Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/Mono.Security/Test/Mono.Security.X509.Extensions/AuthorityKeyIdentifierExtensionTest.cs

@@ -0,0 +1,122 @@
+//
+// AuthorityKeyIdentifierExtensionTest.cs - NUnit Test Cases for 
+//	Mono.Security.X509.Extensions.AuthorityKeyIdentifierExtension
+//
+// Authors:
+//	Lex Li  <support@lextm.com>
+//
+// Copyright (C) 2014 Lex Li
+// 
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this
+// software and associated documentation files (the "Software"), to deal in the Software
+// without restriction, including without limitation the rights to use, copy, modify, merge,
+// publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+// to whom the Software is furnished to do so, subject to the following conditions:
+// 
+// The above copyright notice and this permission notice shall be included in all copies or
+// substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+// FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+using System;
+using Mono.Security.X509.Extensions;
+using NUnit.Framework;
+
+namespace MonoTests.Mono.Security.X509.Extensions
+{
+	[TestFixture]
+	public class AuthorityKeyIdentifierExtensionTest
+	{
+		private void Empty (AuthorityKeyIdentifierExtension aki)
+		{
+			Assert.IsFalse (aki.Critical, "Critical");
+			Assert.AreEqual ("2.5.29.35", aki.Oid, "Oid");
+			Assert.IsNotNull (aki.Name, "Name");
+			Assert.IsFalse (aki.Name == aki.Oid, "Name!=Oid");
+			Assert.AreEqual (new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			}, aki.Identifier, "Identifier");
+		}
+
+		[Test]
+		public void Constructor_Empty ()
+		{
+			AuthorityKeyIdentifierExtension aki = new AuthorityKeyIdentifierExtension ();
+			aki.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			Empty (aki);
+		}
+
+		[Test]
+		public void Constructor_Extension ()
+		{
+			AuthorityKeyIdentifierExtension ext = new AuthorityKeyIdentifierExtension ();
+			ext.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			AuthorityKeyIdentifierExtension aki = new AuthorityKeyIdentifierExtension (ext);
+			Empty (aki);
+		}
+
+		[Test]
+		public void Constructor_ASN1 ()
+		{
+			AuthorityKeyIdentifierExtension ext = new AuthorityKeyIdentifierExtension ();
+			ext.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			AuthorityKeyIdentifierExtension aki = new AuthorityKeyIdentifierExtension (ext.ASN1);
+			Empty (aki);
+		}
+
+		[Test]
+		public void AuthorityKeyIdentifier_Critical ()
+		{
+			AuthorityKeyIdentifierExtension aki = new AuthorityKeyIdentifierExtension ();
+			aki.Critical = true;
+			aki.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			Assert.AreEqual ("30-22-06-03-55-1D-23-01-01-FF-04-18-30-16-80-14-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00", BitConverter.ToString (aki.GetBytes ()), "GetBytes");
+
+			AuthorityKeyIdentifierExtension aki2 = new AuthorityKeyIdentifierExtension (aki.ASN1);
+			Assert.IsTrue (aki2.Critical, "Critical");
+			Assert.AreEqual (new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			}, aki2.Identifier, "Identifier");
+		}
+
+		[Test]
+		[ExpectedException (typeof(InvalidOperationException))]
+		public void EmptyIdentifier ()
+		{
+			AuthorityKeyIdentifierExtension ext = new AuthorityKeyIdentifierExtension ();
+			AuthorityKeyIdentifierExtension aki = new AuthorityKeyIdentifierExtension (ext);
+			Empty (aki);
+		}
+	}
+}

mcs/class/Mono.Security/Test/Mono.Security.X509.Extensions/BasicConstraintsExtensionTest.cs

