public void CertificateHasNoExtensionsTest()
{
X509MockCertificate cert = new X509MockCertificate();
cert.SetCriticalExtensions(null);
NUnit.Framework.Assert.False(SignUtils.HasUnsupportedCriticalExtension(cert));
}
public void BasicConstraintsSupportedTest()
{
X509MockCertificate cert = new X509MockCertificate();
ISet criticalExtensions = new HashSet();
criticalExtensions.Add(OID.X509Extensions.BASIC_CONSTRAINTS);
cert.SetCriticalExtensions(criticalExtensions);
NUnit.Framework.Assert.False(SignUtils.HasUnsupportedCriticalExtension(cert));
}
public void NotSupportedOIDTest()
{
X509MockCertificate cert = new X509MockCertificate();
ISet criticalExtensions = new HashSet();
criticalExtensions.Add("Totally not supported OID");
cert.SetCriticalExtensions(criticalExtensions);
NUnit.Framework.Assert.True(SignUtils.HasUnsupportedCriticalExtension(cert));
}
public void IdKpTimestampingWithoutExtendedKeyUsageTest()
{
X509MockCertificate cert = new X509MockCertificate();
IList extendedKeyUsage = new List <string>();
extendedKeyUsage.Add(OID.X509Extensions.ID_KP_TIMESTAMPING);
cert.SetExtendedKeyUsage(extendedKeyUsage);
NUnit.Framework.Assert.False(SignUtils.HasUnsupportedCriticalExtension(cert));
}
public void SupportedCriticalOIDsTest()
{
X509MockCertificate cert = new X509MockCertificate();
ISet criticalExtensions = new HashSet();
criticalExtensions.Add(OID.X509Extensions.KEY_USAGE);
criticalExtensions.Add(OID.X509Extensions.BASIC_CONSTRAINTS);
cert.SetCriticalExtensions(criticalExtensions);
cert.KeyUsage = new bool[] { true, true };
NUnit.Framework.Assert.False(SignUtils.HasUnsupportedCriticalExtension(cert));
}
public void ExtendedKeyUsageWithIdKpTimestampingTest()
{
X509MockCertificate cert = new X509MockCertificate();
ISet criticalExtensions = new HashSet();
criticalExtensions.Add(OID.X509Extensions.EXTENDED_KEY_USAGE);
cert.SetCriticalExtensions(criticalExtensions);
IList extendedKeyUsage = new List <string>();
extendedKeyUsage.Add(OID.X509Extensions.ID_KP_TIMESTAMPING);
cert.SetExtendedKeyUsage(extendedKeyUsage);
NUnit.Framework.Assert.False(SignUtils.HasUnsupportedCriticalExtension(cert));
}
/// <summary>Verifies a single certificate.</summary>
/// <param name="cert">the certificate to verify</param>
/// <param name="crls">the certificate revocation list or <CODE>null</CODE></param>
/// <param name="calendar">the date, shall not be null</param>
/// <returns>
/// a <CODE>String</CODE> with the error description or <CODE>null</CODE>
/// if no error
/// </returns>
public static String VerifyCertificate(X509Certificate cert, ICollection <X509Crl> crls, DateTime calendar)
{
if (SignUtils.HasUnsupportedCriticalExtension(cert))
{
return("Has unsupported critical extension");
}
try {
cert.CheckValidity(calendar.ToUniversalTime());
}
catch (Exception e) {
return(e.Message);
}
if (crls != null)
{
foreach (X509Crl crl in crls)
{
if (crl.IsRevoked(cert))
{
return("Certificate revoked");
}
}
}
return(null);
}
public void CertificateIsNullTest()
{
NUnit.Framework.Assert.That(() => {
SignUtils.HasUnsupportedCriticalExtension(null);
}, NUnit.Framework.Throws.TypeOf <ArgumentException>());;
}
