internal X509ExtensionCollection (MX.X509Certificate cert) { _list = new ArrayList (cert.Extensions.Count); if (cert.Extensions.Count == 0) return; object[] parameters = new object [2]; foreach (MX.X509Extension ext in cert.Extensions) { bool critical = ext.Critical; string oid = ext.Oid; byte[] raw_data = null; // extension data is embedded in an octet stream (4) ASN1 value = ext.Value; if ((value.Tag == 0x04) && (value.Count > 0)) raw_data = value [0].GetBytes (); parameters [0] = new AsnEncodedData (oid, raw_data); parameters [1] = critical; X509Extension newt = (X509Extension) CryptoConfig.CreateFromName (oid, parameters); if (newt == null) { // not registred in CryptoConfig, using default newt = new X509Extension (oid, raw_data, critical); } _list.Add (newt); } }
public int Add (X509Extension extension) { if (extension == null) throw new ArgumentNullException ("extension"); if (readOnly) throw new NotSupportedException ("Extensions are read only"); return InnerList.Add (extension); }
public void AddRange (X509Extension[] extension) { if (extension == null) throw new ArgumentNullException ("extension"); if (readOnly) throw new NotSupportedException ("Extensions are read only"); for (int i = 0; i < extension.Length; i++) InnerList.Add (extension [i]); }
public X509ExtensionCollection (ASN1 asn1) : this () { readOnly = true; if (asn1 == null) return; if (asn1.Tag != 0x30) throw new Exception ("Invalid extensions format"); for (int i=0; i < asn1.Count; i++) { X509Extension extension = new X509Extension (asn1 [i]); InnerList.Add (extension); } }
/// <summary> /// Create an extension from an existing X509 extension /// </summary> /// <remarks>Sub classses must provide an implementation to decode their values</remarks> /// <param name="Extension">X509 extension</param> public ProfileExtension(X509Extension Extension) { critical = Extension.IsCritical; }
/** * Returns a string representation of this CRL. * * @return a string representation of this CRL. */ public override string ToString() { StringBuilder buf = new StringBuilder(); string nl = Platform.NewLine; buf.Append(" Version: ").Append(this.Version).Append(nl); buf.Append(" IssuerDN: ").Append(this.IssuerDN).Append(nl); buf.Append(" This update: ").Append(this.ThisUpdate).Append(nl); buf.Append(" Next update: ").Append(this.NextUpdate).Append(nl); buf.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(nl); byte[] sig = this.GetSignature(); buf.Append(" Signature: "); buf.Append(Hex.ToHexString(sig, 0, 20)).Append(nl); for (int i = 20; i < sig.Length; i += 20) { int count = System.Math.Min(20, sig.Length - i); buf.Append(" "); buf.Append(Hex.ToHexString(sig, i, count)).Append(nl); } X509Extensions extensions = c.TbsCertList.Extensions; if (extensions != null) { IEnumerator e = extensions.ExtensionOids.GetEnumerator(); if (e.MoveNext()) { buf.Append(" Extensions: ").Append(nl); } do { DerObjectIdentifier oid = (DerObjectIdentifier)e.Current; X509Extension ext = extensions.GetExtension(oid); if (ext.Value != null) { Asn1Object asn1Value = X509ExtensionUtilities.FromExtensionValue(ext.Value); buf.Append(" critical(").Append(ext.IsCritical).Append(") "); try { if (oid.Equals(X509Extensions.CrlNumber)) { buf.Append(new CrlNumber(DerInteger.GetInstance(asn1Value).PositiveValue)).Append(nl); } else if (oid.Equals(X509Extensions.DeltaCrlIndicator)) { buf.Append( "Base CRL: " + new CrlNumber(DerInteger.GetInstance( asn1Value).PositiveValue)) .Append(nl); } else if (oid.Equals(X509Extensions.IssuingDistributionPoint)) { buf.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl); } else if (oid.Equals(X509Extensions.CrlDistributionPoints)) { buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl); } else if (oid.Equals(X509Extensions.FreshestCrl)) { buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl); } else { buf.Append(oid.Id); buf.Append(" value = ").Append( Asn1Dump.DumpAsString(asn1Value)) .Append(nl); } } catch (Exception) { buf.Append(oid.Id); buf.Append(" value = ").Append("*****").Append(nl); } } else { buf.Append(nl); } }while (e.MoveNext()); } ISet certSet = GetRevokedCertificates(); if (certSet != null) { foreach (X509CrlEntry entry in certSet) { buf.Append(entry); buf.Append(nl); } } return(buf.ToString()); }
