// this method maps an X509NameType to crypto API flags. internal static uint MapNameType(X509NameType nameType) { uint type = 0; switch (nameType) { case X509NameType.SimpleName: type = CAPI.CERT_NAME_SIMPLE_DISPLAY_TYPE; break; case X509NameType.EmailName: type = CAPI.CERT_NAME_EMAIL_TYPE; break; case X509NameType.UpnName: type = CAPI.CERT_NAME_UPN_TYPE; break; case X509NameType.DnsName: case X509NameType.DnsFromAlternativeName: type = CAPI.CERT_NAME_DNS_TYPE; break; case X509NameType.UrlName: type = CAPI.CERT_NAME_URL_TYPE; break; default: throw new ArgumentException(SR.GetString(SR.Argument_InvalidNameType)); } return(type); }
private void MapClaimIfFound(X509Certificate2 certificate, X509NameType claimSource, List <Claim> claims, string claimDestination) { var value = certificate.GetNameInfo(claimSource, false); if (!string.IsNullOrWhiteSpace(value)) { claims.Add(new Claim(claimDestination, value, ClaimValueTypes.String, Options.ClaimsIssuer)); } }
internal static uint MapNameType(X509NameType nameType) { switch (nameType) { case X509NameType.SimpleName: return(4); case X509NameType.EmailName: return(1); case X509NameType.UpnName: return(8); case X509NameType.DnsName: case X509NameType.DnsFromAlternativeName: return(6); case X509NameType.UrlName: return(7); } throw new ArgumentException(SR.GetString("Argument_InvalidNameType")); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { using (SafeBioHandle bioHandle = Interop.Crypto.GetX509NameInfo(_cert, (int)nameType, forIssuer)) { if (bioHandle.IsInvalid) { return(""); } int bioSize = Interop.Crypto.GetMemoryBioSize(bioHandle); // Ensure space for the trailing \0 var buf = new byte[bioSize + 1]; int read = Interop.Crypto.BioGets(bioHandle, buf, buf.Length); if (read < 0) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } return(Encoding.UTF8.GetString(buf, 0, read)); } }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { CertNameType certNameType = MapNameType(nameType); CertNameFlags certNameFlags = forIssuer ? CertNameFlags.CERT_NAME_ISSUER_FLAG : CertNameFlags.None; CertNameStrTypeAndFlags strType = CertNameStrTypeAndFlags.CERT_X500_NAME_STR | CertNameStrTypeAndFlags.CERT_NAME_STR_REVERSE_FLAG; int cchCount = Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, null, 0); if (cchCount == 0) { throw Marshal.GetLastWin32Error().ToCryptographicException(); } StringBuilder sb = new StringBuilder(cchCount); if (Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, sb, cchCount) == 0) { throw Marshal.GetLastWin32Error().ToCryptographicException(); } return(sb.ToString()); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { using (SafeBioHandle bioHandle = Interop.NativeCrypto.GetX509NameInfo(_cert, (int)nameType, forIssuer)) { if (bioHandle.IsInvalid) { return(""); } int bioSize = Interop.libcrypto.GetMemoryBioSize(bioHandle); // Ensure space for the trailing \0 StringBuilder builder = new StringBuilder(bioSize + 1); int read = Interop.libcrypto.BIO_gets(bioHandle, builder, builder.Capacity); if (read < 0) { throw Interop.libcrypto.CreateOpenSslCryptographicException(); } return(builder.ToString()); } }
private static void TestComplexGetNameInfo(string expected, X509NameType nameType, bool forIssuer) { // ComplexNameInfoCert has the following characteristics: // Subject: [email protected], CN=cn.subject.example.org, OU=ExampleOU, O=ExampleO, L=Locality, ST=State, C=Country // Issuer: [email protected], CN=cn.issuer.example.org, OU=ExampleOU, O=ExampleO, L=Locality, ST=State, C=Country // Subject Alternative Names: // DNS Name=dns1.subject.example.org // DNS Name=dns2.subject.example.org // RFC822 [email protected] // RFC822 [email protected] // Other Name: // Principal [email protected] // Other Name: // Principal [email