using System;
using System.IO;
using System.Linq;
using System.Net;
using System.Security;
using System.Security.Cryptography.X509Certificates;
using Autofac;
using FitConnect;
using FitConnect.Encryption;
using FitConnect.Models;
using FluentAssertions;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using MockContainer;
using Moq;
using NUnit.Framework;
namespace IntegrationTests;
[TestFixture]
public class CertificateValidation {
private MockSettings _settings = null!;
private ILogger _logger = null!;
private CertificateHelper _certificateHelper = null!;
private Mock<ILogger> _mockLogger = null!;
[SetUp]
public void Setup() {
var container = Container.Create();
_settings = container.Resolve<MockSettings>();
_logger = LoggerFactory.Create(
builder => {
builder.AddConsole();
builder.SetMinimumLevel(LogLevel.Debug);
}).CreateLogger("E2E Test");
_certificateHelper = new CertificateHelper(_logger);
}
[Test]
public void CheckCertificateInEnvironment_Dev() {
var environment = FitConnectEnvironment.Develop;
var sender = Client.GetSender(environment, _settings.SenderClientId,
_settings.SenderClientSecret,
_logger);
var certificate = (sender as FitConnect.Sender)
.GetPublicKeyFromDestination(_settings.DestinationId).Result;
new CertificateHelper(_logger).ValidateCertificate(JsonWebKey.Create(certificate),
LogLevel.Trace);
}
[Test]
public void CheckCertificateInEnvironment_Testing() {
var environment = FitConnectEnvironment.Testing;
var sender = Client.GetSender(environment, _settings.SenderClientId,
_settings.SenderClientSecret,
_logger);
var certificate = (sender as FitConnect.Sender)
.GetPublicKeyFromDestination(_settings.DestinationId).Result;
new CertificateHelper(_logger).ValidateCertificate(JsonWebKey.Create(certificate),
LogLevel.Trace);
}
[Test]
public void CheckCertificateInEnvironment_Staging() {
var environment = FitConnectEnvironment.Staging;
var sender = Client.GetSender(environment, _settings.SenderClientId,
_settings.SenderClientSecret,
_logger);
Assert.Throws<AggregateException>(() => {
sender.WithDestination(_settings.DestinationId)
.WithServiceType("", _settings.LeikaKey)
.WithAttachments(new Attachment("Test.pdf", "Simple Test PDF"))
.Submit();
}).InnerExceptions.Any(e => e.GetType() == typeof(SecurityException));
}
[Test]
public void CheckCertificateInEnvironment_Production() {
var environment = FitConnectEnvironment.Production;
var sender = Client.GetSender(environment, _settings.SenderClientId,
_settings.SenderClientSecret,
_logger);
Assert.Throws<AggregateException>(() => {
sender.WithDestination(_settings.DestinationId)
.WithServiceType("", _settings.LeikaKey)
.WithAttachments(new Attachment("Test.pdf", "Simple Test PDF"))
.Submit();
}).InnerExceptions.Any(e => e.GetType() == typeof(SecurityException));
}
[Test]
public void CheckPublicKeyEncryption() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PublicKeyEncryption))
.Should().BeFalse();
}
[Test]
public void CheckPublicKeySignature() {
_certificateHelper
.ValidateCertificate(new JsonWebKey(_settings.PublicKeySignatureVerification))
.Should().BeFalse();
}
[Test]
public void CheckPrivateKeyDecryption() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PrivateKeyDecryption))
.Should().BeTrue();
}
[Test]
public void CheckSetPublicKey() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.SetPublicKeys))
.Should().BeTrue();
}
[Test]
public void CheckPrivateKeySigning() {
_certificateHelper.ValidateCertificate(new JsonWebKey(_settings.PrivateKeySigning))
.Should().BeTrue();
}
[Test]
public void CheckPemFiles() {
var files = System.IO.Directory.GetFiles("./certificates");
var success = 0;
var failed = 0;
foreach (var fileName in files.Where(f => !f.EndsWith("root.pem"))) {
_logger.LogInformation("Checking file: {FileName}", fileName);
if (fileName.EndsWith(".pem")) {
var certificate = X509Certificate2.CreateFromPem(File.ReadAllText(fileName));
var valid = _certificateHelper.ValidateCertificate(certificate, out var states,
null);
if (valid) {
success++;
}
else {
failed++;
}
}
if (fileName.EndsWith(".json")) {
var shouldFail = !fileName.Contains("/valid");
var jwk = new JsonWebKey(File.ReadAllText(fileName));
var valid = _certificateHelper.ValidateCertificate(jwk,
shouldFail ? LogLevel.Trace : LogLevel.Critical);
if (shouldFail)
valid = !valid;
if (valid) {
success++;
}
else {
failed++;
}
}
}
_logger.LogInformation("Success: {Success}, Failed: {Failed}", success, failed);
failed.Should().Be(0);
}
}