public void CheckCertificate( int id, byte[] cert) { Asn1Object seq = Asn1Object.FromByteArray(cert); string dump = Asn1Dump.DumpAsString(seq); X509CertificateStructure obj = X509CertificateStructure.GetInstance(seq); TbsCertificateStructure tbsCert = obj.TbsCertificate; if (!tbsCert.Subject.ToString().Equals(subjects[id - 1])) { Fail("failed subject test for certificate id " + id + " got " + tbsCert.Subject.ToString()); } if (tbsCert.Version == 3) { X509Extensions ext = tbsCert.Extensions; if (ext != null) { foreach (DerObjectIdentifier oid in ext.ExtensionOids) { X509Extension extVal = ext.GetExtension(oid); Asn1Object extObj = Asn1Object.FromByteArray(extVal.Value.GetOctets()); if (oid.Equals(X509Extensions.SubjectKeyIdentifier)) { SubjectKeyIdentifier.GetInstance(extObj); } else if (oid.Equals(X509Extensions.KeyUsage)) { KeyUsage.GetInstance(extObj); } else if (oid.Equals(X509Extensions.ExtendedKeyUsage)) { ExtendedKeyUsage ku = ExtendedKeyUsage.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)ku.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { KeyPurposeID.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.SubjectAlternativeName)) { GeneralNames gn = GeneralNames.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { GeneralName.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.IssuerAlternativeName)) { GeneralNames gn = GeneralNames.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { GeneralName.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.CrlDistributionPoints)) { CrlDistPoint p = CrlDistPoint.GetInstance(extObj); DistributionPoint[] points = p.GetDistributionPoints(); for (int i = 0; i != points.Length; i++) { // do nothing } } else if (oid.Equals(X509Extensions.CertificatePolicies)) { Asn1Sequence cp = (Asn1Sequence)extObj; for (int i = 0; i != cp.Count; i++) { PolicyInformation.GetInstance(cp[i]); } } else if (oid.Equals(X509Extensions.AuthorityKeyIdentifier)) { AuthorityKeyIdentifier.GetInstance(extObj); } else if (oid.Equals(X509Extensions.BasicConstraints)) { BasicConstraints.GetInstance(extObj); } else { //Console.WriteLine(oid.Id); } } } } }
public BasicConstraintsExtension(X509Extension extension) : base(extension) { }
public static void ReproduceBigExponentCert() { DateTimeOffset notBefore = new DateTimeOffset(2016, 3, 2, 1, 48, 0, TimeSpan.Zero); DateTimeOffset notAfter = new DateTimeOffset(2017, 3, 2, 1, 48, 0, TimeSpan.Zero); byte[] serialNumber = "9B5DE6C15126A58B".HexToByteArray(); var subject = new X500DistinguishedName( "CN=localhost, OU=.NET Framework (CoreFX), O=Microsoft Corporation, L=Redmond, S=Washington, C=US"); X509Extension skidExtension = new X509SubjectKeyIdentifierExtension( "78A5C75D51667331D5A96924114C9B5FA00D7BCB", false); X509Extension akidExtension = new X509Extension( "2.5.29.35", "3016801478A5C75D51667331D5A96924114C9B5FA00D7BCB".HexToByteArray(), false); X509Extension basicConstraints = new X509BasicConstraintsExtension(true, false, 0, false); X509Certificate2 cert; using (RSA rsa = RSA.Create()) { rsa.ImportParameters(TestData.RsaBigExponentParams); var request = new CertificateRequest(subject, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); request.CertificateExtensions.Add(skidExtension); request.CertificateExtensions.Add(akidExtension); request.CertificateExtensions.Add(basicConstraints); var signatureGenerator = X509SignatureGenerator.CreateForRSA(rsa, RSASignaturePadding.Pkcs1); cert = request.Create(subject, signatureGenerator, notBefore, notAfter, serialNumber); } const string expectedHex = "308203EB308202D3A0030201020209009B5DE6C15126A58B300D06092A864886" + "F70D01010B050030818A310B3009060355040613025553311330110603550408" + "130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E" + "301C060355040A13154D6963726F736F667420436F72706F726174696F6E3120" + "301E060355040B13172E4E4554204672616D65776F726B2028436F7265465829" + "31123010060355040313096C6F63616C686F7374301E170D3136303330323031" + "343830305A170D3137303330323031343830305A30818A310B30090603550406" + "13025553311330110603550408130A57617368696E67746F6E3110300E060355" + "040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420" + "436F72706F726174696F6E3120301E060355040B13172E4E4554204672616D65" + "776F726B2028436F726546582931123010060355040313096C6F63616C686F73" + "7430820124300D06092A864886F70D010101050003820111003082010C028201" + "0100AF81C1CBD8203F624A539ED6608175372393A2837D4890E48A19DED36973" + "115620968D6BE0D3DAA38AA777BE02EE0B6B93B724E8DCC12B632B4FA80BBC92" + "5BCE624F4CA7CC606306B39403E28C932D24DD546FFE4EF6A37F10770B2215EA" + "8CBB5BF427E8C4D89B79EB338375100C5F83E55DE9B4466DDFBEEE42539AEF33" + "EF187B7760C3B1A1B2103C2D8144564A0C1039A09C85CF6B5974EB516FC8D662" + "3C94AE3A5A0BB3B4C792957D432391566CF3E2A52AFB0C142B9E0681B8972671" + "AF2B82DD390A39B939CF719568687E4990A63050CA7768DCD6B378842F18FDB1" + "F6D9FF096BAF7BEB98DCF930D66FCFD503F58D41BFF46212E24E3AFC45EA42BD" + "884702050200000441A350304E301D0603551D0E0416041478A5C75D51667331" + "D5A96924114C9B5FA00D7BCB301F0603551D2304183016801478A5C75D516673" + "31D5A96924114C9B5FA00D7BCB300C0603551D13040530030101FF300D06092A" + "864886F70D01010B0500038201010077756D05FFA6ADFED5B6D4AFB540840C6D" + "01CF6B3FA6C973DFD61FCAA0A814FA1E2469019D94B1D856D07DD2B95B8550DF" + "D2085953A494B99EFCBAA7982CE771984F9D4A445FFEE062E8A049736A39FD99" + "4E1FDA0A5DC2B5B0E57A0B10C41BC7FE6A40B24F85977302593E60B98DD4811D" + "47D948EDF8D6E6B5AF80A1827496E20BFD240E467674504D4E4703331D64705C" + "36FB6E14BABFD9CBEEC44B33A8D7B36479900F3C5BBAB69C5E453D180783E250" + "8051B998C038E4622571D2AB891D898E5458828CF18679517D28DBCABF72E813" + "07BFD721B73DDB1751123F99D8FC0D533798C4DBD14719D5D8A85B00A144A367" + "677B48891A9B56F045334811BACB7A"; using (cert) { Assert.Equal(expectedHex, cert.RawData.ByteArrayToHex()); } }
public void ConstructorAsnEncodedData_Null() { X509Extension ex = new X509Extension((AsnEncodedData)null, true); }
public void CopyTo (X509Extension[] array, int index) { if (array == null) throw new ArgumentNullException ("array"); if (index < 0) throw new ArgumentOutOfRangeException ("negative index"); if (index >= array.Length) throw new ArgumentOutOfRangeException ("index >= array.Length"); _list.CopyTo (array, index); }
public AuthorityKeyIdentifierExtension(X509Extension extension) : base(extension) { }
public void Insert (int index, X509Extension extension) { if (extension == null) throw new ArgumentNullException ("extension"); InnerList.Insert (index, extension); }
public void Remove (X509Extension extension) { if (extension == null) throw new ArgumentNullException ("extension"); InnerList.Remove (extension); }
public int IndexOf (X509Extension extension) { if (extension == null) throw new ArgumentNullException ("extension"); for (int i=0; i < InnerList.Count; i++) { X509Extension ex = (X509Extension) InnerList [i]; if (ex.Equals (extension)) return i; } return -1; }
public void CopyTo (X509Extension[] extensions, int index) { if (extensions == null) throw new ArgumentNullException ("extensions"); InnerList.CopyTo (extensions, index); }
public NetscapeCertTypeExtension(X509Extension extension) : base(extension) { }
public static void ReadExtensions() { using (X509Certificate2 c = new X509Certificate2(TestData.MsCertificate)) { X509ExtensionCollection exts = c.Extensions; int count = exts.Count; Assert.Equal(6, count); X509Extension[] extensions = new X509Extension[count]; exts.CopyTo(extensions, 0); extensions = extensions.OrderBy(e => e.Oid.Value).ToArray(); // There are an awful lot of magic-looking values in this large test. // These values are embedded within the certificate, and the test is // just verifying the object interpretation. In the event the test data // (TestData.MsCertificate) is replaced, this whole body will need to be // redone. { // Authority Information Access X509Extension aia = extensions[0]; Assert.Equal("1.3.6.1.5.5.7.1.1", aia.Oid.Value); Assert.False(aia.Critical); byte[] expectedDer = ( "304c304a06082b06010505073002863e687474703a2f2f7777772e6d" + "6963726f736f66742e636f6d2f706b692f63657274732f4d6963436f" + "645369675043415f30382d33312d323031302e637274").HexToByteArray(); Assert.Equal(expectedDer, aia.RawData); } { // Subject