Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
test/dk.gov.oiosi.test.unit/security/ldap/LdapCertificateLookupTest.cs
View file @ 628b61c6
...@@ -42,6 +42,70 @@ namespace dk.gov.oiosi.test.unit.security.ldap ...@@ -42,6 +42,70 @@ namespace dk.gov.oiosi.test.unit.security.ldap
}; };
} }
[Test]
public void TestLdapTestServerFoces2Subject()
{
var ldapCertificateLookup = new LdapCertificateLookup(this._ldapSettings);
var certSubject = new CertificateSubject(TestConstants.TEST_CERTIFICATE_SUBJECT_FUNCTION);
X509Certificate2 cert = null;
try
{
cert = ldapCertificateLookup.GetCertificate(certSubject);
}
catch (CertificateValidationException ex)
{
// We managed to connect and get a certificate. For some (possibly local) reason it didn't
// pass validation but that is not important for this test.
cert = (X509Certificate2)ex.Data["Certificate"];
}
// java: assertEquals("Wrong cert. found...", BigInteger.valueOf(1538079514), cert.getSerialNumber());
var actualSerialNumber = cert.GetSerialNumberString();
Assert.AreEqual("5FA69907", actualSerialNumber.ToUpperInvariant(),
message: "Wrong cert. found...");
// java: assertEquals("Wrong end date found...", "2022-12-16T14:31:07 UTC", DateUtil.formatDate(cert.getNotAfter()));
var expectedEndDate = "2025-12-11T12:47:33.0000000Z";
var actualEndDate = cert.NotAfter.ToUniversalTime().ToString("o");
Assert.AreEqual(expectedEndDate, actualEndDate, message: "Wrong end date found...");
}
[Test]
public void TestLdapTestServerFoces2SubjectWithFIDInAliasAndName()
{
var ldapCertificateLookup = new LdapCertificateLookup(this._ldapSettings);
var certSubject = new CertificateSubject("SERIALNUMBER=CVR:30808460-FID:94731315 + CN=FOO-FID-bar (funktionscertifikat), O=TESTFID A/S // CVR:30808460, C=DK");
X509Certificate2 cert = null;
try
{
cert = ldapCertificateLookup.GetCertificate(certSubject);
}
catch (CertificateValidationException ex)
{
// We managed to connect and get a certificate. For some (possibly local) reason it didn't
// pass validation but that is not important for this test.
cert = (X509Certificate2)ex.Data["Certificate"];
}
// NOTE: These asserts correspond to certificate "SERIALNUMBER=CVR:30808460-FID:94731315 + CN=TU GENEREL FOCES gyldig (funktionscertifikat), O=NETS DANID A/S // CVR:30808460, C=DK"
// The lookup will still resolve this even though we used a modified certSubject above, since the actual lookup uses the SERIALNUMBER, not the other parts
// java: assertEquals("Wrong cert. found...", BigInteger.valueOf(1538079514), cert.getSerialNumber());
var actualSerialNumber = cert.GetSerialNumberString();
Assert.AreEqual("5FA69907", actualSerialNumber.ToUpperInvariant(),
message: "Wrong cert. found...");
// java: assertEquals("Wrong end date found...", "2022-12-16T14:31:07 UTC", DateUtil.formatDate(cert.getNotAfter()));
var expectedEndDate = "2025-12-11T12:47:33.0000000Z";
var actualEndDate = cert.NotAfter.ToUniversalTime().ToString("o");
Assert.AreEqual(expectedEndDate, actualEndDate, message: "Wrong end date found...");
}
[Test] [Test]
public void TestGetMitIdCertificateFromTestLdap() public void TestGetMitIdCertificateFromTestLdap()
{ {
......
