public void ConstructorAsnEncodedData_BadAsn ()
{
AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[0]);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (aed, true);
Assert.AreEqual (String.Empty, ski.Format (true), "Format(true)");
Assert.AreEqual (String.Empty, ski.Format (false), "Format(false)");
string s = ski.SubjectKeyIdentifier;
}
/// <summary>
/// Creates an <see cref="X509AuthorityKeyIdentifierExtension"/> that specifies
/// the key identifier value from a subject key identifier extension.
/// </summary>
/// <param name="subjectKeyIdentifier">
/// The subject key identifier extension from the Certificate Authority (CA) certificate
/// that will sign this extension.
/// </param>
/// <returns>
/// The configured extension.
/// </returns>
/// <exception cref="ArgumentNullException">
/// <paramref name="subjectKeyIdentifier"/> is <see langword="null" />.
/// </exception>
public static X509AuthorityKeyIdentifierExtension CreateFromSubjectKeyIdentifier(
X509SubjectKeyIdentifierExtension subjectKeyIdentifier)
{
ArgumentNullException.ThrowIfNull(subjectKeyIdentifier);
return(CreateFromSubjectKeyIdentifier(
subjectKeyIdentifier.SubjectKeyIdentifierBytes.Span));
}
internal X509ExtensionCollection(MX.X509Certificate cert)
{
_list = new ArrayList(cert.Extensions.Count);
if (cert.Extensions.Count == 0)
{
return;
}
#if !MOONLIGHT
object[] parameters = new object [2];
#endif
foreach (MX.X509Extension ext in cert.Extensions)
{
bool critical = ext.Critical;
string oid = ext.Oid;
byte[] raw_data = null;
// extension data is embedded in an octet stream (4)
ASN1 value = ext.Value;
if ((value.Tag == 0x04) && (value.Count > 0))
{
raw_data = value [0].GetBytes();
}
X509Extension newt = null;
#if MOONLIGHT
// non-extensible
switch (oid)
{
case "2.5.29.14":
newt = new X509SubjectKeyIdentifierExtension(new AsnEncodedData(oid, raw_data), critical);
break;
case "2.5.29.15":
newt = new X509KeyUsageExtension(new AsnEncodedData(oid, raw_data), critical);
break;
case "2.5.29.19":
newt = new X509BasicConstraintsExtension(new AsnEncodedData(oid, raw_data), critical);
break;
case "2.5.29.37":
newt = new X509EnhancedKeyUsageExtension(new AsnEncodedData(oid, raw_data), critical);
break;
}
#else
parameters [0] = new AsnEncodedData(oid, raw_data);
parameters [1] = critical;
newt = (X509Extension)CryptoConfig.CreateFromName(oid, parameters);
#endif
if (newt == null)
{
// not registred in CryptoConfig, using default
newt = new X509Extension(oid, raw_data, critical);
}
_list.Add(newt);
}
}
public void ConstructorEmpty ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ();
Assert.IsFalse (ski.Critical, "Critical");
Assert.IsNull (ski.RawData, "RawData");
Assert.AreEqual (oid, ski.Oid.Value, "Oid.Value");
Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual (String.Empty, ski.Format (true), "Format(true)");
Assert.AreEqual (String.Empty, ski.Format (false), "Format(false)");
}
internal static byte FromHexChars(char c1, char c2)
{
byte b = X509SubjectKeyIdentifierExtension.FromHexChar(c1);
if (b < 255)
{
b = (byte)((int)b << 4 | (int)X509SubjectKeyIdentifierExtension.FromHexChar(c2));
}
return(b);
}
public void ConstructorEmpty ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ();
Assert.IsFalse (ski.Critical, "Critical");
Assert.IsNull (ski.RawData, "RawData");
Assert.AreEqual (oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual (String.Empty, ski.Format (true), "Format(true)");
Assert.AreEqual (String.Empty, ski.Format (false), "Format(false)");
}
private string GetKeyIdentifier(X509Certificate2 x)
{
// if present in certificate return value of the SubjectKeyIdentifier
X509SubjectKeyIdentifierExtension ski = (x.Extensions ["2.5.29.14"] as X509SubjectKeyIdentifierExtension);
if (ski == null)
{
// if not then we must calculate the SubjectKeyIdentifier ourselve
