mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 3.6.0

Browse Source 
Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
This commit is contained in:
Jo Shields
2014-08-13 10:39:27 +01:00
commit a575963da9
50588 changed files with 8155799 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/ChangeLog Normal file
View File

@@ -0,0 +1,206 @@
2009-06-26 Robert Jordan <robertj@gmx.net>
* X509CertificateCollectionTest.cs,
X509ChainPolicyTest.cs: Upgrade to new NUnit style.
2009-03-26 Sebastien Pouliot <sebastien@ximian.com>
* X509ChainPolicyTest.cs: Add a small sleep between the Reset and
the second VerificationTime check since it would be possible, on
fast hardware, to get the same value (and assert).
2008-01-13 Gert Driesen <drieseng@users.sourceforge.net>
* X509Certificate2Test.cs: Added asserts to ensure NotAfter and
NotBefore are in local time.
* X509ChainPolicyTest.cs: Added assert to ensure VerificationTime is
in local time.
2007-02-12 Sebastien Pouliot <sebastien@ximian.com>
* X509Certificate2Test.cs: Add test case for a certificate using dates
with an UTC offset (e.g. 990630000000+1000).
2006-12-14 Sebastien Pouliot <sebastien@ximian.com>
* X500DistinguishedNameTest.cs: Add test case for Teletext/T61String.
* X509Certificate2Test.cs: Add test case for Teletext/T61String.
2006-12-07 Sebastien Pouliot <sebastien@ximian.com>
* Pkits_4_01_SignatureVerification.cs: New. PKITS based unit tests.
* Pkits_4_02_ValidityPeriod.cs: New. PKITS based unit tests.
* Pkits_4_03_VerifyingNameChaining.cs: New. PKITS based unit tests.
* Pkits_4_04_BasicCertificateRevocationTests.cs: New. PKITS based unit
tests.
* Pkits_4_05_VerifyingPathWithSelfIssuedCertificates.cs: New. PKITS
based unit tests (4 RFC3280 compliant tests are NotWorking in Mono).
* Pkits_4_06_VerifyingBasicConstraints.cs: New. PKITS based unit
tests.
* Pkits_4_07_KeyUsage.cs: New. PKITS based unit tests.
* Pkits_4_08_CertificatePolicies.cs: New. Currently empty (TODO).
* Pkits_4_09_RequireExplicitPolicy.cs: New. Currently empty (TODO).
* Pkits_4_10_PolicyMappings.cs: New. Currently empty (TODO).
* Pkits_4_11_InhibitPolicyMapping.cs: New. Currently empty (TODO).
* Pkits_4_12_InhibitAnyPolicy.cs: New. Currently empty (TODO).
* Pkits_4_13_NameConstraints.cs: New. Currently empty (TODO).
* Pkits_4_14_DistributionPoints.cs: New. Currently empty (TODO).
* Pkits_4_15_DeltaCRL.cs: New. Currently empty (TODO).
* Pkits_4_16_PrivateCertificateExtensions.cs: New. PKITS based unit
tests.
* PkitsTest.cs: Common shared code for PKITS test cases.
* X500DistinguishedNameTest.cs: Add test cases for RFC3280 mandatory
and optional attribute types.
* X509Certificate2Test.cs: Change test data to public. Adjust some
test cases not to fail if PKITS data is available.
* X509ChainTest.cs: Update test cases to use CheckChainStatus and not
depend on the order of error flags.
2006-11-24 Sebastien Pouliot <sebastien@ximian.com>
* X509ChainPolicyTest.cs: Added test cases for setting invalid enum
values to property. Added test case for VerificationTime. Added Reset
test cases on collection classes (new one are created, we can't reuse
them).
* X509ChainTest.cs: Added test cases for an untrusted root certificate
and a certificate that doesn't chain back to a known CA. Added test
case for CryptoConfig.
2006-11-22 Sebastien Pouliot <sebastien@ximian.com>
* X509StoreTest.cs: Add test cases for every method/properties.
2006-11-17 Sebastien Pouliot <sebastien@ximian.com>
* X509Certificate2CollectionTest.cs: New. Unit tests for
X509Certificate2Collection.
* X509Certificate2Test.cs: Changed cert_8 to public so it can be
reused in other tests. Added test case for GetNameInfo with SimpleName
* X509ExtensionCollectionTest.cs: New. Unit tests for
X509ExtensionCollection.
* X509SubjectKeyIdentifierExtensionTest.cs: Added test cases for ctors
accepting PublicKey instances.
2006-11-13 Sebastien Pouliot <sebastien@ximian.com>
* X509Certificate2Test.cs: Add property tests when using an "empty"
certificate. Add tests for GetNameInfo in all test cases. Add base64
certificate decoding tests. Add Pkcs7 import tests.
2006-11-08 Sebastien Pouliot <sebastien@ximian.com>
* X500DistinguishedNameTest.cs: Removed all NotWorking tags. Added
more Decode test cases.
* X509BasicConstraintsExtensionTest.cs: Added test case where the
extension is created using CryptoConfig.
* X509Certificate2Test.cs: Added test cases for GetCertContentType,
DER encoded certificates, PKCS#12 certificates and removed all
NotWorking tags.
* X509EnhancedKeyUsageExtensionTest.cs: Added test case where the
extension is created using CryptoConfig.
* X509KeyUsageExtensionTest.cs: Added test case where the extension is
created using CryptoConfig.
* X509SubjectKeyIdentifierExtensionTest.cs: Added test case where the
extension is created using CryptoConfig.
2006-09-12 Sebastien Pouliot <sebastien@ximian.com>
* PublicKeyTest.cs: Add a test case where the key comes from a PKCS#12
file, i.e. where a private key is also present. PublicKey.Key never
returns the private part of the key. Fix bug #79375. Added similar
checks to existing test cases (where a Key is returned).
2006-09-11 Atsushi Enomoto <atsushi@ximian.com>
* X509Certificate2Test.cs : added test for PrivateKey and
HasPrivateKey for non-private-inclusive certificate.
2006-08-08 Sebastien Pouliot <sebastien@ximian.com>
* X509Certificate2Test.cs: Activate test cases blocked by bug #79028.
2006-08-07 Gert Driesen <drieseng@users.sourceforge.net>
* X509Certificate2Test.cs: Removed separate test for bug #78986, as it
was blocked by bug #79028. Added tests for bug #79028. Modified
code to match Mono Coding Guideliness.
2006-08-07 Gert Driesen <drieseng@users.sourceforge.net>
* X509Certificate2Test.cs: Added test for bug #78986.
2006-04-25 Atsushi Enomoto <atsushi@ximian.com>
* X509EnhancedKeyUsageExtensionTest.cs,
X509BasicConstraintsExtensionTest.cs,
X509SubjectKeyIdentifierExtensionTest.cs,
X509KeyUsageExtensionTest.cs,
X509ExtensionTest.cs : commented locale-dependent tests
(FriendlyName and Format(bool)) out.
2005-11-24 Sebastien Pouliot <sebastien@ximian.com>
* X500DistinguishedNameCas.cs: New. CAS tests (some are disabled).
* X500DistinguishedNameTest.cs: New. Unit tests (some are disabled).
* X509BasicConstraintsExtensionCas.cs: New (2.0). CAS tests.
* X509CertificateCollectionCas.cs: New (2.0). CAS tests.
* X509ChainCas.cs: New (2.0). CAS tests.
* X509ChainPolicyCas.cs: New (2.0). CAS tests.
* X509EnhancedKeyUsageExtensionCas.cs: New (2.0). CAS tests.
* X509ExtensionCas.cs: New (2.0). CAS tests.
* X509KeyUsageExtensionCas.cs: New (2.0). CAS tests.
* X509KeyUsageExtensionTest.cs: Updated test case where MS 2.0 beta
bug was fixed.
* X509StoreCas.cs: New (2.0). CAS tests.
* X509SubjectKeyIdentifierExtensionCas.cs: New (2.0). CAS tests.
2005-11-22 Sebastien Pouliot <sebastien@ximian.com>
* PublicKeyCas.cs: New (2.0). CAS tests.
* PublicKeyTest.cs: New (2.0). Unit tests.
2005-09-26 Sebastien Pouliot <sebastien@ximian.com>
* Most tests moved from System.Security.dll assembly.
2005-04-27 Sebastien Pouliot <sebastien@ximian.com>
* X509CertificateCollectionTest.cs: Re-enable the tests as they now
works on 2.0 beta2 exactly like under Mono.
2005-04-23 Sebastien Pouliot <sebastien@ximian.com>
* X509BasicConstraintsExtensionTest.cs, X509ChainPolicyTest.cs,
X509EnhancedKeyUsageExtensionTest.cs, X509ExtensionTest.cs,
X509KeyUsageExtensionTest.cs, X509StoreTest.cs,
X509SubjectKeyIdentifierExtensionTest.cs: Changed X509CertificateEx to
X509Certificate2 and re-activated some tests on Windows that were
fixed in beta2.
2005-02-02 Zoltan Varga <vargaz@freemail.hu>
* X509CertificateCollectionTest.cs: Disable some tests which fail
on 2.0.
2005-01-17 Sebastien Pouliot <sebastien@ximian.com>
* X509BasicConstraintsExtensionTest.cs: New. Unit tests.
* X509EnhancedKeyUsageExtensionTest.cs: New. Unit tests.
* X509ExtensionTest.cs: New. Unit tests.
* X509KeyUsageExtensionTest.cs: New. Unit tests.
* X509SubjectKeyIdentifierExtensionTest.cs: New. Unit tests.
2004-06-05 Sebastien Pouliot <sebastien@ximian.com>
* X509CertificateCollectionTest.cs: New. Unit tests for
X509CertificateCollection.
2003-11-08 Sebastien Pouliot <spouliot@videotron.ca>
* X509ChainElementCollectionTest.cs: New. Unit tests for
X509ChainElementCollection.
* X509ChainElementEnumeratorTest.cs: New. Unit tests for
X509ChainElementEnumerator.
* X509ChainPolicyTest.cs: New. Unit tests for X509ChainPolicy.
* X509ChainTest.cs: New. (Incomplete) Unit tests for X509Chain.
* X509StoreTest.cs: New. (Incomplete) Unit tests for X509Store.

117
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/PkitsTest.cs Normal file
View File

@@ -0,0 +1,117 @@
//
// PkitsTest.cs - NUnit tests for
// NIST Public Key Interoperability Test Suite (PKITS)
// Certificate Path Validation, Version 1.0, September 2, 2004
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Collections;
using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* PKITS home page
* http://csrs.nist.gov/pki/testing/x509paths.html
*
* Documentation is available at
* http://csrc.nist.gov/pki/testing/PKITS.pdf
*
* Test data is available at
* http://csrc.nist.gov/pki/testing/PKITS_data.zip
*
* License information are available at
* http://cio.nist.gov/esd/emaildir/lists/pkits/msg00048.html
*/
[Category ("PKITS")]
public class PkitsTest {
private string base_dir;
private Hashtable cache;
[TestFixtureSetUp]
public void FixtureSetUp ()
{
base_dir = String.Format ("{0}{1}Test{1}System.Security.Cryptography.X509Certificates{1}pkits{1}certs",
Directory.GetCurrentDirectory (), Path.DirectorySeparatorChar);
if (!Directory.Exists (base_dir))
Assert.Ignore ("PKITS tests data not found under '{0}'.", new object[] { base_dir });
cache = new Hashtable ();
// prepare the environment
}
[TestFixtureTearDown]
public void FixtureTearDown ()
{
cache.Clear ();
// clean-up, as best as possible, the stores
}
public X509Certificate2 GetCertificate (string filename)
{
X509Certificate2 result = (cache[filename] as X509Certificate2);
if (result == null) {
string full_path = Path.Combine (base_dir, filename);
result = new X509Certificate2 (full_path);
cache[filename] = result;
}
return result;
}
public X509Certificate2 TrustAnchorRoot {
get { return GetCertificate ("TrustAnchorRootCertificate.crt"); }
}
public X509Certificate2 GoodCACert {
get { return GetCertificate ("GoodCACert.crt"); }
}
// this method avoid having a dependance on the order of status
public void CheckChainStatus (X509ChainStatusFlags expected, X509ChainStatus[] status, string msg)
{
if ((expected == X509ChainStatusFlags.NoError) && (status.Length == 0))
return;
X509ChainStatusFlags actual = X509ChainStatusFlags.NoError;
foreach (X509ChainStatus s in status) {
actual |= s.Status;
}
Assert.AreEqual (expected, actual, msg);
}
}
}
#endif

