public void Certificate_CSR_TA_SelfSigned()
{
X500DistinguishedName dn = new X500DistinguishedName("CN=Secondary Trust Anchor,O=TNT,C=US");
AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair();
Extensions extensions = new Extensions();
extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature));
extensions.Add(new TNT.Cryptography.Extension.AuthorityKeyIdentifier(keyPair.Public));
extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public));
extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(0)));
List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") });
extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris));
Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions);
X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate, null);
X509KeyUsageExtension keyUsageEx = cert.Extensions[0] as X509KeyUsageExtension;
X509BasicConstraintsExtension basicConstraintEx = cert.Extensions[3] as X509BasicConstraintsExtension;
System.Security.Cryptography.X509Certificates.X509Extension aki = cert.Extensions[1];
System.Security.Cryptography.X509Certificates.X509Extension ski = cert.Extensions[2];
Assert.AreEqual(X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.DigitalSignature, keyUsageEx.KeyUsages);
Assert.IsTrue(basicConstraintEx.CertificateAuthority);
Assert.AreEqual("C=US, O=TNT, CN=Secondary Trust Anchor", cert.Subject);
Assert.AreEqual(cert.Subject, cert.Issuer);
var skiCount = ski.Format(false).Length;
Assert.AreEqual(ski.Format(false), aki.Format(false).Substring(6, skiCount));
File.WriteAllBytes("CSR_TA_SS.cer", cert.Export(X509ContentType.Cert));
File.WriteAllBytes("CSR_TA_SS.pfx", cert.Export(X509ContentType.Pfx, "P"));
}
/// <summary>
/// Creates a Certification Authority certificate on the fly with some madeup data in the subject. Use this as issuing cert for other self signed certificates
/// </summary>
/// <param name="diagnostics"></param>
/// <returns></returns>
public X509Certificate2 CreateRootCACertificate(DiagnosticInformation diagnostics = null)
{
var notBefore = DateTimeOffset.UtcNow.AddDays(-2);
var notAfter = DateTimeOffset.UtcNow.AddYears(5);
var subject = new SubjectBuilder().AddLocation("GR", "Attiki", "Athens")
.AddOrganization("Authority CA", "IT")
.AddCommonName("Authority CA Domain Name")
.AddEmail("*****@*****.**")
.Build();
var extensions = new List <X509Extension>();
var basicConstraints = new X509BasicConstraintsExtension(
certificateAuthority: true,
hasPathLengthConstraint: false,
pathLengthConstraint: 0,
critical: true);
extensions.Add(basicConstraints);
var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
certificate.FriendlyName = "Root CA";
}
return(certificate);
}
public void WrongAsnEncodedData()
{
AsnEncodedData aed = new AsnEncodedData(new byte[0]);
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(false, true, 1, false);
bc.CopyFrom(aed); // note: not the same behaviour than using the constructor!
}
void FillPrivKeyCertData(X509Certificate2 certificate)
{
if (this.CertHasPrivateKey)
{
try
{
RSACryptoServiceProvider privateKey = PrivateKey(certificate);
this.privateKeyIsExportable = CertData.Exportable(privateKey);
this._privateKeyFileName = CertData.PrivateKeyFilenameForCertificate(privateKey);
}
catch (System.Security.Cryptography.CryptographicException ce)
{
this.privateKeyIsExportable = false;
this._privateKeyFileName = ce.Message;
}
}
else
{
this.privateKeyIsExportable = false;
this._privateKeyFileName = String.Empty;
}
foreach (X509Extension ext in certificate.Extensions)
{
X509BasicConstraintsExtension constraintExt = ext as X509BasicConstraintsExtension;
if (constraintExt != null)
{
this._extensionIsCACert = constraintExt.CertificateAuthority;
break;
}
}
this._privKeyDataFilled = true;
}
public void Certificate_CSR_SelfSigned_DomainBound()
{
X500DistinguishedName dn = new X500DistinguishedName("cn=domain.com,o=TNT,c=US");
AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair();
Extensions extensions = new Extensions();
extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.KeyEncipherment | KeyUsage.DigitalSignature));
extensions.Add(new TNT.Cryptography.Extension.SubjectAlternativeName(new GeneralName(GeneralName.DnsName, dn.Name.Split(',')[0].Split('=')[1])));
extensions.Add(new TNT.Cryptography.Extension.ExtendedKeyUsage(KeyPurposeID.IdKPEmailProtection));
extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public));
extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(false)));
List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") });
extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris));
Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions);
X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate);
System.Security.Cryptography.X509Certificates.X509Extension subAltNameEx = cert.Extensions[1];
X509EnhancedKeyUsageExtension enhancedKUEx = cert.Extensions[2] as X509EnhancedKeyUsageExtension;
X509BasicConstraintsExtension basicConstraintEx = cert.Extensions[4] as X509BasicConstraintsExtension;
enhancedKUEx = cert.GetEnhancedKeyUsage();
Assert.AreEqual("DNS Name=domain.com", subAltNameEx.Format(false));
Assert.AreEqual(KeyPurposeID.IdKPEmailProtection.Id, enhancedKUEx.EnhancedKeyUsages[0].Value);
Assert.IsFalse(basicConstraintEx.CertificateAuthority);
Assert.AreEqual("C=US, O=TNT, CN=domain.com", cert.Issuer);
Assert.AreEqual("C=US, O=TNT, CN=domain.com", cert.Subject);
File.WriteAllBytes("CSR_SelfSigned_DomainBound.cer", cert.Export(X509ContentType.Cert));
}
public void WrongExtension_X509KeyUsageExtension()
{
X509KeyUsageExtension ku = new X509KeyUsageExtension();
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension();
bc.CopyFrom(ku);
}
public static void Encode(
bool certificateAuthority,
bool hasPathLengthConstraint,
int pathLengthConstraint,
bool critical,
string expectedDerString)
{
X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension(
certificateAuthority,
hasPathLengthConstraint,
pathLengthConstraint,
critical);
byte[] expectedDer = expectedDerString.HexToByteArray();
Assert.Equal(expectedDer, ext.RawData);
Assert.Equal(critical, ext.Critical);
if (certificateAuthority)
{
ext = X509BasicConstraintsExtension.CreateForCertificateAuthority(
hasPathLengthConstraint ? pathLengthConstraint : null);
AssertExtensions.SequenceEqual(expectedDer, ext.RawData);
Assert.True(ext.Critical, "ext.Critical");
}
else if (!hasPathLengthConstraint)
{
ext = X509BasicConstraintsExtension.CreateForEndEntity(critical);
AssertExtensions.SequenceEqual(expectedDer, ext.RawData);
Assert.Equal(critical, ext.Critical);
}
}
public async Task KeyVaultCreateCACertificateAsync()
{
Skip.If(!_fixture.KeyVaultInitOk);
string[] groups = await _keyVault.GetCertificateGroupIds();
foreach (string group in groups)
{
X509Certificate2 result = await _keyVault.CreateIssuerCACertificateAsync(group);
Assert.NotNull(result);
Assert.False(result.HasPrivateKey);
Assert.True(Opc.Ua.Utils.CompareDistinguishedName(result.Issuer, result.Subject));
X509BasicConstraintsExtension basicConstraints = X509TestUtils.FindBasicConstraintsExtension(result);
Assert.NotNull(basicConstraints);
Assert.True(basicConstraints.CertificateAuthority);
Assert.True(basicConstraints.Critical);
var subjectKeyId = result.Extensions.OfType <X509SubjectKeyIdentifierExtension>().Single();
Assert.False(subjectKeyId.Critical);
var authorityKeyIdentifier = X509TestUtils.FindAuthorityKeyIdentifier(result);
Assert.NotNull(authorityKeyIdentifier);
Assert.False(authorityKeyIdentifier.Critical);
Assert.Equal(authorityKeyIdentifier.SerialNumber, result.SerialNumber, ignoreCase: true);
Assert.Equal(authorityKeyIdentifier.KeyId, subjectKeyId.SubjectKeyIdentifier, ignoreCase: true);
}
}
public void WrongExtension_X509Extension_CertificateAuthority()
{
X509Extension ex = new X509Extension("1.2.3", new byte[0], true);