ski = new X509SubjectKeyIdentifierExtension(x.PublicKey, X509SubjectKeyIdentifierHashAlgorithm.CapiSha1, false);
}
return(ski.SubjectKeyIdentifier);
}
public void ConstructorAsnEncodedData ()
{
AsnEncodedData aed = new AsnEncodedData (new byte[] { 0x04, 0x08, 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (aed, true);
Assert.IsTrue (ski.Critical, "Critical");
Assert.AreEqual (oid, ski.Oid.Value, "Oid.Value");
Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual ("04-08-01-23-45-67-89-AB-CD-EF", BitConverter.ToString (ski.RawData), "RawData");
Assert.AreEqual ("0123456789ABCDEF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("01 23 45 67 89 ab cd ef" + Environment.NewLine, ski.Format (true), "Format(true)");
Assert.AreEqual ("01 23 45 67 89 ab cd ef", ski.Format (false), "Format(false)");
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension" /> class using a string and a value that identifies whether the extension is critical.</summary>
/// <param name="subjectKeyIdentifier">A string, encoded in hexadecimal format, that represents the subject key identifier (SKI) for a certificate.</param>
/// <param name="critical">true if the extension is critical; otherwise, false.</param>
public X509SubjectKeyIdentifierExtension(string subjectKeyIdentifier, bool critical)
{
if (subjectKeyIdentifier == null)
{
throw new ArgumentNullException("subjectKeyIdentifier");
}
if (subjectKeyIdentifier.Length < 2)
{
throw new ArgumentException("subjectKeyIdentifier");
}
this._oid = new Oid("2.5.29.14", "Subject Key Identifier");
base.Critical = critical;
this._subjectKeyIdentifier = X509SubjectKeyIdentifierExtension.FromHex(subjectKeyIdentifier);
base.RawData = this.Encode();
}
internal X509ExtensionCollection (MX.X509Certificate cert)
{
_list = new ArrayList (cert.Extensions.Count);
if (cert.Extensions.Count == 0)
return;
#if !MOONLIGHT
object[] parameters = new object [2];
#endif
foreach (MX.X509Extension ext in cert.Extensions) {
bool critical = ext.Critical;
string oid = ext.Oid;
byte[] raw_data = null;
// extension data is embedded in an octet stream (4)
ASN1 value = ext.Value;
if ((value.Tag == 0x04) && (value.Count > 0))
raw_data = value [0].GetBytes ();
X509Extension newt = null;
#if MOONLIGHT || FULL_AOT_RUNTIME
// non-extensible
switch (oid) {
case "2.5.29.14":
newt = new X509SubjectKeyIdentifierExtension (new AsnEncodedData (oid, raw_data), critical);
break;
case "2.5.29.15":
newt = new X509KeyUsageExtension (new AsnEncodedData (oid, raw_data), critical);
break;
case "2.5.29.19":
newt = new X509BasicConstraintsExtension (new AsnEncodedData (oid, raw_data), critical);
break;
case "2.5.29.37":
newt = new X509EnhancedKeyUsageExtension (new AsnEncodedData (oid, raw_data), critical);
break;
}
#else
parameters [0] = new AsnEncodedData (oid, raw_data ?? Empty);
parameters [1] = critical;
newt = (X509Extension) CryptoConfig.CreateFromName (oid, parameters);
#endif
if (newt == null) {
// not registred in CryptoConfig, using default
newt = new X509Extension (oid, raw_data ?? Empty, critical);
}
_list.Add (newt);
}
}
internal static byte[] FromHex(string hex)
{
if (hex == null)
{
return(null);
}
int num = hex.Length >> 1;
byte[] array = new byte[num];
int i = 0;
int num2 = 0;
while (i < num)
{
array[i++] = X509SubjectKeyIdentifierExtension.FromHexChars(hex[num2++], hex[num2++]);
}
return(array);
}
public void CopyFrom_Null ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ();
ski.CopyFrom (null);
}
public void WrongExtension_X509Extension_CertificateAuthority ()
{
X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ();
ski.CopyFrom (ex);
string s = ski.SubjectKeyIdentifier;
}
public void WrongAsnEncodedData ()
{
AsnEncodedData aed = new AsnEncodedData (new byte[0]);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ("www.mono-project.com", false);
ski.CopyFrom (aed); // note: not the same behaviour than using the constructor!