Key Identifier X509Extension skid = extensions[1]; Assert.Equal("2.5.29.14", skid.Oid.Value); Assert.False(skid.Critical); byte[] expected = "04145971a65a334dda980780ff841ebe87f9723241f2".HexToByteArray(); Assert.Equal(expected, skid.RawData); Assert.True(skid is X509SubjectKeyIdentifierExtension); X509SubjectKeyIdentifierExtension rich = (X509SubjectKeyIdentifierExtension)skid; Assert.Equal("5971A65A334DDA980780FF841EBE87F9723241F2", rich.SubjectKeyIdentifier); } { // Subject Alternative Names X509Extension sans = extensions[2]; Assert.Equal("2.5.29.17", sans.Oid.Value); Assert.False(sans.Critical); byte[] expected = ( "3048a4463044310d300b060355040b13044d4f505231333031060355" + "0405132a33313539352b34666166306237312d616433372d34616133" + "2d613637312d373662633035323334346164").HexToByteArray(); Assert.Equal(expected, sans.RawData); } { // CRL Distribution Points X509Extension cdps = extensions[3]; Assert.Equal("2.5.29.31", cdps.Oid.Value); Assert.False(cdps.Critical); byte[] expected = ( "304d304ba049a0478645687474703a2f2f63726c2e6d6963726f736f" + "66742e636f6d2f706b692f63726c2f70726f64756374732f4d696343" + "6f645369675043415f30382d33312d323031302e63726c").HexToByteArray(); Assert.Equal(expected, cdps.RawData); } { // Authority Key Identifier X509Extension akid = extensions[4]; Assert.Equal("2.5.29.35", akid.Oid.Value); Assert.False(akid.Critical); byte[] expected = "30168014cb11e8cad2b4165801c9372e331616b94c9a0a1f".HexToByteArray(); Assert.Equal(expected, akid.RawData); } { // Extended Key Usage (X.509/2000 says Extended, Win32/NetFX say Enhanced) X509Extension eku = extensions[5]; Assert.Equal("2.5.29.37", eku.Oid.Value); Assert.False(eku.Critical); byte[] expected = "300a06082b06010505070303".HexToByteArray(); Assert.Equal(expected, eku.RawData); Assert.True(eku is X509EnhancedKeyUsageExtension); X509EnhancedKeyUsageExtension rich = (X509EnhancedKeyUsageExtension)eku; OidCollection usages = rich.EnhancedKeyUsages; Assert.Equal(1, usages.Count); Oid oid = usages[0]; // Code Signing Assert.Equal("1.3.6.1.5.5.7.3.3", oid.Value); } } }
public void ConstructorOid_RawNull() { X509Extension ex = new X509Extension(new Oid("1.2.3"), null, true); }
public void CopyTo(X509Extension[] array, int index);
public void ConstructorString_RawNull() { X509Extension ex = new X509Extension("1.2.3", null, true); }
/// <summary> /// Add a extension to the certificate in addition to the default extensions. /// </summary> /// <remarks> /// By default the following X509 extensions are added to a certificate, /// some depending on certificate type: /// CA/SubCA/OPC UA application: /// X509BasicConstraintsExtension /// X509SubjectKeyIdentifierExtension /// X509AuthorityKeyIdentifierExtension /// X509KeyUsageExtension /// OPC UA application: /// X509SubjectAltNameExtension /// X509EnhancedKeyUsageExtension /// </remarks> /// <param name="extension"></param> /// <returns></returns> public virtual ICertificateBuilder AddExtension(X509Extension extension) { m_extensions.Add(extension); return(this); }
public override string ToString() { StringBuilder buf = new StringBuilder(); string nl = Platform.NewLine; buf.Append(" userCertificate: ").Append(this.SerialNumber).Append(nl); buf.Append(" revocationDate: ").Append(this.RevocationDate).Append(nl); buf.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(nl); X509Extensions extensions = c.Extensions; if (extensions != null) { IEnumerator e = extensions.ExtensionOids.GetEnumerator(); if (e.MoveNext()) { buf.Append(" crlEntryExtensions:").Append(nl); do { DerObjectIdentifier oid = (DerObjectIdentifier)e.Current; X509Extension ext = extensions.GetExtension(oid); if (ext.Value != null) { Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets()); buf.Append(" critical(") .Append(ext.IsCritical) .Append(") "); try { if (oid.Equals(X509Extensions.ReasonCode)) { buf.Append(new CrlReason(DerEnumerated.GetInstance(obj))); } else if (oid.Equals(X509Extensions.CertificateIssuer)) { buf.Append("Certificate issuer: ").Append( GeneralNames.GetInstance((Asn1Sequence)obj)); } else { buf.Append(oid.Id); buf.Append(" value = ").Append(Asn1Dump.DumpAsString(obj)); } buf.Append(nl); } catch (Exception) { buf.Append(oid.Id); buf.Append(" value = ").Append("*****").Append(nl); } } else { buf.Append(nl); } }while (e.MoveNext()); } } return(buf.ToString()); }
