2 // Pkits_4_01_SignatureVerification.cs -
3 // NUnit tests for Pkits 4.1 : Signature Verification
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using NUnit.Framework;
34 using System.Security.Cryptography.Pkcs;
35 using System.Security.Cryptography.X509Certificates;
36 using System.Security.Cryptography.Xml;
38 namespace MonoTests.System.Security.Cryptography.Pkcs {
42 [Category ("NotWorking")]
43 public class Pkits_4_01_SignatureVerification: PkitsTest {
45 public X509Certificate2 BadSignedCACert {
46 get { return GetCertificate ("BadSignedCACert.crt"); }
49 public X509Certificate2 DSACACert {
50 get { return GetCertificate ("DSACACert.crt"); }
53 public X509Certificate2 DSAParametersInheritedCACert {
54 get { return GetCertificate ("DSAParametersInheritedCACert.crt"); }
58 public void T1_ValidSignature ()
60 byte[] data = GetData ("SignedValidSignaturesTest1.eml");
61 SignedCms cms = new SignedCms ();
63 Assert.IsTrue (CheckHash (cms), "CheckHash");
64 Assert.IsTrue (CheckSignature (cms), "CheckSignature");
66 X509Certificate2 ee = GetCertificate ("ValidCertificatePathTest1EE.crt");
67 // certificates aren't in any particuliar order
68 Assert.IsTrue (cms.Certificates.Contains (ee), "EE");
69 Assert.IsTrue (cms.Certificates.Contains (GoodCACert), "GoodCACert");
70 Assert.IsFalse (cms.Detached, "Detached");
71 Assert.AreEqual (1, cms.Version, "Version");
72 Assert.AreEqual ("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
73 Assert.AreEqual ("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-3B-20-63-68-61-72-73-65-74-3D-69-73-6F-2D-38-38-35-39-2D-31-0D-0A-43-6F-6E-74-65-6E-74-2D-54-72-61-6E-73-66-65-72-2D-45-6E-63-6F-64-69-6E-67-3A-20-37-62-69-74-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E", BitConverter.ToString (cms.ContentInfo.Content), "ContentInfo.Content");
74 Assert.AreEqual (1, cms.SignerInfos.Count, "SignerInfos.Count");
75 Assert.AreEqual (ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
76 Assert.AreEqual (0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
77 Assert.AreEqual ("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
78 Assert.AreEqual (0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
79 Assert.AreEqual (SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
80 X509IssuerSerial xis = (X509IssuerSerial) cms.SignerInfos[0].SignerIdentifier.Value;
81 Assert.AreEqual ("CN=Good CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
82 Assert.AreEqual ("01", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
83 Assert.AreEqual (0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
84 Assert.AreEqual (1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");
88 public void T2_InvalidCASignature ()
90 byte[] data = GetData ("SignedInvalidCASignatureTest2.eml");
91 SignedCms cms = new SignedCms ();
93 Assert.IsTrue (CheckHash (cms), "CheckHash");
94 Assert.IsFalse (CheckSignature (cms), "CheckSignature");
96 X509Certificate2 ee = GetCertificate ("InvalidCASignatureTest2EE.crt");
97 // certificates aren't in any particuliar order
98 Assert.IsTrue (cms.Certificates.Contains (ee), "EE");
99 Assert.IsTrue (cms.Certificates.Contains (BadSignedCACert), "BadSignedCACert");
100 Assert.IsFalse (cms.Detached, "Detached");
101 Assert.AreEqual (1, cms.Version, "Version");
102 Assert.AreEqual ("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
103 Assert.AreEqual ("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-3B-20-63-68-61-72-73-65-74-3D-69-73-6F-2D-38-38-35-39-2D-31-0D-0A-43-6F-6E-74-65-6E-74-2D-54-72-61-6E-73-66-65-72-2D-45-6E-63-6F-64-69-6E-67-3A-20-37-62-69-74-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E", BitConverter.ToString (cms.ContentInfo.Content), "ContentInfo.Content");
104 Assert.AreEqual (1, cms.SignerInfos.Count, "SignerInfos.Count");
105 Assert.AreEqual (ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
106 Assert.AreEqual (0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
107 Assert.AreEqual ("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
108 Assert.AreEqual (0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
