public PkixBuilderParameters(
ISet trustAnchors,
IX509Selector targetConstraints)
: base(trustAnchors)
{
SetTargetCertConstraints(targetConstraints);
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <remarks>
/// Gets the private key based on the provided selector.
/// </remarks>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey(IX509Selector selector)
{
var store = new X509Store(StoreName.My, StoreLocation);
store.Open(OpenFlags.ReadOnly);
try {
foreach (var certificate in store.Certificates)
{
if (!certificate.HasPrivateKey)
{
continue;
}
var cert = DotNetUtilities.FromX509Certificate(certificate);
if (selector == null || selector.Match(cert))
{
var pair = DotNetUtilities.GetKeyPair(certificate.PrivateKey);
return(pair.Private);
}
}
} finally {
store.Close();
}
return(null);
}
/// <summary>
/// Finds the private keys matching the specified selector.
/// </summary>
/// <remarks>
/// Searches the database for certificate records matching the selector, returning the
/// private keys for each matching record.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match selector or <c>null</c> to return all private keys.</param>
public IEnumerable <AsymmetricKeyParameter> FindPrivateKeys(IX509Selector selector)
{
using (var command = GetSelectCommand(selector, false, true, PrivateKeyFields)) {
var reader = command.ExecuteReader();
try {
var parser = new X509CertificateParser();
var buffer = new byte[4096];
while (reader.Read())
{
var record = LoadCertificateRecord(reader, parser, ref buffer);
if (selector == null || selector.Match(record.Certificate))
{
yield return(record.PrivateKey);
}
}
} finally {
#if NETSTANDARD
reader.Dispose();
#else
reader.Close();
#endif
}
}
yield break;
}
public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters pkixParams)
{
//IL_002d: Unknown result type (might be due to invalid IL or missing references)
IX509Selector targetConstraints = pkixParams.GetTargetConstraints();
if (!(targetConstraints is X509AttrCertStoreSelector))
{
throw new ArgumentException("TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).get_FullName(), "pkixParams");
}
IX509AttributeCertificate attributeCert = ((X509AttrCertStoreSelector)targetConstraints).AttributeCert;
PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attributeCert, pkixParams);
PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
X509Certificate x509Certificate = (X509Certificate)certPath.Certificates.get_Item(0);
Rfc3281CertPathUtilities.ProcessAttrCert3(x509Certificate, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert4(x509Certificate, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert5(attributeCert, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert7(attributeCert, certPath, holderCertPath, pkixParams);
Rfc3281CertPathUtilities.AdditionalChecks(attributeCert, pkixParams);
global::System.DateTime validCertDateFromValidityModel;
try
{
validCertDateFromValidityModel = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
}
catch (global::System.Exception cause)
{
throw new PkixCertPathValidatorException("Could not get validity date from attribute certificate.", cause);
}
Rfc3281CertPathUtilities.CheckCrls(attributeCert, pkixParams, x509Certificate, validCertDateFromValidityModel, certPath.Certificates);
return(result);
}
public PkixBuilderParameters(
ISet trustAnchors,
IX509Selector targetConstraints)
: base(trustAnchors)
{
SetTargetCertConstraints(targetConstraints);
}
/**
* Method to support <code>Clone()</code> under J2ME.
* <code>super.Clone()</code> does not exist and fields are not copied.
*
* @param params Parameters to set. If this are
* <code>ExtendedPkixParameters</code> they are copied to.
