-
Notifications
You must be signed in to change notification settings - Fork 4.6k
/
PfxFormatTests_SingleCert.cs
125 lines (109 loc) · 4.33 KB
/
PfxFormatTests_SingleCert.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
using Xunit;
namespace System.Security.Cryptography.X509Certificates.Tests
{
[SkipOnPlatform(TestPlatforms.Browser, "Browser doesn't support X.509 certificates")]
public sealed class PfxFormatTests_SingleCert : PfxFormatTests
{
protected override void ReadPfx(
byte[] pfxBytes,
string correctPassword,
X509Certificate2 expectedCert,
X509KeyStorageFlags nonExportFlags,
Action<X509Certificate2> otherWork)
{
X509KeyStorageFlags exportFlags = nonExportFlags | X509KeyStorageFlags.Exportable;
ReadPfx(pfxBytes, correctPassword, expectedCert, otherWork, nonExportFlags);
ReadPfx(pfxBytes, correctPassword, expectedCert, otherWork, exportFlags);
}
protected override void ReadMultiPfx(
byte[] pfxBytes,
string correctPassword,
X509Certificate2 expectedSingleCert,
X509Certificate2[] expectedOrder,
X509KeyStorageFlags nonExportFlags,
Action<X509Certificate2> perCertOtherWork)
{
X509KeyStorageFlags exportFlags = nonExportFlags | X509KeyStorageFlags.Exportable;
ReadPfx(pfxBytes, correctPassword, expectedSingleCert, perCertOtherWork, nonExportFlags);
ReadPfx(pfxBytes, correctPassword, expectedSingleCert, perCertOtherWork, exportFlags);
}
private void ReadPfx(
byte[] pfxBytes,
string correctPassword,
X509Certificate2 expectedCert,
Action<X509Certificate2> otherWork,
X509KeyStorageFlags flags)
{
using (X509Certificate2 cert = new X509Certificate2(pfxBytes, correctPassword, flags))
{
AssertCertEquals(expectedCert, cert);
otherWork?.Invoke(cert);
}
}
protected override void ReadEmptyPfx(byte[] pfxBytes, string correctPassword)
{
CryptographicException ex = Assert.Throws<CryptographicException>(
() => new X509Certificate2(pfxBytes, correctPassword, s_importFlags));
AssertMessageContains("no certificates", ex);
}
protected override void ReadWrongPassword(byte[] pfxBytes, string wrongPassword)
{
CryptographicException ex = Assert.ThrowsAny<CryptographicException>(
() => new X509Certificate2(pfxBytes, wrongPassword, s_importFlags));
AssertMessageContains("password", ex);
Assert.Equal(ErrorInvalidPasswordHResult, ex.HResult);
}
protected override void ReadUnreadablePfx(
byte[] pfxBytes,
string bestPassword,
X509KeyStorageFlags importFlags,
int win32Error,
int altWin32Error)
{
CryptographicException ex = Assert.ThrowsAny<CryptographicException>(
() => new X509Certificate2(pfxBytes, bestPassword, importFlags));
if (OperatingSystem.IsWindows())
{
if (altWin32Error != 0 && ex.HResult != altWin32Error)
{
Assert.Equal(win32Error, ex.HResult);
}
}
else
{
Assert.NotNull(ex.InnerException);
}
}
private static void CheckBadKeyset(X509Certificate2 cert)
{
CryptographicException ex = Assert.ThrowsAny<CryptographicException>(
() => cert.GetRSAPrivateKey());
// NTE_BAD_KEYSET
Assert.Equal(-2146893802, ex.HResult);
}
protected override void CheckMultiBoundKeyConsistency(X509Certificate2 cert)
{
if (PlatformDetection.IsWindows)
{
CheckBadKeyset(cert);
}
else
{
base.CheckMultiBoundKeyConsistency(cert);
}
}
protected override void CheckMultiBoundKeyConsistencyFails(X509Certificate2 cert)
{
if (PlatformDetection.IsWindows)
{
CheckBadKeyset(cert);
}
else
{
base.CheckMultiBoundKeyConsistencyFails(cert);
}
}
}
}