internal override ValidationResult OnRemoteCertificateValidation2(
Mono.Security.X509.X509CertificateCollection collection)
{
CertificateValidationCallback2 clientCertValidation2 = this._ClientCertValidation2;
return(clientCertValidation2 != null?clientCertValidation2(collection) : (ValidationResult)null);
}
internal override ValidationResult OnRemoteCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection)
{
CertificateValidationCallback2 cb = ServerCertValidation2;
if (cb != null)
{
return(cb(collection));
}
return(null);
}
protected override void ProcessAsTls1()
{
this.certificates = new Mono.Security.X509.X509CertificateCollection();
int num1 = 0;
int num2 = this.ReadInt24();
while (num1 < num2)
{
int count = this.ReadInt24();
num1 += 3;
if (count > 0)
{
this.certificates.Add(new Mono.Security.X509.X509Certificate(this.ReadBytes(count)));
num1 += count;
}
}
this.validateCertificates(this.certificates);
}
protected override void ProcessAsTls1()
{
int num1 = 0;
int num2 = this.ReadInt24();
this.clientCertificates = new Mono.Security.X509.X509CertificateCollection();
while (num2 > num1)
{
int count = this.ReadInt24();
num1 += count + 3;
this.clientCertificates.Add(new Mono.Security.X509.X509Certificate(this.ReadBytes(count)));
}
if (this.clientCertificates.Count > 0)
{
this.validateCertificates(this.clientCertificates);
}
else if ((this.Context as ServerContext).ClientCertificateRequired)
{
throw new TlsException(AlertDescription.NoCertificate);
}
}
internal virtual ValidationResult RaiseServerCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection)
{
return(base.RaiseRemoteCertificateValidation2(collection));
}
static int Main( string[] args )
{
if (args.Length == 0) {
Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile");
return 0;
}
OTFile f = new OTFile();
Table_DSIG tDSIG = null;
string filename = null;
verbose = 0;
for ( int i = 0; i < args.Length; i++ ) {
if ( "-v" == args[i] )
verbose++;
else
filename = args[i];
}
if ( !f.open(filename) )
{
Console.WriteLine("Error: Cannot open {0} as font file", filename);
return 0;
}
TTCHeader ttc = null;
if ( f.IsCollection() )
{
ttc = f.GetTTCHeader();
if ( f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG" )
{
MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength);
tDSIG = (Table_DSIG) f.GetTableManager().CreateTableObject(ttc.DsigTag, buf);
}
for (uint i = 0; i < f.GetNumFonts() ; i++)
{
OTFont fn = f.GetFont(i);
Table_DSIG memDSIG = (Table_DSIG) fn.GetTable("DSIG");
if (memDSIG != null)
{
Console.WriteLine("Warning: DSIG in member font");
break;
}
}
}
else
{
OTFont fn = f.GetFont(0);
tDSIG = (Table_DSIG) fn.GetTable("DSIG");
}
Console.WriteLine("{0} DSIG table: {1}", filename,
( tDSIG == null ) ? "Absent" : "Present" );
if (tDSIG == null)
return 0;
if ( f.IsCollection() && ttc.version != 0x00020000 )
Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8"));
if ( tDSIG.usNumSigs != 1 )
Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs);
for ( uint v = 0; v < tDSIG.usNumSigs ; v++ )
{
Table_DSIG.SignatureBlock sgb;
try {
sgb = tDSIG.GetSignatureBlock(v);
} catch (IndexOutOfRangeException)
{
Console.WriteLine("Error: Out of Range SignatureBlock {0}", v);
break;
}
SignedCms cms = new SignedCms();
cms.Decode(sgb.bSignature);
if ( cms.SignerInfos.Count > 1 )
Console.WriteLine( "#SignerInfos: {0}", cms.SignerInfos.Count );
foreach ( var si in cms.SignerInfos )
{
Console.WriteLine(si.Certificate);
if ( Type.GetType("Mono.Runtime") == null )
foreach ( var ua in si.UnsignedAttributes )
{
foreach ( var asnd in ua.Values )
{
try
{
ASN1 vv = new ASN1(asnd.RawData);
ASN1 t = new ASN1(vv[3][1][1].Value);
Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime (t) );
}
catch (Exception e)
{/* Nothing to do */ }
}
}
}
Console.WriteLine( "#Certificates: {0}", cms.Certificates.Count );
#if HAVE_MONO_X509
certs = new Mono.Security.X509.X509CertificateCollection ();
//Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain ();
#endif
foreach ( var x509 in cms.Certificates )
{
#if HAVE_MONO_X509
certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData));
#endif
if ( verbose > 0 )
{
Console.WriteLine(x509);
}
else
{
Console.WriteLine(x509.Subject);
}
};
#if HAVE_MONO_X509
Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData);
Mono.Security.X509.X509Certificate parent = x;
while (x != null) { // Self-signed is fine - the font bundled CA is self-signed.
