Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
test/dk.gov.oiosi.test.unit/security/ldap/LdapCertificateLookupTest.cs
View file @ 628b61c6
......@@ -42,6 +42,70 @@ namespace dk.gov.oiosi.test.unit.security.ldap
};
}
[Test]
public void TestLdapTestServerFoces2Subject()
{
var ldapCertificateLookup = new LdapCertificateLookup(this._ldapSettings);
var certSubject = new CertificateSubject(TestConstants.TEST_CERTIFICATE_SUBJECT_FUNCTION);
X509Certificate2 cert = null;
try
{
cert = ldapCertificateLookup.GetCertificate(certSubject);
}
catch (CertificateValidationException ex)
{
// We managed to connect and get a certificate. For some (possibly local) reason it didn't
// pass validation but that is not important for this test.
cert = (X509Certificate2)ex.Data["Certificate"];
}
// java: assertEquals("Wrong cert. found...", BigInteger.valueOf(1538079514), cert.getSerialNumber());
var actualSerialNumber = cert.GetSerialNumberString();
Assert.AreEqual("5FA69907", actualSerialNumber.ToUpperInvariant(),
message: "Wrong cert. found...");
// java: assertEquals("Wrong end date found...", "2022-12-16T14:31:07 UTC", DateUtil.formatDate(cert.getNotAfter()));
var expectedEndDate = "2025-12-11T12:47:33.0000000Z";
var actualEndDate = cert.NotAfter.ToUniversalTime().ToString("o");
Assert.AreEqual(expectedEndDate, actualEndDate, message: "Wrong end date found...");
}
[Test]
public void TestLdapTestServerFoces2SubjectWithFIDInAliasAndName()
{
var ldapCertificateLookup = new LdapCertificateLookup(this._ldapSettings);
var certSubject = new CertificateSubject("SERIALNUMBER=CVR:30808460-FID:94731315 + CN=FOO-FID-bar (funktionscertifikat), O=TESTFID A/S // CVR:30808460, C=DK");
X509Certificate2 cert = null;
try
{
cert = ldapCertificateLookup.GetCertificate(certSubject);
}
catch (CertificateValidationException ex)
{
// We managed to connect and get a certificate. For some (possibly local) reason it didn't
// pass validation but that is not important for this test.
cert = (X509Certificate2)ex.Data["Certificate"];
}
// NOTE: These asserts correspond to certificate "SERIALNUMBER=CVR:30808460-FID:94731315 + CN=TU GENEREL FOCES gyldig (funktionscertifikat), O=NETS DANID A/S // CVR:30808460, C=DK"
// The lookup will still resolve this even though we used a modified certSubject above, since the actual lookup uses the SERIALNUMBER, not the other parts
// java: assertEquals("Wrong cert. found...", BigInteger.valueOf(1538079514), cert.getSerialNumber());
var actualSerialNumber = cert.GetSerialNumberString();
Assert.AreEqual("5FA69907", actualSerialNumber.ToUpperInvariant(),
message: "Wrong cert. found...");
// java: assertEquals("Wrong end date found...", "2022-12-16T14:31:07 UTC", DateUtil.formatDate(cert.getNotAfter()));
var expectedEndDate = "2025-12-11T12:47:33.0000000Z";
var actualEndDate = cert.NotAfter.ToUniversalTime().ToString("o");
Assert.AreEqual(expectedEndDate, actualEndDate, message: "Wrong end date found...");
}
[Test]
public void TestGetMitIdCertificateFromTestLdap()
{
......
test/dk.gov.oiosi.test.unit/security/revocation/CrlLookupTest.cs
View file @ 628b61c6
......@@ -18,6 +18,114 @@ namespace dk.gov.oiosi.test.unit.security.revocation
ConfigurationUtil.SetupConfiguration();
}
//[Test]
//public void LookupTestOkayFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1OkayCertificate, "Test1234");
// CrlLookup crlLookup = new CrlLookup();
// RevocationResponse response = crlLookup.CheckCertificate(certificate);
// Assert.IsTrue(response.IsValid);
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
//[Test]
//public void LookupTestRevokedFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1RevokedCertificate, "Test1234");
// Assert.IsNotNull(certificate, "Test certificate was null.");
// CrlLookup crlLookup = new CrlLookup();
// RevocationResponse response = crlLookup.CheckCertificate(certificate);
// Assert.IsFalse(response.IsValid);
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
// /*OcspLookup ocspLookup = new OcspLookup();
// RevocationResponse ocspResponse = ocspLookup.CheckCertificate(certificate);
// Assert.IsFalse(ocspResponse.IsValid);*/
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
/*
* Not the CRL job to check for expired certificate
* CRL check only check if the certificate has been revoked - is has not - it does not exist in the CRL list
* because it is very old and expired.
