diff --git a/Difi.Felles.Utility.Resources/Certificate/CertificateResource.cs b/Difi.Felles.Utility.Resources/Certificate/CertificateResource.cs new file mode 100755 index 0000000..ee62cce --- /dev/null +++ b/Difi.Felles.Utility.Resources/Certificate/CertificateResource.cs @@ -0,0 +1,104 @@ +using System.Collections.Generic; +using System.Security.Cryptography.X509Certificates; +using ApiClientShared; + +namespace Difi.Felles.Utility.Resources.Certificate +{ + internal class CertificateResource + { + private static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Resources.Certificate.Data"); + + internal static X509Certificate2 GetCertificate(params string[] path) + { + return new X509Certificate2(ResourceUtility.ReadAllBytes(true, path), "", X509KeyStorageFlags.Exportable); + } + + public static class UnitTests + { + public static X509Certificate2 GetProduksjonsMottakerSertifikatOppslagstjenesten() + { + return GetCertificate("UnitTests", "produksjonsmottakersertifikatFraOppslagstjenesten.pem"); + } + + public static X509Certificate2 GetFunksjoneltTestmiljøMottakerSertifikatOppslagstjenesten() + { + return GetCertificate("UnitTests", "testmottakersertifikatFraOppslagstjenesten.pem"); + } + + public static X509Certificate2 NotActivatedSelfSignedTestCertificate() + { + return GetCertificate("UnitTests", "NotActivatedSelfSignedBringAs.cer"); + } + + public static X509Certificate2 GetExpiredSelfSignedTestCertificate() + { + return GetCertificate("UnitTests", "ExpiredSelfSignedBringAs.cer"); + } + + public static X509Certificate2 GetValidSelfSignedTestCertificate() + { + return GetCertificate("UnitTests", "ValidSelfSignedBringAs.cer"); + } + + public static X509Certificate2 TestIntegrasjonssertifikat() + { + return GetPostenCertificate(); + } + + public static X509Certificate2 GetEnhetstesterSelvsignertSertifikat() + { + return GetCertificate("UnitTests", "difi-enhetstester.cer"); + } + + public static X509Certificate2 GetPostenCertificate() + { + return GetCertificate("UnitTests", "PostenNorgeAs.cer"); + } + + internal static X509Certificate2 GetAvsenderEnhetstesterSertifikat() + { + return EvigTestSertifikatMedPrivatnøkkel(); + } + + internal static X509Certificate2 GetMottakerEnhetstesterSertifikat() + { + return EvigTestSertifikatUtenPrivatnøkkel(); + } + + private static X509Certificate2 EvigTestSertifikatUtenPrivatnøkkel() + { + return GetCertificate("UnitTests", "difi-enhetstester.cer"); + } + + private static X509Certificate2 EvigTestSertifikatMedPrivatnøkkel() + { + return GetCertificate("UnitTests", "difi-enhetstester.p12"); + } + } + + public static class Chain + { + public static List GetDifiTestChain() + { + return new List + { + new X509Certificate2(GetCertificate("TestChain", "Buypass_Class_3_Test4_CA_3.cer")), + new X509Certificate2(GetCertificate("TestChain", "Buypass_Class_3_Test4_Root_CA.cer")), + new X509Certificate2(GetCertificate("TestChain", "intermediate - commfides cpn enterprise-norwegian sha256 ca - test2.crt")), + new X509Certificate2(GetCertificate("TestChain", "root - cpn root sha256 ca - test.crt")) + }; + } + + public static List GetDifiProductionChain() + { + return new List + { + new X509Certificate2(GetCertificate("ProdChain", "BPClass3CA3.cer")), + new X509Certificate2(GetCertificate("ProdChain", "BPClass3RootCA.cer")), + new X509Certificate2(GetCertificate("ProdChain", "cpn enterprise sha256 class 3.crt")), + new X509Certificate2(GetCertificate("ProdChain", "cpn rootca sha256 class 3.crt")) + }; + } + } + } +} \ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/BPClass3CA3.cer b/Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/BPClass3CA3.cer old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/BPClass3CA3.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/BPClass3CA3.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/BPClass3RootCA.cer b/Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/BPClass3RootCA.cer old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/BPClass3RootCA.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/BPClass3RootCA.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/cpn enterprise sha256 class 3.crt b/Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/cpn enterprise sha256 class 3.crt old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/cpn enterprise sha256 class 3.crt rename to Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/cpn enterprise sha256 class 3.crt diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/cpn rootca sha256 class 3.crt b/Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/cpn rootca sha256 class 3.crt old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/cpn rootca sha256 class 3.crt rename to Difi.Felles.Utility.Resources/Certificate/Data/ProdChain/cpn rootca sha256 class 3.crt diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/Buypass_Class_3_Test4_CA_3.cer b/Difi.Felles.Utility.Resources/Certificate/Data/TestChain/Buypass_Class_3_Test4_CA_3.cer old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/Buypass_Class_3_Test4_CA_3.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/TestChain/Buypass_Class_3_Test4_CA_3.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/Buypass_Class_3_Test4_Root_CA.cer b/Difi.Felles.Utility.Resources/Certificate/Data/TestChain/Buypass_Class_3_Test4_Root_CA.cer old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/Buypass_Class_3_Test4_Root_CA.