mcs/class/System/Test/System.Security.Cryptography.X509Certificates/X509ChainPolicyTest.cs

   1 //
   2 // X509ChainPolicyTest.cs - NUnit tests for X509ChainPolicy
   3 //
   4 // Author:
   5 //      Sebastien Pouliot  <sebastien@ximian.com>
   6 //
   7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
   8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
   9 //
  10 // Permission is hereby granted, free of charge, to any person obtaining
  11 // a copy of this software and associated documentation files (the
  12 // "Software"), to deal in the Software without restriction, including
  13 // without limitation the rights to use, copy, modify, merge, publish,
  14 // distribute, sublicense, and/or sell copies of the Software, and to
  15 // permit persons to whom the Software is furnished to do so, subject to
  16 // the following conditions:
  17 //
  18 // The above copyright notice and this permission notice shall be
  19 // included in all copies or substantial portions of the Software.
  20 //
  21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  28 //
  29
  30 #if NET_2_0
  31
  32 using NUnit.Framework;
  33
  34 using System;
  35 using System.Collections;
  36 using System.Security.Cryptography;
  37 using System.Security.Cryptography.X509Certificates;
  38 using System.Threading;
  39
  40 namespace MonoTests.System.Security.Cryptography.X509Certificates {
  41
  42         [TestFixture]
  43         public class X509ChainPolicyTest {
  44
  45                 static string signingTimeOid = "1.2.840.113549.1.9.5";
  46
  47                 private X509ChainPolicy GetPolicy ()
  48                 {
  49                         X509Chain c = new X509Chain ();
  50                         return c.ChainPolicy;
  51                 }
  52
  53                 [Test]
  54                 public void Default ()
  55                 {
  56                         X509ChainPolicy cp = GetPolicy ();
  57                         // default properties
  58                         Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
  59                         Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
  60                         Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
  61                         Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
  62                         Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
  63                         Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
  64                         Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
  65                         DateTime vt = cp.VerificationTime;
  66                         Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
  67                 }
  68
  69                 [Test]
  70                 public void ApplicationPolicy ()
  71                 {
  72                         X509ChainPolicy cp = GetPolicy ();
  73                         cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
  74                         Assert.AreEqual (1, cp.ApplicationPolicy.Count, "ApplicationPolicy");
  75                 }
  76
  77                 [Test]
  78                 public void ApplicationPolicy_Reset ()
  79                 {
  80                         X509ChainPolicy cp = GetPolicy ();
  81                         cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
  82                         OidCollection oc = cp.ApplicationPolicy;
  83                         Assert.AreEqual (1, oc.Count, "ApplicationPolicy-1");
  84                         cp.Reset ();
  85                         Assert.AreEqual (1, oc.Count, "ApplicationPolicy-2");
  86                         Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy-3");
  87                 }
  88
  89                 [Test]
  90                 public void CertificatePolicy ()
  91                 {
  92                         X509ChainPolicy cp = GetPolicy ();
  93                         cp.CertificatePolicy.Add (new Oid (signingTimeOid));
  94                         Assert.AreEqual (1, cp.CertificatePolicy.Count, "CertificatePolicy");
  95                 }
  96
  97                 [Test]
  98                 public void CertificatePolicy_Reset ()
  99                 {
 100                         X509ChainPolicy cp = GetPolicy ();
 101                         cp.CertificatePolicy.Add (new Oid (signingTimeOid));
 102                         OidCollection oc = cp.CertificatePolicy;
 103                         Assert.AreEqual (1, oc.Count, "CertificatePolicy-1");
 104                         cp.Reset ();
 105                         Assert.AreEqual (1, oc.Count, "CertificatePolicy-2");
 106                         Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy-3");
 107                 }
 108
 109                 [Test]
 110                 public void ExtraStore ()
 111                 {
 112                         X509ChainPolicy cp = GetPolicy ();
 113                         cp.ExtraStore.Add (new X509Certificate2 ());
 114                         Assert.AreEqual (1, cp.ExtraStore.Count, "ExtraStore");
 115                 }
 116
 117                 [Test]
 118                 public void ExtraStore_Reset ()
 119                 {
