Skip to content

Commit

Permalink
Change empty subject test certificate to include a critical SAN.
Browse files Browse the repository at this point in the history 
This test was marked SkipOnPlatform for Android because the test would fail. However,
it turns out that Android does support empty subjects in certificates. If the subject
is empty, then the SubjectAltName extension must be marked critical. This is in accordance
with RFC 5280:

> If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical.

With a critical SAN extension, this test now passes on all platforms.
  • Loading branch information
@vcsjones
vcsjones authored Jan 25, 2025
1 parent 6c73c19 commit f91ff5e
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 47 deletions.
91 changes: 46 additions & 45 deletions src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/TestData.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2398,53 +2398,54 @@ internal struct ECDsaCngKeyValues
"-----END CERTIFICATE REQUEST-----";

internal static byte[] EmptySubjectCertificate = (
"308202A73082018FA003020102020103300D06092A864886F70D01010B050030" +
"1F311D301B06035504031314456D707479205375626A65637420497373756572" +
"301E170D3138303631353134343030365A170D3333303631353134323030365A" +
"300030820122300D06092A864886F70D01010105000382010F003082010A0282" +
"0101008BFA2727E0D93BEF2A992E912A829FF7A374992F2BD910291BF2BD747D" +
"5CCCF997276ABC2F1CACEAD3F964333F5FF9D7F116A0AC392E711866CCEB0E48" +
"80716367613E4ABD26FCB946E0A2C6AB84ABFD1EF377CD4F6C497D49D9B99CBE" +
"DA878CA4E962307DE110345D2B22CB95A2CC3E0AB94D505CF43FA3B0343B4957" +
"AF361E3604507732150254D77162909887509D5990499C039E5C3871326E09C2" +
"DE132786032B4CD9F460CE35DD0650BE77B0AD9963BC498773CAC858AD15000E" +
"A97793A906D5052A381AA2EE84BF2734833BF12DE932CF67A6D567E627898D96" +
"2FEA2B4F55DE992C205DD67B5B2A59CDD25C04070363D48C8ED854BE013C5D1E" +
"3E57FF0203010001A30D300B30090603551D1304023000300D06092A864886F7" +
"0D01010B0500038201010001BF6D51DA7C45965CB2B6B889E0B1875DFEFDBAC1" +
"558978A53E37BB796E10CBA9AFB698168F55DBD2EC4D26E9FABB7D40D55A2FCA" +
"57F7BBC8509D1B88EB753468F3B57A42718081F00430115A48035CE72CBF9294" +
"2837DF2C2FDC38CE213F2258C5E071A4E18ED70DFC281CD376E84ADC92922416" +
"43389C87098AFAD976F811AA95B48B69DAF7CB31C79953BBFD1C96839561CE12" +
"435F83CEA9F2CB9A94235B0B21FB0D591CDC41676FE927E41CC3A776FAF97146" +
"BF14B08041CB1A90AC7339E7BD1DAF9A600479754F42C88D418B5449F5D34050" +
"4E543013489C47297C83440C3EEF49C9A9D96E398949F03ACB0D5F72E7B4E9D3" +
"895D82CAB526DB74AC5629").HexToByteArray();
"308202D1308201B9A003020102020A258B80E19011363C8AE6300D06092A8648" +
"86F70D01010B0500301F311D301B06035504031314456D707479205375626A65" +
"637420497373756572301E170D3235303131393030303330375A170D34343031" +
"31393030303330375A300030820122300D06092A864886F70D01010105000382" +
"010F003082010A0282010100D9E161DE2C29CABD97ABC3E0D246C46A061E74E1" +
"D947DCC3D8E0B536185DF3206FCFE24F3CBA7AD351FEE031A3771D95DC6C53A0" +
"3E5D6EEE6A25E2AD9FE1BEA7AF95E6FB9E309B7E954780DC9EDA2EC6E765534F" +
"DCF8FAB09D8C00617E5FDE07A95FB855738513CA4386419D3C61F3BAD16EB92B" +
"9039D42377C12851B4CA8A7A3076A8F000F416EF3DAA69F2EB776BF63FA1FE93" +
"AA83806EC85AB0FF0F0A1EB5598AD904D3A9687C53E05FD21967053428D7A502" +
"18F47E00F770B8ED8C393D876F926BC2B1D1E46F54E48F60E0DB67E33755FA4C" +
"724B081D59128A6D014720654ADC0714D344788BF0DB5A8E2955C90F99326FEE" +
"ABDA354C6F923815F9C586590203010001A32E302C301F0603551D110101FF04" +
"15301382116D6963726F736F66742E6578616D706C6530090603551D13040230" +
"00300D06092A864886F70D01010B050003820101005ABEB15466AC8775278E18" +
"811D00F16FE1E4FDD7A3BFBED0D5578859F258018CD2D84657D1B1C71F8077A5" +
"C3DF29E907E737E8F2129644F98F0FBA47A1C2480DF4DE4767850841412036B0" +
"0AD2B21728DCAF463EBBA803CD0FB9A55F8579A895E339733561319767213EF0" +
"7265BED608FD22ECCDD207E970C0386F21E8A04354B5BD43F7D394C461B9A109" +
"0C8113D86CA437AEC5B1014A06D3A8EB57D2D214EF2E9FA864831803DCEEED8E" +
"01C60EA4E85F7983F55A2C0BED6B3A5BC37EC01584D67CFC53B2C6D54AE963D0" +
"4F99BB8CAB6E2C941BF7F0DAA3AD25AC9F16377295DF744B6281C53954137EC3" +
"1D4B90590E0E0E39CD7B2F574951C4178D9DC5D4C3").HexToByteArray();

