public void Certificate_CSR_TA_SelfSigned() { X500DistinguishedName dn = new X500DistinguishedName("CN=Secondary Trust Anchor,O=TNT,C=US"); AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair(); Extensions extensions = new Extensions(); extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature)); extensions.Add(new TNT.Cryptography.Extension.AuthorityKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(0))); List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") }); extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris)); Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions); X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate, null); X509KeyUsageExtension keyUsageEx = cert.Extensions[0] as X509KeyUsageExtension; X509BasicConstraintsExtension basicConstraintEx = cert.Extensions[3] as X509BasicConstraintsExtension; System.Security.Cryptography.X509Certificates.X509Extension aki = cert.Extensions[1]; System.Security.Cryptography.X509Certificates.X509Extension ski = cert.Extensions[2]; Assert.AreEqual(X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.DigitalSignature, keyUsageEx.KeyUsages); Assert.IsTrue(basicConstraintEx.CertificateAuthority); Assert.AreEqual("C=US, O=TNT, CN=Secondary Trust Anchor", cert.Subject); Assert.AreEqual(cert.Subject, cert.Issuer); var skiCount = ski.Format(false).Length; Assert.AreEqual(ski.Format(false), aki.Format(false).Substring(6, skiCount)); File.WriteAllBytes("CSR_TA_SS.cer", cert.Export(X509ContentType.Cert)); File.WriteAllBytes("CSR_TA_SS.pfx", cert.Export(X509ContentType.Pfx, "P")); }
/// <summary> /// Creates a Certification Authority certificate on the fly with some madeup data in the subject. Use this as issuing cert for other self signed certificates /// </summary> /// <param name="diagnostics"></param> /// <returns></returns> public X509Certificate2 CreateRootCACertificate(DiagnosticInformation diagnostics = null) { var notBefore = DateTimeOffset.UtcNow.AddDays(-2); var notAfter = DateTimeOffset.UtcNow.AddYears(5); var subject = new SubjectBuilder().AddLocation("GR", "Attiki", "Athens") .AddOrganization("Authority CA", "IT") .AddCommonName("Authority CA Domain Name") .AddEmail("*****@*****.**") .Build(); var extensions = new List <X509Extension>(); var basicConstraints = new X509BasicConstraintsExtension( certificateAuthority: true, hasPathLengthConstraint: false, pathLengthConstraint: 0, critical: true); extensions.Add(basicConstraints); var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { certificate.FriendlyName = "Root CA"; } return(certificate); }
public void WrongAsnEncodedData() { AsnEncodedData aed = new AsnEncodedData(new byte[0]); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(false, true, 1, false); bc.CopyFrom(aed); // note: not the same behaviour than using the constructor! }
void FillPrivKeyCertData(X509Certificate2 certificate) { if (this.CertHasPrivateKey) { try { RSACryptoServiceProvider privateKey = PrivateKey(certificate); this.privateKeyIsExportable = CertData.Exportable(privateKey); this._privateKeyFileName = CertData.PrivateKeyFilenameForCertificate(privateKey); } catch (System.Security.Cryptography.CryptographicException ce) { this.privateKeyIsExportable = false; this._privateKeyFileName = ce.Message; } } else { this.privateKeyIsExportable = false; this._privateKeyFileName = String.Empty; } foreach (X509Extension ext in certificate.Extensions) { X509BasicConstraintsExtension constraintExt = ext as X509BasicConstraintsExtension; if (constraintExt != null) { this._extensionIsCACert = constraintExt.CertificateAuthority; break; } } this._privKeyDataFilled = true; }
