示例#1
0
        void Trust_FullChain(SecTrust trust, SecPolicy policy, X509CertificateCollection certs)
        {
            // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
            trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));

            SecTrustResult trust_result = SecTrustResult.Unspecified;
            var            ios9         = TestRuntime.CheckXcodeVersion(7, 0);
            var            ios10        = TestRuntime.CheckXcodeVersion(8, 0);
            var            ios11        = TestRuntime.CheckXcodeVersion(9, 0);

            if (ios10)
            {
                trust_result = SecTrustResult.FatalTrustFailure;
            }
            // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
            else if (ios9)
            {
                trust_result = SecTrustResult.RecoverableTrustFailure;
            }
            var result = Evaluate(trust, true);

            Assert.That(result, Is.EqualTo(trust_result), "Evaluate");

            // Evalute must be called prior to Count (Apple documentation)
            Assert.That(trust.Count, Is.EqualTo(3), "Count");

            using (SecCertificate sc1 = trust [0]) {
                // seems the leaf gets an extra one
                Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)");
            }
            using (SecCertificate sc2 = trust [1]) {
                Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)");
            }
            using (SecCertificate sc3 = trust [2]) {
                Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)");
            }

            if (TestRuntime.CheckXcodeVersion(5, 0))
            {
                Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult");

                trust.SetAnchorCertificates(certs);
                Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates");

                if (ios11)
                {
                    trust_result = SecTrustResult.Unspecified;
                }
                else
                {
                    trust_result = SecTrustResult.Invalid;
                }

                // since we modified the `trust` instance it's result was invalidated (marked as unspecified on iOS 11)
                Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult-2");
            }
        }
示例#2
0
        public void Ctor_Identity_Certificates()
        {
            TestRuntime.AssertSystemVersion(ApplePlatform.iOS, 7, 0, throwIfOtherPlatform: false);
            TestRuntime.AssertSystemVersion(ApplePlatform.MacOSX, 10, 10, throwIfOtherPlatform: false);

            using (var id = IdentityTest.GetIdentity())
                using (var trust = new SecTrust(id.Certificate, SecPolicy.CreateBasicX509Policy()))
                    using (var peer = new MCPeerID("me")) {
                        SecCertificate [] certs = new SecCertificate [trust.Count];
                        for (int i = 0; i < trust.Count; i++)
                        {
                            certs [i] = trust [i];
                        }

                        using (var s = new MCSession(peer, id, certs, MCEncryptionPreference.Required)) {
                            Assert.AreSame(s.MyPeerID, peer, "MyPeerID");
                            // it's a self-signed certificate that's used for the identity
                            // so it's not added twice to the collection being returned
                            Assert.That(s.SecurityIdentity.Count, Is.EqualTo((nuint)1), "SecurityIdentity");
                            Assert.That(s.SecurityIdentity.GetItem <SecIdentity> (0).Handle, Is.EqualTo(certs [0].Handle), "SecurityIdentity");
                            Assert.That(s.EncryptionPreference, Is.EqualTo(MCEncryptionPreference.Required), "EncryptionPreference");
                            Assert.That(s.ConnectedPeers, Is.Empty, "ConnectedPeers");
                        }
                    }
        }
示例#3
0
        public void Trust_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(x, policy)) {
                    Assert.That(CFGetRetainCount(trust.Handle), Is.EqualTo((nint)1), "RetainCount(trust)");
                    Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)2), "RetainCount(policy)");
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // the system was able to construct the chain based on the single certificate
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        Assert.True(trust.NetworkFetchAllowed, "NetworkFetchAllowed-1");
                        trust.NetworkFetchAllowed = false;
                        Assert.False(trust.NetworkFetchAllowed, "NetworkFetchAllowed-2");

                        trust.SetPolicy(policy);

                        var policies = trust.GetPolicies();
                        Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");
                        Assert.That(policies [0].Handle, Is.EqualTo(policy.Handle), "Handle");
                    }
                }
        }
示例#4
0
        public void Timestamps()
        {
            TestRuntime.AssertXcodeVersion(10, 1);             // old API exposed publicly

