public void ConstructorOidCollection()
{
OidCollection oc = new OidCollection();
X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension(oc, true);
Assert.AreEqual("30-00", BitConverter.ToString(eku.RawData), "RawData");
Assert.AreEqual(0, eku.EnhancedKeyUsages.Count, "Count 0");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual ("Information Not Available", eku.Format (true), "Format(true)");
//Assert.AreEqual ("Information Not Available", eku.Format (false), "Format(false)");
oc.Add(new Oid("1.2.3.4"));
Assert.AreEqual(0, eku.EnhancedKeyUsages.Count, "Count still 0");
int n = eku.EnhancedKeyUsages.Add(new Oid("1.2.3"));
Assert.AreEqual(0, n, "Add");
Assert.AreEqual(0, eku.EnhancedKeyUsages.Count, "Count again 0"); // readonly!
Assert.AreEqual(1, oc.Count, "Count 1 - oc");
Assert.AreEqual("1.2.3.4", oc [0].Value, "Value - oc");
oc.Add(new Oid("1.3.6.1.5.5.7.3.1"));
eku = new X509EnhancedKeyUsageExtension(oc, true);
Assert.AreEqual(2, eku.EnhancedKeyUsages.Count, "Count 2");
Assert.AreEqual("1.2.3.4", eku.EnhancedKeyUsages[0].Value, "Value - 1");
Assert.AreEqual("1.3.6.1.5.5.7.3.1", eku.EnhancedKeyUsages[1].Value, "Value - 2");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual ("Unknown Key Usage (1.2.3.4)" + Environment.NewLine + "Server Authentication (1.3.6.1.5.5.7.3.1)" + Environment.NewLine,
// eku.Format (true), "Format(true)");
//Assert.AreEqual ("Unknown Key Usage (1.2.3.4), Server Authentication (1.3.6.1.5.5.7.3.1)", eku.Format (false), "Format(false)");
}
// internal
internal AsnDecodeStatus Decode(byte[] extension)
{
if ((extension == null) || (extension.Length == 0))
{
return(AsnDecodeStatus.BadAsn);
}
if (extension [0] != 0x30)
{
return(AsnDecodeStatus.BadTag);
}
if (_enhKeyUsage == null)
{
_enhKeyUsage = new OidCollection();
}
try {
ASN1 ex = new ASN1(extension);
if (ex.Tag != 0x30)
{
throw new CryptographicException(Locale.GetText("Invalid ASN.1 Tag"));
}
for (int i = 0; i < ex.Count; i++)
{
_enhKeyUsage.Add(new Oid(ASN1Convert.ToOid(ex [i])));
}
}
catch {
return(AsnDecodeStatus.BadAsn);
}
return(AsnDecodeStatus.Ok);
}
private static bool IsModuleSigned(Module module, OidCollection oidCheckList, ref int exitCode)
{
for (int i = 0; i < 3; i++)
{
if (IsModuleSignedOneTry(module, oidCheckList, out int SignedExitCode))
{
return(true);
}
if (!IsWakeUpDelayElapsed)
{
Thread.Sleep(5000);
IsWakeUpDelayElapsed = true;
}
else
{
if (exitCode == 0)
{
exitCode = SignedExitCode;
}
return(false);
}
}
return(false);
}
public void DecodeX509EnhancedKeyUsageExtension(byte[] encoded, out OidCollection usages)
{
OidCollection localUsages = new OidCollection();
unsafe
{
encoded.DecodeObject(
CryptDecodeObjectStructType.X509_ENHANCED_KEY_USAGE,
delegate(void *pvDecoded, int cbDecoded)
{
Debug.Assert(cbDecoded >= sizeof(CERT_ENHKEY_USAGE));
CERT_ENHKEY_USAGE *pEnhKeyUsage = (CERT_ENHKEY_USAGE *)pvDecoded;
int count = pEnhKeyUsage->cUsageIdentifier;
for (int i = 0; i < count; i++)
{
IntPtr oidValuePointer = pEnhKeyUsage->rgpszUsageIdentifier[i];
string oidValue = Marshal.PtrToStringAnsi(oidValuePointer) !;
Oid oid = new Oid(oidValue);
localUsages.Add(oid);
}
}
);
}
usages = localUsages;
}
/// <summary>
/// Does not throw on error. Returns null ChainPal instead.
