internal override ValidationResult OnRemoteCertificateValidation2( Mono.Security.X509.X509CertificateCollection collection) { CertificateValidationCallback2 clientCertValidation2 = this._ClientCertValidation2; return(clientCertValidation2 != null?clientCertValidation2(collection) : (ValidationResult)null); }
internal override ValidationResult OnRemoteCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection) { CertificateValidationCallback2 cb = ServerCertValidation2; if (cb != null) { return(cb(collection)); } return(null); }
protected override void ProcessAsTls1() { this.certificates = new Mono.Security.X509.X509CertificateCollection(); int num1 = 0; int num2 = this.ReadInt24(); while (num1 < num2) { int count = this.ReadInt24(); num1 += 3; if (count > 0) { this.certificates.Add(new Mono.Security.X509.X509Certificate(this.ReadBytes(count))); num1 += count; } } this.validateCertificates(this.certificates); }
protected override void ProcessAsTls1() { int num1 = 0; int num2 = this.ReadInt24(); this.clientCertificates = new Mono.Security.X509.X509CertificateCollection(); while (num2 > num1) { int count = this.ReadInt24(); num1 += count + 3; this.clientCertificates.Add(new Mono.Security.X509.X509Certificate(this.ReadBytes(count))); } if (this.clientCertificates.Count > 0) { this.validateCertificates(this.clientCertificates); } else if ((this.Context as ServerContext).ClientCertificateRequired) { throw new TlsException(AlertDescription.NoCertificate); } }
internal virtual ValidationResult RaiseServerCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection) { return(base.RaiseRemoteCertificateValidation2(collection)); }
static int Main( string[] args ) { if (args.Length == 0) { Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile"); return 0; } OTFile f = new OTFile(); Table_DSIG tDSIG = null; string filename = null; verbose = 0; for ( int i = 0; i < args.Length; i++ ) { if ( "-v" == args[i] ) verbose++; else filename = args[i]; } if ( !f.open(filename) ) { Console.WriteLine("Error: Cannot open {0} as font file", filename); return 0; } TTCHeader ttc = null; if ( f.IsCollection() ) { ttc = f.GetTTCHeader(); if ( f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG" ) { MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength); tDSIG = (Table_DSIG) f.GetTableManager().CreateTableObject(ttc.DsigTag, buf); } for (uint i = 0; i < f.GetNumFonts() ; i++) { OTFont fn = f.GetFont(i); Table_DSIG memDSIG = (Table_DSIG) fn.GetTable("DSIG"); if (memDSIG != null) { Console.WriteLine("Warning: DSIG in member font"); break; } } } else { OTFont fn = f.GetFont(0); tDSIG = (Table_DSIG) fn.GetTable("DSIG"); } Console.WriteLine("{0} DSIG table: {1}", filename, ( tDSIG == null ) ? "Absent" : "Present" ); if (tDSIG == null) return 0; if ( f.IsCollection() && ttc.version != 0x00020000 ) Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8")); if ( tDSIG.usNumSigs != 1 ) Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs); for ( uint v = 0; v < tDSIG.usNumSigs ; v++ ) { Table_DSIG.SignatureBlock sgb; try { sgb = tDSIG.GetSignatureBlock(v); } catch (IndexOutOfRangeException) { Console.WriteLine("Error: Out of Range SignatureBlock {0}", v); break; } SignedCms cms = new SignedCms(); cms.Decode(sgb.bSignature); if ( cms.SignerInfos.Count > 1 ) Console.WriteLine( "#SignerInfos: {0}", cms.SignerInfos.Count ); foreach ( var si in cms.SignerInfos ) { Console.WriteLine(si.Certificate); if ( Type.GetType("Mono.Runtime") == null ) foreach ( var ua in si.UnsignedAttributes ) { foreach ( var asnd in ua.Values ) { try { ASN1 vv = new ASN1(asnd.RawData); ASN1 t = new ASN1(vv[3][1][1].Value); Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime (t) ); } catch (Exception e) {/* Nothing to do */ } } } } Console.WriteLine( "#Certificates: {0}", cms.Certificates.Count ); #if HAVE_MONO_X509 certs = new Mono.Security.X509.X509CertificateCollection (); //Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain (); #endif foreach ( var x509 in cms.Certificates ) { #if HAVE_MONO_X509 certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData)); #endif if ( verbose > 0 ) { Console.WriteLine(x509); } else { Console.WriteLine(x509.Subject); } }; #if HAVE_MONO_X509 Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData); Mono.Security.X509.X509Certificate parent = x; while (x != null) { // Self-signed is fine - the font bundled CA is self-signed. parent = x; // last valid