public static void CreateIssuerAndNegativeSerial(bool fromArray)
{
X509AuthorityKeyIdentifierExtension akid;
X500DistinguishedName issuerName = new X500DistinguishedName("CN=Negative");
ReadOnlySpan <byte> serial = new byte[] { 0x80, 0x02 };
if (fromArray)
{
akid = X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
issuerName,
serial.ToArray());
}
else
{
akid = X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
issuerName,
serial);
}
Assert.False(akid.Critical, "akid.Critical");
Assert.NotNull(akid.NamedIssuer);
AssertExtensions.SequenceEqual(issuerName.RawData, akid.NamedIssuer.RawData);
Assert.True(akid.SerialNumber.HasValue, "akid.SerialNumber.HasValue");
AssertExtensions.SequenceEqual(serial, akid.SerialNumber.GetValueOrDefault().Span);
Assert.False(akid.KeyIdentifier.HasValue, "akid.KeyIdentifier.HasValue");
const string ExpectedHex = "301DA117A41530133111300F060355040313084E6567617469766582028002";
Assert.Equal(ExpectedHex, akid.RawData.ByteArrayToHex());
}
public static void CreateWithInvalidSerialNumber()
{
// This value has 9 leading zero bits, making it an invalid encoding for a BER/DER INTEGER.
byte[] tooManyZeros = { 0x00, 0x7F };
byte[] invalidValue = tooManyZeros;
X500DistinguishedName dn = new X500DistinguishedName("CN=Bad Serial");
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(invalidValue, dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(
new ReadOnlySpan <byte>(invalidValue), dn, new ReadOnlySpan <byte>(invalidValue)));
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
dn, new ReadOnlySpan <byte>(invalidValue)));
// The leading 9 bits are all one, also invalid.
byte[] tooManyOnes = { 0xFF, 0x80 };
invalidValue = tooManyOnes;
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(invalidValue, dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.Create(
new ReadOnlySpan <byte>(invalidValue), dn, new ReadOnlySpan <byte>(invalidValue)));
// Array
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(dn, invalidValue));
// Span
Assert.Throws <ArgumentException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
dn, new ReadOnlySpan <byte>(invalidValue)));
}
public static void CreateIssuerAndSerial(bool fromArray)
{
X509AuthorityKeyIdentifierExtension akid;
X500DistinguishedName issuerName;
ReadOnlyMemory <byte> serial;
using (X509Certificate2 cert = new X509Certificate2(TestData.MicrosoftDotComIssuerBytes))
{
issuerName = cert.IssuerName;
serial = cert.SerialNumberBytes;
}
if (fromArray)
{
akid = X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
issuerName,
serial.Span.ToArray());
}
else
{
akid = X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
issuerName,
serial.Span);
}
Assert.False(akid.Critical, "akid.Critical");
Assert.NotNull(akid.NamedIssuer);
AssertExtensions.SequenceEqual(issuerName.RawData, akid.NamedIssuer.RawData);
Assert.True(akid.SerialNumber.HasValue, "akid.SerialNumber.HasValue");
AssertExtensions.SequenceEqual(serial.Span, akid.SerialNumber.GetValueOrDefault().Span);
Assert.False(akid.KeyIdentifier.HasValue, "akid.KeyIdentifier.HasValue");
const string ExpectedHex =
"3072A15EA45C305A310B300906035504061302494531123010060355040A1309" +
"42616C74696D6F726531133011060355040B130A437962657254727573743122" +
"30200603550403131942616C74696D6F7265204379626572547275737420526F" +
"6F7482100F14965F202069994FD5C7AC788941E2";
Assert.Equal(ExpectedHex, akid.RawData.ByteArrayToHex());
}
public static void CreateFromIssuerAndSerial_Validation()
{
Assert.Throws <ArgumentNullException>(
"issuerName",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
null,
Array.Empty <byte>()));
Assert.Throws <ArgumentNullException>(
"issuerName",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
null,
ReadOnlySpan <byte> .Empty));
X500DistinguishedName dn = new X500DistinguishedName("CN=Hi");
Assert.Throws <ArgumentNullException>(
"serialNumber",
() => X509AuthorityKeyIdentifierExtension.CreateFromIssuerNameAndSerialNumber(
dn,
(byte[])null));
}