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension();
bc.CopyFrom(ex);
bool b = bc.CertificateAuthority;
}
/// <summary>
/// Metodo para escribir el certificado de seguridad
/// </summary>
/// <param name="xCertificate"></param>
///<remarks>
/// Autor: José Faustino Posas
/// Company: Ssoft Colombia
/// Fecha: 2012-01-16
/// -------------------
/// Control de Cambios
/// -------------------
/// Autor:
/// Fecha:
/// Descripción:
/// </remarks>
public string setCertificateWriten(X509Certificate2 xCertificate)
{
string sCertificate = null;
try
{
X509Certificate2 objCert = xCertificate; //Acá tenemos que poner el certificado
StringBuilder objSB = new StringBuilder("Detalle del certificado: \n\n");
SymmetricAlgorithm algoritmo = SymmetricAlgorithm.Create("Rijndael");
//Detalle
objSB.AppendLine("Persona = " + objCert.Subject);
objSB.AppendLine("Emisor = " + objCert.Issuer);
objSB.AppendLine("Válido desde = " + objCert.NotBefore.ToString());
objSB.AppendLine("Válido hasta = " + objCert.NotAfter.ToString());
objSB.AppendLine("Tamaño de la clave = " + objCert.PublicKey.Key.KeySize.ToString());
objSB.AppendLine("Valor de la clave = " + objCert.GetPublicKeyString().ToString());
objSB.AppendLine("Algoritmo de la clave = " + objCert.GetKeyAlgorithm().ToString());
objSB.AppendLine("Número de serie = " + objCert.SerialNumber);
objSB.AppendLine("Hash = " + objCert.Thumbprint);
//Extensiones
objSB.AppendLine("\nExtensiones:\n");
foreach (X509Extension objExt in objCert.Extensions)
{
objSB.AppendLine(objExt.Oid.FriendlyName + " (" + objExt.Oid.Value + ')');
if (objExt.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)objExt;
objSB.AppendLine(" " + ext.KeyUsages);
}
if (objExt.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)objExt;
objSB.AppendLine(" " + ext.CertificateAuthority);
objSB.AppendLine(" " + ext.HasPathLengthConstraint);
objSB.AppendLine(" " + ext.PathLengthConstraint);
}
if (objExt.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)objExt;
objSB.AppendLine(" " + ext.SubjectKeyIdentifier);
}
if (objExt.Oid.FriendlyName == "Enhanced Key Usage") //2.5.29.37
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)objExt;
OidCollection objOids = ext.EnhancedKeyUsages;
foreach (Oid oid in objOids)
{
objSB.AppendLine(" " + oid.FriendlyName + " (" + oid.Value + ')');
}
}
}
sCertificate = objSB.ToString();
//Debug.Print(objSB.ToString());
}
catch { }
return(sCertificate);
}
public void ConstructorAsnEncodedData_BadAsnLength()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x01 });
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(aed, true);
Assert.AreEqual("3001", bc.Format(true), "Format(true)");
Assert.AreEqual("3001", bc.Format(false), "Format(false)");
bool b = bc.CertificateAuthority;
}
public void ConstructorAsnEncodedData_BadAsn()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]);
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(aed, true);
Assert.AreEqual(String.Empty, bc.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, bc.Format(false), "Format(false)");
bool b = bc.CertificateAuthority;
}
public X509Certificate2 CreateAspNetCoreHttpsDevelopmentCertificate(DateTimeOffset notBefore, DateTimeOffset notAfter, string subjectOverride, DiagnosticInformation diagnostics = null)
{
var subject = new X500DistinguishedName(subjectOverride ?? LocalhostHttpsDistinguishedName);
var extensions = new List <X509Extension>();
var sanBuilder = new SubjectAlternativeNameBuilder();
sanBuilder.AddDnsName(LocalhostHttpsDnsName);
var keyUsage = new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, critical: true);
var enhancedKeyUsage = new X509EnhancedKeyUsageExtension(
new OidCollection()
{
new Oid(
ServerAuthenticationEnhancedKeyUsageOid,
ServerAuthenticationEnhancedKeyUsageOidFriendlyName)
},
critical: true);
var basicConstraints = new X509BasicConstraintsExtension(