x = FindCertificateParent (x); if (x != null && x.Equals(parent)) break; } #endif ASN1 spc = new ASN1(cms.ContentInfo.Content); ASN1 playload_oid = null; ASN1 oid = null; ASN1 digest = null; ASN1 obsolete = null; if ( Type.GetType("Mono.Runtime") == null ) { // DotNet is much saner! playload_oid = spc[0][0]; obsolete = spc[0][1][0]; oid = spc[1][0][0]; digest = spc[1][1]; } else { playload_oid = spc[0]; obsolete = spc[1][0]; oid = spc[2][0][0]; digest = spc[2][1]; } string algo = ASN1Convert.ToOid (oid); string algoname = (new Oid(algo)).FriendlyName; Console.WriteLine("Digest Algorithm: {0}", algoname); byte[] Value = digest.Value; StringBuilder hexLine_sig = new StringBuilder (); for (int i = 0; i < Value.Length; i++) { hexLine_sig.AppendFormat ("{0} ", Value [i].ToString ("X2")); } hexLine_sig.AppendFormat (Environment.NewLine); switch ( algoname ) { case "md5": hash = HashAlgorithm.Create ("MD5"); break; case "sha1": hash = HashAlgorithm.Create ("SHA1"); break; default: throw new NotImplementedException("Unknown HashAlgorithm: " + algoname ); } byte[] cdigest; if ( f.IsCollection() ) { cdigest = get_TTC_digest( f ); } else { cdigest = get_TTF_digest( f ); } StringBuilder hexLine = new StringBuilder (); for (int i = 0; i < cdigest.Length; i++) { hexLine.AppendFormat ("{0} ", cdigest [i].ToString ("X2")); } hexLine.AppendFormat (Environment.NewLine); Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig); Console.WriteLine("Calculated Digest:\t{0}", hexLine); string root_thumb = ""; #if HAVE_MONO_X509 root_thumb = (new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint; Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName); Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned); #endif Console.WriteLine("ChainEnd: {0}", root_thumb); bool trusted = false; try { string root_id = trusted_roots[root_thumb]; Console.WriteLine("RootID: {0}", root_id); trusted = true; } catch (KeyNotFoundException) {} Console.WriteLine("Trusted: {0}", trusted); } return 0; }
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates) { ClientContext context = (ClientContext)this.Context; AlertDescription description1 = AlertDescription.BadCertificate; if (context.SslStream.HaveRemoteValidation2Callback) { ValidationResult validationResult = context.SslStream.RaiseServerCertificateValidation2(certificates); if (!validationResult.Trusted) { long errorCode = (long)validationResult.ErrorCode; AlertDescription description2; switch (errorCode) { case 2148204801: description2 = AlertDescription.CertificateExpired; break; case 2148204809: description2 = AlertDescription.UnknownCA; break; case 2148204810: description2 = AlertDescription.UnknownCA; break; default: description2 = AlertDescription.CertificateUnknown; break; } string str = string.Format("0x{0:x}", (object)errorCode); throw new TlsException(description2, "Invalid certificate received from server. Error code: " + str); } } else { Mono.Security.X509.X509Certificate certificate1 = certificates[0]; System.Security.Cryptography.X509Certificates.X509Certificate certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate1.RawData); ArrayList arrayList = new ArrayList(); if (!this.checkCertificateUsage(certificate1)) { arrayList.Add((object)-2146762490); } if (!this.checkServerIdentity(certificate1)) { arrayList.Add((object)-2146762481); } Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates); chain.Remove(certificate1); Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(chain); bool flag; try { flag = x509Chain.Build(certificate1); } catch (Exception) { flag = false; } if (!flag) { switch (x509Chain.Status) { case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid: description1 = AlertDescription.CertificateExpired; arrayList.Add((object)-2146762495); break; case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested: arrayList.Add((object)-2146762494); break; case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid: arrayList.Add((object)-2146869232); break; case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot: description1 = AlertDescription.UnknownCA; arrayList.Add((object)-2146762487); break; case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints: arrayList.Add((object)-2146869223); break; case Mono.Security.X509.X509ChainStatusFlags.PartialChain: description1 = AlertDescription.UnknownCA; arrayList.Add((object)-2146762486); break; default: description1 = AlertDescription.CertificateUnknown; arrayList.Add((object)(int)x509Chain.Status); break; } } int[] array = (int[])arrayList.ToArray(typeof(int)); if (!context.SslStream.RaiseServerCertificateValidation(certificate2, array)) { throw new TlsException(description1, "Invalid certificate received from server."); } } }