157
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_01_SignatureVerification.cs Normal file
View File

@@ -0,0 +1,157 @@
//
// Pkits_4_01_SignatureVerification.cs -
// NUnit tests for Pkits 4.1 : Signature Verification
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* Notes:
*
* [MS/XP] Everything looks to be RFC3280 compliant.
*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_01_SignatureVerification: PkitsTest {
public X509Certificate2 BadSignedCACert {
get { return GetCertificate ("BadSignedCACert.crt"); }
}
public X509Certificate2 DSACACert {
get { return GetCertificate ("DSACACert.crt"); }
}
public X509Certificate2 DSAParametersInheritedCACert {
get { return GetCertificate ("DSAParametersInheritedCACert.crt"); }
}
[Test]
public void T1_ValidSignature ()
{
X509Certificate2 ee = GetCertificate ("ValidCertificatePathTest1EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T2_InvalidCASignature ()
{
X509Certificate2 ee = GetCertificate ("InvalidCASignatureTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BadSignedCACert, chain.ChainElements[1].Certificate, "BadSignedCACert");
CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[1].ChainElementStatus, "BadSignedCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T3_InvalidEESignature ()
{
X509Certificate2 ee = GetCertificate ("InvalidEESignatureTest3EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T4_ValidDSASignatures ()
{
X509Certificate2 ee = GetCertificate ("ValidDSASignaturesTest4EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
Assert.AreEqual (0, chain.ChainStatus.Length, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T5_ValidDSAParameterInheritance ()
{
X509Certificate2 ee = GetCertificate ("ValidDSAParameterInheritanceTest5EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (DSAParametersInheritedCACert, chain.ChainElements[1].Certificate, "DSAParametersInheritedCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSAParametersInheritedCACert.Status");
Assert.AreEqual (DSACACert, chain.ChainElements[2].Certificate, "DSACACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "DSACACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T6_InvalidDSASignatures ()
{
X509Certificate2 ee = GetCertificate ("InvalidDSASignatureTest6EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

181
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_02_ValidityPeriod.cs Normal file
View File

@@ -0,0 +1,181 @@
//
// Pkits_4_02_ValidityPeriod.cs -
// NUnit tests for Pkits 4.2 : Validity Period
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* Notes:
*
* [MS/XP] Everything looks to be RFC3280 compliant.
*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_02_ValidityPeriod: PkitsTest {
public X509Certificate2 BadnotBeforeDateCACert {
get { return GetCertificate ("BadnotBeforeDateCACert.crt"); }
}
public X509Certificate2 BadnotAfterDateCACert {
get { return GetCertificate ("BadnotAfterDateCACert.crt"); }
}
[Test]
public void T1_InvalidCAnotBeforeDate ()
{
X509Certificate2 ee = GetCertificate ("InvalidCAnotBeforeDateTest1EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BadnotBeforeDateCACert, chain.ChainElements[1].Certificate, "BadnotBeforeDateCACert");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[1].ChainElementStatus, "BadnotBeforeDateCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T2_InvalidEEnotBeforeDate ()
{
X509Certificate2 ee = GetCertificate ("InvalidEEnotBeforeDateTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T3_ValidPre2000UTCnotBeforeDate ()
{
X509Certificate2 ee = GetCertificate ("Validpre2000UTCnotBeforeDateTest3EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T4_ValidGeneralizedTimeNotBeforeDate ()
{
X509Certificate2 ee = GetCertificate ("ValidGeneralizedTimenotBeforeDateTest4EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T5_InvalidCAnotAfterDate ()
{
X509Certificate2 ee = GetCertificate ("InvalidCAnotAfterDateTest5EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BadnotAfterDateCACert, chain.ChainElements[1].Certificate, "BadnotAfterDateCACert");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[1].ChainElementStatus, "BadnotAfterDateCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T6_InvalidEEnotAfterDate ()
{
X509Certificate2 ee = GetCertificate ("InvalidEEnotAfterDateTest6EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T7_InvalidPre2000UTCnotAfterDate ()
{
X509Certificate2 ee = GetCertificate ("Invalidpre2000UTCEEnotAfterDateTest7EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T8_ValidGeneralizedTimeNotAfterDate ()
{
X509Certificate2 ee = GetCertificate ("ValidGeneralizedTimenotAfterDateTest8EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

424
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_03_VerifyingNameChaining.cs Normal file
View File

@@ -0,0 +1,424 @@
//
// Pkits_4_03_VerifyingNameChaining.cs -
// NUnit tests for Pkits 4.3 : Verifying Name Chaining
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* Notes:
*
* [MS/XP][!RFC3280] It doesn't looks like any checks is done between the
* EE issuer and CA subject names.
*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_03_VerifyingNameChaining: PkitsTest {
public X509Certificate2 NameOrderingCACert {
get { return GetCertificate ("NameOrderingCACert.crt"); }
}
public X509Certificate2 UIDCACert {
get { return GetCertificate ("UIDCACert.crt"); }
}
public X509Certificate2 RFC3280MandatoryAttributeTypesCACert {
get { return GetCertificate ("RFC3280MandatoryAttributeTypesCACert.crt"); }
}
public X509Certificate2 RFC3280OptionalAttributeTypesCACert {
get { return GetCertificate ("RFC3280OptionalAttributeTypesCACert.crt"); }
}
public X509Certificate2 UTF8StringEncodedNamesCACert {
get { return GetCertificate ("UTF8StringEncodedNamesCACert.crt"); }
}
public X509Certificate2 RolloverfromPrintableStringtoUTF8StringCACert {
get { return GetCertificate ("RolloverfromPrintableStringtoUTF8StringCACert.crt"); }
}
public X509Certificate2 UTF8StringCaseInsensitiveMatchCACert {
get { return GetCertificate ("UTF8StringCaseInsensitiveMatchCACert.crt"); }
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T01_InvalidNameChainingEE ()
{
X509Certificate2 ee = GetCertificate ("InvalidNameChainingTest1EE.crt");
X509Chain chain = new X509Chain ();
// INFO: different ee.issuer/ca.subject names
// ee.IssuerName.Name "CN=Good CA Root, O=Test Certificates, C=US"
// GoodCACert.SubjectName.Name "CN=Good CA, O=Test Certificates, C=US"
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.InvalidNameConstraints, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.InvalidNameConstraints, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T01_InvalidNameChainingEE_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidNameChainingTest1EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is NOT valid wrt RFC3280
// I don't like this result. MS builds the chain (using AKI/SKI) then can't find
// the CRL (based on the wrong CA name?) which isn't what the test looks for.
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
// Here's a proof of this, disabling the revocation check for the end-entity results in
// a success
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
Assert.IsTrue (chain.Build (ee), "Build-Bug");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T02_InvalidNameChainingOrder ()
{
X509Certificate2 ee = GetCertificate ("InvalidNameChainingOrderTest2EE.crt");
X509Chain chain = new X509Chain ();
// INFO: different (order) ee.issuer/ca.subject names
// ee.Issuer "CN=Name Ordering CA, OU=Organizational Unit Name 1, OU=Organizational Unit Name 2, O=Test Certificates, C=US"
// NameOrderingCACert.Subject "CN=Name Ordering CA, OU=Organizational Unit Name 2, OU=Organizational Unit Name 1, O=Test Certificates, C=US"
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.InvalidNameConstraints, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.InvalidNameConstraints, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (NameOrderingCACert, chain.ChainElements[1].Certificate, "NameOrderingCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "NameOrderingCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T02_InvalidNameChainingOrder_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidNameChainingOrderTest2EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is NOT valid wrt RFC3280
// I don't like this result. MS builds the chain (using AKI/SKI) then can't find
// the CRL (based on the wrong CA name?) which isn't what the test looks for.
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (NameOrderingCACert, chain.ChainElements[1].Certificate, "NameOrderingCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "NameOrderingCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
// Here's a proof of this, disabling the revocation check for the end-entity results in
// a success
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
Assert.IsTrue (chain.Build (ee), "Build-Bug");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T03_ValidNameChainingWhitespace ()
{
X509Certificate2 ee = GetCertificate ("ValidNameChainingWhitespaceTest3EE.crt");
X509Chain chain = new X509Chain ();
// INFO: different (spaces) ee.issuer/ca.subject names
// ee.Issuer "CN=Good CA, O=Test Certificates, C=US"
// GoodCACert.Subject "CN=Good CA, O=Test Certificates, C=US"
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T03_ValidNameChainingWhitespace_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidNameChainingWhitespaceTest3EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
// MS doesn't support internal whitespace compression. It seems MS builds the chain
// (using AKI/SKI) then can't find the CRL (which isn't what the test looks for).
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
// Here's a proof of this, disabling the revocation check for the end-entity results in
// a success
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
Assert.IsTrue (chain.Build (ee), "Build-Bug");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T04_ValidNameChainingWhitespace ()
{
X509Certificate2 ee = GetCertificate ("ValidNameChainingWhitespaceTest4EE.crt");
X509Chain chain = new X509Chain ();
// INFO: different (spaces) ee.issuer/ca.subject names
// ee.Issuer "CN=\" Good CA\", O=\"Test Certificates \", C=US"
// GoodCACert.Subject "CN=Good CA, O=Test Certificates, C=US"
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T04_ValidNameChainingWhitespace_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidNameChainingWhitespaceTest4EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
// MS doesn't support internal whitespace compression. It seems MS builds the chain
// (using AKI/SKI) then can't find the CRL (which isn't what the test looks for).
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
// Here's a proof of this, disabling the revocation check for the end-entity results in
// a success
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
Assert.IsTrue (chain.Build (ee), "Build-Bug");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T05_ValidNameChainingCapitalization ()
{
X509Certificate2 ee = GetCertificate ("ValidNameChainingCapitalizationTest5EE.crt");
X509Chain chain = new X509Chain ();
// INFO: different (capitalization) ee.issuer/ca.subject names
// ee.Issuer "CN=GOOD CA, O=Test Certificates, C=US"
// GoodCACert.Subject "CN=Good CA, O=Test Certificates, C=US"
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T05_ValidNameChainingCapitalization_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidNameChainingCapitalizationTest5EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
// NOTE: X509FindType.FindBySubjectDistinguishedName deals (correctly) with capitalization
// issues. However it seems MS can't find the CRL based on the name with a different
// capitalization so FALSE is returned
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
// Here's a proof of this, disabling the revocation check for the end-entity results in
// a success
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
Assert.IsTrue (chain.Build (ee), "Build-Bug");
}
[Test]
public void T06_ValidNameChainingUIDs ()
{
X509Certificate2 ee = GetCertificate ("ValidNameUIDsTest6EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UIDCACert, chain.ChainElements[1].Certificate, "UIDCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UIDCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T07_ValidRFC3280MandatoryAttributeTypes ()
{
X509Certificate2 ee = GetCertificate ("ValidRFC3280MandatoryAttributeTypesTest7EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (RFC3280MandatoryAttributeTypesCACert, chain.ChainElements[1].Certificate, "RFC3280MandatoryAttributeTypesCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "RFC3280MandatoryAttributeTypesCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T08_ValidRFC3280OptionalAttributeTypes ()
{
X509Certificate2 ee = GetCertificate ("ValidRFC3280OptionalAttributeTypesTest8EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (RFC3280OptionalAttributeTypesCACert, chain.ChainElements[1].Certificate, "RFC3280OptionalAttributeTypesCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "RFC3280OptionalAttributeTypesCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T09_ValidUTF8StringEncodedNames ()
{
X509Certificate2 ee = GetCertificate ("ValidUTF8StringEncodedNamesTest9EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UTF8StringEncodedNamesCACert, chain.ChainElements[1].Certificate, "UTF8StringEncodedNamesCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UTF8StringEncodedNamesCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T10_ValidRolloverFromPrintableStringToUTF8String ()
{
X509Certificate2 ee = GetCertificate ("ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (RolloverfromPrintableStringtoUTF8StringCACert, chain.ChainElements[1].Certificate, "RolloverfromPrintableStringtoUTF8StringCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "RolloverfromPrintableStringtoUTF8StringCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T11_ValidUTF8StringCaseInsensitiveMatch ()
{
X509Certificate2 ee = GetCertificate ("ValidUTF8StringCaseInsensitiveMatchTest11EE.crt");
X509Chain chain = new X509Chain ();
// INFO: different ee.issuer/ca.subject names (spaces & cases)
// ee.Issuer "CN=utf8string case insensitive match CA, O=\" test certificates \", C=US"
// UTF8StringCaseInsensitiveMatchCACert.Subject "CN=UTF8String Case Insensitive Match CA, O=Test Certificates, C=US"
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UTF8StringCaseInsensitiveMatchCACert, chain.ChainElements[1].Certificate, "UTF8StringCaseInsensitiveMatchCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UTF8StringCaseInsensitiveMatchCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T11_ValidUTF8StringCaseInsensitiveMatch_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidUTF8StringCaseInsensitiveMatchTest11EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UTF8StringCaseInsensitiveMatchCACert, chain.ChainElements[1].Certificate, "UTF8StringCaseInsensitiveMatchCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UTF8StringCaseInsensitiveMatchCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

