| public CopyFrom ( System asnEncodedData ) : void | ||
| asnEncodedData | System | |
| return | void | |
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly)
{
if (!this.CheckSignature(certificate.PublicKey.Key))
{
return false;
}
if (verifySignatureOnly)
{
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return true;
}
X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator();
while (enumerator.MoveNext())
{
X509Extension current = enumerator.Current;
if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension keyUsages = new X509KeyUsageExtension();
keyUsages.CopyFrom(current);
SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsages);
if (((keyUsages.KeyUsages & X509KeyUsageFlags.DigitalSignature) != X509KeyUsageFlags.None) || ((keyUsages.KeyUsages & X509KeyUsageFlags.NonRepudiation) != X509KeyUsageFlags.None))
{
break;
}
SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage"));
return false;
}
}
X509Chain chain = new X509Chain();
chain.ChainPolicy.ExtraStore.AddRange(this.BuildBagOfCerts());
bool flag2 = chain.Build(certificate);
SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
if (!flag2)
{
SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain"));
return false;
}
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return true;
}
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore)
{
int num1;
int num2 = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), (OidCollection)null, (OidCollection)null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void*)&num1));
if (num2 != 0)
return num1;
foreach (X509Extension x509Extension in certificate.Extensions)
{
if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension();
keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension);
if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None)
{
num2 = -2146762480;
break;
}
}
}
return num2;
}
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore)
{
int num;
int num2 = System.Security.Cryptography.X509Certificates.X509Utils.VerifyCertificate(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), null, null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void*) &num));
if (num2 != 0)
{
return num;
}
X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator();
while (enumerator.MoveNext())
{
X509Extension current = enumerator.Current;
if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension extension2 = new X509KeyUsageExtension();
extension2.CopyFrom(current);
if (((extension2.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None))
{
return -2146762480;
}
}
}
return num2;
}
public void WrongAsnEncodedData ()
{
AsnEncodedData aed = new AsnEncodedData (new byte[0]);
X509KeyUsageExtension ku = new X509KeyUsageExtension (X509KeyUsageFlags.CrlSign, true);
ku.CopyFrom (aed); // note: not the same behaviour than using the constructor!
}
public void CopyFrom_Null ()
{
X509KeyUsageExtension eku = new X509KeyUsageExtension ();
eku.CopyFrom (null);
}
public void WrongExtension_X509Extension ()
{
X509Extension ex = new X509Extension ("1.2.3", new byte [0], true);
X509KeyUsageExtension ku = new X509KeyUsageExtension (X509KeyUsageFlags.CrlSign, true);
ku.CopyFrom (ex);
Assert.IsTrue (ku.Critical, "Critical");
Assert.AreEqual (String.Empty, BitConverter.ToString (ku.RawData), "RawData");
Assert.AreEqual ("1.2.3", ku.Oid.Value, "Oid.Value");
Assert.IsNull (ku.Oid.FriendlyName, "Oid.FriendlyName");
}
public void WrongExtension_X509Extension_KeyUsages ()
{
X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
X509KeyUsageExtension ku = new X509KeyUsageExtension ();
ku.CopyFrom (ex);
Assert.AreEqual (0, ku.KeyUsages, "KeyUsages");
}
internal static X509Certificate2 SelectSignerCertificate()
{
X509Store store = new X509Store();
store.Open(OpenFlags.IncludeArchived | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = new X509Certificate2Collection();
X509Certificate2Enumerator enumerator = store.Certificates.GetEnumerator();
while (enumerator.MoveNext())
{
X509Certificate2 current = enumerator.Current;
if ((current.HasPrivateKey && (current.NotBefore <= DateTime.Now)) && (current.NotAfter >= DateTime.Now))
{
bool flag = true;
X509ExtensionEnumerator enumerator2 = current.Extensions.GetEnumerator();
while (enumerator2.MoveNext())
{
X509Extension asnEncodedData = enumerator2.Current;
if (string.Compare(asnEncodedData.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension extension2 = new X509KeyUsageExtension();
extension2.CopyFrom(asnEncodedData);
if (((extension2.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None))
{
flag = false;
}
break;
}
}
if (flag)
{
certificates.Add(current);
}
}
}
if (certificates.Count < 1)
{
throw new CryptographicException(-2146889714);
}
certificates = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.SingleSelection);
if (certificates.Count < 1)
{
throw new CryptographicException(0x4c7);
}
return certificates[0];
}
public void WrongExtension_X509EnhancedKeyUsageExtension ()
{
X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension ();
X509KeyUsageExtension ku = new X509KeyUsageExtension ();
ku.CopyFrom (eku);
}
internal static CmsRecipientCollection SelectRecipients(SubjectIdentifierType recipientIdentifierType)
{
X509Store store = new X509Store("AddressBook");
store.Open(OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = new X509Certificate2Collection(store.Certificates);
X509Certificate2Enumerator enumerator = store.Certificates.GetEnumerator();