internal static byte[] EmptySubjectIssuerCertificate = (
"308202D4308201BCA003020102020900F68AD256DB542CF9300D06092A864886" +
"F70D01010B0500301F311D301B06035504031314456D707479205375626A6563" +
"7420497373756572301E170D3137303631353134343030365A170D3333303631" +
"353134343030365A301F311D301B06035504031314456D707479205375626A65" +
"63742049737375657230820122300D06092A864886F70D01010105000382010F" +
"003082010A0282010100A67F5898CCA5FC235EEB2FF14BF0BF490BB507C4D552" +
"76E0D86CAA72BFDBDE7E7F38EC3184B18D32AEA7F5A1EEF0D2D24B7B8ED340F5" +
"00703D3758B7E3824848CD9A4CDF15F73EBB1D4A02ED8182673138822C148463" +
"B6126D14BE03C9A4DF62D35109BF7A8CDDFF6AE5A55C75496C13376C9B0096A0" +
"5F398703FFBB6B69F7EA79B1F1F955F07CEBDAF3FB87D6E6F9C33678C49EC5E5" +
"7EF10AEB14E009C83DC3DD3A2707F36D1A8723849DCD020CFBB0D38972B15F12" +
"53209E015915A2275ADFB0164DB5A6C79BA53EA5782B001D92764D21694E5992" +
"33B4D2C7FE260F925194C372EE473812B4F82381B4027E1F7F52E72A6ECC5BEE" +
"656FE161E7681A06A9BF0203010001A3133011300F0603551D130101FF040530" +
"030101FF300D06092A864886F70D01010B050003820101008D239025B8266EFF" +
"AEB1B76EA159ED7BF6A6F2E5A23266DF07767DEDF26B43983EC8717AC2E6B99E" +
"A21625D787D39BF94110D5A9B37CF0E6FB3062090D280B889A0E8DA5952E46D5" +
"107F9BE829119282ADD53414CE0BA47C1E04D82BCC50118BB9CB3905E22FADD5" +
"1905F23373D7F5E9E32C5C7D27B68CD15D1E079153B66B3DBE148D4DF2BF8EA1" +
"8E68D838BE1C86E68E4CAF09A90F7428A4A50922BCB01010A1B585227930CEE0" +
"027D561804C2F023AEBAA63F312F49A37B74BED2DB8B6D8AA1A6E60320589EB5" +
"B14EB93CC47DAF7F07D67C25FD275493C0AF0CC23E8AED47963DCCE7C2ADFD56" +
"5B8A77118C2978E15D1511572C4496CD1180094D43AE50FD").HexToByteArray();
"308202D3308201BBA00302010202083875DCB8D7B865B5300D06092A864886F7" +
"0D01010B0500301F311D301B06035504031314456D707479205375626A656374" +
"20497373756572301E170D3235303131383030303330375A170D343530313139" +
"3030303330375A301F311D301B06035504031314456D707479205375626A6563" +
"742049737375657230820122300D06092A864886F70D01010105000382010F00" +
"3082010A0282010100DC1542882EF660F49EFCB483151A9D9AC1E7801A3BA4A2" +
"176427F0F6A59137687C096CB59B2D9398A1E3FC3AE11D0301D343D3206B8EF2" +
"F558025889B84BAAA7337750C5E878E278132A53AD8DCBA3061D241B44008772" +
"4BED8E6875BD509EB6C2D920F2E74529609F02E1639FF6839E5E18D5F4A7BB6C" +
"021848274EBB4E1207A5C18873EB9A171FFAD2A0F5CC3B82E60B1CF06F7C482C" +
"3555CC45D011245C242D33FD989953383F6F7E9D5B6246DAE7D241C0575E7872" +
"06329A58151E97232C510E5609745D84EB3768A82C350CAB0230C522963B93E0" +
"5025FBC4B0865705310F35A8BA589D8D3B794765BD0F4D34BE9A057AA7CEF98F" +
"46125C50A4856766D90203010001A3133011300F0603551D130101FF04053003" +
"0101FF300D06092A864886F70D01010B0500038201010042940334A754ACA256" +
"C27BD14FD05FEC3730DC6633C5DF5DAD7323CD8FB9C01473DF129A7D4F03751B" +
"2A9B53C8E954770090BD5153991A43DAD8ED9602AB93DFEFFF4D651354775CE8" +
"2A105B5653EB6F2A6E369BC1D98361699F6CD2AB0418C6E57C18647895D77F3F" +
"402909F85085037F13C6BEF847A4218B4F8FBC8823BFA9C4491CA3F510423A8C" +
"BF192CAEE3C190C15D367067F91E235835A502C9219499A443833E40AC660DC6" +
"268CB44411AA2482CB11087BD4DBED936FB564367FB85903BDE2B778CE64D976" +
"28C17EA2B73F84C6D7D6BBF387F4484DCE45ECEE3495530103F37AE656DC0602" +
"22DCE1EB7F2DC5E0B1DF67B62FBA8C705A3D4838662E8D").HexToByteArray();

internal static byte[] T61StringCertificate = (
"2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494943" +
Expand Down
3 changes: 1 addition & 2 deletions src/libraries/System.Security.Cryptography/tests/X509Certificates/ChainTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -932,8 +932,7 @@ public static void ChainErrorsAtMultipleLayers()
}

[Fact]
[SkipOnPlatform(TestPlatforms.Android, "Chain building on Android fails with an empty subject")]
public static void ChainWithEmptySubject()
public static void ChainWithEmptySubjectAndCritialSan()
{
using (var cert = new X509Certificate2(TestData.EmptySubjectCertificate))
using (var issuer = new X509Certificate2(TestData.EmptySubjectIssuerCertificate))
Expand Down

0 comments on commit f91ff5e

Please sign in to comment.