}
public void ConstructorString_NotHex ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ("Mono::", true);
Assert.IsTrue (ski.Critical, "Critical");
Assert.AreEqual ("04-03-FF-FF-FF", BitConverter.ToString (ski.RawData), "RawData");
Assert.AreEqual (oid, ski.Oid.Value, "Oid.Value");
Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual ("FFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("ff ff ff" + Environment.NewLine, ski.Format (true), "Format(true)");
Assert.AreEqual ("ff ff ff", ski.Format (false), "Format(false)");
}
public void ConstructorAsnEncodedData_Null ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ((AsnEncodedData)null, true);
}
public void ConstructorEmpty_SubjectKeyIdentifier ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ();
Assert.IsNull (ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
}
public void ConstructorPublicKey_Null ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ((PublicKey)null, true);
}
private string GetSubjectKeyIdentifier(X509Certificate2 certificate)
{
X509SubjectKeyIdentifierExtension x509SubjectKeyIdentifierExtension = (X509SubjectKeyIdentifierExtension)certificate.Extensions["2.5.29.14"];
return((x509SubjectKeyIdentifierExtension != null) ? x509SubjectKeyIdentifierExtension.SubjectKeyIdentifier : string.Empty);
}
private string GetSubjectKeyIdentifier(X509Certificate2 certificate)
{
X509SubjectKeyIdentifierExtension ski = (certificate.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension);
return((ski == null) ? String.Empty : ski.SubjectKeyIdentifier);
}
public void ConstructorString_Empty ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (String.Empty, true);
}
public void ConstructorAsnEncodedData_BadAsnLength ()
{
AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x01 });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (aed, true);
Assert.AreEqual ("3001", ski.Format (true), "Format(true)");
Assert.AreEqual ("3001", ski.Format (false), "Format(false)");
string s = ski.SubjectKeyIdentifier;
}
public void ConstructorString_Null ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ((String)null, true);
}
public void ConstructorByteArray_Empty ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (new byte[0], true);
}
public void ConstructorByteArray_Null ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ((byte[])null, true);
}
public void CopyFrom_Self ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ("ff", true);
Assert.IsTrue (ski.Critical, "Critical");
byte[] raw = ski.RawData;
Assert.AreEqual ("04-01-FF", BitConverter.ToString (raw), "RawData");
AsnEncodedData aed = new AsnEncodedData (raw);
X509SubjectKeyIdentifierExtension copy = new X509SubjectKeyIdentifierExtension (aed, false);
Assert.IsFalse (copy.Critical, "Critical");
Assert.AreEqual ("04-01-FF", BitConverter.ToString (copy.RawData), "copy.RawData");
Assert.AreEqual (oid, copy.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, copy.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual ("FF", copy.SubjectKeyIdentifier, "SubjectKeyIdentifier");
}
public void ConstructorByteArray_20 ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (new byte[20], true);
Assert.IsTrue (ski.Critical, "Critical");
Assert.AreEqual ("04-14-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00", BitConverter.ToString (ski.RawData), "RawData");
Assert.AreEqual (oid, ski.Oid.Value, "Oid.Value");
Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual ("0000000000000000000000000000000000000000", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" + Environment.NewLine, ski.Format (true), "Format(true)");
