public static void LoadWithEmptyHashAlgorithm()
{
HashAlgorithmName hashAlgorithm = new HashAlgorithmName("");
Assert.Throws <ArgumentException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequest(Array.Empty <byte>(), hashAlgorithm));
{
int consumed = -1;
Assert.Throws <ArgumentException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequest(
ReadOnlySpan <byte> .Empty,
hashAlgorithm,
out consumed));
Assert.Equal(-1, consumed);
}
Assert.Throws <ArgumentException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequestPem(string.Empty, hashAlgorithm));
Assert.Throws <ArgumentException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequestPem(
ReadOnlySpan <char> .Empty,
hashAlgorithm));
}
public static void LoadBigExponentRequest_PemString(CertificateRequestLoadOptions options, bool multiPem)
{
string pem = TestData.BigExponentPkcs10Pem;
if (multiPem)
{
pem = $@"
-----BEGIN UNRELATED-----
abcd
-----END UNRELATED-----
-----BEGIN CERTIFICATE REQUEST-----
!!!!!INVALID!!!!!
-----END CERTIFICATE REQUEST-----
-----BEGIN MORE UNRELATED-----
efgh
-----END MORE UNRELATED-----
{pem}
-----BEGIN CERTIFICATE REQUEST-----
!!!!!INVALID!!!!!
-----END CERTIFICATE REQUEST-----";
}
CertificateRequest req = CertificateRequest.LoadSigningRequestPem(
pem,
HashAlgorithmName.SHA512,
options);
Assert.Equal(HashAlgorithmName.SHA512, req.HashAlgorithm);
VerifyBigExponentRequest(req, options);
}
public static void LoadWithDefaultHashAlgorithm()
{
Assert.Throws <ArgumentNullException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequest(Array.Empty <byte>(), default(HashAlgorithmName)));
{
int consumed = -1;
Assert.Throws <ArgumentNullException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequest(
ReadOnlySpan <byte> .Empty,
default(HashAlgorithmName),
out consumed));
Assert.Equal(-1, consumed);
}
Assert.Throws <ArgumentNullException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequestPem(string.Empty, default(HashAlgorithmName)));
Assert.Throws <ArgumentNullException>(
"signerHashAlgorithm",
() => CertificateRequest.LoadSigningRequestPem(
ReadOnlySpan <char> .Empty,
default(HashAlgorithmName)));
}
public static void LoadMultipleExtensionRequestsInOneAttribute()
{
// This is TestData.BigExponentPkcs10Bytes, except
// * A challenge password was added before the extensions requests
// * The extensions requests attribute value was cloned within the one attribute node
// * The signature was changed to just 1 bit, to cut down on space.
const string Pkcs10Pem = @"
-----BEGIN CERTIFICATE REQUEST-----
MIICVjCCAj8CAQAwgYoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp
b24xIDAeBgNVBAsTFy5ORVQgRnJhbWV3b3JrIChDb3JlRlgpMRIwEAYDVQQDEwls
b2NhbGhvc3QwggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCvgcHL2CA/
YkpTntZggXU3I5Oig31IkOSKGd7TaXMRViCWjWvg09qjiqd3vgLuC2uTtyTo3MEr
YytPqAu8klvOYk9Mp8xgYwazlAPijJMtJN1Ub/5O9qN/EHcLIhXqjLtb9CfoxNib
eeszg3UQDF+D5V3ptEZt377uQlOa7zPvGHt3YMOxobIQPC2BRFZKDBA5oJyFz2tZ
dOtRb8jWYjyUrjpaC7O0x5KVfUMjkVZs8+KlKvsMFCueBoG4lyZxryuC3TkKObk5
z3GVaGh+SZCmMFDKd2jc1rN4hC8Y/bH22f8Ja69765jc+TDWb8/VA/WNQb/0YhLi
Tjr8RepCvYhHAgUCAAAEQaCBhDATBgkqhkiG9w0BCQcxBgwEMTIzNDBtBgkqhkiG
9w0BCQ4xYDAuMCwGA1UdEQQlMCOHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCCWxv
Y2FsaG9zdDAuMCwGA1UdEQQlMCOHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGCCWxv
Y2FsaG9zdDANBgkqhkiG9w0BAQsFAAMCB4A=
-----END CERTIFICATE REQUEST-----";
CryptographicException ex = Assert.Throws <CryptographicException>(
() => CertificateRequest.LoadSigningRequestPem(
Pkcs10Pem,
HashAlgorithmName.SHA256,
CertificateRequestLoadOptions.SkipSignatureValidation));
Assert.Contains("Extension Request", ex.Message);
}
public static void LoadUnsortedAttributes()
{
// This is TestData.BigExponentPkcs10Bytes, except
// * A challenge password was added after the extensions requests
// * The signature was changed to just 1 bit, to cut down on space.