@@ -0,0 +1,120 @@
+//
+// BasicConstraintsExtensionTest.cs - NUnit Test Cases for 
+//	Mono.Security.X509.Extensions.BasicConstraintsExtension
+//
+// Authors:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+
+using System;
+using System.IO;
+
+using Mono.Security;
+using Mono.Security.X509;
+using Mono.Security.X509.Extensions;
+
+using NUnit.Framework;
+
+namespace MonoTests.Mono.Security.X509.Extensions {
+
+	[TestFixture]
+	public class BasicConstraintsExtensionTest {
+
+		private void Save (string filename, X509Extension ext)
+		{
+			using (FileStream fs = File.OpenWrite (filename)) {
+				byte[] raw = ext.GetBytes ();
+				fs.Write (raw, 0, raw.Length);
+				fs.Close ();
+			}
+		}
+
+		private void Empty (BasicConstraintsExtension bce)
+		{
+			Assert.IsFalse (bce.Critical, "Critical");
+			Assert.AreEqual ("2.5.29.19", bce.Oid, "Oid");
+			Assert.IsNotNull (bce.Name, "Name");
+			Assert.IsFalse (bce.Name == bce.Oid, "Name!=Oid");
+			Assert.IsFalse (bce.CertificateAuthority, "CertificateAuthority");
+			Assert.AreEqual (BasicConstraintsExtension.NoPathLengthConstraint, bce.PathLenConstraint, "PathLenConstraint");
+		}
+
+		[Test]
+		public void Constructor_Empty ()
+		{
+			BasicConstraintsExtension bce = new BasicConstraintsExtension ();
+			Empty (bce);
+		}
+
+		[Test]
+		public void Constructor_Extension ()
+		{
+			BasicConstraintsExtension ext = new BasicConstraintsExtension ();
+			BasicConstraintsExtension bce = new BasicConstraintsExtension (ext);
+			Empty (bce);
+		}
+
+		[Test]
+		public void Constructor_ASN1 ()
+		{
+			BasicConstraintsExtension ext = new BasicConstraintsExtension ();
+			BasicConstraintsExtension bce = new BasicConstraintsExtension (ext.ASN1);
+			Empty (bce);
+		}
+
+		[Test]
+		public void CertificateAuthority_Critical ()
+		{
+			BasicConstraintsExtension bce = new BasicConstraintsExtension ();
+			bce.Critical = true;
+			bce.CertificateAuthority = true;
+			bce.PathLenConstraint = 0;
+			Assert.AreEqual ("30-12-06-03-55-1D-13-01-01-FF-04-08-30-06-01-01-FF-02-01-00", BitConverter.ToString (bce.GetBytes ()), "GetBytes");
+
+			BasicConstraintsExtension bce2 = new BasicConstraintsExtension (bce.ASN1);
+			Assert.IsTrue (bce2.Critical, "Critical");
+			Assert.IsTrue (bce2.CertificateAuthority, "CertificateAuthority");
+			Assert.AreEqual (0, bce2.PathLenConstraint, "PathLenConstraint");
+		}
+
+		[Test]
+		public void CertificateAuthority_NoPathLengthConstraint ()
+		{
+			BasicConstraintsExtension bce = new BasicConstraintsExtension ();
+			bce.CertificateAuthority = true;
+			bce.PathLenConstraint = BasicConstraintsExtension.NoPathLengthConstraint;
+			Assert.AreEqual ("30-0C-06-03-55-1D-13-04-05-30-03-01-01-FF", BitConverter.ToString (bce.GetBytes ()), "GetBytes");
+
+			BasicConstraintsExtension bce2 = new BasicConstraintsExtension (bce.ASN1);
+			Assert.IsFalse (bce2.Critical, "Critical");
+			Assert.IsTrue (bce2.CertificateAuthority, "CertificateAuthority");
+			Assert.AreEqual (BasicConstraintsExtension.NoPathLengthConstraint, bce2.PathLenConstraint, "PathLenConstraint");
+		}
+
+		[Test]
+		public void NotCertificateAuthority ()
+		{
+			BasicConstraintsExtension bce = new BasicConstraintsExtension ();
+			bce.CertificateAuthority = false;
+			// CertificateAuthority isn't encoded (default value is false)
+			bce.PathLenConstraint = Int32.MaxValue;
+			// PathLenConstraint is ignored (per RFC3280)
+			Assert.AreEqual ("30-09-06-03-55-1D-13-04-02-30-00", BitConverter.ToString (bce.GetBytes ()), "GetBytes");
+
+			BasicConstraintsExtension bce2 = new BasicConstraintsExtension (bce.ASN1);
+			Assert.IsFalse (bce2.Critical, "Critical");
+			Assert.IsFalse (bce2.CertificateAuthority, "CertificateAuthority");
+			Assert.AreEqual (BasicConstraintsExtension.NoPathLengthConstraint, bce2.PathLenConstraint, "PathLenConstraint");
+		}
+
+		[Test]
+		[ExpectedException (typeof (ArgumentOutOfRangeException))]
+		public void NegativePathLenConstraint ()
+		{
+			BasicConstraintsExtension bce = new BasicConstraintsExtension ();
+			bce.PathLenConstraint = Int32.MinValue;
+		}
+	}
+}