certificateAuthority: false,
hasPathLengthConstraint: false,
pathLengthConstraint: 0,
critical: true);
byte[] bytePayload;
if (AspNetHttpsCertificateVersion != 0)
{
bytePayload = new byte[1];
bytePayload[0] = (byte)AspNetHttpsCertificateVersion;
}
else
{
bytePayload = Encoding.ASCII.GetBytes(AspNetHttpsOidFriendlyName);
}
var aspNetHttpsExtension = new X509Extension(
new AsnEncodedData(
new Oid(AspNetHttpsOid, AspNetHttpsOidFriendlyName),
bytePayload),
critical: false);
extensions.Add(basicConstraints);
extensions.Add(keyUsage);
extensions.Add(enhancedKeyUsage);
extensions.Add(sanBuilder.Build(critical: true));
extensions.Add(aspNetHttpsExtension);
var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
certificate.FriendlyName = AspNetHttpsOidFriendlyName;
}
return(certificate);
}
// Indirectly (undocumented but) supported extensions
internal string BasicConstraintsExtension(bool multiLine)
{
try {
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(this, false);
return(bc.ToString(multiLine));
}
catch {
return(String.Empty);
}
}
public void Constructor_FalseFalseNegative()
{
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(false, false, -1, true);
Assert.IsFalse(bc.CertificateAuthority, "CertificateAuthority");
Assert.IsFalse(bc.HasPathLengthConstraint, "HasPathLengthConstraint");
Assert.AreEqual(0, bc.PathLengthConstraint, "PathLengthConstraint");
Assert.AreEqual("30-00", BitConverter.ToString(bc.RawData), "RawData");
Assert.AreEqual("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format(true), "Format(true)");
Assert.AreEqual("Subject Type=End Entity, Path Length Constraint=None", bc.Format(false), "Format(false)");
}
public void Constructor_TrueTrueMaxInt()
{
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(true, true, Int32.MaxValue, true);
Assert.IsTrue(bc.CertificateAuthority, "CertificateAuthority");
Assert.IsTrue(bc.HasPathLengthConstraint, "HasPathLengthConstraint");
Assert.AreEqual(Int32.MaxValue, bc.PathLengthConstraint, "PathLengthConstraint");
Assert.AreEqual("30-09-01-01-FF-02-04-7F-FF-FF-FF", BitConverter.ToString(bc.RawData), "RawData");
Assert.AreEqual("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=2147483647" + Environment.NewLine, bc.Format(true), "Format(true)");
Assert.AreEqual("Subject Type=CA, Path Length Constraint=2147483647", bc.Format(false), "Format(false)");
}
public void Constructor_TrueTrueZero()
{
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(true, true, 0, true);
Assert.IsTrue(bc.CertificateAuthority, "CertificateAuthority");
Assert.IsTrue(bc.HasPathLengthConstraint, "HasPathLengthConstraint");
Assert.AreEqual(0, bc.PathLengthConstraint, "PathLengthConstraint");
Assert.AreEqual("30-06-01-01-FF-02-01-00", BitConverter.ToString(bc.RawData), "RawData");
Assert.AreEqual("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=0" + Environment.NewLine, bc.Format(true), "Format(true)");
Assert.AreEqual("Subject Type=CA, Path Length Constraint=0", bc.Format(false), "Format(false)");
}
/// <summary>
/// Gets basic information about a Root certificate and its CA and Critical constraints.
/// </summary>
/// <param name="rootCert">Root certificate.</param>
/// <param name="basicConstraints">Certificate's Basic Constraints.</param>
/// <returns>Certificate information for display.</returns>
private static string GetCertDetails(X509Certificate2 rootCert, X509BasicConstraintsExtension basicConstraints)
{
var sb = new StringBuilder();
sb.AppendLine($" Name: {rootCert.GetNameInfo(X509NameType.SimpleName, forIssuer: false)}");
sb.AppendLine($"Thumbprint: {rootCert.Thumbprint}");
sb.AppendLine($" CA: {(basicConstraints?.CertificateAuthority ?? false ? "Set" : "Missing")}");
sb.AppendLine($" Critical: {(basicConstraints?.Critical ?? false ? "Set" : "Missing")}");
return(sb.ToString());
}
/// <summary>
/// Determines whether the certificate is allowed to be an issuer.
