internal static bool IssuersMatch(X509Name a, X509Name b) { return(a?.Equivalent(b, inOrder: true) ?? (b == null)); }
internal static void GetCertStatus( DateTime validDate, X509Crl crl, Object cert, CertStatus certStatus) { X509Crl bcCRL = null; try { bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded()))); } catch (Exception exception) { throw new Exception("Bouncy Castle X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); if (crl_entry == null) { return; } X509Name issuer = GetIssuerPrincipal(cert); if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) || issuer.Equivalent(crl.IssuerDN, true)) { DerEnumerated reasonCode = null; if (crl_entry.HasExtensions) { try { reasonCode = DerEnumerated.GetInstance( GetExtensionValue(crl_entry, X509Extensions.ReasonCode)); } catch (Exception e) { new Exception( "Reason code CRL entry extension could not be decoded.", e); } } // for reason keyCompromise, caCompromise, aACompromise or // unspecified if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) || reasonCode == null || reasonCode.Value.TestBit(0) || reasonCode.Value.TestBit(1) || reasonCode.Value.TestBit(2) || reasonCode.Value.TestBit(8)) { if (reasonCode != null) // (i) or (j) (1) { certStatus.Status = reasonCode.Value.SignValue; } else // (i) or (j) (2) { certStatus.Status = CrlReason.Unspecified; } certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate); } } }
/// <summary> /// Search the given Set of TrustAnchor's for one that is the /// issuer of the given X509 certificate. /// </summary> /// <param name="cert">the X509 certificate</param> /// <param name="trustAnchors">a Set of TrustAnchor's</param> /// <returns>the <code>TrustAnchor</code> object if found or /// <code>null</code> if not. /// </returns> /// @exception internal static TrustAnchor FindTrustAnchor( X509Certificate cert, ISet trustAnchors) { IEnumerator iter = trustAnchors.GetEnumerator(); TrustAnchor trust = null; AsymmetricKeyParameter trustPublicKey = null; Exception invalidKeyEx = null; X509CertStoreSelector certSelectX509 = new X509CertStoreSelector(); try { certSelectX509.Subject = GetIssuerPrincipal(cert); } catch (IOException ex) { throw new Exception("Cannot set subject search criteria for trust anchor.", ex); } while (iter.MoveNext() && trust == null) { trust = (TrustAnchor)iter.Current; if (trust.TrustedCert != null) { if (certSelectX509.Match(trust.TrustedCert)) { trustPublicKey = trust.TrustedCert.GetPublicKey(); } else { trust = null; } } else if (trust.CAName != null && trust.CAPublicKey != null) { try { X509Name certIssuer = GetIssuerPrincipal(cert); X509Name caName = new X509Name(trust.CAName); if (certIssuer.Equivalent(caName, true)) { trustPublicKey = trust.CAPublicKey; } else { trust = null; } } catch (InvalidParameterException) { trust = null; } } else { trust = null; } if (trustPublicKey != null) { try { cert.Verify(trustPublicKey); } catch (Exception ex) { invalidKeyEx = ex; trust = null; } } } if (trust == null && invalidKeyEx != null) { throw new Exception("TrustAnchor found but certificate validation failed.", invalidKeyEx); } return(trust); }
public X509CertificateEntry[] GetCertificateChain( string alias) { if (alias == null) { throw new ArgumentNullException("alias"); } if (!IsKeyEntry(alias)) { return(null); } X509CertificateEntry c = GetCertificate(alias); if (c != null) { IList cs = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.CreateArrayList(); while (c != null) { X509Certificate x509c = c.Certificate; X509CertificateEntry nextC = null; Asn1OctetString akiValue = x509c.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier); if (akiValue != null) { AuthorityKeyIdentifier aki = AuthorityKeyIdentifier.GetInstance(akiValue.GetOctets()); byte[] keyID = aki.GetKeyIdentifier(); if (keyID != null) { nextC = (X509CertificateEntry)chainCerts[new CertId(keyID)]; } } if (nextC == null) { // // no authority key id, try the Issuer DN // X509Name i = x509c.IssuerDN; X509Name s = x509c.SubjectDN; if (!i.Equivalent(s)) { foreach (CertId certId in chainCerts.Keys) { X509CertificateEntry x509CertEntry = (X509CertificateEntry)chainCerts[certId]; X509Certificate crt = x509CertEntry.Certificate; X509Name sub = crt.SubjectDN; if (sub.Equivalent(i)) { try { x509c.Verify(crt.GetPublicKey()); nextC = x509CertEntry; break; } catch (InvalidKeyException) { // TODO What if it doesn't verify? } } } } } cs.Add(c); if (nextC != c) // self signed - end of the chain { c = nextC; } else { c = null; } } X509CertificateEntry[] result = new X509CertificateEntry[cs.Count]; for (int i = 0; i < cs.Count; ++i) { result[i] = (X509CertificateEntry)cs[i]; } return(result); } return(null); }
