2018-06-13 21:55:41 +04:00
|
|
|
using System.Net.Security;
|
|
|
|
|
using System.Security.Cryptography.X509Certificates;
|
|
|
|
|
using Xunit;
|
|
|
|
|
|
2018-07-09 23:52:17 +10:00
|
|
|
namespace k8s.Tests
|
2018-06-13 21:55:41 +04:00
|
|
|
{
|
|
|
|
|
public class CertificateValidationTests
|
|
|
|
|
{
|
|
|
|
|
[Fact]
|
|
|
|
|
public void ValidCert()
|
|
|
|
|
{
|
2019-03-11 06:39:28 -07:00
|
|
|
var caCert = CertUtils.LoadPemFileCert("assets/ca.crt");
|
2018-06-13 21:55:41 +04:00
|
|
|
var testCert = new X509Certificate2("assets/ca.crt");
|
|
|
|
|
var chain = new X509Chain();
|
|
|
|
|
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
|
|
|
|
|
|
|
|
|
|
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
|
|
|
|
|
|
|
|
|
|
Assert.True(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public void InvalidCert()
|
|
|
|
|
{
|
2019-03-11 06:39:28 -07:00
|
|
|
var caCert = CertUtils.LoadPemFileCert("assets/ca.crt");
|
|
|
|
|
var testCert = new X509Certificate2("assets/ca2.crt");
|
|
|
|
|
var chain = new X509Chain();
|
|
|
|
|
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
|
|
|
|
|
|
|
|
|
|
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
|
|
|
|
|
|
|
|
|
|
Assert.False(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public void ValidBundleCert()
|
|
|
|
|
{
|
|
|
|
|
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle.crt");
|
|
|
|
|
|
|
|
|
|
// Load the intermediate cert
|
|
|
|
|
//
|
|
|
|
|
var testCert = caCert[0];
|
|
|
|
|
var chain = new X509Chain();
|
|
|
|
|
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
|
|
|
|
|
|
|
|
|
|
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
|
|
|
|
|
|
|
|
|
|
Assert.True(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public void InvalidBundleCert()
|
|
|
|
|
{
|
|
|
|
|
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle.crt");
|
2018-06-13 21:55:41 +04:00
|
|
|
var testCert = new X509Certificate2("assets/ca2.crt");
|
|
|
|
|
var chain = new X509Chain();
|
|
|
|
|
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
|
|
|
|
|
|
|
|
|
|
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
|
|
|
|
|
|
|
|
|
|
Assert.False(result);
|
|
|
|
|
}
|
2022-05-24 05:07:10 +02:00
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public void ValidBundleWithMultipleCerts()
|
|
|
|
|
{
|
|
|
|
|
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle-correct.crt");
|
|
|
|
|
|
|
|
|
|
var testCert = caCert[0];
|
|
|
|
|
var chain = new X509Chain();
|
|
|
|
|
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
|
|
|
|
|
|
|
|
|
|
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
|
|
|
|
|
|
|
|
|
|
Assert.True(result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Fact]
|
|
|
|
|
public void InvalidBundleWithMultipleCerts()
|
|
|
|
|
{
|
|
|
|
|
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle-incorrect.crt");
|
|
|
|
|
var testCert = caCert[0];
|
|
|
|
|
var chain = new X509Chain();
|
|
|
|
|
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
|
|
|
|
|
|
|
|
|
|
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
|
|
|
|
|
|
|
|
|
|
Assert.False(result);
|
|
|
|
|
}
|
2018-06-13 21:55:41 +04:00
|
|
|
}
|
|
|
|
|
}
|