Assert.AreEqual ("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", ski.Format (false), "Format(false)");
}
public void ConstructorPublicKeyHash_Null ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (null, X509SubjectKeyIdentifierHashAlgorithm.Sha1, true);
}
public void ConstructorPublicKeyHash_CapiSha1 ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (pk1, X509SubjectKeyIdentifierHashAlgorithm.CapiSha1, false);
Assert.IsFalse (ski.Critical, "Critical");
Assert.AreEqual ("2.5.29.14", ski.Oid.Value, "Oid");
Assert.AreEqual ("0E73CE0E2E059378FC782707EBF0B4E7AEA652E1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("04-14-0E-73-CE-0E-2E-05-93-78-FC-78-27-07-EB-F0-B4-E7-AE-A6-52-E1", BitConverter.ToString (ski.RawData), "RawData");
}
public X509SubjectKeyIdentifierExtensionWrapper(X509SubjectKeyIdentifierExtension extension)
: base(extension)
{
x509 = extension;
}
public void WrongExtension_X509KeyUsageExtension ()
{
X509KeyUsageExtension ku = new X509KeyUsageExtension ();
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ();
ski.CopyFrom (ku);
}
public X509Certificate2Collection Find(X509FindType findType, object findValue, bool validOnly)
{
if (findValue == null)
{
throw new ArgumentNullException("findValue");
}
string text = string.Empty;
string text2 = string.Empty;
X509KeyUsageFlags x509KeyUsageFlags = X509KeyUsageFlags.None;
DateTime t = DateTime.MinValue;
switch (findType)
{
case X509FindType.FindByThumbprint:
case X509FindType.FindBySubjectName:
case X509FindType.FindBySubjectDistinguishedName:
case X509FindType.FindByIssuerName:
case X509FindType.FindByIssuerDistinguishedName:
case X509FindType.FindBySerialNumber:
case X509FindType.FindByTemplateName:
case X509FindType.FindBySubjectKeyIdentifier:
try
{
text = (string)findValue;
}
catch (Exception inner)
{
string text3 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"string"
});
throw new CryptographicException(text3, inner);
}
break;
case X509FindType.FindByTimeValid:
case X509FindType.FindByTimeNotYetValid:
case X509FindType.FindByTimeExpired:
try
{
t = (DateTime)findValue;
}
catch (Exception inner2)
{
string text4 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"X509DateTime"
});
throw new CryptographicException(text4, inner2);
}
break;
case X509FindType.FindByApplicationPolicy:
case X509FindType.FindByCertificatePolicy:
case X509FindType.FindByExtension:
try
{
text2 = (string)findValue;
}
catch (Exception inner3)
{
string text5 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"X509KeyUsageFlags"
});
throw new CryptographicException(text5, inner3);
}
try
{
CryptoConfig.EncodeOID(text2);
}
catch (CryptographicUnexpectedOperationException)
{
string text6 = Locale.GetText("Invalid OID value '{0}'.", new object[]
{
text2
});
throw new ArgumentException("findValue", text6);
}
break;
case X509FindType.FindByKeyUsage:
try
{
x509KeyUsageFlags = (X509KeyUsageFlags)((int)findValue);
}
catch (Exception inner4)
{
string text7 = Locale.GetText("Invalid find value type '{0}', expected '{1}'.", new object[]
{
findValue.GetType(),
"X509KeyUsageFlags"
});
throw new CryptographicException(text7, inner4);
}
break;
default:
{
string text8 = Locale.GetText("Invalid find type '{0}'.", new object[]
{
findType
});
throw new CryptographicException(text8);
}
}
CultureInfo invariantCulture = CultureInfo.InvariantCulture;
X509Certificate2Collection x509Certificate2Collection = new X509Certificate2Collection();
foreach (object obj in base.InnerList)
{
X509Certificate2 x509Certificate = (X509Certificate2)obj;
bool flag = false;
switch (findType)
{
case X509FindType.FindByThumbprint:
flag = (string.Compare(text, x509Certificate.Thumbprint, true, invariantCulture) == 0 || string.Compare(text, x509Certificate.GetCertHashString(), true, invariantCulture) == 0);
break;
case X509FindType.FindBySubjectName:
{
string nameInfo = x509Certificate.GetNameInfo(X509NameType.SimpleName, false);
flag = (nameInfo.IndexOf(text, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;
}
case X509FindType.FindBySubjectDistinguishedName:
flag = (string.Compare(text, x509Certificate.Subject, true, invariantCulture) == 0);
break;
case X509FindType.FindByIssuerName:
{
string nameInfo2 = x509Certificate.GetNameInfo(X509NameType.SimpleName, true);
flag = (nameInfo2.IndexOf(text, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;
}
case X509FindType.FindByIssuerDistinguishedName:
flag = (string.Compare(text, x509Certificate.Issuer, true, invariantCulture) == 0);
break;
case X509FindType.FindBySerialNumber:
flag = (string.Compare(text, x509Certificate.SerialNumber, true, invariantCulture) == 0);
break;
case X509FindType.FindByTimeValid:
flag = (t >= x509Certificate.NotBefore && t <= x509Certificate.NotAfter);
break;
case X509FindType.FindByTimeNotYetValid:
flag = (t < x509Certificate.NotBefore);
break;
case X509FindType.FindByTimeExpired:
flag = (t > x509Certificate.NotAfter);
break;
case X509FindType.FindByApplicationPolicy:
flag = (x509Certificate.Extensions.Count == 0);
break;
case X509FindType.FindByExtension:
flag = (x509Certificate.Extensions[text2] != null);
break;
case X509FindType.FindByKeyUsage:
{
X509KeyUsageExtension x509KeyUsageExtension = x509Certificate.Extensions["2.5.29.15"] as X509KeyUsageExtension;
flag = (x509KeyUsageExtension == null || (x509KeyUsageExtension.KeyUsages & x509KeyUsageFlags) == x509KeyUsageFlags);
break;
}
case X509FindType.FindBySubjectKeyIdentifier:
{
X509SubjectKeyIdentifierExtension x509SubjectKeyIdentifierExtension = x509Certificate.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension;
if (x509SubjectKeyIdentifierExtension != null)
{
flag = (string.Compare(text, x509SubjectKeyIdentifierExtension.SubjectKeyIdentifier, true, invariantCulture) == 0);
}
break;
}
}
if (flag)
{
if (validOnly)
{
try
{
if (x509Certificate.Verify())
{
x509Certificate2Collection.Add(x509Certificate);
}
}
catch
{
}
}
else
{
x509Certificate2Collection.Add(x509Certificate);
}
}
}
return(x509Certificate2Collection);
}
public void WrongExtension_X509Extension ()
{
X509Extension ex = new X509Extension ("1.2.3", new byte[0], true);
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ("www.go-mono.com", false); // odd length
Assert.IsFalse (ski.Critical, "Critical");
Assert.AreEqual ("FFFFFFFFFFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("ff ff ff ff ff ff ff" + Environment.NewLine, ski.Format (true), "Format(true)");
Assert.AreEqual ("ff ff ff ff ff ff ff", ski.Format (false), "Format(false)");
ski.CopyFrom (ex);
Assert.IsTrue (ski.Critical, "Critical");
Assert.AreEqual (String.Empty, BitConverter.ToString (ski.RawData), "RawData");
Assert.AreEqual ("1.2.3", ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.IsNull (ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual (String.Empty, ski.Format (true), "Format(true)");
Assert.AreEqual (String.Empty, ski.Format (false), "Format(false)");
}
public void ConstructorString_Single ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ("f", false);
}
public void ConstructorAsnEncodedData_SmallestValid ()
{
AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x04, 0x00 });
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (aed, true);
Assert.AreEqual (String.Empty, ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("04-00", BitConverter.ToString (ski.RawData), "RawData");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual ("Information Not Available", ski.Format (true), "Format(true)");
//Assert.AreEqual ("Information Not Available", ski.Format (false), "Format(false)");
}
public X509Certificate2Collection Find(X509FindType findType, object findValue, bool validOnly)
{
if (findValue == null)
{
throw new ArgumentNullException("findValue");
}
string str = String.Empty;
string oid = String.Empty;
X509KeyUsageFlags ku = X509KeyUsageFlags.None;
DateTime dt = DateTime.MinValue;
switch (findType)
{
case X509FindType.FindByThumbprint:
case X509FindType.FindBySubjectName:
case X509FindType.FindBySubjectDistinguishedName:
case X509FindType.FindByIssuerName:
case X509FindType.FindByIssuerDistinguishedName:
case X509FindType.FindBySerialNumber:
case X509FindType.FindByTemplateName:
case X509FindType.FindBySubjectKeyIdentifier:
try {
str = (string)findValue;
}
catch (Exception e) {
string msg = Locale.GetText("Invalid find value type '{0}', expected '{1}'.",
findValue.GetType(), "string");
throw new CryptographicException(msg, e);
}
break;
case X509FindType.FindByApplicationPolicy:
case X509FindType.FindByCertificatePolicy:
case X509FindType.FindByExtension:
try {
oid = (string)findValue;
}
catch (Exception e) {
string msg = Locale.GetText("Invalid find value type '{0}', expected '{1}'.",
findValue.GetType(), "X509KeyUsageFlags");
throw new CryptographicException(msg, e);
}
// OID validation
try {
CryptoConfig.EncodeOID(oid);
}
catch (CryptographicUnexpectedOperationException) {
string msg = Locale.GetText("Invalid OID value '{0}'.", oid);
throw new ArgumentException("findValue", msg);
}
break;
case X509FindType.FindByKeyUsage:
try {
ku = (X509KeyUsageFlags)findValue;
}
catch (Exception e) {
string msg = Locale.GetText("Invalid find value type '{0}', expected '{1}'.",
findValue.GetType(), "X509KeyUsageFlags");
throw new CryptographicException(msg, e);
}
break;
case X509FindType.FindByTimeValid:
case X509FindType.FindByTimeNotYetValid:
case X509FindType.FindByTimeExpired:
try {
dt = (DateTime)findValue;
}
catch (Exception e) {
string msg = Locale.GetText("Invalid find value type '{0}', expected '{1}'.",
findValue.GetType(), "X509DateTime");
throw new CryptographicException(msg, e);
}
break;
default:
string msg = Locale.GetText("Invalid find type '{0}'.", findType);
throw new CryptographicException(msg);
}
CultureInfo cinv = CultureInfo.InvariantCulture;
X509Certificate2Collection results = new X509Certificate2Collection();
foreach (X509Certificate2 x in InnerList)
{
bool value_match = false;
switch (findType)
{
case X509FindType.FindByThumbprint:
// works with Thumbprint, GetCertHashString in both normal (upper) and lower case
value_match = ((String.Compare(str, x.Thumbprint, true, cinv) == 0) ||
(String.Compare(str, x.GetCertHashString(), true, cinv) == 0));
break;
case X509FindType.FindBySubjectName:
string sname = x.GetNameInfo(X509NameType.SimpleName, false);
value_match = (sname.IndexOf(str, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;
case X509FindType.FindBySubjectDistinguishedName:
value_match = (String.Compare(str, x.Subject, true, cinv) == 0);
break;
case X509FindType.FindByIssuerName:
string iname = x.GetNameInfo(X509NameType.SimpleName, true);
value_match = (iname.IndexOf(str, StringComparison.InvariantCultureIgnoreCase) >= 0);
break;
case X509FindType.FindByIssuerDistinguishedName:
value_match = (String.Compare(str, x.Issuer, true, cinv) == 0);
break;
case X509FindType.FindBySerialNumber:
value_match = (String.Compare(str, x.SerialNumber, true, cinv) == 0);
break;
case X509FindType.FindByTemplateName:
// TODO - find a valid test case
break;
case X509FindType.FindBySubjectKeyIdentifier:
X509SubjectKeyIdentifierExtension ski = (x.Extensions ["2.5.29.14"] as X509SubjectKeyIdentifierExtension);
if (ski != null)
{
value_match = (String.Compare(str, ski.SubjectKeyIdentifier, true, cinv) == 0);
}
break;
case X509FindType.FindByApplicationPolicy:
// note: include when no extensions are present (even if v3)
value_match = (x.Extensions.Count == 0);
// TODO - find test case with extension
break;
case X509FindType.FindByCertificatePolicy:
// TODO - find test case with extension
break;
case X509FindType.FindByExtension:
value_match = (x.Extensions [oid] != null);
break;
case X509FindType.FindByKeyUsage:
X509KeyUsageExtension kue = (x.Extensions ["2.5.29.15"] as X509KeyUsageExtension);
if (kue == null)
{
// key doesn't have any hard coded limitations
// note: MS doesn't check for ExtendedKeyUsage
value_match = true;
}
else
{
value_match = ((kue.KeyUsages & ku) == ku);
}
break;
case X509FindType.FindByTimeValid:
value_match = ((dt >= x.NotBefore) && (dt <= x.NotAfter));
break;
case X509FindType.FindByTimeNotYetValid:
value_match = (dt < x.NotBefore);
break;
case X509FindType.FindByTimeExpired:
value_match = (dt > x.NotAfter);
break;
}
if (!value_match)
{
continue;
}
if (validOnly)
{
try {
if (x.Verify())
{
results.Add(x);
}
}
catch {
}
}
else
{
results.Add(x);
}
}
return(results);
}
public void ConstructorString_NotHex ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension ("Mono::", true);
Assert.IsTrue (ski.Critical, "Critical");
Assert.AreEqual ("04-03-FF-FF-FF", BitConverter.ToString (ski.RawData), "RawData");
Assert.AreEqual (oid, ski.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, ski.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual ("FFFFFF", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("ff ff ff" + Environment.NewLine, ski.Format (true), "Format(true)");
Assert.AreEqual ("ff ff ff", ski.Format (false), "Format(false)");
}
internal string SubjectKeyIdentifierExtension (bool multiLine)
{
try {
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (this, false);
return ski.ToString (multiLine);
}
catch {
return String.Empty;
}
}
public void ConstructorPublicKeyHash_Sha1 ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (pk1, X509SubjectKeyIdentifierHashAlgorithm.Sha1, false);
Assert.IsFalse (ski.Critical, "Critical");
Assert.AreEqual ("2.5.29.14", ski.Oid.Value, "Oid");
Assert.AreEqual ("4A0200E2E8D33DBA05FC37BDC36DCF47212D77D1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("04-14-4A-02-00-E2-E8-D3-3D-BA-05-FC-37-BD-C3-6D-CF-47-21-2D-77-D1", BitConverter.ToString (ski.RawData), "RawData");
}
public void ConstructorPublicKeyHash_ShortSha1 ()
{
X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension (pk1, X509SubjectKeyIdentifierHashAlgorithm.ShortSha1, false);
Assert.IsFalse (ski.Critical, "Critical");
Assert.AreEqual ("2.5.29.14", ski.Oid.Value, "Oid");
Assert.AreEqual ("436DCF47212D77D1", ski.SubjectKeyIdentifier, "SubjectKeyIdentifier");
Assert.AreEqual ("04-08-43-6D-CF-47-21-2D-77-D1", BitConverter.ToString (ski.RawData), "RawData");
}
internal string SubjectKeyIdentifierExtension(bool multiLine)
{
string result;
try
{
System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension x509SubjectKeyIdentifierExtension = new System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension(this, false);
result = x509SubjectKeyIdentifierExtension.ToString(multiLine);
}
catch
{
result = string.Empty;
}
return(result);
}