            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate2(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate2(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    var a = new NSArray <NSData> ();
                    var e = trust.SetSignedCertificateTimestamps(a);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "1");
                    a = null;
                    e = trust.SetSignedCertificateTimestamps(null);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "2");

                    var i = new NSData [0];
                    e = trust.SetSignedCertificateTimestamps(i);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "3");
                    i = null;
                    e = trust.SetSignedCertificateTimestamps(i);
                    Assert.That(e, Is.EqualTo(SecStatusCode.Success), "4");
                }
        }
示例#5
0
        public void Client_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(false, null))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // a host name is not meaningful for client certificates
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        // by default there's no *custom* anchors
                        Assert.Null(trust.GetCustomAnchorCertificates(), "GetCustomAnchorCertificates");

                        using (var results = trust.GetResult()) {
                            Assert.That(CFGetRetainCount(results.Handle), Is.EqualTo((nint)1), "RetainCount");

                            SecTrustResult value = (SecTrustResult)(int)(NSNumber)results [SecTrustResultKey.ResultValue];
                            Assert.That(value, Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "ResultValue");
                        }
                    }
                }
        }
示例#6
0
        public void InstallCertificate(string certificate)
        {
            if (certificate.StartsWith("http", StringComparison.CurrentCulture))
            {
                OpenUrlExternally(certificate);
            }

            //THIS CASE DOESN"T WORK YET, WE CAN ONLY ADD THE CERT TO THE KEYCHAIN BUT NOT PROMPT FOR TRUST
            else
            {
                NSData certData = NSData.FromUrl(new NSUrl(certificate));

                SecCertificate secCertificate = new SecCertificate(certData);

                SecRecord secRecord = new SecRecord(SecKind.Certificate);

                secRecord.SetValueRef(secCertificate);


                SecPolicy policy   = SecPolicy.CreateSslPolicy(true, "applocker.navy.mil");
                SecTrust  secTrust = new SecTrust(secCertificate, policy);
                //SecTrustResult results = secTrust.GetTrustResult();

                SecStatusCode code = SecKeyChain.Add(secRecord);
                Console.WriteLine(code);
            }
        }
示例#7
0
        public void NoHostName()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            // a null host name means "*" (accept any name) which is not stated in Apple documentation
            using (var policy = SecPolicy.CreateSslPolicy(true, null))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        using (var rev = SecPolicy.CreateRevocationPolicy(SecRevocation.UseAnyAvailableMethod)) {
                            List <SecPolicy> list = new List <SecPolicy> ()
                            {
                                policy, rev
                            };
                            trust.SetPolicies(list);

                            var policies = trust.GetPolicies();
                            Assert.That(policies.Length, Is.EqualTo(2), "Policies.Length");
                        }
                    }
                }
        }
示例#8
0
        void Trust_Leaf_Only(SecTrust trust, SecPolicy policy)
        {
            Assert.That(CFGetRetainCount(trust.Handle), Is.EqualTo((nint)1), "RetainCount(trust)");
            Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)2), "RetainCount(policy)");
            // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
            trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
            // the system was able to construct the chain based on the single certificate
            var expectedTrust = SecTrustResult.RecoverableTrustFailure;

#if __MACOS__
            if (!TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 9))
            {
                expectedTrust = SecTrustResult.Unspecified;
            }
#endif
            Assert.That(Evaluate(trust, true), Is.EqualTo(expectedTrust), "Evaluate");

#if __MACOS__
            var hasNetworkFetchAllowed = TestRuntime.CheckSystemVersion(PlatformName.MacOSX, 10, 9);
#else
            var hasNetworkFetchAllowed = TestRuntime.CheckXcodeVersion(5, 0);
#endif
            if (hasNetworkFetchAllowed)
            {
                Assert.True(trust.NetworkFetchAllowed, "NetworkFetchAllowed-1");
                trust.NetworkFetchAllowed = false;
                Assert.False(trust.NetworkFetchAllowed, "NetworkFetchAllowed-2");

                trust.SetPolicy(policy);

                var policies = trust.GetPolicies();
                Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");
                Assert.That(policies [0].Handle, Is.EqualTo(policy.Handle), "Handle");
            }
        }
示例#9
0
        public void Basic_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateBasicX509Policy())
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // SSL certs are a superset of the basic X509 profile
                    SecTrustResult result = SecTrustResult.RecoverableTrustFailure;
                    Assert.That(Evaluate(trust, result == SecTrustResult.RecoverableTrustFailure), Is.EqualTo(result), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        // call GetPolicies without a SetPolicy / SetPolicies
                        var policies = trust.GetPolicies();
                        Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");

