2 // Pkits_4_01_SignatureVerification.cs -
3 // NUnit tests for Pkits 4.1 : Signature Verification
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using NUnit.Framework;
34 using System.Security.Cryptography.X509Certificates;
36 namespace MonoTests.System.Security.Cryptography.X509Certificates {
41 * [MS/XP] Everything looks to be RFC3280 compliant.
43 * See PkitsTest.cs for more details
48 public class Pkits_4_01_SignatureVerification: PkitsTest {
50 public X509Certificate2 BadSignedCACert {
51 get { return GetCertificate ("BadSignedCACert.crt"); }
54 public X509Certificate2 DSACACert {
55 get { return GetCertificate ("DSACACert.crt"); }
58 public X509Certificate2 DSAParametersInheritedCACert {
59 get { return GetCertificate ("DSAParametersInheritedCACert.crt"); }
63 public void T1_ValidSignature ()
65 X509Certificate2 ee = GetCertificate ("ValidCertificatePathTest1EE.crt");
66 X509Chain chain = new X509Chain ();
67 Assert.IsTrue (chain.Build (ee), "Build");
68 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
69 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
70 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
71 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
72 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
73 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
74 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
78 public void T2_InvalidCASignature ()
80 X509Certificate2 ee = GetCertificate ("InvalidCASignatureTest2EE.crt");
81 X509Chain chain = new X509Chain ();
82 Assert.IsFalse (chain.Build (ee), "Build");
83 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
84 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
85 CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
86 Assert.AreEqual (BadSignedCACert, chain.ChainElements[1].Certificate, "BadSignedCACert");
87 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[1].ChainElementStatus, "BadSignedCACert.Status");
88 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
89 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
93 public void T3_InvalidEESignature ()
95 X509Certificate2 ee = GetCertificate ("InvalidEESignatureTest3EE.crt");
96 X509Chain chain = new X509Chain ();
97 Assert.IsFalse (chain.Build (ee), "Build");
98 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
99 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
100 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
101 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
102 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
103 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
104 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
108 public void T4_ValidDSASignatures ()
110 X509Certificate2 ee = GetCertificate ("ValidDSASignaturesTest4EE.crt");
111 X509Chain chain = new X509Chain ();
112 Assert.IsTrue (chain.Build (ee), "Build");
113 Assert.AreEqual (0, chain.ChainStatus.Length, "ChainStatus");
114 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
115 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
116 Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
117 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
118 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
119 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
123 public void T5_ValidDSAParameterInheritance ()
125 X509Certificate2 ee = GetCertificate ("ValidDSAParameterInheritanceTest5EE.crt");
126 X509Chain chain = new X509Chain ();
127 Assert.IsTrue (chain.Build (ee), "Build");
128 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
129 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
130 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
131 Assert.AreEqual (DSAParametersInheritedCACert, chain.ChainElements[1].Certificate, "DSAParametersInheritedCACert");
132 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSAParametersInheritedCACert.Status");
133 Assert.AreEqual (DSACACert, chain.ChainElements[2].Certificate, "DSACACert");
134 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "DSACACert.Status");
135 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
136 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
140 public void T6_InvalidDSASignatures ()
142 X509Certificate2 ee = GetCertificate ("InvalidDSASignatureTest6EE.crt");
143 X509Chain chain = new X509Chain ();
144 Assert.IsFalse (chain.Build (ee), "Build");
145 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
146 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
147 CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
148 Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
149 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
150 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
151 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");