[Test]
public void LookupTestExpiredFoces1()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
[Test]
[Ignore("Ignore a test")]
public void LookupTestOkayFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2OkayCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsTrue(response.IsValid);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
[Test]
[Ignore("Ignore a test")]
public void LookupTestRevokedFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2RevokedCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
/*[Test]
public void LookupTestRevokedMoces1()
......@@ -40,6 +148,33 @@ namespace dk.gov.oiosi.test.unit.security.revocation
}
}*/
/*
* Not the CRL job to check for expired certificate
* CRL check only check if the certificate has been revoked - is has not - it does not exist in the CRL list
* because it is very old and expired.
* [Test]
public void LookupTestExpiredFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
Assert.IsNotNull(certificate, "Test certificate was null.");
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
/*
*
* This test fail on the build server - it does not failed when it is run local
......@@ -64,7 +199,8 @@ namespace dk.gov.oiosi.test.unit.security.revocation
}
}
private X509Certificate2 certificateMoces = new X509Certificate2(CrlLookupTest.mitIdFocesOkayCertificate, "?3ngCR4,gq86");
private X509Certificate2 certificateFoces = new X509Certificate2(CrlLookupTest.foces2OkayCertificate, "Test1234");
//private X509Certificate2 certificateMoces = new X509Certificate2(CrlLookupTest. medarbejdercertifikatRevoked, "Test1234");
private void ThreadCertificateCheck()
{
......@@ -77,7 +213,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{
Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 allOkay", DateTime.Now, i);
RevocationResponse response = crlLookup.CheckCertificate(certificateMoces);
RevocationResponse response = crlLookup.CheckCertificate(certificateFoces);
if (response.Exception != null)
{
Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 Exception: " + response.Exception.ToString(), DateTime.Now, i);
......@@ -93,7 +229,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation
else
{
Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 not all checked parsed ", DateTime.Now, i);
Assert.Fail("Moces certifiate should have been valid.");
Assert.Fail("Foces2 certifiate should have been valid.");
}
}
else
......
test/dk.gov.oiosi.test.unit/security/revocation/LookupTest.cs
View file @ 628b61c6
......@@ -8,6 +8,10 @@ namespace dk.gov.oiosi.test.unit.security.revocation
public abstract class LookupTest
{
//public const string medarbejdercertifikatRevoked = "Resources/Certificates/CVR30808460.Expire20130307.Test MOCES1 (medarbejdercertificat 2)(Spærret).pfx";
public const string foces2ExpiredCertificate = "Resources/Certificates/CVR30808460.Expire20111102.TU GENEREL FOCES2 (Udløbet) (Funktionscertifikat).pfx";
public const string foces2RevokedCertificate = "Resources/Certificates/CVR30808460.Expire20200313.TU GENEREL FOCES spaerret (Funktionscertifikat).pfx";
public const string foces2OkayCertificate = TestConstants.PATH_CERTIFICATE_DEVICE;//"Resources/Certificates/CVR30808460.Expire20200130.TU GENEREL FOCES gyldig (Funktionscertifikat).pfx";
public const string mitIdFocesOkayCertificate = TestConstants.PATH_CERTIFICATE_MITID_OCES;//"Resources/Certificates/CVR30808460.Expire20200130.TU GENEREL FOCES gyldig (Funktionscertifikat).pfx";
......
