Added WindowsSecureMimeDigitalCertificate.DnsNames property

jstedfast · jstedfast · commit 5846a22e8039 · 2024-12-09T10:31:02.000-05:00
Also added more unit tests.
diff --git a/MimeKit/Cryptography/SecureMimeDigitalCertificate.cs b/MimeKit/Cryptography/SecureMimeDigitalCertificate.cs
@@ -69,7 +69,7 @@ public X509Certificate Certificate {
 		}
 
 //		/// <summary>
-//		/// Gets the chain status.
+//		/// Get the chain status.
 //		/// </summary>
 //		/// <value>The chain status.</value>
 //		public X509ChainStatusFlags ChainStatus {
@@ -79,7 +79,7 @@ public X509Certificate Certificate {
 		#region IDigitalCertificate implementation
 
 		/// <summary>
-		/// Gets the public key algorithm supported by the certificate.
+		/// Get the public key algorithm supported by the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the public key algorithm supported by the certificate.
@@ -90,7 +90,7 @@ public PublicKeyAlgorithm PublicKeyAlgorithm {
 		}
 
 		/// <summary>
-		/// Gets the date that the certificate was created.
+		/// Get the date that the certificate was created.
 		/// </summary>
 		/// <remarks>
 		/// Gets the date that the certificate was created.
@@ -101,7 +101,7 @@ public DateTime CreationDate {
 		}
 
 		/// <summary>
-		/// Gets the expiration date of the certificate.
+		/// Get the expiration date of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the expiration date of the certificate.
@@ -112,7 +112,7 @@ public DateTime ExpirationDate {
 		}
 
 		/// <summary>
-		/// Gets the fingerprint of the certificate.
+		/// Get the fingerprint of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the fingerprint of the certificate.
@@ -123,7 +123,7 @@ public string Fingerprint {
 		}
 
 		/// <summary>
-		/// Gets the email address of the owner of the certificate.
+		/// Get the email address of the owner of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the email address of the owner of the certificate.
@@ -134,7 +134,7 @@ public string Email {
 		}
 
 		/// <summary>
-		/// Gets the DNS names of the owner of the certificate.
+		/// Get the DNS names of the owner of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the DNS names of the owner of the certificate.
@@ -145,7 +145,7 @@ public string[] DnsNames {
 		}
 
 		/// <summary>
-		/// Gets the name of the owner of the certificate.
+		/// Get the name of the owner of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the name of the owner of the certificate.
diff --git a/MimeKit/Cryptography/WindowsSecureMimeDigitalCertificate.cs b/MimeKit/Cryptography/WindowsSecureMimeDigitalCertificate.cs
@@ -78,7 +78,7 @@ public X509Certificate2 Certificate {
 		#region IDigitalCertificate implementation
 
 		/// <summary>
-		/// Gets the public key algorithm supported by the certificate.
+		/// Get the public key algorithm supported by the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the public key algorithm supported by the certificate.
@@ -89,7 +89,7 @@ public PublicKeyAlgorithm PublicKeyAlgorithm {
 		}
 
 		/// <summary>
-		/// Gets the date that the certificate was created.
+		/// Get the date that the certificate was created.
 		/// </summary>
 		/// <remarks>
 		/// Gets the date that the certificate was created.
@@ -100,7 +100,7 @@ public DateTime CreationDate {
 		}
 
 		/// <summary>
-		/// Gets the expiration date of the certificate.
+		/// Get the expiration date of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the expiration date of the certificate.
@@ -111,7 +111,7 @@ public DateTime ExpirationDate {
 		}
 
 		/// <summary>
-		/// Gets the fingerprint of the certificate.
+		/// Get the fingerprint of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the fingerprint of the certificate.
@@ -122,7 +122,7 @@ public string Fingerprint {
 		}
 
 		/// <summary>
-		/// Gets the email address of the owner of the certificate.
+		/// Get the email address of the owner of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the email address of the owner of the certificate.
@@ -133,7 +133,18 @@ public string Email {
 		}
 