/** * @param certs */ private static IList SortCerts( IList certs) { if (certs.Count < 2) { return(certs); } X509Name issuer = ((X509Certificate)certs[0]).IssuerDN; bool okay = true; for (int i = 1; i != certs.Count; i++) { X509Certificate cert = (X509Certificate)certs[i]; if (issuer.Equivalent(cert.SubjectDN, true)) { issuer = ((X509Certificate)certs[i]).IssuerDN; } else { okay = false; break; } } if (okay) { return(certs); } // find end-entity cert IList retList = Platform.CreateArrayList(certs.Count); IList orig = Platform.CreateArrayList(certs); for (int i = 0; i < certs.Count; i++) { X509Certificate cert = (X509Certificate)certs[i]; bool found = false; X509Name subject = cert.SubjectDN; foreach (X509Certificate c in certs) { if (c.IssuerDN.Equivalent(subject, true)) { found = true; break; } } if (!found) { retList.Add(cert); certs.RemoveAt(i); } } // can only have one end entity cert - something's wrong, give up. if (retList.Count > 1) { return(orig); } for (int i = 0; i != retList.Count; i++) { issuer = ((X509Certificate)retList[i]).IssuerDN; for (int j = 0; j < certs.Count; j++) { X509Certificate c = (X509Certificate)certs[j]; if (issuer.Equivalent(c.SubjectDN, true)) { retList.Add(c); certs.RemoveAt(j); break; } } } // make sure all certificates are accounted for. if (certs.Count > 0) { return(orig); } return(retList); }
public virtual bool Match( object obj) { X509Certificate c = obj as X509Certificate; if (c == null) { return(false); } if (!MatchExtension(authorityKeyIdentifier, c, X509Extensions.AuthorityKeyIdentifier)) { return(false); } if (basicConstraints != -1) { int bc = c.GetBasicConstraints(); if (basicConstraints == -2) { if (bc != -1) { return(false); } } else { if (bc < basicConstraints) { return(false); } } } if (certificate != null && !certificate.Equals(c)) { return(false); } if (certificateValid != null && !c.IsValid(certificateValid.Value)) { return(false); } if (extendedKeyUsage != null) { IList eku = c.GetExtendedKeyUsage(); // Note: if no extended key usage set, all key purposes are implicitly allowed if (eku != null) { foreach (DerObjectIdentifier oid in extendedKeyUsage) { if (!eku.Contains(oid.Id)) { return(false); } } } } if (issuer != null && !issuer.Equivalent(c.IssuerDN, true)) { return(false); } if (keyUsage != null) { bool[] ku = c.GetKeyUsage(); // Note: if no key usage set, all key purposes are implicitly allowed if (ku != null) { for (int i = 0; i < 9; ++i) { if (keyUsage[i] && !ku[i]) { return(false); } } } } if (policy != null) { Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CertificatePolicies); if (extVal == null) { return(false); } Asn1Sequence certPolicies = Asn1Sequence.GetInstance( X509ExtensionUtilities.FromExtensionValue(extVal)); if (policy.Count < 1 && certPolicies.Count < 1) { return(false); } bool found = false; foreach (PolicyInformation pi in certPolicies) { if (policy.Contains(pi.PolicyIdentifier)) { found = true; break; } } if (!found) { return(false); } } if (privateKeyValid != null) { Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.PrivateKeyUsagePeriod); if (extVal == null) { return(false); } PrivateKeyUsagePeriod pkup = PrivateKeyUsagePeriod.GetInstance( X509ExtensionUtilities.FromExtensionValue(extVal)); DateTime dt = privateKeyValid.Value; DateTime notAfter = pkup.NotAfter.ToDateTime(); DateTime notBefore = pkup.NotBefore.ToDateTime(); if (dt.CompareTo(notAfter) > 0 || dt.CompareTo(notBefore) < 0) { return(false); } } if (serialNumber != null && !serialNumber.Equals(c.SerialNumber)) { return(false); } if (subject != null && !subject.Equivalent(c.SubjectDN, true)) { return(false); } if (!MatchExtension(subjectKeyIdentifier, c, X509Extensions.SubjectKeyIdentifier)) { return(false); } if (subjectPublicKey != null && !subjectPublicKey.Equals(GetSubjectPublicKey(c))) { return(false); } if (subjectPublicKeyAlgID != null && !subjectPublicKeyAlgID.Equals(GetSubjectPublicKey(c).AlgorithmID)) { return(false); } return(true); }