test/dk.gov.oiosi.test.unit/security/revocation/CrlLookupTest.cs
View file @ 628b61c6
...@@ -18,6 +18,114 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -18,6 +18,114 @@ namespace dk.gov.oiosi.test.unit.security.revocation
ConfigurationUtil.SetupConfiguration(); ConfigurationUtil.SetupConfiguration();
} }
//[Test]
//public void LookupTestOkayFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1OkayCertificate, "Test1234");
// CrlLookup crlLookup = new CrlLookup();
// RevocationResponse response = crlLookup.CheckCertificate(certificate);
// Assert.IsTrue(response.IsValid);
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
//[Test]
//public void LookupTestRevokedFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1RevokedCertificate, "Test1234");
// Assert.IsNotNull(certificate, "Test certificate was null.");
// CrlLookup crlLookup = new CrlLookup();
// RevocationResponse response = crlLookup.CheckCertificate(certificate);
// Assert.IsFalse(response.IsValid);
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
// /*OcspLookup ocspLookup = new OcspLookup();
// RevocationResponse ocspResponse = ocspLookup.CheckCertificate(certificate);
// Assert.IsFalse(ocspResponse.IsValid);*/
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
/*
* Not the CRL job to check for expired certificate
* CRL check only check if the certificate has been revoked - is has not - it does not exist in the CRL list
* because it is very old and expired.
[Test]
public void LookupTestExpiredFoces1()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
[Test]
[Ignore("Ignore a test")]
public void LookupTestOkayFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2OkayCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsTrue(response.IsValid);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
[Test]
[Ignore("Ignore a test")]
public void LookupTestRevokedFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2RevokedCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
/*[Test] /*[Test]
public void LookupTestRevokedMoces1() public void LookupTestRevokedMoces1()
...@@ -40,6 +148,33 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -40,6 +148,33 @@ namespace dk.gov.oiosi.test.unit.security.revocation
} }
}*/ }*/
/*
* Not the CRL job to check for expired certificate
* CRL check only check if the certificate has been revoked - is has not - it does not exist in the CRL list
* because it is very old and expired.
* [Test]
public void LookupTestExpiredFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
CrlLookup crlLookup = new CrlLookup();
Assert.IsNotNull(certificate, "Test certificate was null.");
RevocationResponse response = crlLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
/* /*
* *
* This test fail on the build server - it does not failed when it is run local * This test fail on the build server - it does not failed when it is run local
...@@ -64,7 +199,8 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -64,7 +199,8 @@ namespace dk.gov.oiosi.test.unit.security.revocation
} }
} }
private X509Certificate2 certificateMoces = new X509Certificate2(CrlLookupTest.mitIdFocesOkayCertificate, "?3ngCR4,gq86"); private X509Certificate2 certificateFoces = new X509Certificate2(CrlLookupTest.foces2OkayCertificate, "Test1234");
//private X509Certificate2 certificateMoces = new X509Certificate2(CrlLookupTest. medarbejdercertifikatRevoked, "Test1234");
private void ThreadCertificateCheck() private void ThreadCertificateCheck()
{ {
...@@ -77,7 +213,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -77,7 +213,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{ {
Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 allOkay", DateTime.Now, i); Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 allOkay", DateTime.Now, i);
RevocationResponse response = crlLookup.CheckCertificate(certificateMoces); RevocationResponse response = crlLookup.CheckCertificate(certificateFoces);
if (response.Exception != null) if (response.Exception != null)
{ {
Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 Exception: " + response.Exception.ToString(), DateTime.Now, i); Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 Exception: " + response.Exception.ToString(), DateTime.Now, i);
...@@ -93,7 +229,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -93,7 +229,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation
else else
{ {
Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 not all checked parsed ", DateTime.Now, i); Console.WriteLine("{0} ThreadCertificateCheck number:{1} foces1 not all checked parsed ", DateTime.Now, i);
Assert.Fail("Moces certifiate should have been valid."); Assert.Fail("Foces2 certifiate should have been valid.");
} }
} }
else else
......
