Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
2014-08-13 10:39:27 +01:00
commit a575963da9
50588 changed files with 8155799 additions and 0 deletions
--- a/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/ChangeLog
+++ b/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/ChangeLog
@@ -0,0 +1,7 @@
+2006-12-07  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* Makefile: New. Makefile to download, install and register the PKITS 
+	test cases.
+	* README: New. Instructions to set up/uninstall PKITS.
+	* x509build.cs: New. Tool useful to debug chain/patch building and 
+	validation (unit tests generally asserts too quickly to be useful).
--- a/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/Makefile
+++ b/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/Makefile
@@ -0,0 +1,153 @@
+all: on x509build.exe
+
+x509build.exe: x509build.cs
+	gmcs x509build.cs
+
+PKITS_data.zip:
+	wget http://csrc.nist.gov/pki/testing/PKITS_data.zip
+
+pkits.ldif: PKITS_data.zip
+	unzip -o PKITS_data.zip
+	touch pkits.ldif
+
+register: pkits.ldif
+	certmgr -add -c Trust certs/TrustAnchorRootCertificate.crt
+	certmgr -add -c CA certs/GoodCACert.crt
+	certmgr -add -c CA certs/BadSignedCACert.crt
+	certmgr -add -c CA certs/DSACACert.crt
+	certmgr -add -c CA certs/DSAParametersInheritedCACert.crt
+	certmgr -add -c CA certs/BadnotBeforeDateCACert.crt
+	certmgr -add -c CA certs/BadnotAfterDateCACert.crt
+	certmgr -add -c CA certs/NameOrderingCACert.crt
+	certmgr -add -c CA certs/UIDCACert.crt
+	certmgr -add -c CA certs/RFC3280MandatoryAttributeTypesCACert.crt
+	certmgr -add -c CA certs/RFC3280OptionalAttributeTypesCACert.crt
+	certmgr -add -c CA certs/UTF8StringEncodedNamesCACert.crt
+	certmgr -add -c CA certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
+	certmgr -add -c CA certs/UTF8StringCaseInsensitiveMatchCACert.crt
+	certmgr -add -c CA certs/BasicSelfIssuedNewKeyCACert.crt
+	certmgr -add -c CA certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt
+	certmgr -add -c CA certs/BasicSelfIssuedCRLSigningKeyCACert.crt
+	certmgr -add -c CA certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt
+	certmgr -add -c CA certs/MissingbasicConstraintsCACert.crt
+	certmgr -add -c CA certs/basicConstraintsCriticalcAFalseCACert.crt
+	certmgr -add -c CA certs/basicConstraintsNotCriticalCACert.crt
+	certmgr -add -c CA certs/basicConstraintsNotCriticalcAFalseCACert.crt
+	certmgr -add -c CA certs/pathLenConstraint0CACert.crt
+	certmgr -add -c CA certs/pathLenConstraint0subCACert.crt
+	certmgr -add -c CA certs/pathLenConstraint0subCA2Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6CACert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subCA0Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subsubCA00Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subCA1Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subsubCA11Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subsubsubCA11XCert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subCA4Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subsubCA41Cert.crt
+	certmgr -add -c CA certs/pathLenConstraint6subsubsubCA41XCert.crt
+	certmgr -add -c Trust certs/pathLenConstraint0SelfIssuedCACert.crt
+	certmgr -add -c CA certs/pathLenConstraint1CACert.crt
+	certmgr -add -c Trust certs/pathLenConstraint1SelfIssuedCACert.crt
+	certmgr -add -c CA certs/pathLenConstraint1subCACert.crt
+	certmgr -add -c CA certs/keyUsageCriticalkeyCertSignFalseCACert.crt
+	certmgr -add -c CA certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
+	certmgr -add -c CA certs/keyUsageNotCriticalCACert.crt
+	certmgr -add -c CA certs/keyUsageCriticalcRLSignFalseCACert.crt
+	certmgr -add -c CA certs/keyUsageNotCriticalcRLSignFalseCACert.crt
+	certmgr -add -c CA certs/BasicSelfIssuedOldKeyCACert.crt
+	certmgr -add -c CA certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt
+	certmgr -add -c CA certs/NoCRLCACert.crt
+	certmgr -add -c CA certs/RevokedsubCACert.crt
+	certmgr -add -c CA certs/BadCRLSignatureCACert.crt
+	certmgr -add -c CA certs/BadCRLIssuerNameCACert.crt
+	certmgr -add -c CA certs/WrongCRLCACert.crt
+	certmgr -add -c CA certs/TwoCRLsCACert.crt
+	certmgr -add -c CA certs/UnknownCRLEntryExtensionCACert.crt
+	certmgr -add -c CA certs/UnknownCRLExtensionCACert.crt
+	certmgr -add -c CA certs/OldCRLnextUpdateCACert.crt
