mcs/class/System/Test/System.Security.Cryptography.X509Certificates/Pkits_4_01_SignatureVerification.cs

   1 //
   2 // Pkits_4_01_SignatureVerification.cs -
   3 //      NUnit tests for Pkits 4.1 : Signature Verification
   4 //
   5 // Author:
   6 //      Sebastien Pouliot  <sebastien@ximian.com>
   7 //
   8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
   9 //
  10 // Permission is hereby granted, free of charge, to any person obtaining
  11 // a copy of this software and associated documentation files (the
  12 // "Software"), to deal in the Software without restriction, including
  13 // without limitation the rights to use, copy, modify, merge, publish,
  14 // distribute, sublicense, and/or sell copies of the Software, and to
  15 // permit persons to whom the Software is furnished to do so, subject to
  16 // the following conditions:
  17 //
  18 // The above copyright notice and this permission notice shall be
  19 // included in all copies or substantial portions of the Software.
  20 //
  21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  28 //
  29
  30
  31 using NUnit.Framework;
  32
  33 using System;
  34 using System.Security.Cryptography.X509Certificates;
  35
  36 namespace MonoTests.System.Security.Cryptography.X509Certificates {
  37
  38         /*
  39          * Notes:
  40          *
  41          * [MS/XP] Everything looks to be RFC3280 compliant.
  42          *
  43          * See PkitsTest.cs for more details
  44          */
  45
  46         [TestFixture]
  47         [Category ("PKITS")]
  48         public class Pkits_4_01_SignatureVerification: PkitsTest {
  49
  50                 public X509Certificate2 BadSignedCACert {
  51                         get { return GetCertificate ("BadSignedCACert.crt"); }
  52                 }
  53
  54                 public X509Certificate2 DSACACert {
  55                         get { return GetCertificate ("DSACACert.crt"); }
  56                 }
  57
  58                 public X509Certificate2 DSAParametersInheritedCACert {
  59                         get { return GetCertificate ("DSAParametersInheritedCACert.crt"); }
  60                 }
  61
  62                 [Test]
  63                 public void T1_ValidSignature ()
  64                 {
  65                         X509Certificate2 ee = GetCertificate ("ValidCertificatePathTest1EE.crt");
  66                         X509Chain chain = new X509Chain ();
  67                         Assert.IsTrue (chain.Build (ee), "Build");
  68                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
  69                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
  70                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
  71                         Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
  72                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
  73                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
  74                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
  75                 }
  76
  77                 [Test]
  78                 public void T2_InvalidCASignature ()
  79                 {
  80                         X509Certificate2 ee = GetCertificate ("InvalidCASignatureTest2EE.crt");
  81                         X509Chain chain = new X509Chain ();
  82                         Assert.IsFalse (chain.Build (ee), "Build");
  83                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
  84                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
  85                         CheckChainStatus (X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
  86                         Assert.AreEqual (BadSignedCACert, chain.ChainElements[1].Certificate, "BadSignedCACert");
  87                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[1].ChainElementStatus, "BadSignedCACert.Status");
  88                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
  89                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
  90                 }
  91
  92                 [Test]
  93                 public void T3_InvalidEESignature ()
  94                 {
  95                         X509Certificate2 ee = GetCertificate ("InvalidEESignatureTest3EE.crt");
  96                         X509Chain chain = new X509Chain ();
  97                         Assert.IsFalse (chain.Build (ee), "Build");
  98                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
  99                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
 100                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
 101                         Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert");
 102                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status");
 103                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
 104                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
 105                 }
 106
 107                 [Test]
 108                 public void T4_ValidDSASignatures ()
 109                 {
 110                         X509Certificate2 ee = GetCertificate ("ValidDSASignaturesTest4EE.crt");
 111                         X509Chain chain = new X509Chain ();
 112                         Assert.IsTrue (chain.Build (ee), "Build");
 113                         Assert.AreEqual (0, chain.ChainStatus.Length, "ChainStatus");
 114                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
 115                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
 116                         Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
 117                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
 118                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
 119                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
 120                 }
 121
 122                 [Test]
 123                 public void T5_ValidDSAParameterInheritance ()
 124                 {
 125                         X509Certificate2 ee = GetCertificate ("ValidDSAParameterInheritanceTest5EE.crt");
 126                         X509Chain chain = new X509Chain ();
 127                         Assert.IsTrue (chain.Build (ee), "Build");
 128                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus");
 129                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
 130                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
 131                         Assert.AreEqual (DSAParametersInheritedCACert, chain.ChainElements[1].Certificate, "DSAParametersInheritedCACert");
 132                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSAParametersInheritedCACert.Status");
 133                         Assert.AreEqual (DSACACert, chain.ChainElements[2].Certificate, "DSACACert");
 134                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "DSACACert.Status");
 135                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[3].Certificate, "TrustAnchorRoot");
 136                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[3].ChainElementStatus, "TrustAnchorRoot.Status");
 137                 }
 138
 139                 [Test]
 140                 public void T6_InvalidDSASignatures ()
 141                 {
 142                         X509Certificate2 ee = GetCertificate ("InvalidDSASignatureTest6EE.crt");
 143                         X509Chain chain = new X509Chain ();
 144                         Assert.IsFalse (chain.Build (ee), "Build");
 145                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainStatus, "ChainStatus");
 146                         Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity");
 147                         CheckChainStatus (X509ChainStatusFlags.NotSignatureValid | X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status");
 148                         Assert.AreEqual (DSACACert, chain.ChainElements[1].Certificate, "DSACACert");
 149                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "DSACACert.Status");
 150                         Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot");
 151                         CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status");
 152                 }
 153         }
 154 }
 155