test/dk.gov.oiosi.test.unit/security/revocation/LookupTest.cs
View file @ 628b61c6
...@@ -8,6 +8,10 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -8,6 +8,10 @@ namespace dk.gov.oiosi.test.unit.security.revocation
public abstract class LookupTest public abstract class LookupTest
{ {
//public const string medarbejdercertifikatRevoked = "Resources/Certificates/CVR30808460.Expire20130307.Test MOCES1 (medarbejdercertificat 2)(Spærret).pfx"; //public const string medarbejdercertifikatRevoked = "Resources/Certificates/CVR30808460.Expire20130307.Test MOCES1 (medarbejdercertificat 2)(Spærret).pfx";
public const string foces2ExpiredCertificate = "Resources/Certificates/CVR30808460.Expire20111102.TU GENEREL FOCES2 (Udløbet) (Funktionscertifikat).pfx";
public const string foces2RevokedCertificate = "Resources/Certificates/CVR30808460.Expire20200313.TU GENEREL FOCES spaerret (Funktionscertifikat).pfx";
public const string foces2OkayCertificate = TestConstants.PATH_CERTIFICATE_DEVICE;//"Resources/Certificates/CVR30808460.Expire20200130.TU GENEREL FOCES gyldig (Funktionscertifikat).pfx";
public const string mitIdFocesOkayCertificate = TestConstants.PATH_CERTIFICATE_MITID_OCES;//"Resources/Certificates/CVR30808460.Expire20200130.TU GENEREL FOCES gyldig (Funktionscertifikat).pfx"; public const string mitIdFocesOkayCertificate = TestConstants.PATH_CERTIFICATE_MITID_OCES;//"Resources/Certificates/CVR30808460.Expire20200130.TU GENEREL FOCES gyldig (Funktionscertifikat).pfx";
......
test/dk.gov.oiosi.test.unit/security/revocation/OcspLookupTest.cs
View file @ 628b61c6
...@@ -40,6 +40,92 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -40,6 +40,92 @@ namespace dk.gov.oiosi.test.unit.security.revocation
return ocspLookup; return ocspLookup;
} }
//[Test]
//public void LookupTestOkayFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1OkayCertificate, "Test1234");
// Assert.IsNotNull(certificate, "Test certificate was null.");
// OcspLookup ocspLookup = this.CreateOcesLookup();
// RevocationResponse response = ocspLookup.CheckCertificate(certificate);
// Assert.IsTrue(response.IsValid, "Certificate is not valid.");
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
// Foces1 certificate is not used anymore - can not get a general foces1 that is revoked
//[Test]
//public void LookupTestRevokedFoces1()
//{
// try
// {
// X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1RevokedCertificate, "Test1234");
// Assert.IsNotNull(certificate, "Test certificate was null.");
// OcspLookup ocspLookup = this.CreateOcesLookup();
// RevocationResponse response = ocspLookup.CheckCertificate(certificate);
// Assert.IsFalse(response.IsValid, "Certificate is not valid.");
// Assert.IsNull(response.Exception, "The lookup return an exception.");
// Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
// }
// catch (Exception exception)
// {
// Assert.Fail(exception.ToString());
// }
//}
/*
* Not the OCSP job to check for expired certificate
* [Test]
public void LookupTestExpiredFoces1()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces1ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsFalse(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
/*
[Test]
public void testMitIdTestCertificate() throws Exception
{
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(new FileInputStream(TestConstants.PATH_MITID_ORG_TEST), "?3ngCR4,gq86".toCharArray());
Enumeration<String> e = p12.aliases();
Assert.True("No elements found", e.hasMoreElements());
string alias = e.nextElement();
X509Certificate certificate = (X509Certificate)p12.getCertificate(alias);
Assert.AreEqual("Wrong cert. subject found", "C=DK, OID.2.5.4.97=NTRDK-90146280, O=Testorganisation nr. 90146280, SERIALNUMBER=UI:DK-O:G:3c0f8cbc-4abe-4c6b-b40f-7236a2f39c7c, CN=Nemhandel-DEV-OCES-cert-20210422", certificate.getSubjectDN().TOString());
System.err.println(certificate.getIssuerX500Principal());
System.err.println(certificate.getSubjectX500Principal());
//assertEquals("Wrong cert. found", "SERIALNUMBER=CVR:30808460-FID:94731315 + CN=TU GENEREL FOCES gyldig (funktionscertifikat), O=NETS DANID A/S // CVR:30808460, C=DK", c.getSubjectDN().toString());
RevocationResponse revocationResponse = CreateOcesLookup().revocationResponseOnline(certificate);
assertTrue("Certificate should be OCSP valid...", revocationResponse.isValid());
}*/
/** /**
* Verify that our self-signed check functionality works. * Verify that our self-signed check functionality works.
