示例#1
0
        public void Basic_Leaf_Only()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateBasicX509Policy())
                using (var trust = new SecTrust(x, policy)) {
                    // that certificate stopped being valid on September 30th, 2013 so we validate it with a date earlier than that
                    trust.SetVerifyDate(new DateTime(635108745218945450, DateTimeKind.Utc));
                    // SSL certs are a superset of the basic X509 profile
                    SecTrustResult result = SecTrustResult.RecoverableTrustFailure;
                    Assert.That(Evaluate(trust, result == SecTrustResult.RecoverableTrustFailure), Is.EqualTo(result), "Evaluate");

                    if (TestRuntime.CheckXcodeVersion(5, 0))
                    {
                        // call GetPolicies without a SetPolicy / SetPolicies
                        var policies = trust.GetPolicies();
                        Assert.That(policies.Length, Is.EqualTo(1), "Policies.Length");

                        using (var data = new NSData()) {
                            // we do not have an easy way to get the response but the API accepts an empty NSData
                            trust.SetOCSPResponse(data);
                        }
                    }
                }
        }
示例#2
0
        SecTrust GetTrust()
        {
            X509Certificate x = new X509Certificate(CertificateTest.mail_google_com);

            using (var policy = SecPolicy.CreateBasicX509Policy())
                return(new SecTrust(x, policy));
        }
示例#3
0
        public void Ctor_Identity_Certificates()
        {
            if (!TestRuntime.CheckSystemAndSDKVersion(7, 0))
            {
                Assert.Ignore("requires iOS7+");
            }

            using (var id = IdentityTest.GetIdentity())
                using (var trust = new SecTrust(id.Certificate, SecPolicy.CreateBasicX509Policy()))
                    using (var peer = new MCPeerID("me")) {
                        SecCertificate [] certs = new SecCertificate [trust.Count];
                        for (int i = 0; i < trust.Count; i++)
                        {
                            certs [i] = trust [i];
                        }

                        using (var s = new MCSession(peer, id, certs, MCEncryptionPreference.Required)) {
                            Assert.AreSame(s.MyPeerID, peer, "MyPeerID");
                            // it's a self-signed certificate that's used for the identity
                            // so it's not added twice to the collection being returned
                            Assert.That(s.SecurityIdentity.Count, Is.EqualTo(1), "SecurityIdentity");
                            Assert.That(s.SecurityIdentity.GetItem <SecIdentity> (0).Handle, Is.EqualTo(certs [0].Handle), "SecurityIdentity");
                            Assert.That(s.EncryptionPreference, Is.EqualTo(MCEncryptionPreference.Required), "EncryptionPreference");
                            Assert.That(s.ConnectedPeers, Is.Empty, "ConnectedPeers");
                        }
                    }
        }
示例#4
0
        public void Ctor_Identity_Certificates()
        {
            TestRuntime.AssertSystemVersion(ApplePlatform.iOS, 7, 0, throwIfOtherPlatform: false);
            TestRuntime.AssertSystemVersion(ApplePlatform.MacOSX, 10, 10, throwIfOtherPlatform: false);

            using (var id = IdentityTest.GetIdentity())
                using (var trust = new SecTrust(id.Certificate, SecPolicy.CreateBasicX509Policy()))
                    using (var peer = new MCPeerID("me")) {
                        SecCertificate [] certs = new SecCertificate [trust.Count];
                        for (int i = 0; i < trust.Count; i++)
                        {
                            certs [i] = trust [i];
                        }