public void Certificate_CSR_SelfSigned_DomainBound() { X500DistinguishedName dn = new X500DistinguishedName("cn=domain.com,o=TNT,c=US"); AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair(); Extensions extensions = new Extensions(); extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.KeyEncipherment | KeyUsage.DigitalSignature)); extensions.Add(new TNT.Cryptography.Extension.SubjectAlternativeName(new GeneralName(GeneralName.DnsName, dn.Name.Split(',')[0].Split('=')[1]))); extensions.Add(new TNT.Cryptography.Extension.ExtendedKeyUsage(KeyPurposeID.IdKPEmailProtection)); extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(false))); List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") }); extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris)); Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions); X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate); System.Security.Cryptography.X509Certificates.X509Extension subAltNameEx = cert.Extensions[1]; X509EnhancedKeyUsageExtension enhancedKUEx = cert.Extensions[2] as X509EnhancedKeyUsageExtension; X509BasicConstraintsExtension basicConstraintEx = cert.Extensions[4] as X509BasicConstraintsExtension; enhancedKUEx = cert.GetEnhancedKeyUsage(); Assert.AreEqual("DNS Name=domain.com", subAltNameEx.Format(false)); Assert.AreEqual(KeyPurposeID.IdKPEmailProtection.Id, enhancedKUEx.EnhancedKeyUsages[0].Value); Assert.IsFalse(basicConstraintEx.CertificateAuthority); Assert.AreEqual("C=US, O=TNT, CN=domain.com", cert.Issuer); Assert.AreEqual("C=US, O=TNT, CN=domain.com", cert.Subject); File.WriteAllBytes("CSR_SelfSigned_DomainBound.cer", cert.Export(X509ContentType.Cert)); }
public void WrongExtension_X509KeyUsageExtension() { X509KeyUsageExtension ku = new X509KeyUsageExtension(); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(); bc.CopyFrom(ku); }
public static void Encode( bool certificateAuthority, bool hasPathLengthConstraint, int pathLengthConstraint, bool critical, string expectedDerString) { X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension( certificateAuthority, hasPathLengthConstraint, pathLengthConstraint, critical); byte[] expectedDer = expectedDerString.HexToByteArray(); Assert.Equal(expectedDer, ext.RawData); Assert.Equal(critical, ext.Critical); if (certificateAuthority) { ext = X509BasicConstraintsExtension.CreateForCertificateAuthority( hasPathLengthConstraint ? pathLengthConstraint : null); AssertExtensions.SequenceEqual(expectedDer, ext.RawData); Assert.True(ext.Critical, "ext.Critical"); } else if (!hasPathLengthConstraint) { ext = X509BasicConstraintsExtension.CreateForEndEntity(critical); AssertExtensions.SequenceEqual(expectedDer, ext.RawData); Assert.Equal(critical, ext.Critical); } }
public async Task KeyVaultCreateCACertificateAsync() { Skip.If(!_fixture.KeyVaultInitOk); string[] groups = await _keyVault.GetCertificateGroupIds(); foreach (string group in groups) { X509Certificate2 result = await _keyVault.CreateIssuerCACertificateAsync(group); Assert.NotNull(result); Assert.False(result.HasPrivateKey); Assert.True(Opc.Ua.Utils.CompareDistinguishedName(result.Issuer, result.Subject)); X509BasicConstraintsExtension basicConstraints = X509TestUtils.FindBasicConstraintsExtension(result); Assert.NotNull(basicConstraints); Assert.True(basicConstraints.CertificateAuthority); Assert.True(basicConstraints.Critical); var subjectKeyId = result.Extensions.OfType <X509SubjectKeyIdentifierExtension>().Single(); Assert.False(subjectKeyId.Critical); var authorityKeyIdentifier = X509TestUtils.FindAuthorityKeyIdentifier(result); Assert.NotNull(authorityKeyIdentifier); Assert.False(authorityKeyIdentifier.Critical); Assert.Equal(authorityKeyIdentifier.SerialNumber, result.SerialNumber, ignoreCase: true); Assert.Equal(authorityKeyIdentifier.KeyId, subjectKeyId.SubjectKeyIdentifier, ignoreCase: true); } }
public void WrongExtension_X509Extension_CertificateAuthority() { X509Extension ex = new X509Extension("1.2.3", new byte[0], true); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(); bc.CopyFrom(ex); bool b = bc.CertificateAuthority; }
