Jo Shields a575963da9 Imported Upstream version 3.6.0
Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14
2014-08-13 10:39:27 +01:00

272 lines
11 KiB
C#

//
// X509ChainPolicyTest.cs - NUnit tests for X509ChainPolicy
//
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
#if NET_2_0
using NUnit.Framework;
using System;
using System.Collections;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
namespace MonoTests.System.Security.Cryptography.X509Certificates {
[TestFixture]
public class X509ChainPolicyTest {
static string signingTimeOid = "1.2.840.113549.1.9.5";
private X509ChainPolicy GetPolicy ()
{
X509Chain c = new X509Chain ();
return c.ChainPolicy;
}
[Test]
public void Default ()
{
X509ChainPolicy cp = GetPolicy ();
// default properties
Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
DateTime vt = cp.VerificationTime;
Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
}
[Test]
public void ApplicationPolicy ()
{
X509ChainPolicy cp = GetPolicy ();
cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
Assert.AreEqual (1, cp.ApplicationPolicy.Count, "ApplicationPolicy");
}
[Test]
public void ApplicationPolicy_Reset ()
{
X509ChainPolicy cp = GetPolicy ();
cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
OidCollection oc = cp.ApplicationPolicy;
Assert.AreEqual (1, oc.Count, "ApplicationPolicy-1");
cp.Reset ();
Assert.AreEqual (1, oc.Count, "ApplicationPolicy-2");
Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy-3");
}
[Test]
public void CertificatePolicy ()
{
X509ChainPolicy cp = GetPolicy ();
cp.CertificatePolicy.Add (new Oid (signingTimeOid));
Assert.AreEqual (1, cp.CertificatePolicy.Count, "CertificatePolicy");
}
[Test]
public void CertificatePolicy_Reset ()
{
X509ChainPolicy cp = GetPolicy ();
cp.CertificatePolicy.Add (new Oid (signingTimeOid));
OidCollection oc = cp.CertificatePolicy;
Assert.AreEqual (1, oc.Count, "CertificatePolicy-1");
cp.Reset ();
Assert.AreEqual (1, oc.Count, "CertificatePolicy-2");
Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy-3");
}
[Test]
public void ExtraStore ()
{
X509ChainPolicy cp = GetPolicy ();
cp.ExtraStore.Add (new X509Certificate2 ());
Assert.AreEqual (1, cp.ExtraStore.Count, "ExtraStore");
}
[Test]
public void ExtraStore_Reset ()
{
X509ChainPolicy cp = GetPolicy ();
cp.ExtraStore.Add (new X509Certificate2 ());
X509Certificate2Collection cc = cp.ExtraStore;
Assert.AreEqual (1, cc.Count, "ExtraStore-1");
cp.Reset ();
Assert.AreEqual (1, cc.Count, "ExtraStore-2");
Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore-3");
}
[Test]
public void RevocationFlag ()
{
X509ChainPolicy cp = GetPolicy ();
cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
Assert.AreEqual (X509RevocationFlag.EndCertificateOnly, cp.RevocationFlag, "EndCertificateOnly");
cp.RevocationFlag = X509RevocationFlag.EntireChain;
Assert.AreEqual (X509RevocationFlag.EntireChain, cp.RevocationFlag, "EntireChain");
cp.RevocationFlag = X509RevocationFlag.ExcludeRoot;
Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "ExcludeRoot");
}
[Test]
[ExpectedException (typeof (ArgumentException))]
public void RevocationFlag_Invalid ()
{
X509ChainPolicy cp = GetPolicy ();
cp.RevocationFlag = (X509RevocationFlag) Int32.MinValue;
}
[Test]
public void RevocationMode ()
{
X509ChainPolicy cp = GetPolicy ();
cp.RevocationMode = X509RevocationMode.NoCheck;
Assert.AreEqual (X509RevocationMode.NoCheck, cp.RevocationMode, "NoCheck");
cp.RevocationMode = X509RevocationMode.Offline;
Assert.AreEqual (X509RevocationMode.Offline, cp.RevocationMode, "Offline");
cp.RevocationMode = X509RevocationMode.Online;
Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "Online");
}
[Test]
[ExpectedException (typeof (ArgumentException))]
public void RevocationMode_Invalid ()
{
X509ChainPolicy cp = GetPolicy ();
cp.RevocationMode = (X509RevocationMode) Int32.MinValue;
}
[Test]
public void UrlRetrievalTimeout ()
{
X509ChainPolicy cp = GetPolicy ();
cp.UrlRetrievalTimeout = new TimeSpan (100);
Assert.AreEqual (100, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=100");
cp.UrlRetrievalTimeout = new TimeSpan (0);
Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=0");
cp.UrlRetrievalTimeout = TimeSpan.MinValue;
Assert.AreEqual (TimeSpan.MinValue, cp.UrlRetrievalTimeout, "TimeSpan=MinValue");
