Merge pull request #15 from difi/certificate-validation-without-organ…

…ization-number-checking Legger til metode for validering av sertifikat og kjede uten orgnr
difi · Jan 18, 2017 · 33737ae · 33737ae
2 parents 2a04331 + bd04906
commit 33737ae
Show file tree

Hide file tree

Showing 5 changed files with 160 additions and 37 deletions.
diff --git a/Difi.Felles.Utility.Tester/CertificateValidatorTests.cs b/Difi.Felles.Utility.Tester/CertificateValidatorTests.cs
@@ -6,7 +6,7 @@ namespace Difi.Felles.Utility.Tester
 {
     public class CertificateValidatorTests
     {
-        public class ValidateCertificateAndChainMethod : CertificateValidatorTests
+        public class ValidateCertificateAndChainInternalMethod : CertificateValidatorTests
         {
             [Fact]
             public void Returns_fail_if_certificate_error()
@@ -15,7 +15,7 @@ public void Returns_fail_if_certificate_error()
                 var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater();
 
                 //Act
-                var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater);
+                var result = CertificateValidator.ValidateCertificateAndChainInternal(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater);
 
                 //Assert
                 Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
@@ -29,7 +29,7 @@ public void Returns_fail_if_self_signed_certificate()
                 var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater();
 
                 //Act
-                var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetValidSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater);
+                var result = CertificateValidator.ValidateCertificateAndChainInternal(CertificateResource.UnitTests.GetValidSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater);
 
                 //Assert
                 Assert.Equal(CertificateValidationType.InvalidChain, result.Type);
@@ -43,42 +43,42 @@ public void Returns_ok_if_valid_certificate_and_chain()
                 var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater();
 
                 //Act
-                var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetPostenCertificate(), "984661185", funksjoneltTestmiljøSertifikater);
+                var result = CertificateValidator.ValidateCertificateAndChainInternal(CertificateResource.UnitTests.GetPostenCertificate(), "984661185", funksjoneltTestmiljøSertifikater);
 
                 //Assert
                 Assert.Equal(CertificateValidationType.Valid, result.Type);
                 Assert.Contains("er et gyldig sertifikat", result.Message);
             }
         }
 
-        public class ValidateCertificateMethod : CertificateValidatorTests
+        public class ValidateCertificateMethodWithOrganizationNumber : CertificateValidatorTests
         {
+            /// <summary>
+            ///     To ensure we are calling the overload doing checking for expiration, activation and not null.
+            /// </summary>
             [Fact]
-            public void Returns_fail_if_expired()
+            public void Calls_validate_certificate_overload_with_no_organization_number()
             {
                 //Arrange
-                const string certificateOrganizationNumber = "988015814";
+                const string organizationNumber = "988015814";
 
                 //Act
-                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), certificateOrganizationNumber);
+                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), organizationNumber);
 
                 //Assert
                 Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
                 Assert.Contains("gikk ut", result.Message);
             }
 
             [Fact]
-            public void Returns_fail_if_not_activated()
+            public void Ignores_issued_to_organization_if_no_organization_number()
             {
-                //Arrange
-                const string certificateOrganizationNumber = "988015814";
-
                 //Act
-                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.NotActivatedSelfSignedTestCertificate(), certificateOrganizationNumber);
+                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate(), string.Empty);
 
                 //Assert
-                Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
-                Assert.Contains("aktiveres ikke før", result.Message);
+                Assert.Equal(CertificateValidationType.Valid, result.Type);
+                Assert.Contains("er et gyldig sertifikat", result.Message);
             }
 
             [Fact]
@@ -95,14 +95,56 @@ public void Returns_fail_if_not_issued_to_organization_number()
                 Assert.Contains("ikke utstedt til organisasjonsnummer", result.Message);
             }
 
+            [Fact]
+            public void Returns_ok_if_valid()
+            {
+                //Arrange
+                const string certificateOrganizationNumber = "984661185";
+
+                //Act
+                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate(), certificateOrganizationNumber);
+
+                //Assert
+                Assert.Equal(CertificateValidationType.Valid, result.Type);
+                Assert.Contains("er et gyldig sertifikat", result.Message);
+            }
+        }
+
+        public class ValidateCertificateMethodWithNoOrganizationNumber : CertificateValidatorTests
+        {
+            [Fact]
+            public void Returns_fail_if_expired()
+            {
+                //Arrange
+
+                //Act
+                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate());
+
+                //Assert
+                Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
+                Assert.Contains("gikk ut", result.Message);
+            }
+
+            [Fact]
+            public void Returns_fail_if_not_activated()
+            {
+                //Arrange
+
+                //Act
+                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.NotActivatedSelfSignedTestCertificate());
+
+                //Assert
+                Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
+                Assert.Contains("aktiveres ikke før", result.Message);
+            }
+
             [Fact]
             public void Returns_fail_with_null_certificate()
             {
                 //Arrange
-                const string organizationNumber = "123456789";
 
