2 // X509ChainPolicyTest.cs - NUnit tests for X509ChainPolicy
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using NUnit.Framework;
34 using System.Collections;
35 using System.Security.Cryptography;
36 using System.Security.Cryptography.X509Certificates;
37 using System.Threading;
39 namespace MonoTests.System.Security.Cryptography.X509Certificates {
42 public class X509ChainPolicyTest {
44 static string signingTimeOid = "1.2.840.113549.1.9.5";
46 private X509ChainPolicy GetPolicy ()
48 X509Chain c = new X509Chain ();
53 public void Default ()
55 X509ChainPolicy cp = GetPolicy ();
57 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
58 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
59 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
60 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
61 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
62 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
63 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
64 DateTime vt = cp.VerificationTime;
65 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
69 public void ApplicationPolicy ()
71 X509ChainPolicy cp = GetPolicy ();
72 cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
73 Assert.AreEqual (1, cp.ApplicationPolicy.Count, "ApplicationPolicy");
77 public void ApplicationPolicy_Reset ()
79 X509ChainPolicy cp = GetPolicy ();
80 cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
81 OidCollection oc = cp.ApplicationPolicy;
82 Assert.AreEqual (1, oc.Count, "ApplicationPolicy-1");
84 Assert.AreEqual (1, oc.Count, "ApplicationPolicy-2");
85 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy-3");
89 public void CertificatePolicy ()
91 X509ChainPolicy cp = GetPolicy ();
92 cp.CertificatePolicy.Add (new Oid (signingTimeOid));
93 Assert.AreEqual (1, cp.CertificatePolicy.Count, "CertificatePolicy");
97 public void CertificatePolicy_Reset ()
99 X509ChainPolicy cp = GetPolicy ();
100 cp.CertificatePolicy.Add (new Oid (signingTimeOid));
101 OidCollection oc = cp.CertificatePolicy;
102 Assert.AreEqual (1, oc.Count, "CertificatePolicy-1");
104 Assert.AreEqual (1, oc.Count, "CertificatePolicy-2");
105 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy-3");
109 public void ExtraStore ()
111 X509ChainPolicy cp = GetPolicy ();
112 cp.ExtraStore.Add (new X509Certificate2 ());
113 Assert.AreEqual (1, cp.ExtraStore.Count, "ExtraStore");
117 public void ExtraStore_Reset ()
119 X509ChainPolicy cp = GetPolicy ();
120 cp.ExtraStore.Add (new X509Certificate2 ());
121 X509Certificate2Collection cc = cp.ExtraStore;
122 Assert.AreEqual (1, cc.Count, "ExtraStore-1");
124 Assert.AreEqual (1, cc.Count, "ExtraStore-2");
125 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore-3");
129 public void RevocationFlag ()
131 X509ChainPolicy cp = GetPolicy ();
132 cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
133 Assert.AreEqual (X509RevocationFlag.EndCertificateOnly, cp.RevocationFlag, "EndCertificateOnly");
134 cp.RevocationFlag = X509RevocationFlag.EntireChain;
135 Assert.AreEqual (X509RevocationFlag.EntireChain, cp.RevocationFlag, "EntireChain");
136 cp.RevocationFlag = X509RevocationFlag.ExcludeRoot;
137 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "ExcludeRoot");
141 [ExpectedException (typeof (ArgumentException))]
142 public void RevocationFlag_Invalid ()
144 X509ChainPolicy cp = GetPolicy ();
145 cp.RevocationFlag = (X509RevocationFlag) Int32.MinValue;
149 public void RevocationMode ()
151 X509ChainPolicy cp = GetPolicy ();
152 cp.RevocationMode = X509RevocationMode.NoCheck;
153 Assert.AreEqual (X509RevocationMode.NoCheck, cp.RevocationMode, "NoCheck");
154 cp.RevocationMode = X509RevocationMode.Offline;
155 Assert.AreEqual (X509RevocationMode.Offline, cp.RevocationMode, "Offline");
156 cp.RevocationMode = X509RevocationMode.Online;
157 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "Online");
161 [ExpectedException (typeof (ArgumentException))]
162 public void RevocationMode_Invalid ()
164 X509ChainPolicy cp = GetPolicy ();
165 cp.RevocationMode = (X509RevocationMode) Int32.MinValue;
169 public void UrlRetrievalTimeout ()
171 X509ChainPolicy cp = GetPolicy ();
172 cp.UrlRetrievalTimeout = new TimeSpan (100);
173 Assert.AreEqual (100, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=100");
174 cp.UrlRetrievalTimeout = new TimeSpan (0);
175 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=0");
176 cp.UrlRetrievalTimeout = TimeSpan.MinValue;
177 Assert.AreEqual (TimeSpan.MinValue, cp.UrlRetrievalTimeout, "TimeSpan=MinValue");
178 cp.UrlRetrievalTimeout = TimeSpan.MaxValue;
179 Assert.AreEqual (TimeSpan.MaxValue, cp.UrlRetrievalTimeout, "TimeSpan=MaxValue");