while (enumerator.MoveNext())
{
X509Certificate2 current = enumerator.Current;
if ((current.NotBefore <= DateTime.Now) && (current.NotAfter >= DateTime.Now))
{
bool flag = true;
X509ExtensionEnumerator enumerator2 = current.Extensions.GetEnumerator();
while (enumerator2.MoveNext())
{
X509Extension asnEncodedData = enumerator2.Current;
if (string.Compare(asnEncodedData.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0)
{
X509KeyUsageExtension extension2 = new X509KeyUsageExtension();
extension2.CopyFrom(asnEncodedData);
if (((extension2.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.KeyAgreement) == X509KeyUsageFlags.None))
{
flag = false;
}
break;
}
}
if (flag)
{
certificates.Add(current);
}
}
}
if (certificates.Count < 1)
{
throw new CryptographicException(-2146889717);
}
X509Certificate2Collection certificates2 = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.MultiSelection);
if (certificates2.Count < 1)
{
throw new CryptographicException(0x4c7);
}
return new CmsRecipientCollection(recipientIdentifierType, certificates2);
}
private static unsafe int VerifyCertificate (X509Certificate2 certificate,
X509Certificate2Collection extraStore) {
int dwErrorStatus;
int hr = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate),
null,
null,
X509RevocationMode.Online,
X509RevocationFlag.ExcludeRoot,
DateTime.Now,
new TimeSpan(0, 0, 0),
extraStore,
new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE),
new IntPtr(&dwErrorStatus));
if (hr != CAPI.S_OK)
return dwErrorStatus;
// Check key usages to make sure it is good for signing.
foreach (X509Extension extension in certificate.Extensions) {
if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) {
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0 &&
(keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0) {
hr = CAPI.CERT_E_WRONG_USAGE;
break;
}
}
}
return hr;
}
internal static X509Certificate2 SelectSignerCertificate () {
X509Store store = new X509Store();
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly | OpenFlags.IncludeArchived);
X509Certificate2Collection certificates = new X509Certificate2Collection();
foreach (X509Certificate2 certificate in store.Certificates) {
if (certificate.HasPrivateKey && certificate.NotBefore <= DateTime.Now && certificate.NotAfter >= DateTime.Now) {
bool validUsages = true;
foreach (X509Extension extension in certificate.Extensions) {
if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) {
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0 &&
(keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0) {
validUsages = false;
}
break;
}
}
if (validUsages) {
certificates.Add(certificate);
}
}
}
if (certificates.Count < 1)
throw new CryptographicException(CAPI.CRYPT_E_SIGNER_NOT_FOUND);
certificates = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.SingleSelection);
if (certificates.Count < 1)
throw new CryptographicException(CAPI.ERROR_CANCELLED);
Debug.Assert(certificates.Count == 1);
return certificates[0];
}
internal static CmsRecipientCollection SelectRecipients (SubjectIdentifierType recipientIdentifierType) {
X509Store store = new X509Store("AddressBook");
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = new X509Certificate2Collection(store.Certificates);
foreach (X509Certificate2 certificate in store.Certificates) {
if (certificate.NotBefore <= DateTime.Now && certificate.NotAfter >= DateTime.Now) {
bool validUsages = true;
foreach (X509Extension extension in certificate.Extensions) {
if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) {
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
if ((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == 0 &&
(keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0) {
validUsages = false;
}
break;
}
}
if (validUsages) {
certificates.Add(certificate);
}
}
}
if (certificates.Count < 1)
throw new CryptographicException(CAPI.CRYPT_E_RECIPIENT_NOT_FOUND);
X509Certificate2Collection recipients = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.MultiSelection);
if (recipients.Count < 1)
throw new CryptographicException(CAPI.ERROR_CANCELLED);
return new CmsRecipientCollection(recipientIdentifierType, recipients);
}
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) {
if (!CheckSignature(certificate.PublicKey.Key)) {
return false;
}
if (verifySignatureOnly) {
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return true;
}
// Check key usages to make sure it is good for signing.
foreach (X509Extension extension in certificate.Extensions) {
if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) {
X509KeyUsageExtension keyUsage = new X509KeyUsageExtension();
keyUsage.CopyFrom(extension);
SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage);
bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 ||
(keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0;
if (!validKeyUsage) {
SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage"));
return false;
}
break;
}
}
// Do the chain verification to make sure the certificate is valid.
X509Chain chain = new X509Chain();
chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts());
bool chainVerified = chain.Build(certificate);
SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate);
if (!chainVerified) {
SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain"));
return false;
}
SignedXmlDebugLog.LogVerificationResult(this, certificate, true);
return true;
}