const string Pkcs10Pem = @"
-----BEGIN CERTIFICATE REQUEST-----
MIICJTCCAg4CAQAwgYoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp
b24xIDAeBgNVBAsTFy5ORVQgRnJhbWV3b3JrIChDb3JlRlgpMRIwEAYDVQQDEwls
b2NhbGhvc3QwggEkMA0GCSqGSIb3DQEBAQUAA4IBEQAwggEMAoIBAQCvgcHL2CA/
YkpTntZggXU3I5Oig31IkOSKGd7TaXMRViCWjWvg09qjiqd3vgLuC2uTtyTo3MEr
YytPqAu8klvOYk9Mp8xgYwazlAPijJMtJN1Ub/5O9qN/EHcLIhXqjLtb9CfoxNib
eeszg3UQDF+D5V3ptEZt377uQlOa7zPvGHt3YMOxobIQPC2BRFZKDBA5oJyFz2tZ
dOtRb8jWYjyUrjpaC7O0x5KVfUMjkVZs8+KlKvsMFCueBoG4lyZxryuC3TkKObk5
z3GVaGh+SZCmMFDKd2jc1rN4hC8Y/bH22f8Ja69765jc+TDWb8/VA/WNQb/0YhLi
Tjr8RepCvYhHAgUCAAAEQaBUMD0GCSqGSIb3DQEJDjEwMC4wLAYDVR0RBCUwI4cE
fwAAAYcQAAAAAAAAAAAAAAAAAAAAAYIJbG9jYWxob3N0MBMGCSqGSIb3DQEJBzEG
DAQxMjM0MA0GCSqGSIb3DQEBCwUAAwIHgA==
-----END CERTIFICATE REQUEST-----";
Assert.Throws <CryptographicException>(
() => CertificateRequest.LoadSigningRequestPem(
Pkcs10Pem,
HashAlgorithmName.SHA256,
CertificateRequestLoadOptions.SkipSignatureValidation));
}
public static void LoadWithUnknownOptions(int optionsValue)
{
CertificateRequestLoadOptions options = (CertificateRequestLoadOptions)optionsValue;
HashAlgorithmName hashAlgorithm = HashAlgorithmName.SHA256;
ArgumentOutOfRangeException ex;
ex = Assert.Throws <ArgumentOutOfRangeException>(
"options",
() => CertificateRequest.LoadSigningRequest(Array.Empty <byte>(), hashAlgorithm, options));
Assert.Equal(options, ex.ActualValue);
{
int consumed = -1;
ex = Assert.Throws <ArgumentOutOfRangeException>(
"options",
() => CertificateRequest.LoadSigningRequest(
ReadOnlySpan <byte> .Empty,
hashAlgorithm,
out consumed,
options));
Assert.Equal(-1, consumed);
Assert.Equal(options, ex.ActualValue);
}
ex = Assert.Throws <ArgumentOutOfRangeException>(
"options",
() => CertificateRequest.LoadSigningRequestPem(string.Empty, hashAlgorithm, options));
Assert.Equal(options, ex.ActualValue);
ex = Assert.Throws <ArgumentOutOfRangeException>(
"options",
() => CertificateRequest.LoadSigningRequestPem(
ReadOnlySpan <char> .Empty,
hashAlgorithm,
options));
Assert.Equal(options, ex.ActualValue);
}
public static void LoadWithAttributes()
{
// Generated by `openssl req -new -keyin bigexponent.pem` where bigexponent.pem
// represents the PKCS8 of TestData.RsaBigExponentParams
// All default values were taken, except
// Challenge password: 1234 (vs unspecified)
// An optional company name: Fabrikam (vs unspecified)
const string Pkcs10Pem =
