public void VerifyX509SubjectAlternateNameExtension() { string applicationUri = "urn:opcfoundation.org"; string[] domainNames = { "mypc.mydomain.com", "192.168.100.100", "1234:5678::1" }; TestContext.Out.WriteLine("Encoded:"); var san = new X509SubjectAltNameExtension(applicationUri, domainNames); TestContext.Out.WriteLine(san.Format(true)); var decodedsan = new X509SubjectAltNameExtension(san.Oid.Value, san.RawData, san.Critical); Assert.NotNull(decodedsan); TestContext.Out.WriteLine("Decoded:"); TestContext.Out.WriteLine(decodedsan.Format(true)); Assert.NotNull(decodedsan.DomainNames); Assert.NotNull(decodedsan.IPAddresses); Assert.NotNull(decodedsan.Uris); Assert.AreEqual(1, decodedsan.Uris.Count); Assert.AreEqual(1, decodedsan.DomainNames.Count); Assert.AreEqual(2, decodedsan.IPAddresses.Count); Assert.AreEqual(decodedsan.Oid.Value, san.Oid.Value); Assert.AreEqual(decodedsan.Critical, san.Critical); Assert.AreEqual(applicationUri, decodedsan.Uris[0]); Assert.AreEqual(domainNames[0], decodedsan.DomainNames[0]); Assert.AreEqual(domainNames[1], decodedsan.IPAddresses[0]); Assert.AreEqual(domainNames[2], decodedsan.IPAddresses[1]); }
/// <summary> /// Displays the properties of a certificate. /// </summary> internal void Initialize(X509Certificate2 certificate) { ItemsLV.Items.Clear(); if (certificate == null) { Instructions = "No certificate properties to display"; AdjustColumns(); return; } AddItem(new FieldInfo("Version", certificate.Version)); AddItem(new FieldInfo("Subject", certificate.Subject)); AddItem(new FieldInfo("FriendlyName", certificate.FriendlyName)); AddItem(new FieldInfo("Thumbprint", certificate.Thumbprint)); AddItem(new FieldInfo("Issuer", certificate.Issuer)); AddItem(new FieldInfo("SerialNumber", certificate.SerialNumber)); AddItem(new FieldInfo("NotBefore", Utils.Format("{0:yyyy-MM-dd}", certificate.NotBefore))); AddItem(new FieldInfo("NotAfter", Utils.Format("{0:yyyy-MM-dd}", certificate.NotAfter))); AddItem(new FieldInfo("KeySize", certificate.PublicKey.Key.KeySize)); AddItem(new FieldInfo("KeyExchangeAlgorithm", certificate.PublicKey.Key.KeyExchangeAlgorithm)); AddItem(new FieldInfo("SignatureAlgorithm", certificate.SignatureAlgorithm.FriendlyName)); foreach (X509Extension extension in certificate.Extensions) { X509BasicConstraintsExtension basicContraints = extension as X509BasicConstraintsExtension; if (basicContraints != null) { StringBuilder buffer = new StringBuilder(); if (basicContraints.CertificateAuthority) { buffer.Append("CA"); } else { buffer.Append("End Entity"); } if (basicContraints.HasPathLengthConstraint) { buffer.AppendFormat(", PathLength={0}", basicContraints.PathLengthConstraint); } AddItem(new FieldInfo("BasicConstraints", buffer.ToString())); continue; } X509KeyUsageExtension keyUsage = extension as X509KeyUsageExtension; if (keyUsage != null) { StringBuilder buffer = new StringBuilder(); foreach (X509KeyUsageFlags usageFlag in Enum.GetValues(typeof(X509KeyUsageFlags))) { if ((keyUsage.KeyUsages & usageFlag) != 0) { if (buffer.Length > 0) { buffer.Append(", "); } buffer.AppendFormat("{0}", usageFlag); } } AddItem(new FieldInfo("KeyUsage", buffer.ToString())); continue; } X509EnhancedKeyUsageExtension enhancedKeyUsage = extension as X509EnhancedKeyUsageExtension; if (enhancedKeyUsage != null) { StringBuilder buffer = new StringBuilder(); foreach (Oid usageOid in enhancedKeyUsage.EnhancedKeyUsages) { if (buffer.Length > 0) { buffer.Append(", "); } if (!String.IsNullOrEmpty(usageOid.FriendlyName)) { buffer.AppendFormat("{0}", usageOid.FriendlyName); } else { buffer.AppendFormat("{0}", usageOid.Value); } } AddItem(new FieldInfo("EnhancedKeyUsage", buffer.ToString())); continue; } X509SubjectKeyIdentifierExtension subjectKeyId = extension as X509SubjectKeyIdentifierExtension; if (subjectKeyId != null) { AddItem(new FieldInfo("SubjectKeyIdentifier", subjectKeyId.SubjectKeyIdentifier)); continue; } if (extension.Oid.Value == X509SubjectAltNameExtension.SubjectAltNameOid || extension.Oid.Value == X509SubjectAltNameExtension.SubjectAltName2Oid) { X509SubjectAltNameExtension alternateName = new X509SubjectAltNameExtension(extension, extension.Critical); AddItem(new FieldInfo("SubjectAlternateName", alternateName.Format(false))); continue; } if (extension.Oid.Value == X509AuthorityKeyIdentifierExtension.AuthorityKeyIdentifier2Oid) { X509AuthorityKeyIdentifierExtension keyId = new X509AuthorityKeyIdentifierExtension(extension, extension.Critical); AddItem(new FieldInfo("AuthorityKeyIdentifier", keyId.Format(false))); continue; } string name = extension.Oid.FriendlyName; if (String.IsNullOrEmpty(name)) { name = extension.Oid.Value; } string value = Utils.ToHexString(extension.RawData); AddItem(new FieldInfo(name, value)); } AdjustColumns(); }
public static void VerifyApplicationCert(ApplicationTestData testApp, X509Certificate2 cert, X509Certificate2 issuerCert = null) { bool signedCert = issuerCert != null; if (issuerCert == null) { issuerCert = cert; } TestContext.Out.WriteLine($"{nameof(VerifyApplicationCert)}:"); Assert.NotNull(cert); TestContext.Out.WriteLine(cert); Assert.False(cert.HasPrivateKey); Assert.True(X509Utils.CompareDistinguishedName(testApp.Subject, cert.Subject)); Assert.True(X509Utils.CompareDistinguishedName(issuerCert.Subject, cert.Issuer)); // test basic constraints X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(cert); Assert.NotNull(constraints); TestContext.Out.WriteLine(constraints.Format(true)); Assert.True(constraints.Critical); if (signedCert) { Assert.False(constraints.CertificateAuthority); Assert.False(constraints.HasPathLengthConstraint); } else { Assert.True(constraints.CertificateAuthority); Assert.True(constraints.HasPathLengthConstraint); Assert.AreEqual(0, constraints.PathLengthConstraint); } // key usage X509KeyUsageExtension keyUsage = X509Extensions.FindExtension <X509KeyUsageExtension>(cert); Assert.NotNull(keyUsage); TestContext.Out.WriteLine(keyUsage.Format(true)); Assert.True(keyUsage.Critical); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.CrlSign) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DataEncipherment) == X509KeyUsageFlags.DataEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DecipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.DigitalSignature); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.EncipherOnly) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyCertSign) == (signedCert ? 0 : X509KeyUsageFlags.KeyCertSign)); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.KeyEncipherment); Assert.True((keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.NonRepudiation); // enhanced key usage X509EnhancedKeyUsageExtension enhancedKeyUsage = X509Extensions.FindExtension <X509EnhancedKeyUsageExtension>(cert); Assert.NotNull(enhancedKeyUsage); TestContext.Out.WriteLine(enhancedKeyUsage.Format(true)); Assert.True(enhancedKeyUsage.Critical); // test for authority key X509AuthorityKeyIdentifierExtension authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(cert); Assert.NotNull(authority); TestContext.Out.WriteLine(authority.Format(true)); Assert.NotNull(authority.SerialNumber); Assert.NotNull(authority.KeyIdentifier); Assert.NotNull(authority.Issuer); if (issuerCert == null) { Assert.AreEqual(cert.SubjectName.RawData, authority.Issuer.RawData); Assert.True(X509Utils.CompareDistinguishedName(cert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}"); } else { Assert.AreEqual(issuerCert.SubjectName.RawData, authority.Issuer.RawData); Assert.True(X509Utils.CompareDistinguishedName(issuerCert.SubjectName.Name, authority.Issuer.Name), $"{cert.SubjectName.Name} != {authority.Issuer.Name}"); } // verify authority key in signed cert X509SubjectKeyIdentifierExtension subjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(cert); TestContext.Out.WriteLine(subjectKeyId.Format(true)); if (signedCert) { var caCertSubjectKeyId = X509Extensions.FindExtension <X509SubjectKeyIdentifierExtension>(issuerCert); Assert.NotNull(caCertSubjectKeyId); Assert.AreEqual(caCertSubjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); } else { Assert.AreEqual(subjectKeyId.SubjectKeyIdentifier, authority.KeyIdentifier); } Assert.AreEqual(issuerCert.GetSerialNumber(), authority.GetSerialNumber()); Assert.AreEqual(issuerCert.SerialNumber, authority.SerialNumber); X509SubjectAltNameExtension subjectAlternateName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(cert); Assert.NotNull(subjectAlternateName); TestContext.Out.WriteLine(subjectAlternateName.Format(true)); Assert.False(subjectAlternateName.Critical); var domainNames = X509Utils.GetDomainsFromCertficate(cert); foreach (var domainName in testApp.DomainNames) { Assert.True(domainNames.Contains(domainName, StringComparer.OrdinalIgnoreCase)); } Assert.True(subjectAlternateName.Uris.Count == 1); var applicationUri = X509Utils.GetApplicationUriFromCertificate(cert); TestContext.Out.WriteLine("ApplicationUri: "); TestContext.Out.WriteLine(applicationUri); Assert.AreEqual(testApp.ApplicationUri, applicationUri); }