public static void AddReadOnlyThrowsWhenCertificateExists() { using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { store.Open(OpenFlags.ReadOnly); X509Certificate2 toAdd = null; // Look through the certificates to find one with no private key to call add on. // (The private key restriction is so that in the event of an "accidental success" // that no potential permissions would be modified) using (var coll = new ImportedCollection(store.Certificates)) { foreach (X509Certificate2 cert in coll.Collection) { if (!cert.HasPrivateKey) { toAdd = cert; break; } } if (toAdd != null) { Assert.ThrowsAny<CryptographicException>(() => store.Add(toAdd)); } } } }
public static void ImportPkcs7PemFile_Chain() { using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "certchain.p7c"))) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(3, collection.Count); } }
public static void ImportPkcs7PemBytes_Chain() { using (ImportedCollection ic = Cert.Import(TestData.Pkcs7ChainPemBytes)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(3, collection.Count); } }
public static void ImportPkcs7DerFile_Single() { using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "singlecert.p7b"))) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); } }
public static void ImportPkcs7DerBytes_Single() { using (ImportedCollection ic = Cert.Import(TestData.Pkcs7SingleDerBytes)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); } }
public static void ImportPkcs7DerFile_Empty() { using (ImportedCollection ic = Cert.Import(TestFiles.Pkcs7EmptyDerFile)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(0, collection.Count); } }
public static void ImportX509DerFile() { using (ImportedCollection ic = Cert.Import(TestFiles.MsCertificateDerFile)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); } }
public static void ImportX509PemFile() { using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "MS.pem"))) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); } }
public static void ImportEmpty_Pkcs12() { using (ImportedCollection ic = Cert.Import(TestData.EmptyPfx)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(0, collection.Count); } }
public static void ImportX509PemBytes() { using (ImportedCollection ic = Cert.Import(TestData.MsCertificatePemBytes)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); } }
public static void ImportPkcs12File_Chain() { using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "test.pfx"), TestData.ChainPfxPassword, X509KeyStorageFlags.DefaultKeySet)) { X509Certificate2Collection certs = ic.Collection; int count = certs.Count; Assert.Equal(3, count); } }
public static void ImportPkcs12Bytes_Chain() { using (ImportedCollection ic = Cert.Import(TestData.ChainPfxBytes, TestData.ChainPfxPassword, X509KeyStorageFlags.DefaultKeySet)) { X509Certificate2Collection certs = ic.Collection; int count = certs.Count; Assert.Equal(3, count); } }
public static void ImportPkcs12Bytes_Single() { using (ImportedCollection ic = Cert.Import(TestData.PfxData, TestData.PfxDataPassword, X509KeyStorageFlags.DefaultKeySet)) { X509Certificate2Collection cc2 = ic.Collection; int count = cc2.Count; Assert.Equal(1, count); } }
public static void ImportPkcs12File_Single() { using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "My.pfx"), TestData.PfxDataPassword, X509KeyStorageFlags.DefaultKeySet)) { X509Certificate2Collection cc2 = ic.Collection; int count = cc2.Count; Assert.Equal(1, count); } }
public static void ImportPkcs12File_Single(X509KeyStorageFlags keyStorageFlags) { using (ImportedCollection ic = Cert.Import(TestFiles.PfxFile, TestData.PfxDataPassword, keyStorageFlags)) { X509Certificate2Collection cc2 = ic.Collection; int count = cc2.Count; Assert.Equal(1, count); } }
public static void ImportPkcs12File_Chain(X509KeyStorageFlags keyStorageFlags) { using (ImportedCollection ic = Cert.Import(TestFiles.ChainPfxFile, TestData.ChainPfxPassword, keyStorageFlags)) { X509Certificate2Collection certs = ic.Collection; int count = certs.Count; Assert.Equal(3, count); } }