/// </summary>
public static ChainPal BuildChain(
bool useMachineContext,
ICertificatePal cert,
X509Certificate2Collection extraStore,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
X509Certificate2Collection customTrustStore,
X509ChainTrustMode trustMode,
DateTime verificationTime,
TimeSpan timeout)
{
CertificatePal certificatePal = (CertificatePal)cert;
unsafe
{
using (SafeChainEngineHandle storeHandle = GetChainEngine(trustMode, customTrustStore, useMachineContext))
using (SafeCertStoreHandle extraStoreHandle = ConvertStoreToSafeHandle(extraStore))
{
CERT_CHAIN_PARA chainPara = default;
chainPara.cbSize = Marshal.SizeOf <CERT_CHAIN_PARA>();
int applicationPolicyCount;
using (SafeHandle applicationPolicyOids = applicationPolicy.ToLpstrArray(out applicationPolicyCount))
{
if (!applicationPolicyOids.IsInvalid)
{
chainPara.RequestedUsage.dwType = CertUsageMatchType.USAGE_MATCH_TYPE_AND;
chainPara.RequestedUsage.Usage.cUsageIdentifier = applicationPolicyCount;
chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = applicationPolicyOids.DangerousGetHandle();
}
int certificatePolicyCount;
using (SafeHandle certificatePolicyOids = certificatePolicy.ToLpstrArray(out certificatePolicyCount))
{
if (!certificatePolicyOids.IsInvalid)
{
chainPara.RequestedIssuancePolicy.dwType = CertUsageMatchType.USAGE_MATCH_TYPE_AND;
chainPara.RequestedIssuancePolicy.Usage.cUsageIdentifier = certificatePolicyCount;
chainPara.RequestedIssuancePolicy.Usage.rgpszUsageIdentifier = certificatePolicyOids.DangerousGetHandle();
}
chainPara.dwUrlRetrievalTimeout = (int)Math.Floor(timeout.TotalMilliseconds);
FILETIME ft = FILETIME.FromDateTime(verificationTime);
CertChainFlags flags = MapRevocationFlags(revocationMode, revocationFlag);
SafeX509ChainHandle chain;
if (!Interop.crypt32.CertGetCertificateChain(storeHandle.DangerousGetHandle(), certificatePal.CertContext, &ft, extraStoreHandle, ref chainPara, flags, IntPtr.Zero, out chain))
{
return(null);
}
return(new ChainPal(chain));
}
}
}
}
}
private static bool FindPluginClientTypes(Assembly assembly, OidCollection oidCheckList, out List <Type> pluginClientTypeList, ref int exitCode, ref bool isBadSignature)
{
pluginClientTypeList = new List <Type>();
try
{
if (!string.IsNullOrEmpty(assembly.Location) && !IsAssemblySigned(assembly, oidCheckList, ref exitCode))
{
isBadSignature = true;
return(false);
}
if (IsReferencingSharedAssembly(assembly, out _))
{
Type?[] AssemblyTypes;
try
{
AssemblyTypes = assembly.GetTypes();
}
catch (ReflectionTypeLoadException LoaderException)
{
AssemblyTypes = LoaderException.Types;
}
catch
{
AssemblyTypes = Array.Empty <Type>();
}
foreach (Type?ClientType in AssemblyTypes)
{
if (ClientType != null)
{
if (!ClientType.IsPublic || ClientType.IsInterface || !ClientType.IsClass || ClientType.IsAbstract)
{
continue;
}
Contract.RequireNotNull(PluginInterfaceType.FullName, out string FullName);
Type?InterfaceType = ClientType.GetInterface(FullName);
if (InterfaceType != null)
{
pluginClientTypeList.Add(ClientType);
}
}
}
return(pluginClientTypeList.Count > 0);
}
}
catch
{
if (exitCode == 0)
{
exitCode = -6;
}
}
return(false);
}
internal CertificateTemplateSettings(IX509CertificateTemplate template)
{
InitializeCom(template);
Cryptography = new CryptographyTemplateSettings(template);
RegistrationAuthority = new IssuanceRequirements(template);
CriticalExtensions = new OidCollection();
KeyArchivalSettings = new KeyArchivalOptions(template);
}
/// <summary>
/// Initializes a new instance of the <strong>X509ApplicationPoliciesExtension</strong> class from an array of application
/// policy object identifiers (OID) and a value that identifies whether the extension is critical.
