private string TestPolicies(
int index,
X509Certificate trustCert,
X509Certificate intCert,
X509Certificate endCert,
ISet requirePolicies,
bool okay)
{
ISet trust = new HashSet();
trust.Add(new TrustAnchor(trustCert, null));
X509CertStoreSelector targetConstraints = new X509CertStoreSelector();
targetConstraints.Subject = endCert.SubjectDN;
PkixBuilderParameters pbParams = new PkixBuilderParameters(trust, targetConstraints);
ISet certs = new HashSet();
certs.Add(intCert);
certs.Add(endCert);
IX509Store store = X509StoreFactory.Create(
"CERTIFICATE/COLLECTION",
new X509CollectionStoreParameters(certs));
pbParams.AddStore(store);
pbParams.IsRevocationEnabled = false;
if (requirePolicies != null)
{
pbParams.IsExplicitPolicyRequired = true;
pbParams.SetInitialPolicies(requirePolicies);
}
// CertPathBuilder cpb = CertPathBuilder.GetInstance("PKIX");
PkixCertPathBuilder cpb = new PkixCertPathBuilder();
PkixCertPathBuilderResult result = null;
try
{
result = (PkixCertPathBuilderResult)cpb.Build(pbParams);
if (!okay)
{
Fail(index + ": path validated when failure expected.");
}
// if (result.getPolicyTree() != null)
// {
// Console.WriteLine("OK");
// Console.WriteLine("policy: " + result.getPolicyTree());
// }
// else
// {
// Console.WriteLine("OK: policy tree = null");
// }
return "";
}
catch (TestFailedException e)
{
throw e;
}
catch (Exception e)
{
if (okay)
{
Fail(index + ": path failed to validate when success expected.");
}
Exception ee = e.InnerException;
if (ee != null)
{
return ee.Message;
}
return e.Message;
}
}
private PkixCertPathBuilderResult doBuilderTest(
string trustAnchor,
string[] certs,
string[] crls,
ISet initialPolicies,
bool policyMappingInhibited,
bool anyPolicyInhibited)
{
ISet trustedSet = new HashSet();
trustedSet.Add(GetTrustAnchor(trustAnchor));
IList x509Certs = new ArrayList();
IList x509Crls = new ArrayList();
X509Certificate endCert = LoadCert(certs[certs.Length - 1]);
for (int i = 0; i != certs.Length - 1; i++)
{
x509Certs.Add(LoadCert(certs[i]));
}
x509Certs.Add(endCert);
for (int i = 0; i != crls.Length; i++)
{
x509Crls.Add(LoadCrl(crls[i]));
}
IX509Store x509CertStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(x509Certs));
IX509Store x509CrlStore = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(x509Crls));
// CertPathBuilder builder = CertPathBuilder.GetInstance("PKIX");
PkixCertPathBuilder builder = new PkixCertPathBuilder();
X509CertStoreSelector endSelector = new X509CertStoreSelector();
endSelector.Certificate = endCert;
PkixBuilderParameters builderParams = new PkixBuilderParameters(trustedSet, endSelector);
if (initialPolicies != null)
{
builderParams.SetInitialPolicies(initialPolicies);
builderParams.IsExplicitPolicyRequired = true;
}
if (policyMappingInhibited)
{
builderParams.IsPolicyMappingInhibited = policyMappingInhibited;
}
if (anyPolicyInhibited)
{
builderParams.IsAnyPolicyInhibited = anyPolicyInhibited;
}
builderParams.AddStore(x509CertStore);
builderParams.AddStore(x509CrlStore);
// Perform validation as of this date since test certs expired
builderParams.Date = new DateTimeObject(DateTime.Parse("1/1/2011"));
try
{
return (PkixCertPathBuilderResult) builder.Build(builderParams);
}
catch (PkixCertPathBuilderException e)
{
throw e.InnerException;
}
}
private void Test(string _name, string[] _data, ISet _ipolset,
bool _explicit, bool _accept, bool _debug)
{
testCount++;
bool _pass = true;
try
{
// CertPathBuilder _cpb = CertPathBuilder.GetInstance("PKIX");
PkixCertPathBuilder _cpb = new PkixCertPathBuilder();
X509Certificate _ee = DecodeCertificate(_data[_data.Length - 1]);
X509CertStoreSelector _select = new X509CertStoreSelector();
_select.Subject = _ee.SubjectDN;
IX509Store certStore, crlStore;
MakeCertStore(_data, out certStore, out crlStore);
PkixBuilderParameters _param = new PkixBuilderParameters(
trustedSet, _select);
_param.IsExplicitPolicyRequired = _explicit;
_param.AddStore(certStore);
_param.AddStore(crlStore);
_param.IsRevocationEnabled = true;
if (_ipolset != null)
{
_param.SetInitialPolicies(_ipolset);
}
PkixCertPathBuilderResult _result = _cpb.Build(_param);
if (!_accept)
{
_pass = false;
testFail.Add(_name);
}
}
catch (Exception)
{
if (_accept)
{
_pass = false;
testFail.Add(_name);
}
}
resultBuf.Append("NISTCertPathTest -- ").Append(_name).Append(": ")
.Append(_pass ? "\n" : "Failed.\n");
}