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/TestChain/Buypass_Class_3_Test4_Root_CA.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/intermediate - commfides cpn enterprise-norwegian sha256 ca - test2.crt b/Difi.Felles.Utility.Resources/Certificate/Data/TestChain/intermediate - commfides cpn enterprise-norwegian sha256 ca - test2.crt old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/intermediate - commfides cpn enterprise-norwegian sha256 ca - test2.crt rename to Difi.Felles.Utility.Resources/Certificate/Data/TestChain/intermediate - commfides cpn enterprise-norwegian sha256 ca - test2.crt diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/root - cpn root sha256 ca - test.crt b/Difi.Felles.Utility.Resources/Certificate/Data/TestChain/root - cpn root sha256 ca - test.crt old mode 100644 new mode 100755 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/root - cpn root sha256 ca - test.crt rename to Difi.Felles.Utility.Resources/Certificate/Data/TestChain/root - cpn root sha256 ca - test.crt diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/ExpiredSelfSignedBringAs.cer b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/ExpiredSelfSignedBringAs.cer similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/ExpiredSelfSignedBringAs.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/ExpiredSelfSignedBringAs.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/NotActivatedSelfSignedBringAs.cer b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/NotActivatedSelfSignedBringAs.cer similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/NotActivatedSelfSignedBringAs.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/NotActivatedSelfSignedBringAs.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/PostenNorgeAs.cer b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/PostenNorgeAs.cer similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/PostenNorgeAs.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/PostenNorgeAs.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/ValidSelfSignedBringAs.cer b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/ValidSelfSignedBringAs.cer similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/ValidSelfSignedBringAs.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/ValidSelfSignedBringAs.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/difi-enhetstester.cer b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/difi-enhetstester.cer similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/difi-enhetstester.cer rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/difi-enhetstester.cer diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/difi-enhetstester.p12 b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/difi-enhetstester.p12 similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Enhetstester/difi-enhetstester.p12 rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/difi-enhetstester.p12 diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/produksjonsmottakersertifikatFraOppslagstjenesten.pem b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/produksjonsmottakersertifikatFraOppslagstjenesten.pem similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Prod/produksjonsmottakersertifikatFraOppslagstjenesten.pem rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/produksjonsmottakersertifikatFraOppslagstjenesten.pem diff --git a/Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/testmottakersertifikatFraOppslagstjenesten.pem b/Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/testmottakersertifikatFraOppslagstjenesten.pem similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Sertifikater/Test/testmottakersertifikatFraOppslagstjenesten.pem rename to Difi.Felles.Utility.Resources/Certificate/Data/UnitTests/testmottakersertifikatFraOppslagstjenesten.pem diff --git a/Difi.Felles.Utility.Resources/Difi.Felles.Utility.Resources.csproj b/Difi.Felles.Utility.Resources/Difi.Felles.Utility.Resources.csproj new file mode 100755 index 0000000..507374c --- /dev/null +++ b/Difi.Felles.Utility.Resources/Difi.Felles.Utility.Resources.csproj @@ -0,0 +1,116 @@ + + + + + Debug + AnyCPU + {C737EA02-E687-45C4-95DB-72B5083246F2} + Library + Properties + Difi.Felles.Utility.Resources + Difi.Felles.Utility.Resources + v4.5 + 512 + + + + true + full + false + bin\Debug\ + DEBUG;TRACE + prompt + 4 + + + pdbonly + true + bin\Release\ + TRACE + prompt + 4 + + + true + + + C:\Keys\digipost.pfx + + + + ..\packages\api-client-shared.1.0.5968.19413\lib\net45\ApiClientShared.dll + True + + + + + + + + + + + + + Properties\SharedAssemblyInfo.cs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Designer + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Difi.Felles.Utility.Resources/Properties/AssemblyInfo.cs b/Difi.Felles.Utility.Resources/Properties/AssemblyInfo.cs new file mode 100755 index 0000000..cd01984 --- /dev/null +++ b/Difi.Felles.Utility.Resources/Properties/AssemblyInfo.cs @@ -0,0 +1,7 @@ +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +[assembly: AssemblyTitle("Difi.Felles.Utility.Resources")] +[assembly: ComVisible(false)] +[assembly: InternalsVisibleTo("Difi.Felles.Utility,PublicKey=00240000048000009400000006020000002400005253413100040000010001008b3388f9c416425f0145bbcf26e66b9a87c4e08b4cd41563e4bc8846df38ba4d997c5408cc77da26d79b03c39874a6af9df0aff3e7bdb3c0e53a91f6d19c50e160f5bf67986a04f0f985eca0252f557ed9ae520dd51e3107d6168d073d4ec5ada28d34e492ad9fb7af29c82309c5c0124211e679caea38d5463d2af9042dafda")] \ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/Testdata/Xml/InvalidIdentifikatorContent.xml b/Difi.Felles.Utility.Resources/Xml/Data/InvalidIdentifikatorContent.xml similarity index 83% rename from Difi.Felles.Utility.Tester/Testdata/Xml/InvalidIdentifikatorContent.xml rename to Difi.Felles.Utility.Resources/Xml/Data/InvalidIdentifikatorContent.xml index 2981bde..98fc8ac 100755 --- a/Difi.Felles.Utility.Tester/Testdata/Xml/InvalidIdentifikatorContent.xml +++ b/Difi.Felles.Utility.Resources/Xml/Data/InvalidIdentifikatorContent.xml @@ -1,13 +1,13 @@ - - -