parent = x; // last valid
x = FindCertificateParent (x);
if (x != null && x.Equals(parent))
break;
}
#endif
ASN1 spc = new ASN1(cms.ContentInfo.Content);
ASN1 playload_oid = null;
ASN1 oid = null;
ASN1 digest = null;
ASN1 obsolete = null;
if ( Type.GetType("Mono.Runtime") == null )
{
// DotNet is much saner!
playload_oid = spc[0][0];
obsolete = spc[0][1][0];
oid = spc[1][0][0];
digest = spc[1][1];
}
else
{
playload_oid = spc[0];
obsolete = spc[1][0];
oid = spc[2][0][0];
digest = spc[2][1];
}
string algo = ASN1Convert.ToOid (oid);
string algoname = (new Oid(algo)).FriendlyName;
Console.WriteLine("Digest Algorithm: {0}", algoname);
byte[] Value = digest.Value;
StringBuilder hexLine_sig = new StringBuilder ();
for (int i = 0; i < Value.Length; i++) {
hexLine_sig.AppendFormat ("{0} ", Value [i].ToString ("X2"));
}
hexLine_sig.AppendFormat (Environment.NewLine);
switch ( algoname )
{
case "md5":
hash = HashAlgorithm.Create ("MD5");
break;
case "sha1":
hash = HashAlgorithm.Create ("SHA1");
break;
default:
throw new NotImplementedException("Unknown HashAlgorithm: " + algoname );
}
byte[] cdigest;
if ( f.IsCollection() )
{
cdigest = get_TTC_digest( f );
}
else
{
cdigest = get_TTF_digest( f );
}
StringBuilder hexLine = new StringBuilder ();
for (int i = 0; i < cdigest.Length; i++) {
hexLine.AppendFormat ("{0} ", cdigest [i].ToString ("X2"));
}
hexLine.AppendFormat (Environment.NewLine);
Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig);
Console.WriteLine("Calculated Digest:\t{0}", hexLine);
string root_thumb = "";
#if HAVE_MONO_X509
root_thumb =
(new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint;
Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName);
Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned);
#endif
Console.WriteLine("ChainEnd: {0}", root_thumb);
bool trusted = false;
try
{
string root_id = trusted_roots[root_thumb];
Console.WriteLine("RootID: {0}", root_id);
trusted = true;
}
catch (KeyNotFoundException)
{}
Console.WriteLine("Trusted: {0}", trusted);
}
return 0;
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ClientContext context = (ClientContext)this.Context;
AlertDescription description1 = AlertDescription.BadCertificate;
if (context.SslStream.HaveRemoteValidation2Callback)
{
ValidationResult validationResult = context.SslStream.RaiseServerCertificateValidation2(certificates);
if (!validationResult.Trusted)
{
long errorCode = (long)validationResult.ErrorCode;
AlertDescription description2;
switch (errorCode)
{
case 2148204801:
description2 = AlertDescription.CertificateExpired;
break;
case 2148204809:
description2 = AlertDescription.UnknownCA;
break;
case 2148204810:
description2 = AlertDescription.UnknownCA;
break;
default:
description2 = AlertDescription.CertificateUnknown;
break;
}
string str = string.Format("0x{0:x}", (object)errorCode);
throw new TlsException(description2, "Invalid certificate received from server. Error code: " + str);
}
}
else
{
Mono.Security.X509.X509Certificate certificate1 = certificates[0];
System.Security.Cryptography.X509Certificates.X509Certificate certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate1.RawData);
ArrayList arrayList = new ArrayList();
if (!this.checkCertificateUsage(certificate1))
{
arrayList.Add((object)-2146762490);
}
if (!this.checkServerIdentity(certificate1))
{
arrayList.Add((object)-2146762481);
}
Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
chain.Remove(certificate1);
Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(chain);
bool flag;
try
{
flag = x509Chain.Build(certificate1);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
switch (x509Chain.Status)
{
case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
description1 = AlertDescription.CertificateExpired;
arrayList.Add((object)-2146762495);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
arrayList.Add((object)-2146762494);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
arrayList.Add((object)-2146869232);
break;
case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
description1 = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762487);
break;
case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
arrayList.Add((object)-2146869223);
break;
case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
description1 = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762486);
break;
default:
description1 = AlertDescription.CertificateUnknown;
arrayList.Add((object)(int)x509Chain.Status);
break;
}
}
int[] array = (int[])arrayList.ToArray(typeof(int));
if (!context.SslStream.RaiseServerCertificateValidation(certificate2, array))
{
throw new TlsException(description1, "Invalid certificate received from server.");
}
}
}
private static void VerifyOSX(Mono.Security.X509.X509CertificateCollection certificates)
{
}
public void AddRange(Mono.Security.X509.X509CertificateCollection value)
{
}
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates)
{
ServerContext context = (ServerContext)this.Context;
AlertDescription description = AlertDescription.BadCertificate;
System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null;
