internal X509ExtensionCollection(MX.X509Certificate cert) { _list = new ArrayList(cert.Extensions.Count); if (cert.Extensions.Count == 0) { return; } #if !MOONLIGHT object[] parameters = new object [2]; #endif foreach (MX.X509Extension ext in cert.Extensions) { bool critical = ext.Critical; string oid = ext.Oid; byte[] raw_data = null; // extension data is embedded in an octet stream (4) ASN1 value = ext.Value; if ((value.Tag == 0x04) && (value.Count > 0)) { raw_data = value [0].GetBytes(); } X509Extension newt = null; #if MOONLIGHT // non-extensible switch (oid) { case "2.5.29.14": newt = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(oid, raw_data), critical); break; case "2.5.29.15": newt = new X509KeyUsageExtension(new AsnEncodedData(oid, raw_data), critical); break; case "2.5.29.19": newt = new X509BasicConstraintsExtension(new AsnEncodedData(oid, raw_data), critical); break; case "2.5.29.37": newt = new X509EnhancedKeyUsageExtension(new AsnEncodedData(oid, raw_data), critical); break; } #else parameters [0] = new AsnEncodedData(oid, raw_data); parameters [1] = critical; newt = (X509Extension)CryptoConfig.CreateFromName(oid, parameters); #endif if (newt == null) { // not registred in CryptoConfig, using default newt = new X509Extension(oid, raw_data, critical); } _list.Add(newt); } }
public void ConstructorEmpty () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); Assert.IsFalse (bc.Critical, "Critical"); Assert.IsNull (bc.RawData, "RawData"); Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value"); Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)"); Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)"); }
public void ConstructorEmpty () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); Assert.IsFalse (bc.Critical, "Critical"); Assert.IsNull (bc.RawData, "RawData"); Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)"); Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)"); }
public void ConstructorAsnEncodedData () { AsnEncodedData aed = new AsnEncodedData (new byte[] { 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x01 }); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true); Assert.IsTrue (bc.Critical, "Critical"); Assert.AreEqual (8, bc.RawData.Length, "RawData"); // original Oid ignored Assert.AreEqual (oid, bc.Oid.Value, "Oid.Value"); Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName"); Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority"); Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual (1, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=1" + Environment.NewLine, bc.Format (true), "Format(true)"); Assert.AreEqual ("Subject Type=CA, Path Length Constraint=1", bc.Format (false), "Format(false)"); }
private void PrepareForNextCertificate(int n) { X509ChainElement x509ChainElement = this.elements[n]; X509Certificate2 certificate = x509ChainElement.Certificate; this.working_issuer_name = certificate.SubjectName; this.working_public_key = certificate.PublicKey.Key; X509BasicConstraintsExtension x509BasicConstraintsExtension = (X509BasicConstraintsExtension)certificate.Extensions["2.5.29.19"]; if (x509BasicConstraintsExtension != null) { if (!x509BasicConstraintsExtension.CertificateAuthority) { x509ChainElement.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints; } } else if (certificate.Version >= 3) { x509ChainElement.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints; } if (!this.IsSelfIssued(certificate)) { if (this.max_path_length > 0) { this.max_path_length--; } else if (this.bce_restriction != null) { this.bce_restriction.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints; } } if (x509BasicConstraintsExtension != null && x509BasicConstraintsExtension.HasPathLengthConstraint && x509BasicConstraintsExtension.PathLengthConstraint < this.max_path_length) { this.max_path_length = x509BasicConstraintsExtension.PathLengthConstraint; this.bce_restriction = x509ChainElement; } X509KeyUsageExtension x509KeyUsageExtension = (X509KeyUsageExtension)certificate.Extensions["2.5.29.15"]; if (x509KeyUsageExtension != null) { X509KeyUsageFlags x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign; if ((x509KeyUsageExtension.KeyUsages & x509KeyUsageFlags) != x509KeyUsageFlags) { x509ChainElement.StatusFlags |= X509ChainStatusFlags.NotValidForUsage; } } this.ProcessCertificateExtensions(x509ChainElement); }
internal X509ExtensionCollection (MX.X509Certificate cert) { _list = new ArrayList (cert.Extensions.Count); if (cert.Extensions.Count == 0) return; #if !MOONLIGHT object[] parameters = new object [2]; #endif foreach (MX.X509Extension ext in cert.Extensions) { bool critical = ext.Critical; string oid = ext.Oid; byte[] raw_data = null; // extension data is embedded in an octet stream (4) ASN1 value = ext.Value; if ((value.Tag == 0x04) && (value.Count > 0)) raw_data = value [0].GetBytes (); X509Extension newt = null; #if MOONLIGHT || FULL_AOT_RUNTIME // non-extensible switch (oid) { case "2.5.29.14": newt = new X509SubjectKeyIdentifierExtension (new AsnEncodedData (oid, raw_data), critical); break; case "2.5.29.15": newt = new X509KeyUsageExtension (new AsnEncodedData (oid, raw_data), critical); break; case "2.5.29.19": newt = new X509BasicConstraintsExtension (new AsnEncodedData (oid, raw_data), critical); break; case "2.5.29.37": newt = new X509EnhancedKeyUsageExtension (new AsnEncodedData (oid, raw_data), critical); break; } #else parameters [0] = new AsnEncodedData (oid, raw_data ?? Empty); parameters [1] = critical; newt = (X509Extension) CryptoConfig.CreateFromName (oid, parameters); #endif if (newt == null) { // not registred in CryptoConfig, using default newt = new X509Extension (oid, raw_data ?? Empty, critical); } _list.Add (newt); } }