/// </summary>
/// <param name="applicationPolicies">A collection of application policy OIDs.</param>
/// <param name="critical"><strong>True</strong> if the extension is critical; otherwise, <strong>False</strong>.</param>
/// <exception cref="ArgumentNullException"><strong>applicationPolicies</strong> parameter is null.</exception>
public X509ApplicationPoliciesExtension(OidCollection applicationPolicies, Boolean critical)
{
if (applicationPolicies == null || applicationPolicies.Count == 0)
{
throw new ArgumentNullException(nameof(applicationPolicies));
}
m_initialize(applicationPolicies, critical);
}
private static byte[] EncodeExtension(OidCollection enhancedKeyUsages)
{
if (enhancedKeyUsages == null)
{
throw new ArgumentNullException(nameof(enhancedKeyUsages));
}
return(X509Pal.Instance.EncodeX509EnhancedKeyUsageExtension(enhancedKeyUsages));
}
//BUG [ExpectedException (typeof (ArgumentNullException))]
public void AddNull()
{
OidCollection oc = new OidCollection();
oc.Add(null);
Assert.AreEqual(1, oc.Count, "Count");
// Assert.IsNull (oc, "[0]"); throw NullReferenceException
}
public void CopyToOidNull()
{
OidCollection oc = new OidCollection();
oc.Add(new Oid("1.0"));
Oid[] array = null;
oc.CopyTo(array, 0);
}
/// <summary>
/// Metodo para escribir el certificado de seguridad
/// </summary>
/// <param name="xCertificate"></param>
///<remarks>
/// Autor: José Faustino Posas
/// Company: Ssoft Colombia
/// Fecha: 2012-01-16
/// -------------------
/// Control de Cambios
/// -------------------
/// Autor:
/// Fecha:
/// Descripción:
/// </remarks>
public string setCertificateWriten(X509Certificate2 xCertificate)
{
string sCertificate = null;
try
{
X509Certificate2 objCert = xCertificate; //Acá tenemos que poner el certificado
StringBuilder objSB = new StringBuilder("Detalle del certificado: \n\n");
SymmetricAlgorithm algoritmo = SymmetricAlgorithm.Create("Rijndael");
//Detalle
objSB.AppendLine("Persona = " + objCert.Subject);
objSB.AppendLine("Emisor = " + objCert.Issuer);
objSB.AppendLine("Válido desde = " + objCert.NotBefore.ToString());
objSB.AppendLine("Válido hasta = " + objCert.NotAfter.ToString());
objSB.AppendLine("Tamaño de la clave = " + objCert.PublicKey.Key.KeySize.ToString());
objSB.AppendLine("Valor de la clave = " + objCert.GetPublicKeyString().ToString());
objSB.AppendLine("Algoritmo de la clave = " + objCert.GetKeyAlgorithm().ToString());
objSB.AppendLine("Número de serie = " + objCert.SerialNumber);
objSB.AppendLine("Hash = " + objCert.Thumbprint);
//Extensiones
objSB.AppendLine("\nExtensiones:\n");
foreach (X509Extension objExt in objCert.Extensions)
{
objSB.AppendLine(objExt.Oid.FriendlyName + " (" + objExt.Oid.Value + ')');
if (objExt.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)objExt;
objSB.AppendLine(" " + ext.KeyUsages);
}
if (objExt.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)objExt;
objSB.AppendLine(" " + ext.CertificateAuthority);
objSB.AppendLine(" " + ext.HasPathLengthConstraint);
objSB.AppendLine(" " + ext.PathLengthConstraint);
}
if (objExt.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)objExt;
objSB.AppendLine(" " + ext.SubjectKeyIdentifier);
}
if (objExt.Oid.FriendlyName == "Enhanced Key Usage") //2.5.29.37
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)objExt;
OidCollection objOids = ext.EnhancedKeyUsages;
foreach (Oid oid in objOids)
{
objSB.AppendLine(" " + oid.FriendlyName + " (" + oid.Value + ')');
}
}
}
sCertificate = objSB.ToString();
//Debug.Print(objSB.ToString());
}
catch { }
return(sCertificate);
}
//
// Verifies whether a certificate is valid for the specified policy.