- - - -
- - - invalidContent - - -
+ + +
+ + + +
+ + + invalidContent + + +
\ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/Testdata/Transportkvittering.cs b/Difi.Felles.Utility.Resources/Xml/Data/Transportkvittering.cs similarity index 100% rename from Difi.Felles.Utility.Tester/Testdata/Transportkvittering.cs rename to Difi.Felles.Utility.Resources/Xml/Data/Transportkvittering.cs diff --git a/Difi.Felles.Utility.Resources/Xml/Data/UnknownElement.xml b/Difi.Felles.Utility.Resources/Xml/Data/UnknownElement.xml new file mode 100755 index 0000000..dfa4d10 --- /dev/null +++ b/Difi.Felles.Utility.Resources/Xml/Data/UnknownElement.xml @@ -0,0 +1,13 @@ + + +
+ + + +
+ + + + + +
\ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/Testdata/Xml/Valid.xml b/Difi.Felles.Utility.Resources/Xml/Data/Valid.xml similarity index 61% rename from Difi.Felles.Utility.Tester/Testdata/Xml/Valid.xml rename to Difi.Felles.Utility.Resources/Xml/Data/Valid.xml index cd09245..e05d223 100755 --- a/Difi.Felles.Utility.Tester/Testdata/Xml/Valid.xml +++ b/Difi.Felles.Utility.Resources/Xml/Data/Valid.xml @@ -1,16 +1,16 @@ - - -
- - - -
- - - abc - - - bbb - - -
+ + +
+ + + +
+ + + abc + + + bbb + + +
\ No newline at end of file diff --git a/Difi.Felles.Utility.Resources/Xml/XmlResource.cs b/Difi.Felles.Utility.Resources/Xml/XmlResource.cs new file mode 100755 index 0000000..e2b0798 --- /dev/null +++ b/Difi.Felles.Utility.Resources/Xml/XmlResource.cs @@ -0,0 +1,34 @@ +using System.Text; +using ApiClientShared; + +namespace Difi.Felles.Utility.Resources.Xml +{ + public class XmlResource + { + private static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Resources.Xml.Data"); + + private static string GetResource(params string[] path) + { + var bytes = ResourceUtility.ReadAllBytes(true, path); + return XmlUtility.ToXmlDocument(Encoding.UTF8.GetString(bytes)).OuterXml; + } + + internal class GetContent + { + public static string GetInvalid() + { + return GetResource("InvalidIdentifikatorContent.xml"); + } + + public static string GetContentWithUnknownElement() + { + return GetResource("UnknownElement.xml"); + } + + public static string GetValid() + { + return GetResource("Valid.xml"); + } + } + } +} \ No newline at end of file diff --git a/Difi.Felles.Utility.Resources/Xml/XmlUtility.cs b/Difi.Felles.Utility.Resources/Xml/XmlUtility.cs new file mode 100755 index 0000000..a59ba84 --- /dev/null +++ b/Difi.Felles.Utility.Resources/Xml/XmlUtility.cs @@ -0,0 +1,15 @@ +using System.Xml; + +namespace Difi.Felles.Utility.Resources.Xml +{ + public class XmlUtility + { + public static XmlDocument ToXmlDocument(string xml) + { + var xmlDocument = new XmlDocument(); + xmlDocument.LoadXml(xml); + + return xmlDocument; + } + } +} \ No newline at end of file diff --git a/Difi.Felles.Utility.Resources/Xsd/Data/Sample.xsd b/Difi.Felles.Utility.Resources/Xsd/Data/Sample.xsd new file mode 100755 index 0000000..7f73efd --- /dev/null +++ b/Difi.Felles.Utility.Resources/Xsd/Data/Sample.xsd @@ -0,0 +1,44 @@ + + + Purchase order schema for Example.com. + Copyright 2000 Example.com. All rights reserved. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/Difi.Felles.Utility.Resources/Xsd/XsdResource.cs b/Difi.Felles.Utility.Resources/Xsd/XsdResource.cs new file mode 100755 index 0000000..ff3f097 --- /dev/null +++ b/Difi.Felles.Utility.Resources/Xsd/XsdResource.cs @@ -0,0 +1,21 @@ +using System.IO; +using ApiClientShared; + +namespace Difi.Felles.Utility.Resources.Xsd +{ + internal class XsdResource + { + private static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Resources.Xsd.Data"); + + private static Stream GetResource(params string[] path) + { + var bytes = ResourceUtility.ReadAllBytes(true, path); + return new MemoryStream(bytes); + } + + public static Stream Sample() + { + return GetResource("Sample.xsd"); + } + } +} \ No newline at end of file diff --git a/Difi.Felles.Utility.Resources/packages.config b/Difi.Felles.Utility.Resources/packages.config new file mode 100755 index 0000000..1464b53 --- /dev/null +++ b/Difi.Felles.Utility.Resources/packages.config @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/CertificateChainValidatorTests.cs b/Difi.Felles.Utility.Tester/CertificateChainValidatorTests.cs index 73b5418..f15b0d7 100755 --- a/Difi.Felles.Utility.Tester/CertificateChainValidatorTests.cs +++ b/Difi.Felles.Utility.Tester/CertificateChainValidatorTests.cs @@ -1,60 +1,56 @@ -using Difi.Felles.Utility.Utilities; +using Difi.Felles.Utility.Resources.Certificate; +using Difi.Felles.Utility.Utilities; using Xunit; -using Assert = Xunit.Assert; namespace Difi.Felles.Utility.Tester { - public class CertificateChainValidatorTests { - - public class ValidateCertificateChainMethod : CertificateChainValidatorTests + public class ValidateCertificateChain : CertificateChainValidatorTests { [Fact] - public void Valid_with_correct_root_and_intermediate() + public void Fails_with_self_signed_certificate() { //Arrange - var productionCertificate = SertifikatUtility.GetProduksjonsMottakerSertifikatOppslagstjenesten(); - var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProductionCertificates()); + var selfSignedCertificate = CertificateResource.UnitTests.GetEnhetstesterSelvsignertSertifikat(); + var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater()); //Act - var result = certificateChainValidator.Validate(productionCertificate); + var result = certificateChainValidator.Validate(selfSignedCertificate); //Assert - Assert.Equal(CertificateValidationType.Valid, result.Type); - Assert.Contains("et gyldig sertifikat", result.Message); + Assert.Equal(CertificateValidationType.InvalidChain, result.Type); + Assert.Contains("sertifikatet er selvsignert", result.Message); } [Fact] public void Fails_with_wrong_root_and_intermediate() { //Arrange - var productionCertificate = SertifikatUtility.GetProduksjonsMottakerSertifikatOppslagstjenesten(); + var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten(); //Act - var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.TestCertificates()); + var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.FunksjoneltTestmiljøSertifikater()); var result = certificateChainValidator.Validate(productionCertificate); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); Assert.Contains("blir hentet fra Certificate Store på Windows", result.Message); - } [Fact] - public void Fails_with_self_signed_certificate() + public void Valid_with_correct_root_and_intermediate() { //Arrange - var selfSignedCertificate = SertifikatUtility.GetEnhetstesterSelvsignertSertifikat(); - var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProductionCertificates()); + var productionCertificate = CertificateResource.UnitTests.GetProduksjonsMottakerSertifikatOppslagstjenesten(); + var certificateChainValidator = new CertificateChainValidator(CertificateChainUtility.ProduksjonsSertifikater()); //Act - var result = certificateChainValidator.Validate(selfSignedCertificate); + var result = certificateChainValidator.Validate(productionCertificate); //Assert - Assert.Equal(CertificateValidationType.InvalidChain, result.Type); - Assert.Contains("sertifikatet er selvsignert", result.Message); - + Assert.Equal(CertificateValidationType.Valid, result.Type); + Assert.Contains("et gyldig sertifikat", result.Message); } } } diff --git a/Difi.Felles.Utility.Tester/CertificateUtility.cs b/Difi.Felles.Utility.Tester/CertificateUtility.cs deleted file mode 100755 index 713278c..0000000 --- a/Difi.Felles.Utility.Tester/CertificateUtility.cs +++ /dev/null @@ -1,30 +0,0 @@ -using System.Security.Cryptography.X509Certificates; -using ApiClientShared; - -namespace Difi.Felles.Utility.Tester -{ - internal class CertificateUtility - { - internal static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Tester.Testdata.Sertifikater.Enhetstester"); - - internal static X509Certificate2 GetAvsenderEnhetstesterSertifikat() - { - return EvigTestSertifikatMedPrivatnøkkel(); - } - - internal static X509Certificate2 GetMottakerEnhetstesterSertifikat() - { - return EvigTestSertifikatUtenPrivatnøkkel(); - } - - private static X509Certificate2 EvigTestSertifikatUtenPrivatnøkkel() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "difi-enhetstester.cer"), "", X509KeyStorageFlags.Exportable); - } - - private static X509Certificate2 EvigTestSertifikatMedPrivatnøkkel() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "difi-enhetstester.p12"), "", X509KeyStorageFlags.Exportable); - } - } -} \ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/CertificateValidatorTests.cs b/Difi.Felles.Utility.Tester/CertificateValidatorTests.cs index 4bc8f79..b0f81c3 100755 --- a/Difi.Felles.Utility.Tester/CertificateValidatorTests.cs +++ b/Difi.Felles.Utility.Tester/CertificateValidatorTests.cs @@ -1,9 +1,9 @@ -using Difi.Felles.Utility.Utilities; +using Difi.Felles.Utility.Resources.Certificate; +using Difi.Felles.Utility.Utilities; using Xunit; namespace Difi.Felles.Utility.Tester { - public class CertificateValidatorTests { public class ValidateCertificateAndChainMethod : CertificateValidatorTests @@ -12,10 +12,10 @@ public class ValidateCertificateAndChainMethod : CertificateValidatorTests public void Returns_fail_if_certificate_error() { //Arrange - var funksjoneltTestmiljøSertifikater = CertificateChainUtility.TestCertificates(); + var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act - var result = CertificateValidator.ValidateCertificateAndChain(SertifikatUtility.GetExpiredSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); + var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type); @@ -26,10 +26,10 @@ public void Returns_fail_if_certificate_error() public void Returns_fail_if_invalid_certificate_chain() { //Arrange - var funksjoneltTestmiljøSertifikater = CertificateChainUtility.TestCertificates(); + var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act - var result = CertificateValidator.ValidateCertificateAndChain(SertifikatUtility.GetValidSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); + var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetValidSelfSignedTestCertificate(), "988015814", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.InvalidChain, result.Type); @@ -39,10 +39,10 @@ public void