1 // 2 // Pkits_4_02_ValidityPeriod.cs - 3 // NUnit tests for Pkits 4.2 : Validity Period 4 // 5 // Author: 6 // Sebastien Pouliot <sebastien@ximian.com> 7 // 8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com) 9 // 10 // Permission is hereby granted, free of charge, to any person obtaining 11 // a copy of this software and associated documentation files (the 12 // "Software"), to deal in the Software without restriction, including 13 // without limitation the rights to use, copy, modify, merge, publish, 14 // distribute, sublicense, and/or sell copies of the Software, and to 15 // permit persons to whom the Software is furnished to do so, subject to 16 // the following conditions: 17 // 18 // The above copyright notice and this permission notice shall be 19 // included in all copies or substantial portions of the Software. 20 // 21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 // 29 30 31 using NUnit.Framework; 32 33 using System; 34 using System.Security.Cryptography.X509Certificates; 35 36 namespace MonoTests.System.Security.Cryptography.X509Certificates { 37 38 /* 39 * Notes: 40 * 41 * [MS/XP] Everything looks to be RFC3280 compliant. 42 * 43 * See PkitsTest.cs for more details 44 */ 45 46 [TestFixture] 47 [Category ("PKITS")] 48 public class Pkits_4_02_ValidityPeriod: PkitsTest { 49 50 public X509Certificate2 BadnotBeforeDateCACert { 51 get { return GetCertificate ("BadnotBeforeDateCACert.crt"); } 52 } 53 54 public X509Certificate2 BadnotAfterDateCACert { 55 get { return GetCertificate ("BadnotAfterDateCACert.crt"); } 56 } 57 58 [Test] T1_InvalidCAnotBeforeDate()59 public void T1_InvalidCAnotBeforeDate () 60 { 61 X509Certificate2 ee = GetCertificate ("InvalidCAnotBeforeDateTest1EE.crt"); 62 X509Chain chain = new X509Chain (); 63 Assert.IsFalse (chain.Build (ee), "Build"); 64 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus"); 65 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 66 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 67 Assert.AreEqual (BadnotBeforeDateCACert, chain.ChainElements[1].Certificate, "BadnotBeforeDateCACert"); 68 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[1].ChainElementStatus, "BadnotBeforeDateCACert.Status"); 69 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 70 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 71 } 72 73 [Test] T2_InvalidEEnotBeforeDate()74 public void T2_InvalidEEnotBeforeDate () 75 { 76 X509Certificate2 ee = GetCertificate ("InvalidEEnotBeforeDateTest2EE.crt"); 77 X509Chain chain = new X509Chain (); 78 Assert.IsFalse (chain.Build (ee), "Build"); 79 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus"); 80 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 81 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 82 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert"); 83 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status"); 84 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 85 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 86 } 87 88 [Test] T3_ValidPre2000UTCnotBeforeDate()89 public void T3_ValidPre2000UTCnotBeforeDate () 90 { 91 X509Certificate2 ee = GetCertificate ("Validpre2000UTCnotBeforeDateTest3EE.crt"); 92 X509Chain chain = new X509Chain (); 93 Assert.IsTrue (chain.Build (ee), "Build"); 94 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus"); 95 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 96 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 97 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert"); 98 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status"); 99 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 100 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 101 } 102 103 [Test] T4_ValidGeneralizedTimeNotBeforeDate()104 public void T4_ValidGeneralizedTimeNotBeforeDate () 105 { 106 X509Certificate2 ee = GetCertificate ("ValidGeneralizedTimenotBeforeDateTest4EE.crt"); 107 X509Chain chain = new X509Chain (); 108 Assert.IsTrue (chain.Build (ee), "Build"); 109 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus"); 110 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 111 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 112 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert"); 113 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status"); 114 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 115 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 116 } 117 118 [Test] T5_InvalidCAnotAfterDate()119 public void T5_InvalidCAnotAfterDate () 120 { 121 X509Certificate2 ee = GetCertificate ("InvalidCAnotAfterDateTest5EE.crt"); 122 X509Chain chain = new X509Chain (); 123 Assert.IsFalse (chain.Build (ee), "Build"); 124 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus"); 125 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 126 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 127 Assert.AreEqual (BadnotAfterDateCACert, chain.ChainElements[1].Certificate, "BadnotAfterDateCACert"); 128 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[1].ChainElementStatus, "BadnotAfterDateCACert.Status"); 129 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 130 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 131 } 132 133 [Test] T6_InvalidEEnotAfterDate()134 public void T6_InvalidEEnotAfterDate () 135 { 136 X509Certificate2 ee = GetCertificate ("InvalidEEnotAfterDateTest6EE.crt"); 137 X509Chain chain = new X509Chain (); 138 Assert.IsFalse (chain.Build (ee), "Build"); 139 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus"); 140 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 141 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 142 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert"); 143 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status"); 144 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 145 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 146 } 147 148 [Test] T7_InvalidPre2000UTCnotAfterDate()149 public void T7_InvalidPre2000UTCnotAfterDate () 150 { 151 X509Certificate2 ee = GetCertificate ("Invalidpre2000UTCEEnotAfterDateTest7EE.crt"); 152 X509Chain chain = new X509Chain (); 153 Assert.IsFalse (chain.Build (ee), "Build"); 154 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainStatus, "ChainStatus"); 155 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 156 CheckChainStatus (X509ChainStatusFlags.NotTimeValid, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 157 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert"); 158 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status"); 159 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 160 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 161 } 162 163 [Test] T8_ValidGeneralizedTimeNotAfterDate()164 public void T8_ValidGeneralizedTimeNotAfterDate () 165 { 166 X509Certificate2 ee = GetCertificate ("ValidGeneralizedTimenotAfterDateTest8EE.crt"); 167 X509Chain chain = new X509Chain (); 168 Assert.IsTrue (chain.Build (ee), "Build"); 169 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainStatus, "ChainStatus"); 170 Assert.AreEqual (ee, chain.ChainElements[0].Certificate, "EndEntity"); 171 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[0].ChainElementStatus, "EndEntity.Status"); 172 Assert.AreEqual (GoodCACert, chain.ChainElements[1].Certificate, "GoodCACert"); 173 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[1].ChainElementStatus, "GoodCACert.Status"); 174 Assert.AreEqual (TrustAnchorRoot, chain.ChainElements[2].Certificate, "TrustAnchorRoot"); 175 CheckChainStatus (X509ChainStatusFlags.NoError, chain.ChainElements[2].ChainElementStatus, "TrustAnchorRoot.Status"); 176 } 177 } 178 } 179 180