projects / mono.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #649 from DavidS/feature/implement-additional-reference-path
[mono.git] / mcs / class / System / Test / System.Security.Cryptography.X509Certificates / Pkits_4_01_SignatureVerification.cs
1 //
2 // Pkits_4_01_SignatureVerification.cs -
3 //      NUnit tests for Pkits 4.1 : Signature Verification
4 //
5 // Author:
6 //      Sebastien Pouliot  <sebastien@ximian.com>
7 //
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
9 //
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
17 // 
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
20 // 
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
28 //
29
30 #if NET_2_0
31
32 using NUnit.Framework;
33
34 using System;
35 using System.Security.Cryptography.X509Certificates;
36
37 namespace MonoTests.System.Security.Cryptography.X509Certificates {
38
39         /*
40          * Notes:
41          *
42          * [MS/XP] Everything looks to be RFC3280 compliant.
43          *
44          * See PkitsTest.cs for more details
45          */
46
47         [TestFixture]
48         [Category ("PKITS")]
49         public class Pkits_4_01_SignatureVerification: PkitsTest {
50
51                 public X509Certificate2 BadSignedCACert {
52                         get { return GetCertificate ("BadSignedCACert.crt"); }
53                 }
54
55                 public X509Certificate2 DSACACert {
56                         get { return GetCertificate ("DSACACert.crt"); }
57                 }
58
59                 public X509Certificate2 DSAParametersInheritedCACert {
60                         get { return GetCertificate ("DSAParametersInheritedCACert.crt"); }
61                 }
62
63                 [Test]
64                 public void T1_ValidSignature ()
65                 {
66                         X509Certificate2 ee = GetCertificate ("ValidCertificatePathTest1EE.crt");
67                         X509Chain chain = new X509Chain ();
68                         Assert.IsTrue (chain.Build (ee), "Build");
69                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
70                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
71                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
72                         Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
73                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
74                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
75                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
76                 }
77
78                 [Test]
79                 public void T2_InvalidCASignature ()
80                 {
81                         X509Certificate2 ee = GetCertificate ("InvalidCASignatureTest2EE.crt");
82                         X509Chain chain = new X509Chain ();
83                         Assert.IsFalse (chain.Build (ee), "Build");
84                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
85                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
86                         CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
87                         Assert.AreEqual (BadSignedCACert, chain.ChainElements[1].Certificate, "BadSignedCACert");
88                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[1].ChainElementStatus, "BadSignedCACert.Status");
89                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
90                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
91                 }
92
93                 [Test]
94                 public void T3_InvalidEESignature ()
95                 {
96                         X509Certificate2 ee = GetCertificate ("InvalidEESignatureTest3EE.crt");
97                         X509Chain chain = new X509Chain ();
98                         Assert.IsFalse (chain.Build (ee), "Build");
99                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
100                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
101                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
102                         Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
103                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
104                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
105                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
106                 }
107
108                 [Test]
109                 public void T4_ValidDSASignatures ()
110                 {
111                         X509Certificate2 ee = GetCertificate ("ValidDSASignaturesTest4EE.crt");
112                         X509Chain chain = new X509Chain ();
113                         Assert.IsTrue (chain.Build (ee), "Build");
114                         Assert.AreEqual (0, chain.ChainStatus.Length, "ChainStatus");
115                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
116                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
117                         Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
118                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
119                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
120                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
121                 }
122
123                 [Test]
124                 public void T5_ValidDSAParameterInheritance ()
125                 {
126                         X509Certificate2 ee = GetCertificate ("ValidDSAParameterInheritanceTest5EE.crt");
127                         X509Chain chain = new X509Chain ();
128                         Assert.IsTrue (chain.Build (ee), "Build");
129                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
130                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
131                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
132                         Assert.AreEqual (DSAParametersInheritedCACert, chain.ChainElements[1].Certificate, "DSAParametersInheritedCACert");
133                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSAParametersInheritedCACert.Status");
134                         Assert.AreEqual (DSACACert, chain.ChainElements[2].Certificate, "DSACACert");
135                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "DSACACert.Status");
136                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
137                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
138                 }
139
140                 [Test]
141                 public void T6_InvalidDSASignatures ()
142                 {
143                         X509Certificate2 ee = GetCertificate ("InvalidDSASignatureTest6EE.crt");
144                         X509Chain chain = new X509Chain ();
145                         Assert.IsFalse (chain.Build (ee), "Build");
146                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
147                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
148                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
149                         Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
150                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
151                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
152                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
153                 }
154         }
155 }
156
157 #endif
my mono mirror. check out Moved to http://github.com/mono/mono