protected] // URL=http://uri1.subject.example.org/ // URL=http://uri2.subject.example.org/ // Issuer Alternative Names: // DNS Name=dns1.issuer.example.org // DNS Name=dns2.issuer.example.org // RFC822 [email protected] // RFC822 [email protected] // Other Name: // Principal [email protected] // Other Name: // Principal [email protected] // URL=http://uri1.issuer.example.org/ // URL=http://uri2.issuer.example.org/ string result; using (var cert = new X509Certificate2(TestData.ComplexNameInfoCert)) { result = cert.GetNameInfo(nameType, forIssuer); } Assert.Equal(expected, result); }
private static CertNameType MapNameType(X509NameType nameType) { switch (nameType) { case X509NameType.SimpleName: return(CertNameType.CERT_NAME_SIMPLE_DISPLAY_TYPE); case X509NameType.EmailName: return(CertNameType.CERT_NAME_EMAIL_TYPE); case X509NameType.UpnName: return(CertNameType.CERT_NAME_UPN_TYPE); case X509NameType.DnsName: case X509NameType.DnsFromAlternativeName: return(CertNameType.CERT_NAME_DNS_TYPE); case X509NameType.UrlName: return(CertNameType.CERT_NAME_URL_TYPE); default: throw new ArgumentException(SR.Argument_InvalidNameType); } }
private static CertNameType MapNameType(X509NameType nameType) { switch (nameType) { case X509NameType.SimpleName: return CertNameType.CERT_NAME_SIMPLE_DISPLAY_TYPE; case X509NameType.EmailName: return CertNameType.CERT_NAME_EMAIL_TYPE; case X509NameType.UpnName: return CertNameType.CERT_NAME_UPN_TYPE; case X509NameType.DnsName: case X509NameType.DnsFromAlternativeName: return CertNameType.CERT_NAME_DNS_TYPE; case X509NameType.UrlName: return CertNameType.CERT_NAME_URL_TYPE; default: throw new ArgumentException(SR.Argument_InvalidNameType); } }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { EnsureCertData(); return(_certData.GetNameInfo(nameType, forIssuer)); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { CertNameType certNameType = MapNameType(nameType); CertNameFlags certNameFlags = forIssuer ? CertNameFlags.CERT_NAME_ISSUER_FLAG : CertNameFlags.None; CertNameStrTypeAndFlags strType = CertNameStrTypeAndFlags.CERT_X500_NAME_STR | CertNameStrTypeAndFlags.CERT_NAME_STR_REVERSE_FLAG; int cchCount = Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, null, 0); if (cchCount == 0) throw Marshal.GetLastWin32Error().ToCryptographicException(); StringBuilder sb = new StringBuilder(cchCount); if (Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, sb, cchCount) == 0) throw Marshal.GetLastWin32Error().ToCryptographicException(); return sb.ToString(); }
// this method maps an X509NameType to crypto API flags. internal static uint MapNameType (X509NameType nameType) { uint type = 0; switch (nameType) { case X509NameType.SimpleName: type = CAPI.CERT_NAME_SIMPLE_DISPLAY_TYPE; break; case X509NameType.EmailName: type = CAPI.CERT_NAME_EMAIL_TYPE; break; case X509NameType.UpnName: type = CAPI.CERT_NAME_UPN_TYPE; break; case X509NameType.DnsName: case X509NameType.DnsFromAlternativeName: type = CAPI.CERT_NAME_DNS_TYPE; break; case X509NameType.UrlName: type = CAPI.CERT_NAME_URL_TYPE; break; default: throw new ArgumentException(SR.GetString(SR.Argument_InvalidNameType)); } return type; }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { }
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) => Interop.crypt32.CertGetNameString( _certContext, MapNameType(nameType), forIssuer ? CertNameFlags.CERT_NAME_ISSUER_FLAG : CertNameFlags.None, CertNameStringType.CERT_X500_NAME_STR | CertNameStringType.CERT_NAME_STR_REVERSE_FLAG);