Returns_fail_if_invalid_certificate_chain() public void Returns_ok_if_valid_certificate_and_chain() { //Arrange - var funksjoneltTestmiljøSertifikater = CertificateChainUtility.TestCertificates(); + var funksjoneltTestmiljøSertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act - var result = CertificateValidator.ValidateCertificateAndChain(SertifikatUtility.GetPostenCertificate(), "984661185", funksjoneltTestmiljøSertifikater); + var result = CertificateValidator.ValidateCertificateAndChain(CertificateResource.UnitTests.GetPostenCertificate(), "984661185", funksjoneltTestmiljøSertifikater); //Assert Assert.Equal(CertificateValidationType.Valid, result.Type); @@ -52,59 +52,59 @@ public void Returns_ok_if_valid_certificate_and_chain() public class ValidateCertificateMethod : CertificateValidatorTests { [Fact] - public void Returns_fail_with_null_certificate() + public void Returns_fail_if_expired() { //Arrange - const string organizationNumber = "123456789"; + const string certificateOrganizationNumber = "988015814"; //Act - var result = CertificateValidator.ValidateCertificate(null, organizationNumber); + var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), certificateOrganizationNumber); //Assert Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type); - Assert.Contains("var null", result.Message); + Assert.Contains("gikk ut", result.Message); } [Fact] - public void Returns_fail_if_not_issued_to_organization_number() + public void Returns_fail_if_not_activated() { //Arrange - const string certificateOrganizationNumber = "123456789"; + const string certificateOrganizationNumber = "988015814"; //Act - var result = CertificateValidator.ValidateCertificate(SertifikatUtility.TestIntegrasjonssertifikat(), certificateOrganizationNumber); + var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.NotActivatedSelfSignedTestCertificate(), certificateOrganizationNumber); //Assert Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type); - Assert.Contains("ikke utstedt til organisasjonsnummer", result.Message); + Assert.Contains("aktiveres ikke før", result.Message); } [Fact] - public void Returns_fail_if_not_activated() + public void Returns_fail_if_not_issued_to_organization_number() { //Arrange - const string certificateOrganizationNumber = "988015814"; + const string certificateOrganizationNumber = "123456789"; //Act - var result = CertificateValidator.ValidateCertificate(SertifikatUtility.NotActivatedSelfSignedTestCertificate(), certificateOrganizationNumber); + var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.TestIntegrasjonssertifikat(), certificateOrganizationNumber); //Assert Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type); - Assert.Contains("aktiveres ikke før", result.Message); + Assert.Contains("ikke utstedt til organisasjonsnummer", result.Message); } [Fact] - public void Returns_fail_if_expired() + public void Returns_fail_with_null_certificate() { //Arrange - const string certificateOrganizationNumber = "988015814"; + const string organizationNumber = "123456789"; //Act - var result = CertificateValidator.ValidateCertificate(SertifikatUtility.GetExpiredSelfSignedTestCertificate(), certificateOrganizationNumber); + var result = CertificateValidator.ValidateCertificate(null, organizationNumber); //Assert Assert.Equal(CertificateValidationType.InvalidCertificate, result.Type); - Assert.Contains("gikk ut",result.Message); + Assert.Contains("var null", result.Message); } [Fact] @@ -114,65 +114,63 @@ public void Returns_ok_if_valid() const string certificateOrganizationNumber = "984661185"; //Act - var result = CertificateValidator.ValidateCertificate(SertifikatUtility.GetPostenCertificate(), certificateOrganizationNumber); + var result = CertificateValidator.ValidateCertificate(CertificateResource.UnitTests.GetPostenCertificate(), certificateOrganizationNumber); //Assert Assert.Equal(CertificateValidationType.Valid, result.Type); Assert.Contains("er et gyldig sertifikat", result.Message); } - - } public class IsValidCertificateMethod : CertificateValidatorTests { [Fact] - public void Returns_false_with_null_certificate() + public void Returns_false_if_expired() { //Arrange - const string certificateOrganizationNumber = "123456789"; + var certificateOrganizationNumber = "123456789"; //Act - var isValid = CertificateValidator.IsValidCertificate(null, certificateOrganizationNumber); + var isValid = CertificateValidator.IsValidCertificate(CertificateResource.UnitTests.GetExpiredSelfSignedTestCertificate(), certificateOrganizationNumber); //Assert Assert.False(isValid); } [Fact] - public void Returns_false_if_not_issued_to_organization_number() + public void Returns_false_if_not_activated() { //Arrange var certificateOrganizationNumber = "123456789"; //Act - var isValid = CertificateValidator.IsValidCertificate(SertifikatUtility.TestIntegrasjonssertifikat(), certificateOrganizationNumber); + var isValid = CertificateValidator.IsValidCertificate(CertificateResource.UnitTests.NotActivatedSelfSignedTestCertificate(), certificateOrganizationNumber); //Assert Assert.False(isValid); } [Fact] - public void Returns_false_if_not_activated() + public void Returns_false_if_not_issued_to_organization_number() { //Arrange var certificateOrganizationNumber = "123456789"; //Act - var isValid = CertificateValidator.IsValidCertificate(SertifikatUtility.NotActivatedSelfSignedTestCertificate(), certificateOrganizationNumber); + var isValid = CertificateValidator.IsValidCertificate(CertificateResource.UnitTests.TestIntegrasjonssertifikat(), certificateOrganizationNumber); //Assert Assert.False(isValid); } [Fact] - public void Returns_false_if_expired() + public void Returns_false_with_null_certificate() { //Arrange - var certificateOrganizationNumber = "123456789"; + const string certificateOrganizationNumber = "123456789"; //Act - var isValid = CertificateValidator.IsValidCertificate(SertifikatUtility.GetExpiredSelfSignedTestCertificate(), certificateOrganizationNumber); + var isValid = CertificateValidator.IsValidCertificate(null, certificateOrganizationNumber); //Assert Assert.False(isValid); @@ -185,7 +183,7 @@ public void Returns_true_for_correct_certificate() var certificateOrganizationNumber = "984661185"; //Act - var isValid = CertificateValidator.IsValidCertificate(SertifikatUtility.GetPostenCertificate(), certificateOrganizationNumber); + var isValid = CertificateValidator.IsValidCertificate(CertificateResource.UnitTests.GetPostenCertificate(), certificateOrganizationNumber); //Assert Assert.True(isValid); diff --git a/Difi.Felles.Utility.Tester/Difi.Felles.Utility.Tester.csproj b/Difi.Felles.Utility.Tester/Difi.Felles.Utility.Tester.csproj index 04b60a1..93d6ed2 100755 --- a/Difi.Felles.Utility.Tester/Difi.Felles.Utility.Tester.csproj +++ b/Difi.Felles.Utility.Tester/Difi.Felles.Utility.Tester.csproj @@ -49,6 +49,7 @@ True + @@ -80,15 +81,12 @@ Properties\SharedAssemblyInfo.cs - - - @@ -97,46 +95,21 @@ + + {c737ea02-e687-45c4-95db-72b5083246f2} + Difi.Felles.Utility.Resources + {7ab8d858-878f-4184-9557-995be75dc635} Difi.Felles.Utility - - - - - - - - - - - - - - - - - - - + Designer - - - - - - - - - - - - - + + diff --git a/Difi.Felles.Utility.Tester/Security/SignedXmlWithAgnosticIdTests.cs b/Difi.Felles.Utility.Tester/Security/SignedXmlWithAgnosticIdTests.cs index 34a4d68..6b078ab 100755 --- a/Difi.Felles.Utility.Tester/Security/SignedXmlWithAgnosticIdTests.cs +++ b/Difi.Felles.Utility.Tester/Security/SignedXmlWithAgnosticIdTests.cs @@ -5,6 +5,7 @@ using System.Security.Cryptography.X509Certificates; using System.Xml; using Difi.Felles.Utility.Exceptions; +using Difi.Felles.Utility.Resources.Certificate; using Difi.Felles.Utility.Security; using Difi.Felles.Utility.Tester.Testdata; using Difi.Felles.Utility.Tester.Utilities; @@ -45,7 +46,7 @@ public void FeilerMedSertifikatUtenPrivatnøkkel() { //Arrange var xmlDokument = XmlUtility.ToXmlDocument(TransportKvittering.TransportOkKvittertingFunksjoneltTestmiljø); - var sertifikat = CertificateUtility.GetMottakerEnhetstesterSertifikat(); + var sertifikat = CertificateResource.UnitTests.GetMottakerEnhetstesterSertifikat(); //Act try @@ -64,7 +65,7 @@ public void KonstruktørMedXmlDokumentOgSertifikat() { //Arrange var xmlDokument = XmlUtility.ToXmlDocument(TransportKvittering.TransportOkKvittertingFunksjoneltTestmiljø); - var sertifikat = CertificateUtility.GetAvsenderEnhetstesterSertifikat(); + var sertifikat = CertificateResource.UnitTests.GetAvsenderEnhetstesterSertifikat(); var signedXmlWithAgnosticId = new SignedXmlWithAgnosticId(xmlDokument, sertifikat); //Act diff --git a/Difi.Felles.Utility.Tester/SertifikatUtility.cs b/Difi.Felles.Utility.Tester/SertifikatUtility.cs deleted file mode 100755 index 2ab35ba..0000000 --- a/Difi.Felles.Utility.Tester/SertifikatUtility.cs +++ /dev/null @@ -1,50 +0,0 @@ -using System.Security.Cryptography.X509Certificates; -using ApiClientShared; - -namespace Difi.Felles.Utility.Tester -{ - internal class SertifikatUtility - { - private static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Tester.Testdata.Sertifikater"); - - public static X509Certificate2 GetProduksjonsMottakerSertifikatOppslagstjenesten() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Prod", "produksjonsmottakersertifikatFraOppslagstjenesten.pem")); - } - - public static X509Certificate2 GetFunksjoneltTestmiljøMottakerSertifikatOppslagstjenesten() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Test", "testmottakersertifikatFraOppslagstjenesten.pem")); - } - - public static X509Certificate2 NotActivatedSelfSignedTestCertificate() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Enhetstester", "NotActivatedSelfSignedBringAs.cer")); - } - - public static X509Certificate2 GetExpiredSelfSignedTestCertificate() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Enhetstester", "ExpiredSelfSignedBringAs.cer")); - } - - public static X509Certificate2 GetValidSelfSignedTestCertificate() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Enhetstester", "ValidSelfSignedBringAs.cer")); - } - - public static X509Certificate2 TestIntegrasjonssertifikat() - { - return GetPostenCertificate(); - } - - public static X509Certificate2 GetEnhetstesterSelvsignertSertifikat() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Enhetstester", "difi-enhetstester.cer")); - } - - public static X509Certificate2 GetPostenCertificate() - { - return new X509Certificate2(ResourceUtility.ReadAllBytes(true, "Enhetstester", "PostenNorgeAs.cer")); - } - } -} \ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/Testdata/Xml/UnknownElement.xml b/Difi.Felles.Utility.Tester/Testdata/Xml/UnknownElement.xml deleted file mode 100755 index 78b6089..0000000 --- a/Difi.Felles.Utility.Tester/Testdata/Xml/UnknownElement.xml +++ /dev/null @@ -1,13 +0,0 @@ - - -
- - - -
- - - - - -
