public async Task GetSigningCertificateFingerprint_WithUnsupportedHashAlgorithm_Throws()
{
using (var test = await VerifyTest.CreateAsync(settings: null, certificate: _untrustedTestCertificate.Cert))
{
Assert.Throws(typeof(ArgumentException),
() => test.PrimarySignature.GetSigningCertificateFingerprint((HashAlgorithmName)99));
}
}
public async Task GetSigningCertificateFingerprint_SuccessfullyHashesMultipleAlgorithms()
{
using (var test = await VerifyTest.CreateAsync(settings: null, certificate: _untrustedTestCertificate.Cert))
{
var sha256 = test.PrimarySignature.GetSigningCertificateFingerprint(HashAlgorithmName.SHA256);
var sha384 = test.PrimarySignature.GetSigningCertificateFingerprint(HashAlgorithmName.SHA384);
var sha512 = test.PrimarySignature.GetSigningCertificateFingerprint(HashAlgorithmName.SHA512);
var expectedSha256 = SignatureTestUtility.GetFingerprint(_untrustedTestCertificate.Cert, HashAlgorithmName.SHA256);
var expectedSha384 = SignatureTestUtility.GetFingerprint(_untrustedTestCertificate.Cert, HashAlgorithmName.SHA384);
var expectedSha512 = SignatureTestUtility.GetFingerprint(_untrustedTestCertificate.Cert, HashAlgorithmName.SHA512);
Assert.Equal(sha256, expectedSha256, StringComparer.Ordinal);
Assert.Equal(sha384, expectedSha384, StringComparer.Ordinal);
Assert.Equal(sha512, expectedSha512, StringComparer.Ordinal);
}
}
public async Task Verify_WithUntrustedSelfSignedCertificateAndAllowUntrusted_SucceedsAsync()
{
var settings = new SignatureVerifySettings(
allowIllegal: false,
allowUntrusted: true,
allowUnknownRevocation: false,
reportUnknownRevocation: true);
using (var test = await VerifyTest.CreateAsync(settings, _untrustedTestCertificate.Cert))
{
var result = test.PrimarySignature.Verify(
timestamp: null,
settings: settings,
fingerprintAlgorithm: HashAlgorithmName.SHA256,
certificateExtraStore: test.PrimarySignature.SignedCms.Certificates);
Assert.Equal(SignatureVerificationStatus.Valid, result.Status);
Assert.Equal(0, result.Issues.Count(issue => issue.Level == LogLevel.Error));
}
}
public async Task Verify_WithUntrustedSelfSignedCertificateAndNotAllowUntrustedRoot_FailsAsync()
{
var settings = new SignatureVerifySettings(
treatIssuesAsErrors: true,
allowUntrustedRoot: false,
allowUnknownRevocation: false,
logOnSignatureExpired: true);
using (var test = await VerifyTest.CreateAsync(settings, _untrustedTestCertificate.Cert))
{
var issues = new List <SignatureLog>();
var result = test.PrimarySignature.Verify(
timestamp: null,
settings: settings,
fingerprintAlgorithm: HashAlgorithmName.SHA256,
certificateExtraStore: test.PrimarySignature.SignedCms.Certificates,
issues: issues);
Assert.Equal(SignatureVerificationStatus.Untrusted, result.Status);
Assert.Equal(1, issues.Count(issue => issue.Level == LogLevel.Error));
AssertUntrustedRoot(issues, LogLevel.Error);
}
}