2 // X509ChainPolicyTest.cs - NUnit tests for X509ChainPolicy
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using NUnit.Framework;
35 using System.Collections;
36 using System.Security.Cryptography;
37 using System.Security.Cryptography.X509Certificates;
38 using System.Threading;
40 namespace MonoTests.System.Security.Cryptography.X509Certificates {
43 public class X509ChainPolicyTest {
45 static string signingTimeOid = "1.2.840.113549.1.9.5";
47 private X509ChainPolicy GetPolicy ()
49 X509Chain c = new X509Chain ();
54 public void Default ()
56 X509ChainPolicy cp = GetPolicy ();
58 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
59 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
60 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
61 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
62 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
63 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
64 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
65 DateTime vt = cp.VerificationTime;
66 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
70 public void ApplicationPolicy ()
72 X509ChainPolicy cp = GetPolicy ();
73 cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
74 Assert.AreEqual (1, cp.ApplicationPolicy.Count, "ApplicationPolicy");
78 public void ApplicationPolicy_Reset ()
80 X509ChainPolicy cp = GetPolicy ();
81 cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
82 OidCollection oc = cp.ApplicationPolicy;
83 Assert.AreEqual (1, oc.Count, "ApplicationPolicy-1");
85 Assert.AreEqual (1, oc.Count, "ApplicationPolicy-2");
86 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy-3");
90 public void CertificatePolicy ()
92 X509ChainPolicy cp = GetPolicy ();
93 cp.CertificatePolicy.Add (new Oid (signingTimeOid));
94 Assert.AreEqual (1, cp.CertificatePolicy.Count, "CertificatePolicy");
98 public void CertificatePolicy_Reset ()
100 X509ChainPolicy cp = GetPolicy ();
101 cp.CertificatePolicy.Add (new Oid (signingTimeOid));
102 OidCollection oc = cp.CertificatePolicy;
103 Assert.AreEqual (1, oc.Count, "CertificatePolicy-1");
105 Assert.AreEqual (1, oc.Count, "CertificatePolicy-2");
106 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy-3");
110 public void ExtraStore ()
112 X509ChainPolicy cp = GetPolicy ();
113 cp.ExtraStore.Add (new X509Certificate2 ());
114 Assert.AreEqual (1, cp.ExtraStore.Count, "ExtraStore");
118 public void ExtraStore_Reset ()
120 X509ChainPolicy cp = GetPolicy ();
121 cp.ExtraStore.Add (new X509Certificate2 ());
122 X509Certificate2Collection cc = cp.ExtraStore;
123 Assert.AreEqual (1, cc.Count, "ExtraStore-1");
125 Assert.AreEqual (1, cc.Count, "ExtraStore-2");
126 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore-3");
130 public void RevocationFlag ()
132 X509ChainPolicy cp = GetPolicy ();
133 cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
134 Assert.AreEqual (X509RevocationFlag.EndCertificateOnly, cp.RevocationFlag, "EndCertificateOnly");
135 cp.RevocationFlag = X509RevocationFlag.EntireChain;
136 Assert.AreEqual (X509RevocationFlag.EntireChain, cp.RevocationFlag, "EntireChain");
137 cp.RevocationFlag = X509RevocationFlag.ExcludeRoot;
138 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "ExcludeRoot");
142 [ExpectedException (typeof (ArgumentException))]
143 public void RevocationFlag_Invalid ()
145 X509ChainPolicy cp = GetPolicy ();
146 cp.RevocationFlag = (X509RevocationFlag) Int32.MinValue;
150 public void RevocationMode ()
152 X509ChainPolicy cp = GetPolicy ();
153 cp.RevocationMode = X509RevocationMode.NoCheck;
154 Assert.AreEqual (X509RevocationMode.NoCheck, cp.RevocationMode, "NoCheck");
155 cp.RevocationMode = X509RevocationMode.Offline;
156 Assert.AreEqual (X509RevocationMode.Offline, cp.RevocationMode, "Offline");
157 cp.RevocationMode = X509RevocationMode.Online;
158 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "Online");
162 [ExpectedException (typeof (ArgumentException))]
163 public void RevocationMode_Invalid ()
165 X509ChainPolicy cp = GetPolicy ();
166 cp.RevocationMode = (X509RevocationMode) Int32.MinValue;
170 public void UrlRetrievalTimeout ()
172 X509ChainPolicy cp = GetPolicy ();
173 cp.UrlRetrievalTimeout = new TimeSpan (100);
174 Assert.AreEqual (100, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=100");
175 cp.UrlRetrievalTimeout = new TimeSpan (0);
176 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=0");
177 cp.UrlRetrievalTimeout = TimeSpan.MinValue;
178 Assert.AreEqual (TimeSpan.MinValue, cp.UrlRetrievalTimeout, "TimeSpan=MinValue");
179 cp.UrlRetrievalTimeout = TimeSpan.MaxValue;
180 Assert.AreEqual (TimeSpan.MaxValue, cp.UrlRetrievalTimeout, "TimeSpan=MaxValue");