183 public void VerificationFlags ()
185 X509ChainPolicy cp = GetPolicy ();
186 cp.VerificationFlags = X509VerificationFlags.AllFlags;
187 Assert.AreEqual (X509VerificationFlags.AllFlags, cp.VerificationFlags, "AllFlags");
188 cp.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
189 Assert.AreEqual (X509VerificationFlags.AllowUnknownCertificateAuthority, cp.VerificationFlags, "AllowUnknownCertificateAuthority");
190 cp.VerificationFlags = X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown;
191 Assert.AreEqual (X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown, cp.VerificationFlags, "IgnoreCertificateAuthorityRevocationUnknown");
192 cp.VerificationFlags = X509VerificationFlags.IgnoreCtlNotTimeValid;
193 Assert.AreEqual (X509VerificationFlags.IgnoreCtlNotTimeValid, cp.VerificationFlags, "IgnoreCtlNotTimeValid");
194 cp.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown;
195 Assert.AreEqual (X509VerificationFlags.IgnoreCtlSignerRevocationUnknown, cp.VerificationFlags, "IgnoreCtlSignerRevocationUnknown");
196 cp.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
197 Assert.AreEqual (X509VerificationFlags.IgnoreEndRevocationUnknown, cp.VerificationFlags, "IgnoreEndRevocationUnknown");
198 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidBasicConstraints;
199 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidBasicConstraints, cp.VerificationFlags, "IgnoreInvalidBasicConstraints");
200 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidName;
201 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidName, cp.VerificationFlags, "IgnoreInvalidName");
202 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidPolicy;
203 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidPolicy, cp.VerificationFlags, "IgnoreInvalidPolicy");
204 cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeNested;
205 Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeNested, cp.VerificationFlags, "IgnoreNotTimeNested");
206 cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid;
207 Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeValid, cp.VerificationFlags, "IgnoreNotTimeValid");
208 cp.VerificationFlags = X509VerificationFlags.IgnoreRootRevocationUnknown;
209 Assert.AreEqual (X509VerificationFlags.IgnoreRootRevocationUnknown, cp.VerificationFlags, "IgnoreRootRevocationUnknown");
210 cp.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
211 Assert.AreEqual (X509VerificationFlags.IgnoreWrongUsage, cp.VerificationFlags, "IgnoreWrongUsage");
212 cp.VerificationFlags = X509VerificationFlags.NoFlag;
213 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "NoFlag");
217 [ExpectedException (typeof (ArgumentException))]
218 public void VerificationFlags_Invalid ()
220 X509ChainPolicy cp = GetPolicy ();
221 cp.VerificationFlags = (X509VerificationFlags)Int32.MinValue;
225 public void VerificationTime ()
227 X509ChainPolicy cp = GetPolicy ();
228 Assert.AreEqual (DateTimeKind.Local, cp.VerificationTime.Kind, "Kind=Local");
229 cp.VerificationTime = DateTime.Today;
230 Assert.AreEqual (DateTime.Today, cp.VerificationTime, "DateTime=Today");
231 cp.VerificationTime = new DateTime (0);
232 Assert.AreEqual (0, cp.VerificationTime.Ticks, "DateTime=0");
233 cp.VerificationTime = DateTime.MinValue;
234 Assert.AreEqual (DateTime.MinValue, cp.VerificationTime, "DateTime=MinValue");
235 cp.VerificationTime = DateTime.MaxValue;
236 Assert.AreEqual (DateTime.MaxValue, cp.VerificationTime, "DateTime=MaxValue");
242 X509ChainPolicy cp = GetPolicy ();
243 cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
244 cp.CertificatePolicy.Add (new Oid (signingTimeOid));
245 cp.ExtraStore.Add (new X509Certificate2 ());
246 cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
247 cp.RevocationMode = X509RevocationMode.NoCheck;
248 cp.UrlRetrievalTimeout = new TimeSpan (100);
249 cp.VerificationFlags = X509VerificationFlags.AllFlags;
250 DateTime vt = cp.VerificationTime;
251 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
252 // wait a bit before calling Reset, otherwise we could end up with the same time value
255 Assert.IsTrue ((vt != cp.VerificationTime), "VerificationTime-Reset");
256 // default properties
257 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
258 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
259 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
260 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
261 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
262 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
263 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
264 vt = cp.VerificationTime;
265 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");