                 //Act
-                var result = CertificateValidator.ValidateCertificate(null, organizationNumber);
+                var result = CertificateValidator.ValidateCertificate(null);
 
                 //Assert
                 Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type);
@@ -113,15 +155,15 @@ public void Returns_fail_with_null_certificate()
             public void Returns_ok_if_valid()
             {
                 //Arrange
-                const string certificateOrganizationNumber = "984661185";
 
                 //Act
-                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate(), certificateOrganizationNumber);
+                var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate());
 
                 //Assert
                 Assert.Equal(CertificateValidationType.Valid, result.Type);
                 Assert.Contains("er et gyldig sertifikat", result.Message);
             }
+
         }
 
         public class IsValidCertificateMethod : CertificateValidatorTests

diff --git a/Difi.Felles.Utility.Tester/Difi.Felles.Utility.Tester.csproj b/Difi.Felles.Utility.Tester/Difi.Felles.Utility.Tester.csproj
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props" Condition="Exists('..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" />
   <PropertyGroup>
     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
@@ -56,12 +55,16 @@
       <HintPath>..\packages\xunit.abstractions.2.0.0\lib\net35\xunit.abstractions.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="xunit.assert, Version=2.0.0.2929, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
-      <HintPath>..\packages\xunit.assert.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.assert.dll</HintPath>
+    <Reference Include="xunit.assert, Version=2.1.0.3179, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\packages\xunit.assert.2.1.0\lib\dotnet\xunit.assert.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="xunit.core, Version=2.0.0.2929, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
-      <HintPath>..\packages\xunit.extensibility.core.2.0.0\lib\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.dll</HintPath>
+    <Reference Include="xunit.core, Version=2.1.0.3179, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\packages\xunit.extensibility.core.2.1.0\lib\dotnet\xunit.core.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="xunit.execution.desktop, Version=2.1.0.3179, Culture=neutral, PublicKeyToken=8d05b1bb7a6fdb6c, processorArchitecture=MSIL">
+      <HintPath>..\packages\xunit.extensibility.execution.2.1.0\lib\net45\xunit.execution.desktop.dll</HintPath>
       <Private>True</Private>
     </Reference>
   </ItemGroup>
@@ -134,12 +137,6 @@
   </Choose>
   <Import Project="$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets" Condition="Exists('$(VSToolsPath)\TeamTest\Microsoft.TestTools.targets')" />
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-  <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
-    <PropertyGroup>
-      <ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
-    </PropertyGroup>
-    <Error Condition="!Exists('..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\xunit.core.2.0.0\build\portable-net45+win+wpa81+wp80+monotouch+monoandroid+Xamarin.iOS\xunit.core.props'))" />
-  </Target>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.
   <Target Name="BeforeBuild">

diff --git a/Difi.Felles.Utility.Tester/packages.config b/Difi.Felles.Utility.Tester/packages.config
@@ -1,9 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
   <package id="api-client-shared" version="2.0.0" targetFramework="net45" />
-  <package id="xunit" version="2.0.0" targetFramework="net45" />
+  <package id="xunit" version="2.1.0" targetFramework="net45" />
   <package id="xunit.abstractions" version="2.0.0" targetFramework="net45" />
-  <package id="xunit.assert" version="2.0.0" targetFramework="net45" />
-  <package id="xunit.core" version="2.0.0" targetFramework="net45" />
-  <package id="xunit.extensibility.core" version="2.0.0" targetFramework="net45" />
+  <package id="xunit.assert" version="2.1.0" targetFramework="net45" />
+  <package id="xunit.core" version="2.1.0" targetFramework="net45" />
+  <package id="xunit.extensibility.core" version="2.1.0" targetFramework="net45" />
+  <package id="xunit.extensibility.execution" version="2.1.0" targetFramework="net45" />
 </packages>
diff --git a/Difi.Felles.Utility/CertificateValidator.cs b/Difi.Felles.Utility/CertificateValidator.cs
@@ -14,7 +14,45 @@ public static bool IsValidCertificate(X509Certificate2 certificate, string certi
             return ValidateCertificate(certificate, certificateOrganizationNumber).Type == CertificateValidationType.Valid;
         }
 
