164 lines
4.6 KiB
C#
164 lines
4.6 KiB
C#
//
|
|
// PkitsTest.cs - NUnit tests for
|
|
// NIST Public Key Interoperability Test Suite (PKITS)
|
|
// Certificate Path Validation, Version 1.0, September 2, 2004
|
|
//
|
|
// Author:
|
|
// Sebastien Pouliot <sebastien@ximian.com>
|
|
//
|
|
// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining
|
|
// a copy of this software and associated documentation files (the
|
|
// "Software"), to deal in the Software without restriction, including
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
|
// permit persons to whom the Software is furnished to do so, subject to
|
|
// the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be
|
|
// included in all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
//
|
|
#if !MOBILE
|
|
|
|
using NUnit.Framework;
|
|
|
|
using System;
|
|
using System.Collections;
|
|
using System.IO;
|
|
using System.Security.Cryptography;
|
|
using System.Security.Cryptography.Pkcs;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using System.Text;
|
|
|
|
namespace MonoTests.System.Security.Cryptography.Pkcs {
|
|
|
|
/*
|
|
* PKITS home page
|
|
* http://csrs.nist.gov/pki/testing/x509paths.html
|
|
*
|
|
* Documentation is available at
|
|
* http://csrc.nist.gov/pki/testing/PKITS.pdf
|
|
*
|
|
* Test data is available at
|
|
* http://csrc.nist.gov/pki/testing/PKITS_data.zip
|
|
*
|
|
* License information are available at
|
|
* http://cio.nist.gov/esd/emaildir/lists/pkits/msg00048.html
|
|
*/
|
|
|
|
[Category ("PKITS")]
|
|
public class PkitsTest {
|
|
|
|
private string base_dir;
|
|
private string certs_base_dir;
|
|
private string smime_base_dir;
|
|
private Hashtable cache;
|
|
private Oid[] policies;
|
|
|
|
[TestFixtureSetUp]
|
|
public void FixtureSetUp ()
|
|
{
|
|
// reuse PKITS data installed in System (for X509Chain tests)
|
|
base_dir = String.Format ("{0}{1}..{1}System{1}Test{1}System.Security.Cryptography.X509Certificates{1}pkits",
|
|
Directory.GetCurrentDirectory (), Path.DirectorySeparatorChar);
|
|
if (!Directory.Exists (base_dir))
|
|
Assert.Ignore ("PKITS tests data not found under '{0}'.", new object[] { base_dir });
|
|
certs_base_dir = Path.Combine (base_dir, "certs");
|
|
smime_base_dir = Path.Combine (base_dir, "smime");
|
|
|
|
cache = new Hashtable ();
|
|
|
|
policies = new Oid[9];
|
|
// any-policies
|
|
policies[0] = new Oid ("2.5.29.32.0");
|
|
// nist_test_policy_#
|
|
for (int i=0; i < 9; i++)
|
|
policies[i] = new Oid ("2.16.840.1.101.3.2.1.48." + i.ToString ());
|
|
}
|
|
|
|
[TestFixtureTearDown]
|
|
public void FixtureTearDown ()
|
|
{
|
|
cache.Clear ();
|
|
}
|
|
|
|
public X509Certificate2 GetCertificate (string filename)
|
|
{
|
|
X509Certificate2 result = (cache[filename] as X509Certificate2);
|
|
if (result == null) {
|
|
string full_path = Path.Combine (certs_base_dir, filename);
|
|
result = new X509Certificate2 (full_path);
|
|
cache[filename] = result;
|
|
}
|
|
return result;
|
|
}
|
|
|
|
public byte[] GetData (string filename)
|
|
{
|
|
string full_path = Path.Combine (smime_base_dir, filename);
|
|
using (StreamReader sr = new StreamReader (full_path)) {
|
|
string s = sr.ReadLine ();
|
|
while (!sr.EndOfStream) {
|
|
if (s.Length == 0)
|
|
break;
|
|
s = sr.ReadLine ();
|
|
}
|
|
s = sr.ReadToEnd ();
|
|
return Convert.FromBase64String (s);
|
|
}
|
|
}
|
|
|
|
public X509Certificate2 TrustAnchorRoot {
|
|
get { return GetCertificate ("TrustAnchorRootCertificate.crt"); }
|
|
}
|
|
|
|
public X509Certificate2 GoodCACert {
|
|
get { return GetCertificate ("GoodCACert.crt"); }
|
|
}
|
|
|
|
// Sadly both SignedCms.CheckHash and SignedCms.CheckSignature returns void and throw an exception.
|
|
// This makes it difficult to use in tests because we want to be sure that the "expected exception"
|
|
// is being thrown at the "right" place. The next 2 methods hacks around that limitation.
|
|
public bool CheckHash (SignedCms cms)
|
|
{
|
|
try {
|
|
cms.CheckSignature (false);
|
|
return true;
|
|
}
|
|
catch {
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public bool CheckSignature (SignedCms cms)
|
|
{
|
|
try {
|
|
cms.CheckSignature (false);
|
|
return true;
|
|
}
|
|
catch {
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public Oid AnyPolicy {
|
|
get { return policies [0]; }
|
|
}
|
|
|
|
public Oid NistPolicy (int n)
|
|
{
|
|
return policies[n];
|
|
}
|
|
}
|
|
}
|
|
#endif
|