Ejemplos de X509CertificatePropertyExtrator en C# (CSharp)

Ejemplo n.º 1

Archivo: OcesCertificateFactory.cs Proyecto: vhil/OpenNemID

        /// <summary>
        /// Find all certificates that are not self-signed and has key usage "digital signature".
        /// Then sort all certificates, so that issuers are after the certificates they sign.
        /// Certificates in the list that were not part of the trust chain for the digital signatures are not retained.
        /// </summary>
        /// <returns>sorted certificates needed to verify the digital signatures from the input list</returns>
        static List <X509Certificate2> SortCertificatesIssuerLast(IEnumerable <X509Certificate2> inputCertificates)
        {
            var result        = new List <X509Certificate2>();
            var certBySubject = new Dictionary <string, X509Certificate2>();

            foreach (var certificate in inputCertificates)
            {
                certBySubject[certificate.Subject] = certificate;
                var keyUsage = X509CertificatePropertyExtrator.GetKeyUsage(certificate);
                if (keyUsage != null && keyUsage.KeyUsages.ToString().Contains("DigitalSignature") &&
                    !keyUsage.KeyUsages.ToString().Contains("CrlSign"))
                {
                    result.Add(certificate);
                }
            }
            for (var i = 0; i < result.Count; i++)
            {
                var certificate = result[i];
                if (!certBySubject.ContainsKey(certificate.Issuer))
                {
                    continue;
                }

                var issuer = certBySubject[result[i].Issuer];
                if (!result.Contains(issuer))
                {
                    result.Add(issuer);
                }
            }
            return(result);
        }

Ejemplo n.º 2

Archivo: PocesCertificate.cs Proyecto: vhil/OpenNemID

        /// <summary>
        /// </summary>
        /// <returns><code>true</code> if this certificate is a youth certificate</returns>
        public bool IsYouthCertificate()
        {
            var element = X509CertificatePropertyExtrator.GetElementInX509Name(Certificate, ObjectIdentifiers.OrganizationalUnit);

            return(element != null &&
                   element == "Ung mellem 15 og 18 - Kan som udgangspunkt ikke lave juridisk bindende aftaler");
        }

Ejemplo n.º 3

Archivo: OcesCertificateFactory.cs Proyecto: vhil/OpenNemID

 static void AddIssuerCertificateIfNeeded(IList <X509Certificate2> certificates)
 {
     if (certificates.Count == 1)
     {
         var certificate = certificates[0];
         if (certificate.Issuer.ToUpper().Contains("TRUST2408"))
         {
             var url            = X509CertificatePropertyExtrator.GetCaIssuerUrl(certificate);
             var icaCertificate = new X509Certificate2(HttpClient.Download(url));
             certificates.Add(icaCertificate);
         }
     }
 }

Ejemplo n.º 4

Archivo: ChainVerifier.cs Proyecto: svast/OOAPI

        public static bool VerifyTrust(X509Certificate2 certificate, Ca signingCa)
        {
            var basicConstraints = X509CertificatePropertyExtrator.GetBasicConstraints(certificate);

            if (Verify(certificate, GetPublicKey(signingCa.Certificate)))
            {
                if (VerifyChain(signingCa, 0))
                {
                    return(VerifyRoot(signingCa));
                }
            }
            return(false);
        }

Ejemplo n.º 5

Archivo: ChainVerifier.cs Proyecto: svast/OOAPI

        private static bool VerifyChain(Ca ca, int pathLength)
        {
            var basicConstraints = X509CertificatePropertyExtrator.GetBasicConstraints(ca.Certificate);

            //check that CA certificate is in fact a CA
            if (!basicConstraints.CertificateAuthority)
            {
                return(false);
            }

            //check that CA certificate must sign other certificates
            X509KeyUsageFlags flags = X509CertificatePropertyExtrator.GetKeyUsage(ca.Certificate).KeyUsages;

            if ((flags & (X509KeyUsageFlags.KeyCertSign)) != X509KeyUsageFlags.KeyCertSign)
            {
                return(false);
            }


            // Check path length
            if (basicConstraints.HasPathLengthConstraint && basicConstraints.PathLengthConstraint < pathLength)
            {
                return(false);
            }
            if (IsSelfSigned(ca) && !ca.IsRoot)
            {
                return(false);
            }
            if (ca.IsRoot)
            {
                return(true);
            }
            if (ca.IssuingCa == null)
            {
                return(false);
            }
            Ca signingCa = ca.IssuingCa;

            if (X509CertificatePropertyExtrator.GetBasicConstraints(signingCa.Certificate).PathLengthConstraint >= 0)
            {
                if (Verify(ca.Certificate, GetPublicKey(signingCa.Certificate)))
                {
                    return(VerifyChain(ca.IssuingCa, ++pathLength));
                }
            }
            return(false);
        }

Ejemplo n.º 6

Archivo: PocesCertificate.cs Proyecto: vhil/OpenNemID

 /// <summary>
 /// </summary>
 /// <returns><code>true</code> if this certificate has the string "Pseudonym" as name</returns>
 public bool HasPseudonym()
 {
     return(X509CertificatePropertyExtrator.HasPseudonym(Certificate));
 }

Ejemplo n.º 7

Archivo: OcesCertificateFactory.cs Proyecto: vhil/OpenNemID

 private static bool MatchPolicy(X509Certificate2 endUserCertificate, string oidPrefix)
 {
     return(X509CertificatePropertyExtrator.GetCertificatePolicyOid(endUserCertificate).StartsWith(oidPrefix));
 }

Ejemplo n.º 8

Archivo: EnvironmentTester.cs Proyecto: vhil/OpenNemID

 static string FindOcspUrlInCertificate(X509Certificate2 cert)
 {
     return(X509CertificatePropertyExtrator.GetOcspUrl(cert));
 }

Ejemplo n.º 9

Archivo: OcesCertificate.cs Proyecto: svast/OOAPI

 /// <summary>
 /// Gets a specific element of the subject DN
 /// </summary>
 /// <param name="element">element <code>Name</code> of element to return value of</param>
 /// <returns>Specific element of the subject DN</returns>
 protected string GetElementInX509Name(String element)
 {
     return(X509CertificatePropertyExtrator.GetElementInX509Name(Certificate, element));
 }