public override string GetNameInfo(X509NameType nameType, bool forIssuer) { return(FallbackImpl.GetNameInfo(nameType, forIssuer)); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { throw new NotImplementedException(); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { switch (nameType) { case X509NameType.SimpleName: if (_cert == null) { throw new CryptographicException(empty_error); } // return CN= or, if missing, the first part of the DN ASN1 sn = forIssuer ? _cert.GetIssuerName() : _cert.GetSubjectName(); ASN1 dn = Find(commonName, sn); if (dn != null) { return(GetValueAsString(dn)); } if (sn.Count == 0) { return(String.Empty); } ASN1 last_entry = sn [sn.Count - 1]; if (last_entry.Count == 0) { return(String.Empty); } return(GetValueAsString(last_entry [0])); case X509NameType.EmailName: // return the E= part of the DN (if present) ASN1 e = Find(email, forIssuer ? _cert.GetIssuerName() : _cert.GetSubjectName()); if (e != null) { return(GetValueAsString(e)); } return(String.Empty); case X509NameType.UpnName: // FIXME - must find/create test case return(String.Empty); case X509NameType.DnsName: // return the CN= part of the DN (if present) ASN1 cn = Find(commonName, forIssuer ? _cert.GetIssuerName() : _cert.GetSubjectName()); if (cn != null) { return(GetValueAsString(cn)); } return(String.Empty); case X509NameType.DnsFromAlternativeName: // FIXME - must find/create test case return(String.Empty); case X509NameType.UrlName: // FIXME - must find/create test case return(String.Empty); default: throw new ArgumentException("nameType"); } }
public String GetNameInfo(X509NameType nameType, bool forIssuer) { return Pal.GetNameInfo(nameType, forIssuer); }
public string GetNameInfo(X509NameType nameType, bool forIssuer);
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) { uint dwFlags = forIssuer ? 1 : 0; uint dwDisplayType = System.Security.Cryptography.X509Certificates.X509Utils.MapNameType(nameType); switch (dwDisplayType) { case 1: return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType)); case 4: return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType)); } string str = string.Empty; CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *) this.m_safeCertContext.DangerousGetHandle()); CAPIBase.CERT_INFO cert_info = (CAPIBase.CERT_INFO)Marshal.PtrToStructure(cert_context.pCertInfo, typeof(CAPIBase.CERT_INFO)); IntPtr[] ptrArray = new IntPtr[] { CAPISafe.CertFindExtension(forIssuer ? "2.5.29.8" : "2.5.29.7", cert_info.cExtension, cert_info.rgExtension), CAPISafe.CertFindExtension(forIssuer ? "2.5.29.18" : "2.5.29.17", cert_info.cExtension, cert_info.rgExtension) }; for (int i = 0; i < ptrArray.Length; i++) { if (ptrArray[i] != IntPtr.Zero) { CAPIBase.CERT_EXTENSION cert_extension = (CAPIBase.CERT_EXTENSION)Marshal.PtrToStructure(ptrArray[i], typeof(CAPIBase.CERT_EXTENSION)); byte[] destination = new byte[cert_extension.Value.cbData]; Marshal.Copy(cert_extension.Value.pbData, destination, 0, destination.Length); uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr(cert_extension.pszObjId); bool flag = CAPI.DecodeObject(handle2.DangerousGetHandle(), destination, out decodedValue, out cbDecodedValue); handle2.Dispose(); if (flag) { CAPIBase.CERT_ALT_NAME_INFO cert_alt_name_info = (CAPIBase.CERT_ALT_NAME_INFO)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_ALT_NAME_INFO)); for (int j = 0; j < cert_alt_name_info.cAltEntry; j++) { IntPtr ptr = new IntPtr(((long)cert_alt_name_info.rgAltEntry) + (j * Marshal.SizeOf(typeof(CAPIBase.CERT_ALT_NAME_ENTRY)))); CAPIBase.CERT_ALT_NAME_ENTRY cert_alt_name_entry = (CAPIBase.CERT_ALT_NAME_ENTRY)Marshal.PtrToStructure(ptr, typeof(CAPIBase.CERT_ALT_NAME_ENTRY)); switch (dwDisplayType) { case 6: if (cert_alt_name_entry.dwAltNameChoice == 3) { str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszDNSName); } break; case 7: if (cert_alt_name_entry.dwAltNameChoice == 7) { str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszURL); } break; case 8: if (cert_alt_name_entry.dwAltNameChoice == 