2 // X509BasicConstraintsExtensionTest.cs
3 // - NUnit tests for X509BasicConstraintsExtension
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using NUnit.Framework;
35 using System.Security.Cryptography;
36 using System.Security.Cryptography.X509Certificates;
38 namespace MonoTests.System.Security.Cryptography.X509Certificates {
41 public class X509BasicConstraintsExtensionTest {
43 private const string oid = "2.5.29.19";
44 private const string fname = "Basic Constraints";
47 public void ConstructorEmpty ()
49 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
50 Assert.IsFalse (bc.Critical, "Critical");
51 Assert.IsNull (bc.RawData, "RawData");
52 Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value");
53 // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
54 //Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName");
55 Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)");
56 Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)");
60 public void ConstructorEmpty_CertificateAuthority ()
62 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
63 Assert.AreEqual (false, bc.CertificateAuthority, "CertificateAuthority");
67 public void ConstructorEmpty_HasPathLengthConstraint ()
69 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
70 Assert.AreEqual (false, bc.HasPathLengthConstraint, "HasPathLengthConstraint");
74 public void ConstructorEmpty_PathLengthConstraint ()
76 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
77 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
81 public void ConstructorAsnEncodedData ()
83 AsnEncodedData aed = new AsnEncodedData (new byte[] { 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x01 });
84 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
85 Assert.IsTrue (bc.Critical, "Critical");
86 Assert.AreEqual (8, bc.RawData.Length, "RawData"); // original Oid ignored
87 Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value");
88 // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
89 //Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName");
90 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
91 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
92 Assert.AreEqual (1, bc.PathLengthConstraint, "PathLengthConstraint");
93 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=1" + Environment.NewLine, bc.Format (true), "Format(true)");
94 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=1", bc.Format (false), "Format(false)");
98 [ExpectedException (typeof (CryptographicException))]
99 public void ConstructorAsnEncodedData_BadAsn ()
101 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[0]);
102 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
103 Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)");
104 Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)");
105 bool b = bc.CertificateAuthority;
109 [ExpectedException (typeof (CryptographicException))]
110 public void ConstructorAsnEncodedData_BadAsnTag ()
112 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x05, 0x00 });
113 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
114 Assert.AreEqual ("0500", bc.Format (true), "Format(true)");
115 Assert.AreEqual ("0500", bc.Format (false), "Format(false)");
116 bool b = bc.CertificateAuthority;
120 [ExpectedException (typeof (CryptographicException))]
121 public void ConstructorAsnEncodedData_BadAsnLength ()
123 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x01 });
124 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
125 Assert.AreEqual ("3001", bc.Format (true), "Format(true)");
126 Assert.AreEqual ("3001", bc.Format (false), "Format(false)");
127 bool b = bc.CertificateAuthority;
131 public void ConstructorAsnEncodedData_SmallestValid ()
133 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x00 });
134 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
135 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
136 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
137 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
138 Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData");
139 Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)");
140 Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=None", bc.Format (false), "Format(false)");
144 [ExpectedException (typeof (NullReferenceException))]
145 public void ConstructorAsnEncodedData_Null ()
147 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (null, true);
151 public void Constructor_TrueTrueZero ()
153 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, true, 0, true);
154 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
155 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
156 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
157 Assert.AreEqual ("30-06-01-01-FF-02-01-00", BitConverter.ToString (bc.RawData), "RawData");
158 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=0" + Environment.NewLine, bc.Format (true), "Format(true)");
159 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=0", bc.Format (false), "Format(false)");
163 public void Constructor_TrueTrueMaxInt ()
165 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, true, Int32.MaxValue, true);
166 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