diff --git a/Difi.Felles.Utility.Tester/Testdata/Xsd/Sample.xsd b/Difi.Felles.Utility.Tester/Testdata/Xsd/Sample.xsd deleted file mode 100755 index 882e2f4..0000000 --- a/Difi.Felles.Utility.Tester/Testdata/Xsd/Sample.xsd +++ /dev/null @@ -1,54 +0,0 @@ - - - - Purchase order schema for Example.com. - Copyright 2000 Example.com. All rights reserved. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/Difi.Felles.Utility.Tester/Utilities/CertificateChainUtilityTests.cs b/Difi.Felles.Utility.Tester/Utilities/CertificateChainUtilityTests.cs index 3b98fe3..20fd6ee 100755 --- a/Difi.Felles.Utility.Tester/Utilities/CertificateChainUtilityTests.cs +++ b/Difi.Felles.Utility.Tester/Utilities/CertificateChainUtilityTests.cs @@ -12,7 +12,7 @@ public class TestsertifikaterMethod : CertificateChainUtilityTests public void ReturnererFireSertifikaterMedThumbprint() { //Arrange - var sertifikater = CertificateChainUtility.TestCertificates(); + var sertifikater = CertificateChainUtility.FunksjoneltTestmiljøSertifikater(); //Act @@ -30,7 +30,7 @@ public class ProduksjonssertifikaterMethod : CertificateChainUtilityTests public void ReturnererFireSertifikaterMedThumbprint() { //Arrange - var sertifikater = CertificateChainUtility.ProductionCertificates(); + var sertifikater = CertificateChainUtility.ProduksjonsSertifikater(); //Act @@ -48,7 +48,7 @@ public class CertificateChainInfoTests : CertificateChainUtilityTests public void DebugMesages() { var i = 0; - foreach (var certificate in CertificateChainUtility.TestCertificates()) + foreach (var certificate in CertificateChainUtility.FunksjoneltTestmiljøSertifikater()) { Trace.WriteLine($"{i++}: Issuer `{certificate.Issuer}`, thumbprint `{certificate.Thumbprint}`"); } diff --git a/Difi.Felles.Utility.Tester/Validation/TestGenerator.cs b/Difi.Felles.Utility.Tester/Validation/TestGenerator.cs index 2b5fb7a..4bbfbca 100755 --- a/Difi.Felles.Utility.Tester/Validation/TestGenerator.cs +++ b/Difi.Felles.Utility.Tester/Validation/TestGenerator.cs @@ -1,20 +1,17 @@ using System.Collections.Generic; -using System.IO; -using System.Text; using System.Xml; using System.Xml.Schema; -using ApiClientShared; +using Difi.Felles.Utility.Resources.Xml; +using Difi.Felles.Utility.Resources.Xsd; namespace Difi.Felles.Utility.Tester.Validation { internal static class TestGenerator { - private static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Tester.Testdata"); - public static XmlSchemaSet XmlSchemaSet() { var xmlSchemaSet = new XmlSchemaSet(); - xmlSchemaSet.Add("http://tempuri.org/po.xsd", XmlReader.Create(new MemoryStream(ResourceUtility.ReadAllBytes(true, "Xsd.Sample.xsd")))); + xmlSchemaSet.Add("http://tempuri.org/po.xsd", XmlReader.Create(XsdResource.Sample())); return xmlSchemaSet; } @@ -31,7 +28,7 @@ public class ValidTestCouple : ITestCouple public string Input() { - return Encoding.UTF8.GetString(ResourceUtility.ReadAllBytes(true, "Xml.Valid.xml")); + return XmlResource.GetContent.GetValid(); } } @@ -49,7 +46,7 @@ public List ExpectedValidationMessages public string Input() { - return Encoding.UTF8.GetString(ResourceUtility.ReadAllBytes(true, "Xml.InvalidIdentifikatorContent.xml")); + return XmlResource.GetContent.GetInvalid(); } } @@ -67,7 +64,7 @@ public List ExpectedValidationMessages public string Input() { - return Encoding.UTF8.GetString(ResourceUtility.ReadAllBytes(true, "Xml.UnknownElement.xml")); + return XmlResource.GetContent.GetContentWithUnknownElement(); } } } diff --git a/Difi.Felles.Utility.Tester/Validation/XmlValidatorTestImplementation.cs b/Difi.Felles.Utility.Tester/Validation/XmlValidatorTestImplementation.cs index b6b9f08..87bdfba 100755 --- a/Difi.Felles.Utility.Tester/Validation/XmlValidatorTestImplementation.cs +++ b/Difi.Felles.Utility.Tester/Validation/XmlValidatorTestImplementation.cs @@ -1,22 +1,13 @@ -using System.IO; -using System.Xml; -using ApiClientShared; +using System.Xml; +using Difi.Felles.Utility.Resources.Xsd; namespace Difi.Felles.Utility.Tester.Validation { public class XmlValidatorTestImplementation : XmlValidator { - private static readonly ResourceUtility ResourceUtility = new ResourceUtility("Difi.Felles.Utility.Tester.Testdata"); - public XmlValidatorTestImplementation() { - AddXsd("http://tempuri.org/po.xsd", HentRessurs("Xsd.Sample.xsd")); - } - - private static XmlReader HentRessurs(string path) - { - var bytes = ResourceUtility.ReadAllBytes(true, path); - return XmlReader.Create(new MemoryStream(bytes)); + AddXsd("http://tempuri.org/po.xsd", XmlReader.Create(XsdResource.Sample())); } } } \ No newline at end of file diff --git a/Difi.Felles.Utility/CertificateChainValidator.cs b/Difi.Felles.Utility/CertificateChainValidator.cs index 7e17038..9c77381 100755 --- a/Difi.Felles.Utility/CertificateChainValidator.cs +++ b/Difi.Felles.Utility/CertificateChainValidator.cs @@ -18,7 +18,7 @@ public CertificateChainValidator(X509Certificate2Collection certificateStore) public X509Certificate2Collection SertifikatLager => CertificateStore; /// - /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot + /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot /// /// /// @@ -29,7 +29,7 @@ public bool ErGyldigSertifikatkjede(X509Certificate2 certificate) } /// - /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot + /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot /// /// /// @@ -39,7 +39,7 @@ public bool IsValidChain(X509Certificate2 certificate) } /// - /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot + /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot /// /// /// Status