1) { CAPIBase.CERT_OTHER_NAME cert_other_name = (CAPIBase.CERT_OTHER_NAME)Marshal.PtrToStructure(cert_alt_name_entry.Value.pOtherName, typeof(CAPIBase.CERT_OTHER_NAME)); if (cert_other_name.pszObjId == "1.3.6.1.4.1.311.20.2.3") { uint num6 = 0; SafeLocalAllocHandle handle3 = null; if (CAPI.DecodeObject(new IntPtr(0x18L), System.Security.Cryptography.X509Certificates.X509Utils.PtrToByte(cert_other_name.Value.pbData, cert_other_name.Value.cbData), out handle3, out num6)) { CAPIBase.CERT_NAME_VALUE cert_name_value = (CAPIBase.CERT_NAME_VALUE)Marshal.PtrToStructure(handle3.DangerousGetHandle(), typeof(CAPIBase.CERT_NAME_VALUE)); if (System.Security.Cryptography.X509Certificates.X509Utils.IsCertRdnCharString(cert_name_value.dwValueType)) { str = Marshal.PtrToStringUni(cert_name_value.Value.pbData); } handle3.Dispose(); } } } break; } } decodedValue.Dispose(); } } } if ((nameType != X509NameType.DnsName) || ((str != null) && (str.Length != 0))) { return(str); } return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, 3)); }
public override string GetNameInfo (X509NameType nameType, bool forIssuer) { return FallbackImpl.GetNameInfo (nameType, forIssuer); }
public string GetNameInfo (X509NameType nameType, bool forIssuer) { switch (nameType) { case X509NameType.SimpleName: if (_cert == null) throw new CryptographicException (empty_error); // return CN= or, if missing, the first part of the DN ASN1 sn = forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName (); ASN1 dn = Find (commonName, sn); if (dn != null) return GetValueAsString (dn); if (sn.Count == 0) return String.Empty; ASN1 last_entry = sn [sn.Count - 1]; if (last_entry.Count == 0) return String.Empty; return GetValueAsString (last_entry [0]); case X509NameType.EmailName: // return the E= part of the DN (if present) ASN1 e = Find (email, forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName ()); if (e != null) return GetValueAsString (e); return String.Empty; case X509NameType.UpnName: // FIXME - must find/create test case return String.Empty; case X509NameType.DnsName: // return the CN= part of the DN (if present) ASN1 cn = Find (commonName, forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName ()); if (cn != null) return GetValueAsString (cn); return String.Empty; case X509NameType.DnsFromAlternativeName: // FIXME - must find/create test case return String.Empty; case X509NameType.UrlName: // FIXME - must find/create test case return String.Empty; default: throw new ArgumentException ("nameType"); } }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { return default(string); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { using (SafeBioHandle bioHandle = Interop.Crypto.GetX509NameInfo(_cert, (int)nameType, forIssuer)) { if (bioHandle.IsInvalid) { return ""; } int bioSize = Interop.Crypto.GetMemoryBioSize(bioHandle); // Ensure space for the trailing \0 StringBuilder builder = new StringBuilder(bioSize + 1); int read = Interop.Crypto.BioGets(bioHandle, builder, builder.Capacity); if (read < 0) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } return builder.ToString(); } }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { using (SafeBioHandle bioHandle = Interop.Crypto.GetX509NameInfo(_cert, (int)nameType, forIssuer)) { if (bioHandle.IsInvalid) { return ""; } int bioSize = Interop.Crypto.GetMemoryBioSize(bioHandle); // Ensure space for the trailing \0 var buf = new byte[bioSize + 1]; int read = Interop.Crypto.BioGets(bioHandle, buf, buf.Length); if (read < 0) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } return Encoding.UTF8.GetString(buf, 0, read); } }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { return(default(string)); }