460
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_04_BasicCertificateRevocationTests.cs Normal file
View File

@@ -0,0 +1,460 @@
//
// Pkits_4_04_BasicCertificateRevocationTests.cs -
// NUnit tests for Pkits 4.4 : Basic Certificate Revocation Tests
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* Notes
*
* [MS/XP][!RFC3280] Unknown critical extensions results in
* RevocationStatusUnknown instead of Revoked - even if the CRL
* list the certificate serial number as revoked!
*
* [MS/XP][!RFC3280] Doesn't support having different keys for
* signing certificates and CRL.
*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_04_BasicCertificateRevocationTests: PkitsTest {
public X509Certificate2 NoCRLCACert {
get { return GetCertificate ("NoCRLCACert.crt"); }
}
public X509Certificate2 RevokedsubCACert {
get { return GetCertificate ("RevokedsubCACert.crt"); }
}
public X509Certificate2 BadCRLSignatureCACert {
get { return GetCertificate ("BadCRLSignatureCACert.crt"); }
}
public X509Certificate2 BadCRLIssuerNameCACert {
get { return GetCertificate ("BadCRLIssuerNameCACert.crt"); }
}
public X509Certificate2 WrongCRLCACert {
get { return GetCertificate ("WrongCRLCACert.crt"); }
}
public X509Certificate2 TwoCRLsCACert {
get { return GetCertificate ("TwoCRLsCACert.crt"); }
}
public X509Certificate2 UnknownCRLEntryExtensionCACert {
get { return GetCertificate ("UnknownCRLEntryExtensionCACert.crt"); }
}
public X509Certificate2 UnknownCRLExtensionCACert {
get { return GetCertificate ("UnknownCRLExtensionCACert.crt"); }
}
public X509Certificate2 OldCRLnextUpdateCACert {
get { return GetCertificate ("OldCRLnextUpdateCACert.crt"); }
}
public X509Certificate2 Pre2000CRLnextUpdateCACert {
get { return GetCertificate ("pre2000CRLnextUpdateCACert.crt"); }
}
public X509Certificate2 GeneralizedTimeCRLnextUpdateCACert {
get { return GetCertificate ("GeneralizedTimeCRLnextUpdateCACert.crt"); }
}
public X509Certificate2 NegativeSerialNumberCACert {
get { return GetCertificate ("NegativeSerialNumberCACert.crt"); }
}
public X509Certificate2 LongSerialNumberCACert {
get { return GetCertificate ("LongSerialNumberCACert.crt"); }
}
public X509Certificate2 SeparateCertificateandCRLKeysCertificateSigningCACert {
get { return GetCertificate ("SeparateCertificateandCRLKeysCertificateSigningCACert.crt"); }
}
public X509Certificate2 SeparateCertificateandCRLKeysCA2CertificateSigningCACert {
get { return GetCertificate ("SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt"); }
}
[Test]
public void T01_MissingCRL ()
{
X509Certificate2 ee = GetCertificate ("InvalidMissingCRLTest1EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (NoCRLCACert, chain.ChainElements[1].Certificate, "NoCRLCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "NoCRLCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T02_InvalidRevokedCA ()
{
X509Certificate2 ee = GetCertificate ("InvalidRevokedCATest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (RevokedsubCACert, chain.ChainElements[1].Certificate, "RevokedsubCACert");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[1].ChainElementStatus, "RevokedsubCACert.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[2].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T03_InvalidRevokedEE ()
{
X509Certificate2 ee = GetCertificate ("InvalidRevokedEETest3EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T04_InvalidBadCrlSignature ()
{
X509Certificate2 ee = GetCertificate ("InvalidBadCRLSignatureTest4EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BadCRLSignatureCACert, chain.ChainElements[1].Certificate, "BadCRLSignatureCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BadCRLSignatureCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T05_InvalidBadCrlIssuerName ()
{
X509Certificate2 ee = GetCertificate ("InvalidBadCRLIssuerNameTest5EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BadCRLIssuerNameCACert, chain.ChainElements[1].Certificate, "BadCRLIssuerNameCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BadCRLIssuerNameCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T06_InvalidWrongCrl ()
{
X509Certificate2 ee = GetCertificate ("InvalidWrongCRLTest6EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (WrongCRLCACert, chain.ChainElements[1].Certificate, "WrongCRLCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "WrongCRLCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T07_ValidTwoCrls ()
{
X509Certificate2 ee = GetCertificate ("ValidTwoCRLsTest7EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (TwoCRLsCACert, chain.ChainElements[1].Certificate, "TwoCRLsCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "TwoCRLsCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T08_InvalidUnknownCrlEntryExtension ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCRLEntryExtensionTest8EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UnknownCRLEntryExtensionCACert, chain.ChainElements[1].Certificate, "UnknownCRLEntryExtensionCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UnknownCRLEntryExtensionCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T09_InvalidUnknownCrlExtension ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCRLExtensionTest9EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UnknownCRLExtensionCACert, chain.ChainElements[1].Certificate, "UnknownCRLExtensionCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UnknownCRLExtensionCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T09_InvalidUnknownCrlExtension_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCRLExtensionTest9EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
// MS-BAD - the certificate is REVOKED even if we don't completely understand
// the critical extensions included in the certificate
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UnknownCRLExtensionCACert, chain.ChainElements[1].Certificate, "UnknownCRLExtensionCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UnknownCRLExtensionCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T10_InvalidUnknownCrlExtension ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCRLExtensionTest10EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
// X.509.7.3 we should consider the EE as revoked (RevocationStatusUnknown seems fuzzy)
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (UnknownCRLExtensionCACert, chain.ChainElements[1].Certificate, "UnknownCRLExtensionCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "UnknownCRLExtensionCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T11_InvalidOldCrlNextUpdate ()
{
X509Certificate2 ee = GetCertificate ("InvalidOldCRLnextUpdateTest11EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (OldCRLnextUpdateCACert, chain.ChainElements[1].Certificate, "OldCRLnextUpdateCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "OldCRLnextUpdateCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T12_InvalidPre2000CrlNextUpdate ()
{
X509Certificate2 ee = GetCertificate ("Invalidpre2000CRLnextUpdateTest12EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (Pre2000CRLnextUpdateCACert, chain.ChainElements[1].Certificate, "Pre2000CRLnextUpdateCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "Pre2000CRLnextUpdateCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T13_ValidGeneralizedTimeCrlNextUpdate ()
{
X509Certificate2 ee = GetCertificate ("ValidGeneralizedTimeCRLnextUpdateTest13EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (GeneralizedTimeCRLnextUpdateCACert, chain.ChainElements[1].Certificate, "GeneralizedTimeCRLnextUpdateCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GeneralizedTimeCRLnextUpdateCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T14_ValidNegativeSerialNumber ()
{
X509Certificate2 ee = GetCertificate ("ValidNegativeSerialNumberTest14EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (NegativeSerialNumberCACert, chain.ChainElements[1].Certificate, "NegativeSerialNumberCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "NegativeSerialNumberCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T15_InvalidNegativeSerialNumber ()
{
X509Certificate2 ee = GetCertificate ("InvalidNegativeSerialNumberTest15EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (NegativeSerialNumberCACert, chain.ChainElements[1].Certificate, "NegativeSerialNumberCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "NegativeSerialNumberCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T16_ValidLongSerialNumber ()
{
X509Certificate2 ee = GetCertificate ("ValidLongSerialNumberTest16EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (LongSerialNumberCACert, chain.ChainElements[1].Certificate, "LongSerialNumberCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "LongSerialNumberCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T17_ValidLongSerialNumber ()
{
X509Certificate2 ee = GetCertificate ("ValidLongSerialNumberTest17EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (LongSerialNumberCACert, chain.ChainElements[1].Certificate, "LongSerialNumberCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "LongSerialNumberCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T18_InvalidLongSerialNumber ()
{
X509Certificate2 ee = GetCertificate ("InvalidLongSerialNumberTest18EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (LongSerialNumberCACert, chain.ChainElements[1].Certificate, "LongSerialNumberCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "LongSerialNumberCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T19_ValidSeparateCertificateAndCrlKeys ()
{
X509Certificate2 ee = GetCertificate ("ValidSeparateCertificateandCRLKeysTest19EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD - doesn't support different keys for signing certificates and CRL
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (SeparateCertificateandCRLKeysCertificateSigningCACert, chain.ChainElements[1].Certificate, "SeparateCertificateandCRLKeysCertificateSigningCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "SeparateCertificateandCRLKeysCertificateSigningCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T20_InvalidSeparateCertificateAndCrlKeys ()
{
X509Certificate2 ee = GetCertificate ("InvalidSeparateCertificateandCRLKeysTest20EE.crt");
X509Chain chain = new X509Chain ();
// looks ok but in fact it's confused
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (SeparateCertificateandCRLKeysCertificateSigningCACert, chain.ChainElements[1].Certificate, "SeparateCertificateandCRLKeysCertificateSigningCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "SeparateCertificateandCRLKeysCertificateSigningCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T21_InvalidSeparateCertificateAndCrlKeys ()
{
X509Certificate2 ee = GetCertificate ("InvalidSeparateCertificateandCRLKeysTest21EE.crt");
X509Chain chain = new X509Chain ();
// looks ok but in fact it's confused
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (SeparateCertificateandCRLKeysCA2CertificateSigningCACert, chain.ChainElements[1].Certificate, "SeparateCertificateandCRLKeysCA2CertificateSigningCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "SeparateCertificateandCRLKeysCA2CertificateSigningCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

328
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_05_VerifyingPathWithSelfIssuedCertificates.cs Normal file
View File