// S_OK means the certificate is valid for the specified policy.
// S_FALSE means the certificate is invalid for the specified policy.
// Anything else is an error.
//
internal static unsafe int VerifyCertificate(SafeCertContextHandle pCertContext,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
DateTime verificationTime,
TimeSpan timeout,
X509Certificate2Collection extraStore,
IntPtr pszPolicy,
IntPtr pdwErrorStatus)
{
if (pCertContext == null || pCertContext.IsInvalid)
{
throw new ArgumentException("pCertContext");
}
CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));
// Build the chain.
SafeCertChainHandle pChainContext = SafeCertChainHandle.InvalidHandle;
int hr = X509Chain.BuildChain(new IntPtr(CAPI.HCCE_CURRENT_USER),
pCertContext,
extraStore,
applicationPolicy,
certificatePolicy,
revocationMode,
revocationFlag,
verificationTime,
timeout,
ref pChainContext);
if (hr != CAPI.S_OK)
{
return(hr);
}
// Verify the chain using the specified policy.
if (CAPI.CertVerifyCertificateChainPolicy(pszPolicy, pChainContext, ref PolicyPara, ref PolicyStatus))
{
if (pdwErrorStatus != IntPtr.Zero)
{
*(uint *)pdwErrorStatus = PolicyStatus.dwError;
}
if (PolicyStatus.dwError != 0)
{
return(CAPI.S_FALSE);
}
}
else
{
// The API failed.
return(Marshal.GetHRForLastWin32Error());
}
return(CAPI.S_OK);
}
public static X509Certificate2 CreateRsaCertificate(CreateCertificates createCertificates, int keySize)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = true,
HasPathLengthConstraint = true,
PathLengthConstraint = 2,
Critical = false
};
var subjectAlternativeName = new SubjectAlternativeName
{
DnsName = new List <string>
{
"SigningCertificateTest",
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign
| X509KeyUsageFlags.DigitalSignature
| X509KeyUsageFlags.KeyEncipherment
| X509KeyUsageFlags.CrlSign
| X509KeyUsageFlags.DataEncipherment
| X509KeyUsageFlags.NonRepudiation
| X509KeyUsageFlags.KeyAgreement;
// only if mtls is used
var enhancedKeyUsages = new OidCollection
{
//OidLookup.ClientAuthentication,
//OidLookup.ServerAuthentication,
OidLookup.CodeSigning,
OidLookup.SecureEmail,
OidLookup.TimeStamping
};
var certificate = createCertificates.NewRsaSelfSignedCertificate(
new DistinguishedName {
CommonName = "SigningCertificateTest"
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = DateTimeOffset.UtcNow,
ValidTo = DateTimeOffset.UtcNow.AddYears(1)
},
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
new RsaConfiguration
{
KeySize = keySize,
RSASignaturePadding = RSASignaturePadding.Pkcs1,
HashAlgorithmName = HashAlgorithmName.SHA256
});
return(certificate);
}
public void CopyToOid()
{
OidCollection oc = new OidCollection();
oc.Add(new Oid("1.0"));
Oid[] array = new Oid [1];
oc.CopyTo(array, 0);
Assert.AreEqual("1.0", array [0].Value, "CopyTo(Oid)");
}
private OidEnumerator GetEnumerator()
{
OidCollection oc = new OidCollection();
oc.Add(new Oid("1.0"));
oc.Add(new Oid("1.1"));
oc.Add(new Oid("1.2"));
return(oc.GetEnumerator());
}
public void Add()
{
OidCollection oc = new OidCollection();
oc.Add(new Oid("1.0"));
Assert.AreEqual(1, oc.Count, "Count");
Assert.AreEqual("1.0", oc [0].Value, "[0]");
Assert.AreEqual("1.0", oc ["1.0"].Value, "['1.0']");
}
public static void EnhancedKeyUsageExtension_InvalidOid(string invalidOidValue)
{
OidCollection oids = new OidCollection
{
new Oid(invalidOidValue)
};
Assert.ThrowsAny <CryptographicException>(() => new X509EnhancedKeyUsageExtension(oids, false));
}
public static IChainPal BuildChain(
bool useMachineContext,
ICertificatePal cert,
X509Certificate2Collection extraStore,
OidCollection applicationPolicy,
OidCollection certificatePolicy,
X509RevocationMode revocationMode,
X509RevocationFlag revocationFlag,
DateTime verificationTime,
TimeSpan timeout)
{
// An input value of 0 on the timeout is "take all the time you need".