                        using (var data = new NSData()) {
                            // we do not have an easy way to get the response but the API accepts an empty NSData
                            trust.SetOCSPResponse(data);
                        }
                    }
                }
        }
示例#10
0
        SecTrust GetTrust()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateBasicX509Policy())
                return(new SecTrust(x, policy));
        }
示例#11
0
        public void Ctor_Identity_Certificates()
        {
            if (!TestRuntime.CheckSystemAndSDKVersion(7, 0))
            {
                Assert.Ignore("requires iOS7+");
            }

            using (var id = IdentityTest.GetIdentity())
                using (var trust = new SecTrust(id.Certificate, SecPolicy.CreateBasicX509Policy()))
                    using (var peer = new MCPeerID("me")) {
                        SecCertificate [] certs = new SecCertificate [trust.Count];
                        for (int i = 0; i < trust.Count; i++)
                        {
                            certs [i] = trust [i];
                        }

                        using (var s = new MCSession(peer, id, certs, MCEncryptionPreference.Required)) {
                            Assert.AreSame(s.MyPeerID, peer, "MyPeerID");
                            // it's a self-signed certificate that's used for the identity
                            // so it's not added twice to the collection being returned
                            Assert.That(s.SecurityIdentity.Count, Is.EqualTo(1), "SecurityIdentity");
                            Assert.That(s.SecurityIdentity.GetItem <SecIdentity> (0).Handle, Is.EqualTo(certs [0].Handle), "SecurityIdentity");
                            Assert.That(s.EncryptionPreference, Is.EqualTo(MCEncryptionPreference.Required), "EncryptionPreference");
                            Assert.That(s.ConnectedPeers, Is.Empty, "ConnectedPeers");
                        }
                    }
        }
示例#12
0
        void Trust_NoRoot(SecTrust trust, SecPolicy policy)
        {
            // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
            trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
            // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
            // so it returns RecoverableTrustFailure and that affects the Count of trust later (it does not add to what we provided)
            var ios9   = TestRuntime.CheckXcodeVersion(7, 0);
            var result = Evaluate(trust, ios9);

            Assert.That(result, Is.EqualTo(ios9 ? SecTrustResult.RecoverableTrustFailure : SecTrustResult.Unspecified), "Evaluate");
            // Evalute must be called prior to Count (Apple documentation)
            Assert.That(trust.Count, Is.EqualTo(ios9 ? 2 : 3), "Count");

            using (SecKey pkey = trust.GetPublicKey()) {
                Assert.That(CFGetRetainCount(pkey.Handle), Is.GreaterThanOrEqualTo((nint)1), "RetainCount(pkey)");
            }
            if (TestRuntime.CheckXcodeVersion(12, 0))
            {
                using (SecKey key = trust.GetKey()) {
                    Assert.That(key.BlockSize, Is.EqualTo(128), "BlockSize");
                    Assert.That(CFGetRetainCount(key.Handle), Is.GreaterThanOrEqualTo((nint)1), "RetainCount(key)");
                }
            }
            if (TestRuntime.CheckXcodeVersion(10, 0))
            {
                Assert.False(trust.Evaluate(out var error), "Evaluate");
                Assert.NotNull(error, "error");
            }
        }
示例#13
0
        public void Trust2_FullChain()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.api_imgur_com));
            certs.Add(new X509Certificate2(CertificateTest.geotrust_dv_ssl_ca));
            certs.Add(new X509Certificate2(CertificateTest.geotrust_global_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "api.imgur.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on August 3rd, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecCertificate sc1 = trust [0]) {
                        // seems the leaf gets an extra one
                        Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                        Assert.That(sc1.SubjectSummary, Is.EqualTo("api.imgur.com"), "SubjectSummary(sc1)");
                    }
                    using (SecCertificate sc2 = trust [1]) {
                        Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                        Assert.That(sc2.SubjectSummary, Is.EqualTo("GeoTrust DV SSL CA"), "SubjectSummary(sc2)");
                    }
                    using (SecCertificate sc3 = trust [2]) {
                        Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                        Assert.That(sc3.SubjectSummary, Is.EqualTo("GeoTrust Global CA"), "SubjectSummary(sc3)");
                    }
                }
        }
示例#14
0
        public void HostName_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            // a bad hostname (mismatched) is recoverable (e.g. if you change policy)
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.xamarin.com"))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust, true), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "GetTrustResult");