@@ -0,0 +1,328 @@
//
// Pkits_4_05_VerifyingPathWithSelfIssuedCertificates.cs -
// NUnit tests for Pkits 4.5 : Verifying Path With Self Issued Certificates
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_05_VerifyingPathWithSelfIssuedCertificates: PkitsTest {
// TODO - incomplete
public X509Certificate2 BasicSelfIssuedNewKeyCACert {
get { return GetCertificate ("BasicSelfIssuedNewKeyCACert.crt"); }
}
public X509Certificate2 BasicSelfIssuedNewKeyOldWithNewCACert {
get { return GetCertificate ("BasicSelfIssuedNewKeyOldWithNewCACert.crt"); }
}
public X509Certificate2 BasicSelfIssuedOldKeyCACert {
get { return GetCertificate ("BasicSelfIssuedOldKeyCACert.crt"); }
}
public X509Certificate2 BasicSelfIssuedOldKeyNewWithOldCACert {
get { return GetCertificate ("BasicSelfIssuedOldKeyNewWithOldCACert.crt"); }
}
public X509Certificate2 BasicSelfIssuedCRLSigningKeyCACert {
get { return GetCertificate ("BasicSelfIssuedCRLSigningKeyCACert.crt"); }
}
public X509Certificate2 BasicSelfIssuedCRLSigningKeyCRLCert {
get { return GetCertificate ("BasicSelfIssuedCRLSigningKeyCRLCert.crt"); }
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T1_ValidBasicSelfIssuedOldWithNew ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedOldWithNewTest1EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedNewKeyOldWithNewCACert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedNewKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T1_ValidBasicSelfIssuedOldWithNew_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedOldWithNewTest1EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T2_InvalidBasicSelfIssuedOldWithNew ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedOldWithNewTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
// certificate is revoked
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedNewKeyOldWithNewCACert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedNewKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T2_InvalidBasicSelfIssuedOldWithNew_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedOldWithNewTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
// MS-BAD / this is valid wrt RFC3280
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T3_ValidBasicSelfIssuedNewWithOld ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedNewWithOldTest3EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedOldKeyNewWithOldCACert, chain.ChainElements[1].Certificate, "BasicSelfIssuedOldKeyNewWithOldCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedOldKeyNewWithOldCACert.Status");
Assert.AreEqual (BasicSelfIssuedOldKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedOldKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedOldKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T3_ValidBasicSelfIssuedNewWithOld_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedNewWithOldTest3EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
// MS-BAD / this is valid wrt RFC3280
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
[Category ("NotWorking")] // Mono doesn't support using a different CA to sign CRL
public void T4_ValidBasicSelfIssuedNewWithOld ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedNewWithOldTest4EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedOldKeyNewWithOldCACert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedOldKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T4_ValidBasicSelfIssuedNewWithOld_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedNewWithOldTest4EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
[Category ("NotWorking")] // Mono doesn't support using a different CA to sign CRL
public void T5_InvalidBasicSelfIssuedNewWithOld ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedNewWithOldTest5EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedOldKeyNewWithOldCACert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedOldKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T5_InvalidBasicSelfIssuedNewWithOld_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedNewWithOldTest5EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
// EE certificate has been revoked
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
[Category ("NotWorking")] // Mono doesn't support using a different CA to sign CRL
public void T6_ValidBasicSelfIssuedCRLSigningKey ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedCRLSigningKeyCRLCert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedCRLSigningKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T6_ValidBasicSelfIssuedCRLSigningKey_MS ()
{
X509Certificate2 ee = GetCertificate ("ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
[Category ("NotWorking")] // Mono doesn't support using a different CA to sign CRL
public void T7_InvalidBasicSelfIssuedCRLSigningKey ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.Revoked, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedCRLSigningKeyCRLCert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedCRLSigningKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T7_InvalidBasicSelfIssuedCRLSigningKey_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is valid wrt RFC3280
// EE certificate has been revoked
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// Chain order is bad - it's not worth checking further
}
[Test]
public void T8_InvalidBasicSelfIssuedCRLSigningKey ()
{
X509Certificate2 ee = GetCertificate ("InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotValidForUsage | X509ChainStatusFlags.InvalidBasicConstraints, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// hmmm... NoError ?
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (BasicSelfIssuedCRLSigningKeyCRLCert, chain.ChainElements[1].Certificate, "BasicSelfIssuedNewKeyOldWithNewCACert");
CheckChainStatus (X509ChainStatusFlags.NotValidForUsage | X509ChainStatusFlags.InvalidBasicConstraints, chain.ChainElements[1].ChainElementStatus, "BasicSelfIssuedNewKeyOldWithNewCACert.Status");
Assert.AreEqual (BasicSelfIssuedCRLSigningKeyCACert, chain.ChainElements[2].Certificate, "BasicSelfIssuedNewKeyCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "BasicSelfIssuedNewKeyCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

516
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_06_VerifyingBasicConstraints.cs Normal file
View File

File diff suppressed because it is too large Load Diff

195
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_07_KeyUsage.cs Normal file
View File

@@ -0,0 +1,195 @@
//
// Pkits_4_07_KeyUsage.cs -
// NUnit tests for Pkits 4.7 : Key Usage
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* Notes:
*
* [MS/XP][!RFC3280] keyUsage for cRLsign isn't checked
*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_07_KeyUsage: PkitsTest {
public X509Certificate2 KeyUsageCriticalkeyCertSignFalseCACert {
get { return GetCertificate ("keyUsageCriticalkeyCertSignFalseCACert.crt"); }
}
public X509Certificate2 KeyUsageNotCriticalkeyCertSignFalseCACert {
get { return GetCertificate ("keyUsageNotCriticalkeyCertSignFalseCACert.crt"); }
}
public X509Certificate2 KeyUsageNotCriticalCACert {
get { return GetCertificate ("keyUsageNotCriticalCACert.crt"); }
}
public X509Certificate2 KeyUsageCriticalcRLSignFalseCACert {
get { return GetCertificate ("keyUsageCriticalcRLSignFalseCACert.crt"); }
}
public X509Certificate2 KeyUsageNotCriticalcRLSignFalseCACert {
get { return GetCertificate ("keyUsageNotCriticalcRLSignFalseCACert.crt"); }
}
[Test]
public void T1_InvalidKeyUsageCriticalKeyCertSignFalse ()
{
X509Certificate2 ee = GetCertificate ("InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotValidForUsage, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
// INFO: keyUsage only has CrlSign (no KeyCertSign)
// INFO: it's critical too but that doesn't change anything
Assert.AreEqual (KeyUsageCriticalkeyCertSignFalseCACert, chain.ChainElements[1].Certificate, "KeyUsageCriticalkeyCertSignFalseCACert");
CheckChainStatus (X509ChainStatusFlags.NotValidForUsage, chain.ChainElements[1].ChainElementStatus, "KeyUsageCriticalkeyCertSignFalseCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T2_InvalidKeyUsageNotCriticalKeyCertSignFalse ()
{
X509Certificate2 ee = GetCertificate ("InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NotValidForUsage, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
// INFO: keyUsage only has CrlSign (no KeyCertSign)
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (KeyUsageNotCriticalkeyCertSignFalseCACert, chain.ChainElements[1].Certificate, "KeyUsageNotCriticalkeyCertSignFalseCACert");
CheckChainStatus (X509ChainStatusFlags.NotValidForUsage, chain.ChainElements[1].ChainElementStatus, "KeyUsageNotCriticalkeyCertSignFalseCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
public void T3_ValidKeyUsageNotCritical ()
{
X509Certificate2 ee = GetCertificate ("ValidkeyUsageNotCriticalTest3EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (KeyUsageNotCriticalCACert, chain.ChainElements[1].Certificate, "KeyUsageNotCriticalCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "KeyUsageNotCriticalCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T4_InvalidKeyUsageCriticalCRLSignFalse ()
{
X509Certificate2 ee = GetCertificate ("InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt");
X509Chain chain = new X509Chain ();
// INFO: keyUsage doesn't allow CRL signature verification
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (KeyUsageCriticalcRLSignFalseCACert, chain.ChainElements[1].Certificate, "KeyUsageCriticalcRLSignFalseCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "KeyUsageCriticalcRLSignFalseCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T4_InvalidKeyUsageCriticalCRLSignFalse_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is NOT valid wrt RFC3280
// keyUsage doesn't allow CRL signature verification
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (KeyUsageCriticalcRLSignFalseCACert, chain.ChainElements[1].Certificate, "KeyUsageCriticalcRLSignFalseCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "KeyUsageCriticalcRLSignFalseCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotDotNet")] // test case is RFC3280 compliant
public void T5_InvalidKeyUsageNotCriticalCRLSignFalse ()
{
X509Certificate2 ee = GetCertificate ("InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt");
X509Chain chain = new X509Chain ();
// INFO: keyUsage doesn't allow CRL signature verification
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (KeyUsageNotCriticalcRLSignFalseCACert, chain.ChainElements[1].Certificate, "KeyUsageNotCriticalcRLSignFalseCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "KeyUsageNotCriticalcRLSignFalseCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T5_InvalidKeyUsageNotCriticalCRLSignFalse_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD / this is NOT valid wrt RFC3280
// keyUsage doesn't allow CRL signature verification
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (KeyUsageNotCriticalcRLSignFalseCACert, chain.ChainElements[1].Certificate, "KeyUsageNotCriticalcRLSignFalseCACert");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "KeyUsageNotCriticalcRLSignFalseCACert.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_08_CertificatePolicies.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_08_CertificatePolicies.cs -
// NUnit tests for Pkits 4.8 : Certificate Policies
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_08_CertificatePolicies : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_09_RequireExplicitPolicy.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_09_RequireExplicitPolicy.cs -
// NUnit tests for Pkits 4.9 : Require Explicit Policy
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_09_RequireExplicitPolicy : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_10_PolicyMappings.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_10_PolicyMapping.cs -
// NUnit tests for Pkits 4.10 : Policy Mapping
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_10_PolicyMapping : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_11_InhibitPolicyMapping.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_11_InhibitPolicyMapping.cs -
// NUnit tests for Pkits 4.11 : Inhibit Policy Mapping
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_11_InhibitPolicyMapping : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_12_InhibitAnyPolicy.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_12_InhibitAnyPolicy.cs -
// NUnit tests for Pkits 4.12 : Inhibit Any Policy
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_12_InhibitAnyPolicy : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_13_NameConstraints.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_13_NameConstraints.cs -
// NUnit tests for Pkits 4.13 : Name Constraints
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_13_NameConstraints : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_14_DistributionPoints.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_14_DistributionPoints.cs -
// NUnit tests for Pkits 4.14 : Distribution Points
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_14_DistributionPoints : PkitsTest {
// TODO - incomplete
}
}
#endif

51
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_15_DeltaCRL.cs Normal file
View File

@@ -0,0 +1,51 @@
//
// Pkits_4_15_DeltaCRL.cs -
// NUnit tests for Pkits 4.15 : Delta CRL
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_15_DeltaCRL : PkitsTest {
// TODO - incomplete
}
}
#endif

98
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_16_PrivateCertificateExtensions.cs Normal file
View File

@@ -0,0 +1,98 @@
//
// Pkits_4_16_PrivateCertificateExtensions.cs -
// NUnit tests for Pkits 4.16 : PrivateCertificateExtensions
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
/*
* Notes:
*
* [MS/XP][!RFC3280] Unknown critical extensions are ignored.
*
* See PkitsTest.cs for more details
*/
[TestFixture]
[Category ("PKITS")]
public class Pkits_4_16_PrivateCertificateExtensions: PkitsTest {
[Test]
public void T1_ValidUnknownNotCriticalCertificateExtension ()
{
X509Certificate2 ee = GetCertificate ("ValidUnknownNotCriticalCertificateExtensionTest1EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[1].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotDotNet")]
public void T2_InvalidUnknownCriticalCertificateExtension ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCriticalCertificateExtensionTest2EE.crt");
X509Chain chain = new X509Chain ();
Assert.IsFalse (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.InvalidExtension, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.InvalidExtension, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[1].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "TrustAnchorRoot.Status");
}
[Test]
[Category ("NotWorking")] // WONTFIX - this isn't RFC3280 compliant
public void T2_InvalidUnknownCriticalCertificateExtension_MS ()
{
X509Certificate2 ee = GetCertificate ("InvalidUnknownCriticalCertificateExtensionTest2EE.crt");
X509Chain chain = new X509Chain ();
// MS-BAD [XP] / this is NOT valid wrt RFC3280
// Unknown CRITICAL extensions should not success!
Assert.IsTrue (chain.Build (ee), "Build");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[1].Certificate, "TrustAnchorRoot");
CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "TrustAnchorRoot.Status");
}
}
}
#endif

89
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/PublicKeyCas.cs Normal file
View File