internal static bool IssuersMatch( X509Name a, X509Name b) { return(a == null ? b == null : a.Equivalent(b, true)); }
public virtual bool Match(object obj) { X509Certificate x509Certificate = obj as X509Certificate; if (x509Certificate == null) { return(false); } if (!MatchExtension(authorityKeyIdentifier, x509Certificate, X509Extensions.AuthorityKeyIdentifier)) { return(false); } if (basicConstraints != -1) { int num = x509Certificate.GetBasicConstraints(); if (basicConstraints == -2) { if (num != -1) { return(false); } } else if (num < basicConstraints) { return(false); } } if (certificate != null && !certificate.Equals(x509Certificate)) { return(false); } if (certificateValid != null && !x509Certificate.IsValid(certificateValid.Value)) { return(false); } if (extendedKeyUsage != null) { global::System.Collections.IList list = x509Certificate.GetExtendedKeyUsage(); if (list != null) { { global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)extendedKeyUsage).GetEnumerator(); try { while (enumerator.MoveNext()) { DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current(); if (!list.Contains((object)derObjectIdentifier.Id)) { return(false); } } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } } } } if (issuer != null && !issuer.Equivalent(x509Certificate.IssuerDN, inOrder: true)) { return(false); } if (keyUsage != null) { bool[] array = x509Certificate.GetKeyUsage(); if (array != null) { for (int i = 0; i < 9; i++) { if (keyUsage[i] && !array[i]) { return(false); } } } } if (policy != null) { Asn1OctetString extensionValue = x509Certificate.GetExtensionValue(X509Extensions.CertificatePolicies); if (extensionValue == null) { return(false); } Asn1Sequence instance = Asn1Sequence.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue)); if (((global::System.Collections.ICollection)policy).get_Count() < 1 && instance.Count < 1) { return(false); } bool flag = false; { global::System.Collections.IEnumerator enumerator = instance.GetEnumerator(); try { while (enumerator.MoveNext()) { PolicyInformation policyInformation = (PolicyInformation)enumerator.get_Current(); if (policy.Contains(policyInformation.PolicyIdentifier)) { flag = true; break; } } } finally { global::System.IDisposable disposable2 = enumerator as global::System.IDisposable; if (disposable2 != null) { disposable2.Dispose(); } } } if (!flag) { return(false); } } if (privateKeyValid != null) { Asn1OctetString extensionValue2 = x509Certificate.GetExtensionValue(X509Extensions.PrivateKeyUsagePeriod); if (extensionValue2 == null) { return(false); } PrivateKeyUsagePeriod instance2 = PrivateKeyUsagePeriod.GetInstance(X509ExtensionUtilities.FromExtensionValue(extensionValue2)); global::System.DateTime value = privateKeyValid.Value; global::System.DateTime dateTime = instance2.NotAfter.ToDateTime(); global::System.DateTime dateTime2 = instance2.NotBefore.ToDateTime(); if (value.CompareTo((object)dateTime) > 0 || value.CompareTo((object)dateTime2) < 0) { return(false); } } if (serialNumber != null && !serialNumber.Equals(x509Certificate.SerialNumber)) { return(false); } if (subject != null && !subject.Equivalent(x509Certificate.SubjectDN, inOrder: true)) { return(false); } if (!MatchExtension(subjectKeyIdentifier, x509Certificate, X509Extensions.SubjectKeyIdentifier)) { return(false); } if (subjectPublicKey != null && !subjectPublicKey.Equals(GetSubjectPublicKey(x509Certificate))) { return(false); } if (subjectPublicKeyAlgID != null && !subjectPublicKeyAlgID.Equals(GetSubjectPublicKey(x509Certificate).AlgorithmID)) { return(false); } return(true); }