                        using (var s = new MCSession(peer, id, certs, MCEncryptionPreference.Required)) {
                            Assert.AreSame(s.MyPeerID, peer, "MyPeerID");
                            // it's a self-signed certificate that's used for the identity
                            // so it's not added twice to the collection being returned
                            Assert.That(s.SecurityIdentity.Count, Is.EqualTo((nuint)1), "SecurityIdentity");
                            Assert.That(s.SecurityIdentity.GetItem <SecIdentity> (0).Handle, Is.EqualTo(certs [0].Handle), "SecurityIdentity");
                            Assert.That(s.EncryptionPreference, Is.EqualTo(MCEncryptionPreference.Required), "EncryptionPreference");
                            Assert.That(s.ConnectedPeers, Is.Empty, "ConnectedPeers");
                        }
                    }
        }
示例#5
0
 public void Encrypt_New()
 {
     using (SecPolicy p = SecPolicy.CreateBasicX509Policy())
         using (SecTrust t = new SecTrust(c, p)) {
             // getting the public key won't (always) work if evaluate was not called
             t.Evaluate();
             using (SecKey pubkey = t.GetPublicKey()) {
                 byte[] plain = new byte [20];
                 byte[] secret;
                 Assert.That(pubkey.Encrypt(SecPadding.PKCS1, plain, out secret), Is.EqualTo(SecStatusCode.Success), "Encrypt");
                 Assert.That(secret.Length, Is.EqualTo(128), "secret.Length");
             }
         }
 }
示例#6
0
 public void Encrypt_Old()
 {
     // the old API was not working but the crash was fixed, still you need to provide an adequatly sized buffer
     using (SecPolicy p = SecPolicy.CreateBasicX509Policy())
         using (SecTrust t = new SecTrust(c, p)) {
             // getting the public key won't (always) work if evaluate was not called
             t.Evaluate();
             using (SecKey pubkey = t.GetPublicKey()) {
                 byte[] plain  = new byte [20];
                 byte[] cipher = new byte [pubkey.BlockSize];
                 Assert.That(pubkey.Encrypt(SecPadding.PKCS1, plain, cipher), Is.EqualTo(SecStatusCode.Success), "Encrypt");
             }
         }
 }
示例#7
0
		public void BasicX509Policy ()
		{
			using (var policy = SecPolicy.CreateBasicX509Policy ()) {
				Assert.That (policy.Handle, Is.Not.EqualTo (IntPtr.Zero), "Handle");
				Assert.That (CFGetRetainCount (policy.Handle), Is.EqualTo ((nint) 1), "RetainCount");

				if (TestRuntime.CheckXcodeVersion (5, 0)) {
					using (var properties = policy.GetProperties ()) {
						Assert.That (properties.Handle, Is.Not.EqualTo (IntPtr.Zero), "Properties.Handle");
						Assert.That (CFGetRetainCount (properties.Handle), Is.EqualTo ((nint) 1), "Properties.RetainCount");
						Assert.That (properties.Count, Is.EqualTo ((nuint) 1), "Count");
						Assert.That (properties [SecPolicyPropertyKey.Oid].ToString (), Is.EqualTo ("1.2.840.113635.100.1.2"), "SecPolicyOid");
					}
				}
			}
		}
示例#8
0
        [Ignore("System.EntryPointNotFoundException: AppleCryptoNative_SecKeychainCreate")]          // https://github.com/dotnet/runtime/issues/36897
#endif
        public void KeyRecordTest()
        {
            using (var cert = new X509Certificate2(ImportExportTest.farscape_pfx, "farscape"))
                using (var policy = SecPolicy.CreateBasicX509Policy())
                    using (var trust = new SecTrust(cert, policy)) {
                        trust.Evaluate();
                        using (SecKey pubkey = trust.GetPublicKey())
                            using (var rec = new SecRecord(pubkey)) {
                                Assert.NotNull(rec, "rec is null");

                                var ret = rec.GetKey();
                                Assert.That(ret.Handle, Is.Not.EqualTo(IntPtr.Zero), "Handle");
                                Assert.That(ret.Handle, Is.EqualTo(pubkey.Handle), "Same Handle");

                                Assert.Throws <InvalidOperationException> (() => rec.GetCertificate(), "GetCertificate should throw");
                                Assert.Throws <InvalidOperationException> (() => rec.GetIdentity(), "GetIdentity should throw");
                            }
                    }
        }