public static void Create_Validation()
{
Assert.Throws <ArgumentNullException>(
"keyIdentifier",
() => X509AuthorityKeyIdentifierExtension.Create(
(byte[])null,
null,
(byte[])null));
Assert.Throws <ArgumentNullException>(
"issuerName",
() => X509AuthorityKeyIdentifierExtension.Create(
Array.Empty <byte>(),
null,
(byte[])null));
X500DistinguishedName dn = new X500DistinguishedName("CN=Hi");
Assert.Throws <ArgumentNullException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(
Array.Empty <byte>(),
dn,
(byte[])null));
Assert.Throws <ArgumentNullException>(
"issuerName",
() => X509AuthorityKeyIdentifierExtension.Create(
ReadOnlySpan <byte> .Empty,
null,
ReadOnlySpan <byte> .Empty));
}
public static void CreateFullPreservesKeyIdLeadingZeros()
{
ReadOnlySpan <byte> encoded = new byte[]
{
0x30, 0x26, 0x80, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x80, 0xA1, 0x14, 0xA4,
0x12, 0x30, 0x10, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x05, 0x48, 0x65,
0x6C, 0x6C, 0x6F, 0x82, 0x03, 0x00, 0xEE, 0x7B,
};
ReadOnlySpan <byte> keyId = encoded.Slice(4, 9);
X500DistinguishedName issuerName = new X500DistinguishedName("CN=Hello");
ReadOnlySpan <byte> serial = new byte[] { 0x00, 0xEE, 0x7B };
X509AuthorityKeyIdentifierExtension akid;
// From ROSpan
akid = X509AuthorityKeyIdentifierExtension.Create(keyId, issuerName, serial);
AssertExtensions.SequenceEqual(encoded, akid.RawData);
AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span);
AssertExtensions.SequenceEqual(issuerName.RawData, akid.NamedIssuer.RawData);
AssertExtensions.SequenceEqual(serial, akid.SerialNumber.GetValueOrDefault().Span);
// From Arrays
akid = X509AuthorityKeyIdentifierExtension.Create(keyId.ToArray(), issuerName, serial.ToArray());
AssertExtensions.SequenceEqual(encoded, akid.RawData);
AssertExtensions.SequenceEqual(keyId, akid.KeyIdentifier.GetValueOrDefault().Span);
AssertExtensions.SequenceEqual(issuerName.RawData, akid.NamedIssuer.RawData);
AssertExtensions.SequenceEqual(serial, akid.SerialNumber.GetValueOrDefault().Span);
}
public static void CreateFullWithNegativeSerialNumber(bool fromArray)
{
X509AuthorityKeyIdentifierExtension akid;
ReadOnlySpan <byte> skid = new byte[] { 0x01, 0x02, 0x04 };
X500DistinguishedName issuerName = new X500DistinguishedName("CN=Negative");
ReadOnlySpan <byte> serial = new byte[] { 0x80, 0x02 };
if (fromArray)
{
akid = X509AuthorityKeyIdentifierExtension.Create(
skid.ToArray(),
issuerName,
serial.ToArray());
}
else
{
akid = X509AuthorityKeyIdentifierExtension.Create(skid, issuerName, serial);
}
Assert.False(akid.Critical, "akid.Critical");
Assert.NotNull(akid.NamedIssuer);
AssertExtensions.SequenceEqual(issuerName.RawData, akid.NamedIssuer.RawData);
Assert.True(akid.SerialNumber.HasValue, "akid.SerialNumber.HasValue");
AssertExtensions.SequenceEqual(serial, akid.SerialNumber.GetValueOrDefault().Span);
Assert.True(akid.KeyIdentifier.HasValue, "akid.KeyIdentifier.HasValue");
AssertExtensions.SequenceEqual(skid, akid.KeyIdentifier.GetValueOrDefault().Span);
const string ExpectedHex =
"30228003010204A117A41530133111300F060355040313084E65676174697665" +
"82028002";
Assert.Equal(ExpectedHex, akid.RawData.ByteArrayToHex());
}
public static void CreateWithInvalidSerialNumber()
{
// This value has 9 leading zero bits, making it an invalid encoding for a BER/DER INTEGER.
byte[] tooManyZeros = { 0x00, 0x7F };
byte[] invalidValue = tooManyZeros;
X500DistinguishedName dn = new X500DistinguishedName("CN=Bad Serial");
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(invalidValue, dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(
new ReadOnlySpan <byte>(invalidValue), dn, new ReadOnlySpan <byte>(invalidValue)));
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
dn, new ReadOnlySpan <byte>(invalidValue)));
// The leading 9 bits are all one, also invalid.
byte[] tooManyOnes = { 0xFF, 0x80 };
invalidValue = tooManyOnes;
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(invalidValue, dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(
new ReadOnlySpan <byte>(invalidValue), dn, new ReadOnlySpan <byte>(invalidValue)));
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
dn, new ReadOnlySpan <byte>(invalidValue)));
}
public static void RoundtripFull()
{
byte[] encoded = (
"303C80140235857ED35BD13609F22DE8A71F93DFEBD3F495A11AA41830163114" +
"301206035504030C0B49737375696E6743657274820852E6DEFA1D32A969").HexToByteArray();
X509AuthorityKeyIdentifierExtension akid = new X509AuthorityKeyIdentifierExtension(encoded, true);
Assert.True(akid.Critical, "akid.Critical");
Assert.True(akid.KeyIdentifier.HasValue, "akid.KeyIdentifier.HasValue");
Assert.Equal(
"0235857ED35BD13609F22DE8A71F93DFEBD3F495",
akid.KeyIdentifier.Value.ByteArrayToHex());
Assert.True(akid.RawIssuer.HasValue, "akid.RawIssuer.HasValue");
Assert.NotNull(akid.NamedIssuer);
Assert.Equal(
"A11AA41830163114301206035504030C0B49737375696E6743657274",
akid.RawIssuer.Value.ByteArrayToHex());
Assert.Equal(
"30163114301206035504030C0B49737375696E6743657274",
akid.NamedIssuer.RawData.ByteArrayToHex());
Assert.True(akid.SerialNumber.HasValue, "akid.SerialNumber.HasValue");
Assert.Equal("52E6DEFA1D32A969", akid.SerialNumber.Value.ByteArrayToHex());
X509AuthorityKeyIdentifierExtension akid2 = X509AuthorityKeyIdentifierExtension.Create(
akid.KeyIdentifier.Value.Span,
akid.NamedIssuer,
akid.SerialNumber.Value.Span);
Assert.False(akid2.Critical, "akid2.Critical");
AssertExtensions.SequenceEqual(akid.RawData, akid2.RawData);
}