internal static void GetCertStatus( DateTime validDate, X509Crl crl, Object cert, CertStatus certStatus) { X509Crl bcCRL = null; try { bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded()))); } catch (Exception exception) { throw new Exception("Bouncy Castle X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); if (crl_entry == null) { return; } X509Name issuer = GetIssuerPrincipal(cert); if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) && !issuer.Equivalent(crl.IssuerDN, true)) { return; } int reasonCodeValue = CrlReason.Unspecified; if (crl_entry.HasExtensions) { try { Asn1Object extValue = GetExtensionValue(crl_entry, X509Extensions.ReasonCode); DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue); if (null != reasonCode) { reasonCodeValue = reasonCode.IntValueExact; } } catch (Exception e) { throw new Exception("Reason code CRL entry extension could not be decoded.", e); } } DateTime revocationDate = crl_entry.RevocationDate; if (validDate.Ticks < revocationDate.Ticks) { switch (reasonCodeValue) { case CrlReason.Unspecified: case CrlReason.KeyCompromise: case CrlReason.CACompromise: case CrlReason.AACompromise: break; default: return; } } // (i) or (j) certStatus.Status = reasonCodeValue; certStatus.RevocationDate = new DateTimeObject(revocationDate); }
internal static TrustAnchor FindTrustAnchor(X509Certificate cert, ISet trustAnchors) { //IL_0028: Expected O, but got Unknown global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)trustAnchors).GetEnumerator(); TrustAnchor trustAnchor = null; AsymmetricKeyParameter asymmetricKeyParameter = null; global::System.Exception ex = null; X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector(); try { x509CertStoreSelector.Subject = GetIssuerPrincipal(cert); } catch (IOException val) { IOException val2 = val; throw new global::System.Exception("Cannot set subject search criteria for trust anchor.", (global::System.Exception)(object) val2); } while (enumerator.MoveNext() && trustAnchor == null) { trustAnchor = (TrustAnchor)enumerator.get_Current(); if (trustAnchor.TrustedCert != null) { if (x509CertStoreSelector.Match(trustAnchor.TrustedCert)) { asymmetricKeyParameter = trustAnchor.TrustedCert.GetPublicKey(); } else { trustAnchor = null; } } else if (trustAnchor.CAName != null && trustAnchor.CAPublicKey != null) { try { X509Name issuerPrincipal = GetIssuerPrincipal(cert); X509Name other = new X509Name(trustAnchor.CAName); if (issuerPrincipal.Equivalent(other, inOrder: true)) { asymmetricKeyParameter = trustAnchor.CAPublicKey; } else { trustAnchor = null; } } catch (InvalidParameterException) { trustAnchor = null; } } else { trustAnchor = null; } if (asymmetricKeyParameter != null) { try { cert.Verify(asymmetricKeyParameter); } catch (global::System.Exception ex3) { ex = ex3; trustAnchor = null; } } } if (trustAnchor == null && ex != null) { throw new global::System.Exception("TrustAnchor found but certificate validation failed.", ex); } return(trustAnchor); }
public override void PerformTest() { doTestEncodingPrintableString(X509Name.C, "AU"); doTestEncodingPrintableString(X509Name.SerialNumber, "123456"); doTestEncodingPrintableString(X509Name.DnQualifier, "123456"); doTestEncodingIA5String(X509Name.EmailAddress, "*****@*****.**"); doTestEncodingIA5String(X509Name.DC, "test"); // correct encoding doTestEncodingGeneralizedTime(X509Name.DateOfBirth, "#180F32303032303132323132323232305A"); // compatability encoding doTestEncodingGeneralizedTime(X509Name.DateOfBirth, "20020122122220Z"); // // composite // IDictionary attrs = new Hashtable(); attrs.Add(X509Name.C, "AU"); attrs.Add(X509Name.O, "The Legion of the Bouncy Castle"); attrs.Add(X509Name.L, "Melbourne"); attrs.Add(X509Name.ST, "Victoria"); attrs.Add(X509Name.E, "*****@*****.**"); IList order = new ArrayList(); order.Add(X509Name.C); order.Add(X509Name.O); order.Add(X509Name.L); order.Add(X509Name.ST); order.Add(X509Name.E); X509Name name1 = new X509Name(order, attrs); if (!name1.Equivalent(name1)) { Fail("Failed same object test"); } if (!name1.Equivalent(name1, true)) { Fail("Failed same object test - in Order"); } X509Name name2 = new X509Name(order, attrs); if (!name1.Equivalent(name2)) { Fail("Failed same name test"); } if (!name1.Equivalent(name2, true)) { Fail("Failed same name test - in Order"); } if (name1.GetHashCode() != name2.GetHashCode()) { Fail("Failed same name test - in Order"); } IList ord1 = new ArrayList(); ord1.Add(X509Name.C); ord1.Add(X509Name.O); ord1.Add(X509Name.L); ord1.Add(X509Name.ST); ord1.Add(X509Name.E); IList ord2 = new ArrayList(); ord2.Add(X509Name.E); ord2.Add(X509Name.ST); ord2.Add(X509Name.L); ord2.Add(X509Name.O); ord2.Add(X509Name.C); name1 = new X509Name(ord1, attrs); name2 = new X509Name(ord2, attrs); if (!name1.Equivalent(name2)) { Fail("Failed reverse name test"); } // FIXME Sort out X509Name hashcode problem // if (name1.GetHashCode() != name2.GetHashCode()) // { // Fail("Failed reverse name test GetHashCode"); // } if (name1.Equivalent(name2, true)) { Fail("Failed reverse name test - in Order"); } if (!name1.Equivalent(name2, false)) { Fail("Failed reverse name test - in Order false"); } IList oids = name1.GetOidList(); if (!CompareVectors(oids, ord1)) { Fail("oid comparison test"); } IList val1 = new ArrayList(); val1.Add("AU"); val1.Add("The Legion of the Bouncy Castle"); val1.Add("Melbourne"); val1.Add("Victoria"); val1.Add("*****@*****.**"); name1 = new X509Name(ord1, val1); IList values = name1.GetValueList(); if (!CompareVectors(values, val1)) { Fail("value comparison test"); } ord2 = new ArrayList(); ord2.Add(X509Name.ST); ord2.Add(X509Name.ST); ord2.Add(X509Name.L); ord2.Add(X509Name.O); ord2.Add(X509Name.C); name1 = new X509Name(ord1, attrs); name2 = new X509Name(ord2, attrs); if (name1.Equivalent(name2)) { Fail("Failed different name test"); } ord2 = new ArrayList(); ord2.Add(X509Name.ST); ord2.Add(X509Name.L); ord2.Add(X509Name.O); ord2.Add(X509Name.C); name1 = new X509Name(ord1, attrs); name2 = new X509Name(ord2, attrs); if (name1.Equivalent(name2)) { Fail("Failed subset name test"); } compositeTest(); // // getValues test // IList v1 = name1.GetValueList(X509Name.O); if (v1.Count != 1 || !v1[0].Equals("The Legion of the Bouncy Castle")) { Fail("O test failed"); } IList v2 = name1.GetValueList(X509Name.L); if (v2.Count != 1 || !v2[0].Equals("Melbourne")) { Fail("L test failed"); } // // general subjects test // for (int i = 0; i != subjects.Length; i++) { X509Name name = new X509Name(subjects[i]); byte[] encodedName = name.GetEncoded(); name = X509Name.GetInstance(Asn1Object.FromByteArray(encodedName)); if (!name.ToString().Equals(subjects[i])) { Fail("Failed regeneration test " + i); } } // // sort test // X509Name unsorted = new X509Name("SERIALNUMBER=BBB + CN=AA"); if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("CN=AA+SERIALNUMBER=BBB")) { Fail("Failed sort test 1"); } unsorted = new X509Name("CN=AA + SERIALNUMBER=BBB"); if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("CN=AA+SERIALNUMBER=BBB")) { Fail("Failed sort test 2"); } unsorted = new X509Name("SERIALNUMBER=B + CN=AA"); if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("SERIALNUMBER=B+CN=AA")) { Fail("Failed sort test 3"); } unsorted = new X509Name("CN=AA + SERIALNUMBER=B"); if (!FromBytes(unsorted.GetEncoded()).ToString().Equals("SERIALNUMBER=B+CN=AA")) { Fail("Failed sort test 4"); } // // equality tests // equalityTest(new X509Name("CN=The Legion"), new X509Name("CN=The Legion")); equalityTest(new X509Name("CN= The Legion"), new X509Name("CN=The Legion")); equalityTest(new X509Name("CN=The Legion "), new X509Name("CN=The Legion")); equalityTest(new X509Name("CN= The Legion "), new X509Name("CN=The Legion")); equalityTest(new X509Name("CN= the legion "), new X509Name("CN=The Legion")); // # test X509Name n1 = new X509Name("SERIALNUMBER=8,O=ABC,CN=ABC Class 3 CA,C=LT"); X509Name n2 = new X509Name("2.5.4.5=8,O=ABC,CN=ABC Class 3 CA,C=LT"); X509Name n3 = new X509Name("2.5.4.5=#130138,O=ABC,CN=ABC Class 3 CA,C=LT"); equalityTest(n1, n2); equalityTest(n2, n3); equalityTest(n3, n1); n1 = new X509Name(true, "2.5.4.5=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT"); n2 = new X509Name(true, "SERIALNUMBER=#130138,CN=SSC Class 3 CA,O=UAB Skaitmeninio sertifikavimo centras,C=LT"); n3 = X509Name.GetInstance(Asn1Object.FromByteArray(Hex.Decode("3063310b3009060355040613024c54312f302d060355040a1326" + "55414220536b6169746d656e696e696f20736572746966696b6176696d6f2063656e74726173311730150603550403130e53534320436c6173732033204341310a30080603550405130138"))); equalityTest(n1, n2); equalityTest(n2, n3); equalityTest(n3, n1); n1 = new X509Name("SERIALNUMBER=8,O=XX,CN=ABC Class 3 CA,C=LT"); n2 = new X509Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT"); if (n1.Equivalent(n2)) { Fail("empty inequality check failed"); } n1 = new X509Name("SERIALNUMBER=8,O=,CN=ABC Class 3 CA,C=LT"); n2 = new X509Name("2.5.4.5=8,O=,CN=ABC Class 3 CA,C=LT"); equalityTest(n1, n2); // // inequality to sequences // name1 = new X509Name("CN=The Legion"); if (name1.Equals(DerSequence.Empty)) { Fail("inequality test with sequence"); } if (name1.Equals(new DerSequence(DerSet.Empty))) { Fail("inequality test with sequence and set"); } Asn1EncodableVector v = new Asn1EncodableVector( new DerObjectIdentifier("1.1"), new DerObjectIdentifier("1.1")); if (name1.Equals(new DerSequence(new DerSet(new DerSet(v))))) { Fail("inequality test with sequence and bad set"); } // if (name1.Equals(new DerSequence(new DerSet(new DerSet(v))), true)) // { // Fail("inequality test with sequence and bad set"); // } try { X509Name.GetInstance(new DerSequence(new DerSet(new DerSet(v)))); Fail("GetInstance should reject bad sequence"); } catch (ArgumentException) { //expected } if (name1.Equals(new DerSequence(new DerSet(DerSequence.Empty)))) { Fail("inequality test with sequence and short sequence"); } // if (name1.Equals(new DerSequence(new DerSet(DerSequence.Empty)), true)) // { // Fail("inequality test with sequence and short sequence"); // } try { X509Name.GetInstance(new DerSequence(new DerSet(DerSequence.Empty))); Fail("GetInstance should reject short sequence"); } catch (ArgumentException) { //expected } v = new Asn1EncodableVector( new DerObjectIdentifier("1.1"), DerSequence.Empty); if (name1.Equals(new DerSequence(new DerSet(new DerSequence(v))))) { Fail("inequality test with sequence and bad sequence"); } if (name1.Equivalent(null)) { Fail("inequality test with null"); } if (name1.Equivalent(null, true)) { Fail("inequality test with null"); } // // this is contrived but it checks sorting of sets with equal elements // unsorted = new X509Name("CN=AA + CN=AA + CN=AA"); // // tagging test - only works if CHOICE implemented // /* * ASN1TaggedObject tag = new DERTaggedObject(false, 1, new X509Name("CN=AA")); * * if (!tag.isExplicit()) * { * Fail("failed to explicitly tag CHOICE object"); * } * * X509Name name = X509Name.getInstance(tag, false); * * if (!name.equals(new X509Name("CN=AA"))) * { * Fail("failed to recover tagged name"); * } */ DerUtf8String testString = new DerUtf8String("The Legion of the Bouncy Castle"); byte[] encodedBytes = testString.GetEncoded(); string hexEncodedString = "#" + Hex.ToHexString(encodedBytes); DerUtf8String converted = (DerUtf8String) new X509DefaultEntryConverter().GetConvertedValue( X509Name.L, hexEncodedString); if (!converted.Equals(testString)) { Fail("Failed X509DefaultEntryConverter test"); } // // try escaped. // converted = (DerUtf8String) new X509DefaultEntryConverter().GetConvertedValue( X509Name.L, "\\" + hexEncodedString); if (!converted.Equals(new DerUtf8String(hexEncodedString))) { Fail("Failed X509DefaultEntryConverter test got " + converted + " expected: " + hexEncodedString); } // // try a weird value // X509Name n = new X509Name("CN=\\#nothex#string"); if (!n.ToString().Equals("CN=\\#nothex#string")) { Fail("# string not properly escaped."); } IList vls = n.GetValueList(X509Name.CN); if (vls.Count != 1 || !vls[0].Equals("#nothex#string")) { Fail("Escaped # not reduced properly"); } n = new X509Name("CN=\"a+b\""); vls = n.GetValueList(X509Name.CN); if (vls.Count != 1 || !vls[0].Equals("a+b")) { Fail("Escaped + not reduced properly"); } n = new X509Name("CN=a\\+b"); vls = n.GetValueList(X509Name.CN); if (vls.Count != 1 || !vls[0].Equals("a+b")) { Fail("Escaped + not reduced properly"); } if (!n.ToString().Equals("CN=a\\+b")) { Fail("+ in string not properly escaped."); } n = new X509Name("CN=a\\=b"); vls = n.GetValueList(X509Name.CN); if (vls.Count != 1 || !vls[0].Equals("a=b")) { Fail("Escaped = not reduced properly"); } if (!n.ToString().Equals("CN=a\\=b")) { Fail("= in string not properly escaped."); } n = new X509Name("TELEPHONENUMBER=\"+61999999999\""); vls = n.GetValueList(X509Name.TelephoneNumber); if (vls.Count != 1 || !vls[0].Equals("+61999999999")) { Fail("telephonenumber escaped + not reduced properly"); } n = new X509Name("TELEPHONENUMBER=\\+61999999999"); vls = n.GetValueList(X509Name.TelephoneNumber); if (vls.Count != 1 || !vls[0].Equals("+61999999999")) { Fail("telephonenumber escaped + not reduced properly"); } n = new X509Name(@"TELEPHONENUMBER=\+61999999999"); vls = n.GetValueList(X509Name.TelephoneNumber); if (vls.Count != 1 || !vls[0].Equals("+61999999999")) { Fail("telephonenumber escaped + not reduced properly"); } }