public void CopyFrom_Null () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); bc.CopyFrom (null); }
public void WrongAsnEncodedData () { AsnEncodedData aed = new AsnEncodedData (new byte[0]); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, false); bc.CopyFrom (aed); // note: not the same behaviour than using the constructor! }
public void WrongExtension_X509Extension_CertificateAuthority () { X509Extension ex = new X509Extension ("1.2.3", new byte[0], true); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); bc.CopyFrom (ex); bool b = bc.CertificateAuthority; }
// CTL == Certificate Trust List / NOT SUPPORTED // TODO - check for X509ChainStatusFlags.CtlNotTimeValid // TODO - check for X509ChainStatusFlags.CtlNotSignatureValid // TODO - check for X509ChainStatusFlags.CtlNotValidForUsage private void PrepareForNextCertificate(int n) { X509ChainElement element = elements [n]; X509Certificate2 certificate = element.Certificate; // TODO 6.1.4.a-b // 6.1.4.c working_issuer_name = certificate.SubjectName; // 6.1.4.d-e - our key includes both the public key and it's parameters working_public_key = certificate.PublicKey.Key; // 6.1.4.f // working_public_key_algorithm = certificate.PublicKey.Oid.Value; // TODO 6.1.4.g-j // 6.1.4.k - Verify that the certificate is a CA certificate X509BasicConstraintsExtension bce = (certificate.Extensions["2.5.29.19"] as X509BasicConstraintsExtension); if (bce != null) { if (!bce.CertificateAuthority) { element.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints; } } else if (certificate.Version >= 3) { // recent (v3+) CA certificates must include BCE element.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints; } // 6.1.4.l - if the certificate isn't self-issued... if (!IsSelfIssued(certificate)) { // ... verify that max_path_length > 0 if (max_path_length > 0) { max_path_length--; } else { // to match MS the reported status must be against the certificate // with the BCE and not where the path is too long. It also means // that this condition has to be reported only once if (bce_restriction != null) { bce_restriction.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints; } } } // 6.1.4.m - if pathLengthConstraint is present... if ((bce != null) && (bce.HasPathLengthConstraint)) { // ... and is less that max_path_length, set max_path_length to it's value if (bce.PathLengthConstraint < max_path_length) { max_path_length = bce.PathLengthConstraint; bce_restriction = element; } } // 6.1.4.n - if key usage extension is present... X509KeyUsageExtension kue = (certificate.Extensions["2.5.29.15"] as X509KeyUsageExtension); if (kue != null) { // ... verify keyCertSign is set X509KeyUsageFlags success = X509KeyUsageFlags.KeyCertSign; if ((kue.KeyUsages & success) != success) { element.StatusFlags |= X509ChainStatusFlags.NotValidForUsage; } } // 6.1.4.o - recognize and process other critical extension present in the certificate ProcessCertificateExtensions(element); }
// Indirectly (undocumented but) supported extensions internal string BasicConstraintsExtension (bool multiLine) { try { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (this, false); return bc.ToString (multiLine); } catch { return String.Empty; } }
/// <summary> /// Initializes a new instance of the <see cref="X509ExtensionWrapper"/> class. /// </summary> /// <param name="extension">The extension.</param> public X509BasicConstraintsExtensionWrapper(X509BasicConstraintsExtension extension) : base(extension) { x509 = extension; }
public void ConstructorEmpty_CertificateAuthority () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); Assert.AreEqual (false, bc.CertificateAuthority, "CertificateAuthority"); }
public void Constructor_TrueTrueZero () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, true, 0, true); Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority"); Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual ("30-06-01-01-FF-02-01-00", BitConverter.ToString (bc.RawData), "RawData"); Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=0" + Environment.NewLine, bc.Format (true), "Format(true)"); Assert.AreEqual ("Subject Type=CA, Path Length Constraint=0", bc.Format (false), "Format(false)"); }
public void ConstructorAsnEncodedData_Null () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (null, true); }
