2 // Pkits_4_01_SignatureVerification.cs -
3 // NUnit tests for Pkits 4.1 : Signature Verification
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using NUnit.Framework;
35 using System.Security.Cryptography.X509Certificates;
37 namespace MonoTests.System.Security.Cryptography.X509Certificates {
42 * [MS/XP] Everything looks to be RFC3280 compliant.
44 * See PkitsTest.cs for more details
49 public class Pkits_4_01_SignatureVerification: PkitsTest {
51 public X509Certificate2 BadSignedCACert {
52 get { return GetCertificate ("BadSignedCACert.crt"); }
55 public X509Certificate2 DSACACert {
56 get { return GetCertificate ("DSACACert.crt"); }
59 public X509Certificate2 DSAParametersInheritedCACert {
60 get { return GetCertificate ("DSAParametersInheritedCACert.crt"); }
64 public void T1_ValidSignature ()
66 X509Certificate2 ee = GetCertificate ("ValidCertificatePathTest1EE.crt");
67 X509Chain chain = new X509Chain ();
68 Assert.IsTrue (chain.Build (ee), "Build");
69 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
70 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
71 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
72 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
73 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
74 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
75 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
79 public void T2_InvalidCASignature ()
81 X509Certificate2 ee = GetCertificate ("InvalidCASignatureTest2EE.crt");
82 X509Chain chain = new X509Chain ();
83 Assert.IsFalse (chain.Build (ee), "Build");
84 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
85 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
86 CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
87 Assert.AreEqual (BadSignedCACert, chain.ChainElements[1].Certificate, "BadSignedCACert");
88 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[1].ChainElementStatus, "BadSignedCACert.Status");
89 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
90 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
94 public void T3_InvalidEESignature ()
96 X509Certificate2 ee = GetCertificate ("InvalidEESignatureTest3EE.crt");
97 X509Chain chain = new X509Chain ();
98 Assert.IsFalse (chain.Build (ee), "Build");
99 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
100 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
101 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
102 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
103 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
104 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
105 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
109 public void T4_ValidDSASignatures ()
111 X509Certificate2 ee = GetCertificate ("ValidDSASignaturesTest4EE.crt");
112 X509Chain chain = new X509Chain ();
113 Assert.IsTrue (chain.Build (ee), "Build");
114 Assert.AreEqual (0, chain.ChainStatus.Length, "ChainStatus");
115 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
116 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
117 Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
118 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
119 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
120 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
124 public void T5_ValidDSAParameterInheritance ()
126 X509Certificate2 ee = GetCertificate ("ValidDSAParameterInheritanceTest5EE.crt");
127 X509Chain chain = new X509Chain ();
128 Assert.IsTrue (chain.Build (ee), "Build");
129 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
130 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
131 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
132 Assert.AreEqual (DSAParametersInheritedCACert, chain.ChainElements[1].Certificate, "DSAParametersInheritedCACert");
133 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSAParametersInheritedCACert.Status");
134 Assert.AreEqual (DSACACert, chain.ChainElements[2].Certificate, "DSACACert");
135 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "DSACACert.Status");
136 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
137 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
141 public void T6_InvalidDSASignatures ()
143 X509Certificate2 ee = GetCertificate ("InvalidDSASignatureTest6EE.crt");
144 X509Chain chain = new X509Chain ();
145 Assert.IsFalse (chain.Build (ee), "Build");
146 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
147 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
148 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
149 Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
150 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
151 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
152 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");