if (timeout == TimeSpan.Zero)
{
timeout = TimeSpan.MaxValue;
}
// Let Unspecified mean Local, so only convert if the source was UTC.
//
// Converge on Local instead of UTC because OpenSSL is going to assume we gave it
// local time.
if (verificationTime.Kind == DateTimeKind.Utc)
{
verificationTime = verificationTime.ToLocalTime();
}
TimeSpan remainingDownloadTime = timeout;
X509Certificate2 leaf = new X509Certificate2(cert.Handle);
List <X509Certificate2> downloaded = new List <X509Certificate2>();
List <X509Certificate2> systemTrusted = new List <X509Certificate2>();
List <X509Certificate2> candidates = OpenSslX509ChainProcessor.FindCandidates(
leaf,
extraStore,
downloaded,
systemTrusted,
ref remainingDownloadTime);
IChainPal chain = OpenSslX509ChainProcessor.BuildChain(
leaf,
candidates,
downloaded,
systemTrusted,
applicationPolicy,
certificatePolicy,
revocationMode,
revocationFlag,
verificationTime,
ref remainingDownloadTime);
if (chain.ChainStatus.Length == 0 && downloaded.Count > 0)
{
SaveIntermediateCertificates(chain.ChainElements, downloaded);
}
return(chain);
}
public void ConstructorAsnEncodedData_BadAsn()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]);
X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension(aed, true);
Assert.AreEqual(String.Empty, eku.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, eku.Format(false), "Format(false)");
OidCollection oc = eku.EnhancedKeyUsages;
}
internal CertificateTemplateSettings(DirectoryEntry Entry)
{
_entry = Entry;
Cryptography = new CryptographyTemplateSettings(_entry);
RegistrationAuthority = new IssuanceRequirements(_entry);
CriticalExtensions = new OidCollection();
KeyArchivalSettings = new KeyArchivalOptions(_entry);
m_initialize();
}
internal static bool GetExtendedKeyUsagesCallback(IntPtr pInfo, ref OidCollection pvParam)
{
CRYPT_OID_INFO oInfo = (CRYPT_OID_INFO)Marshal.PtrToStructure(pInfo, typeof(CRYPT_OID_INFO));
OidCollection ExtendedKeyUsages = (OidCollection)pvParam;
ExtendedKeyUsages.Add(new Oid(oInfo.pszOID, oInfo.pwszName));
return(true);
}
public static X509Certificate2 CreateRsaCertificate(CreateCertificates createCertificates, int keySize)
{
var basicConstraints = new BasicConstraints
{
CertificateAuthority = true,
HasPathLengthConstraint = true,
PathLengthConstraint = 2,
Critical = false
};
var subjectAlternativeName = new SubjectAlternativeName
{
DnsName = new List <string>
{
"localhost",
}
};
var x509KeyUsageFlags = X509KeyUsageFlags.KeyCertSign
| X509KeyUsageFlags.DigitalSignature
| X509KeyUsageFlags.KeyEncipherment
| X509KeyUsageFlags.CrlSign
| X509KeyUsageFlags.DataEncipherment
| X509KeyUsageFlags.NonRepudiation
| X509KeyUsageFlags.KeyAgreement;
// only if mtls is used
var enhancedKeyUsages = new OidCollection
{
new Oid("1.3.6.1.5.5.7.3.1"), // TLS Server auth
new Oid("1.3.6.1.5.5.7.3.2"), // TLS Client auth
//new Oid("1.3.6.1.5.5.7.3.3"), // Code signing
//new Oid("1.3.6.1.5.5.7.3.4"), // Email
//new Oid("1.3.6.1.5.5.7.3.8") // Timestamping
};
var certificate = createCertificates.NewRsaSelfSignedCertificate(
new DistinguishedName {