public void ConstructorOid_Null() { X509Extension ex = new X509Extension((Oid)null, new byte[] { 0x30, 0x01 }, true); }
/// <summary> /// Create the X509 extensions to build the certificate. /// </summary> /// <param name="request"></param> private void CreateX509Extensions(CertificateRequest request) { // Basic Constraints X509BasicConstraintsExtension bc = GetBasicContraints(); request.CertificateExtensions.Add(bc); // Subject Key Identifier var ski = new X509SubjectKeyIdentifierExtension( request.PublicKey, X509SubjectKeyIdentifierHashAlgorithm.Sha1, false); request.CertificateExtensions.Add(ski); // Authority Key Identifier X509Extension authorityKeyIdentifier = IssuerCAKeyCert != null ? X509Extensions.BuildAuthorityKeyIdentifier(IssuerCAKeyCert) : new X509AuthorityKeyIdentifierExtension( ski.SubjectKeyIdentifier.FromHexString(), SubjectName, m_serialNumber ); request.CertificateExtensions.Add(authorityKeyIdentifier); X509KeyUsageFlags keyUsageFlags; if (m_isCA) { keyUsageFlags = X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.CrlSign; } else { // Key Usage keyUsageFlags = X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.KeyEncipherment; if (IssuerCAKeyCert == null) { // self signed case keyUsageFlags |= X509KeyUsageFlags.KeyCertSign; } } request.CertificateExtensions.Add( new X509KeyUsageExtension( keyUsageFlags, true)); if (!m_isCA) { // Enhanced key usage request.CertificateExtensions.Add( new X509EnhancedKeyUsageExtension( new OidCollection { new Oid(Oids.ServerAuthentication), new Oid(Oids.ClientAuthentication) }, true)); } foreach (var extension in m_extensions) { request.CertificateExtensions.Add(extension); } }
public void ConstructorString_Null() { X509Extension ex = new X509Extension((string)null, new byte[] { 0x30, 0x01 }, true); }
public bool Contains (X509Extension extension) { return (IndexOf (extension) != -1); }
public void ConstructorAsnEncodedData_WithNullOid() { AsnEncodedData aed = new AsnEncodedData(new byte[] { 0x30, 0x05, 0x06, 0x03, 0x2A, 0x03, 0x04 }); X509Extension eku = new X509Extension(aed, true); }
/// <summary> /// Initializes a new instance of the <see cref="X509ExtensionWrapper"/> class. /// </summary> /// <param name="extension">The extension.</param> protected X509ExtensionWrapper(X509Extension extension) { x509ext = extension; }
public SubjectAltNameExtension(X509Extension extension) : base(extension) { }
/// <summary> /// Initializes a new instance of the <see cref="X509ExtensionWrapper"/> class. /// </summary> /// <param name="extension">The extension.</param> public X509SimpleExtensionWrapper(X509Extension extension) : base(extension) { x509 = extension; }
public KeyUsageExtension(X509Extension extension) : base(extension) { }
public void CheckAttributeCertificate( int id, byte[] cert) { Asn1Sequence seq = (Asn1Sequence)Asn1Object.FromByteArray(cert); string dump = Asn1Dump.DumpAsString(seq); AttributeCertificate obj = AttributeCertificate.GetInstance(seq); AttributeCertificateInfo acInfo = obj.ACInfo; // Version if (!(acInfo.Version.Equals(new DerInteger(1))) && (!(acInfo.Version.Equals(new DerInteger(2))))) { Fail("failed AC Version test for id " + id); } // Holder Holder h = acInfo.Holder; if (h == null) { Fail("failed AC Holder test, it's null, for id " + id); } // Issuer AttCertIssuer aci = acInfo.Issuer; if (aci == null) { Fail("failed AC Issuer test, it's null, for id " + id); } // Signature AlgorithmIdentifier sig = acInfo.Signature; if (sig == null) { Fail("failed AC Signature test for id " + id); } // Serial DerInteger serial = acInfo.SerialNumber; // Validity AttCertValidityPeriod validity = acInfo.AttrCertValidityPeriod; if (validity == null) { Fail("failed AC AttCertValidityPeriod test for id " + id); } // Attributes Asn1Sequence attribSeq = acInfo.Attributes; AttributeX509[] att = new AttributeX509[attribSeq.Count]; for (int i = 0; i < attribSeq.Count; i++) { att[i] = AttributeX509.GetInstance(attribSeq[i]); } // IssuerUniqueId // TODO, how to best test? // X509 Extensions X509Extensions ext = acInfo.Extensions; if (ext != null) { foreach (DerObjectIdentifier oid in ext.ExtensionOids) { X509Extension extVal = ext.GetExtension(oid); } } }