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) { uint issuerFlag = forIssuer ? CAPI.CERT_NAME_ISSUER_FLAG : 0; uint type = X509Utils.MapNameType(nameType); switch(type) { case CAPI.CERT_NAME_SIMPLE_DISPLAY_TYPE: return CAPI.GetCertNameInfo(m_safeCertContext, issuerFlag, type); case CAPI.CERT_NAME_EMAIL_TYPE: return CAPI.GetCertNameInfo(m_safeCertContext, issuerFlag, type); } string name = String.Empty; // If the type requested is not supported in downlevel platforms; we try to decode the alt name extension by hand. CAPI.CERT_CONTEXT pCertContext = *((CAPI.CERT_CONTEXT*) m_safeCertContext.DangerousGetHandle()); CAPI.CERT_INFO pCertInfo = (CAPI.CERT_INFO) Marshal.PtrToStructure(pCertContext.pCertInfo, typeof(CAPI.CERT_INFO)); IntPtr[] pAltName = new IntPtr[2]; pAltName[0] = CAPI.CertFindExtension(forIssuer ? CAPI.szOID_ISSUER_ALT_NAME : CAPI.szOID_SUBJECT_ALT_NAME, pCertInfo.cExtension, pCertInfo.rgExtension); pAltName[1] = CAPI.CertFindExtension(forIssuer ? CAPI.szOID_ISSUER_ALT_NAME2 : CAPI.szOID_SUBJECT_ALT_NAME2, pCertInfo.cExtension, pCertInfo.rgExtension); for (int i = 0; i < pAltName.Length; i++) { if (pAltName[i] != IntPtr.Zero) { CAPI.CERT_EXTENSION extension = (CAPI.CERT_EXTENSION) Marshal.PtrToStructure(pAltName[i], typeof(CAPI.CERT_EXTENSION)); byte[] rawData = new byte[extension.Value.cbData]; Marshal.Copy(extension.Value.pbData, rawData, 0, rawData.Length); uint cbDecoded = 0; SafeLocalAllocHandle decoded = null; // Decode the extension. SafeLocalAllocHandle ptr = X509Utils.StringToAnsiPtr(extension.pszObjId); bool result = CAPI.DecodeObject(ptr.DangerousGetHandle(), rawData, out decoded, out cbDecoded); ptr.Dispose(); if (result) { CAPI.CERT_ALT_NAME_INFO altNameInfo = (CAPI.CERT_ALT_NAME_INFO) Marshal.PtrToStructure(decoded.DangerousGetHandle(), typeof(CAPI.CERT_ALT_NAME_INFO)); for (int index = 0; index < altNameInfo.cAltEntry; index++) { IntPtr pAltInfoPtr = new IntPtr((long) altNameInfo.rgAltEntry + index * Marshal.SizeOf(typeof(CAPI.CERT_ALT_NAME_ENTRY))); CAPI.CERT_ALT_NAME_ENTRY altNameEntry = (CAPI.CERT_ALT_NAME_ENTRY) Marshal.PtrToStructure(pAltInfoPtr, typeof(CAPI.CERT_ALT_NAME_ENTRY)); switch(type) { case CAPI.CERT_NAME_UPN_TYPE: if (altNameEntry.dwAltNameChoice == CAPI.CERT_ALT_NAME_OTHER_NAME) { CAPI.CERT_OTHER_NAME otherName = (CAPI.CERT_OTHER_NAME) Marshal.PtrToStructure(altNameEntry.Value.pOtherName, typeof(CAPI.CERT_OTHER_NAME)); if (otherName.pszObjId == CAPI.szOID_NT_PRINCIPAL_NAME) { uint cbUpnName = 0; SafeLocalAllocHandle pUpnName = null; result = CAPI.DecodeObject(new IntPtr(CAPI.X509_UNICODE_ANY_STRING), X509Utils.PtrToByte(otherName.Value.pbData, otherName.Value.cbData), out pUpnName, out cbUpnName); if (result) { CAPI.CERT_NAME_VALUE nameValue = (CAPI.CERT_NAME_VALUE) Marshal.PtrToStructure(pUpnName.DangerousGetHandle(), typeof(CAPI.CERT_NAME_VALUE)); if (X509Utils.IsCertRdnCharString(nameValue.dwValueType)) name = Marshal.PtrToStringUni(nameValue.Value.pbData); pUpnName.Dispose(); } } } break; case CAPI.CERT_NAME_DNS_TYPE: if (altNameEntry.dwAltNameChoice == CAPI.CERT_ALT_NAME_DNS_NAME) name = Marshal.PtrToStringUni(altNameEntry.Value.pwszDNSName); break; case CAPI.CERT_NAME_URL_TYPE: if (altNameEntry.dwAltNameChoice == CAPI.CERT_ALT_NAME_URL) name = Marshal.PtrToStringUni(altNameEntry.Value.pwszURL); break; } } decoded.Dispose(); } } } if (nameType == X509NameType.DnsName) { // If no DNS name is found in the CERT_ALT_NAME extension, return the CommonName. // Commercial CAs such as Verisign don't include a SubjectAltName extension in the certificates they use for SSL server authentication. // Instead they use the CommonName in the subject RDN as the server's DNS name. if (name == null || name.Length == 0) name = CAPI.GetCertNameInfo(m_safeCertContext, issuerFlag, CAPI.CERT_NAME_ATTR_TYPE); } return name; }