cp.UrlRetrievalTimeout = TimeSpan.MaxValue;
Assert.AreEqual (TimeSpan.MaxValue, cp.UrlRetrievalTimeout, "TimeSpan=MaxValue");
}
[Test]
public void VerificationFlags ()
{
X509ChainPolicy cp = GetPolicy ();
cp.VerificationFlags = X509VerificationFlags.AllFlags;
Assert.AreEqual (X509VerificationFlags.AllFlags, cp.VerificationFlags, "AllFlags");
cp.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
Assert.AreEqual (X509VerificationFlags.AllowUnknownCertificateAuthority, cp.VerificationFlags, "AllowUnknownCertificateAuthority");
cp.VerificationFlags = X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown;
Assert.AreEqual (X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown, cp.VerificationFlags, "IgnoreCertificateAuthorityRevocationUnknown");
cp.VerificationFlags = X509VerificationFlags.IgnoreCtlNotTimeValid;
Assert.AreEqual (X509VerificationFlags.IgnoreCtlNotTimeValid, cp.VerificationFlags, "IgnoreCtlNotTimeValid");
cp.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown;
Assert.AreEqual (X509VerificationFlags.IgnoreCtlSignerRevocationUnknown, cp.VerificationFlags, "IgnoreCtlSignerRevocationUnknown");
cp.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
Assert.AreEqual (X509VerificationFlags.IgnoreEndRevocationUnknown, cp.VerificationFlags, "IgnoreEndRevocationUnknown");
cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidBasicConstraints;
Assert.AreEqual (X509VerificationFlags.IgnoreInvalidBasicConstraints, cp.VerificationFlags, "IgnoreInvalidBasicConstraints");
cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidName;
Assert.AreEqual (X509VerificationFlags.IgnoreInvalidName, cp.VerificationFlags, "IgnoreInvalidName");
cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidPolicy;
Assert.AreEqual (X509VerificationFlags.IgnoreInvalidPolicy, cp.VerificationFlags, "IgnoreInvalidPolicy");
cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeNested;
Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeNested, cp.VerificationFlags, "IgnoreNotTimeNested");
cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid;
Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeValid, cp.VerificationFlags, "IgnoreNotTimeValid");
cp.VerificationFlags = X509VerificationFlags.IgnoreRootRevocationUnknown;
Assert.AreEqual (X509VerificationFlags.IgnoreRootRevocationUnknown, cp.VerificationFlags, "IgnoreRootRevocationUnknown");
cp.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
Assert.AreEqual (X509VerificationFlags.IgnoreWrongUsage, cp.VerificationFlags, "IgnoreWrongUsage");
cp.VerificationFlags = X509VerificationFlags.NoFlag;
Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "NoFlag");
}
[Test]
[ExpectedException (typeof (ArgumentException))]
public void VerificationFlags_Invalid ()
{
X509ChainPolicy cp = GetPolicy ();
cp.VerificationFlags = (X509VerificationFlags)Int32.MinValue;
}
[Test]
public void VerificationTime ()
{
X509ChainPolicy cp = GetPolicy ();
Assert.AreEqual (DateTimeKind.Local, cp.VerificationTime.Kind, "Kind=Local");
cp.VerificationTime = DateTime.Today;
Assert.AreEqual (DateTime.Today, cp.VerificationTime, "DateTime=Today");
cp.VerificationTime = new DateTime (0);
Assert.AreEqual (0, cp.VerificationTime.Ticks, "DateTime=0");
cp.VerificationTime = DateTime.MinValue;
Assert.AreEqual (DateTime.MinValue, cp.VerificationTime, "DateTime=MinValue");
cp.VerificationTime = DateTime.MaxValue;
Assert.AreEqual (DateTime.MaxValue, cp.VerificationTime, "DateTime=MaxValue");
}
[Test]
public void Reset ()
{
X509ChainPolicy cp = GetPolicy ();
cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
cp.CertificatePolicy.Add (new Oid (signingTimeOid));
cp.ExtraStore.Add (new X509Certificate2 ());
cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
cp.RevocationMode = X509RevocationMode.NoCheck;
cp.UrlRetrievalTimeout = new TimeSpan (100);
cp.VerificationFlags = X509VerificationFlags.AllFlags;
DateTime vt = cp.VerificationTime;
Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
// wait a bit before calling Reset, otherwise we could end up with the same time value
Thread.Sleep (100);
cp.Reset ();
Assert.IsTrue ((vt != cp.VerificationTime), "VerificationTime-Reset");
// default properties
Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
vt = cp.VerificationTime;
Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
}
}
}
#endif