public void ConstructorAsnEncodedData_BadAsn() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]); X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension(aed, true); Assert.AreEqual(String.Empty, eku.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, eku.Format(false), "Format(false)"); OidCollection oc = eku.EnhancedKeyUsages; }
public void ConstructorEmpty() { X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension(); Assert.IsFalse(eku.Critical, "Critical"); Assert.IsNull(eku.RawData, "RawData"); Assert.AreEqual(oid, eku.Oid.Value, "Oid.Value"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual (fname, eku.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual(String.Empty, eku.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, eku.Format(false), "Format(false)"); }
[Category("NotDotNet")] // FriendlyName should not only be English. public void Build_X509EnhancedKeyUsageExtension() { AsnEncodedData aed = new AsnEncodedData(new byte[] { 0x30, 0x05, 0x06, 0x03, 0x2A, 0x03, 0x04 }); Assert.AreEqual("30 05 06 03 2a 03 04", aed.Format(true), "Format(true)"); Assert.AreEqual("30 05 06 03 2a 03 04", aed.Format(false), "Format(false)"); aed.Oid = new Oid("2.5.29.37"); // and now "AsnEncodedData" knows how to (magically) decode the data without involving the class // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. Assert.AreEqual("Unknown Key Usage (1.2.3.4)" + Environment.NewLine, aed.Format(true), "aed.Format(true)"); Assert.AreEqual("Unknown Key Usage (1.2.3.4)", aed.Format(false), "aed.Format(false)"); // compare with the output of the "appropriate" class X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension(aed, false); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. Assert.AreEqual("Unknown Key Usage (1.2.3.4)" + Environment.NewLine, eku.Format(true), "eku.Format(true)"); Assert.AreEqual("Unknown Key Usage (1.2.3.4)", eku.Format(false), "eku.Format(false)"); }
public static void VerifySignedApplicationCert(ApplicationTestData testApp, byte[] rawSignedCert, byte[][] rawIssuerCerts) { X509Certificate2 signedCert = new X509Certificate2(rawSignedCert); X509Certificate2 issuerCert = new X509Certificate2(rawIssuerCerts[0]); TestContext.Out.WriteLine($"Signed cert: {signedCert}"); TestContext.Out.WriteLine($"Issuer cert: {issuerCert}"); Assert.NotNull(signedCert); Assert.False(signedCert.HasPrivateKey); Assert.True(X509Utils.CompareDistinguishedName(testApp.Subject, signedCert.Subject)); Assert.False(X509Utils.CompareDistinguishedName(signedCert.Issuer, signedCert.Subject)); Assert.True(X509Utils.CompareDistinguishedName(signedCert.Issuer, issuerCert.Subject)); TestContext.Out.WriteLine($"Signed Subject: {signedCert.Subject}"); TestContext.Out.WriteLine($"Issuer Subject: {issuerCert.Subject}"); // test basic constraints X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(signedCert); Assert.NotNull(constraints); TestContext.Out.WriteLine($"Constraints: {constraints.Format(true)}"); Assert.True(constraints.Critical); Assert.False(constraints.CertificateAuthority); Assert.False(constraints.HasPathLengthConstraint); // key usage X509KeyUsageExtension keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(signedCert); Assert.NotNull(keyUsage); TestContext.Out.WriteLine($"KeyUsage: {keyUsage.Format(true)}"); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage X509EnhancedKeyUsageExtension enhancedKeyUsage = X509Extensions.FindExtension <X509EnhancedKeyUsageExtension>(signedCert); Assert.NotNull(enhancedKeyUsage); TestContext.Out.WriteLine($"Enhanced Key Usage: {enhancedKeyUsage.Format(true)}"); Assert.True(enhancedKeyUsage.Critical); // test for authority key X509AuthorityKeyIdentifierExtension authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(signedCert); Assert.NotNull(authority); TestContext.Out.WriteLine($"Authority Key Identifier: {authority.Format(true)}"); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyIdentifier); Assert.NotNull(authority.Issuer); Assert.AreEqual(issuerCert.SubjectName.RawData, authority.Issuer.RawData); Assert.AreEqual(issuerCert.SubjectName.RawData, authority.Issuer.RawData); // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(issuerCert); TestContext.Out.WriteLine($"Issuer