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) { uint dwFlags = forIssuer ? 1 : 0; uint dwDisplayType = System.Security.Cryptography.X509Certificates.X509Utils.MapNameType(nameType); switch (dwDisplayType) { case 1: return CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType); case 4: return CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType); } string str = string.Empty; CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT*) this.m_safeCertContext.DangerousGetHandle()); CAPIBase.CERT_INFO cert_info = (CAPIBase.CERT_INFO) Marshal.PtrToStructure(cert_context.pCertInfo, typeof(CAPIBase.CERT_INFO)); IntPtr[] ptrArray = new IntPtr[] { CAPISafe.CertFindExtension(forIssuer ? "2.5.29.8" : "2.5.29.7", cert_info.cExtension, cert_info.rgExtension), CAPISafe.CertFindExtension(forIssuer ? "2.5.29.18" : "2.5.29.17", cert_info.cExtension, cert_info.rgExtension) }; for (int i = 0; i < ptrArray.Length; i++) { if (ptrArray[i] != IntPtr.Zero) { CAPIBase.CERT_EXTENSION cert_extension = (CAPIBase.CERT_EXTENSION) Marshal.PtrToStructure(ptrArray[i], typeof(CAPIBase.CERT_EXTENSION)); byte[] destination = new byte[cert_extension.Value.cbData]; Marshal.Copy(cert_extension.Value.pbData, destination, 0, destination.Length); uint cbDecodedValue = 0; SafeLocalAllocHandle decodedValue = null; SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr(cert_extension.pszObjId); bool flag = CAPI.DecodeObject(handle2.DangerousGetHandle(), destination, out decodedValue, out cbDecodedValue); handle2.Dispose(); if (flag) { CAPIBase.CERT_ALT_NAME_INFO cert_alt_name_info = (CAPIBase.CERT_ALT_NAME_INFO) Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_ALT_NAME_INFO)); for (int j = 0; j < cert_alt_name_info.cAltEntry; j++) { IntPtr ptr = new IntPtr(((long) cert_alt_name_info.rgAltEntry) + (j * Marshal.SizeOf(typeof(CAPIBase.CERT_ALT_NAME_ENTRY)))); CAPIBase.CERT_ALT_NAME_ENTRY cert_alt_name_entry = (CAPIBase.CERT_ALT_NAME_ENTRY) Marshal.PtrToStructure(ptr, typeof(CAPIBase.CERT_ALT_NAME_ENTRY)); switch (dwDisplayType) { case 6: if (cert_alt_name_entry.dwAltNameChoice == 3) { str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszDNSName); } break; case 7: if (cert_alt_name_entry.dwAltNameChoice == 7) { str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszURL); } break; case 8: if (cert_alt_name_entry.dwAltNameChoice == 1) { CAPIBase.CERT_OTHER_NAME cert_other_name = (CAPIBase.CERT_OTHER_NAME) Marshal.PtrToStructure(cert_alt_name_entry.Value.pOtherName, typeof(CAPIBase.CERT_OTHER_NAME)); if (cert_other_name.pszObjId == "1.3.6.1.4.1.311.20.2.3") { uint num6 = 0; SafeLocalAllocHandle handle3 = null; if (CAPI.DecodeObject(new IntPtr(0x18L), System.Security.Cryptography.X509Certificates.X509Utils.PtrToByte(cert_other_name.Value.pbData, cert_other_name.Value.cbData), out handle3, out num6)) { CAPIBase.CERT_NAME_VALUE cert_name_value = (CAPIBase.CERT_NAME_VALUE) Marshal.PtrToStructure(handle3.DangerousGetHandle(), typeof(CAPIBase.CERT_NAME_VALUE)); if (System.Security.Cryptography.X509Certificates.X509Utils.IsCertRdnCharString(cert_name_value.dwValueType)) { str = Marshal.PtrToStringUni(cert_name_value.Value.pbData); } handle3.Dispose(); } } } break; } } decodedValue.Dispose(); } } } if ((nameType != X509NameType.DnsName) || ((str != null) && (str.Length != 0))) { return str; } return CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, 3); }
public abstract string GetNameInfo(X509NameType nameType, bool forIssuer);