på kjeden etter validering hvis validering feilet. @@ -51,7 +51,7 @@ public bool ErGyldigSertifikatkjede(X509Certificate2 certificate, out string det } /// - /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot + /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot /// /// /// Status på kjeden etter validering hvis validering feilet. @@ -64,20 +64,19 @@ public bool IsValidChain(X509Certificate2 certificate, out string detailedErrorI return result.Type == CertificateValidationType.Valid; } - public CertificateValidationResult Validate(X509Certificate2 certificate) { var chain = BuildCertificateChain(certificate); var onlyUsingValidatorCertificatesResult = ValidateThatUsingOnlyValidatorCertificates(chain, certificate); - return onlyUsingValidatorCertificatesResult.Type != CertificateValidationType.Valid - ? onlyUsingValidatorCertificatesResult + return onlyUsingValidatorCertificatesResult.Type != CertificateValidationType.Valid + ? onlyUsingValidatorCertificatesResult : Validate(certificate, chain); } /// - /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot + /// Validerer sertifikatkjeden til sertifikatet. Gjør dette ved å validere mot /// /// /// Status på kjeden etter validering hvis validering feilet. @@ -88,7 +87,7 @@ public bool ErGyldigSertifikatkjede(X509Certificate2 certificate, out X509ChainS var chain = BuildCertificateChain(certificate); detailedErrorInformation = chain.ChainStatus; - var onlyUsingValidatorCertificatesResult = ValidateThatUsingOnlyValidatorCertificates(chain,certificate); + var onlyUsingValidatorCertificatesResult = ValidateThatUsingOnlyValidatorCertificates(chain, certificate); if (onlyUsingValidatorCertificatesResult.Type != CertificateValidationType.Valid) { return false; @@ -112,15 +111,21 @@ private CertificateValidationResult ValidateThatUsingOnlyValidatorCertificates(X foreach (var chainElement in chain.ChainElements) { var isCertificateToValidate = IsSameCertificate(chainElement.Certificate, certificate); - if (isCertificateToValidate) { continue; } + if (isCertificateToValidate) + { + continue; + } var isValidatorCertificate = CertificateStore.Cast().Any(lagerSertifikat => IsSameCertificate(chainElement.Certificate, lagerSertifikat)); - if (isValidatorCertificate) { continue; } + if (isValidatorCertificate) + { + continue; + } var chainAsString = chain.ChainElements .Cast() .Where(c => c.Certificate.Thumbprint != certificate.Thumbprint) - .Aggregate("",(result, curr) => GetCertificateInfo(result, curr.Certificate)); + .Aggregate("", (result, curr) => GetCertificateInfo(result, curr.Certificate)); var validatorCertificatesAsString = CertificateStore .Cast() @@ -134,9 +139,9 @@ private CertificateValidationResult ValidateThatUsingOnlyValidatorCertificates(X private static CertificateValidationResult UsedExternalCertificatesResult(X509Certificate2 certificate, string chainAsString, string validatorCertificatesAsString) { - return new CertificateValidationResult(CertificateValidationType.InvalidChain, + return new CertificateValidationResult(CertificateValidationType.InvalidChain, $"Validering av '{certificate.ToShortString()}' feilet. {Environment.NewLine}" + - $"Dette skjer fordi kjeden ble bygd med følgende sertifikater: {Environment.NewLine}{chainAsString}, " + + $"Dette skjer fordi kjeden ble bygd med følgende sertifikater: {Environment.NewLine}{chainAsString}, " + $"men kun følgende er godkjent for å bygge kjeden: {Environment.NewLine}{validatorCertificatesAsString}. Dette skjer som oftest om sertifikater blir hentet fra Certificate Store på Windows, " + "og det tillates ikke under validering. Det er kun gyldig å bygge en kjede med de sertifikatene sendt inn til validatoren."); } @@ -177,8 +182,8 @@ private static CertificateValidationResult Validate(X509Certificate2 certificate return ValidResult(certificate); case 1: var chainError = detailedErrorInformation.ElementAt(0).Status; - return chainError == X509ChainStatusFlags.UntrustedRoot - ? ValidResult(certificate) + return chainError == X509ChainStatusFlags.UntrustedRoot + ? ValidResult(certificate) : InvalidChainResult(certificate, detailedErrorInformation); //We tolerate this 'UntrustedRoot' because it occurs when loading a root certificate from file, which is always done here. We trust the certificates as they are preloaded in library. default: return InvalidChainResult(certificate, detailedErrorInformation); diff --git a/Difi.Felles.Utility/CertificateValidator.cs b/Difi.Felles.Utility/CertificateValidator.cs index ca9df28..504e246 100755 --- a/Difi.Felles.Utility/CertificateValidator.cs +++ b/Difi.Felles.Utility/CertificateValidator.cs @@ -78,7 +78,7 @@ private static CertificateValidationResult ExpiredResult(X509Certificate2 certif private static CertificateValidationResult ValidResult(X509Certificate2 certificate) { return new CertificateValidationResult( - CertificateValidationType.Valid, + CertificateValidationType.Valid, certificate.ToShortString("er et gyldig sertifikat.")); } diff --git a/Difi.Felles.Utility/Difi.Felles.Utility.csproj b/Difi.Felles.Utility/Difi.Felles.Utility.csproj index 0477c36..7b2c8be 100755 --- a/Difi.Felles.Utility/Difi.Felles.Utility.csproj +++ b/Difi.Felles.Utility/Difi.Felles.Utility.csproj @@ -57,23 +57,13 @@ - +
- - - - - - - - - - ..\packages\api-client-shared.1.0.5968.19413\lib\net45\ApiClientShared.dll @@ -86,6 +76,12 @@ + + + {c737ea02-e687-45c4-95db-72b5083246f2} + Difi.Felles.Utility.Resources + +