internal static TrustAnchor FindTrustAnchor(X509Certificate cert, ISet trustAnchors) { IEnumerator enumerator = trustAnchors.GetEnumerator(); TrustAnchor trustAnchor = null; AsymmetricKeyParameter asymmetricKeyParameter = null; Exception ex = null; X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector(); try { x509CertStoreSelector.Subject = PkixCertPathValidatorUtilities.GetIssuerPrincipal(cert); goto IL_C4; } catch (IOException innerException) { throw new Exception("Cannot set subject search criteria for trust anchor.", innerException); } IL_35: trustAnchor = (TrustAnchor)enumerator.Current; if (trustAnchor.TrustedCert != null) { if (x509CertStoreSelector.Match(trustAnchor.TrustedCert)) { asymmetricKeyParameter = trustAnchor.TrustedCert.GetPublicKey(); } else { trustAnchor = null; } } else { if (trustAnchor.CAName != null && trustAnchor.CAPublicKey != null) { try { X509Name issuerPrincipal = PkixCertPathValidatorUtilities.GetIssuerPrincipal(cert); X509Name other = new X509Name(trustAnchor.CAName); if (issuerPrincipal.Equivalent(other, true)) { asymmetricKeyParameter = trustAnchor.CAPublicKey; } else { trustAnchor = null; } goto IL_AF; } catch (InvalidParameterException) { trustAnchor = null; goto IL_AF; } } trustAnchor = null; } IL_AF: if (asymmetricKeyParameter != null) { try { cert.Verify(asymmetricKeyParameter); } catch (Exception ex2) { ex = ex2; trustAnchor = null; } } IL_C4: if (enumerator.MoveNext() && trustAnchor == null) { goto IL_35; } if (trustAnchor == null && ex != null) { throw new Exception("TrustAnchor found but certificate validation failed.", ex); } return(trustAnchor); }
private static IList SortCerts(IList certs) { if (certs.Count < 2) { return(certs); } X509Name issuerDN = ((X509Certificate)certs[0]).IssuerDN; bool flag = true; for (int num = 1; num != certs.Count; num++) { X509Certificate x509Certificate = (X509Certificate)certs[num]; if (!issuerDN.Equivalent(x509Certificate.SubjectDN, true)) { flag = false; break; } issuerDN = ((X509Certificate)certs[num]).IssuerDN; } if (flag) { return(certs); } IList list = Platform.CreateArrayList(certs.Count); IList result = Platform.CreateArrayList(certs); for (int i = 0; i < certs.Count; i++) { X509Certificate x509Certificate2 = (X509Certificate)certs[i]; bool flag2 = false; X509Name subjectDN = x509Certificate2.SubjectDN; foreach (X509Certificate x509Certificate3 in certs) { if (x509Certificate3.IssuerDN.Equivalent(subjectDN, true)) { flag2 = true; break; } } if (!flag2) { list.Add(x509Certificate2); certs.RemoveAt(i); } } if (list.Count > 1) { return(result); } for (int num2 = 0; num2 != list.Count; num2++) { issuerDN = ((X509Certificate)list[num2]).IssuerDN; for (int j = 0; j < certs.Count; j++) { X509Certificate x509Certificate4 = (X509Certificate)certs[j]; if (issuerDN.Equivalent(x509Certificate4.SubjectDN, true)) { list.Add(x509Certificate4); certs.RemoveAt(j); break; } } } if (certs.Count > 0) { return(result); } return(list); }
public X509CertificateEntry[] GetCertificateChain( string alias) { if (alias == null) { throw new ArgumentNullException("alias"); } if (!IsKeyEntry(alias)) { return(null); } X509CertificateEntry c = GetCertificate(alias); if (c != null) { ArrayList cs = new ArrayList(); while (c != null) { X509Certificate x509c = c.Certificate; X509CertificateEntry nextC = null; Asn1OctetString ext = x509c.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier); if (ext != null) { AuthorityKeyIdentifier id = AuthorityKeyIdentifier.GetInstance( Asn1Object.FromByteArray(ext.GetOctets())); if (id.GetKeyIdentifier() != null) { nextC = (X509CertificateEntry)chainCerts[new CertId(id.GetKeyIdentifier())]; } } if (nextC == null) { // // no authority key id, try the Issuer DN // X509Name i = x509c.IssuerDN; X509Name s = x509c.SubjectDN; if (!i.Equivalent(s)) { foreach (CertId certId in chainCerts.Keys) { X509CertificateEntry x509CertEntry = (X509CertificateEntry)chainCerts[certId]; X509Certificate crt = x509CertEntry.Certificate; X509Name sub = crt.SubjectDN; if (sub.Equivalent(i)) { try { x509c.Verify(crt.GetPublicKey()); nextC = x509CertEntry; break; } catch (InvalidKeyException) { // TODO What if it doesn't verify? } } } } } cs.Add(c); if (nextC != c) // self signed - end of the chain { c = nextC; } else { c = null; } } return((X509CertificateEntry[])cs.ToArray(typeof(X509CertificateEntry))); } return(null); }
