public void ConstructorAsnEncodedData_BadAsnLength() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x01 }); X509Extension ex = new X509Extension(aed, true); Assert.AreEqual("30 01", ex.Format(true), "Format(true)"); Assert.AreEqual("30 01", ex.Format(false), "Format(false)"); // no exception for an bad (invalid length) extension }
public void ConstructorAsnEncodedData_BadAsn() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]); X509Extension ex = new X509Extension(aed, true); Assert.AreEqual(String.Empty, ex.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, ex.Format(false), "Format(false)"); // no exception for an "empty" extension }
public void ConstructorAsnEncodedData_BadAsnTag() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x05, 0x00 }); X509Extension ex = new X509Extension(aed, true); Assert.AreEqual("05 00", ex.Format(true), "Format(true)"); Assert.AreEqual("05 00", ex.Format(false), "Format(false)"); // no exception for an "unknown" (ASN.1 NULL) extension }
void processCert() { X509Extension san = srv.Certificate.Extensions["2.5.29.17"]; if (san != null) { srv.Log.Add($"Found Subject Alternative Names extension in the certificate.{_nl}"); srv.Log.Add($"Fetching SAN values:{_nl}"); srv.Log.Add(san.Format(true) + _nl); foreach (String name in san.Format(false).Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries)) { srv.SAN.Add(name); } } }
void readAltNames() { X509Extension san = NativeEntry.Certificate.Extensions[EXT_SAN]; if (san != null) { NativeEntry.Log.AppendLine("Found Subject Alternative Names extension in the certificate."); NativeEntry.Log.AppendLine("Fetching SAN values:"); NativeEntry.Log.AppendLine(san.Format(true)); foreach (String name in san.Format(false) .Split(new[] { ", " }, StringSplitOptions.RemoveEmptyEntries)) { NativeEntry.SAN.Add(name); } } }
public void DecodeExtensions( CertificateAsset certAsset ) { var x509Cert = new X509Certificate2(certAsset.Cert); Assert.NotNull(x509Cert); TestContext.Out.WriteLine($"CertificateAsset:"); TestContext.Out.WriteLine(x509Cert); var altName = X509Extensions.FindExtension <X509SubjectAltNameExtension>(x509Cert); if (altName != null) { TestContext.Out.WriteLine($"X509SubjectAltNameExtension:"); TestContext.Out.WriteLine(altName?.Format(true)); var ext = new X509Extension(altName.Oid, altName.RawData, altName.Critical); TestContext.Out.WriteLine(ext.Format(true)); } var authority = X509Extensions.FindExtension <X509AuthorityKeyIdentifierExtension>(x509Cert); if (authority != null) { TestContext.Out.WriteLine($"X509AuthorityKeyIdentifierExtension:"); TestContext.Out.WriteLine(authority?.Format(true)); var ext = new X509Extension(authority.Oid, authority.RawData, authority.Critical); TestContext.Out.WriteLine(ext.Format(true)); } TestContext.Out.WriteLine($"All extensions:"); foreach (var extension in x509Cert.Extensions) { TestContext.Out.WriteLine(extension.Format(true)); } }
private string RecuperarCNPJ(byte[] RawData) { try { System.Security.Cryptography.X509Certificates.X509Certificate2 certificado = new System.Security.Cryptography.X509Certificates.X509Certificate2(RawData); // OID "2.5.29.17" - OtherName X509Extension extension = certificado.Extensions["2.5.29.17"]; if (extension != null) { string otherName = extension.Format(false); if (!string.IsNullOrEmpty(otherName) && (otherName.Contains("2.16.76.1.3.3"))) { int offset = otherName.IndexOf("2.16.76.1.3.3="); offset += 14; int endPos = otherName.IndexOf(",", offset); string cnpjEncValue = otherName.Substring(offset, endPos - offset); List <byte> byteArrayCnpj = new List <byte>(); foreach (string token in cnpjEncValue.Split(' ')) { byte value = byte.Parse(token, System.Globalization.NumberStyles.HexNumber); // Valores em hexadecimal / decimal para os caracteres // -: 2d / 45 // .: 2e / 46 // /: 2f / 47 // 0-9: 30-39 / 48-57 if ((value >= 48) && (value <= 57)) { byteArrayCnpj.Add(value); } } string valor = ASCIIEncoding.ASCII.GetString(byteArrayCnpj.ToArray()); if (byteArrayCnpj.Count == 14 && Funcoes.ValidarCNPJ(valor)) { return(ASCIIEncoding.ASCII.GetString(byteArrayCnpj.ToArray())); } else { return(""); } } else { return(""); } } else { return(""); } } catch (Exception ex) { return(""); } }