public string GetNameInfo(X509NameType nameType, bool forIssuer) { // Algorithm behaviors (pseudocode). When forIssuer is true, replace "Subject" with "Issuer" and // SAN (Subject Alternative Names) with IAN (Issuer Alternative Names). // // SimpleName: Subject[CN] ?? Subject[OU] ?? Subject[O] ?? Subject[E] ?? Subject.Rdns.FirstOrDefault() ?? // SAN.Entries.FirstOrDefault(type == GEN_EMAIL); // EmailName: SAN.Entries.FirstOrDefault(type == GEN_EMAIL) ?? Subject[E]; // UpnName: SAN.Entries.FirsOrDefaultt(type == GEN_OTHER && entry.AsOther().OID == szOidUpn).AsOther().Value; // DnsName: SAN.Entries.FirstOrDefault(type == GEN_DNS) ?? Subject[CN]; // DnsFromAlternativeName: SAN.Entries.FirstOrDefault(type == GEN_DNS); // UrlName: SAN.Entries.FirstOrDefault(type == GEN_URI); if (nameType == X509NameType.SimpleName) { X500DistinguishedName name = forIssuer ? Issuer : Subject; string candidate = GetSimpleNameInfo(name); if (candidate != null) { return(candidate); } } // Check the Subject Alternative Name (or Issuer Alternative Name) for the right value; { string extensionId = forIssuer ? Oids.IssuerAltName : Oids.SubjectAltName; GeneralNameType?matchType = null; string otherOid = null; // Currently all X509NameType types have a path where they look at the SAN/IAN, // but we need to figure out which kind they want. switch (nameType) { case X509NameType.DnsName: case X509NameType.DnsFromAlternativeName: matchType = GeneralNameType.DnsName; break; case X509NameType.SimpleName: case X509NameType.EmailName: matchType = GeneralNameType.Email; break; case X509NameType.UpnName: matchType = GeneralNameType.OtherName; otherOid = Oids.UserPrincipalName; break; case X509NameType.UrlName: matchType = GeneralNameType.UniformResourceIdentifier; break; } if (matchType.HasValue) { foreach (X509Extension extension in Extensions) { if (extension.Oid.Value == extensionId) { string candidate = FindAltNameMatch(extension.RawData, matchType.Value, otherOid); if (candidate != null) { return(candidate); } } } } else { Debug.Fail($"Unresolved matchType for X509NameType.{nameType}"); } } // Subject-based fallback { string expectedKey = null; switch (nameType) { case X509NameType.EmailName: expectedKey = Oids.EmailAddress; break; case X509NameType.DnsName: // Note: This does not include DnsFromAlternativeName, since // the subject (or issuer) is not the Alternative Name. expectedKey = Oids.CommonName; break; } if (expectedKey != null) { X500DistinguishedName name = forIssuer ? Issuer : Subject; foreach (var kvp in ReadReverseRdns(name)) { if (kvp.Key == expectedKey) { return(kvp.Value); } } } } return(""); }
public string GetNameInfo (X509NameType nameType, bool forIssuer) { return null; }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { return(Pal.GetNameInfo(nameType, forIssuer)); }
public string GetNameInfo(X509NameType nameType, bool forIssuer) { switch (nameType) { case X509NameType.SimpleName: { if (this._cert == null) { throw new CryptographicException(X509Certificate2.empty_error); } ASN1 asn = (!forIssuer) ? this._cert.GetSubjectName() : this._cert.GetIssuerName(); ASN1 asn2 = this.Find(X509Certificate2.commonName, asn); if (asn2 != null) { return(this.GetValueAsString(asn2)); } if (asn.Count == 0) { return(string.Empty); } ASN1 asn3 = asn[asn.Count - 1]; if (asn3.Count == 0) { return(string.Empty); } return(this.GetValueAsString(asn3[0])); } case X509NameType.EmailName: { ASN1 asn4 = this.Find(X509Certificate2.email, (!forIssuer) ? this._cert.GetSubjectName() : this._cert.GetIssuerName()); if (asn4 != null) { return(this.GetValueAsString(asn4)); } return(string.Empty); } case X509NameType.UpnName: return(string.Empty); case X509NameType.DnsName: { ASN1 asn5 = this.Find(X509Certificate2.commonName, (!forIssuer) ? this._cert.GetSubjectName() : this._cert.GetIssuerName()); if (asn5 != null) { return(this.GetValueAsString(asn5)); } return(string.Empty); } case X509NameType.DnsFromAlternativeName: return(string.Empty); case X509NameType.UrlName: return(string.Empty); default: throw new ArgumentException("nameType"); } }