test/dk.gov.oiosi.test.unit/security/revocation/OcspLookupTest.cs
View file @ 628b61c6
......@@ -40,6 +40,92 @@ namespace dk.gov.oiosi.test.unit.security.revocation
return ocspLookup;
}
//[Test]
//public void LookupTestOkayFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1OkayCertificate, "Test1234");
// Assert.IsNotNull(certificate, "Test certificate was null.");
// OcspLookup ocspLookup = this.CreateOcesLookup();
// RevocationResponse response = ocspLookup.CheckCertificate(certificate);
// Assert.IsTrue(response.IsValid, "Certificate is not valid.");
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
// Foces1 certificate is not used anymore - can not get a general foces1 that is revoked
//[Test]
//public void LookupTestRevokedFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1RevokedCertificate, "Test1234");
// Assert.IsNotNull(certificate, "Test certificate was null.");
// OcspLookup ocspLookup = this.CreateOcesLookup();
// RevocationResponse response = ocspLookup.CheckCertificate(certificate);
// Assert.IsFalse(response.IsValid, "Certificate is not valid.");
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
/*
* Not the OCSP job to check for expired certificate
* [Test]
public void LookupTestExpiredFoces1()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsFalse(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
/*
[Test]
public void testMitIdTestCertificate() throws Exception
{
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(new FileInputStream(TestConstants.PATH_MITID_ORG_TEST), "?3ngCR4,gq86".toCharArray());
Enumeration<String> e = p12.aliases();
Assert.True("No elements found", e.hasMoreElements());
string alias = e.nextElement();
X509Certificate certificate = (X509Certificate)p12.getCertificate(alias);
Assert.AreEqual("Wrong cert. subject found", "C=DK, OID.2.5.4.97=NTRDK-90146280, O=Testorganisation nr. 90146280, SERIALNUMBER=UI:DK-O:G:3c0f8cbc-4abe-4c6b-b40f-7236a2f39c7c, CN=Nemhandel-DEV-OCES-cert-20210422", certificate.getSubjectDN().TOString());
System.err.println(certificate.getIssuerX500Principal());
System.err.println(certificate.getSubjectX500Principal());
//assertEquals("Wrong cert. found", "SERIALNUMBER=CVR:30808460-FID:94731315 + CN=TU GENEREL FOCES gyldig (funktionscertifikat), O=NETS DANID A/S // CVR:30808460, C=DK", c.getSubjectDN().toString());
RevocationResponse revocationResponse = CreateOcesLookup().revocationResponseOnline(certificate);
assertTrue("Certificate should be OCSP valid...", revocationResponse.isValid());
}*/
/**
* Verify that our self-signed check functionality works.
*/
......@@ -62,6 +148,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{
Assert.Fail(ex.ToString());
}
try
{
var certificate1 = new X509Certificate2(LookupTest.mitIdFocesOkayCertificate, TestConstants.PASSWORD_CERTIFICATE_MITID_OCES);
......@@ -76,6 +163,22 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{
Assert.Fail(ex.ToString());
}
try
{
var certificate2 = new X509Certificate2(LookupTest.foces2OkayCertificate, "Test1234");
Assert.IsNotNull(certificate2);
}
catch (CryptographicException ex)
{
Console.WriteLine("Kunne ikke finde Foces2 test certifikat: " + LookupTest.foces2OkayCertificate);
Assert.Fail(ex.ToString());
}
catch (Exception ex)
{
Assert.Fail(ex.ToString());
}
try
{
var oces2RootCertificate = new X509Certificate2(LookupTest.oces2RootCertificate);
......@@ -105,6 +208,8 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{
Assert.Fail(ex.ToString());
}
}
......@@ -160,5 +265,94 @@ namespace dk.gov.oiosi.test.unit.security.revocation
Assert.Fail(exception.ToString());
}
}
[Test]
public void LookupTestOkayFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2OkayCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsTrue(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
[Test]
[Ignore("Certificate expired - get a fresh one!!!")]
public void LookupTestRevokedFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2RevokedCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
//Assert.IsFalse(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
//Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
/*
* Not the OCSP job to check for expired certificate
* [Test]
public void LookupTestExpiredFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
/* */
/* [Test]
public void LookupTestExpiredFoces2()
{
try
{
OcspLookup ocspLookup = this.CreateOcesLookup();
X509Certificate2 certificate = new X509Certificate2(this.foces2ExpiredCertificate, "Test1234");
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsFalse(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
}
}
\ No newline at end of file