public void ConstructorAsnEncodedData_BadAsn()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true);
Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)");
string s = ski.SubjectKeyIdentifier;
}
public void ConstructorAsnEncodedData_BadAsnLength()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x01 });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true);
Assert.AreEqual("3001", ski.Format(true), "Format(true)");
Assert.AreEqual("3001", ski.Format(false), "Format(false)");
string s = ski.SubjectKeyIdentifier;
}
public void ConstructorEmpty()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension();
Assert.IsFalse(ski.Critical, "Critical");
Assert.IsNull(ski.RawData, "RawData");
Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)");
}
public void ConstructorString_NotHex()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension("Mono::", true);
Assert.IsTrue(ski.Critical, "Critical");
Assert.AreEqual("04-03-FF-FF-FF", BitConverter.ToString(ski.RawData), "RawData");
Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual("FFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("ff ff ff" + Environment.NewLine, ski.Format(true), "Format(true)");
Assert.AreEqual("ff ff ff", ski.Format(false), "Format(false)");
}
public void ConstructorAsnEncodedData()
{
AsnEncodedData aed = new AsnEncodedData(new byte[] { 0x04, 0x08, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(aed, true);
Assert.IsTrue(ski.Critical, "Critical");
Assert.AreEqual(oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual("04-08-01-23-45-67-89-AB-CD-EF", BitConverter.ToString(ski.RawData), "RawData");
Assert.AreEqual("0123456789ABCDEF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("01 23 45 67 89 ab cd ef" + Environment.NewLine, ski.Format(true), "Format(true)");
Assert.AreEqual("01 23 45 67 89 ab cd ef", ski.Format(false), "Format(false)");
}
public void WrongExtension_X509Extension()
{
X509Extension ex = new X509Extension("1.2.3", new byte[0], true);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension("www.go-mono.com", false); // odd length
Assert.IsFalse(ski.Critical, "Critical");
Assert.AreEqual("FFFFFFFFFFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual("ff ff ff ff ff ff ff" + Environment.NewLine, ski.Format(true), "Format(true)");
Assert.AreEqual("ff ff ff ff ff ff ff", ski.Format(false), "Format(false)");
ski.CopyFrom(ex);
Assert.IsTrue(ski.Critical, "Critical");
Assert.AreEqual(String.Empty, BitConverter.ToString(ski.RawData), "RawData");
Assert.AreEqual("1.2.3", ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.IsNull (ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(String.Empty, ski.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, ski.Format(false), "Format(false)");
}
public static void VerifyCACert(X509Certificate2 cert, string subject, int pathLengthConstraint)
{
TestContext.Out.WriteLine($"{nameof(VerifyCACert)}:");
Assert.NotNull(cert);
TestContext.Out.WriteLine(cert);
Assert.False(cert.HasPrivateKey);
Assert.True(X509Utils.CompareDistinguishedName(subject, cert.Subject));
Assert.True(X509Utils.CompareDistinguishedName(subject, cert.Issuer));
// test basic constraints
var constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert);
Assert.NotNull(constraints);
TestContext.Out.WriteLine(constraints.Format(true));
Assert.True(constraints.Critical);
Assert.True(constraints.CertificateAuthority);
if (pathLengthConstraint < 0)
{
Assert.False(constraints.HasPathLengthConstraint);
}
else
{
Assert.True(constraints.HasPathLengthConstraint);
Assert.AreEqual(pathLengthConstraint, constraints.PathLengthConstraint);
}
// key usage
var keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert);
Assert.NotNull(keyUsage);
TestContext.Out.WriteLine(keyUsage.Format(true));
Assert.True(keyUsage.Critical);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == X509KeyUsageFlags.CrlSign);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == X509KeyUsageFlags.KeyCertSign);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0);
// enhanced key usage
X509EnhancedKeyUsageExtension enhancedKeyUsage = X509Extensions.FindExtension <X509EnhancedKeyUsageExtension>(cert);
Assert.Null(enhancedKeyUsage);
// test for authority key
X509AuthorityKeyIdentifierExtension authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(cert);
Assert.NotNull(authority);
TestContext.Out.WriteLine(authority.Format(true));
Assert.NotNull(authority.SerialNumber);
Assert.NotNull(authority.GetSerialNumber());
Assert.NotNull(authority.KeyIdentifier);
Assert.NotNull(authority.Issuer);
Assert.NotNull(authority.ToString());
Assert.AreEqual(authority.SerialNumber, Utils.ToHexString(authority.GetSerialNumber(), true));
// verify authority key in signed cert
X509SubjectKeyIdentifierExtension subjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(cert);
TestContext.Out.WriteLine(subjectKeyId.Format(true));
Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier);
Assert.AreEqual(cert.SerialNumber, authority.SerialNumber);
Assert.AreEqual(cert.GetSerialNumber(), authority.GetSerialNumber());
X509SubjectAltNameExtension subjectAlternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(cert);
Assert.Null(subjectAlternateName);
}
public static void VerifyApplicationCert(ApplicationTestData testApp, X509Certificate2 cert, X509Certificate2 issuerCert = null)
{
bool signedCert = issuerCert != null;
if (issuerCert == null)
{
issuerCert = cert;
}
TestContext.Out.WriteLine($"{nameof(VerifyApplicationCert)}:");
Assert.NotNull(cert);
TestContext.Out.WriteLine(cert);
Assert.False(cert.HasPrivateKey);
Assert.True(X509Utils.CompareDistinguishedName(testApp.Subject, cert.Subject));
Assert.True(X509Utils.CompareDistinguishedName(issuerCert.Subject, cert.Issuer));
// test basic constraints
X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert);
Assert.NotNull(constraints);
TestContext.Out.WriteLine(constraints.Format(true));
Assert.True(constraints.Critical);
if (signedCert)
{
Assert.False(constraints.CertificateAuthority);
Assert.False(constraints.HasPathLengthConstraint);
}
else
{
Assert.True(constraints.CertificateAuthority);
Assert.True(constraints.HasPathLengthConstraint);
Assert.AreEqual(0, constraints.PathLengthConstraint);
}
// key usage
X509KeyUsageExtension keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert);
Assert.NotNull(keyUsage);
TestContext.Out.WriteLine(keyUsage.Format(true));
Assert.True(keyUsage.Critical);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == (signedCert ? 0 : X509KeyUsageFlags.KeyCertSign));
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment);
Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation);
// enhanced key usage
X509EnhancedKeyUsageExtension enhancedKeyUsage = X509Extensions.FindExtension <X509EnhancedKeyUsageExtension>(cert);
Assert.NotNull(enhancedKeyUsage);
TestContext.Out.WriteLine(enhancedKeyUsage.Format(true));
Assert.True(enhancedKeyUsage.Critical);
// test for authority key
X509AuthorityKeyIdentifierExtension authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(cert);
Assert.NotNull(authority);
TestContext.Out.WriteLine(authority.Format(true));
Assert.NotNull(authority.SerialNumber);
Assert.NotNull(authority.KeyIdentifier);
Assert.NotNull(authority.Issuer);
if (issuerCert == null)
{
Assert.AreEqual(cert.SubjectName.RawData, authority.Issuer.RawData);
Assert.True(X509Utils.CompareDistinguishedName(cert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}");
}
else
{
Assert.AreEqual(issuerCert.SubjectName.RawData, authority.Issuer.RawData);
Assert.True(X509Utils.CompareDistinguishedName(issuerCert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}");
}
// verify authority key in signed cert
X509SubjectKeyIdentifierExtension subjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(cert);
TestContext.Out.WriteLine(subjectKeyId.Format(true));
if (signedCert)
{
var caCertSubjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(issuerCert);
Assert.NotNull(caCertSubjectKeyId);
Assert.AreEqual(caCertSubjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier);
}
else
{
Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier);
}
Assert.AreEqual(issuerCert.GetSerialNumber(), authority.GetSerialNumber());
Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber);
X509SubjectAltNameExtension subjectAlternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(cert);
Assert.NotNull(subjectAlternateName);
TestContext.Out.WriteLine(subjectAlternateName.Format(true));
Assert.False(subjectAlternateName.Critical);
var domainNames = X509Utils.GetDomainsFromCertficate(cert);
foreach (var domainName in testApp.DomainNames)
{
Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase));
}
Assert.True(subjectAlternateName.Uris.Count == 1);
var applicationUri = X509Utils.GetApplicationUriFromCertificate(cert);
TestContext.Out.WriteLine("ApplicationUri: ");
TestContext.Out.WriteLine(applicationUri);
Assert.AreEqual(testApp.ApplicationUri, applicationUri);
}