*/
protected virtual void SetParams(
PkixParameters parameters)
{
Date = parameters.Date;
SetCertPathCheckers(parameters.GetCertPathCheckers());
IsAnyPolicyInhibited = parameters.IsAnyPolicyInhibited;
IsExplicitPolicyRequired = parameters.IsExplicitPolicyRequired;
IsPolicyMappingInhibited = parameters.IsPolicyMappingInhibited;
IsRevocationEnabled = parameters.IsRevocationEnabled;
SetInitialPolicies(parameters.GetInitialPolicies());
IsPolicyQualifiersRejected = parameters.IsPolicyQualifiersRejected;
SetTargetCertConstraints(parameters.GetTargetCertConstraints());
SetTrustAnchors(parameters.GetTrustAnchors());
validityModel = parameters.validityModel;
useDeltas = parameters.useDeltas;
additionalLocationsEnabled = parameters.additionalLocationsEnabled;
selector = parameters.selector == null ? null
: (IX509Selector)parameters.selector.Clone();
stores = Platform.CreateArrayList(parameters.stores);
additionalStores = Platform.CreateArrayList(parameters.additionalStores);
trustedACIssuers = new HashSet(parameters.trustedACIssuers);
prohibitedACAttributes = new HashSet(parameters.prohibitedACAttributes);
necessaryACAttributes = new HashSet(parameters.necessaryACAttributes);
attrCertCheckers = new HashSet(parameters.attrCertCheckers);
}
/// <summary>
/// Finds the certificate records matching the specified selector.
/// </summary>
/// <remarks>
/// Searches the database for certificate records matching the selector, returning all
/// of the matching records populated with the desired fields.
/// </remarks>
/// <returns>The matching certificate records populated with the desired fields.</returns>
/// <param name="selector">The match selector or <c>null</c> to match all certificates.</param>
/// <param name="trustedOnly"><c>true</c> if only trusted certificates should be returned.</param>
/// <param name="fields">The desired fields.</param>
public IEnumerable <X509CertificateRecord> Find(IX509Selector selector, bool trustedOnly, X509CertificateRecordFields fields)
{
using (var command = GetSelectCommand(selector, trustedOnly, false, fields | X509CertificateRecordFields.Certificate)) {
var reader = command.ExecuteReader();
try {
var parser = new X509CertificateParser();
var buffer = new byte[4096];
while (reader.Read())
{
var record = LoadCertificateRecord(reader, parser, ref buffer);
if (selector == null || selector.Match(record.Certificate))
{
yield return(record);
}
}
} finally {
#if NETSTANDARD
reader.Dispose();
#else
reader.Close();
#endif
}
}
yield break;
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <remarks>
/// Gets the X.509 certificate based on the selector.
/// </remarks>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override Org.BouncyCastle.X509.X509Certificate GetCertificate(IX509Selector selector)
{
foreach (StoreName storeName in Enum.GetValues(typeof(StoreName)))
{
if (storeName == StoreName.Disallowed)
{
continue;
}
var store = new X509Store(storeName, StoreLocation);
store.Open(OpenFlags.ReadOnly);
try {
foreach (var certificate in store.Certificates)
{
var cert = GetBouncyCastleCertificate(certificate);
if (selector == null || selector.Match(cert))
{
return(cert);
}
}
} finally {
store.Close();
}
}
return(null);
}
public global::System.Collections.ICollection GetMatches(IX509Selector selector)
{
if (selector == null)
{
return((global::System.Collections.ICollection)Platform.CreateArrayList(_local));
}
global::System.Collections.IList list = Platform.CreateArrayList();
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)_local).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
object current = enumerator.get_Current();
if (selector.Match(current))
{
list.Add(current);
}
}
return((global::System.Collections.ICollection)list);
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <remarks>
/// Gets the private key based on the provided selector.
/// </remarks>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey(IX509Selector selector)
{
#if false
// Note: GetPrivateKey() is only used by the base class implementations of Decrypt() and DecryptTo().
// Since we override those methods, there is no use for this method.
var store = new X509Store(StoreName.My, StoreLocation);
store.Open(OpenFlags.ReadOnly);
try {
foreach (var certificate in store.Certificates)
{
if (!certificate.HasPrivateKey)
{
continue;
}
var cert = GetBouncyCastleCertificate(certificate);
if (selector == null || selector.Match(cert))
{
var pair = CmsSigner.GetBouncyCastleKeyPair(certificate.PrivateKey);
return(pair.Private);
}
}
} finally {
store.Close();
}
#endif
return(null);
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <remarks>
/// Gets the X.509 certificate based on the selector.
