public static void CreateFromCertificate_Validation()
{
Assert.Throws <ArgumentNullException>(
"certificate",
() => X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
null,
false,
false));
Assert.Throws <ArgumentNullException>(
"certificate",
() => X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
null,
false,
true));
Assert.Throws <ArgumentNullException>(
"certificate",
() => X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
null,
true,
false));
Assert.Throws <ArgumentNullException>(
"certificate",
() => X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
null,
true,
true));
}
public static void CreateFromCertificateWithNoSki()
{
using (ECDsa key = ECDsa.Create())
{
CertificateRequest req = new CertificateRequest("CN=Hi", key, HashAlgorithmName.SHA256);
DateTimeOffset now = DateTimeOffset.UnixEpoch;
using (X509Certificate2 cert = req.CreateSelfSigned(now.AddMinutes(-5), now.AddMinutes(5)))
{
Assert.Throws <CryptographicException>(
() => X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: true,
includeIssuerAndSerial: false));
Assert.Throws <CryptographicException>(
() => X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: true,
includeIssuerAndSerial: true));
// Assert.NoThrow
X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: false,
includeIssuerAndSerial: true);
X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: false,
includeIssuerAndSerial: false);
}
}
}
public static void CreateIssuerAndSerialFromCertificate()
{
X509AuthorityKeyIdentifierExtension akid;
X500DistinguishedName issuerName;
ReadOnlyMemory <byte> serial;
using (X509Certificate2 cert = new X509Certificate2(TestData.MicrosoftDotComIssuerBytes))
{
issuerName = cert.IssuerName;
serial = cert.SerialNumberBytes;
akid = X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: false,
includeIssuerAndSerial: true);
}
Assert.False(akid.Critical, "akid.Critical");
Assert.NotNull(akid.NamedIssuer);
AssertExtensions.SequenceEqual(issuerName.RawData, akid.NamedIssuer.RawData);
Assert.True(akid.SerialNumber.HasValue, "akid.SerialNumber.HasValue");
AssertExtensions.SequenceEqual(serial.Span, akid.SerialNumber.GetValueOrDefault().Span);
Assert.False(akid.KeyIdentifier.HasValue, "akid.KeyIdentifier.HasValue");
const string ExpectedHex =
"3072A15EA45C305A310B300906035504061302494531123010060355040A1309" +
"42616C74696D6F726531133011060355040B130A437962657254727573743122" +
"30200603550403131942616C74696D6F7265204379626572547275737420526F" +
"6F7482100F14965F202069994FD5C7AC788941E2";
Assert.Equal(ExpectedHex, akid.RawData.ByteArrayToHex());
}
public static void CreateEmptyFromCertificate()
{
X509AuthorityKeyIdentifierExtension akid;
using (X509Certificate2 cert = new X509Certificate2(TestData.MicrosoftDotComIssuerBytes))
{
akid = X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: false,
includeIssuerAndSerial: false);
}
Assert.False(akid.Critical, "akid.Critical");
Assert.Equal("3000", akid.RawData.ByteArrayToHex());
}
public static void CreateKeyIdOnlyFromCertificate()
{
X509AuthorityKeyIdentifierExtension akid;
using (X509Certificate2 cert = new X509Certificate2(TestData.MicrosoftDotComIssuerBytes))
{
akid = X509AuthorityKeyIdentifierExtension.CreateFromCertificate(
cert,
includeKeyIdentifier: true,
includeIssuerAndSerial: false);
}
Assert.False(akid.Critical, "akid.Critical");
Assert.Equal("30168014B5760C3011CEC792424D4CC75C2CC8A90CE80B64", akid.RawData.ByteArrayToHex());
Assert.False(akid.RawIssuer.HasValue, "akid.RawIssuer.HasValue");
Assert.Null(akid.NamedIssuer);
Assert.False(akid.SerialNumber.HasValue, "akid.SerialNumber.HasValue");
Assert.True(akid.KeyIdentifier.HasValue, "akid.KeyIdentifier.HasValue");
Assert.Equal(
"B5760C3011CEC792424D4CC75C2CC8A90CE80B64",
akid.KeyIdentifier.GetValueOrDefault().ByteArrayToHex());
}