public void ConstructorAsnEncodedData_SmallestValid () { AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x00 }); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true); Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority"); Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData"); Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)"); Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=None", bc.Format (false), "Format(false)"); }
public void ConstructorAsnEncodedData_BadAsnLength () { AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x01 }); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true); Assert.AreEqual ("3001", bc.Format (true), "Format(true)"); Assert.AreEqual ("3001", bc.Format (false), "Format(false)"); bool b = bc.CertificateAuthority; }
public void CopyFrom_Self () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, false, -1, true); Assert.IsTrue (bc.Critical, "Critical"); byte[] raw = bc.RawData; Assert.AreEqual ("30-00", BitConverter.ToString (raw), "RawData"); AsnEncodedData aed = new AsnEncodedData (raw); X509BasicConstraintsExtension copy = new X509BasicConstraintsExtension (aed, false); Assert.IsFalse (copy.Critical, "Critical"); Assert.AreEqual (2, copy.RawData.Length, "RawData"); // original Oid ignored Assert.AreEqual (oid, copy.Oid.Value, "Oid.Value"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual (fname, copy.Oid.FriendlyName, "Oid.FriendlyName"); Assert.IsFalse (copy.CertificateAuthority, "CertificateAuthority"); Assert.IsFalse (copy.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual (0, copy.PathLengthConstraint, "PathLengthConstraint"); }
public void Constructor_TrueTrueMaxInt () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (true, true, Int32.MaxValue, true); Assert.IsTrue (bc.CertificateAuthority, "CertificateAuthority"); Assert.IsTrue (bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual (Int32.MaxValue, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual ("30-09-01-01-FF-02-04-7F-FF-FF-FF", BitConverter.ToString (bc.RawData), "RawData"); Assert.AreEqual ("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=2147483647" + Environment.NewLine, bc.Format (true), "Format(true)"); Assert.AreEqual ("Subject Type=CA, Path Length Constraint=2147483647", bc.Format (false), "Format(false)"); }
public void ConstructorEmpty_PathLengthConstraint () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint"); }
public void ConstructorEmpty_HasPathLengthConstraint () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); Assert.AreEqual (false, bc.HasPathLengthConstraint, "HasPathLengthConstraint"); }
public void Constructor_FalseTrueNegative () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, -1, true); }
public void ConstructorAsnEncodedData_BadAsn () { AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[0]); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (aed, true); Assert.AreEqual (String.Empty, bc.Format (true), "Format(true)"); Assert.AreEqual (String.Empty, bc.Format (false), "Format(false)"); bool b = bc.CertificateAuthority; }
public void Constructor_FalseFalseNegative () { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, false, -1, true); Assert.IsFalse (bc.CertificateAuthority, "CertificateAuthority"); Assert.IsFalse (bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual (0, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual ("30-00", BitConverter.ToString (bc.RawData), "RawData"); Assert.AreEqual ("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format (true), "Format(true)"); Assert.AreEqual ("Subject Type=End Entity, Path Length Constraint=None", bc.Format (false), "Format(false)"); }
/// <summary> /// Determines whether the certificate is allowed to be an issuer. /// </summary> private bool IsIssuerAllowed(X509Certificate2 certificate) { X509BasicConstraintsExtension constraints = new X509BasicConstraintsExtension(); for (int ii = 0; ii < certificate.Extensions.Count; ii++) { constraints = certificate.Extensions[ii] as X509BasicConstraintsExtension; if (constraints != null) { return constraints.CertificateAuthority; } } return false; }
public void WrongExtension_X509KeyUsageExtension () { X509KeyUsageExtension ku = new X509KeyUsageExtension (); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (); bc.CopyFrom (ku); }
public void WrongExtension_X509Extension () { X509Extension ex = new X509Extension ("1.2.3", new byte[0], true); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (false, true, 1, false); Assert.IsFalse (bc.Critical, "Critical"); bc.CopyFrom (ex); Assert.IsTrue (bc.Critical, "Critical"); Assert.AreEqual (String.Empty, BitConverter.ToString (bc.RawData), "RawData"); Assert.AreEqual ("1.2.3", bc.Oid.Value, "Oid.Value"); Assert.IsNull (bc.Oid.FriendlyName, "Oid.FriendlyName"); }
internal string BasicConstraintsExtension(bool multiLine) { string result; try { System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension x509BasicConstraintsExtension = new System.Security.Cryptography.X509Certificates.X509BasicConstraintsExtension(this, false); result = x509BasicConstraintsExtension.ToString(multiLine); } catch { result = string.Empty; } return(result); }