public PrivateKeyUsagePeriodExtension(X509Extension extension) : base(extension) { }
public KeyAttributesExtension(X509Extension extension) : base(extension) { }
public override string ToString() { StringBuilder builder = new StringBuilder(); string newLine = Platform.NewLine; builder.Append(" [0] Version: ").Append(this.Version).Append(newLine); builder.Append(" SerialNumber: ").Append(this.SerialNumber).Append(newLine); builder.Append(" IssuerDN: ").Append(this.IssuerDN).Append(newLine); builder.Append(" Start Date: ").Append(this.NotBefore).Append(newLine); builder.Append(" Final Date: ").Append(this.NotAfter).Append(newLine); builder.Append(" SubjectDN: ").Append(this.SubjectDN).Append(newLine); builder.Append(" Public Key: ").Append(this.GetPublicKey()).Append(newLine); builder.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(newLine); byte[] signature = this.GetSignature(); builder.Append(" Signature: ").Append(Hex.ToHexString(signature, 0, 20)).Append(newLine); for (int i = 20; i < signature.Length; i += 20) { int length = Math.Min(20, signature.Length - i); builder.Append(" ").Append(Hex.ToHexString(signature, i, length)).Append(newLine); } X509Extensions extensions = this.c.TbsCertificate.Extensions; if (extensions != null) { IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator(); if (enumerator.MoveNext()) { builder.Append(" Extensions: \n"); } do { DerObjectIdentifier current = (DerObjectIdentifier)enumerator.Current; X509Extension extension = extensions.GetExtension(current); if (extension.Value != null) { Asn1Object obj2 = Asn1Object.FromByteArray(extension.Value.GetOctets()); builder.Append(" critical(").Append(extension.IsCritical).Append(") "); try { if (current.Equals(X509Extensions.BasicConstraints)) { builder.Append(BasicConstraints.GetInstance(obj2)); } else if (current.Equals(X509Extensions.KeyUsage)) { builder.Append(KeyUsage.GetInstance(obj2)); } else if (current.Equals(MiscObjectIdentifiers.NetscapeCertType)) { builder.Append(new NetscapeCertType((DerBitString)obj2)); } else if (current.Equals(MiscObjectIdentifiers.NetscapeRevocationUrl)) { builder.Append(new NetscapeRevocationUrl((DerIA5String)obj2)); } else if (current.Equals(MiscObjectIdentifiers.VerisignCzagExtension)) { builder.Append(new VerisignCzagExtension((DerIA5String)obj2)); } else { builder.Append(current.Id); builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2)); } } catch (Exception) { builder.Append(current.Id); builder.Append(" value = ").Append("*****"); } } builder.Append(newLine); }while (enumerator.MoveNext()); } return(builder.ToString()); }
private static void RunTest( string targetName, string subjectCN, IList <string> sanDnsNames, bool flattenCase, bool expectedResult) { using (RSA rsa = RSA.Create(TestData.RsaBigExponentParams)) { CertificateRequest request = new CertificateRequest( $"CN={FixCase(subjectCN, flattenCase)}, O=.NET Framework (CoreFX)", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); request.CertificateExtensions.Add( new X509KeyUsageExtension( X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.DigitalSignature, false)); if (sanDnsNames != null) { var builder = new SubjectAlternativeNameBuilder(); foreach (string sanDnsName in sanDnsNames) { builder.AddDnsName(sanDnsName); } X509Extension extension = builder.Build(); // The SAN builder will have done DNS case normalization via IdnMapping. // We need to undo that here. if (!flattenCase) { UTF8Encoding encoding = new UTF8Encoding(); byte[] extensionBytes = extension.RawData; Span <byte> extensionSpan = extensionBytes; foreach (string sanDnsName in sanDnsNames) { // If the string is longer than 127 then the quick DER encoding