/// </remarks>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override Org.BouncyCastle.X509.X509Certificate GetCertificate(IX509Selector selector)
{
var storeNames = new [] { StoreName.My, StoreName.AddressBook, StoreName.TrustedPeople, StoreName.Root };
foreach (var storeName in storeNames)
{
var store = new X509Store(storeName, StoreLocation);
store.Open(OpenFlags.ReadOnly);
try {
foreach (var certificate in store.Certificates)
{
var cert = DotNetUtilities.FromX509Certificate(certificate);
if (selector == null || selector.Match(cert))
{
return(cert);
}
}
} finally {
store.Close();
}
}
return(null);
}
/**
* Build and validate a CertPath using the given parameter.
*
* @param params PKIXBuilderParameters object containing all information to
* build the CertPath
*/
public virtual PkixCertPathBuilderResult Build(
PkixBuilderParameters pkixParams)
{
// search target certificates
IX509Selector certSelect = pkixParams.GetTargetCertConstraints();
if (!(certSelect is X509CertStoreSelector))
{
throw new PkixCertPathBuilderException(
"TargetConstraints must be an instance of "
+ typeof(X509CertStoreSelector).FullName + " for "
+ this.GetType() + " class.");
}
ISet targets = new HashSet();
try
{
targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetStores()));
// TODO Should this include an entry for pkixParams.GetAdditionalStores() too?
}
catch (Exception e)
{
throw new PkixCertPathBuilderException(
"Error finding target certificate.", e);
}
if (targets.IsEmpty)
{
throw new PkixCertPathBuilderException("No certificate found matching targetContraints.");
}
PkixCertPathBuilderResult result = null;
IList certPathList = new ArrayList();
// check all potential target certificates
foreach (X509Certificate cert in targets)
{
result = Build(cert, pkixParams, certPathList);
if (result != null)
{
break;
}
}
if (result == null && certPathException != null)
{
throw new PkixCertPathBuilderException(certPathException.Message, certPathException.InnerException);
}
if (result == null && certPathException == null)
{
throw new PkixCertPathBuilderException("Unable to find certificate chain.");
}
return(result);
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate (IX509Selector selector)
{
foreach (var certificate in keychain.GetCertificates ((CssmKeyUse) 0)) {
if (selector.Match (certificate))
return certificate;
}
return null;
}
public virtual void SetTargetConstraints(IX509Selector selector)
{
if (selector != null)
{
this.selector = (IX509Selector)selector.Clone();
return;
}
this.selector = null;
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey (IX509Selector selector)
{
foreach (var signer in keychain.GetAllCmsSigners ()) {
if (selector.Match (signer.Certificate))
return signer.PrivateKey;
}
return null;
}
public virtual void SetTargetConstraints(IX509Selector selector)
{
if (selector != null)
{
this.selector = (IX509Selector)((ICloneable)selector).Clone();
}
else
{
this.selector = null;
}
}
/// <summary>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </summary>
/// <remarks>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
ICollection IX509Store.GetMatches(IX509Selector selector)
{
var matches = new List <X509Certificate> ();
foreach (var certificate in GetMatches(selector))
{
matches.Add(certificate);
}
return(matches);
}
public virtual void SetTargetCertConstraints(IX509Selector selector)
{
if (selector == null)
{
certSelector = null;
}
else
{
certSelector = (IX509Selector)selector.Clone();
}
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate(IX509Selector selector)
{
foreach (var certificate in keychain.GetCertificates((CssmKeyUse)0))
{
if (selector.Match(certificate))
{
return(certificate);
}
}
return(null);
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey(IX509Selector selector)
{
foreach (var signer in keychain.GetAllCmsSigners())
{
if (selector.Match(signer.Certificate))
{
return(signer.PrivateKey);
}
}
return(null);
}
/// <summary>
/// Gets an enumerator of matching X.509 certificates based on the specified selector.