int[] certificateErrors;
if (certificates.Count > 0)
{
Mono.Security.X509.X509Certificate certificate2 = certificates[0];
ArrayList arrayList = new ArrayList();
if (!this.checkCertificateUsage(certificate2))
{
arrayList.Add((object)-2146762490);
}
Mono.Security.X509.X509Chain x509Chain;
if (certificates.Count > 1)
{
Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates);
chain.Remove(certificate2);
x509Chain = new Mono.Security.X509.X509Chain(chain);
}
else
{
x509Chain = new Mono.Security.X509.X509Chain();
}
bool flag;
try
{
flag = x509Chain.Build(certificate2);
}
catch (Exception)
{
flag = false;
}
if (!flag)
{
switch (x509Chain.Status)
{
case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid:
description = AlertDescription.CertificateExpired;
arrayList.Add((object)-2146762495);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested:
arrayList.Add((object)-2146762494);
break;
case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid:
arrayList.Add((object)-2146869232);
break;
case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot:
description = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762487);
break;
case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints:
arrayList.Add((object)-2146869223);
break;
case Mono.Security.X509.X509ChainStatusFlags.PartialChain:
description = AlertDescription.UnknownCA;
arrayList.Add((object)-2146762486);
break;
default:
description = AlertDescription.CertificateUnknown;
arrayList.Add((object)(int)x509Chain.Status);
break;
}
}
certificate1 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData);
certificateErrors = (int[])arrayList.ToArray(typeof(int));
}
else
{
certificateErrors = new int[0];
}
System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection();
foreach (Mono.Security.X509.X509Certificate certificate2 in certificates)
{
certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData));
}
if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors))
{
throw new TlsException(description, "Invalid certificate received from client.");
}
this.Context.ClientSettings.ClientCertificate = certificate1;
}
static int Main(string[] args)
{
if (args.Length == 0)
{
Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile");
return(0);
}
OTFile f = new OTFile();
Table_DSIG tDSIG = null;
string filename = null;
verbose = 0;
for (int i = 0; i < args.Length; i++)
{
if ("-v" == args[i])
{
verbose++;
}
else
{
filename = args[i];
}
}
if (!f.open(filename))
{
Console.WriteLine("Error: Cannot open {0} as font file", filename);
return(0);
}
TTCHeader ttc = null;
if (f.IsCollection())
{
ttc = f.GetTTCHeader();
if (f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG")
{
MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength);
tDSIG = (Table_DSIG)f.GetTableManager().CreateTableObject(ttc.DsigTag, buf);
}
for (uint i = 0; i < f.GetNumFonts(); i++)
{
OTFont fn = f.GetFont(i);
Table_DSIG memDSIG = (Table_DSIG)fn.GetTable("DSIG");
if (memDSIG != null)
{
Console.WriteLine("Warning: DSIG in member font");
break;
}
}
}
else
{
OTFont fn = f.GetFont(0);
tDSIG = (Table_DSIG)fn.GetTable("DSIG");
}
Console.WriteLine("{0} DSIG table: {1}", filename,
(tDSIG == null) ? "Absent" : "Present");
if (tDSIG == null)
{
return(0);
}
if (f.IsCollection() && ttc.version != 0x00020000)
{
Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8"));
}
if (tDSIG.usNumSigs != 1)
{
Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs);
}
for (uint v = 0; v < tDSIG.usNumSigs; v++)
{
Table_DSIG.SignatureBlock sgb;
try {
sgb = tDSIG.GetSignatureBlock(v);
} catch (IndexOutOfRangeException)
{
Console.WriteLine("Error: Out of Range SignatureBlock {0}", v);
break;
}
SignedCms cms = new SignedCms();
try
{
cms.Decode(sgb.bSignature);
}
catch (Exception e)
{
if (e is NullReferenceException || /* Mono */
e is CryptographicException /* .Net2 */)
{
Console.WriteLine("Error: Malformed Signature");
break;
}
Console.WriteLine("Error: Malformed Signature (Unexpected Case 1)");
throw;
}
if (cms.SignerInfos.Count > 1)
{
Console.WriteLine("#SignerInfos: {0}", cms.SignerInfos.Count);
}
foreach (var si in cms.SignerInfos)
{
Console.WriteLine(si.Certificate);
if (Type.GetType("Mono.Runtime") == null)
{
foreach (var ua in si.UnsignedAttributes)
{
foreach (var asnd in ua.Values)
{
try
{
ASN1 vv = new ASN1(asnd.RawData);
ASN1 t = new ASN1(vv[3][1][1].Value);
Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime(t));
}
catch (Exception)
{ /* Nothing to do */ }
}
}
}
}
Console.WriteLine("#Certificates: {0}", cms.Certificates.Count);
#if HAVE_MONO_X509
certs = new Mono.Security.X509.X509CertificateCollection();
//Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain ();
#endif
foreach (var x509 in cms.Certificates)
{
#if HAVE_MONO_X509
certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData));
#endif
if (verbose > 0)
{
Console.WriteLine(x509);
}
else
{
Console.WriteLine(x509.Subject);
}
}
;
#if HAVE_MONO_X509
Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData);
Mono.Security.X509.X509Certificate parent = x;
while (x != null) // Self-signed is fine - the font bundled CA is self-signed.