public static void ImportPkcs7PemFile_Single() { using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "singlecert.p7c"))) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); Assert.Equal("D5B5BC1C458A558845BFF51CB4DFF31C", collection[0].SerialNumber); } }
public static void ImportPkcs7PemFile_Single() { using (ImportedCollection ic = Cert.Import(TestFiles.Pkcs7SinglePemFile)) { X509Certificate2Collection collection = ic.Collection; Assert.Equal(1, collection.Count); Assert.Equal("D5B5BC1C458A558845BFF51CB4DFF31C", collection[0].SerialNumber); } }
public static void ImportPkcs12Bytes_Single_VerifyContents_SpanSpan(X509KeyStorageFlags keyStorageFlags) { ReadOnlySpan <byte> rawData = TestData.PfxData.AsSpan(); ReadOnlySpan <char> password = TestData.PfxDataPassword.AsSpan(); using (ImportedCollection ic = Cert.Import(rawData, password, keyStorageFlags)) { ImportPkcs12Bytes_Single_VerifyContents(ic); } }
public static void EphemeralKeySet_OSX() { // EphemeralKeySet fails when loading a PFX, and is ignored otherwise. using (ImportedCollection coll = Cert.Import(TestData.Pkcs7ChainDerBytes, null, X509KeyStorageFlags.EphemeralKeySet)) { Assert.Equal(3, coll.Collection.Count); } Assert.Throws <PlatformNotSupportedException>( () => new X509Certificate2(TestData.EmptyPfx, string.Empty, X509KeyStorageFlags.EphemeralKeySet)); }
public static void ImportPkcs12ByteSpan_Chain_SpanPassword(X509KeyStorageFlags keyStorageFlags) { ReadOnlySpan <byte> data = TestData.ChainPfxBytes.AsSpan(); ReadOnlySpan <char> password = TestData.ChainPfxPassword.AsSpan(); using (ImportedCollection ic = Cert.Import(data, password, keyStorageFlags)) { X509Certificate2Collection certs = ic.Collection; int count = certs.Count; Assert.Equal(3, count); } }
public static void EnumerateDisallowedStore(StoreLocation location) { using (X509Store store = new X509Store(StoreName.Disallowed, location)) { store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); using (var storeCerts = new ImportedCollection(store.Certificates)) { // That's all. We enumerated it. // There might not even be data in it. } } }
private static void AssertEqualContents(X509Store storeA, X509Store storeB) { Assert.NotSame(storeA, storeB); using (var storeATracker = new ImportedCollection(storeA.Certificates)) using (var storeBTracker = new ImportedCollection(storeB.Certificates)) { X509Certificate2Collection storeACerts = storeATracker.Collection; X509Certificate2Collection storeBCerts = storeBTracker.Collection; Assert.Equal(storeACerts.OfType <X509Certificate2>(), storeBCerts.OfType <X509Certificate2>()); } }
private static bool IsCertInStore(X509Certificate2 cert, X509Store store) { using (ImportedCollection coll = new ImportedCollection(store.Certificates)) { foreach (X509Certificate2 storeCert in coll.Collection) { if (cert.Equals(storeCert)) { return(true); } } } return(false); }
public static void ImportPkcs12File_Single_SpanPassword(X509KeyStorageFlags keyStorageFlags) { Span <char> password = stackalloc char[30]; password.Fill('Z'); TestData.PfxDataPassword.AsSpan().CopyTo(password.Slice(1)); password = password.Slice(1, TestData.PfxDataPassword.Length); using (ImportedCollection ic = Cert.Import(TestFiles.PfxFile, password, keyStorageFlags)) { X509Certificate2Collection cc2 = ic.Collection; int count = cc2.Count; Assert.Equal(1, count); } }
private static bool StoreHasPrivateKey(X509Store store, X509Certificate2 forCert) { using (ImportedCollection coll = new ImportedCollection(store.Certificates)) { foreach (X509Certificate2 storeCert in coll.Collection) { if (forCert.Equals(storeCert)) { return(storeCert.HasPrivateKey); } } } Assert.True(false, $"Certificate ({forCert.Subject}) exists in the store"); return(false); }
public static void ReadMyCertificates() { using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { store.Open(OpenFlags.ReadOnly); using (var coll = new ImportedCollection(store.Certificates)) { int certCount = coll.Collection.Count; // This assert is just so certCount appears to be used, the test really // is that store.get_Certificates didn't throw. Assert.True(certCount >= 0); } } }
public static void EnumerateDisallowedStore(StoreLocation location, bool useEnum) { X509Store store = useEnum ? new X509Store(StoreName.Disallowed, location) // Non-normative casing, proving that we aren't case-sensitive (Windows isn't) : new X509Store("disallowed", location); using (store) { store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); using (var storeCerts = new ImportedCollection(store.Certificates)) { // That's all. We enumerated it. // There might not even be data in it. } } }
private static void ImportPkcs12Bytes_Single_VerifyContents(ImportedCollection ic) { using (var pfxCer = new X509Certificate2(TestData.PfxData, TestData.PfxDataPassword, Cert.EphemeralIfPossible)) { X509Certificate2Collection cc2 = ic.Collection; int count = cc2.Count; Assert.Equal(1, count); using (X509Certificate2 c = cc2[0]) { // pfxCer was loaded directly, cc2[0] was Imported, two distinct copies. Assert.NotSame(pfxCer, c); Assert.Equal(pfxCer, c); Assert.Equal(pfxCer.Thumbprint, c.Thumbprint); } } }
public static void AddReadOnlyThrows() { using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate)) { store.Open(OpenFlags.ReadOnly); using (var coll = new ImportedCollection(store.Certificates)) { // Add only throws when it has to do work. If, for some reason, this certificate // is already present in the CurrentUser\My store, we can't really test this // functionality. if (!coll.Collection.Contains(cert)) { Assert.ThrowsAny <CryptographicException>(() => store.Add(cert)); } } } }
public static void BuildChainExtraStoreUntrustedRoot() { using (var testCert = new X509Certificate2(Path.Combine("TestData", "test.pfx"), TestData.ChainPfxPassword)) using (ImportedCollection ic = Cert.Import(Path.Combine("TestData", "test.pfx"), TestData.ChainPfxPassword, X509KeyStorageFlags.DefaultKeySet)) using (var chainHolder = new ChainHolder()) { X509Certificate2Collection collection = ic.Collection; X509Chain chain = chainHolder.Chain; chain.ChainPolicy.ExtraStore.AddRange(collection); chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; chain.ChainPolicy.VerificationTime = new DateTime(2015, 9, 22, 12, 25, 0); bool valid = chain.Build(testCert); Assert.False(valid); Assert.Contains(chain.ChainStatus, s => s.Status == X509ChainStatusFlags.UntrustedRoot); } }
public static void AddReadOnlyThrows() { using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate)) { store.Open(OpenFlags.ReadOnly); using (var coll = new ImportedCollection(store.Certificates)) { // Add only throws when it has to do work. If, for some reason, this certificate // is already present in the CurrentUser\My store, we can't really test this // functionality. if (!coll.Collection.Contains(cert)) { Assert.ThrowsAny<CryptographicException>(() => store.Add(cert)); } } } }
private static void X509Store_AddOneAfterUpgrade() { RunX509StoreTest( (store, storeDirectory) => { using (var cert = new X509Certificate2(TestData.MsCertificate)) { store.Open(OpenFlags.ReadOnly); // Adding a certificate when the store is ReadOnly should fail: Assert.Throws<CryptographicException>(() => store.Add(cert)); // Since we haven't done anything yet, we shouldn't have polluted the hard drive. Assert.False(Directory.Exists(storeDirectory), "Directory.Exists(storeDirectory)"); // Calling Open on an open store changes the access rights: store.Open(OpenFlags.ReadWrite); store.Add(cert); Assert.True(Directory.Exists(storeDirectory), "Directory.Exists(storeDirectory)"); Assert.Equal(1, Directory.GetFiles(storeDirectory).Length); using (var coll = new ImportedCollection(store.Certificates)) { X509Certificate2Collection storeCerts = coll.Collection; Assert.Equal(1, storeCerts.Count); using (X509Certificate2 storeCert = storeCerts[0]) { Assert.Equal(cert, storeCert); Assert.NotSame(cert, storeCert); } } } }); }
public static void RemoveReadOnlyThrowsWhenFound() { // This test is unfortunate, in that it will mostly never test. // In order to do so it would have to open the store ReadWrite, put in a known value, // and call Remove on a ReadOnly copy. // // Just calling Remove on the first item found could also work (when the store isn't empty), // but if it fails the cost is too high. // // So what's the purpose of this test, you ask? To record why we're not unit testing it. // And someone could test it manually if they wanted. using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser)) using (X509Certificate2 cert = new X509Certificate2(TestData.MsCertificate)) { store.Open(OpenFlags.ReadOnly); using (var coll = new ImportedCollection(store.Certificates)) { if (coll.Collection.Contains(cert)) { Assert.ThrowsAny<CryptographicException>(() => store.Remove(cert)); } } } }
public static void Constructor_StoreHandle() { using (X509Store store1 = new X509Store(StoreName.My, StoreLocation.CurrentUser)) { store1.Open(OpenFlags.ReadOnly); int certCount1; using (var coll = new ImportedCollection(store1.Certificates)) { certCount1 = coll.Collection.Count; Assert.True(certCount1 >= 0); } using (X509Store store2 = new X509Store(store1.StoreHandle)) { using (var coll = new ImportedCollection(store2.Certificates)) { int certCount2 = coll.Collection.Count; Assert.Equal(certCount1, certCount2); } } } }
private static void X509Store_AddOne() { RunX509StoreTest( (store, storeDirectory) => { using (var cert = new X509Certificate2(TestData.MsCertificate)) { store.Open(OpenFlags.ReadWrite); store.Add(cert); Assert.True(Directory.Exists(storeDirectory), "Directory.Exists(storeDirectory)"); Assert.Equal(1, Directory.GetFiles(storeDirectory).Length); using (var coll = new ImportedCollection(store.Certificates)) { X509Certificate2Collection storeCerts = coll.Collection; Assert.Equal(1, storeCerts.Count); using (X509Certificate2 storeCert = storeCerts[0]) { Assert.Equal(cert, storeCert); Assert.NotSame(cert, storeCert); } } } }); }
private static void X509Store_FiltersDuplicateOnLoad() { RunX509StoreTest( (store, storeDirectory) => { using (var certA = new X509Certificate2(TestData.MsCertificate)) { store.Open(OpenFlags.ReadWrite); store.Add(certA); // Emulate a race condition of parallel adds with the following flow // AdderA: Notice [thumbprint].pfx is available, create it (0 bytes) // AdderB: Notice [thumbprint].pfx already exists, but can't be read, move to [thumbprint].1.pfx // AdderA: finish write // AdderB: finish write string[] files = Directory.GetFiles(storeDirectory, "*.pfx"); Assert.Equal(1, files.Length); string srcFile = files[0]; string baseName = Path.GetFileNameWithoutExtension(srcFile); string destFile = Path.Combine(storeDirectory, srcFile + ".1.pfx"); File.Copy(srcFile, destFile); using (var coll = new ImportedCollection(store.Certificates)) { Assert.Equal(1, coll.Collection.Count); Assert.Equal(certA, coll.Collection[0]); } // Also check that remove removes both files. store.Remove(certA); string[] filesAfter = Directory.GetFiles(storeDirectory, "*.pfx"); Assert.Equal(0, filesAfter.Length); } }); }
private static void AssertEqualContents(X509Store storeA, X509Store storeB) { Assert.NotSame(storeA, storeB); using (var storeATracker = new ImportedCollection(storeA.Certificates)) using (var storeBTracker = new ImportedCollection(storeB.Certificates)) { X509Certificate2Collection storeACerts = storeATracker.Collection; X509Certificate2Collection storeBCerts = storeBTracker.Collection; Assert.Equal(storeACerts.OfType<X509Certificate2>(), storeBCerts.OfType<X509Certificate2>()); } }
public static void MachineRootStore_NonEmpty() { // This test will fail on systems where the administrator has gone out of their // way to prune the trusted CA list down below this threshold. // // As of 2016-01-25, Ubuntu 14.04 has 169, and CentOS 7.1 has 175, so that'd be // quite a lot of pruning. // // And as of 2016-01-29 we understand the Homebrew-installed root store, with 180. const int MinimumThreshold = 5; using (X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine)) { store.Open(OpenFlags.ReadOnly); using (var storeCerts = new ImportedCollection(store.Certificates)) { int certCount = storeCerts.Collection.Count; Assert.InRange(certCount, MinimumThreshold, int.MaxValue); } } }