2 // PkitsTest.cs - NUnit tests for
3 // NIST Public Key Interoperability Test Suite (PKITS)
4 // Certificate Path Validation, Version 1.0, September 2, 2004
7 // Sebastien Pouliot <sebastien@ximian.com>
9 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using NUnit.Framework;
35 using System.Collections;
37 using System.Security.Cryptography;
38 using System.Security.Cryptography.Pkcs;
39 using System.Security.Cryptography.X509Certificates;
42 namespace MonoTests.System.Security.Cryptography.Pkcs {
46 * http://csrs.nist.gov/pki/testing/x509paths.html
48 * Documentation is available at
49 * http://csrc.nist.gov/pki/testing/PKITS.pdf
51 * Test data is available at
52 * http://csrc.nist.gov/pki/testing/PKITS_data.zip
54 * License information are available at
55 * http://cio.nist.gov/esd/emaildir/lists/pkits/msg00048.html
59 public class PkitsTest {
61 private string base_dir;
62 private string certs_base_dir;
63 private string smime_base_dir;
64 private Hashtable cache;
65 private Oid[] policies;
68 public void FixtureSetUp ()
70 // reuse PKITS data installed in System (for X509Chain tests)
71 base_dir = String.Format ("{0}{1}..{1}System{1}Test{1}System.Security.Cryptography.X509Certificates{1}pkits",
72 Directory.GetCurrentDirectory (), Path.DirectorySeparatorChar);
73 if (!Directory.Exists (base_dir))
74 Assert.Ignore ("PKITS tests data not found under '{0}'.", new object[] { base_dir });
75 certs_base_dir = Path.Combine (base_dir, "certs");
76 smime_base_dir = Path.Combine (base_dir, "smime");
78 cache = new Hashtable ();
80 policies = new Oid[9];
82 policies[0] = new Oid ("2.5.29.32.0");
84 for (int i=0; i < 9; i++)
85 policies[i] = new Oid ("2.16.840.1.101.3.2.1.48." + i.ToString ());
89 public void FixtureTearDown ()
94 public X509Certificate2 GetCertificate (string filename)
96 X509Certificate2 result = (cache[filename] as X509Certificate2);
98 string full_path = Path.Combine (certs_base_dir, filename);
99 result = new X509Certificate2 (full_path);
100 cache[filename] = result;
105 public byte[] GetData (string filename)
107 string full_path = Path.Combine (smime_base_dir, filename);
108 using (StreamReader sr = new StreamReader (full_path)) {
109 string s = sr.ReadLine ();
110 while (!sr.EndOfStream) {
116 return Convert.FromBase64String (s);
120 public X509Certificate2 TrustAnchorRoot {
121 get { return GetCertificate ("TrustAnchorRootCertificate.crt"); }
124 public X509Certificate2 GoodCACert {
125 get { return GetCertificate ("GoodCACert.crt"); }
128 // Sadly both SignedCms.CheckHash and SignedCms.CheckSignature returns void and throw an exception.
129 // This makes it difficult to use in tests because we want to be sure that the "expected exception"
130 // is being thrown at the "right" place. The next 2 methods hacks around that limitation.
131 public bool CheckHash (SignedCms cms)
134 cms.CheckSignature (false);
142 public bool CheckSignature (SignedCms cms)
145 cms.CheckSignature (false);
153 public Oid AnyPolicy {
154 get { return policies [0]; }
157 public Oid NistPolicy (int n)