1 // 2 // X509ChainPolicyTest.cs - NUnit tests for X509ChainPolicy 3 // 4 // Author: 5 // Sebastien Pouliot <sebastien@ximian.com> 6 // 7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com) 8 // Copyright (C) 2006 Novell, Inc (http://www.novell.com) 9 // 10 // Permission is hereby granted, free of charge, to any person obtaining 11 // a copy of this software and associated documentation files (the 12 // "Software"), to deal in the Software without restriction, including 13 // without limitation the rights to use, copy, modify, merge, publish, 14 // distribute, sublicense, and/or sell copies of the Software, and to 15 // permit persons to whom the Software is furnished to do so, subject to 16 // the following conditions: 17 // 18 // The above copyright notice and this permission notice shall be 19 // included in all copies or substantial portions of the Software. 20 // 21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 // 29 30 31 using NUnit.Framework; 32 33 using System; 34 using System.Collections; 35 using System.Security.Cryptography; 36 using System.Security.Cryptography.X509Certificates; 37 using System.Threading; 38 39 namespace MonoTests.System.Security.Cryptography.X509Certificates { 40 41 [TestFixture] 42 public class X509ChainPolicyTest { 43 44 static string signingTimeOid = "1.2.840.113549.1.9.5"; 45 GetPolicy()46 private X509ChainPolicy GetPolicy () 47 { 48 X509Chain c = new X509Chain (); 49 return c.ChainPolicy; 50 } 51 52 [Test] Default()53 public void Default () 54 { 55 X509ChainPolicy cp = GetPolicy (); 56 // default properties 57 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy"); 58 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy"); 59 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore"); 60 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag"); 61 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode"); 62 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout"); 63 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags"); 64 DateTime vt = cp.VerificationTime; 65 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime"); 66 } 67 68 [Test] ApplicationPolicy()69 public void ApplicationPolicy () 70 { 71 X509ChainPolicy cp = GetPolicy (); 72 cp.ApplicationPolicy.Add (new Oid (signingTimeOid)); 73 Assert.AreEqual (1, cp.ApplicationPolicy.Count, "ApplicationPolicy"); 74 } 75 76 [Test] ApplicationPolicy_Reset()77 public void ApplicationPolicy_Reset () 78 { 79 X509ChainPolicy cp = GetPolicy (); 80 cp.ApplicationPolicy.Add (new Oid (signingTimeOid)); 81 OidCollection oc = cp.ApplicationPolicy; 82 Assert.AreEqual (1, oc.Count, "ApplicationPolicy-1"); 83 cp.Reset (); 84 Assert.AreEqual (1, oc.Count, "ApplicationPolicy-2"); 85 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy-3"); 86 } 87 88 [Test] CertificatePolicy()89 public void CertificatePolicy () 90 { 91 X509ChainPolicy cp = GetPolicy (); 92 cp.CertificatePolicy.Add (new Oid (signingTimeOid)); 93 Assert.AreEqual (1, cp.CertificatePolicy.Count, "CertificatePolicy"); 94 } 95 96 [Test] CertificatePolicy_Reset()97 public void CertificatePolicy_Reset () 98 { 99 X509ChainPolicy cp = GetPolicy (); 100 cp.CertificatePolicy.Add (new Oid (signingTimeOid)); 101 OidCollection oc = cp.CertificatePolicy; 102 Assert.AreEqual (1, oc.Count, "CertificatePolicy-1"); 103 cp.Reset (); 104 Assert.AreEqual (1, oc.Count, "CertificatePolicy-2"); 105 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy-3"); 106 } 107 108 [Test] ExtraStore()109 public void ExtraStore () 110 { 111 X509ChainPolicy cp = GetPolicy (); 112 cp.ExtraStore.Add (new X509Certificate2 ()); 113 Assert.AreEqual (1, cp.ExtraStore.Count, "ExtraStore"); 114 } 115 116 [Test] ExtraStore_Reset()117 public void ExtraStore_Reset () 118 { 119 X509ChainPolicy cp = GetPolicy (); 120 cp.ExtraStore.Add (new