CommonName = "localhost"
},
basicConstraints,
new ValidityPeriod
{
ValidFrom = DateTimeOffset.UtcNow,
ValidTo = DateTimeOffset.UtcNow.AddYears(1)
},
subjectAlternativeName,
enhancedKeyUsages,
x509KeyUsageFlags,
new RsaConfiguration
{
KeySize = keySize
});
return(certificate);
}
public X509EnhancedKeyUsageExtension (OidCollection enhancedKeyUsages, bool critical)
{
if (enhancedKeyUsages == null)
throw new ArgumentNullException ("enhancedKeyUsages");
_oid = new Oid (oid, friendlyName);
base.Critical = critical;
_enhKeyUsage = enhancedKeyUsages.ReadOnlyCopy ();
RawData = Encode ();
}
void m_initialize(OidCollection applicationPolicies, Boolean critical) {
Oid = _oid;
Critical = critical;
List<Byte> rawData = new List<Byte>();
foreach (Oid aoid in applicationPolicies.Cast<Oid>().Where(aoid => !String.IsNullOrEmpty(aoid.Value))) {
_oids.Add(aoid);
rawData.AddRange(Asn1Utils.Encode(Asn1Utils.EncodeObjectIdentifier(aoid), 48));
}
RawData = Asn1Utils.Encode(rawData.ToArray(), 48);
}
/// <inheritdoc />
public OidCollection GetSubjectTemplateOIDs()
{
var retValue = new OidCollection();
getStringProperty(AdcsCAPropertyName.SubjectTemplateOIDs)
?.TrimEnd()
.Split('\n')
.ToList().ForEach(x => retValue.Add(new Oid(x)));
return(retValue);
}
public void CopyTo_NonZeroLowerBound_ThrowsIndexOutOfRangeException()
{
Oid item = new Oid(Sha1Oid, Sha1Name);
ICollection ic = new OidCollection {
item
};
Array array = Array.CreateInstance(typeof(object), new int[] { 10 }, new int[] { 10 });
Assert.Throws <IndexOutOfRangeException>(() => ic.CopyTo(array, 0));
}
public OidCollection ToOoid()
{
var result = new OidCollection();
if (ClientAuth)
{
result.Add(ObjectId.kpClientAuth);
}
return(result);
}
public void Constructor()
{
OidCollection oc = new OidCollection();
// default properties
Assert.AreEqual(0, oc.Count, "Count");
Assert.IsTrue(!oc.IsSynchronized, "IsSynchronized");
Assert.IsNotNull(oc.SyncRoot, "SyncRoot");
Assert.IsNotNull(oc.GetEnumerator(), "GetEnumerator");
}
public void Reset()
{
ApplicationPolicy = new OidCollection();
CertificatePolicy = new OidCollection();
_revocationMode = X509RevocationMode.Online;
_revocationFlag = X509RevocationFlag.ExcludeRoot;
_verificationFlags = X509VerificationFlags.NoFlag;
VerificationTime = DateTime.Now;
UrlRetrievalTimeout = new TimeSpan(0, 0, 0); // default timeout
ExtraStore = new X509Certificate2Collection();
}
public static void EnhancedKeyUsageExtension_2Oids()
{
Oid oid1 = Oid.FromOidValue("1.3.6.1.5.5.7.3.1", OidGroup.EnhancedKeyUsage);
Oid oid2 = Oid.FromOidValue("1.3.6.1.4.1.311.10.3.1", OidGroup.EnhancedKeyUsage);
OidCollection usages = new OidCollection();
usages.Add(oid1);
usages.Add(oid2);
TestEnhancedKeyUsageExtension(usages, false, "301606082b06010505070301060a2b0601040182370a0301".HexToByteArray());
}
public static void EncodeDecode_2Oids()
{
Oid oid1 = new Oid("1.3.6.1.5.5.7.3.1");
Oid oid2 = new Oid("1.3.6.1.4.1.311.10.3.1");
OidCollection usages = new OidCollection();
usages.Add(oid1);
usages.Add(oid2);
EncodeDecode(usages, false, "301606082b06010505070301060a2b0601040182370a0301".HexToByteArray());
}