 		/// <summary>
-		/// Gets the name of the owner of the certificate.
+		/// Get the DNS names of the owner of the certificate.
+		/// </summary>
+		/// <remarks>
+		/// Gets the DNS names of the owner of the certificate.
+		/// </remarks>
+		/// <value>The DNS name.</value>
+		public string[] DnsNames {
+			get { return Certificate.GetSubjectDnsNames (true); }
+		}
+
+		/// <summary>
+		/// Get the name of the owner of the certificate.
 		/// </summary>
 		/// <remarks>
 		/// Gets the name of the owner of the certificate.
diff --git a/UnitTests/Cryptography/ApplicationPkcs7MimeTests.cs b/UnitTests/Cryptography/ApplicationPkcs7MimeTests.cs
@@ -24,6 +24,7 @@
 // THE SOFTWARE.
 //
 
+using System.Text;
 using System.Security.Cryptography.X509Certificates;
 
 using Org.BouncyCastle.X509;
@@ -532,6 +533,33 @@ public async Task TestEncryptDnsNamesAsync ()
 			}
 		}
 
+		static string EncodeDnsNames (string[] dnsNames)
+		{
+			if (dnsNames == null || dnsNames.Length == 0)
+				return string.Empty;
+
+			var builder = new StringBuilder ();
+
+			foreach (var name in dnsNames) {
+				if (builder.Length > 0)
+					builder.Append (", ");
+				builder.Append (name);
+			}
+
+			return builder.ToString ();
+		}
+
+		static string GetDnsNames (IDigitalCertificate certificate)
+		{
+			if (certificate is SecureMimeDigitalCertificate smime)
+				return EncodeDnsNames (smime.DnsNames);
+
+			if (certificate is WindowsSecureMimeDigitalCertificate windows)
+				return EncodeDnsNames (windows.DnsNames);
+
+			return string.Empty;
+		}
+
 		void AssertSignResults (SMimeCertificate certificate, SecureMimeContext ctx, ApplicationPkcs7Mime signed, TextPart entity)
 		{
 			var signatures = signed.Verify (ctx, out var encapsulated);
@@ -545,6 +573,7 @@ void AssertSignResults (SMimeCertificate certificate, SecureMimeContext ctx, App
 
 			Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 			Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+			Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 			Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 			Assert.That (signature.SignerCertificate.CreationDate, Is.EqualTo (certificate.CreationDate), "CreationDate");
 			Assert.That (signature.SignerCertificate.ExpirationDate, Is.EqualTo (certificate.ExpirationDate), "ExpirationDate");
@@ -700,6 +729,7 @@ void AssertSignAndEncryptResults (SMimeCertificate certificate, SecureMimeContex
 
 			Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 			Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+			Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 			Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 			Assert.That (signature.SignerCertificate.CreationDate, Is.EqualTo (certificate.CreationDate), "CreationDate");
 			Assert.That (signature.SignerCertificate.ExpirationDate, Is.EqualTo (certificate.ExpirationDate), "ExpirationDate");
@@ -749,6 +779,7 @@ async Task AssertSignAndEncryptResultsAsync (SMimeCertificate certificate, Secur
 
 			Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 			Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+			Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 			Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 			Assert.That (signature.SignerCertificate.CreationDate, Is.EqualTo (certificate.CreationDate), "CreationDate");
 			Assert.That (signature.SignerCertificate.ExpirationDate, Is.EqualTo (certificate.ExpirationDate), "ExpirationDate");
diff --git a/UnitTests/Cryptography/CertificateExtensionTests.cs b/UnitTests/Cryptography/CertificateExtensionTests.cs
@@ -47,14 +47,17 @@ public void TestArgumentExceptions ()
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetCommonName (null));
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetSubjectName (null));
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetSubjectEmailAddress (null));
+			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetSubjectDnsNames (null));
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetFingerprint (null));
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetKeyUsageFlags ((X509Certificate) null));
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetEncryptionAlgorithms (null));
 			Assert.Throws<ArgumentNullException> (() => BouncyCastleCertificateExtensions.GetPublicKeyAlgorithm (null));
 
+			Assert.Throws<ArgumentNullException> (() => X509Certificate2Extensions.GetPrivateKeyAsAsymmetricKeyParameter (null));
 			Assert.Throws<ArgumentNullException> (() => X509Certificate2Extensions.AsBouncyCastleCertificate (null));
 			Assert.Throws<ArgumentNullException> (() => X509Certificate2Extensions.GetEncryptionAlgorithms (null));
 			Assert.Throws<ArgumentNullException> (() => X509Certificate2Extensions.GetPublicKeyAlgorithm (null));
+			Assert.Throws<ArgumentNullException> (() => X509Certificate2Extensions.GetSubjectDnsNames (null));
 		}
 
 		static X509KeyUsageFlags GetX509Certificate2KeyUsageFlags (X509Certificate2 certificate)
diff --git a/UnitTests/Cryptography/SecureMimeTests.cs b/UnitTests/Cryptography/SecureMimeTests.cs
@@ -24,6 +24,7 @@
 // THE SOFTWARE.
 //
 