X509Certificate2 ()); 121 X509Certificate2Collection cc = cp.ExtraStore; 122 Assert.AreEqual (1, cc.Count, "ExtraStore-1"); 123 cp.Reset (); 124 Assert.AreEqual (1, cc.Count, "ExtraStore-2"); 125 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore-3"); 126 } 127 128 [Test] RevocationFlag()129 public void RevocationFlag () 130 { 131 X509ChainPolicy cp = GetPolicy (); 132 cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly; 133 Assert.AreEqual (X509RevocationFlag.EndCertificateOnly, cp.RevocationFlag, "EndCertificateOnly"); 134 cp.RevocationFlag = X509RevocationFlag.EntireChain; 135 Assert.AreEqual (X509RevocationFlag.EntireChain, cp.RevocationFlag, "EntireChain"); 136 cp.RevocationFlag = X509RevocationFlag.ExcludeRoot; 137 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "ExcludeRoot"); 138 } 139 140 [Test] 141 [ExpectedException (typeof (ArgumentException))] RevocationFlag_Invalid()142 public void RevocationFlag_Invalid () 143 { 144 X509ChainPolicy cp = GetPolicy (); 145 cp.RevocationFlag = (X509RevocationFlag) Int32.MinValue; 146 } 147 148 [Test] RevocationMode()149 public void RevocationMode () 150 { 151 X509ChainPolicy cp = GetPolicy (); 152 cp.RevocationMode = X509RevocationMode.NoCheck; 153 Assert.AreEqual (X509RevocationMode.NoCheck, cp.RevocationMode, "NoCheck"); 154 cp.RevocationMode = X509RevocationMode.Offline; 155 Assert.AreEqual (X509RevocationMode.Offline, cp.RevocationMode, "Offline"); 156 cp.RevocationMode = X509RevocationMode.Online; 157 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "Online"); 158 } 159 160 [Test] 161 [ExpectedException (typeof (ArgumentException))] RevocationMode_Invalid()162 public void RevocationMode_Invalid () 163 { 164 X509ChainPolicy cp = GetPolicy (); 165 cp.RevocationMode = (X509RevocationMode) Int32.MinValue; 166 } 167 168 [Test] UrlRetrievalTimeout()169 public void UrlRetrievalTimeout () 170 { 171 X509ChainPolicy cp = GetPolicy (); 172 cp.UrlRetrievalTimeout = new TimeSpan (100); 173 Assert.AreEqual (100, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=100"); 174 cp.UrlRetrievalTimeout = new TimeSpan (0); 175 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "TimeSpan=0"); 176 cp.UrlRetrievalTimeout = TimeSpan.MinValue; 177 Assert.AreEqual (TimeSpan.MinValue, cp.UrlRetrievalTimeout, "TimeSpan=MinValue"); 178 cp.UrlRetrievalTimeout = TimeSpan.MaxValue; 179 Assert.AreEqual (TimeSpan.MaxValue, cp.UrlRetrievalTimeout, "TimeSpan=MaxValue"); 180 } 181 182 [Test] VerificationFlags()183 public void VerificationFlags () 184 { 185 X509ChainPolicy cp = GetPolicy (); 186 cp.VerificationFlags = X509VerificationFlags.AllFlags; 187 Assert.AreEqual (X509VerificationFlags.AllFlags, cp.VerificationFlags, "AllFlags"); 188 cp.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; 189 Assert.AreEqual (X509VerificationFlags.AllowUnknownCertificateAuthority, cp.VerificationFlags, "AllowUnknownCertificateAuthority"); 190 cp.VerificationFlags = X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown; 191 Assert.AreEqual (X509VerificationFlags.IgnoreCertificateAuthorityRevocationUnknown, cp.VerificationFlags, "IgnoreCertificateAuthorityRevocationUnknown"); 192 cp.VerificationFlags = X509VerificationFlags.IgnoreCtlNotTimeValid; 193 Assert.AreEqual (X509VerificationFlags.IgnoreCtlNotTimeValid, cp.VerificationFlags, "IgnoreCtlNotTimeValid"); 194 cp.VerificationFlags = X509VerificationFlags.IgnoreCtlSignerRevocationUnknown; 195 Assert.AreEqual (X509VerificationFlags.IgnoreCtlSignerRevocationUnknown, cp.VerificationFlags, "IgnoreCtlSignerRevocationUnknown"); 196 cp.VerificationFlags = X509VerificationFlags.IgnoreEndRevocationUnknown; 197 Assert.AreEqual (X509VerificationFlags.IgnoreEndRevocationUnknown, cp.VerificationFlags, "IgnoreEndRevocationUnknown"); 198 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidBasicConstraints; 