                        using (var a = NSArray.FromNSObjects(policy))
                            trust.SetPolicies(a);

                        var policies = trust.GetPolicies();
                        Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");
                        Assert.That(policies [0].Handle, Is.EqualTo(policy.Handle), "Handle");

                        var trust_result = SecTrustResult.Invalid;
                        if (TestRuntime.CheckXcodeVersion(9, 0))
                        {
                            trust_result = SecTrustResult.RecoverableTrustFailure;                     // Result not invalidated starting with Xcode 9 beta 3.
                        }
                        // since we modified the `trust` instance it's result was invalidated
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(trust_result), "GetTrustResult-2");
                    }
                }
        }
示例#15
0
        public void Trust2_Leaf_Only()
        {
            X509Certificate2 x = new X509Certificate2(CertificateTest.api_imgur_com);

            using (var policy = SecPolicy.CreateSslPolicy(true, "api.imgur.com"))
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on August 3rd, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(CFGetRetainCount(trust.Handle), Is.EqualTo((nint)1), "RetainCount(trust)");
                    Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)2), "RetainCount(policy)");
                    // the system was able to construct the chain based on the single certificate
#if __WATCHOS__
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.RecoverableTrustFailure), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(1), "Count");
#else
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");
#endif

                    using (NSData data = trust.GetExceptions()) {
                        Assert.That(CFGetRetainCount(data.Handle), Is.EqualTo((nint)1), "RetainCount(data)");
                        Assert.False(trust.SetExceptions(null), "SetExceptions(null)");
                        Assert.True(trust.SetExceptions(data), "SetExceptions");
                    }
                }
        }
示例#16
0
		void CreatePolicy (NSString oid, NSString propertyOid = null)
		{
			string name = oid + ".";
			using (var policy = SecPolicy.CreatePolicy (oid, null)) {
				Assert.That (CFGetRetainCount (policy.Handle), Is.EqualTo ((nint) 1), name + "RetainCount");
				Assert.That (policy.GetProperties ().Values [0].ToString (), Is.EqualTo ((string) (propertyOid ?? oid)), name + "SecPolicyOid");
			}
		}
示例#17
0
 public void INativeObjects()
 {
     using (var policy = SecPolicy.CreateSslPolicy(true, "mail.xamarin.com")) {
         using (var a = NSArray.FromObjects(policy)) {
             var b = NSArray.ArrayFromHandle <SecPolicy> (a.Handle);
             Assert.AreNotSame(a, b);
         }
     }
 }
示例#18
0
        public void Trust_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(x, policy)) {
                    Trust_Leaf_Only(trust, policy);
                }
        }
示例#19
0
        public void CreateUnknownPolicy()
        {
            TestRuntime.AssertXcodeVersion(5, 0);

            using (var oid = new NSString("1.2.3.4")) {
                Assert.Throws <ArgumentException> (delegate {
                    SecPolicy.CreatePolicy(oid, null);
                });
            }
        }
示例#20
0
		public void CreateUnknownPolicy ()
		{
			TestRuntime.AssertXcodeVersion (5, 0);
			TestRuntime.AssertSystemVersion (PlatformName.MacOSX, 10, 9, throwIfOtherPlatform: false);

			using (var oid = new NSString ("1.2.3.4")) {
				Assert.Throws<ArgumentException> (delegate {
					SecPolicy.CreatePolicy (oid, null);
				});
			}
		}
示例#21
0
        public void Trust2_NoRoot()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate2(CertificateTest.thawte_sgc_ca));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    Trust_NoRoot(trust, policy);
                }
        }
示例#22
0
        public void Trust2_FullChain()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate2(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate2(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    Trust_FullChain(trust, policy, certs);
                }
        }
示例#23
0
        public void CreateUnknownPolicy()
        {
            if (!TestRuntime.CheckSystemAndSDKVersion(7, 0))
            {
                Assert.Inconclusive("requires iOS7");
            }