+	certmgr -add -c CA certs/pre2000CRLnextUpdateCACert.crt
+	certmgr -add -c CA certs/GeneralizedTimeCRLnextUpdateCACert.crt
+	certmgr -add -c CA certs/NegativeSerialNumberCACert.crt
+	certmgr -add -c CA certs/LongSerialNumberCACert.crt
+	certmgr -add -c CA certs/SeparateCertificateandCRLKeysCertificateSigningCACert.crt
+	certmgr -add -c CA certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
+	certmgr -add -c CA certs/SeparateCertificateandCRLKeysCA2CertificateSigningCACert.crt
+	certmgr -add -c CA certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
+
+	# general (all sections)
+	certmgr -add -crl Trust crls/TrustAnchorRootCRL.crl
+	certmgr -add -crl CA crls/GoodCACRL.crl
+	# section 4.1
+	certmgr -add -crl CA crls/DSACACRL.crl
+	certmgr -add -crl CA crls/DSAParametersInheritedCACRL.crl
+	# section 4.2
+	certmgr -add -crl CA crls/BadnotBeforeDateCACRL.crl
+	certmgr -add -crl CA crls/BadnotAfterDateCACRL.crl
+	# section 4.3
+	certmgr -add -crl CA crls/UIDCACRL.crl
+	certmgr -add -crl CA crls/RFC3280MandatoryAttributeTypesCACRL.crl
+	certmgr -add -crl CA crls/RFC3280OptionalAttributeTypesCACRL.crl
+	certmgr -add -crl CA crls/UTF8StringEncodedNamesCACRL.crl
+	certmgr -add -crl CA crls/RolloverfromPrintableStringtoUTF8StringCACRL.crl
+	certmgr -add -crl CA crls/UTF8StringCaseInsensitiveMatchCACRL.crl
+	# section 4.4
+	certmgr -add -crl CA crls/TwoCRLsCAGoodCRL.crl
+	certmgr -add -crl CA crls/TwoCRLsCABadCRL.crl
+	certmgr -add -crl CA crls/UnknownCRLEntryExtensionCACRL.crl
+	certmgr -add -crl CA crls/UnknownCRLExtensionCACRL.crl
+	certmgr -add -crl CA crls/OldCRLnextUpdateCACRL.crl
+	certmgr -add -crl CA crls/pre2000CRLnextUpdateCACRL.crl
+	certmgr -add -crl CA crls/GeneralizedTimeCRLnextUpdateCACRL.crl
+	certmgr -add -crl CA crls/NegativeSerialNumberCACRL.crl
+	certmgr -add -crl CA crls/LongSerialNumberCACRL.crl
+	# section 4.5
+	certmgr -add -crl CA crls/BasicSelfIssuedOldKeyCACRL.crl
+	certmgr -add -crl CA crls/BasicSelfIssuedNewKeyCACRL.crl
+	certmgr -add -crl CA crls/BasicSelfIssuedOldKeySelfIssuedCertCRL.crl
+	certmgr -add -crl CA crls/BasicSelfIssuedCRLSigningKeyCACRL.crl
+	certmgr -add -crl CA crls/BasicSelfIssuedCRLSigningKeyCRLCertCRL.crl
+	# section 4.6
+	certmgr -add -crl CA crls/MissingbasicConstraintsCACRL.crl
+	certmgr -add -crl CA crls/basicConstraintsCriticalcAFalseCACRL.crl
+	certmgr -add -crl CA crls/basicConstraintsNotCriticalCACRL.crl
+	certmgr -add -crl CA crls/basicConstraintsNotCriticalcAFalseCACRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint0CACRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint0subCACRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint0subCA2CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6CACRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subCA0CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subsubCA00CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subCA1CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subsubCA11CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subsubsubCA11XCRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subCA4CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subsubCA41CRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint6subsubsubCA41XCRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint1CACRL.crl
+	certmgr -add -crl CA crls/pathLenConstraint1subCACRL.crl
+	# section 4.7
+	certmgr -add -crl CA crls/keyUsageCriticalkeyCertSignFalseCACRL.crl
+	certmgr -add -crl CA crls/keyUsageNotCriticalkeyCertSignFalseCACRL.crl
+	certmgr -add -crl CA crls/keyUsageNotCriticalCACRL.crl
+	certmgr -add -crl CA crls/keyUsageCriticalcRLSignFalseCACRL.crl
+	certmgr -add -crl CA crls/keyUsageNotCriticalcRLSignFalseCACRL.crl
+
+on: register
+	echo go > hint
+
+off:
+	rm -f hint
+
+clean: off
+	rm -rf certpairs
+	rm -rf certs
+	rm -rf crls
+	rm -rf pkcs12
+	rm -rf smime
+	rm -f pkits.ldif
+	rm -f pkits.schema
+	rm -f ReadMe.txt
+	rm -r x509build.exe*
+
+clean-all: clean
+	rm -f PKITS_data.zip
--- a/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/README
+++ b/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/README
@@ -0,0 +1,57 @@
+In September 2002 NIST (National Institute of Standards and Technology) 
+released the "Public Key Interoperability Test Suite" (PKITS). The document
+contains (a lot of) tests that ensure compliance with RFC3280.
