public static void GetDSAPublicKey_NullForDifferentAlgorithm()
{
byte[] spki = TestData.GostR3410SubjectPublicKeyInfo;
PublicKey key = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out _);
Assert.Null(key.GetDSAPublicKey());
}
public static void PublicKeyConstructor_CannotSelfSign()
{
byte[] spki;
using (ECDsa key = ECDsa.Create(EccTestData.Secp384r1Data.KeyParameters))
{
spki = key.ExportSubjectPublicKeyInfo();
}
PublicKey publicKey = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out _);
CertificateRequest req = new CertificateRequest(
new X500DistinguishedName("CN=Test"),
publicKey,
HashAlgorithmName.SHA384);
InvalidOperationException ex;
ex = Assert.Throws <InvalidOperationException>(() => req.CreateSigningRequest());
Assert.Contains(nameof(X509SignatureGenerator), ex.Message);
DateTimeOffset notBefore = DateTimeOffset.UtcNow;
DateTimeOffset notAfter = notBefore.AddMinutes(1);
ex = Assert.Throws <InvalidOperationException>(() => req.CreateSelfSigned(notBefore, notAfter));
Assert.Contains(nameof(X509SignatureGenerator), ex.Message);
}
public static void CreateFromSubjectPublicKeyInfo_AnyAlgorithm()
{
byte[] spki = TestData.GostR3410SubjectPublicKeyInfo;
PublicKey key = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out int read);
Assert.Throws <NotSupportedException>(() => key.Key);
Assert.Equal("1.2.643.2.2.19", key.Oid.Value);
Assert.Equal(spki, key.ExportSubjectPublicKeyInfo());
Assert.Equal(spki.Length, read);
}
public static void CreateFromSubjectPublicKeyInfo_Roundtrip_ECDH()
{
using ECDiffieHellman ecdh = ECDiffieHellman.Create();
ecdh.ImportFromPem(TestData.EcDhPkcs8PublicKey);
byte[] spki = ecdh.ExportSubjectPublicKeyInfo();
PublicKey key = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out int read);
Assert.Throws <NotSupportedException>(() => key.Key);
Assert.Equal("1.2.840.10045.2.1", key.Oid.Value);
Assert.Equal(spki, key.ExportSubjectPublicKeyInfo());
Assert.Equal(spki.Length, read);
}
public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA()
{
using DSA dsa = DSA.Create();
dsa.ImportFromPem(TestData.DsaPkcs8PublicKey);
byte[] spki = dsa.ExportSubjectPublicKeyInfo();
PublicKey key = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out int read);
Assert.IsAssignableFrom <DSA>(key.Key);
Assert.Equal("1.2.840.10040.4.1", key.Oid.Value);
Assert.Equal(spki, key.ExportSubjectPublicKeyInfo());
Assert.Equal(spki.Length, read);
}
public static void CreateFromSubjectPublicKeyInfo_Roundtrip_RSA()
{
using RSA rsa = RSA.Create();
rsa.ImportFromPem(TestData.RsaPkcs8PublicKey);
byte[] spki = rsa.ExportSubjectPublicKeyInfo();
PublicKey key = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out int read);
Assert.IsAssignableFrom <RSA>(key.Key);
Assert.Equal("1.2.840.113549.1.1.1", key.Oid.Value);
Assert.Equal(spki, key.ExportSubjectPublicKeyInfo());
Assert.Equal(spki.Length, read);
}
public static void CreateFromSubjectPublicKeyInfo_Roundtrip_DSA_InvalidKey()
{
// The DSA key is invalid here, but we should be able to round-trip the
// parameters as-is.
byte[] spki = Convert.FromHexString(
"301B301306072A8648CE3804013008020100020300FFFF030400020103");
PublicKey key = PublicKey.CreateFromSubjectPublicKeyInfo(spki, out int read);
Assert.ThrowsAny <CryptographicException>(() => key.Key);
Assert.Equal("1.2.840.10040.4.1", key.Oid.Value);
Assert.Equal(spki, key.ExportSubjectPublicKeyInfo());
Assert.Equal(spki.Length, read);
}
public static void ECDSA_Signing_UnknownPublicKeyAlgorithm()
{
using ECDsa ecdsa = ECDsa.Create(ECCurve.NamedCurves.nistP256);
PublicKey gostRPublicKey = PublicKey.CreateFromSubjectPublicKeyInfo(
TestData.GostR3410SubjectPublicKeyInfo,
out _);
CertificateRequest issuerRequest = new CertificateRequest(
new X500DistinguishedName("CN=root"),
ecdsa,
HashAlgorithmName.SHA256);
issuerRequest.CertificateExtensions.Add(
new X509BasicConstraintsExtension(true, false, 0, true));
CertificateRequest request = new CertificateRequest(
new X500DistinguishedName("CN=test"),
gostRPublicKey,
HashAlgorithmName.SHA256);
request.CertificateExtensions.Add(
new X509BasicConstraintsExtension(false, false, 0, true));
DateTimeOffset notBefore = DateTimeOffset.UtcNow;
DateTimeOffset notAfter = notBefore.AddDays(30);
byte[] serial = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
using X509Certificate2 issuer = issuerRequest.CreateSelfSigned(notBefore, notAfter);
X509SignatureGenerator ecdsaGenerator = X509SignatureGenerator.CreateForECDsa(ecdsa);
using X509Certificate2 cert = request.Create(issuer.SubjectName, ecdsaGenerator, notBefore, notAfter, serial);
Assert.Null(cert.GetECDsaPublicKey());
Assert.Null(cert.GetECDiffieHellmanPublicKey());
Assert.Equal("1.2.643.2.2.19", cert.PublicKey.Oid.Value);
}
public static void CreateFromSubjectPublicKeyInfo_BadEncoding()
{
Assert.Throws <CryptographicException>(() =>
PublicKey.CreateFromSubjectPublicKeyInfo(new byte[] { 0xFF }, out _));
}