public X509CertificateEntry[] GetCertificateChain(string alias) { if (alias == null) { throw new ArgumentNullException("alias"); } if (!this.IsKeyEntry(alias)) { return(null); } X509CertificateEntry x509CertificateEntry = this.GetCertificate(alias); if (x509CertificateEntry != null) { IList list = Platform.CreateArrayList(); while (x509CertificateEntry != null) { X509Certificate certificate = x509CertificateEntry.Certificate; X509CertificateEntry x509CertificateEntry2 = null; Asn1OctetString extensionValue = certificate.GetExtensionValue(X509Extensions.AuthorityKeyIdentifier); if (extensionValue != null) { AuthorityKeyIdentifier instance = AuthorityKeyIdentifier.GetInstance(Asn1Object.FromByteArray(extensionValue.GetOctets())); if (instance.GetKeyIdentifier() != null) { x509CertificateEntry2 = (X509CertificateEntry)this.chainCerts[new Pkcs12Store.CertId(instance.GetKeyIdentifier())]; } } if (x509CertificateEntry2 == null) { X509Name issuerDN = certificate.IssuerDN; X509Name subjectDN = certificate.SubjectDN; if (!issuerDN.Equivalent(subjectDN)) { foreach (Pkcs12Store.CertId key in this.chainCerts.Keys) { X509CertificateEntry x509CertificateEntry3 = (X509CertificateEntry)this.chainCerts[key]; X509Certificate certificate2 = x509CertificateEntry3.Certificate; X509Name subjectDN2 = certificate2.SubjectDN; if (subjectDN2.Equivalent(issuerDN)) { try { certificate.Verify(certificate2.GetPublicKey()); x509CertificateEntry2 = x509CertificateEntry3; break; } catch (InvalidKeyException) { } } } } } list.Add(x509CertificateEntry); if (x509CertificateEntry2 != x509CertificateEntry) { x509CertificateEntry = x509CertificateEntry2; } else { x509CertificateEntry = null; } } X509CertificateEntry[] array = new X509CertificateEntry[list.Count]; for (int i = 0; i < list.Count; i++) { array[i] = (X509CertificateEntry)list[i]; } return(array); } return(null); }
private static global::System.Collections.IList SortCerts(global::System.Collections.IList certs) { if (((global::System.Collections.ICollection)certs).get_Count() < 2) { return(certs); } X509Name issuerDN = ((X509Certificate)certs.get_Item(0)).IssuerDN; bool flag = true; for (int i = 1; i != ((global::System.Collections.ICollection)certs).get_Count(); i++) { X509Certificate x509Certificate = (X509Certificate)certs.get_Item(i); if (issuerDN.Equivalent(x509Certificate.SubjectDN, inOrder: true)) { issuerDN = ((X509Certificate)certs.get_Item(i)).IssuerDN; continue; } flag = false; break; } if (flag) { return(certs); } global::System.Collections.IList list = Platform.CreateArrayList(((global::System.Collections.ICollection)certs).get_Count()); global::System.Collections.IList result = Platform.CreateArrayList((global::System.Collections.ICollection)certs); for (int j = 0; j < ((global::System.Collections.ICollection)certs).get_Count(); j++) { X509Certificate x509Certificate2 = (X509Certificate)certs.get_Item(j); bool flag2 = false; X509Name subjectDN = x509Certificate2.SubjectDN; { global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)certs).GetEnumerator(); try { while (enumerator.MoveNext()) { X509Certificate x509Certificate3 = (X509Certificate)enumerator.get_Current(); if (x509Certificate3.IssuerDN.Equivalent(subjectDN, inOrder: true)) { flag2 = true; break; } } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } } if (!flag2) { list.Add((object)x509Certificate2); certs.RemoveAt(j); } } if (((global::System.Collections.ICollection)list).get_Count() > 1) { return(result); } for (int k = 0; k != ((global::System.Collections.ICollection)list).get_Count(); k++) { issuerDN = ((X509Certificate)list.get_Item(k)).IssuerDN; for (int l = 0; l < ((global::System.Collections.ICollection)certs).get_Count(); l++) { X509Certificate x509Certificate4 = (X509Certificate)certs.get_Item(l); if (issuerDN.Equivalent(x509Certificate4.SubjectDN, inOrder: true)) { list.Add((object)x509Certificate4); certs.RemoveAt(l); break; } } } if (((global::System.Collections.ICollection)certs).get_Count() > 0) { return(result); } return(list); }