+using System.Text;
 using System.Security.Cryptography.X509Certificates;
 
 using Org.BouncyCastle.Pkcs;
@@ -639,6 +640,33 @@ protected virtual EncryptionAlgorithm[] GetEncryptionAlgorithms (IDigitalSignatu
 			return ((SecureMimeDigitalSignature) signature).EncryptionAlgorithms;
 		}
 
+		static string EncodeDnsNames (string[] dnsNames)
+		{
+			if (dnsNames == null || dnsNames.Length == 0)
+				return string.Empty;
+
+			var builder = new StringBuilder ();
+
+			foreach (var name in dnsNames) {
+				if (builder.Length > 0)
+					builder.Append (", ");
+				builder.Append (name);
+			}
+
+			return builder.ToString ();
+		}
+
+		static string GetDnsNames (IDigitalCertificate certificate)
+		{
+			if (certificate is SecureMimeDigitalCertificate smime)
+				return EncodeDnsNames (smime.DnsNames);
+
+			if (certificate is WindowsSecureMimeDigitalCertificate windows)
+				return EncodeDnsNames (windows.DnsNames);
+
+			return string.Empty;
+		}
+
 		[Test]
 		public virtual void TestSecureMimeEncapsulatedSigning ()
 		{
@@ -667,6 +695,7 @@ public virtual void TestSecureMimeEncapsulatedSigning ()
 
 				Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 				Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+				Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 				Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 				Assert.That (signature.SignerCertificate.CreationDate, Is.EqualTo (certificate.CreationDate), "CreationDate");
 				Assert.That (signature.SignerCertificate.ExpirationDate, Is.EqualTo (certificate.ExpirationDate), "ExpirationDate");
@@ -726,6 +755,7 @@ public virtual async Task TestSecureMimeEncapsulatedSigningAsync ()
 
 				Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 				Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+				Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 				Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 				Assert.That (signature.SignerCertificate.CreationDate, Is.EqualTo (certificate.CreationDate), "CreationDate");
 				Assert.That (signature.SignerCertificate.ExpirationDate, Is.EqualTo (certificate.ExpirationDate), "ExpirationDate");
@@ -1073,6 +1103,7 @@ public virtual void TestSecureMimeSigningWithCmsSigner ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -1127,6 +1158,7 @@ public virtual async Task TestSecureMimeSigningWithCmsSignerAsync ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -1181,6 +1213,7 @@ public virtual void TestSecureMimeSigningWithContextAndCmsSigner ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -1252,6 +1285,7 @@ public virtual async Task TestSecureMimeSigningWithContextAndCmsSignerAsync ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo ("MimeKit UnitTests"));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (certificate.EmailAddress));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -1451,6 +1485,7 @@ public virtual void TestSecureMimeMessageSigning ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo (self.Name));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (self.Address));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -1532,6 +1567,7 @@ public virtual async Task TestSecureMimeMessageSigningAsync ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo (self.Name));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (self.Address));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (certificate.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -2284,6 +2320,7 @@ public virtual void TestSecureMimeSignAndEncrypt ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo (self.Name));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (self.Address));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (self.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
@@ -2374,6 +2411,7 @@ public virtual async Task TestSecureMimeSignAndEncryptAsync ()
 					if (ctx is not WindowsSecureMimeContext || Environment.OSVersion.Platform == PlatformID.Win32NT)
 						Assert.That (signature.SignerCertificate.Name, Is.EqualTo (self.Name));
 					Assert.That (signature.SignerCertificate.Email, Is.EqualTo (self.Address));
+					Assert.That (GetDnsNames (signature.SignerCertificate), Is.EqualTo (EncodeDnsNames (certificate.DnsNames)));
 					Assert.That (signature.SignerCertificate.Fingerprint.ToLowerInvariant (), Is.EqualTo (self.Fingerprint));
 
 					var algorithms = GetEncryptionAlgorithms (signature);