*/ */
...@@ -62,6 +148,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -62,6 +148,7 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{ {
Assert.Fail(ex.ToString()); Assert.Fail(ex.ToString());
} }
try try
{ {
var certificate1 = new X509Certificate2(LookupTest.mitIdFocesOkayCertificate, TestConstants.PASSWORD_CERTIFICATE_MITID_OCES); var certificate1 = new X509Certificate2(LookupTest.mitIdFocesOkayCertificate, TestConstants.PASSWORD_CERTIFICATE_MITID_OCES);
...@@ -76,6 +163,22 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -76,6 +163,22 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{ {
Assert.Fail(ex.ToString()); Assert.Fail(ex.ToString());
} }
try
{
var certificate2 = new X509Certificate2(LookupTest.foces2OkayCertificate, "Test1234");
Assert.IsNotNull(certificate2);
}
catch (CryptographicException ex)
{
Console.WriteLine("Kunne ikke finde Foces2 test certifikat: " + LookupTest.foces2OkayCertificate);
Assert.Fail(ex.ToString());
}
catch (Exception ex)
{
Assert.Fail(ex.ToString());
}
try try
{ {
var oces2RootCertificate = new X509Certificate2(LookupTest.oces2RootCertificate); var oces2RootCertificate = new X509Certificate2(LookupTest.oces2RootCertificate);
...@@ -105,6 +208,8 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -105,6 +208,8 @@ namespace dk.gov.oiosi.test.unit.security.revocation
{ {
Assert.Fail(ex.ToString()); Assert.Fail(ex.ToString());
} }
} }
...@@ -160,5 +265,94 @@ namespace dk.gov.oiosi.test.unit.security.revocation ...@@ -160,5 +265,94 @@ namespace dk.gov.oiosi.test.unit.security.revocation
Assert.Fail(exception.ToString()); Assert.Fail(exception.ToString());
} }
} }
[Test]
public void LookupTestOkayFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2OkayCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsTrue(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.AllChecksPassed, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
[Test]
[Ignore("Certificate expired - get a fresh one!!!")]
public void LookupTestRevokedFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2RevokedCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
//Assert.IsFalse(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
//Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}
/*
* Not the OCSP job to check for expired certificate
* [Test]
public void LookupTestExpiredFoces2()
{
try
{
X509Certificate2 certificate = new X509Certificate2(LookupTest.foces2ExpiredCertificate, "Test1234");
Assert.IsNotNull(certificate, "Test certificate was null.");
OcspLookup ocspLookup = this.CreateOcesLookup();
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "The revokation validation did not parse all check");
Assert.IsFalse(response.IsValid, "The revoked certifikate was valid");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
/* */
/* [Test]
public void LookupTestExpiredFoces2()
{
try
{
OcspLookup ocspLookup = this.CreateOcesLookup();
X509Certificate2 certificate = new X509Certificate2(this.foces2ExpiredCertificate, "Test1234");
RevocationResponse response = ocspLookup.CheckCertificate(certificate);
Assert.IsFalse(response.IsValid, "Certificate is not valid.");
Assert.IsNull(response.Exception, "The lookup return an exception.");
Assert.AreEqual(RevocationCheckStatus.CertificateRevoked, response.RevocationCheckStatus, "Not all check was performed.");
}
catch (Exception exception)
{
Assert.Fail(exception.ToString());
}
}*/
} }
} }
\ No newline at end of file