private void Empty (KeyUsageExtension kue) { Assert.IsFalse (kue.Critical, "Critical"); Assert.AreEqual ("2.5.29.15", kue.Oid, "Oid"); Assert.IsNotNull (kue.Name, "Name"); Assert.IsFalse (kue.Name == kue.Oid, "Name!=Oid"); Assert.AreEqual (KeyUsages.none, kue.KeyUsage, "KeyUsage"); Assert.IsTrue (kue.Support (KeyUsages.none), "Support(none)"); Assert.IsFalse (kue.Support (KeyUsages.digitalSignature), "Support(digitalSignature)"); Assert.IsFalse (kue.Support (KeyUsages.decipherOnly), "Support(decipherOnly)"); }
public void KeyUsage_MaxValue () { KeyUsageExtension kue = new KeyUsageExtension (); kue.KeyUsage = (KeyUsages) Int32.MaxValue; Assert.IsTrue (kue.Support (KeyUsages.none), "Support(none)"); Assert.IsTrue (kue.Support (KeyUsages.digitalSignature), "Support(digitalSignature)"); Assert.IsTrue (kue.Support (KeyUsages.nonRepudiation), "Support(nonRepudiation)"); Assert.IsTrue (kue.Support (KeyUsages.keyEncipherment), "Support(keyEncipherment)"); Assert.IsTrue (kue.Support (KeyUsages.dataEncipherment), "Support(dataEncipherment)"); Assert.IsTrue (kue.Support (KeyUsages.keyAgreement), "Support(keyAgreement)"); Assert.IsTrue (kue.Support (KeyUsages.keyCertSign), "Support(keyCertSign)"); Assert.IsTrue (kue.Support (KeyUsages.cRLSign), "Support(cRLSign)"); Assert.IsTrue (kue.Support (KeyUsages.encipherOnly), "Support(encipherOnly)"); Assert.IsTrue (kue.Support (KeyUsages.decipherOnly), "Support(decipherOnly)"); }
public bool VerifySignature (X509Certificate x509) { if (x509 == null) throw new ArgumentNullException ("x509"); // 1. x509 certificate must be a CA certificate (unknown for v1 or v2 certs) if (x509.Version >= 3) { BasicConstraintsExtension basicConstraints = null; // 1.2. Check for ca = true in BasicConstraint X509Extension ext = x509.Extensions ["2.5.29.19"]; if (ext != null) { basicConstraints = new BasicConstraintsExtension (ext); if (!basicConstraints.CertificateAuthority) return false; } // 1.1. Check for "cRLSign" bit in KeyUsage extension ext = x509.Extensions ["2.5.29.15"]; if (ext != null) { KeyUsageExtension keyUsage = new KeyUsageExtension (ext); if (!keyUsage.Support (KeyUsages.cRLSign)) { // 2nd chance if basicConstraints is CertificateAuthority // and KeyUsage support digitalSignature if ((basicConstraints == null) || !keyUsage.Support (KeyUsages.digitalSignature)) return false; } } } // 2. CRL issuer must match CA subject name if (issuer != x509.SubjectName) return false; // 3. Check the CRL signature with the CA certificate public key switch (signatureOID) { case "1.2.840.10040.4.3": return VerifySignature (x509.DSA); default: return VerifySignature (x509.RSA); } }
bool KeyUsage(MSX.PKCS12 pfx) { foreach (MSX.X509Certificate cert in pfx.Certificates) { MSX.X509Extension xtn = cert.Extensions ["2.5.29.15"]; if (xtn == null) continue; var ku = new KeyUsageExtension (xtn); if (!ku.Support (KeyUsages.digitalSignature) && !ku.Support (KeyUsages.keyEncipherment)) continue; key = GetKeyMatchingCertificate (pfx, cert); if (key == null) continue; x509 = new X509Certificate (cert.RawData); break; } // complete ? return ((x509 != null) && (key != null)); }