@@ -0,0 +1,89 @@
//
// PublicKeyCas.cs - CAS unit tests for
// System.Security.Cryptography.X509Certificates.PublicKey
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Reflection;
using System.Security;
using System.Security.Permissions;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using MonoTests.System.Security.Cryptography.X509Certificates;
namespace MonoCasTests.System.Security.Cryptography.X509Certificates {
[TestFixture]
[Category ("CAS")]
public class PublicKeyCas {
[SetUp]
public void SetUp ()
{
if (!SecurityManager.SecurityEnabled)
Assert.Ignore ("SecurityManager.SecurityEnabled is OFF");
}
[Test]
[PermissionSet (SecurityAction.Deny, Unrestricted = true)]
public void ReuseUnitTests_Deny_Unrestricted ()
{
PublicKeyTest unit = new PublicKeyTest ();
unit.FixtureSetUp ();
unit.Constructor_RsaEmpty ();
unit.Constructor_UnknownEmpty ();
unit.Constructor_Rsa_FromCertificate ();
unit.Constructor_Rsa_FromScratch ();
unit.Constructor_Rsa_EmptyParameters ();
unit.Constructor_Rsa_WeirdParameters ();
unit.Constructor_Rsa_UnknownOid ();
unit.Constructor_Dsa_FromCertificate ();
unit.Constructor_Dsa_FromScratch ();
unit.Constructor_Dsa_EmptyParameters ();
unit.Constructor_Dsa_WeirdParameters ();
unit.Constructor_Dsa_UnknownOid ();
}
[Test]
[PermissionSet (SecurityAction.Deny, Unrestricted = true)]
public void LinkDemand_Deny_Unrestricted ()
{
Type[] types = new Type[3] { typeof (Oid), typeof (AsnEncodedData), typeof (AsnEncodedData) };
ConstructorInfo ci = typeof (PublicKey).GetConstructor (types);
Assert.IsNotNull (ci, ".ctor(Oid,AsnEncodedData,AsnEncodedData)");
Assert.IsNotNull (ci.Invoke (new object[3] { new Oid ("1.2.3.4"),
new AsnEncodedData (new byte[0]), new AsnEncodedData (new byte[0]) }), "invoke");
}
}
}
#endif

425
mcs/class/System/Test/System.Security.Cryptography.X509Certificates/PublicKeyTest.cs Normal file
View File