"-----BEGIN CERTIFICATE REQUEST-----\n" +
"MIICujCCAaICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx\n" +
"ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASQwDQYJKoZIhvcN\n" +
"AQEBBQADggERADCCAQwCggEBAK+BwcvYID9iSlOe1mCBdTcjk6KDfUiQ5IoZ3tNp\n" +
"cxFWIJaNa+DT2qOKp3e+Au4La5O3JOjcwStjK0+oC7ySW85iT0ynzGBjBrOUA+KM\n" +
"ky0k3VRv/k72o38QdwsiFeqMu1v0J+jE2Jt56zODdRAMX4PlXem0Rm3fvu5CU5rv\n" +
"M+8Ye3dgw7GhshA8LYFEVkoMEDmgnIXPa1l061FvyNZiPJSuOloLs7THkpV9QyOR\n" +
"Vmzz4qUq+wwUK54GgbiXJnGvK4LdOQo5uTnPcZVoaH5JkKYwUMp3aNzWs3iELxj9\n" +
"sfbZ/wlrr3vrmNz5MNZvz9UD9Y1Bv/RiEuJOOvxF6kK9iEcCBQIAAARBoC4wEwYJ\n" +
"KoZIhvcNAQkHMQYMBDEyMzQwFwYJKoZIhvcNAQkCMQoMCEZhYnJpa2FtMA0GCSqG\n" +
"SIb3DQEBCwUAA4IBAQCr1X8D+ZkJqBmuZVEYqLPvNvie+KBycxgiJ08ZaV/dyndZ\n" +
"cudn6G9K0hiIwwGrfI5gbIb7QdPi64g3l9VdIrdH3yvQ6AcOZ644paiUUpe3u93l\n" +
"DTY+BGN7C0reJwL7ehalIrtS7hLKAQerg/qS7JO9aLRTbIXR52BQIUs9htYeATC5\n" +
"VHHssrOZpIHqIN4oaZbE0BwZm0ap6RVD80Oexko8pjiz9XNmtUWadeXXtezuOWTb\n" +
"duuJlh31kITIrbWVoMawMRq6JwNTPAFyiDMB/EFIvjxpUoS5yJe14bT8Hw2XvAFK\n" +
"Z9jOhHEPmAsasfRRSwr6CXyIKqo1HVT1ARPgHKHX\n" +
"-----END CERTIFICATE REQUEST-----";
CertificateRequest req = CertificateRequest.LoadSigningRequestPem(
Pkcs10Pem,
HashAlgorithmName.SHA384);
Assert.Equal(2, req.OtherRequestAttributes.Count);
AsnEncodedData attr = req.OtherRequestAttributes[0];
Assert.Equal("1.2.840.113549.1.9.7", attr.Oid.Value);
Assert.Equal("0C0431323334", attr.RawData.ByteArrayToHex());
attr = req.OtherRequestAttributes[1];
Assert.Equal("1.2.840.113549.1.9.2", attr.Oid.Value);
Assert.Equal("0C0846616272696B616D", attr.RawData.ByteArrayToHex());
}
public static void LoadPem_NoMatch()
{
CryptographicException ex;
const string NoMatchPem = @"
-----BEGIN CERTIFICATE REQUEST-----
%% Not Base64 %%
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE-----
AQAB
-----END CERTIFICATE-----";
ex = Assert.Throws <CryptographicException>(
() => CertificateRequest.LoadSigningRequestPem(NoMatchPem, HashAlgorithmName.SHA256));
Assert.Contains("CERTIFICATE REQUEST", ex.Message);
ex = Assert.Throws <CryptographicException>(
() => CertificateRequest.LoadSigningRequestPem(
NoMatchPem.AsSpan(),
HashAlgorithmName.SHA256));
Assert.Contains("CERTIFICATE REQUEST", ex.Message);
}
public static void LoadNullPemString()
{
Assert.Throws <ArgumentNullException>(
"pkcs10Pem",
() => CertificateRequest.LoadSigningRequestPem((string)null, HashAlgorithmName.SHA256));
}