kubernetes-client/csharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3abbbf5e195d77e821035f15072618e76209d918
csharp/tests/KubernetesClient.Tests/CertificateValidationTests.cs
KLazarov 877587e898 Updated CertificateValidationCallBack to build the CaCert bundle with respect to the rootChain certs to verify that they are correct. (#860) 
* Updated CertificateValidationCallBack to build the CaCert bundle with respect to the rootChain certs to verify that they are correct.

* Added a test cases and assets for when all the certs files are in the same file.

* Removed the hardcoded first cert as the chosen root cert
2022-05-23 20:07:10 -07:00

92 lines
2.9 KiB
C#
Raw Blame History

using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using Xunit;
namespace k8s.Tests
{
public class CertificateValidationTests
{
[Fact]
public void ValidCert()
{
var caCert = CertUtils.LoadPemFileCert("assets/ca.crt");
var testCert = new X509Certificate2("assets/ca.crt");
var chain = new X509Chain();
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
Assert.True(result);
}
[Fact]
public void InvalidCert()
{
var caCert = CertUtils.LoadPemFileCert("assets/ca.crt");
var testCert = new X509Certificate2("assets/ca2.crt");
var chain = new X509Chain();
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
Assert.False(result);
}
[Fact]
public void ValidBundleCert()
{
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle.crt");
// Load the intermediate cert
//
var testCert = caCert[0];
var chain = new X509Chain();
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
Assert.True(result);
}
[Fact]
public void InvalidBundleCert()
{
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle.crt");
var testCert = new X509Certificate2("assets/ca2.crt");
var chain = new X509Chain();
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
Assert.False(result);
}
[Fact]
public void ValidBundleWithMultipleCerts()
{
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle-correct.crt");
var testCert = caCert[0];
var chain = new X509Chain();
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
Assert.True(result);
}
[Fact]
public void InvalidBundleWithMultipleCerts()
{
var caCert = CertUtils.LoadPemFileCert("assets/ca-bundle-incorrect.crt");
var testCert = caCert[0];
var chain = new X509Chain();
var errors = SslPolicyErrors.RemoteCertificateChainErrors;
var result = Kubernetes.CertificateValidationCallBack(this, caCert, testCert, chain, errors);
Assert.False(result);
}
}
}
Reference in New Issue View Git Blame Copy Permalink