/// </summary>
/// <remarks>
/// Gets an enumerator of matching X.509 certificates based on the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
public IEnumerable <X509Certificate> GetMatches(IX509Selector selector)
{
foreach (var certificate in certificates)
{
if (selector == null || selector.Match(certificate))
{
yield return(certificate);
}
}
yield break;
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate (IX509Selector selector)
{
if (selector == null && certificates.Count > 0)
return certificates[0];
foreach (var certificate in certificates) {
if (selector.Match (certificate))
return certificate;
}
return null;
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate(IX509Selector selector)
{
foreach (var certificate in certificates)
{
if (selector.Match(certificate))
{
return(certificate);
}
}
return(null);
}
public virtual PkixCertPathBuilderResult Build(PkixBuilderParameters pkixParams)
{
IX509Selector targetCertConstraints = pkixParams.GetTargetCertConstraints();
if (!(targetCertConstraints is X509CertStoreSelector))
{
throw new PkixCertPathBuilderException(string.Concat(new object[]
{
"TargetConstraints must be an instance of ",
typeof(X509CertStoreSelector).FullName,
" for ",
base.GetType(),
" class."
}));
}
ISet set = new HashSet();
try
{
set.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)targetCertConstraints, pkixParams.GetStores()));
}
catch (Exception exception)
{
throw new PkixCertPathBuilderException("Error finding target certificate.", exception);
}
if (set.IsEmpty)
{
throw new PkixCertPathBuilderException("No certificate found matching targetContraints.");
}
PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
IList tbvPath = Platform.CreateArrayList();
foreach (X509Certificate tbvCert in set)
{
pkixCertPathBuilderResult = this.Build(tbvCert, pkixParams, tbvPath);
if (pkixCertPathBuilderResult != null)
{
break;
}
}
if (pkixCertPathBuilderResult == null && this.certPathException != null)
{
throw new PkixCertPathBuilderException(this.certPathException.Message, this.certPathException.InnerException);
}
if (pkixCertPathBuilderResult == null && this.certPathException == null)
{
throw new PkixCertPathBuilderException("Unable to find certificate chain.");
}
return(pkixCertPathBuilderResult);
}
/// <summary>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </summary>
/// <remarks>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
ICollection IX509Store.GetMatches(IX509Selector selector)
{
var matches = new List <X509Certificate> ();
foreach (var certificate in certs)
{
if (selector == null || selector.Match(certificate))
{
matches.Add(certificate);
}
}
return(matches);
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override Org.BouncyCastle.X509.X509Certificate GetCertificate(IX509Selector selector)
{
foreach (var certificate in CertificateStore.Certificates)
{
var cert = DotNetUtilities.FromX509Certificate(certificate);
if (selector.Match(cert))
{
return(cert);
}
}
return(null);
}
public IEnumerable <X509CertificateRecord> Find(IX509Selector selector, bool trustedOnly, X509CertificateRecordFields fields)
{
var certs = this.GetCerts();
foreach (var certificate in certs)
{
if (selector.Match(certificate))
{
var record = new X509CertificateRecord(certificate);
return(new SingletonList <X509CertificateRecord>(record));
}
}
return(new List <X509CertificateRecord>());
}
public ICollection GetMatches(IX509Selector selector)
{
var list = new Collection <X509Certificate>();
var certs = this.GetCerts();
foreach (var cert in certs)
{
if (selector.Match(cert))
{
list.Add(cert);
return(list);
}
}
return(list);
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey (IX509Selector selector)
{
foreach (var certificate in certificates) {
AsymmetricKeyParameter key;
if (!keys.TryGetValue (certificate, out key))
continue;
if (selector != null && !selector.Match (certificate))
continue;
return key;
}
return null;
}
public ICollection GetMatches(IX509Selector selector)
{
if (selector == null)
{
return(Platform.CreateArrayList(_local));
}
IList list = Platform.CreateArrayList();
foreach (object item in _local)
{
if (selector.Match(item))
{
list.Add(item);
}
}
return(list);
}
public ICollection GetMatches(IX509Selector selector)
{
if (selector == null)
{
return(Platform.CreateArrayList(this._local));
}
IList list = Platform.CreateArrayList();
foreach (object current in this._local)
{
if (selector.Match(current))
{
list.Add(current);
}
}
return(list);
}
/// <summary>
/// Gets the X.509 certificate matching the specified selector.