184 public void VerificationFlags ()
186 X509ChainPolicy cp = GetPolicy ();
187 cp.VerificationFlags = X509VerificationFlags.AllFlags;
188 Assert.AreEqual (X509VerificationFlags.AllFlags, cp.VerificationFlags, "AllFlags");
189 cp.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
190 Assert.AreEqual (X509VerificationFlags.AllowUnknownCertificateAuthority, cp.VerificationFlags, "AllowUnknownCertificateAuthority");
191 cp.VerificationFlags = X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown;
192 Assert.AreEqual (X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown, cp.VerificationFlags, "IgnoreCertificateAuthorityRevocationUnknown");
193 cp.VerificationFlags = X509VerificationFlags.IgnoreCtlNotTimeValid;
194 Assert.AreEqual (X509VerificationFlags.IgnoreCtlNotTimeValid, cp.VerificationFlags, "IgnoreCtlNotTimeValid");
195 cp.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown;
196 Assert.AreEqual (X509VerificationFlags.IgnoreCtlSignerRevocationUnknown, cp.VerificationFlags, "IgnoreCtlSignerRevocationUnknown");
197 cp.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
198 Assert.AreEqual (X509VerificationFlags.IgnoreEndRevocationUnknown, cp.VerificationFlags, "IgnoreEndRevocationUnknown");
199 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidBasicConstraints;
200 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidBasicConstraints, cp.VerificationFlags, "IgnoreInvalidBasicConstraints");
201 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidName;
202 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidName, cp.VerificationFlags, "IgnoreInvalidName");
203 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidPolicy;
204 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidPolicy, cp.VerificationFlags, "IgnoreInvalidPolicy");
205 cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeNested;
206 Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeNested, cp.VerificationFlags, "IgnoreNotTimeNested");
207 cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid;
208 Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeValid, cp.VerificationFlags, "IgnoreNotTimeValid");
209 cp.VerificationFlags = X509VerificationFlags.IgnoreRootRevocationUnknown;
210 Assert.AreEqual (X509VerificationFlags.IgnoreRootRevocationUnknown, cp.VerificationFlags, "IgnoreRootRevocationUnknown");
211 cp.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
212 Assert.AreEqual (X509VerificationFlags.IgnoreWrongUsage, cp.VerificationFlags, "IgnoreWrongUsage");
213 cp.VerificationFlags = X509VerificationFlags.NoFlag;
214 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "NoFlag");
218 [ExpectedException (typeof (ArgumentException))]
219 public void VerificationFlags_Invalid ()
221 X509ChainPolicy cp = GetPolicy ();
222 cp.VerificationFlags = (X509VerificationFlags)Int32.MinValue;
226 public void VerificationTime ()
228 X509ChainPolicy cp = GetPolicy ();
229 Assert.AreEqual (DateTimeKind.Local, cp.VerificationTime.Kind, "Kind=Local");
230 cp.VerificationTime = DateTime.Today;
231 Assert.AreEqual (DateTime.Today, cp.VerificationTime, "DateTime=Today");
232 cp.VerificationTime = new DateTime (0);
233 Assert.AreEqual (0, cp.VerificationTime.Ticks, "DateTime=0");
234 cp.VerificationTime = DateTime.MinValue;
235 Assert.AreEqual (DateTime.MinValue, cp.VerificationTime, "DateTime=MinValue");
236 cp.VerificationTime = DateTime.MaxValue;
237 Assert.AreEqual (DateTime.MaxValue, cp.VerificationTime, "DateTime=MaxValue");
243 X509ChainPolicy cp = GetPolicy ();
244 cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
245 cp.CertificatePolicy.Add (new Oid (signingTimeOid));
246 cp.ExtraStore.Add (new X509Certificate2 ());
247 cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
248 cp.RevocationMode = X509RevocationMode.NoCheck;
249 cp.UrlRetrievalTimeout = new TimeSpan (100);
250 cp.VerificationFlags = X509VerificationFlags.AllFlags;
251 DateTime vt = cp.VerificationTime;
252 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
253 // wait a bit before calling Reset, otherwise we could end up with the same time value
256 Assert.IsTrue ((vt != cp.VerificationTime), "VerificationTime-Reset");
257 // default properties
258 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
259 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
260 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
261 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
262 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
263 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
264 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
265 vt = cp.VerificationTime;
266 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");