199 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidBasicConstraints, cp.VerificationFlags, "IgnoreInvalidBasicConstraints"); 200 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidName; 201 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidName, cp.VerificationFlags, "IgnoreInvalidName"); 202 cp.VerificationFlags = X509VerificationFlags.IgnoreInvalidPolicy; 203 Assert.AreEqual (X509VerificationFlags.IgnoreInvalidPolicy, cp.VerificationFlags, "IgnoreInvalidPolicy"); 204 cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeNested; 205 Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeNested, cp.VerificationFlags, "IgnoreNotTimeNested"); 206 cp.VerificationFlags = X509VerificationFlags.IgnoreNotTimeValid; 207 Assert.AreEqual (X509VerificationFlags.IgnoreNotTimeValid, cp.VerificationFlags, "IgnoreNotTimeValid"); 208 cp.VerificationFlags = X509VerificationFlags.IgnoreRootRevocationUnknown; 209 Assert.AreEqual (X509VerificationFlags.IgnoreRootRevocationUnknown, cp.VerificationFlags, "IgnoreRootRevocationUnknown"); 210 cp.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage; 211 Assert.AreEqual (X509VerificationFlags.IgnoreWrongUsage, cp.VerificationFlags, "IgnoreWrongUsage"); 212 cp.VerificationFlags = X509VerificationFlags.NoFlag; 213 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "NoFlag"); 214 } 215 216 [Test] 217 [ExpectedException (typeof (ArgumentException))] VerificationFlags_Invalid()218 public void VerificationFlags_Invalid () 219 { 220 X509ChainPolicy cp = GetPolicy (); 221 cp.VerificationFlags = (X509VerificationFlags)Int32.MinValue; 222 } 223 224 [Test] VerificationTime()225 public void VerificationTime () 226 { 227 X509ChainPolicy cp = GetPolicy (); 228 Assert.AreEqual (DateTimeKind.Local, cp.VerificationTime.Kind, "Kind=Local"); 229 cp.VerificationTime = DateTime.Today; 230 Assert.AreEqual (DateTime.Today, cp.VerificationTime, "DateTime=Today"); 231 cp.VerificationTime = new DateTime (0); 232 Assert.AreEqual (0, cp.VerificationTime.Ticks, "DateTime=0"); 233 cp.VerificationTime = DateTime.MinValue; 234 Assert.AreEqual (DateTime.MinValue, cp.VerificationTime, "DateTime=MinValue"); 235 cp.VerificationTime = DateTime.MaxValue; 236 Assert.AreEqual (DateTime.MaxValue, cp.VerificationTime, "DateTime=MaxValue"); 237 } 238 239 [Test] Reset()240 public void Reset () 241 { 242 X509ChainPolicy cp = GetPolicy (); 243 cp.ApplicationPolicy.Add (new Oid (signingTimeOid)); 244 cp.CertificatePolicy.Add (new Oid (signingTimeOid)); 245 cp.ExtraStore.Add (new X509Certificate2 ()); 246 cp.RevocationFlag = X509RevocationFlag.EndCertificateOnly; 247 cp.RevocationMode = X509RevocationMode.NoCheck; 248 cp.UrlRetrievalTimeout = new TimeSpan (100); 249 cp.VerificationFlags = X509VerificationFlags.AllFlags; 250 DateTime vt = cp.VerificationTime; 251 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime"); 252 // wait a bit before calling Reset, otherwise we could end up with the same time value 253 Thread.Sleep (100); 254 cp.Reset (); 255 Assert.IsTrue ((vt != cp.VerificationTime), "VerificationTime-Reset"); 256 // default properties 257 Assert.AreEqual (0, cp.ApplicationPolicy.Count, "ApplicationPolicy"); 258 Assert.AreEqual (0, cp.CertificatePolicy.Count, "CertificatePolicy"); 259 Assert.AreEqual (0, cp.ExtraStore.Count, "ExtraStore"); 260 Assert.AreEqual (X509RevocationFlag.ExcludeRoot, cp.RevocationFlag, "RevocationFlag"); 261 Assert.AreEqual (X509RevocationMode.Online, cp.RevocationMode, "RevocationMode"); 262 Assert.AreEqual (0, cp.UrlRetrievalTimeout.Ticks, "UrlRetrievalTimeout"); 263 Assert.AreEqual (X509VerificationFlags.NoFlag, cp.VerificationFlags, "VerificationFlags"); 264 vt = cp.VerificationTime; 265 Assert.IsTrue (((vt <= DateTime.Now) && (vt > DateTime.Now.AddMinutes (-1))), "VerificationTime"); 266 } 267 } 268 } 269 270