/// </summary>
/// <remarks>
/// Gets the first certificate that matches the specified selector.
/// </remarks>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate(IX509Selector selector)
{
if (selector == null && certificates.Count > 0)
{
return(certificates[0]);
}
foreach (var certificate in certificates)
{
if (selector.Match(certificate))
{
return(certificate);
}
}
return(null);
}
void AssertFindBy(IX509Selector selector, X509Certificate expected)
{
using (var dbase = new SqliteCertificateDatabase("sqlite.db", "no.secret")) {
// Verify that we can select the Root Certificate
bool found = false;
foreach (var record in dbase.Find(selector, false, X509CertificateRecordFields.Certificate))
{
if (record.Certificate.Equals(expected))
{
found = true;
break;
}
}
Assert.IsTrue(found, "Did not find the expected certificate");
}
}
/**
* Return the matches in the collection for the passed in selector.
*
* @param selector the selector to match against.
* @return a possibly empty collection of matching objects.
*/
public ICollection GetMatches(
IX509Selector selector)
{
if (selector == null)
{
return new ArrayList(_local);
}
IList result = new ArrayList();
foreach (object obj in _local)
{
if (selector.Match(obj))
result.Add(obj);
}
return result;
}
public ICollection GetMatches(IX509Selector selector)
{
if (selector == null)
{
return(win);
}
IList result = new ArrayList();
for (int i = 0; i < win.Count; i++)
{
if (selector.Match(bc[i]))
{
result.Add(win[i]);
}
}
return(result);
}
/**
* Return the matches in the collection for the passed in selector.
*
* @param selector the selector to match against.
* @return a possibly empty collection of matching objects.
*/
public ICollection GetMatches(IX509Selector selector)
{
if (selector == null)
{
return(Platform.CreateArrayList(_local));
}
IList result = Platform.CreateArrayList();
foreach (object obj in _local)
{
if (selector.Match(obj))
{
result.Add(obj);
}
}
return(result);
}
/// <summary> /// Gets the X.509 certificate based on the selector. /// </summary> /// <returns>The certificate on success; otherwise <c>null</c>.</returns> /// <param name="selector">The search criteria for the certificate.</param> protected abstract X509Certificate GetCertificate(IX509Selector selector);
/// <summary>
/// Gets the private key for the certificate matching the specified selector.
/// </summary>
/// <remarks>
/// Gets the private key for the first certificate that matches the specified selector.
/// </remarks>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey (IX509Selector selector)
{
return dbase.FindPrivateKeys (selector).FirstOrDefault ();
}
/**
* Sets the required constraints on the target certificate. The constraints
* are specified as an instance of CertSelector. If null, no constraints are
* defined.<br />
* <br />
* Note that the CertSelector specified is cloned to protect against
* subsequent modifications.
*
* @param selector
* a CertSelector specifying the constraints on the target
* certificate (or <code>null</code>)
*
* @see #getTargetCertConstraints()
*/
public virtual void SetTargetCertConstraints(
IX509Selector selector)
{
if (selector == null)
{
certSelector = null;
}
else
{
certSelector = (IX509Selector)selector.Clone();
}
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <remarks>
/// Gets the private key based on the provided selector.
/// </remarks>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey (IX509Selector selector)
{
var store = new X509Store (StoreName.My, StoreLocation);
store.Open (OpenFlags.ReadOnly);
try {
foreach (var certificate in store.Certificates) {
if (!certificate.HasPrivateKey)
continue;
var cert = DotNetUtilities.FromX509Certificate (certificate);
if (selector == null || selector.Match (cert)) {
var pair = DotNetUtilities.GetKeyPair (certificate.PrivateKey);
return pair.Private;
}
}
} finally {
store.Close ();
}
return null;
}
public ICollection GetMatches(IX509Selector selector)
{
if (selector == null)
{
return win;
}
IList result = new ArrayList();
for (int i = 0; i < win.Count; i++)
{
if (selector.Match(bc[i]))
result.Add(win[i]);
}
return result;
}
/// <summary>
/// Gets an enumerator of matching X.509 certificates based on the specified selector.
