2 certificate, CertificateCheckResult result)
{
try {
CertificateValidator.ValidateCertificate(certificate, _defaultOCESrootCertificate);
result.RootCertificateAsRoot = true;
result.CertificateActivated = true;
result.CertificateValid = true;
} catch (CertificateFailedChainValidationException) {
result.RootCertificateAsRoot = false;
} catch (CertificateNotActiveException) {
result.CertificateActivated = false;
} catch (CertificateExpiredException) {
result.CertificateValid = false;
} catch (ArgumentNullException) {
throw;
} catch (CryptographicUnexpectedOperationException) {
throw;
} catch (CryptographicException) {
throw;
} catch (Exception e) {
throw new CheckCertificateChainUnexpectedException(e);
}
}
