Updated CertificateValidationCallBack to build the CaCert bundle with respect to the rootChain certs to verify that they are correct. (#860)

* Updated CertificateValidationCallBack to build the CaCert bundle with respect to the rootChain certs to verify that they are correct. * Added a test cases and assets for when all the certs files are in the same file. * Removed the hardcoded first cert as the chosen root cert
2022-05-24 05:07:10 +02:00
parent d8e2236611
commit 877587e898
4 changed files with 140 additions and 3 deletions
--- a/tests/KubernetesClient.Tests/CertificateValidationTests.cs
+++ b/tests/KubernetesClient.Tests/CertificateValidationTests.cs
@@ -60,5 +60,32 @@ namespace k8s.Tests

            Assert.False(result);
        }
+
+        [Fact]
+        public void ValidBundleWithMultipleCerts()
+        {
+            var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle-correct.crt");
+
+            var testCert = caCert[0];
+            var chain = new X509Chain();
+            var errors = SslPolicyErrors.RemoteCertificateChainErrors;
+
+            var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
+
+            Assert.True(result);
+        }
+
+        [Fact]
+        public void InvalidBundleWithMultipleCerts()
+        {
+            var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle-incorrect.crt");
+            var testCert = caCert[0];
+            var chain = new X509Chain();
+            var errors = SslPolicyErrors.RemoteCertificateChainErrors;
+
+            var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
+
+            Assert.False(result);
+        }
    }
 }