{
parent = x; // last valid
x = FindCertificateParent(x);
if (x != null && x.Equals(parent))
{
break;
}
}
#endif
// Windows 10/.net 4.6.x throws here
ASN1 spc;
try
{
spc = new ASN1(cms.ContentInfo.Content);
}
catch (Exception e)
{
if (e is IndexOutOfRangeException)
{
Console.WriteLine("Error: Malformed Signature (Win10/.net 4.6.x)");
break;
}
Console.WriteLine("Error: Malformed Signature (Unexpected Case 2)");
throw;
}
ASN1 playload_oid = null;
ASN1 oid = null;
ASN1 digest = null;
ASN1 obsolete = null;
if (Type.GetType("Mono.Runtime") == null)
{
// DotNet is much saner!
playload_oid = spc[0][0];
obsolete = spc[0][1][0];
oid = spc[1][0][0];
digest = spc[1][1];
}
else
{
playload_oid = spc[0];
obsolete = spc[1][0];
oid = spc[2][0][0];
digest = spc[2][1];
}
string algo = ASN1Convert.ToOid(oid);
string algoname = (new Oid(algo)).FriendlyName;
Console.WriteLine("Digest Algorithm: {0}", algoname);
byte[] Value = digest.Value;
StringBuilder hexLine_sig = new StringBuilder();
for (int i = 0; i < Value.Length; i++)
{
hexLine_sig.AppendFormat("{0} ", Value [i].ToString("X2"));
}
hexLine_sig.AppendFormat(Environment.NewLine);
switch (algoname)
{
case "md5":
hash = HashAlgorithm.Create("MD5");
break;
case "sha1":
hash = HashAlgorithm.Create("SHA1");
break;
default:
throw new NotImplementedException("Unknown HashAlgorithm: " + algoname);
}
byte[] cdigest;
if (f.IsCollection())
{
cdigest = get_TTC_digest(f);
}
else
{
cdigest = get_TTF_digest(f);
}
StringBuilder hexLine = new StringBuilder();
for (int i = 0; i < cdigest.Length; i++)
{
hexLine.AppendFormat("{0} ", cdigest [i].ToString("X2"));
}
hexLine.AppendFormat(Environment.NewLine);
Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig);
Console.WriteLine("Calculated Digest:\t{0}", hexLine);
string root_thumb = "";
#if HAVE_MONO_X509
root_thumb =
(new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint;
Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName);
Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned);
#endif
Console.WriteLine("ChainEnd: {0}", root_thumb);
bool trusted = false;
try
{
string root_id = trusted_roots[root_thumb];
Console.WriteLine("RootID: {0}", root_id);
trusted = true;
}
catch (KeyNotFoundException)
{}
Console.WriteLine("Trusted: {0}", trusted);
}
return(0);
}
//ctor:
public X509Chain(Mono.Security.X509.X509CertificateCollection chain)
{
}
public void LoadCertificates(Mono.Security.X509.X509CertificateCollection collection)
{
}
public Void Mono.Security.X509.X509CertificateCollection::.ctor(Mono.Security.X509.X509CertificateCollection) Collections.IEnumerator Mono.Security.X509.X509CertificateCollection::System.Collections.IEnumerable.GetEnumerator()
internal abstract ValidationResult OnRemoteCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection);
internal ValidationResult RaiseRemoteCertificateValidation2(Mono.Security.X509.X509CertificateCollection collection)
{
return(OnRemoteCertificateValidation2(collection));
}
//ctor:
public X509CertificateCollection(Mono.Security.X509.X509CertificateCollection value)
{
}