 120                         X509ChainPolicy cp = GetPolicy ();
 121                         cp.ExtraStore.Add (new X509Certificate2 ());
 122                         X509Certificate2Collection cc = cp.ExtraStore;
 123                         Assert.AreEqual (1, cc.Count, "ExtraStore-1");
 124                         cp.Reset ();
 125                         Assert.AreEqual (1, cc.Count, "ExtraStore-2");
 126                         Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore-3");
 127                 }
 128
 129                 [Test]
 130                 public void RevocationFlag ()
 131                 {
 132                         X509ChainPolicy cp = GetPolicy ();
 133                         cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
 134                         Assert.AreEqual (X509RevocationFlag.EndCertificateOnly, cp.RevocationFlag, "EndCertificateOnly");
 135                         cp.RevocationFlag = X509RevocationFlag.EntireChain;
 136                         Assert.AreEqual (X509RevocationFlag.EntireChain, cp.RevocationFlag, "EntireChain");
 137                         cp.RevocationFlag = X509RevocationFlag.ExcludeRoot;
 138                         Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "ExcludeRoot");
 139                 }
 140
 141                 [Test]
 142                 [ExpectedException (typeof (ArgumentException))]
 143                 public void RevocationFlag_Invalid ()
 144                 {
 145                         X509ChainPolicy cp = GetPolicy ();
 146                         cp.RevocationFlag = (X509RevocationFlag) Int32.MinValue;
 147                 }
 148
 149                 [Test]
 150                 public void RevocationMode ()
 151                 {
 152                         X509ChainPolicy cp = GetPolicy ();
 153                         cp.RevocationMode = X509RevocationMode.NoCheck;
 154                         Assert.AreEqual (X509RevocationMode.NoCheck, cp.RevocationMode, "NoCheck");
 155                         cp.RevocationMode = X509RevocationMode.Offline;
 156                         Assert.AreEqual (X509RevocationMode.Offline, cp.RevocationMode, "Offline");
 157                         cp.RevocationMode = X509RevocationMode.Online;
 158                         Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "Online");
 159                 }
 160
 161                 [Test]
 162                 [ExpectedException (typeof (ArgumentException))]
 163                 public void RevocationMode_Invalid ()
 164                 {
 165                         X509ChainPolicy cp = GetPolicy ();
 166                         cp.RevocationMode = (X509RevocationMode) Int32.MinValue;
 167                 }
 168
 169                 [Test]
 170                 public void UrlRetrievalTimeout ()
 171                 {
 172                         X509ChainPolicy cp = GetPolicy ();
 173                         cp.UrlRetrievalTimeout = new TimeSpan (100);
 174                         Assert.AreEqual (100, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=100");
 175                         cp.UrlRetrievalTimeout = new TimeSpan (0);
 176                         Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=0");
 177                         cp.UrlRetrievalTimeout = TimeSpan.MinValue;
 178                         Assert.AreEqual (TimeSpan.MinValue, cp.UrlRetrievalTimeout, "TimeSpan=MinValue");
 179                         cp.UrlRetrievalTimeout = TimeSpan.MaxValue;
 180                         Assert.AreEqual (TimeSpan.MaxValue, cp.UrlRetrievalTimeout, "TimeSpan=MaxValue");
 181                 }
 182
 183                 [Test]
 184                 public void VerificationFlags ()
 185                 {
 186                         X509ChainPolicy cp = GetPolicy ();
 187                         cp.VerificationFlags = X509VerificationFlags.AllFlags;
 188                         Assert.AreEqual (X509VerificationFlags.AllFlags, cp.VerificationFlags, "AllFlags");
 189                         cp.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
 190                         Assert.AreEqual (X509VerificationFlags.AllowUnknownCertificateAuthority, cp.VerificationFlags, "AllowUnknownCertificateAuthority");
 191                         cp.VerificationFlags = X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown;
 192                         Assert.AreEqual (X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown, cp.VerificationFlags, "IgnoreCertificateAuthorityRevocationUnknown");
 193                         cp.VerificationFlags = X509VerificationFlags.IgnoreCtlNotTimeValid;
 194                         Assert.AreEqual (X509VerificationFlags.IgnoreCtlNotTimeValid, cp.VerificationFlags, "IgnoreCtlNotTimeValid");
 195                         cp.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown;
 196                         Assert.AreEqual (X509VerificationFlags.IgnoreCtlSignerRevocationUnknown, cp.VerificationFlags, "IgnoreCtlSignerRevocationUnknown");
 197                         cp.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown;
 198                         Assert.AreEqual (X509VerificationFlags.IgnoreEndRevocationUnknown, cp.VerificationFlags, "IgnoreEndRevocationUnknown");