167 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
168 Assert.AreEqual (Int32.MaxValue, bc.PathLengthConstraint, "PathLengthConstraint");
169 Assert.AreEqual ("30-09-01-01-FF-02-04-7F-FF-FF-FF", BitConverter.ToString (bc.RawData), "RawData");
170 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=2147483647" + Environment.NewLine, bc.Format (true), "Format(true)");
171 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=2147483647", bc.Format (false), "Format(false)");
175 public void Constructor_TrueFalseNegative ()
177 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, false, -1, true);
178 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
179 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
180 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
181 Assert.AreEqual ("30-03-01-01-FF", BitConverter.ToString (bc.RawData), "RawData");
182 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)");
183 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=None", bc.Format (false), "Format(false)");
187 public void Constructor_FalseTruePositive ()
189 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, true);
190 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
191 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
192 Assert.AreEqual (1, bc.PathLengthConstraint, "PathLengthConstraint");
193 Assert.AreEqual ("30-03-02-01-01", BitConverter.ToString (bc.RawData), "RawData");
194 Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=1" + Environment.NewLine, bc.Format (true), "Format(true)");
195 Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=1", bc.Format (false), "Format(false)");
199 [ExpectedException (typeof (ArgumentOutOfRangeException))]
200 public void Constructor_FalseTrueNegative ()
202 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, -1, true);
206 public void Constructor_FalseFalseNegative ()
208 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, false, -1, true);
209 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
210 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
211 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
212 Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData");
213 Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)");
214 Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=None", bc.Format (false), "Format(false)");
218 [ExpectedException (typeof (ArgumentNullException))]
219 public void WrongExtension_X509KeyUsageExtension ()
221 X509KeyUsageExtension ku = new X509KeyUsageExtension ();
222 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
227 public void WrongExtension_X509Extension ()
229 X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
230 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, false);
231 Assert.IsFalse (bc.Critical, "Critical");
233 Assert.IsTrue (bc.Critical, "Critical");
234 Assert.AreEqual (String.Empty, BitConverter.ToString (bc.RawData), "RawData");
235 Assert.AreEqual ("1.2.3", bc.Oid.Value, "Oid.Value");
236 Assert.IsNull (bc.Oid.FriendlyName, "Oid.FriendlyName");
240 [ExpectedException (typeof (CryptographicException))]
241 public void WrongExtension_X509Extension_CertificateAuthority ()
243 X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
244 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
246 bool b = bc.CertificateAuthority;
250 [ExpectedException (typeof (ArgumentException))]
251 public void WrongAsnEncodedData ()
253 AsnEncodedData aed = new AsnEncodedData (new byte[0]);
254 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, false);
255 bc.CopyFrom (aed); // note: not the same behaviour than using the constructor!
259 [ExpectedException (typeof (ArgumentNullException))]
260 public void CopyFrom_Null ()
262 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
267 public void CopyFrom_Self ()
269 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, false, -1, true);
270 Assert.IsTrue (bc.Critical, "Critical");
271 byte[] raw = bc.RawData;
272 Assert.AreEqual ("30-00", BitConverter.ToString (raw), "RawData");
274 AsnEncodedData aed = new AsnEncodedData (raw);
275 X509BasicConstraintsExtension copy = new X509BasicConstraintsExtension (aed, false);
276 Assert.IsFalse (copy.Critical, "Critical");
277 Assert.AreEqual (2, copy.RawData.Length, "RawData"); // original Oid ignored
278 Assert.AreEqual (oid, copy.Oid.Value, "Oid.Value");
279 // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
280 //Assert.AreEqual (fname, copy.Oid.FriendlyName, "Oid.FriendlyName");
281 Assert.IsFalse (copy.CertificateAuthority, "CertificateAuthority");
282 Assert.IsFalse (copy.HasPathLengthConstraint, "HasPathLengthConstraint");
283 Assert.AreEqual (0, copy.PathLengthConstraint, "PathLengthConstraint");
287 public void CreateViaCryptoConfig ()
289 // extensions can be created with CryptoConfig
290 AsnEncodedData aed = new AsnEncodedData (new byte[] { 0x30, 0x00 });
291 X509BasicConstraintsExtension bc = (X509BasicConstraintsExtension) CryptoConfig.CreateFromName (oid, new object[2] { aed, false });
292 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
293 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
294 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
295 Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData");