コード例 #1
0
        public X509Certificate2ImplMono(byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
        {
            switch (X509Certificate2.GetCertContentType(rawData))
            {
            case X509ContentType.Pkcs12:
                _cert = ImportPkcs12(rawData, password);
                break;

            case X509ContentType.Cert:
            case X509ContentType.Pkcs7:
                _cert = new MX.X509Certificate(rawData);
                break;

#if !MONOTOUCH_WATCH
            case X509ContentType.Authenticode:
                AuthenticodeDeformatter ad = new AuthenticodeDeformatter(rawData);
                _cert = ad.SigningCertificate;
                if (_cert == null)
                {
                    goto default;
                }
                break;
#endif

            default:
                string msg = Locale.GetText("Unable to decode certificate.");
                throw new CryptographicException(msg);
            }
        }
コード例 #2
0
 public override void Import(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
 {
     base.Import(rawData, password, keyStorageFlags);
     if (password == null)
     {
         try {
             _cert = new MX.X509Certificate(rawData);
         }
         catch (Exception e) {
             try {
                 ImportPkcs12(rawData, null);
             }
             catch {
                 string msg = Locale.GetText("Unable to decode certificate.");
                 // inner exception is the original (not second) exception
                 throw new CryptographicException(msg, e);
             }
         }
     }
     else
     {
         // try PKCS#12
         try {
             ImportPkcs12(rawData, password);
         }
         catch {
             // it's possible to supply a (unrequired/unusued) password
             // fix bug #79028
             _cert = new MX.X509Certificate(rawData);
         }
     }
 }
コード例 #3
0
ファイル: ServicePointManager.cs プロジェクト: zgramana/mono
 // RFC2818 - HTTP Over TLS, Section 3.1
 // http://www.ietf.org/rfc/rfc2818.txt
 //
 // 1.	if present MUST use subjectAltName dNSName as identity
 // 1.1.		if multiples entries a match of any one is acceptable
 // 1.2.		wildcard * is acceptable
 // 2.	URI may be an IP address -> subjectAltName.iPAddress
 // 2.1.		exact match is required
 // 3.	Use of the most specific Common Name (CN=) in the Subject
 // 3.1		Existing practice but DEPRECATED
 static bool CheckServerIdentity(MSX.X509Certificate cert, string targetHost)
 {
     try {
         MSX.X509Extension ext = cert.Extensions ["2.5.29.17"];
         // 1. subjectAltName
         if (ext != null)
         {
             SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension(ext);
             // 1.1 - multiple dNSName
             foreach (string dns in subjectAltName.DNSNames)
             {
                 // 1.2 TODO - wildcard support
                 if (Match(targetHost, dns))
                 {
                     return(true);
                 }
             }
             // 2. ipAddress
             foreach (string ip in subjectAltName.IPAddresses)
             {
                 // 2.1. Exact match required
                 if (ip == targetHost)
                 {
                     return(true);
                 }
             }
         }
         // 3. Common Name (CN=)
         return(CheckDomainName(cert.SubjectName, targetHost));
     } catch (Exception e) {
         Console.Error.WriteLine("ERROR processing certificate: {0}", e);
         Console.Error.WriteLine("Please, report this problem to the Mono team");
         return(false);
     }
 }
コード例 #4
0
 X509Certificate2ImplMono(X509Certificate2ImplMono other)
 {
     _cert = other._cert;
     if (other.intermediateCerts != null)
     {
         intermediateCerts = other.intermediateCerts.Clone();
     }
 }
コード例 #5
0
ファイル: X509Chain.cs プロジェクト: williamLuCgz/mono
 private bool IsSignedWith(X509Certificate2 signed, AsymmetricAlgorithm pubkey)
 {
     if (pubkey == null)
     {
         return(false);
     }
     // Sadly X509Certificate2 doesn't expose the signature nor the tbs (to be signed) structure
     MX.X509Certificate mx = signed.MonoCertificate;
     return(mx.VerifySignature(pubkey));
 }
コード例 #6
0
 public override void Reset()
 {
     _cert      = null;
     _publicKey = null;
     if (intermediateCerts != null)
     {
         intermediateCerts.Dispose();
         intermediateCerts = null;
     }
 }
コード例 #7
0
        private MX.X509Certificate ImportPkcs12(byte[] rawData, string password)
        {
            MX.PKCS12 pfx = null;
            if (string.IsNullOrEmpty(password))
            {
                try {
                    // Support both unencrypted PKCS#12..
                    pfx = new MX.PKCS12(rawData, (string)null);
                } catch {
                    // ..and PKCS#12 encrypted with an empty password
                    pfx = new MX.PKCS12(rawData, string.Empty);
                }
            }
            else
            {
                pfx = new MX.PKCS12(rawData, password);
            }

            if (pfx.Certificates.Count == 0)
            {
                // no certificate was found
                return(null);
            }
            else if (pfx.Keys.Count == 0)
            {
                // no key were found - pick the first certificate
                return(pfx.Certificates [0]);
            }
            else
            {
                // find the certificate that match the first key
                MX.X509Certificate cert = null;
                var    keypair          = (pfx.Keys [0] as AsymmetricAlgorithm);
                string pubkey           = keypair.ToXmlString(false);
                foreach (var c in pfx.Certificates)
                {
                    if (((c.RSA != null) && (pubkey == c.RSA.ToXmlString(false))) ||
                        ((c.DSA != null) && (pubkey == c.DSA.ToXmlString(false))))
                    {
                        cert = c;
                        break;
                    }
                }
                if (cert == null)
                {
                    cert = pfx.Certificates [0];                     // no match, pick first certificate without keys
                }
                else
                {
                    cert.RSA = (keypair as RSA);
                    cert.DSA = (keypair as DSA);
                }
                return(cert);
            }
        }
コード例 #8
0
        internal X509ExtensionCollection(MX.X509Certificate cert)
        {
            _list = new ArrayList(cert.Extensions.Count);
            if (cert.Extensions.Count == 0)
            {
                return;
            }

            foreach (MX.X509Extension ext in cert.Extensions)
            {
                bool   critical = ext.Critical;
                string oid      = ext.Oid;
                byte[] raw_data = null;
                // extension data is embedded in an octet stream (4)
                var value = ext.Value;
                if ((value.Tag == 0x04) && (value.Count > 0))
                {
                    raw_data = value [0].GetBytes();
                }

                X509Extension newt = null;
#if FULL_AOT_RUNTIME
                // non-extensible
                switch (oid)
                {
                case "2.5.29.14":
                    newt = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(oid, raw_data), critical);
                    break;

                case "2.5.29.15":
                    newt = new X509KeyUsageExtension(new AsnEncodedData(oid, raw_data), critical);
                    break;

                case "2.5.29.19":
                    newt = new X509BasicConstraintsExtension(new AsnEncodedData(oid, raw_data), critical);
                    break;

                case "2.5.29.37":
                    newt = new X509EnhancedKeyUsageExtension(new AsnEncodedData(oid, raw_data), critical);
                    break;
                }
#else
                object[] parameters = new object [2];
                parameters [0] = new AsnEncodedData(oid, raw_data ?? Empty);
                parameters [1] = critical;
                newt           = (X509Extension)CryptoConfig.CreateFromName(oid, parameters);
#endif
                if (newt == null)
                {
                    // not registred in CryptoConfig, using default
                    newt = new X509Extension(oid, raw_data ?? Empty, critical);
                }
                _list.Add(newt);
            }
        }
コード例 #9
0
        void MustFallback()
        {
            ThrowIfContextInvalid();
            if (fallback != null)
            {
                return;
            }
            var mxCert = new MX.X509Certificate(RawData);

            fallback = new X509Certificate2ImplMono(mxCert);
        }
コード例 #10
0
ファイル: PublicKey.cs プロジェクト: Tsalex71/mono-1
        internal PublicKey(MSX.X509Certificate certificate)
        {
            // note: _key MUSTonly contains the public part of the key
            bool export_required = true;

            if (certificate.KeyAlgorithm == rsaOid)
            {
                // shortcut export/import in the case the private key isn't available
                RSACryptoServiceProvider rcsp = (certificate.RSA as RSACryptoServiceProvider);
                if ((rcsp != null) && rcsp.PublicOnly)
                {
                    _key            = certificate.RSA;
                    export_required = false;
                }
                else
                {
                    RSAManaged rsam = (certificate.RSA as RSAManaged);
                    if ((rsam != null) && rsam.PublicOnly)
                    {
                        _key            = certificate.RSA;
                        export_required = false;
                    }
                }

                if (export_required)
                {
                    RSAParameters rsap = certificate.RSA.ExportParameters(false);
                    _key = RSA.Create();
                    (_key as RSA).ImportParameters(rsap);
                }
            }
            else
            {
                // shortcut export/import in the case the private key isn't available
                DSACryptoServiceProvider dcsp = (certificate.DSA as DSACryptoServiceProvider);
                if ((dcsp != null) && dcsp.PublicOnly)
                {
                    _key            = certificate.DSA;
                    export_required = false;
                }
                // note: DSAManaged isn't available in Mono.Security due to a bug in Fx 1.x

                if (export_required)
                {
                    DSAParameters rsap = certificate.DSA.ExportParameters(false);
                    _key = DSA.Create();
                    (_key as DSA).ImportParameters(rsap);
                }
            }

            _oid      = new Oid(certificate.KeyAlgorithm);
            _keyValue = new AsnEncodedData(_oid, certificate.PublicKey);
            _params   = new AsnEncodedData(_oid, certificate.KeyAlgorithmParameters ?? Empty);
        }
コード例 #11
0
 public override void Reset()
 {
     _cert               = null;
     _archived           = false;
     _extensions         = null;
     _serial             = null;
     _publicKey          = null;
     issuer_name         = null;
     subject_name        = null;
     signature_algorithm = null;
 }
コード例 #12
0
 public override void Reset()
 {
     _cert               = null;
     _archived           = false;
     _extensions         = null;
     _publicKey          = null;
     issuer_name         = null;
     subject_name        = null;
     signature_algorithm = null;
     if (intermediateCerts != null)
     {
         intermediateCerts.Dispose();
         intermediateCerts = null;
     }
 }
コード例 #13
0
 private void ImportPkcs12(byte[] rawData, string password)
 {
     MX.PKCS12 pfx = (password == null) ? new MX.PKCS12(rawData) : new MX.PKCS12(rawData, password);
     if (pfx.Certificates.Count > 0)
     {
         _cert = pfx.Certificates [0];
     }
     else
     {
         _cert = null;
     }
     if (pfx.Keys.Count > 0)
     {
         _cert.RSA = (pfx.Keys [0] as RSA);
         _cert.DSA = (pfx.Keys [0] as DSA);
     }
 }
コード例 #14
0
        public X509Certificate2ImplMono(byte[] rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
        {
            switch (X509Certificate2.GetCertContentType(rawData))
            {
            case X509ContentType.Pkcs12:
                _cert = ImportPkcs12(rawData, password);
                break;

            case X509ContentType.Cert:
            case X509ContentType.Pkcs7:
                _cert = new MX.X509Certificate(rawData);
                break;

            default:
                string msg = Locale.GetText("Unable to decode certificate.");
                throw new CryptographicException(msg);
            }
        }
コード例 #15
0
ファイル: X509Certificate2.cs プロジェクト: patryk9200/mono
 public override void Import(byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
 {
     MX.X509Certificate cert = null;
     if (password == null)
     {
         try {
             cert = new MX.X509Certificate(rawData);
         }
         catch (Exception e) {
             try {
                 cert = ImportPkcs12(rawData, null);
             }
             catch {
                 string msg = Locale.GetText("Unable to decode certificate.");
                 // inner exception is the original (not second) exception
                 throw new CryptographicException(msg, e);
             }
         }
     }
     else
     {
         // try PKCS#12
         try {
             cert = ImportPkcs12(rawData, password);
         }
         catch {
             // it's possible to supply a (unrequired/unusued) password
             // fix bug #79028
             cert = new MX.X509Certificate(rawData);
         }
     }
     // we do not have to fully re-decode the certificate since X509Certificate does not deal with keys
     if (cert != null)
     {
         base.Import(cert.RawData, (string)null, keyStorageFlags);
         _cert = cert;                 // becuase base call will call Reset!
     }
 }
コード例 #16
0
        // constructors

        public X509Certificate2ImplMono()
        {
            _cert = null;
        }
コード例 #17
0
ファイル: X509Certificate2.cs プロジェクト: Profit0004/mono
		public X509Certificate2 (IntPtr handle) : base (handle) 
		{
			_cert = new MX.X509Certificate (base.GetRawCertData ());
		}
コード例 #18
0
        // constructors

        public X509Certificate2()
        {
            _cert = null;
        }
コード例 #19
0
ファイル: X509Certificate2.cs プロジェクト: Profit0004/mono
		public X509Certificate2 (X509Certificate certificate) 
			: base (certificate)
		{
			_cert = new MX.X509Certificate (base.GetRawCertData ());
		}
コード例 #20
0
ファイル: X509Certificate2.cs プロジェクト: Profit0004/mono
		public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
		{
			MX.X509Certificate cert = null;
			if (password == null) {
				try {
					cert = new MX.X509Certificate (rawData);
				}
				catch (Exception e) {
					try {
						cert = ImportPkcs12 (rawData, null);
					}
					catch {
						string msg = Locale.GetText ("Unable to decode certificate.");
						// inner exception is the original (not second) exception
						throw new CryptographicException (msg, e);
					}
				}
			} else {
				// try PKCS#12
				try {
					cert = ImportPkcs12 (rawData, password);
				}
				catch {
					// it's possible to supply a (unrequired/unusued) password
					// fix bug #79028
					cert = new MX.X509Certificate (rawData);
				}
			}
			// we do not have to fully re-decode the certificate since X509Certificate does not deal with keys
			if (cert != null) {
				base.Import (cert.RawData, (string) null, keyStorageFlags);
				_cert = cert; // becuase base call will call Reset!
			}
		}
コード例 #21
0
		public override void Reset () 
		{
			_cert = null;
			_archived = false;
			_extensions = null;
			_serial = null;
			_publicKey = null;
			issuer_name = null;
			subject_name = null;
			signature_algorithm = null;
		}
コード例 #22
0
 internal X509Certificate2ImplMono(MX.X509Certificate cert)
 {
     this._cert = cert;
 }
コード例 #23
0
ファイル: X509Certificate2.cs プロジェクト: Profit0004/mono
		// constructors