@@ -0,0 +1,425 @@
//
// PublicKeyTest.cs - NUnit Test Cases for
// System.Security.Cryptography.X509Certificates.PublicKey
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// Copyright (C) 2005-2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
[TestFixture]
public class PublicKeyTest {
static public Oid rsaOid = new Oid ("1.2.840.113549.1.1.1");
static public Oid dsaOid = new Oid ("1.2.840.10040.4.1");
static public Oid unknownOid = new Oid ("1.2.3.4");
static public AsnEncodedData emptyData = new AsnEncodedData (new byte[0]);
private static byte[] cert_a = { 0x30,0x82,0x01,0xFF,0x30,0x82,0x01,0x6C,0x02,0x05,0x02,0x72,0x00,0x06,0xE8,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,0x05,0x00,0x30,0x5F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x20,0x30,0x1E,0x06,0x03,0x55,0x04,0x0A,0x13,0x17,0x52,0x53,0x41,0x20,0x44,0x61,0x74,0x61,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x0B,0x13,0x25,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,
0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x39,0x36,0x30,0x33,0x31,0x32,0x31,0x38,0x33,0x38,0x34,0x37,0x5A,0x17,0x0D,0x39,0x37,0x30,0x33,0x31,0x32,0x31,0x38,0x33,0x38,0x34,0x36,0x5A,0x30,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x14,0x30,0x12,0x06,0x03,
0x55,0x04,0x0A,0x13,0x0B,0x43,0x6F,0x6D,0x6D,0x65,0x72,0x63,0x65,0x4E,0x65,0x74,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x0B,0x13,0x1E,0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x70,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x5F,0x00,0x30,0x5C,0x02,0x55,0x2D,0x58,0xE9,0xBF,0xF0,0x31,0xCD,0x79,0x06,0x50,0x5A,0xD5,0x9E,0x0E,0x2C,0xE6,0xC2,0xF7,0xF9,
0xD2,0xCE,0x55,0x64,0x85,0xB1,0x90,0x9A,0x92,0xB3,0x36,0xC1,0xBC,0xEA,0xC8,0x23,0xB7,0xAB,0x3A,0xA7,0x64,0x63,0x77,0x5F,0x84,0x22,0x8E,0xE5,0xB6,0x45,0xDD,0x46,0xAE,0x0A,0xDD,0x00,0xC2,0x1F,0xBA,0xD9,0xAD,0xC0,0x75,0x62,0xF8,0x95,0x82,0xA2,0x80,0xB1,0x82,0x69,0xFA,0xE1,0xAF,0x7F,0xBC,0x7D,0xE2,0x7C,0x76,0xD5,0xBC,0x2A,0x80,0xFB,0x02,0x03,0x01,0x00,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,0x05,0x00,0x03,0x7E,0x00,0x54,0x20,0x67,0x12,0xBB,0x66,0x14,0xC3,0x26,0x6B,0x7F,
0xDA,0x4A,0x25,0x4D,0x8B,0xE0,0xFD,0x1E,0x53,0x6D,0xAC,0xA2,0xD0,0x89,0xB8,0x2E,0x90,0xA0,0x27,0x43,0xA4,0xEE,0x4A,0x26,0x86,0x40,0xFF,0xB8,0x72,0x8D,0x1E,0xE7,0xB7,0x77,0xDC,0x7D,0xD8,0x3F,0x3A,0x6E,0x55,0x10,0xA6,0x1D,0xB5,0x58,0xF2,0xF9,0x0F,0x2E,0xB4,0x10,0x55,0x48,0xDC,0x13,0x5F,0x0D,0x08,0x26,0x88,0xC9,0xAF,0x66,0xF2,0x2C,0x9C,0x6F,0x3D,0xC3,0x2B,0x69,0x28,0x89,0x40,0x6F,0x8F,0x35,0x3B,0x9E,0xF6,0x8E,0xF1,0x11,0x17,0xFB,0x0C,0x98,0x95,0xA1,0xC2,0xBA,0x89,0x48,0xEB,0xB4,0x06,0x6A,0x22,0x54,
0xD7,0xBA,0x18,0x3A,0x48,0xA6,0xCB,0xC2,0xFD,0x20,0x57,0xBC,0x63,0x1C };
private static byte[] cert_b = { 0x30,0x82,0x03,0x04,0x30,0x82,0x02,0xC4,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x03,0x30,0x09,0x06,0x07,0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,0x30,0x51,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0A,0x13,0x0F,0x55,0x2E,0x53,0x2E,0x20,0x47,0x6F,0x76,0x65,0x72,0x6E,0x6D,0x65,0x6E,0x74,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x13,0x03,0x44,0x6F,0x44,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x41,0x72,0x6D,0x65,0x64,0x20,0x46,0x6F,
0x72,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,0x17,0x0D,0x30,0x30,0x31,0x30,0x32,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x30,0x33,0x30,0x31,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x51,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0A,0x13,0x0F,0x55,0x2E,0x53,0x2E,0x20,0x47,0x6F,0x76,0x65,0x72,0x6E,0x6D,0x65,0x6E,0x74,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x13,0x03,0x44,0x6F,0x44,0x31,0x1A,0x30,0x18,
0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x41,0x72,0x6D,0x65,0x64,0x20,0x46,0x6F,0x72,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0xB6,0x30,0x82,0x01,0x2B,0x06,0x07,0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,0x30,0x82,0x01,0x1E,0x02,0x81,0x81,0x00,0x90,0x89,0x3E,0x18,0x1B,0xFE,0xA3,0x1D,0x16,0x89,0x00,0xB4,0xD5,0x40,0x82,0x4C,0x2E,0xEC,0x3D,0x66,0x0D,0x0D,0xB9,0x17,0x40,0x6E,0x3A,0x5C,0x03,0x7B,0x1B,0x93,0x28,0x0C,0xEF,0xB9,0x97,0xE3,0xA1,0xEB,0xE2,0xA3,0x7C,0x61,0xDD,0x6F,0xD5,0xAD,0x15,0x69,0x00,
0x16,0xB2,0xC3,0x08,0x3D,0xC4,0x59,0xC6,0xF2,0x70,0xA5,0xB0,0xF5,0x1F,0x1D,0xF4,0xB0,0x15,0xDA,0x7E,0x28,0x39,0x24,0x99,0x36,0x5B,0xEC,0x39,0x25,0xFA,0x92,0x49,0x65,0xD2,0x43,0x05,0x6A,0x9E,0xA3,0x7B,0xF0,0xDE,0xA3,0x2F,0xD3,0x6F,0x3A,0xF9,0x35,0xC3,0x29,0xD4,0x45,0x6C,0x56,0x9A,0xDE,0x36,0x6E,0xFE,0x12,0x68,0x96,0x7B,0x45,0x1D,0x2C,0xFF,0xB9,0x2D,0xF5,0x52,0x8C,0xDF,0x3E,0x2F,0x63,0x02,0x15,0x00,0x81,0xA9,0xB5,0xD0,0x04,0xF2,0x9B,0xA7,0xD8,0x55,0x4C,0x3B,0x32,0xA1,0x45,0x32,0x4F,0xF5,0x51,0xDD,
0x02,0x81,0x80,0x64,0x7A,0x88,0x0B,0xF2,0x3E,0x91,0x81,0x59,0x9C,0xF4,0xEA,0xC6,0x7B,0x0E,0xBE,0xEA,0x05,0xE8,0x77,0xFD,0x20,0x34,0x87,0xA1,0xC4,0x69,0xF6,0xC8,0x8B,0x19,0xDA,0xCD,0xFA,0x21,0x8A,0x57,0xA9,0x7A,0x26,0x0A,0x56,0xD4,0xED,0x4B,0x1B,0x7C,0x70,0xED,0xB4,0xE6,0x7A,0x6A,0xDE,0xD3,0x29,0xE2,0xE9,0x9A,0x33,0xED,0x09,0x8D,0x9E,0xDF,0xDA,0x2E,0x4A,0xC1,0x50,0x92,0xEE,0x2F,0xE5,0x5A,0xF3,0x85,0x62,0x6A,0x48,0xDC,0x1B,0x02,0x98,0xA6,0xB0,0xD1,0x09,0x4B,0x10,0xD1,0xF0,0xFA,0xE0,0xB1,0x1D,0x13,
0x54,0x4B,0xC0,0xA8,0x40,0xEF,0x71,0xE8,0x56,0x6B,0xA2,0x29,0xCB,0x1E,0x09,0x7D,0x27,0x39,0x91,0x3B,0x20,0x4F,0x98,0x39,0xE8,0x39,0xCA,0x98,0xC5,0xAF,0x54,0x03,0x81,0x84,0x00,0x02,0x81,0x80,0x54,0xA8,0x88,0xB5,0x8F,0x01,0x56,0xCE,0x18,0x8F,0xA6,0xD6,0x7C,0x29,0x29,0x75,0x45,0xE8,0x31,0xA4,0x07,0x17,0xED,0x1E,0x5D,0xB2,0x7B,0xBB,0xCE,0x3C,0x97,0x67,0x1E,0x88,0x0A,0xFE,0x7D,0x00,0x22,0x27,0x1D,0x66,0xEE,0xF6,0x1B,0xB6,0x95,0x7F,0x5A,0xFF,0x06,0x34,0x02,0x43,0xC3,0x83,0xC4,0x66,0x2C,0xA1,0x05,0x0E,
0x68,0xB3,0xCA,0xDC,0xD3,0xF9,0x0C,0xC0,0x66,0xDF,0x85,0x84,0x4B,0x20,0x5D,0x41,0xAC,0xC0,0xEC,0x37,0x92,0x0E,0x97,0x19,0xBF,0x53,0x35,0x63,0x27,0x18,0x33,0x35,0x42,0x4D,0xF0,0x2D,0x6D,0xA7,0xA4,0x98,0xAA,0x57,0xF3,0xD2,0xB8,0x6E,0x4E,0x8F,0xFF,0xBE,0x6F,0x4E,0x0F,0x0B,0x44,0x24,0xEE,0xDF,0x4C,0x22,0x5B,0x44,0x98,0x94,0xCB,0xB8,0xA3,0x2F,0x30,0x2D,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x9D,0x2D,0x73,0xC3,0xB8,0xE3,0x4D,0x29,0x28,0xC3,0x65,0xBE,0xA9,0x98,0xCB,0xD6,0x8A,0x06,0x68,
0x9C,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x09,0x06,0x07,0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,0x03,0x2F,0x00,0x30,0x2C,0x02,0x14,0x5A,0x1B,0x2D,0x08,0x0E,0xE6,0x99,0x38,0x8F,0xB5,0x09,0xC9,0x89,0x79,0x7E,0x01,0x30,0xBD,0xCE,0xF0,0x02,0x14,0x71,0x7B,0x08,0x51,0x97,0xCE,0x4D,0x1F,0x6A,0x84,0x47,0x3A,0xC0,0xBD,0x13,0x89,0x81,0xB9,0x01,0x97 };
private static byte[] cert_c = {
0x30, 0x82, 0x05, 0xA5, 0x02, 0x01, 0x03, 0x30, 0x82, 0x05, 0x5F, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82,
0x05, 0x50, 0x04, 0x82, 0x05, 0x4C, 0x30, 0x82, 0x05, 0x48, 0x30, 0x82, 0x02, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07,
0x06, 0xA0, 0x82, 0x02, 0x48, 0x30, 0x82, 0x02, 0x44, 0x02, 0x01, 0x00, 0x30, 0x82, 0x02, 0x3D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
0x01, 0x07, 0x01, 0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03, 0x30, 0x0E, 0x04, 0x08, 0xC5, 0xB6, 0x41,
0x76, 0xD8, 0x4F, 0x82, 0x05, 0x02, 0x02, 0x07, 0xD0, 0x80, 0x82, 0x02, 0x10, 0x9B, 0x3A, 0x6F, 0xFC, 0xBE, 0x07, 0x3F, 0x4F, 0xAD, 0xF3, 0x7B,
0x91, 0xB4, 0x86, 0x23, 0xFE, 0x85, 0x63, 0x20, 0x37, 0x47, 0x1F, 0xD5, 0x95, 0x9C, 0x25, 0x8B, 0xE2, 0x4A, 0xA1, 0x97, 0x80, 0x8A, 0x17, 0xB3,
0x7F, 0xD2, 0x4C, 0x7C, 0x78, 0x48, 0x82, 0x77, 0x45, 0x00, 0xC3, 0x30, 0xB9, 0xF8, 0xF2, 0x44, 0xE6, 0xEA, 0xF7, 0x62, 0xFE, 0x93, 0xEA, 0xBC,
0xF7, 0x27, 0x51, 0x57, 0xC8, 0x64, 0x51, 0x4D, 0xA6, 0x51, 0x34, 0x74, 0x2C, 0x4B, 0x53, 0xA1, 0x24, 0x51, 0x84, 0xA1, 0xEC, 0xEE, 0x15, 0xDE,
0xEE, 0xD0, 0x44, 0xE1, 0x10, 0xEF, 0x51, 0x03, 0xC0, 0xBF, 0x7D, 0x3A, 0xFF, 0xB2, 0x83, 0x03, 0x24, 0xC7, 0x64, 0x16, 0x65, 0x82, 0x45, 0x90,
0x21, 0x7E, 0x5F, 0x8D, 0x45, 0x20, 0x53, 0x63, 0x4A, 0xB5, 0x7F, 0x56, 0xD2, 0x38, 0x5C, 0x1D, 0x7D, 0x4D, 0x56, 0xF2, 0xC8, 0xA2, 0x33, 0xF9,
0x44, 0x0A, 0x74, 0xDA, 0x95, 0x1D, 0x81, 0x9F, 0xB7, 0x93, 0xE2, 0x78, 0xC6, 0xB5, 0x90, 0xCF, 0x9B, 0xE1, 0x5B, 0x3C, 0x2A, 0x2E, 0x01, 0x50,
0x19, 0xDE, 0xD3, 0xE3, 0x99, 0xA9, 0x0D, 0xEC, 0x26, 0x30, 0x63, 0x73, 0xA9, 0xAA, 0x69, 0x91, 0xC0, 0xC0, 0x63, 0xD6, 0xF5, 0xCF, 0x64, 0xF2,
0x9E, 0x68, 0x06, 0x7F, 0x32, 0xED, 0xFA, 0x86, 0x7B, 0xCA, 0xC4, 0x19, 0x92, 0x39, 0x26, 0x59, 0x45, 0x04, 0xAC, 0xFF, 0x88, 0x9F, 0xAB, 0xDE,
0x9F, 0x0E, 0x4A, 0x0B, 0xFD, 0x1C, 0xBD, 0xE7, 0xD8, 0x0D, 0xFD, 0x70, 0x02, 0x0D, 0x38, 0x28, 0x5C, 0x2E, 0x94, 0x15, 0x82, 0xDA, 0xF7, 0x62,
0x88, 0x30, 0x17, 0x5B, 0x7A, 0x77, 0x01, 0x26, 0x4F, 0x6C, 0x17, 0x6F, 0xA4, 0x1D, 0x06, 0x46, 0x94, 0x44, 0x8D, 0x84, 0x29, 0x0D, 0xCF, 0x73,
0xD7, 0x38, 0x5C, 0x5D, 0x32, 0x11, 0x33, 0xB0, 0x2A, 0xD9, 0x89, 0x5F, 0xFC, 0x3E, 0x1A, 0x2E, 0xD5, 0xA6, 0x44, 0x3D, 0xCC, 0x13, 0xF3, 0x9E,
0xE8, 0x5B, 0x93, 0xFB, 0xEE, 0x9D, 0xB6, 0xEB, 0xFC, 0x15, 0x36, 0xBA, 0xC8, 0x60, 0x12, 0x4A, 0x8C, 0x98, 0xC6, 0x52, 0xF9, 0xCA, 0x03, 0xAA,
0x8F, 0x0E, 0xE8, 0xB7, 0xA9, 0x83, 0x63, 0xDA, 0x1C, 0x7E, 0xC8, 0x73, 0x07, 0x7D, 0xD9, 0x1D, 0x94, 0x74, 0xAA, 0xC9, 0xC5, 0x31, 0x69, 0x2D,
0xA4, 0x41, 0xB0, 0x03, 0x99, 0x15, 0x27, 0x85, 0x29, 0x4A, 0xC4, 0xFC, 0x15, 0x5C, 0xC4, 0xFB, 0x7B, 0x91, 0x5C, 0x38, 0xA4, 0xE6, 0xD6, 0x32,