private static void VerifyOSX(Mono.Security.X509.X509CertificateCollection certificates) { }
public void AddRange(Mono.Security.X509.X509CertificateCollection value) { }
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates) { ServerContext context = (ServerContext)this.Context; AlertDescription description = AlertDescription.BadCertificate; System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null; int[] certificateErrors; if (certificates.Count > 0) { Mono.Security.X509.X509Certificate certificate2 = certificates[0]; ArrayList arrayList = new ArrayList(); if (!this.checkCertificateUsage(certificate2)) { arrayList.Add((object)-2146762490); } Mono.Security.X509.X509Chain x509Chain; if (certificates.Count > 1) { Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates); chain.Remove(certificate2); x509Chain = new Mono.Security.X509.X509Chain(chain); } else { x509Chain = new Mono.Security.X509.X509Chain(); } bool flag; try { flag = x509Chain.Build(certificate2); } catch (Exception) { flag = false; } if (!flag) { switch (x509Chain.Status) { case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid: description = AlertDescription.CertificateExpired; arrayList.Add((object)-2146762495); break; case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested: arrayList.Add((object)-2146762494); break; case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid: arrayList.Add((object)-2146869232); break; case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot: description = AlertDescription.UnknownCA; arrayList.Add((object)-2146762487); break; case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints: arrayList.Add((object)-2146869223); break; case Mono.Security.X509.X509ChainStatusFlags.PartialChain: description = AlertDescription.UnknownCA; arrayList.Add((object)-2146762486); break; default: description = AlertDescription.CertificateUnknown; arrayList.Add((object)(int)x509Chain.Status); break; } } certificate1 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData); certificateErrors = (int[])arrayList.ToArray(typeof(int)); } else { certificateErrors = new int[0]; } System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection(); foreach (Mono.Security.X509.X509Certificate certificate2 in certificates) { certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData)); } if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors)) { throw new TlsException(description, "Invalid certificate received from client."); } this.Context.ClientSettings.ClientCertificate = certificate1; }
static int Main(string[] args) { if (args.Length == 0) { Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile"); return(0); } OTFile f = new OTFile(); Table_DSIG tDSIG = null; string filename = null; verbose = 0; for (int i = 0; i < args.Length; i++) { if ("-v" == args[i]) { verbose++; } else { filename = args[i]; } } if (!f.open(filename)) { Console.WriteLine("Error: Cannot open {0} as font file", filename); return(0); } TTCHeader ttc = null; if (f.IsCollection()) { ttc = f.GetTTCHeader(); if (f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG") { MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength); tDSIG = (Table_DSIG)f.GetTableManager().CreateTableObject(ttc.DsigTag, buf); } for (uint i = 0; i < f.GetNumFonts(); i++) { OTFont fn = f.GetFont(i); Table_DSIG memDSIG = (Table_DSIG)fn.GetTable("DSIG"); if (memDSIG != null) { Console.WriteLine("Warning: DSIG in member font"); break; } } } else { OTFont fn = f.GetFont(0); tDSIG = (Table_DSIG)fn.GetTable("DSIG"); } Console.WriteLine("{0} DSIG table: {1}", filename, (tDSIG == null) ? "Absent" : "Present"); if (tDSIG == null) { return(0); } if (f.IsCollection() && ttc.version != 0x00020000) { Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8")); } if (tDSIG.usNumSigs != 1) { Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs); } for (uint v = 0; v < tDSIG.usNumSigs; v++) { Table_DSIG.SignatureBlock sgb; try { sgb = tDSIG.GetSignatureBlock(v); } catch (IndexOutOfRangeException) { Console.WriteLine("Error: Out of Range SignatureBlock {0}", v); break; } SignedCms cms = new SignedCms(); try { cms.Decode(sgb.bSignature); } catch (Exception e) { if (e is NullReferenceException || /* Mono */ e is CryptographicException /* .Net2 */) { Console.WriteLine("Error: Malformed Signature"); break; } Console.WriteLine("Error: Malformed Signature (Unexpected Case 1)"); throw; } if (cms.SignerInfos.Count > 1) { Console.WriteLine("#SignerInfos: {0}", cms.SignerInfos.Count); } foreach (var si in cms.SignerInfos) { Console.WriteLine(si.Certificate); if (Type.GetType("Mono.Runtime") == null) { foreach (var ua in si.UnsignedAttributes) { foreach (var asnd in ua.Values) { try { ASN1 vv = new ASN1(asnd.RawData); ASN1 t = new ASN1(vv[3][1][1].Value); Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime(t)); } catch (Exception) { /* Nothing to do */ } } } } } Console.WriteLine("#Certificates: {0}", cms.Certificates.Count); #if HAVE_MONO_X509 certs = new Mono.Security.X509.X509CertificateCollection(); //Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain (); #endif foreach (var x509 in cms.Certificates) { #if HAVE_MONO_X509 certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData)); #endif if (verbose > 0) { Console.WriteLine(x509); } else { Console.WriteLine(x509.Subject); } } ; #if HAVE_MONO_X509 Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData); Mono.Security.X509.X509Certificate parent = x; while (x != null) // Self-signed is fine - the font bundled CA is self-signed. { parent = x; // last valid x = FindCertificateParent(x); if (x != null && x.Equals(parent)) { break; } } #endif // Windows 10/.net 4.6.x throws here ASN1 spc; try { spc = new ASN1(cms.ContentInfo.Content); } catch (Exception e) { if (e is IndexOutOfRangeException) { Console.WriteLine("Error: Malformed Signature (Win10/.net 4.6.x)"); break; } Console.WriteLine("Error: Malformed Signature (Unexpected Case 2)"); throw; } ASN1 playload_oid = null; ASN1 oid = null; ASN1 digest = null; ASN1 obsolete = null; if (Type.GetType("Mono.Runtime") == null) { // DotNet is much saner! playload_oid = spc[0][0]; obsolete = spc[0][1][0]; oid = spc[1][0][0]; digest = spc[1][1]; } else { playload_oid = spc[0]; obsolete = spc[1][0]; oid = spc[2][0][0]; digest = spc[2][1]; } string algo = ASN1Convert.ToOid(oid); string algoname = (new Oid(algo)).FriendlyName; Console.WriteLine("Digest Algorithm: {0}", algoname); byte[] Value = digest.Value; StringBuilder hexLine_sig = new StringBuilder(); for (int i = 0; i < Value.Length; i++) { hexLine_sig.AppendFormat("{0} ", Value [i].ToString("X2")); } hexLine_sig.AppendFormat(Environment.NewLine); switch (algoname) { case "md5": hash = HashAlgorithm.Create("MD5"); break; case "sha1": hash = HashAlgorithm.Create("SHA1"); break; default: throw new NotImplementedException("Unknown HashAlgorithm: " + algoname); } byte[] cdigest; if (f.IsCollection()) { cdigest = get_TTC_digest(f); } else { cdigest = get_TTF_digest(f); } StringBuilder hexLine = new StringBuilder(); for (int i = 0; i < cdigest.Length; i++) { hexLine.AppendFormat("{0} ", cdigest [i].ToString("X2")); } hexLine.AppendFormat(Environment.NewLine); Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig); Console.WriteLine("Calculated Digest:\t{0}", hexLine); string root_thumb = ""; #if HAVE_MONO_X509 root_thumb = (new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint; Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName); Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned); #endif Console.WriteLine("ChainEnd: {0}", root_thumb); bool trusted = false; try { string root_id = trusted_roots[root_thumb]; Console.WriteLine("RootID: {0}", root_id); trusted = true; } catch (KeyNotFoundException) {} Console.WriteLine("Trusted: {0}", trusted); } return(0); }
//ctor: public X509Chain(Mono.Security.X509.X509CertificateCollection chain) { }
public void LoadCertificates(Mono.Security.X509.X509CertificateCollection collection) { }
public Void Mono.Security.X509.X509CertificateCollection::.ctor(Mono.Security.X509.X509CertificateCollection) Collections.IEnumerator Mono.Security.X509.X509CertificateCollection::System.Collections.IEnumerable.GetEnumerator()
internal abstract ValidationResult OnRemoteCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection);
internal ValidationResult RaiseRemoteCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection) { return(OnRemoteCertificateValidation2(collection)); }
//ctor: public X509CertificateCollection(Mono.Security.X509.X509CertificateCollection value) { }