+        /// <summary>
+        ///     Validates the certificate and chain. Validates that the certificate
+        ///     <list type="bullet">
+        ///         <item> is not null </item>
+        ///         <item> is ssued to organization number </item>
+        ///         <item> is activated </item>
+        ///         <item> is not Expired </item>
+        ///         <item> has a valid chain</item>
+        ///     </list>
+        /// </summary>
+        /// <param name="certificate">The certificate to validate</param>
+        /// <param name="certificateOrganizationNumber">The organization number which the certificate is issued to</param>
+        /// <param name="allowedChainCertificates">The certificates allowed to build a certificate chain</param>
+        /// <returns>True if the certificate is valid, otherwise false</returns>
         public static CertificateValidationResult ValidateCertificateAndChain(X509Certificate2 certificate, string certificateOrganizationNumber, X509Certificate2Collection allowedChainCertificates)
+        {
+            return ValidateCertificateAndChainInternal(certificate, certificateOrganizationNumber, allowedChainCertificates);
+        }
+
+        /// <summary>
+        ///     Validates the certificate and chain. Validates that the certificate
+        ///     <list type="bullet">
+        ///         <item> is not null </item>
+        ///         <item> is activated </item>
+        ///         <item> is not expired </item>
+        ///         <item> has a valid chain</item>
+        ///     </list>
+        /// </summary>
+        /// <param name="certificate">The certificate to validate</param>
+        /// <param name="allowedChainCertificates">The certificates allowed to build a certificate chain</param>
+        /// <returns>The result of the validation which is represented by a <see cref="CertificateValidationType"/> and a textual description of the validation</returns>
+        public static CertificateValidationResult ValidateCertificateAndChain(X509Certificate2 certificate, X509Certificate2Collection allowedChainCertificates)
+        {
+            var certificateOrganizationNumber = string.Empty;
+
+            return ValidateCertificateAndChainInternal(certificate, certificateOrganizationNumber, allowedChainCertificates);
+        }
+
+        internal static CertificateValidationResult ValidateCertificateAndChainInternal(X509Certificate2 certificate, string certificateOrganizationNumber, X509Certificate2Collection allowedChainCertificates)
         {
             var sertifikatValideringsResultat = ValidateCertificate(certificate, certificateOrganizationNumber);
 
@@ -27,18 +65,63 @@ public static CertificateValidationResult ValidateCertificateAndChain(X509Certif
             return certificateChainValidator.Validate(certificate);
         }
 
+        /// <summary>
+        ///     Validates that the certificate
+        ///     <list type="bullet">
+        ///         <item> is not null </item>
+        ///         <item> is issued to organization number </item>
+        ///         <item> is activated </item>
+        ///         <item> is not expired </item>
+        ///     </list>
+        /// </summary>
+        /// <remarks>
+        ///     Does not validate the certificate chain. Please use <see cref="ValidateCertificateAndChain(X509Certificate2,string,X509Certificate2Collection)" /> for including
+        ///     chain validation
+        /// </remarks>
+        /// <param name="certificate">The certificate to validate</param>
+        /// <param name="certificateOrganizationNumber">The organization number the certificate is issued to</param>
+        /// <returns>The result of the validation which is represented by a <see cref="CertificateValidationType"/> and a textual description of the validation</returns>
         public static CertificateValidationResult ValidateCertificate(X509Certificate2 certificate, string certificateOrganizationNumber)
         {
             if (certificate == null)
             {
                 return NoCertificateResult();
             }
 
+            if (string.IsNullOrWhiteSpace(certificateOrganizationNumber))
+            {
+                return ValidateCertificate(certificate);
+            }
+
             if (!IsIssuedToOrganizationNumber(certificate, certificateOrganizationNumber))
             {
                 return NotIssuedToOrganizationResult(certificate, certificateOrganizationNumber);
             }
 
+            return ValidateCertificate(certificate);
+        }
+
+        /// <summary>
+        ///     Validates that the certificate
+        ///     <list type="bullet">
+        ///         <item> is not null </item>
+        ///         <item> is activated </item>
+        ///         <item> is not expired </item>
+        ///     </list>
+        /// </summary>
+        /// <remarks>
+        ///     Does not validate the certificate chain. Please use <see cref="ValidateCertificateAndChain" /> for including
+        ///     chain validation
+        /// </remarks>
+        /// <param name="certificate">The certificate to validate</param>
+        /// <returns></returns>
+        public static CertificateValidationResult ValidateCertificate(X509Certificate2 certificate)
+        {
+            if (certificate == null)
+            {
+                return NoCertificateResult();
+            }
+
             if (!IsActivatedCertificate(certificate))
             {
                 return NotActivatedResult(certificate);

diff --git a/SharedAssemblyInfo.cs b/SharedAssemblyInfo.cs
@@ -4,8 +4,8 @@
 [assembly: AssemblyTrademark("Direktoratet for forvaltning og IKT (Difi)")]
 [assembly: AssemblyProduct("Difi Felles Utility")]
 [assembly: AssemblyDescription("Bibliotek brukt av Difi i klientbiblioteker")]
-[assembly: AssemblyVersion("1.1.0")]
-[assembly: AssemblyFileVersion("1.1.0")]
-[assembly: AssemblyInformationalVersion("1.1.0")]
+[assembly: AssemblyVersion("1.2.0")]
+[assembly: AssemblyFileVersion("1.2.0")]
+[assembly: AssemblyInformationalVersion("1.2.0")]
 [assembly: AssemblyCopyright("© 2015-2016 Direktoratet for forvaltning og IKT (Difi)")]
 [assembly: AssemblyCulture("")]