check // is not correct. Assert.InRange(sanDnsName.Length, 1, 127); byte[] lowerBytes = encoding.GetBytes(sanDnsName.ToLowerInvariant()); byte[] mixedBytes = encoding.GetBytes(sanDnsName); // Only 7-bit ASCII should be here, no byte expansion. // (non-7-bit ASCII values require IdnMapping normalization) Assert.Equal(sanDnsName.Length, lowerBytes.Length); Assert.Equal(sanDnsName.Length, mixedBytes.Length); int idx = extensionSpan.IndexOf(lowerBytes); while (idx >= 0) { if (idx < 2 || extensionBytes[idx - 2] != 0x82 || extensionBytes[idx - 1] != sanDnsName.Length) { int relativeIdx = extensionSpan.Slice(idx + 1).IndexOf(lowerBytes); idx = idx + 1 + relativeIdx; continue; } mixedBytes.AsSpan().CopyTo(extensionSpan.Slice(idx)); break; } } extension.RawData = extensionBytes; } request.CertificateExtensions.Add(extension); } DateTimeOffset start = DateTimeOffset.UtcNow.AddYears(-1); DateTimeOffset end = start.AddYears(1); using (X509Certificate2 cert = request.CreateSelfSigned(start, end)) { bool isMatch = CheckHostname(cert, targetName); string lowerTarget = targetName.ToLowerInvariant(); bool isLowerMatch = CheckHostname(cert, lowerTarget); if (expectedResult) { Assert.True(isMatch, $"{targetName} matches"); Assert.True(isLowerMatch, $"{lowerTarget} (lowercase) matches"); } else { Assert.False(isMatch, $"{targetName} matches"); Assert.False(isLowerMatch, $"{lowerTarget} (lowercase) matches"); } } } }
// public void setBagAttribute( // DERObjectIdentifier oid, // DEREncodable attribute) // { // pkcs12Attributes.put(oid, attribute); // pkcs12Ordering.addElement(oid); // } // // public DEREncodable getBagAttribute( // DERObjectIdentifier oid) // { // return (DEREncodable)pkcs12Attributes.get(oid); // } // // public Enumeration getBagAttributeKeys() // { // return pkcs12Ordering.elements(); // } public override string ToString() { StringBuilder buf = new StringBuilder(); string nl = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.NewLine; buf.Append(" [0] Version: ").Append(this.Version).Append(nl); buf.Append(" SerialNumber: ").Append(this.SerialNumber).Append(nl); buf.Append(" IssuerDN: ").Append(this.IssuerDN).Append(nl); buf.Append(" Start Date: ").Append(this.NotBefore).Append(nl); buf.Append(" Final Date: ").Append(this.NotAfter).Append(nl); buf.Append(" SubjectDN: ").Append(this.SubjectDN).Append(nl); buf.Append(" Public Key: ").Append(this.GetPublicKey()).Append(nl); buf.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(nl); byte[] sig = this.GetSignature(); buf.Append(" Signature: ").Append(Hex.ToHexString(sig, 0, 20)).Append(nl); for (int i = 20; i < sig.Length; i += 20) { int len = System.Math.Min(20, sig.Length - i); buf.Append(" ").Append(Hex.ToHexString(sig, i, len)).Append(nl); } X509Extensions extensions = c.TbsCertificate.Extensions; if (extensions != null) { IEnumerator e = extensions.ExtensionOids.GetEnumerator(); if (e.MoveNext()) { buf.Append(" Extensions: \n"); } do { DerObjectIdentifier oid = (DerObjectIdentifier)e.Current; X509Extension ext = extensions.GetExtension(oid); if (ext.Value != null) { byte[] octs = ext.Value.GetOctets(); Asn1Object obj = Asn1Object.FromByteArray(octs); buf.Append(" critical(").Append(ext.IsCritical).Append(") "); try { if (oid.Equals(X509Extensions.BasicConstraints)) { buf.Append(BasicConstraints.GetInstance(obj)); } else if (oid.Equals(X509Extensions.KeyUsage)) { buf.Append(KeyUsage.GetInstance(obj)); } else if (oid.Equals(MiscObjectIdentifiers.NetscapeCertType)) { buf.Append(new NetscapeCertType((DerBitString)obj)); } else if (oid.Equals(MiscObjectIdentifiers.NetscapeRevocationUrl)) { buf.Append(new NetscapeRevocationUrl((DerIA5String)obj)); } else if (oid.Equals(MiscObjectIdentifiers.VerisignCzagExtension)) { buf.Append(new VerisignCzagExtension((DerIA5String)obj)); } else { buf.Append(oid.Id); buf.Append(" value = ").Append(Asn1Dump.DumpAsString(obj)); //buf.Append(" value = ").Append("*****").Append(nl); } } catch (Exception) { buf.Append(oid.Id); //buf.Append(" value = ").Append(new string(Hex.encode(ext.getValue().getOctets()))).Append(nl); buf.Append(" value = ").Append("*****"); } } buf.Append(nl); }while (e.MoveNext()); } return(buf.ToString()); }