/// </summary>
public static bool IsIssuerAllowed(X509Certificate2 certificate)
{
X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(certificate);
if (constraints != null)
{
return(constraints.CertificateAuthority);
}
return(false);
}
public static void BasicConstraintsExtension_BER()
{
// Extensions encoded inside PKCS#8 on Windows may use BER encoding that would be invalid DER.
// Ensure that no exception is thrown and the value is decoded correctly.
X509BasicConstraintsExtension ext;
ext = new X509BasicConstraintsExtension(new AsnEncodedData("30800101000201080000".HexToByteArray()), false);
Assert.Equal(false, ext.CertificateAuthority);
Assert.Equal(true, ext.HasPathLengthConstraint);
Assert.Equal(8, ext.PathLengthConstraint);
}
/// <summary>
/// Indicates whether a certificate is a certificate authority
/// </summary>
/// <param name="certificate"><seealso cref="X509Certificate2"/> to check</param>
/// <returns>True if the basic constraint's CertificateAuthority extension is true</returns>
public static bool IsCertificateAuthority(this X509Certificate2 certificate)
{
if (certificate == null)
{
return(false);
}
X509BasicConstraintsExtension basicContraint = certificate.Extensions[X509Extensions.BasicConstraints.ToString()] as X509BasicConstraintsExtension;
return(basicContraint != null ? basicContraint.CertificateAuthority : false);
}
public void ConstructorAsnEncodedData_SmallestValid()
{
AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x00 });
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(aed, true);
Assert.IsFalse(bc.CertificateAuthority, "CertificateAuthority");
Assert.IsFalse(bc.HasPathLengthConstraint, "HasPathLengthConstraint");
Assert.AreEqual(0, bc.PathLengthConstraint, "PathLengthConstraint");
Assert.AreEqual("30-00", BitConverter.ToString(bc.RawData), "RawData");
Assert.AreEqual("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format(true), "Format(true)");
Assert.AreEqual("Subject Type=End Entity, Path Length Constraint=None", bc.Format(false), "Format(false)");
}
public void WrongExtension_X509Extension()
{
X509Extension ex = new X509Extension("1.2.3", new byte[0], true);
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(false, true, 1, false);
Assert.IsFalse(bc.Critical, "Critical");
bc.CopyFrom(ex);
Assert.IsTrue(bc.Critical, "Critical");
Assert.AreEqual(String.Empty, BitConverter.ToString(bc.RawData), "RawData");
Assert.AreEqual("1.2.3", bc.Oid.Value, "Oid.Value");
Assert.IsNull(bc.Oid.FriendlyName, "Oid.FriendlyName");
}
public static bool IsCertificateAuthorityCertificate(X509Certificate2 x)
{
foreach (X509Extension ex in x.Extensions)
{
X509BasicConstraintsExtension ke = ex as X509BasicConstraintsExtension;
if (ke != null && ke.CertificateAuthority)
{
return(true);
}
}
return(false);
}
public static bool IsAttnCertCACert(X509ExtensionCollection exts)
{
foreach (var ext in exts)
{
if (ext.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension baseExt = (X509BasicConstraintsExtension)ext;
return(baseExt.CertificateAuthority);
}
}
return(true);
}
public void ConstructorEmpty()
{
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension();
Assert.IsFalse(bc.Critical, "Critical");
Assert.IsNull(bc.RawData, "RawData");
Assert.AreEqual(oid, bc.Oid.Value, "Oid.Value");
// FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows.
//Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName");
Assert.AreEqual(String.Empty, bc.Format(true), "Format(true)");
Assert.AreEqual(String.Empty, bc.Format(false), "Format(false)");
}
private static X509BasicConstraintsExtension FindBasicConstraintsExtension(X509Certificate2 certificate)
{
for (int ii = 0; ii < certificate.Extensions.Count; ii++)
{
X509BasicConstraintsExtension extension = certificate.Extensions[ii] as X509BasicConstraintsExtension;
if (extension != null)
{
return(extension);
}
}
return(null);
}
public static void Main()
{
try
{
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
for (int i = 0; i < collection.Count; i++)
{
foreach (X509Extension extension in collection[i].Extensions)
{
Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")");
if (extension.Oid.FriendlyName == "Key Usage")
{
X509KeyUsageExtension ext = (X509KeyUsageExtension)extension;
Console.WriteLine(ext.KeyUsages);
}
if (extension.Oid.FriendlyName == "Basic Constraints")
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension;
Console.WriteLine(ext.CertificateAuthority);
Console.WriteLine(ext.HasPathLengthConstraint);
Console.WriteLine(ext.PathLengthConstraint);
}
if (extension.Oid.FriendlyName == "Subject Key Identifier")
{
X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension;
Console.WriteLine(ext.SubjectKeyIdentifier);
}
if (extension.Oid.FriendlyName == "Enhanced Key Usage")
{
X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension;
OidCollection oids = ext.EnhancedKeyUsages;
foreach (Oid oid in oids)
{
Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")");
}
}
}
}
store.Close();
}
catch (CryptographicException)
{
Console.WriteLine("Information could not be written out for this certificate.");
}
}
private bool IsCertCA(X509Certificate2 cert)
{
foreach (var currExt in cert.Extensions)
{
if (currExt.Oid.FriendlyName == BasicConstraintsExtensionName)
{
X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)currExt;
return(ext.CertificateAuthority);
}
}
return(false);
}
public static void BasicConstraintsExtensionDefault()
{
X509BasicConstraintsExtension e = new X509BasicConstraintsExtension();
string oidValue = e.Oid.Value;
Assert.Equal("2.5.29.19", oidValue);
Assert.Empty(e.RawData);
Assert.False(e.CertificateAuthority);
Assert.False(e.HasPathLengthConstraint);
Assert.Equal(0, e.PathLengthConstraint);
}
// Indirectly (undocumented but) supported extensions
internal string BasicConstraintsExtension (bool multiLine)
{
try {
X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (this, false);
return bc.ToString (multiLine);
}
catch {
return String.Empty;
}
}
public static void BasicConstraintsExtensionDecode(
bool certificateAuthority,
bool hasPathLengthConstraint,
int pathLengthConstraint,
bool critical,
string rawDataString)
{
byte[] rawData = rawDataString.HexToByteArray();
X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension(new AsnEncodedData(rawData), critical);
Assert.Equal(certificateAuthority, ext.CertificateAuthority);
Assert.Equal(hasPathLengthConstraint, ext.HasPathLengthConstraint);
Assert.Equal(pathLengthConstraint, ext.PathLengthConstraint);
}
public static void BasicConstraintsExtensionEncode(
bool certificateAuthority,
bool hasPathLengthConstraint,
int pathLengthConstraint,
bool critical,
string expectedDerString)
{
X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension(
certificateAuthority,
hasPathLengthConstraint,
pathLengthConstraint,
critical);
byte[] expectedDer = expectedDerString.HexToByteArray();
Assert.Equal(expectedDer, ext.RawData);
}
public static void BasicConstraintsExtensionDefault()
{
X509BasicConstraintsExtension e = new X509BasicConstraintsExtension();
string oidValue = e.Oid.Value;
Assert.Equal("2.5.29.19", oidValue);
byte[] rawData = e.RawData;
Assert.Null(rawData);
Assert.False(e.CertificateAuthority);
Assert.False(e.HasPathLengthConstraint);
Assert.Equal(0, e.PathLengthConstraint);
}
private static void TestBasicConstraintsExtension(
bool certificateAuthority,
bool hasPathLengthConstraint,
int pathLengthConstraint,
bool critical,
byte[] expectedDer)
{
X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension(
certificateAuthority,
hasPathLengthConstraint,
pathLengthConstraint,
critical);
byte[] rawData = ext.RawData;
Assert.Equal(expectedDer, rawData);
ext = new X509BasicConstraintsExtension(new AsnEncodedData(rawData), critical);
Assert.Equal(certificateAuthority, ext.CertificateAuthority);
Assert.Equal(hasPathLengthConstraint, ext.HasPathLengthConstraint);
Assert.Equal(pathLengthConstraint, ext.PathLengthConstraint);
}