/// </summary>
/// <remarks>
/// Gets an enumerator of matching X.509 certificates based on the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
public IEnumerable<X509Certificate> GetMatches (IX509Selector selector)
{
foreach (var certificate in certs) {
if (selector == null || selector.Match (certificate))
yield return certificate;
}
yield break;
}
/// <summary>
/// Gets the private key based on the provided selector.
/// </summary>
/// <returns>The private key on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the private key.</param>
protected override AsymmetricKeyParameter GetPrivateKey(IX509Selector selector)
{
foreach (var certificate in store.GetMatches (selector)) {
var key = store.GetPrivateKey (certificate);
if (key == null)
continue;
return key;
}
return null;
}
/// <summary>
/// Gets the database command to select the certificate records for the specified mailbox.
/// </summary>
/// <remarks>
/// Gets the database command to select the certificate records for the specified mailbox.
/// </remarks>
/// <returns>The database command.</returns>
/// <param name="selector">Selector.</param>
/// <param name="trustedOnly">If set to <c>true</c> trusted only.</param>
/// <param name="requirePrivateKey">true</param>
/// <param name="fields">The fields to return.</param>
protected override DbCommand GetSelectCommand (IX509Selector selector, bool trustedOnly, bool requirePrivateKey, X509CertificateRecordFields fields)
{
var query = "SELECT " + string.Join (", ", GetColumnNames (fields)) + " FROM CERTIFICATES";
var match = selector as X509CertStoreSelector;
var command = connection.CreateCommand ();
var constraints = " WHERE ";
if (trustedOnly) {
command.AddParameterWithValue ("@TRUSTED", true);
constraints += "TRUSTED = @TRUSTED";
}
if (match != null) {
if (match.BasicConstraints != -1) {
if (command.Parameters.Count > 0)
constraints += " AND ";
command.AddParameterWithValue ("@BASICCONSTRAINTS", match.BasicConstraints);
constraints += "BASICCONSTRAINTS = @BASICCONSTRAINTS";
}
if (match.Issuer != null) {
if (command.Parameters.Count > 0)
constraints += " AND ";
command.AddParameterWithValue ("@ISSUERNAME", match.Issuer.ToString ());
constraints += "ISSUERNAME = @ISSUERNAME";
}
if (match.SerialNumber != null) {
if (command.Parameters.Count > 0)
constraints += " AND ";
command.AddParameterWithValue ("@SERIALNUMBER", match.SerialNumber.ToString ());
constraints += "SERIALNUMBER = @SERIALNUMBER";
}
if (match.KeyUsage != null) {
var flags = X509CertificateExtensions.GetKeyUsageFlags (match.KeyUsage);
if (flags != X509KeyUsageFlags.None) {
if (command.Parameters.Count > 0)
constraints += " AND ";
command.AddParameterWithValue ("@FLAGS", (int) flags);
constraints += "(KEYUSAGE & @FLAGS) != 0";
}
}
}
if (requirePrivateKey) {
if (command.Parameters.Count > 0)
constraints += " AND ";
constraints += "PRIVATEKEY IS NOT NULL";
} else if (command.Parameters.Count == 0) {
constraints = string.Empty;
}
command.CommandText = query + constraints;
command.CommandType = CommandType.Text;
return command;
}
/// <summary>
/// Gets a collection of matching certificates matching the specified selector.
/// </summary>
/// <remarks>
/// Gets a collection of matching certificates matching the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
ICollection IX509Store.GetMatches (IX509Selector selector)
{
return new List<X509Certificate> (FindCertificates (selector));
}
/// <summary>
/// Finds the certificate records matching the specified selector.
/// </summary>
/// <remarks>
/// Searches the database for certificate records matching the selector, returning all
/// of the matching records populated with the desired fields.