+
+In order to use Mono PKITS unit tests you need to have all the test cases
+data downloaded, uncompressed and installed correctly. You can do all this
+with a simple
+
+	% make
+
+You can turn off the PKITS test by doing a
+
+	% make off
+
+And turn them back on (without redownloading everything) with a
+
+	% make on
+
+You can remove everything, except the downloaded ZIP files, by doing a
+
+	% make clean
+
+And "really" remove everything with a
+
+	% make clean-all
+
+
+Notes
+
+* In order to work properly a number of Root(Trusted) and CA certificates
+and CRL must be installed in the user store. You should be aware that they
+exists when PKITS is install. It's even possible (but would be a bug) that
+some remains after uninstallation. Please use certmgr to ensure your user
+certificate store is "clean".
+
+* The x509build.exe tool can be used to diagnose problems. Unlike the unit
+tests, which stop at the first bad assertion, the tool will display all
+available information on the whole certificate chain.
+
+* The Makefile is to be used with Mono only (any platform). If you want to
+run the tests on MS runtime then keep in mind that:
+
+	* it use it's own certificate stores. You'll need to register the
+	root and CA certificates and CRL with it;
+
+	* the MS X509Chain implementation is a wrapper around CryptoAPI.
+	The results you'll see will depends on your operating system (newer
+	versions of Windows are more RFC3280 compliant than earlier ones).
+
+* The last (sub-)point is important because it means we can't compare Mono
+results with the MS framework (as they depends on the operating system).
+The goal of adding this test suite is to check for regressions against 
+RFC3280 (which is more useful for interop with other implementation and,
+eventually, will match MS results on some new operating system).
+
+* Most of the tests will start failing in April 2011 as the certificates
+validity period will be over.
--- a/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/x509build.cs
+++ b/mcs/class/System/Test/System.Security.Cryptography.X509Certificates/pkits/x509build.cs
@@ -0,0 +1,48 @@
+using System;
+using System.Security.Cryptography.X509Certificates;
+
+class Program {
+
+	static int Main (string[] args)
+	{
+		if (args.Length == 0) {
+			Console.WriteLine ("Usage: mono x509build.exe filename");
+			return 2;
+		}
+		string filename = args [0];
+
+		X509Certificate2 cert = new X509Certificate2 (filename);
+		// using X509Chain.Create will use the X509Chain defined in machine.config
+		X509Chain chain = X509Chain.Create ();
+		bool result = chain.Build (cert);
+		Console.WriteLine ("Build: {0}", result);
+		Console.WriteLine ();
+
+		Console.WriteLine ("ChainStatus:");
+		if (chain.ChainStatus.Length > 0) {
+			foreach (X509ChainStatus st in chain.ChainStatus) {
+				Console.WriteLine ("\t{0}", st.Status);
+			}
+		} else {
+			Console.WriteLine ("\t{0}", X509ChainStatusFlags.NoError);
+		}
+		Console.WriteLine ();
+
+		int n = 1;
+		Console.WriteLine ("ChainElements:");
+		foreach (X509ChainElement ce in chain.ChainElements) {
+			Console.WriteLine ("{0}. Certificate: {1}", n++, ce.Certificate);
+			Console.WriteLine ("\tChainStatus:");
+			if (ce.ChainElementStatus.Length > 0) {
+				foreach (X509ChainStatus st in ce.ChainElementStatus) {
+					Console.WriteLine ("\t\t{0}", st.Status);
+				}
+			} else {
+				Console.WriteLine ("\t\t{0}", X509ChainStatusFlags.NoError);
+			}
+			Console.WriteLine ();
+		}
+
+		return result ? 0 : 1;
+	}
+}