// static initializer runs only when one of the properties is accessed #pragma warning disable SA1201 // Elements should appear in the correct order static X509SubjectAlternativeNameConstants() #pragma warning restore SA1201 // Elements should appear in the correct order { // Extracted a well-known X509Extension var x509ExtensionBytes = new byte[] { 48, 36, 130, 21, 110, 111, 116, 45, 114, 101, 97, 108, 45, 115, 117, 98, 106, 101, 99, 116, 45, 110, 97, 109, 101, 130, 11, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109 }; const string subjectName1 = "not-real-subject-name"; try { var x509Extension = new X509Extension(Oid, x509ExtensionBytes, true); var x509ExtensionFormattedString = x509Extension.Format(false); // Each OS has a different dNSName identifier and delimiter // On Windows, dNSName == "DNS Name" (localizable), on Linux, dNSName == "DNS" // e.g., // Windows: x509ExtensionFormattedString is: "DNS Name=not-real-subject-name, DNS Name=example.com" // Linux: x509ExtensionFormattedString is: "DNS:not-real-subject-name, DNS:example.com" // Parse: <identifier><delimter><value><separator(s)> var delimiterIndex = x509ExtensionFormattedString.IndexOf(subjectName1, StringComparison.Ordinal) - 1; s_delimiter = x509ExtensionFormattedString[delimiterIndex]; // Make an assumption that all characters from the the start of string to the delimiter // are part of the identifier s_identifier = x509ExtensionFormattedString.Substring(0, delimiterIndex); var separatorFirstChar = delimiterIndex + subjectName1.Length + 1; var separatorLength = 1; for (var i = separatorFirstChar + 1; i < x509ExtensionFormattedString.Length; i++) { // We advance until the first character of the identifier to determine what the // separator is. This assumes that the identifier assumption above is correct if (x509ExtensionFormattedString[i] == s_identifier[0]) { break; } separatorLength++; } s_separator = x509ExtensionFormattedString.Substring(separatorFirstChar, separatorLength); s_successfullyInitialized = true; } catch (Exception ex) { s_successfullyInitialized = false; s_initializationException = ex; } }
private static void ObterExtensions(X509Certificate2 x509, TOCertificadoDigital certEntidade) { X509Extension extension = x509.Extensions["2.5.29.17"]; if (extension != null) { string otherName = extension.Format(false); if (!string.IsNullOrEmpty(otherName) && (otherName.Contains("2.16.76.1.3.1") || otherName.Contains("2.16.76.1.3.4"))) { int offset; if (otherName.Contains("2.16.76.1.3.1")) { offset = otherName.IndexOf("2.16.76.1.3.1="); } else { offset = otherName.IndexOf("2.16.76.1.3.4="); } offset += 14; int endPos = otherName.IndexOf(",", offset); string cpfEncValue; if (endPos == -1) { cpfEncValue = otherName.Substring(offset); } else { cpfEncValue = otherName.Substring(offset, endPos - offset); } List <byte> byteArrayCpf = new List <byte>(); string[] tokens = cpfEncValue.Split(' '); for (int i = 10; i < 21; i++) { byte value = byte.Parse(tokens[i], System.Globalization.NumberStyles.HexNumber); if ((value >= 48) && (value <= 57)) { byteArrayCpf.Add(value); } } certEntidade.CPF = ASCIIEncoding.ASCII.GetString(byteArrayCpf.ToArray()).PadLeft(14, 'X'); certEntidade.DataNascimento = ExtrairDataNascimento(tokens); certEntidade.IdentificacaoSocial = ExtrairIdentificacaoSocial(tokens); certEntidade.RG = ExtrairRG(tokens); } } }
public static bool CertificateCheckSubjectAlternativeNames(X509Extension extensions, string hostName) { if (extensions != null) { string[] strArrays = Regex.Split(extensions.Format(true), Environment.NewLine); string[] strArrays1 = strArrays; for (int i = 0; i < (int)strArrays1.Length; i++) { string str = strArrays1[i]; if (!string.IsNullOrEmpty(str)) { string[] strArrays2 = str.Trim().Split(new char[] { '=' }); if (strArrays2[0].Trim().Equals("DNS Name") && LenientDnsIdentityVerifier.CheckTopLevelDomainCompatibleness(strArrays2[1].Trim(), hostName)) { return(true); } } } } return(false); }
private TipoCertificado RecuperarTipoCertificado(byte[] RawData) { System.Security.Cryptography.X509Certificates.X509Certificate2 certificado = new System.Security.Cryptography.X509Certificates.X509Certificate2(RawData); // OID "2.5.29.17" - OtherName X509Extension extension = certificado.Extensions["2.5.29.17"]; if (extension != null) { string otherName = extension.Format(false); if (!string.IsNullOrEmpty(otherName) && (otherName.Contains("2.16.76.1.3.1"))) { return(TipoCertificado.eCPF); } else if (!string.IsNullOrEmpty(otherName) && (otherName.Contains("2.16.76.1.3.3"))) { return(TipoCertificado.eCNPJ); } } return(TipoCertificado.Null); }
private static int ListCertificates(string[] args) { if (args.Length < 2) { Console.WriteLine("Must specify the distinguished name of the user"); return(1); } string userDN = args[1]; UserPrincipal user = UserPrincipal.FindByIdentity(ctx, IdentityType.DistinguishedName, userDN); if (null == user) { Console.WriteLine("No user found with DN: " + userDN); return(1); } if (0 == user.Certificates.Count) { Console.WriteLine("Found user in AD, but the user has no certificates"); return(0); } foreach (X509Certificate2 cert in user.Certificates) { Console.WriteLine(); Console.WriteLine(cert.SerialNumber); Console.WriteLine(" Subject: " + cert.Subject); X509Extension certTemplate = Program.GetCertificateTemplateExtension(cert); if (null != certTemplate) { Console.WriteLine(" Template: " + certTemplate.Format(false)); } } return(0); }