/// </remarks>
/// <returns>The matching certificate records populated with the desired fields.</returns>
/// <param name="selector">The match selector or <c>null</c> to match all certificates.</param>
/// <param name="trustedOnly"><c>true</c> if only trusted certificates should be returned.</param>
/// <param name="fields">The desired fields.</param>
public IEnumerable<X509CertificateRecord> Find (IX509Selector selector, bool trustedOnly, X509CertificateRecordFields fields)
{
using (var command = GetSelectCommand (selector, trustedOnly, false, fields | X509CertificateRecordFields.Certificate)) {
var reader = command.ExecuteReader ();
try {
var parser = new X509CertificateParser ();
var buffer = new byte[4096];
while (reader.Read ()) {
var record = LoadCertificateRecord (reader, parser, ref buffer);
if (selector == null || selector.Match (record.Certificate))
yield return record;
}
} finally {
reader.Close ();
}
}
yield break;
}
/// <summary>
/// Finds the private keys matching the specified selector.
/// </summary>
/// <remarks>
/// Searches the database for certificate records matching the selector, returning the
/// private keys for each matching record.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match selector or <c>null</c> to return all private keys.</param>
public IEnumerable<AsymmetricKeyParameter> FindPrivateKeys (IX509Selector selector)
{
using (var command = GetSelectCommand (selector, false, true, PrivateKeyFields)) {
var reader = command.ExecuteReader ();
try {
var parser = new X509CertificateParser ();
var buffer = new byte[4096];
while (reader.Read ()) {
var record = LoadCertificateRecord (reader, parser, ref buffer);
if (selector == null || selector.Match (record.Certificate))
yield return record.PrivateKey;
}
} finally {
reader.Close ();
}
}
yield break;
}
/// <summary> /// Gets the database command to select certificate records matching the specified selector. /// </summary> /// <remarks> /// Gets the database command to select certificate records matching the specified selector. /// </remarks> /// <returns>The database command.</returns> /// <param name="selector">Selector.</param> /// <param name="trustedOnly"><c>true</c> if only trusted certificates should be matched.</param> /// <param name="requirePrivateKey"><c>true</c> if the certificate must have a private key.</param> /// <param name="fields">The fields to return.</param> protected abstract IDbCommand GetSelectCommand (IX509Selector selector, bool trustedOnly, bool requirePrivateKey, X509CertificateRecordFields fields);
/// <summary> /// Gets the private key based on the provided selector. /// </summary> /// <returns>The private key on success; otherwise <c>null</c>.</returns> /// <param name="selector">The search criteria for the private key.</param> protected abstract AsymmetricKeyParameter GetPrivateKey(IX509Selector selector);
/// <summary>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </summary>
/// <remarks>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
ICollection IX509Store.GetMatches (IX509Selector selector)
{
var matches = new List<X509Certificate> ();
foreach (var certificate in certs) {
if (selector == null || selector.Match (certificate))
matches.Add (certificate);
}
return matches;
}
/// <summary>
/// Gets the X.509 certificate matching the specified selector.
/// </summary>
/// <remarks>
/// Gets the first certificate that matches the specified selector.
/// </remarks>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate (IX509Selector selector)
{
return dbase.FindCertificates (selector).FirstOrDefault ();
}
/// <summary>
/// Finds the certificates matching the specified selector.
/// </summary>
/// <remarks>
/// Searches the database for certificates matching the selector, returning all
/// matching certificates.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match selector or <c>null</c> to return all certificates.</param>
public IEnumerable<X509Certificate> FindCertificates (IX509Selector selector)
{
using (var command = GetSelectCommand (selector, false, false, X509CertificateRecordFields.Certificate)) {
var reader = command.ExecuteReader ();
try {
var parser = new X509CertificateParser ();
var buffer = new byte[4096];
while (reader.Read ()) {
var record = LoadCertificateRecord (reader, parser, ref buffer);
if (selector == null || selector.Match (record.Certificate))
yield return record.Certificate;
}
} finally {
#if COREFX
reader.Dispose ();
#else
reader.Close ();
#endif
}
}
yield break;
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate(IX509Selector selector)
{
var certificate = store.GetMatches (selector).FirstOrDefault ();
if (certificate != null)
return certificate;
certificate = addressbook.GetMatches (selector).FirstOrDefault ();
if (certificate != null)
return certificate;
return root.GetMatches (selector).FirstOrDefault ();
}
/**
* Sets the required constraints on the target certificate or attribute
* certificate. The constraints are specified as an instance of
* <code>IX509Selector</code>. If <code>null</code>, no constraints are
* defined.