109 Assert.AreEqual (SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
110 X509IssuerSerial xis = (X509IssuerSerial) cms.SignerInfos[0].SignerIdentifier.Value;
111 Assert.AreEqual ("CN=Bad Signed CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
112 Assert.AreEqual ("01", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
113 Assert.AreEqual (0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
114 Assert.AreEqual (1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");
118 public void T3_InvalidEESignature ()
120 byte[] data = GetData ("SignedInvalidEESignatureTest3.eml");
121 SignedCms cms = new SignedCms ();
123 Assert.IsTrue (CheckHash (cms), "CheckHash");
124 Assert.IsFalse (CheckSignature (cms), "CheckSignature");
126 X509Certificate2 ee = GetCertificate ("InvalidEESignatureTest3EE.crt");
127 // certificates aren't in any particuliar order
128 Assert.IsTrue (cms.Certificates.Contains (ee), "EE");
129 Assert.IsTrue (cms.Certificates.Contains (GoodCACert), "GoodCACert");
130 Assert.IsFalse (cms.Detached, "Detached");
131 Assert.AreEqual (1, cms.Version, "Version");
132 Assert.AreEqual ("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
133 Assert.AreEqual ("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-3B-20-63-68-61-72-73-65-74-3D-69-73-6F-2D-38-38-35-39-2D-31-0D-0A-43-6F-6E-74-65-6E-74-2D-54-72-61-6E-73-66-65-72-2D-45-6E-63-6F-64-69-6E-67-3A-20-37-62-69-74-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E", BitConverter.ToString (cms.ContentInfo.Content), "ContentInfo.Content");
134 Assert.AreEqual (1, cms.SignerInfos.Count, "SignerInfos.Count");
135 Assert.AreEqual (ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
136 Assert.AreEqual (0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
137 Assert.AreEqual ("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
138 Assert.AreEqual (0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
139 Assert.AreEqual (SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
140 X509IssuerSerial xis = (X509IssuerSerial) cms.SignerInfos[0].SignerIdentifier.Value;
141 Assert.AreEqual ("CN=Good CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
142 Assert.AreEqual ("02", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
143 Assert.AreEqual (0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
144 Assert.AreEqual (1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");
148 public void T4_ValidDSASignatures ()
150 byte[] data = GetData ("SignedValidDSASignaturesTest4.eml");
151 SignedCms cms = new SignedCms ();
153 Assert.IsTrue (CheckHash (cms), "CheckHash");
154 Assert.IsTrue (CheckSignature (cms), "CheckSignature");
156 X509Certificate2 ee = GetCertificate ("ValidDSASignaturesTest4EE.crt");
157 // certificates aren't in any particuliar order
158 Assert.IsTrue (cms.Certificates.Contains (ee), "EE");
159 Assert.IsTrue (cms.Certificates.Contains (DSACACert), "DSACACert");
160 Assert.IsFalse (cms.Detached, "Detached");
161 Assert.AreEqual (1, cms.Version, "Version");
162 Assert.AreEqual ("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
163 Assert.AreEqual ("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-0D-0A-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E-0D-0A", BitConverter.ToString (cms.ContentInfo.Content), "ContentInfo.Content");
164 Assert.AreEqual (1, cms.SignerInfos.Count, "SignerInfos.Count");
165 Assert.AreEqual (ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
166 Assert.AreEqual (0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
167 Assert.AreEqual ("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
168 Assert.AreEqual (0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
169 Assert.AreEqual (SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
170 X509IssuerSerial xis = (X509IssuerSerial) cms.SignerInfos[0].SignerIdentifier.Value;
171 Assert.AreEqual ("CN=DSA CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
172 Assert.AreEqual ("01", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
173 Assert.AreEqual (0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
174 Assert.AreEqual (1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");