            using (var oid = new NSString("1.2.3.4")) {
                Assert.Throws <ArgumentException> (delegate {
                    SecPolicy.CreatePolicy(oid, null);
                });
            }
        }
示例#24
0
 public void Encrypt_New()
 {
     using (SecPolicy p = SecPolicy.CreateBasicX509Policy())
         using (SecTrust t = new SecTrust(c, p)) {
             // getting the public key won't (always) work if evaluate was not called
             t.Evaluate();
             using (SecKey pubkey = t.GetPublicKey()) {
                 byte[] plain = new byte [20];
                 byte[] secret;
                 Assert.That(pubkey.Encrypt(SecPadding.PKCS1, plain, out secret), Is.EqualTo(SecStatusCode.Success), "Encrypt");
                 Assert.That(secret.Length, Is.EqualTo(128), "secret.Length");
             }
         }
 }
示例#25
0
 public void Encrypt_Old()
 {
     // the old API was not working but the crash was fixed, still you need to provide an adequatly sized buffer
     using (SecPolicy p = SecPolicy.CreateBasicX509Policy())
         using (SecTrust t = new SecTrust(c, p)) {
             // getting the public key won't (always) work if evaluate was not called
             t.Evaluate();
             using (SecKey pubkey = t.GetPublicKey()) {
                 byte[] plain  = new byte [20];
                 byte[] cipher = new byte [pubkey.BlockSize];
                 Assert.That(pubkey.Encrypt(SecPadding.PKCS1, plain, cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt");
             }
         }
 }
示例#26
0
        public void RevocationPolicy()
        {
            TestRuntime.AssertXcodeVersion(5, 0);

            using (var policy = SecPolicy.CreateRevocationPolicy(SecRevocation.UseAnyAvailableMethod | SecRevocation.RequirePositiveResponse)) {
                Assert.That(policy.Handle, Is.Not.EqualTo(IntPtr.Zero), "Handle");
                Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)1), "RetainCount");

                using (var properties = policy.GetProperties()) {
                    Assert.That(properties.Handle, Is.Not.EqualTo(IntPtr.Zero), "Properties.Handle");
                    Assert.That(CFGetRetainCount(properties.Handle), Is.EqualTo((nint)1), "Properties.RetainCount");
                    Assert.That(properties.Count, Is.EqualTo((nuint)1), "Count");
                    Assert.That(properties [SecPolicyPropertyKey.Oid].ToString(), Is.EqualTo("1.2.840.113635.100.1.21"), "SecPolicyOid");
                }
            }
        }
示例#27
0
		public void SslServerNoHost ()
		{
			using (var policy = SecPolicy.CreateSslPolicy (true, null)) {
				Assert.That (policy.Handle, Is.Not.EqualTo (IntPtr.Zero), "Handle");
				Assert.That (CFGetRetainCount (policy.Handle), Is.EqualTo ((nint) 1), "RetainCount");

				if (TestRuntime.CheckXcodeVersion (5, 0)) {
					using (var properties = policy.GetProperties ()) {
						Assert.That (properties.Handle, Is.Not.EqualTo (IntPtr.Zero), "Properties.Handle");
						Assert.That (CFGetRetainCount (properties.Handle), Is.EqualTo ((nint) 1), "Properties.RetainCount");
						Assert.That (properties.Count, Is.EqualTo ((nuint) 1), "Count");
						Assert.That (properties [SecPolicyPropertyKey.Oid].ToString (), Is.EqualTo ("1.2.840.113635.100.1.3"), "SecPolicyOid");
					}
				}
			}
		}
示例#28
0
        public void BasicX509Policy()
        {
            using (var policy = SecPolicy.CreateBasicX509Policy()) {
                Assert.That(policy.Handle, Is.Not.EqualTo(IntPtr.Zero), "Handle");
                Assert.That(CFGetRetainCount(policy.Handle), Is.EqualTo((nint)1), "RetainCount");