mcs/class/Mono.Security/Test/Mono.Security.X509.Extensions/ChangeLog

@@ -0,0 +1,18 @@
+2010-04-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* SubjectAltNameExtensionTest.cs: Add unit tests for multiple
+	DNSNames entries (#594110 and #591516 certificate test case)
+
+2008-06-26  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* SubjectAltNameExtensionTest.cs: New. Unit tests for 
+	SubjectAltNameExtension. Patch by David Wolinsky
+
+2006-01-04  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* BasicConstraintsExtensionTest.cs: New. Unit tests for encoding and
+	decoding X.509 BasicConstraints certificate extension.
+	* ExtendedKeyUsageExtensionTest.cs: New. Unit tests for encoding and
+	decoding X.509 ExtendedKeyUsage certificate extension.
+	* KeyUsageExtensionTest.cs: New. Unit tests for encoding and
+	decoding X.509 KeyUsage certificate extension.

mcs/class/Mono.Security/Test/Mono.Security.X509.Extensions/ExtendedKeyUsageExtensionTest.cs

@@ -0,0 +1,97 @@
+//
+// ExtendedKeyUsageExtensionTest.cs - NUnit Test Cases for 
+//	Mono.Security.X509.Extensions.ExtendedKeyUsageExtension
+//
+// Authors:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+
+using System;
+using System.IO;
+
+using Mono.Security;
+using Mono.Security.X509;
+using Mono.Security.X509.Extensions;
+
+using NUnit.Framework;
+
+namespace MonoTests.Mono.Security.X509.Extensions {
+
+	[TestFixture]
+	public class ExtendedKeyUsageExtensionTest {
+
+		static string[] CommonKeyPurposes = {
+			// serverAuth
+			"1.3.6.1.5.5.7.3.1",
+			// clientAuth
+			"1.3.6.1.5.5.7.3.2",
+			// codeSigning
+			"1.3.6.1.5.5.7.3.3",
+			// emailProtection
+			"1.3.6.1.5.5.7.3.4",
+			// timeStamping
+			"1.3.6.1.5.5.7.3.8",
+			// OCSPSigning
+			"1.3.6.1.5.5.7.3.9"
+		};
+
+		private void Empty (ExtendedKeyUsageExtension eku)
+		{
+			Assert.IsFalse (eku.Critical, "Critical");
+			Assert.AreEqual ("2.5.29.37", eku.Oid, "Oid");
+			Assert.IsNotNull (eku.Name, "Name");
+			Assert.IsFalse (eku.Name == eku.Oid, "Name!=Oid");
+			Assert.AreEqual (0, eku.KeyPurpose.Count, "KeyPurpose");
+		}
+
+		[Test]
+		public void Constructor_Empty ()
+		{
+			ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension ();
+			Empty (eku);
+		}
+
+		[Test]
+		public void Constructor_Extension ()
+		{
+			ExtendedKeyUsageExtension ext = new ExtendedKeyUsageExtension ();
+			ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension (ext);
+			Empty (eku);
+		}
+
+		[Test]
+		public void Constructor_ASN1 ()
+		{
+			ExtendedKeyUsageExtension ext = new ExtendedKeyUsageExtension ();
+			ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension (ext.ASN1);
+			Empty (eku);
+		}
+
+		[Test]
+		public void KeyPurpose_NotCritical ()
+		{
+			ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension ();
+			foreach (string oid in CommonKeyPurposes) {
+				eku.KeyPurpose.Clear ();
+				eku.KeyPurpose.Add (oid);
+				Assert.AreEqual ("30-13-06-03-55-1D-25-04-0C-30-0A-06-08-2B-06-01-05-05-07-03-0" 
+					+ oid [oid.Length - 1].ToString (), BitConverter.ToString (eku.GetBytes ()), oid);
+			}
+		}
+
+		[Test]
+		public void KeyPurpose_Critical ()
+		{
+			ExtendedKeyUsageExtension eku = new ExtendedKeyUsageExtension ();
+			eku.Critical = true;
+			foreach (string oid in CommonKeyPurposes) {
+				eku.KeyPurpose.Clear ();
+				eku.KeyPurpose.Add (oid);
+				Assert.AreEqual ("30-16-06-03-55-1D-25-01-01-FF-04-0C-30-0A-06-08-2B-06-01-05-05-07-03-0" 
+					+ oid[oid.Length - 1].ToString (), BitConverter.ToString (eku.GetBytes ()), oid);
+			}
+		}
+	}
+}

mcs/class/Mono.Security/Test/Mono.Security.X509.Extensions/KeyUsageExtensionTest.cs