public int Add(X509Extension extension);
public SubjectKeyIdentifierExtension(X509Extension extension) : base(extension) { }
// methods public int Add (X509Extension extension) { if (extension == null) throw new ArgumentNullException ("extension"); return _list.Add (extension); }
EsitoVerifica controllaCrlCert(X509Certificate cert, string cachePath, bool force = false) { //usiamo l'ev solo per i dati di revoca EsitoVerifica ev = new EsitoVerifica(); string CN = cert.SubjectDN.GetValues(X509Name.CN).Cast <string>().FirstOrDefault(); string SN = cert.SubjectDN.GetValues(X509Name.SerialNumber).Cast <string>().FirstOrDefault(); X509Extensions ex = X509Extensions.GetInstance(cert.CertificateStructure.TbsCertificate.Extensions); X509Extension e = ex.GetExtension(X509Extensions.CrlDistributionPoints); if (e == null) { string msg = "CRL distribution points NOT PRESENT in certificate structure"; logger.Debug(msg); ev.status = EsitoVerificaStatus.ErroreGenerico; ev.errorCode = "1411";//nonposso scaricare la CRL ev.message = msg; return(ev); } var crldp = CrlDistPoint.GetInstance(e.GetParsedValue()); List <String> certDpUrlLst = GetCrlDistribtionPoints(crldp); ev.status = EsitoVerificaStatus.Valid; ev.SubjectCN = CN; ev.SubjectDN = SN; int downloadsTrials = 0; List <String> errorLst = new List <string>(); foreach (string url in certDpUrlLst) { try { Uri tryUri = new Uri(url); } catch { logger.ErrorFormat("Unable to download/process CRL URL : {0}", url); continue; } try { X509Crl rootCrl = retreiveCrlUrl(url, cachePath, force); downloadsTrials++; if (rootCrl.IsRevoked(cert)) { X509CrlEntry entry = rootCrl.GetRevokedCertificate(cert.CertificateStructure.SerialNumber.Value); ev.dataRevocaCertificato = entry.RevocationDate; logger.DebugFormat("Certificate {0} : {1} with serial {2} is Revoked on {3}", CN, SN, BitConverter.ToString(entry.SerialNumber.ToByteArray()), ev.dataRevocaCertificato); ev.content = entry.SerialNumber.ToByteArray(); ev.errorCode = "1408"; ev.status = EsitoVerificaStatus.Revoked; break; } } catch (Exception exc) { logger.ErrorFormat("Unable to download/process CRL message {0} stack {1} on Download Trial {2}", exc.Message, exc.StackTrace, downloadsTrials); errorLst.Add(exc.Message); } } string ErrorMessage = string.Empty; if ((errorLst.Count > 0) && downloadsTrials == 0) { foreach (string s in errorLst) { ErrorMessage += s + " | "; } } if (!string.IsNullOrEmpty(ErrorMessage)) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.errorCode = "1411";//nonposso scaricare la CRL ev.message = "Unable to download/process CRL message:" + ErrorMessage; } return(ev); }
internal X509ExtensionCollection (MX.X509Certificate cert) { _list = new ArrayList (cert.Extensions.Count); if (cert.Extensions.Count == 0) return; object[] parameters = new object [2]; foreach (MX.X509Extension ext in cert.Extensions) { bool critical = ext.Critical; string oid = ext.Oid; byte[] raw_data = null; // extension data is embedded in an octet stream (4) ASN1 value = ext.Value; if ((value.Tag == 0x04) && (value.Count > 0)) raw_data = value [0].GetBytes (); X509Extension newt = null; #if FULL_AOT_RUNTIME // non-extensible switch (oid) { case "2.5.29.14": newt = new X509SubjectKeyIdentifierExtension (new AsnEncodedData (oid, raw_data), critical); break; case "2.5.29.15": newt = new X509KeyUsageExtension (new AsnEncodedData (oid, raw_data), critical); break; case "2.5.29.19": newt = new X509BasicConstraintsExtension (new AsnEncodedData (oid, raw_data), critical); break; case "2.5.29.37": newt = new X509EnhancedKeyUsageExtension (new AsnEncodedData (oid, raw_data), critical); break; } #else parameters [0] = new AsnEncodedData (oid, raw_data ?? Empty); parameters [1] = critical; newt = (X509Extension) CryptoConfig.CreateFromName (oid, parameters); #endif if (newt == null) { // not registred in CryptoConfig, using default newt = new X509Extension (oid, raw_data ?? Empty, critical); } _list.Add (newt); } }
public CertificatePoliciesExtension(X509Extension extension) : base(extension) { }