* <p>
* The target certificate in a PKIX path may be a certificate or an
* attribute certificate.
* </p><p>
* Note that the <code>IX509Selector</code> specified is cloned to protect
* against subsequent modifications.
* </p>
*
* @param selector a <code>IX509Selector</code> specifying the constraints on
* the target certificate or attribute certificate (or
* <code>null</code>)
* @see #getTargetConstraints
* @see X509CertStoreSelector
* @see X509AttributeCertStoreSelector
*/
public virtual void SetTargetConstraints(IX509Selector selector)
{
if (selector != null)
{
this.selector = (IX509Selector) selector.Clone();
}
else
{
this.selector = null;
}
}
/// <summary>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </summary>
/// <remarks>
/// Gets a collection of matching X.509 certificates based on the specified selector.
/// </remarks>
/// <returns>The matching certificates.</returns>
/// <param name="selector">The match criteria.</param>
ICollection IX509Store.GetMatches (IX509Selector selector)
{
var matches = new List<X509Certificate> ();
foreach (var certificate in GetMatches (selector))
matches.Add (certificate);
return matches;
}
/**
* Method to support <code>Clone()</code> under J2ME.
* <code>super.Clone()</code> does not exist and fields are not copied.
*
* @param params Parameters to set. If this are
* <code>ExtendedPkixParameters</code> they are copied to.
*/
protected virtual void SetParams(
PkixParameters parameters)
{
Date = parameters.Date;
SetCertPathCheckers(parameters.GetCertPathCheckers());
IsAnyPolicyInhibited = parameters.IsAnyPolicyInhibited;
IsExplicitPolicyRequired = parameters.IsExplicitPolicyRequired;
IsPolicyMappingInhibited = parameters.IsPolicyMappingInhibited;
IsRevocationEnabled = parameters.IsRevocationEnabled;
SetInitialPolicies(parameters.GetInitialPolicies());
IsPolicyQualifiersRejected = parameters.IsPolicyQualifiersRejected;
SetTargetCertConstraints(parameters.GetTargetCertConstraints());
SetTrustAnchors(parameters.GetTrustAnchors());
validityModel = parameters.validityModel;
useDeltas = parameters.useDeltas;
additionalLocationsEnabled = parameters.additionalLocationsEnabled;
selector = parameters.selector == null ? null
: (IX509Selector) parameters.selector.Clone();
stores = Platform.CreateArrayList(parameters.stores);
additionalStores = Platform.CreateArrayList(parameters.additionalStores);
trustedACIssuers = new HashSet(parameters.trustedACIssuers);
prohibitedACAttributes = new HashSet(parameters.prohibitedACAttributes);
necessaryACAttributes = new HashSet(parameters.necessaryACAttributes);
attrCertCheckers = new HashSet(parameters.attrCertCheckers);
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override X509Certificate GetCertificate(IX509Selector selector)
{
foreach (var certificate in certificates) {
if (selector.Match (certificate))
return certificate;
}
return null;
}
/// <summary>
/// Gets the X.509 certificate based on the selector.
/// </summary>
/// <remarks>
/// Gets the X.509 certificate based on the selector.
/// </remarks>
/// <returns>The certificate on success; otherwise <c>null</c>.</returns>
/// <param name="selector">The search criteria for the certificate.</param>
protected override Org.BouncyCastle.X509.X509Certificate GetCertificate (IX509Selector selector)
{
var storeNames = new [] { StoreName.My, StoreName.AddressBook, StoreName.TrustedPeople, StoreName.Root };
foreach (var storeName in storeNames) {
var store = new X509Store (storeName, StoreLocation);
store.Open (OpenFlags.ReadOnly);
try {
foreach (var certificate in store.Certificates) {
var cert = DotNetUtilities.FromX509Certificate (certificate);
if (selector == null || selector.Match (cert))
return cert;
}
} finally {
store.Close ();
}
}
return null;
}