@@ -0,0 +1,119 @@
+//
+// KeyUsageExtensionTest.cs - NUnit Test Cases for 
+//	Mono.Security.X509.Extensions.KeyUsageExtension
+//
+// Authors:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+
+using System;
+using System.IO;
+
+using Mono.Security;
+using Mono.Security.X509;
+using Mono.Security.X509.Extensions;
+
+using NUnit.Framework;
+
+namespace MonoTests.Mono.Security.X509.Extensions {
+
+	[TestFixture]
+	public class KeyUsageExtensionTest {
+
+		private void Empty (KeyUsageExtension kue)
+		{
+			Assert.IsFalse (kue.Critical, "Critical");
+			Assert.AreEqual ("2.5.29.15", kue.Oid, "Oid");
+			Assert.IsNotNull (kue.Name, "Name");
+			Assert.IsFalse (kue.Name == kue.Oid, "Name!=Oid");
+			Assert.AreEqual (KeyUsages.none, kue.KeyUsage, "KeyUsage");
+			Assert.IsTrue (kue.Support (KeyUsages.none), "Support(none)");
+			Assert.IsFalse (kue.Support (KeyUsages.digitalSignature), "Support(digitalSignature)");
+			Assert.IsFalse (kue.Support (KeyUsages.decipherOnly), "Support(decipherOnly)");
+		}
+
+		[Test]
+		public void Constructor_Empty ()
+		{
+			KeyUsageExtension kue = new KeyUsageExtension ();
+			Empty (kue);
+		}
+
+		[Test]
+		public void Constructor_Extension ()
+		{
+			KeyUsageExtension ext = new KeyUsageExtension ();
+			KeyUsageExtension kue = new KeyUsageExtension (ext);
+			Empty (kue);
+		}
+
+		[Test]
+		public void Constructor_ASN1 ()
+		{
+			KeyUsageExtension ext = new KeyUsageExtension ();
+			KeyUsageExtension kue = new KeyUsageExtension (ext.ASN1);
+			Empty (kue);
+		}
+
+		[Test]
+		public void KeyUsage ()
+		{
+			KeyUsageExtension kue = new KeyUsageExtension ();
+			foreach (KeyUsages ku in Enum.GetValues (typeof (KeyUsages))) {
+				kue.KeyUsage = ku;
+				byte[] rawext = kue.GetBytes ();
+				int length = 13;
+				if ((int) ku > Byte.MaxValue) {
+					length++;
+					Assert.AreEqual ((byte) ku, rawext[rawext.Length - 2], ku.ToString () + ".Value2");
+					Assert.AreEqual ((byte) ((int) ku >> 8), rawext[rawext.Length - 1], ku.ToString () + ".Value1");
+				} else {
+					Assert.AreEqual ((byte) ku, rawext[rawext.Length - 1], ku.ToString () + ".Value");
+				}
+				Assert.AreEqual (length, rawext.Length, ku.ToString () + ".Length");
+			}
+		}
+
+		[Test]
+		public void KeyUsage_MaxValue ()
+		{
+			KeyUsageExtension kue = new KeyUsageExtension ();
+			kue.KeyUsage = (KeyUsages) Int32.MaxValue;
+			Assert.IsTrue (kue.Support (KeyUsages.none), "Support(none)");
+			Assert.IsTrue (kue.Support (KeyUsages.digitalSignature), "Support(digitalSignature)");
+			Assert.IsTrue (kue.Support (KeyUsages.nonRepudiation), "Support(nonRepudiation)");
+			Assert.IsTrue (kue.Support (KeyUsages.keyEncipherment), "Support(keyEncipherment)");
+			Assert.IsTrue (kue.Support (KeyUsages.dataEncipherment), "Support(dataEncipherment)");
+			Assert.IsTrue (kue.Support (KeyUsages.keyAgreement), "Support(keyAgreement)");
+			Assert.IsTrue (kue.Support (KeyUsages.keyCertSign), "Support(keyCertSign)");
+			Assert.IsTrue (kue.Support (KeyUsages.cRLSign), "Support(cRLSign)");
+			Assert.IsTrue (kue.Support (KeyUsages.encipherOnly), "Support(encipherOnly)");
+			Assert.IsTrue (kue.Support (KeyUsages.decipherOnly), "Support(decipherOnly)");
+		}
+
+		[Test]
+		public void Critical ()
+		{
+			KeyUsageExtension kue = new KeyUsageExtension ();
+			kue.Critical = true;
+			foreach (KeyUsages ku in Enum.GetValues (typeof (KeyUsages))) {
+				kue.KeyUsage = ku;
+				byte[] rawext = kue.GetBytes ();
+				int length = 16;
+				if ((int) ku > Byte.MaxValue) {
+					length++;
+					Assert.AreEqual ((byte) ku, rawext[rawext.Length - 2], ku.ToString () + ".Value2");
+					Assert.AreEqual ((byte) ((int)ku >> 8), rawext[rawext.Length - 1], ku.ToString () + ".Value1");
+				} else {
+					Assert.AreEqual ((byte) ku, rawext[rawext.Length - 1], ku.ToString () + ".Value");
+				}
+				Assert.AreEqual (length, rawext.Length, ku.ToString () + ".Length");
+				Assert.AreEqual (1, rawext[7], ku.ToString () + ".Critical.Tag");
+				Assert.AreEqual (1, rawext[8], ku.ToString () + ".Critical.Length");
+				Assert.AreEqual (255, rawext[9], ku.ToString () + ".Critical.Value");
+			}
+		}
+	}
+}

