public void IsSelfIssued_WithPartialChain_ReturnsFalse()
{
using (var certificate = SigningTestUtility.GetCertificate("leaf.crt"))
{
Assert.False(CertificateUtility.IsSelfIssued(certificate));
}
}
public void GetHashString_ReturnsCorrectHashForSupportedAlgorithms()
{
using (var certificate = SigningTestUtility.GetCertificate("leaf.crt"))
{
var sha256Fingerprint = CertificateUtility.GetHashString(certificate, Common.HashAlgorithmName.SHA256);
var sha384Fingerprint = CertificateUtility.GetHashString(certificate, Common.HashAlgorithmName.SHA384);
var sha512Fingerprint = CertificateUtility.GetHashString(certificate, Common.HashAlgorithmName.SHA512);
Assert.Equal("9893F4B40FD236F16C189AD8F01D8B92FE682DFA6E768354ED25F4741BF51C73", sha256Fingerprint);
Assert.Equal("6471116F2B2A4DBA7B021A208408F53FBA2BCA1661ED006112E82850AA9DFD06EC9B5C9A50B4D2E6890B756781503FE5", sha384Fingerprint);
Assert.Equal("5B00A6B778AF9DC19BB62BFA688556FEC0A35AEFFB63DACD8D4EF2F227EC0EF43DA8B27F3E12F8C3485D128F32E4E7CA20136AF3BB3DF21A4B47AE54137698F3", sha512Fingerprint);
}
}
public void CreateSignedAttributes_SignPackageRequest_WithValidInput_ReturnsAttributes()
{
using (var rootCertificate = SigningTestUtility.GetCertificate("root.crt"))
using (var intermediateCertificate = SigningTestUtility.GetCertificate("intermediate.crt"))
using (var leafCertificate = SigningTestUtility.GetCertificate("leaf.crt"))
using (var request = CreateRequest(leafCertificate))
{
var certList = new[] { leafCertificate, intermediateCertificate, rootCertificate };
var attributes = SigningUtility.CreateSignedAttributes(request, certList);
Assert.Equal(3, attributes.Count);
VerifyAttributes(attributes, request);
}
}
public void GetCertificateChain_WithUntrustedRoot_Throws()
{
using (var chainHolder = new X509ChainHolder())
using (var rootCertificate = SigningTestUtility.GetCertificate("root.crt"))
using (var intermediateCertificate = SigningTestUtility.GetCertificate("intermediate.crt"))
using (var leafCertificate = SigningTestUtility.GetCertificate("leaf.crt"))
{
var chain = chainHolder.Chain;
var extraStore = new X509Certificate2Collection()
{
rootCertificate, intermediateCertificate
};
var logger = new TestLogger();
var exception = Assert.Throws <SignatureException>(
() => CertificateChainUtility.GetCertificateChain(
leafCertificate,
extraStore,
logger,
CertificateType.Signature));
Assert.Equal(NuGetLogCode.NU3018, exception.Code);
Assert.Equal("Certificate chain validation failed.", exception.Message);
Assert.Equal(1, logger.Errors);
SigningTestUtility.AssertUntrustedRoot(logger.LogMessages, LogLevel.Error);
SigningTestUtility.AssertRevocationStatusUnknown(logger.LogMessages, LogLevel.Warning);
if (RuntimeEnvironmentHelper.IsWindows)
{
Assert.Equal(2, logger.Warnings);
SigningTestUtility.AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning);
}
else if (RuntimeEnvironmentHelper.IsLinux)
{
#if NETCORE5_0
Assert.Equal(2, logger.Warnings);
SigningTestUtility.AssertOfflineRevocation(logger.LogMessages, LogLevel.Warning);
#else
Assert.Equal(1, logger.Warnings);
#endif
}
else
{
Assert.Equal(1, logger.Warnings);
}
}
}
public void GetCertificateChain_ReturnsCertificatesInOrder()
{
using (var chainHolder = new X509ChainHolder())
using (var rootCertificate = SigningTestUtility.GetCertificate("root.crt"))
using (var intermediateCertificate = SigningTestUtility.GetCertificate("intermediate.crt"))
using (var leafCertificate = SigningTestUtility.GetCertificate("leaf.crt"))
{
var chain = chainHolder.Chain;
chain.ChainPolicy.ExtraStore.Add(rootCertificate);
chain.ChainPolicy.ExtraStore.Add(intermediateCertificate);
chain.Build(leafCertificate);
using (var certificateChain = CertificateChainUtility.GetCertificateChain(chain))
{
Assert.Equal(3, certificateChain.Count);
Assert.Equal(leafCertificate.Thumbprint, certificateChain[0].Thumbprint);
Assert.Equal(intermediateCertificate.Thumbprint, certificateChain[1].Thumbprint);
Assert.Equal(rootCertificate.Thumbprint, certificateChain[2].Thumbprint);
}
}
}