Subject Key Identifier: {subjectKeyId}"); Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(signedCert); Assert.NotNull(subjectAlternateName); TestContext.Out.WriteLine($"Issuer Subject Alternate Name: {subjectAlternateName}"); Assert.False(subjectAlternateName.Critical); var domainNames = X509Utils.GetDomainsFromCertficate(signedCert); foreach (var domainName in testApp.DomainNames) { Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase)); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = X509Utils.GetApplicationUriFromCertificate(signedCert); Assert.True(testApp.ApplicationRecord.ApplicationUri == applicationUri); }
public static void VerifyApplicationCert(ApplicationTestData testApp, X509Certificate2 cert, X509Certificate2 issuerCert = null) { bool signedCert = issuerCert != null; if (issuerCert == null) { issuerCert = cert; } TestContext.Out.WriteLine($"{nameof(VerifyApplicationCert)}:"); Assert.NotNull(cert); TestContext.Out.WriteLine(cert); Assert.False(cert.HasPrivateKey); Assert.True(X509Utils.CompareDistinguishedName(testApp.Subject, cert.Subject)); Assert.True(X509Utils.CompareDistinguishedName(issuerCert.Subject, cert.Issuer)); // test basic constraints X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert); Assert.NotNull(constraints); TestContext.Out.WriteLine(constraints.Format(true)); Assert.True(constraints.Critical); if (signedCert) { Assert.False(constraints.CertificateAuthority); Assert.False(constraints.HasPathLengthConstraint); } else { Assert.True(constraints.CertificateAuthority); Assert.True(constraints.HasPathLengthConstraint); Assert.AreEqual(0, constraints.PathLengthConstraint); } // key usage X509KeyUsageExtension keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert); Assert.NotNull(keyUsage); TestContext.Out.WriteLine(keyUsage.Format(true)); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == (signedCert ? 0 : X509KeyUsageFlags.KeyCertSign)); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage X509EnhancedKeyUsageExtension enhancedKeyUsage = X509Extensions.FindExtension <X509EnhancedKeyUsageExtension>(cert); Assert.NotNull(enhancedKeyUsage); TestContext.Out.WriteLine(enhancedKeyUsage.Format(true)); Assert.True(enhancedKeyUsage.Critical); // test for authority key X509AuthorityKeyIdentifierExtension authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(cert); Assert.NotNull(authority); TestContext.Out.WriteLine(authority.Format(true)); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyIdentifier); Assert.NotNull(authority.Issuer); if (issuerCert == null) { Assert.AreEqual(cert.SubjectName.RawData, authority.Issuer.RawData); Assert.True(X509Utils.CompareDistinguishedName(cert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}"); } else { Assert.AreEqual(issuerCert.SubjectName.RawData, authority.Issuer.RawData); Assert.True(X509Utils.CompareDistinguishedName(issuerCert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}"); } // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(cert); TestContext.Out.WriteLine(subjectKeyId.Format(true)); if (signedCert) { var caCertSubjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(issuerCert); Assert.NotNull(caCertSubjectKeyId); Assert.AreEqual(caCertSubjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); } else { Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); } Assert.AreEqual(issuerCert.GetSerialNumber(), authority.GetSerialNumber()); Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(cert); Assert.NotNull(subjectAlternateName); TestContext.Out.WriteLine(subjectAlternateName.Format(true)); Assert.False(subjectAlternateName.Critical); var domainNames = X509Utils.GetDomainsFromCertficate(cert); foreach (var domainName in testApp.DomainNames) { Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase)); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = X509Utils.GetApplicationUriFromCertificate(cert); TestContext.Out.WriteLine("ApplicationUri: "); TestContext.Out.WriteLine(applicationUri); Assert.AreEqual(testApp.ApplicationUri, applicationUri); }