2 // X509BasicConstraintsExtensionTest.cs
3 // - NUnit tests for X509BasicConstraintsExtension
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using NUnit.Framework;
34 using System.Security.Cryptography;
35 using System.Security.Cryptography.X509Certificates;
37 namespace MonoTests.System.Security.Cryptography.X509Certificates {
40 public class X509BasicConstraintsExtensionTest {
42 private const string oid = "2.5.29.19";
43 private const string fname = "Basic Constraints";
46 public void ConstructorEmpty ()
48 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
49 Assert.IsFalse (bc.Critical, "Critical");
50 Assert.IsNull (bc.RawData, "RawData");
51 Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value");
52 // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
53 //Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName");
54 Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)");
55 Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)");
59 public void ConstructorEmpty_CertificateAuthority ()
61 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
62 Assert.AreEqual (false, bc.CertificateAuthority, "CertificateAuthority");
66 public void ConstructorEmpty_HasPathLengthConstraint ()
68 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
69 Assert.AreEqual (false, bc.HasPathLengthConstraint, "HasPathLengthConstraint");
73 public void ConstructorEmpty_PathLengthConstraint ()
75 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
76 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
80 public void ConstructorAsnEncodedData ()
82 AsnEncodedData aed = new AsnEncodedData (new byte[] { 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x01 });
83 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
84 Assert.IsTrue (bc.Critical, "Critical");
85 Assert.AreEqual (8, bc.RawData.Length, "RawData"); // original Oid ignored
86 Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value");
87 // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
88 //Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName");
89 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
90 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
91 Assert.AreEqual (1, bc.PathLengthConstraint, "PathLengthConstraint");
92 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=1" + Environment.NewLine, bc.Format (true), "Format(true)");
93 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=1", bc.Format (false), "Format(false)");
97 [ExpectedException (typeof (CryptographicException))]
98 public void ConstructorAsnEncodedData_BadAsn ()
100 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[0]);
101 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
102 Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)");
103 Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)");
104 bool b = bc.CertificateAuthority;
108 [ExpectedException (typeof (CryptographicException))]
109 public void ConstructorAsnEncodedData_BadAsnTag ()
111 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x05, 0x00 });
112 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
113 Assert.AreEqual ("0500", bc.Format (true), "Format(true)");
114 Assert.AreEqual ("0500", bc.Format (false), "Format(false)");
115 bool b = bc.CertificateAuthority;
119 [ExpectedException (typeof (CryptographicException))]
120 public void ConstructorAsnEncodedData_BadAsnLength ()
122 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x01 });
123 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
124 Assert.AreEqual ("3001", bc.Format (true), "Format(true)");
125 Assert.AreEqual ("3001", bc.Format (false), "Format(false)");
126 bool b = bc.CertificateAuthority;
130 public void ConstructorAsnEncodedData_SmallestValid ()
132 AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x00 });
133 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true);
134 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
135 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
136 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
137 Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData");
138 Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)");
139 Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=None", bc.Format (false), "Format(false)");
143 [ExpectedException (typeof (NullReferenceException))]
144 public void ConstructorAsnEncodedData_Null ()
146 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (null, true);
150 public void Constructor_TrueTrueZero ()
152 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, true, 0, true);
153 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
154 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
155 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
156 Assert.AreEqual ("30-06-01-01-FF-02-01-00", BitConverter.ToString (bc.RawData), "RawData");
157 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=0" + Environment.NewLine, bc.Format (true), "Format(true)");
158 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=0", bc.Format (false), "Format(false)");
162 public void Constructor_TrueTrueMaxInt ()
164 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, true, Int32.MaxValue, true);
165 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
166 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