public X509EnhancedKeyUsageExtension (OidCollection enhancedKeyUsages, bool critical)
{
if (enhancedKeyUsages == null)
throw new ArgumentNullException ("enhancedKeyUsages");
_oid = new Oid (oid, friendlyName);
base.Critical = critical;
_enhKeyUsage = new OidCollection();
foreach (Oid o in enhancedKeyUsages) {
_enhKeyUsage.Add(o);
}
RawData = Encode ();
}
public X509EnhancedKeyUsageExtension(OidCollection enhancedKeyUsages, bool critical);
public void Reset () {
m_applicationPolicy = new OidCollection();
m_certificatePolicy = new OidCollection();
m_revocationMode = X509RevocationMode.Online;
m_revocationFlag = X509RevocationFlag.ExcludeRoot;
m_verificationFlags = X509VerificationFlags.NoFlag;
m_verificationTime = DateTime.Now;
m_timeout = new TimeSpan(0, 0, 0); // default timeout
m_extraStore = new X509Certificate2Collection();
}
private static byte[] EncodeExtension(OidCollection enhancedKeyUsages)
{
if (enhancedKeyUsages == null)
throw new ArgumentNullException(nameof(enhancedKeyUsages));
return X509Pal.Instance.EncodeX509EnhancedKeyUsageExtension(enhancedKeyUsages);
}
public X509EnhancedKeyUsageExtension(OidCollection enhancedKeyUsages, bool critical)
: base(Oids.EnhancedKeyUsage, EncodeExtension(enhancedKeyUsages), critical)
{
}
public X509EnhancedKeyUsageExtension()
: base(Oids.EnhancedKeyUsage)
{
_enhancedKeyUsages = new OidCollection();
_decoded = true;
}
public static void EnhancedKeyUsageExtension_InvalidOid(string invalidOidValue)
{
OidCollection oids = new OidCollection
{
new Oid(invalidOidValue)
};
Assert.ThrowsAny<CryptographicException>(() => new X509EnhancedKeyUsageExtension(oids, false));
}
// internal
internal AsnDecodeStatus Decode (byte[] extension)
{
if ((extension == null) || (extension.Length == 0))
return AsnDecodeStatus.BadAsn;
if (extension [0] != 0x30)
return AsnDecodeStatus.BadTag;
if (_enhKeyUsage == null)
_enhKeyUsage = new OidCollection ();
try {
ASN1 ex = new ASN1 (extension);
if (ex.Tag != 0x30)
throw new CryptographicException (Locale.GetText ("Invalid ASN.1 Tag"));
for (int i=0; i < ex.Count; i++) {
_enhKeyUsage.Add (new Oid (ASN1Convert.ToOid (ex [i])));
}
}
catch {
return AsnDecodeStatus.BadAsn;
}
return AsnDecodeStatus.Ok;
}
// methods
public void Reset ()
{
apps = new OidCollection ();
cert = new OidCollection ();
store2 = null;
rflag = X509RevocationFlag.ExcludeRoot;
mode = X509RevocationMode.Online;
timeout = TimeSpan.Zero;
vflags = X509VerificationFlags.NoFlag;
vtime = DateTime.Now;
}
public static void TestOidCollection()
{
int i;
OidCollection c = new OidCollection();
Assert.Equal(0, c.Count);
Oid o0 = new Oid(SHA1_Oid, SHA1_Name);
i = c.Add(o0);
Assert.Equal(0, i);
Oid o1 = new Oid(SHA256_Oid, SHA256_Name);
i = c.Add(o1);
Assert.Equal(1, i);
Assert.Equal(2, c.Count);
Assert.Same(o0, c[0]);
Assert.Same(o1, c[1]);
Assert.Throws<ArgumentOutOfRangeException>(() => GC.KeepAlive(c[-1]));
Assert.Throws<ArgumentOutOfRangeException>(() => GC.KeepAlive(c[c.Count]));
Oid o2 = new Oid(SHA1_Oid, SHA1_Name);
i = c.Add(o2);
Assert.Equal(2, i);
// If there multiple matches, the one with the lowest index wins.
Assert.Same(o0, c[SHA1_Name]);
Assert.Same(o0, c[SHA1_Oid]);
Assert.Same(o1, c[SHA256_Name]);
Assert.Same(o1, c[SHA256_Oid]);
Oid o3 = new Oid(null, null);
i = c.Add(o3);
Assert.Equal(3, i);
Assert.Throws<ArgumentNullException>(() => GC.KeepAlive(c[null]));
Object o = c["BOGUSBOGUS"];
Assert.Null(c["BOGUSBOGUS"]);
Oid[] a = new Oid[10];
for (int j = 0; j < a.Length; j++)
{
a[j] = new Oid(null, null);
}
Oid[] a2 = (Oid[])(a.Clone());
c.CopyTo(a2, 3);
Assert.Equal(a[0], a2[0]);
Assert.Equal(a[1], a2[1]);
Assert.Equal(a[2], a2[2]);
Assert.Equal(o0, a2[3]);
Assert.Equal(o1, a2[4]);
Assert.Equal(o2, a2[5]);
Assert.Equal(o3, a2[6]);
Assert.Equal(a[7], a2[7]);
Assert.Equal(a[8], a2[8]);
Assert.Equal(a[9], a2[9]);
Assert.Throws<ArgumentNullException>(() => c.CopyTo(null, 0));
Assert.Throws<ArgumentNullException>(() => c.CopyTo(null, -1));
Assert.Throws<ArgumentOutOfRangeException>(() => c.CopyTo(a, -1));
Assert.Throws<ArgumentException>(() => c.CopyTo(a, 7));
Assert.Throws<ArgumentOutOfRangeException>(() => c.CopyTo(a, 1000));
ICollection ic = c;
Assert.Throws<ArgumentException>(() => ic.CopyTo(new Oid[4, 3], 0));
Assert.Throws<InvalidCastException>(() => ic.CopyTo(new string[100], 0));
return;
}
public static void EnhancedKeyUsageExtension_2Oids()
{
Oid oid1 = Oid.FromOidValue("1.3.6.1.5.5.7.3.1", OidGroup.EnhancedKeyUsage);
Oid oid2 = Oid.FromOidValue("1.3.6.1.4.1.311.10.3.1", OidGroup.EnhancedKeyUsage);
OidCollection usages = new OidCollection();
usages.Add(oid1);
usages.Add(oid2);
TestEnhancedKeyUsageExtension(usages, false, "301606082b06010505070301060a2b0601040182370a0301".HexToByteArray());
}
private static void TestEnhancedKeyUsageExtension(
OidCollection usages,
bool critical,
byte[] expectedDer)
{
X509EnhancedKeyUsageExtension ext = new X509EnhancedKeyUsageExtension(usages, critical);
byte[] rawData = ext.RawData;
Assert.Equal(expectedDer, rawData);
ext = new X509EnhancedKeyUsageExtension(new AsnEncodedData(rawData), critical);
OidCollection actualUsages = ext.EnhancedKeyUsages;
Assert.Equal(usages.Count, actualUsages.Count);
for (int i = 0; i < usages.Count; i++)
{
Assert.Equal(usages[i].Value, actualUsages[i].Value);
}
}
public static void EnhancedKeyUsageExtension_Empty()
{
OidCollection usages = new OidCollection();
TestEnhancedKeyUsageExtension(usages, false, "3000".HexToByteArray());
}
// methods
public void Reset ()
{
_apps = new OidCollection ();
_cert = new OidCollection ();
_store = new X509Certificate2Collection ();
_rflag = X509RevocationFlag.ExcludeRoot;
_mode = X509RevocationMode.Online;
_timeout = new TimeSpan (0);
_vflags = X509VerificationFlags.NoFlag;
_vtime = DateTime.Now;
}