0x6F, 0xC6, 0xE6, 0x01, 0x35, 0x5D, 0x98, 0xCF, 0xDD, 0x1A, 0x72, 0x3C, 0xE1, 0x00, 0x82, 0x3B, 0x8D, 0x92, 0xCB, 0x1E, 0x61, 0x24, 0x26, 0x70,
0xE0, 0x16, 0xE0, 0xC1, 0x7D, 0x22, 0x52, 0x9F, 0x7D, 0xB3, 0xF5, 0xCC, 0xAF, 0x2C, 0x82, 0x3C, 0xB4, 0xF8, 0x3F, 0x77, 0x6C, 0x37, 0x41, 0xDD,
0x64, 0x96, 0x91, 0x76, 0x7F, 0x60, 0xF9, 0xDB, 0xA1, 0xCC, 0xFD, 0x7A, 0x7F, 0x57, 0x45, 0x53, 0x4B, 0x55, 0xDD, 0x65, 0x09, 0xED, 0x1B, 0xD3,
0xFC, 0xC6, 0x6F, 0x5A, 0xE7, 0xF4, 0x57, 0xE0, 0xAE, 0xF6, 0xF9, 0x80, 0xB6, 0xA4, 0x7E, 0xA5, 0xD9, 0x73, 0xA3, 0x82, 0x10, 0xFB, 0xFC, 0xEF,
0xF0, 0x39, 0xEB, 0xC4, 0xEE, 0xCF, 0x33, 0xA9, 0x70, 0xE1, 0xBD, 0xDF, 0xF0, 0x03, 0x9E, 0x88, 0x2F, 0x25, 0x1A, 0x9A, 0x1E, 0x15, 0x34, 0x07,
0x43, 0x27, 0xC6, 0x38, 0x00, 0x7F, 0x48, 0xC9, 0xBA, 0x6A, 0x04, 0x18, 0xA7, 0x0B, 0x27, 0x0B, 0xD2, 0x23, 0x3F, 0xD4, 0x88, 0xB3, 0x6C, 0x0C,
0x14, 0xD0, 0x87, 0x42, 0xA4, 0x9A, 0x7A, 0x2F, 0x97, 0x86, 0xC2, 0xD9, 0x72, 0xAD, 0xCE, 0x54, 0x1A, 0xC6, 0x3C, 0x2A, 0x6F, 0x19, 0xB5, 0x08,
0xED, 0x53, 0xB2, 0xDF, 0x8B, 0xA7, 0x4B, 0x45, 0x6E, 0x9E, 0x66, 0x87, 0x17, 0x30, 0x82, 0x02, 0xE9, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x02, 0xDA, 0x04, 0x82, 0x02, 0xD6, 0x30, 0x82, 0x02, 0xD2, 0x30, 0x82, 0x02, 0xCE, 0x06, 0x0B, 0x2A, 0x86,
0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x82, 0x02, 0xA6, 0x30, 0x82, 0x02, 0xA2, 0x30, 0x1C, 0x06, 0x0A, 0x2A, 0x86, 0x48,
0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x01, 0x03, 0x30, 0x0E, 0x04, 0x08, 0x49, 0xB7, 0x9B, 0xE6, 0x18, 0xDA, 0xE1, 0x12, 0x02, 0x02, 0x07, 0xD0, 0x04,
0x82, 0x02, 0x80, 0xE6, 0xD9, 0x5A, 0xAC, 0xA6, 0xDD, 0x9F, 0x3C, 0x24, 0x72, 0x62, 0xA6, 0xCA, 0x78, 0x16, 0xD4, 0x55, 0x67, 0xF5, 0x0C, 0xB9,
0x29, 0x94, 0xC7, 0xD9, 0x15, 0x76, 0x8F, 0x3B, 0xA3, 0x93, 0xF3, 0x17, 0x2F, 0x0F, 0x3C, 0x82, 0x62, 0xF8, 0x51, 0xB3, 0xBC, 0xA0, 0xE6, 0x78,
0x2D, 0xBF, 0xE0, 0xCE, 0x53, 0xCF, 0xEB, 0x8B, 0x02, 0x2E, 0x28, 0x9C, 0x1A, 0xB2, 0x7D, 0x22, 0xEB, 0x64, 0x15, 0xC9, 0xA3, 0x83, 0x5A, 0x0D,
0xFC, 0x79, 0x43, 0x9B, 0xDE, 0xB0, 0x72, 0xEF, 0x7E, 0xCE, 0xC9, 0x0D, 0xFE, 0x16, 0xD8, 0x9D, 0x19, 0x44, 0xB6, 0x05, 0x29, 0x46, 0xE0, 0x8D,
0xCD, 0x89, 0xAD, 0x9A, 0x3C, 0x0F, 0xCB, 0x41, 0x5A, 0x83, 0xD0, 0x60, 0x93, 0xC4, 0xF4, 0xB9, 0xD8, 0xC8, 0x71, 0x2E, 0xE1, 0x07, 0x4A, 0xE3,
0x01, 0xFD, 0x44, 0xFF, 0x97, 0xBB, 0x9F, 0x5B, 0x0C, 0x28, 0xD5, 0x7A, 0x6A, 0xD4, 0x14, 0x56, 0xA6, 0x35, 0x02, 0x6F, 0x36, 0x8D, 0x4C, 0x0E,
0xF4, 0x43, 0x2C, 0x35, 0x30, 0x90, 0x7B, 0x20, 0xFE, 0xC8, 0x0B, 0x88, 0xD4, 0xBD, 0xE9, 0xD9, 0xFC, 0x1C, 0xEB, 0x70, 0x97, 0x1E, 0x6E, 0xC6,
0x87, 0x0B, 0x2B, 0xF3, 0xBC, 0x73, 0x1C, 0x8A, 0xB6, 0xEC, 0xA7, 0x35, 0x32, 0x88, 0x23, 0xAF, 0x1E, 0x48, 0x07, 0xC8, 0x8A, 0xB1, 0xCA, 0x98,
0x97, 0x66, 0x98, 0x72, 0xDC, 0x3A, 0x6E, 0xE0, 0x6E, 0xFA, 0x07, 0xE8, 0x7F, 0x65, 0x7F, 0x20, 0xB8, 0xDC, 0x32, 0x11, 0xAF, 0xA6, 0x1E, 0x5E,
0xC9, 0x79, 0x85, 0x53, 0x7E, 0x65, 0x63, 0xF5, 0x0B, 0x36, 0x17, 0x08, 0x1D, 0x1C, 0xD7, 0x20, 0x09, 0x7A, 0xAF, 0x8E, 0x25, 0x61, 0xE3, 0xAD,
0x3C, 0x3D, 0x9B, 0x87, 0x0B, 0x93, 0x11, 0xB7, 0x15, 0x60, 0xDB, 0x7D, 0xBE, 0xDC, 0x7F, 0x9E, 0xE9, 0x38, 0x84, 0x53, 0x88, 0x93, 0xED, 0xD3,
0x71, 0x15, 0x32, 0x1F, 0x1F, 0x35, 0x91, 0xF1, 0xAB, 0x2F, 0x25, 0x57, 0x6D, 0x3F, 0x6C, 0xF5, 0x1B, 0xC8, 0xED, 0x55, 0x63, 0x02, 0xF3, 0xDA,
0x87, 0xC7, 0xF4, 0xB0, 0x45, 0x9F, 0x12, 0xC9, 0xC3, 0x38, 0x70, 0x58, 0x8F, 0x87, 0xD5, 0x53, 0xDB, 0xB5, 0x5B, 0xAF, 0x5A, 0xF6, 0xDC, 0xE6,
0x17, 0xF6, 0xE3, 0x0C, 0x1E, 0x59, 0x6C, 0x68, 0x84, 0x09, 0xD9, 0xCD, 0x52, 0x9F, 0x6B, 0x19, 0xB1, 0xC6, 0xAC, 0xB3, 0x48, 0x2B, 0xD3, 0x9F,
0x85, 0xAE, 0xF4, 0x2B, 0x54, 0x84, 0x39, 0x2F, 0x01, 0x5C, 0x4C, 0x68, 0xA4, 0x98, 0xF7, 0x9E, 0x73, 0x22, 0xD0, 0x76, 0x8D, 0x54, 0x1A, 0x05,
0x34, 0xBF, 0xF7, 0x59, 0x6E, 0x8D, 0x8C, 0xA2, 0x21, 0xCB, 0xE4, 0x3F, 0x01, 0xEB, 0xF7, 0x3E, 0x62, 0x52, 0x29, 0xED, 0x45, 0xFF, 0x4C, 0xC2,
0xA2, 0x87, 0x69, 0xE2, 0x21, 0x43, 0x10, 0xAF, 0x23, 0xB8, 0xCE, 0xD9, 0xEA, 0x51, 0xB8, 0x96, 0x17, 0x45, 0xDD, 0x07, 0x34, 0x9D, 0x0D, 0x61,
0x42, 0x4A, 0xAB, 0xE7, 0xE7, 0x8D, 0x12, 0xC8, 0x66, 0x72, 0x09, 0x0E, 0x9B, 0x77, 0xFC, 0x6E, 0xAD, 0xE5, 0xFF, 0xE9, 0x55, 0x36, 0xB3, 0x5E,
0xA2, 0xAA, 0x54, 0x04, 0x8E, 0x98, 0x7A, 0x89, 0xB2, 0x3A, 0x86, 0x0E, 0xCB, 0x94, 0x33, 0xCF, 0x4C, 0x71, 0xA4, 0x6E, 0x4A, 0xEA, 0xFD, 0x78,
0xEE, 0xC1, 0xBF, 0xDA, 0x3B, 0xC1, 0x2A, 0xC2, 0x98, 0xA6, 0x61, 0xF5, 0x29, 0x4F, 0x96, 0x9F, 0xF8, 0xA9, 0xAB, 0xFB, 0x1A, 0x45, 0xEE, 0xC0,
0x9B, 0x91, 0x0A, 0xEA, 0xF7, 0x81, 0x0C, 0xC1, 0xF4, 0xD6, 0xEF, 0x6A, 0x57, 0x27, 0xBC, 0xD5, 0xA1, 0x86, 0x41, 0x59, 0xED, 0x62, 0x13, 0x3E,
0xB2, 0x5E, 0x85, 0x37, 0x71, 0x45, 0x5E, 0x5B, 0x88, 0xB8, 0x9A, 0xC1, 0xE9, 0x36, 0x08, 0x7A, 0x75, 0x20, 0x38, 0x3B, 0x7B, 0xA0, 0x83, 0x1F,
0xAF, 0x68, 0xF0, 0xD5, 0x76, 0xCC, 0x68, 0xD5, 0x49, 0xA7, 0x1E, 0x45, 0xAD, 0x3E, 0x38, 0xDB, 0xE8, 0x3F, 0x19, 0xF3, 0xAA, 0x10, 0x9B, 0x42,
0x4C, 0x3F, 0x50, 0x93, 0xD3, 0x22, 0xDC, 0x6D, 0x40, 0xE2, 0x7D, 0xBD, 0x13, 0xCD, 0xB7, 0x2D, 0xD6, 0x4D, 0x8B, 0x5B, 0x7C, 0xE8, 0x6E, 0x06,
0xF2, 0x66, 0xB8, 0x7B, 0x97, 0x4C, 0x6F, 0x03, 0x74, 0xEE, 0x72, 0xB1, 0xFB, 0xD9, 0x14, 0xA0, 0xC2, 0x62, 0x33, 0x79, 0xB9, 0x89, 0x52, 0x72,
0xC4, 0x13, 0x38, 0x4E, 0x2B, 0xE9, 0xC9, 0xBA, 0x53, 0xF3, 0x1E, 0xBB, 0x5A, 0x92, 0x9F, 0xF4, 0xBF, 0x9F, 0xDC, 0xD2, 0xD3, 0x18, 0xF5, 0x51,
0x16, 0xC4, 0x75, 0x7D, 0xF1, 0x27, 0x88, 0xB3, 0x0B, 0x8A, 0xA5, 0x1C, 0x7D, 0x2E, 0x0C, 0xF5, 0xE8, 0xF1, 0x14, 0x31, 0x15, 0x30, 0x13, 0x06,
0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x06, 0x04, 0x04, 0x01, 0x00, 0x00, 0x00, 0x30, 0x3D, 0x30, 0x21, 0x30, 0x09,
0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14, 0x64, 0xCC, 0xB9, 0xBC, 0x62, 0x87, 0x49, 0x30, 0x6A, 0x0B, 0x73, 0x21, 0x4C,
0x16, 0xE9, 0xF6, 0x01, 0x40, 0x61, 0xA0, 0x04, 0x14, 0xF4, 0xA9, 0x6C, 0x88, 0x28, 0x6B, 0x6D, 0x44, 0x1C, 0xA5, 0x29, 0xD1, 0xCB, 0x3B, 0xCF,
0x7A, 0xF1, 0xE1, 0x50, 0x62, 0x02, 0x02, 0x07, 0xD0
};
private static byte[] asn_null = new byte[] { 0x05, 0x00 };
private static byte[] rsa_public_key = new byte[] { 0x30, 0x5C, 0x02, 0x55, 0x2D, 0x58, 0xE9, 0xBF, 0xF0, 0x31, 0xCD, 0x79, 0x06, 0x50, 0x5A, 0xD5, 0x9E, 0x0E, 0x2C, 0xE6, 0xC2, 0xF7, 0xF9, 0xD2, 0xCE, 0x55, 0x64, 0x85, 0xB1, 0x90, 0x9A, 0x92, 0xB3, 0x36, 0xC1, 0xBC, 0xEA, 0xC8, 0x23, 0xB7, 0xAB, 0x3A, 0xA7, 0x64, 0x63, 0x77, 0x5F, 0x84, 0x22, 0x8E, 0xE5, 0xB6, 0x45, 0xDD, 0x46, 0xAE, 0x0A, 0xDD, 0x00, 0xC2, 0x1F, 0xBA, 0xD9, 0xAD, 0xC0, 0x75, 0x62, 0xF8, 0x95, 0x82, 0xA2, 0x80, 0xB1, 0x82, 0x69, 0xFA,
0xE1, 0xAF, 0x7F, 0xBC, 0x7D, 0xE2, 0x7C, 0x76, 0xD5, 0xBC, 0x2A, 0x80, 0xFB, 0x02, 0x03, 0x01, 0x00, 0x01 };
public const string rsa_public_key_xml = "<RSAKeyValue><Modulus>LVjpv/AxzXkGUFrVng4s5sL3+dLOVWSFsZCakrM2wbzqyCO3qzqnZGN3X4QijuW2Rd1GrgrdAMIfutmtwHVi+JWCooCxgmn64a9/vH3ifHbVvCqA+w==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
private static byte[] dsa_params = new byte[] { 0x30, 0x82, 0x01, 0x1E, 0x02, 0x81, 0x81, 0x00, 0x90, 0x89, 0x3E, 0x18, 0x1B, 0xFE, 0xA3, 0x1D, 0x16, 0x89, 0x00, 0xB4, 0xD5, 0x40, 0x82, 0x4C, 0x2E, 0xEC, 0x3D, 0x66, 0x0D, 0x0D, 0xB9, 0x17, 0x40, 0x6E, 0x3A, 0x5C, 0x03, 0x7B, 0x1B, 0x93, 0x28, 0x0C, 0xEF, 0xB9, 0x97, 0xE3, 0xA1, 0xEB, 0xE2, 0xA3, 0x7C, 0x61, 0xDD, 0x6F, 0xD5, 0xAD, 0x15, 0x69, 0x00, 0x16, 0xB2, 0xC3, 0x08, 0x3D, 0xC4, 0x59, 0xC6, 0xF2, 0x70, 0xA5, 0xB0, 0xF5, 0x1F, 0x1D, 0xF4, 0xB0, 0x15,
0xDA, 0x7E, 0x28, 0x39, 0x24, 0x99, 0x36, 0x5B, 0xEC, 0x39, 0x25, 0xFA, 0x92, 0x49, 0x65, 0xD2, 0x43, 0x05, 0x6A, 0x9E, 0xA3, 0x7B, 0xF0, 0xDE, 0xA3, 0x2F, 0xD3, 0x6F, 0x3A, 0xF9, 0x35, 0xC3, 0x29, 0xD4, 0x45, 0x6C, 0x56, 0x9A, 0xDE, 0x36, 0x6E, 0xFE, 0x12, 0x68, 0x96, 0x7B, 0x45, 0x1D, 0x2C, 0xFF, 0xB9, 0x2D, 0xF5, 0x52, 0x8C, 0xDF, 0x3E, 0x2F, 0x63, 0x02, 0x15, 0x00, 0x81, 0xA9, 0xB5, 0xD0, 0x04, 0xF2, 0x9B, 0xA7, 0xD8, 0x55, 0x4C, 0x3B, 0x32, 0xA1, 0x45, 0x32, 0x4F, 0xF5, 0x51, 0xDD, 0x02, 0x81,
0x80, 0x64, 0x7A, 0x88, 0x0B, 0xF2, 0x3E, 0x91, 0x81, 0x59, 0x9C, 0xF4, 0xEA, 0xC6, 0x7B, 0x0E, 0xBE, 0xEA, 0x05, 0xE8, 0x77, 0xFD, 0x20, 0x34, 0x87, 0xA1, 0xC4, 0x69, 0xF6, 0xC8, 0x8B, 0x19, 0xDA, 0xCD, 0xFA, 0x21, 0x8A, 0x57, 0xA9, 0x7A, 0x26, 0x0A, 0x56, 0xD4, 0xED, 0x4B, 0x1B, 0x7C, 0x70, 0xED, 0xB4, 0xE6, 0x7A, 0x6A, 0xDE, 0xD3, 0x29, 0xE2, 0xE9, 0x9A, 0x33, 0xED, 0x09, 0x8D, 0x9E, 0xDF, 0xDA, 0x2E, 0x4A, 0xC1, 0x50, 0x92, 0xEE, 0x2F, 0xE5, 0x5A, 0xF3, 0x85, 0x62, 0x6A, 0x48, 0xDC, 0x1B, 0x02,
0x98, 0xA6, 0xB0, 0xD1, 0x09, 0x4B, 0x10, 0xD1, 0xF0, 0xFA, 0xE0, 0xB1, 0x1D, 0x13, 0x54, 0x4B, 0xC0, 0xA8, 0x40, 0xEF, 0x71, 0xE8, 0x56, 0x6B, 0xA2, 0x29, 0xCB, 0x1E, 0x09, 0x7D, 0x27, 0x39, 0x91, 0x3B, 0x20, 0x4F, 0x98, 0x39, 0xE8, 0x39, 0xCA, 0x98, 0xC5, 0xAF, 0x54 };
private static byte[] dsa_public_key = new byte[] { 0x02, 0x81, 0x80, 0x54, 0xA8, 0x88, 0xB5, 0x8F, 0x01, 0x56, 0xCE, 0x18, 0x8F, 0xA6, 0xD6, 0x7C, 0x29, 0x29, 0x75, 0x45, 0xE8, 0x31, 0xA4, 0x07, 0x17, 0xED, 0x1E, 0x5D, 0xB2, 0x7B, 0xBB, 0xCE, 0x3C, 0x97, 0x67, 0x1E, 0x88, 0x0A, 0xFE, 0x7D, 0x00, 0x22, 0x27, 0x1D, 0x66, 0xEE, 0xF6, 0x1B, 0xB6, 0x95, 0x7F, 0x5A, 0xFF, 0x06, 0x34, 0x02, 0x43, 0xC3, 0x83, 0xC4, 0x66, 0x2C, 0xA1, 0x05, 0x0E, 0x68, 0xB3, 0xCA, 0xDC, 0xD3, 0xF9, 0x0C, 0xC0, 0x66, 0xDF, 0x85,