mcs/class/Mono.Security/Test/Mono.Security.X509.Extensions/SubjectKeyIdentifierExtensionTest.cs

@@ -0,0 +1,122 @@
+//
+// SubjectKeyIdentifierExtensionTest.cs - NUnit Test Cases for 
+//	Mono.Security.X509.Extensions.SubjectKeyIdentifierExtension
+//
+// Authors:
+//	Lex Li  <support@lextm.com>
+//
+// Copyright (C) 2014 Lex Li
+// 
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this
+// software and associated documentation files (the "Software"), to deal in the Software
+// without restriction, including without limitation the rights to use, copy, modify, merge,
+// publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
+// to whom the Software is furnished to do so, subject to the following conditions:
+// 
+// The above copyright notice and this permission notice shall be included in all copies or
+// substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+// INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+// FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+// DEALINGS IN THE SOFTWARE.
+
+using System;
+using Mono.Security.X509.Extensions;
+using NUnit.Framework;
+
+namespace MonoTests.Mono.Security.X509.Extensions
+{
+	[TestFixture]
+	public class SubjectKeyIdentifierExtensionTest
+	{
+		private void Empty (SubjectKeyIdentifierExtension ski)
+		{
+			Assert.IsFalse (ski.Critical, "Critical");
+			Assert.AreEqual ("2.5.29.14", ski.Oid, "Oid");
+			Assert.IsNotNull (ski.Name, "Name");
+			Assert.IsFalse (ski.Name == ski.Oid, "Name!=Oid");
+			Assert.AreEqual (new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			}, ski.Identifier, "Identifier");
+		}
+
+		[Test]
+		public void Constructor_Empty ()
+		{
+			SubjectKeyIdentifierExtension ski = new SubjectKeyIdentifierExtension ();
+			ski.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			Empty (ski);
+		}
+
+		[Test]
+		public void Constructor_Extension ()
+		{
+			SubjectKeyIdentifierExtension ext = new SubjectKeyIdentifierExtension ();
+			ext.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			SubjectKeyIdentifierExtension ski = new SubjectKeyIdentifierExtension (ext);
+			Empty (ski);
+		}
+
+		[Test]
+		public void Constructor_ASN1 ()
+		{
+			SubjectKeyIdentifierExtension ext = new SubjectKeyIdentifierExtension ();
+			ext.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			SubjectKeyIdentifierExtension ski = new SubjectKeyIdentifierExtension (ext.ASN1);
+			Empty (ski);
+		}
+
+		[Test]
+		public void AuthorityKeyIdentifier_Critical ()
+		{
+			SubjectKeyIdentifierExtension ski = new SubjectKeyIdentifierExtension ();
+			ski.Critical = true;
+			ski.Identifier = new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			};
+			Assert.AreEqual ("30-20-06-03-55-1D-0E-01-01-FF-04-16-04-14-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00", BitConverter.ToString (ski.GetBytes ()), "GetBytes");
+
+			SubjectKeyIdentifierExtension ski2 = new SubjectKeyIdentifierExtension (ski.ASN1);
+			Assert.IsTrue (ski2.Critical, "Critical");
+			Assert.AreEqual (new byte[] {
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00,
+				0x00, 0x00, 0x00, 0x00, 0x00
+			}, ski2.Identifier, "Identifier");
+		}
+
+		[Test]
+		[ExpectedException (typeof(InvalidOperationException))]
+		public void EmptyIdentifier ()
+		{
+			SubjectKeyIdentifierExtension ext = new SubjectKeyIdentifierExtension ();
+			SubjectKeyIdentifierExtension ski = new SubjectKeyIdentifierExtension (ext);
+			Empty (ski);
+		}
+	}
+}