		public X509Certificate2 ()
		{
			_cert = null;
		}
コード例 #24
0
		public override void Reset () 
		{
			_cert = null;
			_archived = false;
			_extensions = null;
			_serial = null;
			_publicKey = null;
			issuer_name = null;
			subject_name = null;
			signature_algorithm = null;
			if (intermediateCerts != null) {
				intermediateCerts.Dispose ();
				intermediateCerts = null;
			}
		}
コード例 #25
0
		// RFC2818 - HTTP Over TLS, Section 3.1
		// http://www.ietf.org/rfc/rfc2818.txt
		//
		// 1.	if present MUST use subjectAltName dNSName as identity
		// 1.1.		if multiples entries a match of any one is acceptable
		// 1.2.		wildcard * is acceptable
		// 2.	URI may be an IP address -> subjectAltName.iPAddress
		// 2.1.		exact match is required
		// 3.	Use of the most specific Common Name (CN=) in the Subject
		// 3.1		Existing practice but DEPRECATED
		static bool CheckServerIdentity (X509Certificate2 cert, string targetHost)
		{
			try {
				var mcert = new MSX.X509Certificate (cert.RawData);
				MSX.X509Extension ext = mcert.Extensions ["2.5.29.17"];
				// 1. subjectAltName
				if (ext != null) {
					SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension (ext);
					// 1.1 - multiple dNSName
					foreach (string dns in subjectAltName.DNSNames) {
						// 1.2 TODO - wildcard support
						if (Match (targetHost, dns))
							return true;
					}
					// 2. ipAddress
					foreach (string ip in subjectAltName.IPAddresses) {
						// 2.1. Exact match required
						if (ip == targetHost)
							return true;
					}
				}
				// 3. Common Name (CN=)
				return CheckDomainName (mcert.SubjectName, targetHost);
			} catch (Exception e) {
				Console.Error.WriteLine ("ERROR processing certificate: {0}", e);
				Console.Error.WriteLine ("Please, report this problem to the Mono team");
				return false;
			}
		}
コード例 #26
0
		X509Certificate2ImplMono (X509Certificate2ImplMono other)
		{
			_cert = other._cert;
			if (other.intermediateCerts != null)
				intermediateCerts = other.intermediateCerts.Clone ();
		}
コード例 #27
0
		// constructors

		public X509Certificate2ImplMono ()
		{
			_cert = null;
		}
コード例 #28
0
ファイル: X509Certificate2.cs プロジェクト: shines77/mono
		private void ImportPkcs12 (byte[] rawData, string password)
		{
			MX.PKCS12 pfx = (password == null) ? new MX.PKCS12 (rawData) : new MX.PKCS12 (rawData, password);
			if (pfx.Certificates.Count > 0) {
				_cert = pfx.Certificates [0];
			} else {
				_cert = null;
			}
			if (pfx.Keys.Count > 0) {
				_cert.RSA = (pfx.Keys [0] as RSA);
				_cert.DSA = (pfx.Keys [0] as DSA);
			}
		}
コード例 #29
0
 public X509Certificate2(IntPtr handle) : base(handle)
 {
     _cert = new MX.X509Certificate(base.GetRawCertData());
 }
コード例 #30
0
 public X509Certificate2ImplMono(MX.X509Certificate cert)
 {
     this._cert = cert;
 }
コード例 #31
0
 public X509Certificate2(X509Certificate certificate)
     : base(certificate)
 {
     _cert = new MX.X509Certificate(base.GetRawCertData());
 }
コード例 #32
0
		internal X509Certificate2ImplMono (MX.X509Certificate cert)
		{
			this._cert = cert;
		}
コード例 #33
0
		public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
		{
			MX.X509Certificate cert = null;
			if (password == null) {
				try {
					cert = new MX.X509Certificate (rawData);
				}
				catch (Exception e) {
					try {
						cert = ImportPkcs12 (rawData, null);
					}
					catch {
						string msg = Locale.GetText ("Unable to decode certificate.");
						// inner exception is the original (not second) exception
						throw new CryptographicException (msg, e);
					}
				}
			} else {
				// try PKCS#12
				try {
					cert = ImportPkcs12 (rawData, password);
				}
				catch {
					// it's possible to supply a (unrequired/unusued) password
					// fix bug #79028
					cert = new MX.X509Certificate (rawData);
				}
			}
			_cert = cert;
		}