 199                         cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidBasicConstraints;
 200                         Assert.AreEqual (X509VerificationFlags.IgnoreInvalidBasicConstraints, cp.VerificationFlags, "IgnoreInvalidBasicConstraints");
 201                         cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidName;
 202                         Assert.AreEqual (X509VerificationFlags.IgnoreInvalidName, cp.VerificationFlags, "IgnoreInvalidName");
 203                         cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidPolicy;
 204                         Assert.AreEqual (X509VerificationFlags.IgnoreInvalidPolicy, cp.VerificationFlags, "IgnoreInvalidPolicy");
 205                         cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeNested;
 206                         Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeNested, cp.VerificationFlags, "IgnoreNotTimeNested");
 207                         cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid;
 208                         Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeValid, cp.VerificationFlags, "IgnoreNotTimeValid");
 209                         cp.VerificationFlags = X509VerificationFlags.IgnoreRootRevocationUnknown;
 210                         Assert.AreEqual (X509VerificationFlags.IgnoreRootRevocationUnknown, cp.VerificationFlags, "IgnoreRootRevocationUnknown");
 211                         cp.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage;
 212                         Assert.AreEqual (X509VerificationFlags.IgnoreWrongUsage, cp.VerificationFlags, "IgnoreWrongUsage");
 213                         cp.VerificationFlags = X509VerificationFlags.NoFlag;
 214                         Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "NoFlag");
 215                 }
 216
 217                 [Test]
 218                 [ExpectedException (typeof (ArgumentException))]
 219                 public void VerificationFlags_Invalid ()
 220                 {
 221                         X509ChainPolicy cp = GetPolicy ();
 222                         cp.VerificationFlags = (X509VerificationFlags)Int32.MinValue;
 223                 }
 224
 225                 [Test]
 226                 public void VerificationTime ()
 227                 {
 228                         X509ChainPolicy cp = GetPolicy ();
 229                         Assert.AreEqual (DateTimeKind.Local, cp.VerificationTime.Kind, "Kind=Local");
 230                         cp.VerificationTime = DateTime.Today;
 231                         Assert.AreEqual (DateTime.Today, cp.VerificationTime, "DateTime=Today");
 232                         cp.VerificationTime = new DateTime (0);
 233                         Assert.AreEqual (0, cp.VerificationTime.Ticks, "DateTime=0");
 234                         cp.VerificationTime = DateTime.MinValue;
 235                         Assert.AreEqual (DateTime.MinValue, cp.VerificationTime, "DateTime=MinValue");
 236                         cp.VerificationTime = DateTime.MaxValue;
 237                         Assert.AreEqual (DateTime.MaxValue, cp.VerificationTime, "DateTime=MaxValue");
 238                 }
 239
 240                 [Test]
 241                 public void Reset ()
 242                 {
 243                         X509ChainPolicy cp = GetPolicy ();
 244                         cp.ApplicationPolicy.Add (new Oid (signingTimeOid));
 245                         cp.CertificatePolicy.Add (new Oid (signingTimeOid));
 246                         cp.ExtraStore.Add (new X509Certificate2 ());
 247                         cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly;
 248                         cp.RevocationMode = X509RevocationMode.NoCheck;
 249                         cp.UrlRetrievalTimeout = new TimeSpan (100);
 250                         cp.VerificationFlags = X509VerificationFlags.AllFlags;
 251                         DateTime vt = cp.VerificationTime;
 252                         Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
 253                         // wait a bit before calling Reset, otherwise we could end up with the same time value
 254                         Thread.Sleep (100);
 255                         cp.Reset ();
 256                         Assert.IsTrue ((vt != cp.VerificationTime), "VerificationTime-Reset");
 257                         // default properties
 258                         Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy");
 259                         Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy");
 260                         Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore");
 261                         Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag");
 262                         Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode");
 263                         Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout");
 264                         Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags");
 265                         vt = cp.VerificationTime;
 266                         Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime");
 267                 }
 268         }
 269 }
 270
 271 #endif