167 Assert.AreEqual (Int32.MaxValue, bc.PathLengthConstraint, "PathLengthConstraint");
168 Assert.AreEqual ("30-09-01-01-FF-02-04-7F-FF-FF-FF", BitConverter.ToString (bc.RawData), "RawData");
169 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=2147483647" + Environment.NewLine, bc.Format (true), "Format(true)");
170 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=2147483647", bc.Format (false), "Format(false)");
174 public void Constructor_TrueFalseNegative ()
176 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, false, -1, true);
177 Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority");
178 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
179 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
180 Assert.AreEqual ("30-03-01-01-FF", BitConverter.ToString (bc.RawData), "RawData");
181 Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)");
182 Assert.AreEqual ("Subject Type=CA, Path Length Constraint=None", bc.Format (false), "Format(false)");
186 public void Constructor_FalseTruePositive ()
188 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, true);
189 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
190 Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
191 Assert.AreEqual (1, bc.PathLengthConstraint, "PathLengthConstraint");
192 Assert.AreEqual ("30-03-02-01-01", BitConverter.ToString (bc.RawData), "RawData");
193 Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=1" + Environment.NewLine, bc.Format (true), "Format(true)");
194 Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=1", bc.Format (false), "Format(false)");
198 [ExpectedException (typeof (ArgumentOutOfRangeException))]
199 public void Constructor_FalseTrueNegative ()
201 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, -1, true);
205 public void Constructor_FalseFalseNegative ()
207 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, false, -1, true);
208 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
209 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
210 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
211 Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData");
212 Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)");
213 Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=None", bc.Format (false), "Format(false)");
217 [ExpectedException (typeof (ArgumentNullException))]
218 public void WrongExtension_X509KeyUsageExtension ()
220 X509KeyUsageExtension ku = new X509KeyUsageExtension ();
221 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
226 public void WrongExtension_X509Extension ()
228 X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
229 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, false);
230 Assert.IsFalse (bc.Critical, "Critical");
232 Assert.IsTrue (bc.Critical, "Critical");
233 Assert.AreEqual (String.Empty, BitConverter.ToString (bc.RawData), "RawData");
234 Assert.AreEqual ("1.2.3", bc.Oid.Value, "Oid.Value");
235 Assert.IsNull (bc.Oid.FriendlyName, "Oid.FriendlyName");
239 [ExpectedException (typeof (CryptographicException))]
240 public void WrongExtension_X509Extension_CertificateAuthority ()
242 X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
243 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
245 bool b = bc.CertificateAuthority;
249 [ExpectedException (typeof (ArgumentException))]
250 public void WrongAsnEncodedData ()
252 AsnEncodedData aed = new AsnEncodedData (new byte[0]);
253 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, false);
254 bc.CopyFrom (aed); // note: not the same behaviour than using the constructor!
258 [ExpectedException (typeof (ArgumentNullException))]
259 public void CopyFrom_Null ()
261 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension ();
266 public void CopyFrom_Self ()
268 X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, false, -1, true);
269 Assert.IsTrue (bc.Critical, "Critical");
270 byte[] raw = bc.RawData;
271 Assert.AreEqual ("30-00", BitConverter.ToString (raw), "RawData");
273 AsnEncodedData aed = new AsnEncodedData (raw);
274 X509BasicConstraintsExtension copy = new X509BasicConstraintsExtension (aed, false);
275 Assert.IsFalse (copy.Critical, "Critical");
276 Assert.AreEqual (2, copy.RawData.Length, "RawData"); // original Oid ignored
277 Assert.AreEqual (oid, copy.Oid.Value, "Oid.Value");
278 // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
279 //Assert.AreEqual (fname, copy.Oid.FriendlyName, "Oid.FriendlyName");
280 Assert.IsFalse (copy.CertificateAuthority, "CertificateAuthority");
281 Assert.IsFalse (copy.HasPathLengthConstraint, "HasPathLengthConstraint");
282 Assert.AreEqual (0, copy.PathLengthConstraint, "PathLengthConstraint");
287 public void CreateViaCryptoConfig ()
289 // extensions can be created with CryptoConfig
290 AsnEncodedData aed = new AsnEncodedData (new byte[] { 0x30, 0x00 });
291 X509BasicConstraintsExtension bc = (X509BasicConstraintsExtension) CryptoConfig.CreateFromName (oid, new object[2] { aed, false });
292 Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority");
293 Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint");
294 Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint");
295 Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData");