public void ParseCertUtil() { // Verify a [CertUtil] dump of a non-SAN certificate. // $todo(jeff.lill): // // I just manually edited a SAN certificate to remove the [Subject Alternative Name] // part. I should redo this at somepoint to use a legitimate non-SAN cert dump. const string dump = @"X509 Certificate: Version: 3 Serial Number: f7c33b6eed61a3695c1a61e77e7d349f Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA Algorithm Parameters: 05 00 Issuer: CN=COMODO RSA Domain Validation Secure Server CA O=COMODO CA Limited L=Salford S=Greater Manchester C=GB Name Hash(sha1): 7ae13ee8a0c42a2cb428cbe7a605461940e2a1e9 Name Hash(md5): 737301010f9ec759d54329bbb1553aa2 NotBefore: 10/15/2016 4:00 PM NotAfter: 10/16/2017 3:59 PM Subject: CN=*.neontest.com OU=PositiveSSL Wildcard OU=Domain Control Validated Name Hash(sha1): 21a9a243dec2654cc845de819db21f9828960a44 Name Hash(md5): b663f495938586143c2e4ab879f89fae Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 e3 40 b1 8a 4f ce 50 0010 71 5d 00 8f e7 b2 f0 52 22 2d 7b f4 97 01 e6 d5 0020 cf 37 2f 62 a8 1b af 87 ca 26 d6 9a 83 f9 21 25 0030 2d 4e f8 f7 85 7b 65 06 1b 17 de 53 e7 4f 77 b1 0040 ac 71 d5 49 7e 9b f8 42 48 3a 83 af 3b 03 87 c8 0050 c6 d1 2e f8 cb fa 5b d5 9f f3 68 b6 c4 87 82 9f 0060 9c e3 b7 c3 7b 71 cb bc f9 00 1b 0d 7e b2 ae 7a 0070 50 8f cb 0c 01 e5 6b 72 a3 dc 08 a1 f3 53 88 84 0080 92 5c 3b 88 28 20 de 39 22 ac 6e 53 99 cf 43 dd 0090 20 ee 2e 1c 02 f4 42 13 84 75 03 17 0c bf 46 59 00a0 44 70 ac fa 3e 2d d9 ca 47 6e a8 a2 13 72 5e d5 00b0 fd 4b 60 99 27 01 35 a3 1a 70 9a 9d 48 bb 89 14 00c0 0b ed a7 de 90 90 25 db 31 81 33 96 c5 7f 7a b6 00d0 61 db 22 8e 93 5d a0 e9 02 a9 f3 05 72 3f 79 ed 00e0 fa 69 c3 a9 e5 ef 5c 7f db 36 aa df b6 76 16 fc 00f0 b6 f2 0b b8 cb 21 8e e6 00 85 35 d8 7e 01 c1 fb 0100 78 b5 ba 4e 91 4e dd 9f 4f 02 03 01 00 01 Certificate Extensions: 9 2.5.29.35: Flags = 0, Length = 18 Authority Key Identifier KeyID=90 af 6a 3a 94 5a 0b d8 90 ea 12 56 73 df 43 b4 3a 28 da e7 2.5.29.14: Flags = 0, Length = 16 Subject Key Identifier 70 ac 36 1f 8e 34 33 4a 41 95 7b d5 ef 3d d8 98 6c d4 c8 d9 2.5.29.15: Flags = 1(Critical), Length = 4 Key Usage Digital Signature, Key Encipherment (a0) 2.5.29.19: Flags = 1(Critical), Length = 2 Basic Constraints Subject Type=End Entity Path Length Constraint=None 2.5.29.37: Flags = 0, Length = 16 Enhanced Key Usage Server Authentication (1.3.6.1.5.5.7.3.1) Client Authentication (1.3.6.1.5.5.7.3.2) 2.5.29.32: Flags = 0, Length = 48 Certificate Policies [1]Certificate Policy: Policy Identifier=1.3.6.1.4.1.6449.1.2.2.7 [1,1]Policy Qualifier Info: Policy Qualifier Id=CPS Qualifier: https://secure.comodo.com/CPS [2]Certificate Policy: Policy Identifier=2.23.140.1.2.1 2.5.29.31: Flags = 0, Length = 4d CRL Distribution Points [1]CRL Distribution Point Distribution Point Name: Full Name: URL=http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl 1.3.6.1.5.5.7.1.1: Flags = 0, Length = 79 Authority Information Access [1]Authority Info Access Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2) Alternative Name: URL=http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt [2]Authority Info Access Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1) Alternative Name: URL=http://ocsp.comodoca.com Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 1b 85 72 a2 5e 38 c7 3c be 48 59 c5 b5 9c 87 03 0010 c6 4e 9c 52 b0 20 6a 14 4a 85 75 3f 59 af 57 92 0020 14 1c 0c 69 c6 7a 42 3d cd c8 a7 95 a9 b8 47 7e 0030 ed f2 63 25 10 8b bf 0c d8 0f 46 29 b5 78 9f 13 0040 d9 0f 34 84 c9 83 c3 1a 97 07 57 dd 66 22 c5 19 0050 77 4c ea 04 97 79 cd 3b f2 02 44 f1 89 ee 6b 0a 0060 e3 d5 df 86 c6 8a 3b 98 7d 21 20 2d 10 09 54 c3 0070 9c a9 6b 94 70 5b 8a ed 97 54 b4 d9 74 22 f5 1e 0080 78 d7 7e a8 cf ef 21 57 ee 3c d5 45 45 25 74 ac 0090 56 c6 0f 56 b4 42 51 0a 86 e9 02 bb 93 1d 06 0c 00a0 4b ad 4b 27 63 29 11 f0 d2 2f 97 4b b8 04 54 d2 00b0 d6 dd 20 ee f2 a8 bf d0 20 f0 0f e0 45 92 60 ad 00c0 50 82 cd 4a a2 63 bb f7 a5 83 68 ec 4a 1d 05 ae 00d0 78 57 e0 15 f8 b0 bd 4f 67 14 25 9c d8 96 bf 2b 00e0 7c b4 fc b6 3b 90 ca 77 3e 67 e4 9d 88 a6 08 d5 00f0 52 bc 1e a0 91 6f 6b c4 45 2d e2 4b 66 35 a5 49 Non-root Certificate Key Id Hash(rfc-sha1): 70 ac 36 1f 8e 34 33 4a 41 95 7b d5 ef 3d d8 98 6c d4 c8 d9 Key Id Hash(sha1): 6a cd 98 59 03 c9 4d 39 5d fa 68 2d e9 ed 2d f5 78 b7 49 2a Key Id Hash(md5): 95be85460316d2476c909c824ec6108b Key Id Hash(sha256): f5ad0d32302d410daad3f39ddbb2e1a52e79fcd8bff1c4d77e028830844bb363 Cert Hash(md5): 99 d4 81 bc 75 c7 fb 36 e3 ba ec e4 b5 a6 21 6d Cert Hash(sha1): 83 db 76 4a 8f a2 cd c9 a0 12 d5 ff 6f 0d 46 1c 82 3c ac ac Cert Hash(sha256): 87b1a786fe76f7498831ea654a567ebe293763a396d43ecf039ea7041ed6ee63 Signature Hash: 90c9102b85154435565bfa90928858d5b9eafd9a714d320efa0da0c9c5062ad1 CertUtil: -dump command completed successfully. "; var cert = new TlsCertificate(); cert.ParseCertUtil(dump); Assert.Equal(new DateTime(2016, 10, 15, 16, 00, 00, DateTimeKind.Utc), cert.ValidFrom); Assert.Equal(new DateTime(2017, 10, 16, 15, 59, 00, DateTimeKind.Utc), cert.ValidUntil); Assert.Equal(new string[] { "*.neontest.com" }, cert.Hosts); }