                if (TestRuntime.CheckSystemAndSDKVersion(7, 0))
                {
                    using (var properties = policy.GetProperties()) {
                        Assert.That(properties.Handle, Is.Not.EqualTo(IntPtr.Zero), "Properties.Handle");
                        Assert.That(CFGetRetainCount(properties.Handle), Is.EqualTo((nint)1), "Properties.RetainCount");
                        Assert.That(properties.Count, Is.EqualTo((nuint)1), "Count");
                        Assert.That(properties [SecPolicyPropertyKey.Oid].ToString(), Is.EqualTo("1.2.840.113635.100.1.2"), "SecPolicyOid");
                    }
                }
            }
        }
示例#29
0
        public void Trust_FullChain()
        {
            X509CertificateCollection certs = new X509CertificateCollection();

            certs.Add(new X509Certificate(CertificateTest.mail_google_com));
            certs.Add(new X509Certificate(CertificateTest.thawte_sgc_ca));
            certs.Add(new X509Certificate(CertificateTest.verisign_class3_root));
            using (var policy = SecPolicy.CreateSslPolicy(true, "mail.google.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // iOS9 is not fully happy with the basic constraints: `SecTrustEvaluate  [root AnchorTrusted BasicContraints]`
                    var ios9   = TestRuntime.CheckiOSSystemVersion(9, 0);
                    var result = Evaluate(trust, ios9);
                    Assert.That(result, Is.EqualTo(ios9 ? SecTrustResult.RecoverableTrustFailure : SecTrustResult.Unspecified), "Evaluate");

                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecCertificate sc1 = trust [0]) {
                        // seems the leaf gets an extra one
                        Assert.That(CFGetRetainCount(sc1.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc1)");
                        Assert.That(sc1.SubjectSummary, Is.EqualTo("mail.google.com"), "SubjectSummary(sc1)");
                    }
                    using (SecCertificate sc2 = trust [1]) {
                        Assert.That(CFGetRetainCount(sc2.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc2)");
                        Assert.That(sc2.SubjectSummary, Is.EqualTo("Thawte SGC CA"), "SubjectSummary(sc2)");
                    }
                    using (SecCertificate sc3 = trust [2]) {
                        Assert.That(CFGetRetainCount(sc3.Handle), Is.GreaterThanOrEqualTo((nint)2), "RetainCount(sc3)");
                        Assert.That(sc3.SubjectSummary, Is.EqualTo("Class 3 Public Primary Certification Authority"), "SubjectSummary(sc3)");
                    }

                    if (TestRuntime.CheckSystemAndSDKVersion(7, 0))
                    {
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(ios9 ? SecTrustResult.RecoverableTrustFailure : SecTrustResult.Unspecified), "GetTrustResult");

                        trust.SetAnchorCertificates(certs);
                        Assert.That(trust.GetCustomAnchorCertificates().Length, Is.EqualTo(certs.Count), "GetCustomAnchorCertificates");

                        // since we modified the `trust` instance it's result was invalidated
                        Assert.That(trust.GetTrustResult(), Is.EqualTo(SecTrustResult.Invalid), "GetTrustResult");
                    }
                }
        }
示例#30
0
        public void Trust2_NoRoot()
        {
            X509Certificate2Collection certs = new X509Certificate2Collection();

            certs.Add(new X509Certificate2(CertificateTest.api_imgur_com));
            certs.Add(new X509Certificate2(CertificateTest.geotrust_dv_ssl_ca));
            using (var policy = SecPolicy.CreateSslPolicy(true, "api.imgur.com"))
                using (var trust = new SecTrust(certs, policy)) {
                    // that certificate stopped being valid on August 3rd, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    Assert.That(Evaluate(trust), Is.EqualTo(SecTrustResult.Unspecified), "Evaluate");
                    // Evalute must be called prior to Count (Apple documentation)
                    Assert.That(trust.Count, Is.EqualTo(3), "Count");

                    using (SecKey pkey = trust.GetPublicKey()) {
                        Assert.That(CFGetRetainCount(pkey.Handle), Is.GreaterThanOrEqualTo((nint)1), "RetainCount(pkey)");
                    }
                }
        }