178 public void T5_ValidDSAParameterInheritance ()
180 byte[] data = GetData ("SignedValidDSAParameterInheritanceTest5.eml");
181 SignedCms cms = new SignedCms ();
183 Assert.IsTrue (CheckHash (cms), "CheckHash");
184 Assert.IsTrue (CheckSignature (cms), "CheckSignature");
186 X509Certificate2 ee = GetCertificate ("ValidDSAParameterInheritanceTest5EE.crt");
187 // certificates aren't in any particuliar order
188 Assert.IsTrue (cms.Certificates.Contains (ee), "EE");
189 Assert.IsTrue (cms.Certificates.Contains (DSAParametersInheritedCACert), "DSAParametersInheritedCACert");
190 Assert.IsTrue (cms.Certificates.Contains (DSACACert), "DSACACert");
191 Assert.IsFalse (cms.Detached, "Detached");
192 Assert.AreEqual (1, cms.Version, "Version");
193 Assert.AreEqual ("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
194 Assert.AreEqual ("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-0D-0A-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E-0D-0A", BitConverter.ToString (cms.ContentInfo.Content), "ContentInfo.Content");
195 Assert.AreEqual (1, cms.SignerInfos.Count, "SignerInfos.Count");
196 Assert.AreEqual (ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
197 Assert.AreEqual (0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
198 Assert.AreEqual ("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
199 Assert.AreEqual (0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
200 Assert.AreEqual (SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
201 X509IssuerSerial xis = (X509IssuerSerial) cms.SignerInfos[0].SignerIdentifier.Value;
202 Assert.AreEqual ("CN=DSA Parameters Inherited CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
203 Assert.AreEqual ("01", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
204 Assert.AreEqual (0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
205 Assert.AreEqual (1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");
209 public void T6_InvalidDSASignatures ()
211 byte[] data = GetData ("SignedInvalidDSASignatureTest6.eml");
212 SignedCms cms = new SignedCms ();
214 Assert.IsTrue (CheckHash (cms), "CheckHash");
215 Assert.IsFalse (CheckSignature (cms), "CheckSignature");
217 X509Certificate2 ee = GetCertificate ("InvalidDSASignatureTest6EE.crt");
218 // certificates aren't in any particuliar order
219 Assert.IsTrue (cms.Certificates.Contains (ee), "EE");
220 Assert.IsTrue (cms.Certificates.Contains (DSACACert), "DSACACert");
221 Assert.IsFalse (cms.Detached, "Detached");
222 Assert.AreEqual (1, cms.Version, "Version");
223 Assert.AreEqual ("1.2.840.113549.1.7.1", cms.ContentInfo.ContentType.Value, "ContentInfo.Oid");
224 Assert.AreEqual ("43-6F-6E-74-65-6E-74-2D-54-79-70-65-3A-20-74-65-78-74-2F-70-6C-61-69-6E-0D-0A-0D-0A-0D-0A-54-68-69-73-20-69-73-20-61-20-73-61-6D-70-6C-65-20-73-69-67-6E-65-64-20-6D-65-73-73-61-67-65-2E-0D-0A", BitConverter.ToString (cms.ContentInfo.Content), "ContentInfo.Content");
225 Assert.AreEqual (1, cms.SignerInfos.Count, "SignerInfos.Count");
226 Assert.AreEqual (ee, cms.SignerInfos[0].Certificate, "SignerInfos[0].Certificate");
227 Assert.AreEqual (0, cms.SignerInfos[0].CounterSignerInfos.Count, "SignerInfos[0].CounterSignerInfos.Count");
228 Assert.AreEqual ("1.3.14.3.2.26", cms.SignerInfos[0].DigestAlgorithm.Value, "cms.SignerInfos[0].DigestAlgorithm");
229 Assert.AreEqual (0, cms.SignerInfos[0].SignedAttributes.Count, "SignerInfos[0].SignedAttributes.Count");
230 Assert.AreEqual (SubjectIdentifierType.IssuerAndSerialNumber, cms.SignerInfos[0].SignerIdentifier.Type, "SignerInfos[0].SignerIdentifier.Type");
231 X509IssuerSerial xis = (X509IssuerSerial) cms.SignerInfos[0].SignerIdentifier.Value;
232 Assert.AreEqual ("CN=DSA CA, O=Test Certificates, C=US", xis.IssuerName, "SignerInfos[0].SignerIdentifier.Value.IssuerName");
233 Assert.AreEqual ("03", xis.SerialNumber, "SignerInfos[0].SignerIdentifier.Value.SerialNumber");
234 Assert.AreEqual (0, cms.SignerInfos[0].UnsignedAttributes.Count, "SignerInfos[0].UnsignedAttributes.Count");
235 Assert.AreEqual (1, cms.SignerInfos[0].Version, "SignerInfos[0].Version");