0x84, 0x4B, 0x20, 0x5D, 0x41, 0xAC, 0xC0, 0xEC, 0x37, 0x92, 0x0E, 0x97, 0x19, 0xBF, 0x53, 0x35, 0x63, 0x27, 0x18, 0x33, 0x35, 0x42, 0x4D, 0xF0, 0x2D, 0x6D, 0xA7, 0xA4, 0x98, 0xAA, 0x57, 0xF3, 0xD2, 0xB8, 0x6E, 0x4E, 0x8F, 0xFF, 0xBE, 0x6F, 0x4E, 0x0F, 0x0B, 0x44, 0x24, 0xEE, 0xDF, 0x4C, 0x22, 0x5B, 0x44, 0x98, 0x94, 0xCB, 0xB8 };
public const string dsa_public_key_xml = "<DSAKeyValue><P>kIk+GBv+ox0WiQC01UCCTC7sPWYNDbkXQG46XAN7G5MoDO+5l+Oh6+KjfGHdb9WtFWkAFrLDCD3EWcbycKWw9R8d9LAV2n4oOSSZNlvsOSX6kkll0kMFap6je/Deoy/Tbzr5NcMp1EVsVpreNm7+EmiWe0UdLP+5LfVSjN8+L2M=</P><Q>gam10ATym6fYVUw7MqFFMk/1Ud0=</Q><G>ZHqIC/I+kYFZnPTqxnsOvuoF6Hf9IDSHocRp9siLGdrN+iGKV6l6JgpW1O1LG3xw7bTmemre0yni6Zoz7QmNnt/aLkrBUJLuL+Va84ViakjcGwKYprDRCUsQ0fD64LEdE1RLwKhA73HoVmuiKcseCX0nOZE7IE+YOeg5ypjFr1Q=</G><Y>VKiItY8BVs4Yj6bWfCkpdUXoMaQHF+0eXbJ7u848l2ceiAr+fQAiJx1m7vYbtpV/Wv8GNAJDw4PEZiyhBQ5os8rc0/kMwGbfhYRLIF1BrMDsN5IOlxm/UzVjJxgzNUJN8C1tp6SYqlfz0rhuTo//vm9ODwtEJO7fTCJbRJiUy7g=</Y></DSAKeyValue>";
private X509Certificate2 x509a;
private X509Certificate2 x509b;
private X509Certificate2 x509c;
[TestFixtureSetUp]
public void FixtureSetUp ()
{
x509a = new X509Certificate2 (cert_a);
x509b = new X509Certificate2 (cert_b);
x509c = new X509Certificate2 (cert_c, "mono");
}
[Test]
[ExpectedException (typeof (ArgumentNullException))]
public void Constructor_NullOid ()
{
new PublicKey (null, emptyData, emptyData);
}
[Test]
[ExpectedException (typeof (ArgumentNullException))]
public void Constructor_NullParameters ()
{
new PublicKey (rsaOid, null, emptyData);
}
[Test]
[ExpectedException (typeof (ArgumentNullException))]
public void Constructor_NullKeyValue ()
{
new PublicKey (rsaOid, emptyData, null);
}
[Test]
public void Constructor_RsaEmpty ()
{
PublicKey pk = new PublicKey (rsaOid, emptyData, emptyData);
Assert.IsFalse (Object.ReferenceEquals (rsaOid, pk.Oid), "Oid-reference");
Assert.AreEqual (rsaOid.Value, pk.Oid.Value, "Oid-Value");
Assert.IsFalse (Object.ReferenceEquals (emptyData, pk.EncodedKeyValue), "EncodedKeyValue-reference");
Assert.AreEqual (0, pk.EncodedKeyValue.RawData.Length, "EncodedKeyValue-RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue-Oid");
Assert.IsFalse (Object.ReferenceEquals (emptyData, pk.EncodedParameters), "EncodedParameters-reference");
Assert.AreEqual (0, pk.EncodedParameters.RawData.Length, "EncodedParameters-RawData");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters-Oid");
}
[Test]
[ExpectedException (typeof (CryptographicException))]
public void Constructor_RsaEmpty_Key ()
{
PublicKey pk = new PublicKey (rsaOid, emptyData, emptyData);
Assert.IsNull (pk.Key);
}
[Test]
public void Constructor_UnknownEmpty ()
{
PublicKey pk = new PublicKey (unknownOid, emptyData, emptyData);
Assert.IsFalse (Object.ReferenceEquals (unknownOid, pk.Oid), "Oid-reference");
Assert.AreEqual (unknownOid.Value, pk.Oid.Value, "Oid-Value");
}
[Test]
[ExpectedException (typeof (NotSupportedException))]
public void Constructor_UnknownEmpty_Key ()
{
PublicKey pk = new PublicKey (unknownOid, emptyData, emptyData);
Assert.IsNotNull (pk.Key);
}
[Test]
public void Constructor_Rsa_FromCertificate ()
{
PublicKey pk1 = x509a.PublicKey;
PublicKey pk2 = new PublicKey (pk1.Oid, pk1.EncodedParameters, pk1.EncodedKeyValue);
Assert.AreEqual (rsaOid.Value, pk2.Oid.Value, "Oid.Value");
Assert.AreEqual (rsaOid.Value, pk2.EncodedParameters.Oid.Value, "EncodedParameters.Oid.Value");
Assert.AreEqual ("05-00", BitConverter.ToString (pk2.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.AreEqual (rsaOid.Value, pk2.EncodedKeyValue.Oid.Value, "EncodedKeyValue.Oid.Value");
Assert.AreEqual (BitConverter.ToString (rsa_public_key), BitConverter.ToString (pk2.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (rsa_public_key_xml, pk2.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk2.Key as RSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
[Test]
public void Constructor_Rsa_FromScratch ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (rsaOid.Value),
new AsnEncodedData (asn_null),
new AsnEncodedData (rsa_public_key));
Assert.AreEqual (rsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual ("05-00", BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (rsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (rsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk.Key as RSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
[Test]
public void Constructor_Rsa_EmptyParameters ()
{
PublicKey pk = new PublicKey (new Oid (rsaOid.Value),
new AsnEncodedData (new byte [0]), // same as NULL (0x05, 0x00)
new AsnEncodedData (rsa_public_key));
Assert.AreEqual (rsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (String.Empty, BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (rsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (rsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk.Key as RSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
[Test]
public void Constructor_Rsa_WeirdParameters ()
{
PublicKey pk = new PublicKey (new Oid (rsaOid.Value),
new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }),
new AsnEncodedData (rsa_public_key));
Assert.AreEqual (rsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual ("00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F", BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (rsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
// weird (or any) parameters are ignored when decoding RSA public keys
Assert.AreEqual (rsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk.Key as RSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
[Test]
public void Constructor_Rsa_UnknownOid ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (unknownOid.Value),
new AsnEncodedData (asn_null),
new AsnEncodedData (rsa_public_key));
Assert.AreEqual (unknownOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual ("05-00", BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (rsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
[Test]
[ExpectedException (typeof (NotSupportedException))]
public void Constructor_Rsa_UnknownOid_Key ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (unknownOid.Value),
new AsnEncodedData (asn_null),
new AsnEncodedData (rsa_public_key));
Assert.AreEqual (rsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
[Test]
public void Constructor_Dsa_FromCertificate ()
{
PublicKey pk1 = x509b.PublicKey;
PublicKey pk2 = new PublicKey (pk1.Oid, pk1.EncodedParameters, pk1.EncodedKeyValue);
Assert.AreEqual (dsaOid.Value, pk2.Oid.Value, "Oid.Value");
Assert.AreEqual (dsaOid.Value, pk2.EncodedParameters.Oid.Value, "EncodedParameters.Oid.Value");
Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk2.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.AreEqual (dsaOid.Value, pk2.EncodedKeyValue.Oid.Value, "EncodedKeyValue.Oid.Value");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk2.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (dsa_public_key_xml, pk2.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk2.Key as DSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
[Test]
public void Constructor_Dsa_FromScratch ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (dsa_params),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
Assert.IsTrue ((pk.Key as DSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
[Test]
public void Constructor_Dsa_EmptyParameters ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[0]), // same as NULL (0x05, 0x00)
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (String.Empty, BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
[Test]
[ExpectedException (typeof (CryptographicException))]
public void Constructor_Dsa_EmptyParameters_Key ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[0]), // same as NULL (0x05, 0x00)
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
[Test]
public void Constructor_Dsa_WeirdParameters ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual ("00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F", BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
[Test]
[ExpectedException (typeof (CryptographicException))]
public void Constructor_Dsa_WeirdParameters_Key ()
{
PublicKey pk = new PublicKey (new Oid (dsaOid.Value),
new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
[Test]
public void Constructor_Dsa_UnknownOid ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (unknownOid.Value),
new AsnEncodedData (dsa_params),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (unknownOid.Value, pk.Oid.Value, "Oid.Value");
Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData");
Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid");
Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData");
}
[Test]
[ExpectedException (typeof (NotSupportedException))]
public void Constructor_Dsa_UnknownOid_Key ()
{
// providing Oid for parameters and keyvalue isn't required
PublicKey pk = new PublicKey (new Oid (unknownOid.Value),
new AsnEncodedData (dsa_params),
new AsnEncodedData (dsa_public_key));
Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key");
}
[Test]
public void Rsa_PasswordProtectedPkcs12 ()
{
Assert.IsTrue (x509c.HasPrivateKey, "HasPrivateKey");
// the public key doesn't contain the private parts of the key
Assert.IsTrue ((x509c.PublicKey.Key as RSACryptoServiceProvider).PublicOnly, "Key.PublicOnly");
}
}
}
#endif

Some files were not shown because too many files have changed in this diff Show More