// static initializer will run before properties are accessed static X509SubjectAlternativeNameConstants() { // Extracted a well-known X509Extension byte[] x509ExtensionBytes = new byte[] { 48, 36, 130, 21, 110, 111, 116, 45, 114, 101, 97, 108, 45, 115, 117, 98, 106, 101, 99, 116, 45, 110, 97, 109, 101, 130, 11, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109 }; const string subjectName = "not-real-subject-name"; string x509ExtensionFormattedString = string.Empty; try { X509Extension x509Extension = new X509Extension(SanOid, x509ExtensionBytes, true); x509ExtensionFormattedString = x509Extension.Format(false); // Each OS has a different dNSName identifier and delimiter // On Windows, dNSName == "DNS Name" (localizable), on Linux, dNSName == "DNS" // e.g., // Windows: x509ExtensionFormattedString is: "DNS Name=not-real-subject-name, DNS Name=example.com" // Linux: x509ExtensionFormattedString is: "DNS:not-real-subject-name, DNS:example.com" // Parse: <identifier><delimiter><value><separator(s)> int delimiterIndex = x509ExtensionFormattedString.IndexOf(subjectName) - 1; Delimiter = x509ExtensionFormattedString[delimiterIndex]; // Make an assumption that all characters from the the start of string to the delimiter // are part of the identifier Identifier = x509ExtensionFormattedString.Substring(0, delimiterIndex); int separatorFirstChar = delimiterIndex + subjectName.Length + 1; int separatorLength = 1; for (int i = separatorFirstChar + 1; i < x509ExtensionFormattedString.Length; i++) { // We advance until the first character of the identifier to determine what the // separator is. This assumes that the identifier assumption above is correct if (x509ExtensionFormattedString[i] == Identifier[0]) { break; } separatorLength++; } Separator = x509ExtensionFormattedString.Substring(separatorFirstChar, separatorLength); SeparatorArray = new string[1] { Separator }; SuccessfullyInitialized = true; } catch (Exception ex) { SuccessfullyInitialized = false; DiagnosticUtility.TraceHandledException( new FormatException(string.Format(CultureInfo.InvariantCulture, "There was an error parsing the SubjectAlternativeNames: '{0}'. See inner exception for more details.{1}Detected values were: Identifier: '{2}'; Delimiter:'{3}'; Separator:'{4}'", x509ExtensionFormattedString, Environment.NewLine, Identifier, Delimiter, Separator), ex), TraceEventType.Warning); } }
/// <summary> /// Creates a new instance of the RequestAuthHandler class. /// </summary> public RequestAuthHandler() { this.ClientCertificateOptions = ClientCertificateOption.Automatic; this.UseDefaultCredentials = false; this.UseProxy = false; this.ServerCertificateValidationCallback = delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { if (sslPolicyErrors == SslPolicyErrors.None) { return(true); } if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateNameMismatch) != 0) { if (sender is HttpWebRequest) { var request2 = sender as HttpWebRequest; var requestUri = request2.RequestUri; if (requestUri.HostNameType == UriHostNameType.IPv4 || requestUri.HostNameType == UriHostNameType.IPv6 || requestUri.HostNameType == UriHostNameType.Dns) { X509Extension ext2 = (certificate as X509Certificate2).Extensions["Subject Alternative Name"]; if (ext2 != null) { string subjAltName = ext2.Format(false); if (subjAltName.IndexOf(requestUri.Host, StringComparison.OrdinalIgnoreCase) == -1) { return(false); } } else { return(false); } } else { return(false); } } else if (sender is SslStream) { //nothing to do, fall through } else { return(false); } } if ((sslPolicyErrors & System.Net.Security.SslPolicyErrors.RemoteCertificateChainErrors) != 0) { if (chain != null && chain.ChainStatus != null) { foreach (System.Security.Cryptography.X509Certificates.X509ChainStatus status in chain.ChainStatus) { if (status.Status == System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.UntrustedRoot) { // Self-signed certificates with an untrusted root are valid. continue; } else { if (status.Status != System.Security.Cryptography.X509Certificates.X509ChainStatusFlags.NoError) { // If there are any other errors in the certificate chain, the certificate is invalid, // so the method returns false. return(false); } } } return(true); } } return(false); }; }