/// <summary> /// Metodo para escribir el certificado de seguridad /// </summary> /// <param name="xCertificate"></param> ///<remarks> /// Autor: José Faustino Posas /// Company: Ssoft Colombia /// Fecha: 2012-01-16 /// ------------------- /// Control de Cambios /// ------------------- /// Autor: /// Fecha: /// Descripción: /// </remarks> public string setCertificateWriten(X509Certificate2 xCertificate) { string sCertificate = null; try { X509Certificate2 objCert = xCertificate; //Acá tenemos que poner el certificado StringBuilder objSB = new StringBuilder("Detalle del certificado: \n\n"); SymmetricAlgorithm algoritmo = SymmetricAlgorithm.Create("Rijndael"); //Detalle objSB.AppendLine("Persona = " + objCert.Subject); objSB.AppendLine("Emisor = " + objCert.Issuer); objSB.AppendLine("Válido desde = " + objCert.NotBefore.ToString()); objSB.AppendLine("Válido hasta = " + objCert.NotAfter.ToString()); objSB.AppendLine("Tamaño de la clave = " + objCert.PublicKey.Key.KeySize.ToString()); objSB.AppendLine("Valor de la clave = " + objCert.GetPublicKeyString().ToString()); objSB.AppendLine("Algoritmo de la clave = " + objCert.GetKeyAlgorithm().ToString()); objSB.AppendLine("Número de serie = " + objCert.SerialNumber); objSB.AppendLine("Hash = " + objCert.Thumbprint); //Extensiones objSB.AppendLine("\nExtensiones:\n"); foreach (X509Extension objExt in objCert.Extensions) { objSB.AppendLine(objExt.Oid.FriendlyName + " (" + objExt.Oid.Value + ')'); if (objExt.Oid.FriendlyName == "Key Usage") { X509KeyUsageExtension ext = (X509KeyUsageExtension)objExt; objSB.AppendLine(" " + ext.KeyUsages); } if (objExt.Oid.FriendlyName == "Basic Constraints") { X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)objExt; objSB.AppendLine(" " + ext.CertificateAuthority); objSB.AppendLine(" " + ext.HasPathLengthConstraint); objSB.AppendLine(" " + ext.PathLengthConstraint); } if (objExt.Oid.FriendlyName == "Subject Key Identifier") { X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)objExt; objSB.AppendLine(" " + ext.SubjectKeyIdentifier); } if (objExt.Oid.FriendlyName == "Enhanced Key Usage") //2.5.29.37 { X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)objExt; OidCollection objOids = ext.EnhancedKeyUsages; foreach (Oid oid in objOids) { objSB.AppendLine(" " + oid.FriendlyName + " (" + oid.Value + ')'); } } } sCertificate = objSB.ToString(); //Debug.Print(objSB.ToString()); } catch { } return(sCertificate); }
public void ConstructorAsnEncodedData_BadAsnLength() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x01 }); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(aed, true); Assert.AreEqual("3001", bc.Format(true), "Format(true)"); Assert.AreEqual("3001", bc.Format(false), "Format(false)"); bool b = bc.CertificateAuthority; }
public void ConstructorAsnEncodedData_BadAsn() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[0]); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(aed, true); Assert.AreEqual(String.Empty, bc.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, bc.Format(false), "Format(false)"); bool b = bc.CertificateAuthority; }
public X509Certificate2 CreateAspNetCoreHttpsDevelopmentCertificate(DateTimeOffset notBefore, DateTimeOffset notAfter, string subjectOverride, DiagnosticInformation diagnostics = null) { var subject = new X500DistinguishedName(subjectOverride ?? LocalhostHttpsDistinguishedName); var extensions = new List <X509Extension>(); var sanBuilder = new SubjectAlternativeNameBuilder(); sanBuilder.AddDnsName(LocalhostHttpsDnsName); var keyUsage = new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, critical: true); var enhancedKeyUsage = new X509EnhancedKeyUsageExtension( new OidCollection() { new Oid( ServerAuthenticationEnhancedKeyUsageOid, ServerAuthenticationEnhancedKeyUsageOidFriendlyName) }, critical: true); var basicConstraints = new X509BasicConstraintsExtension( certificateAuthority: false, hasPathLengthConstraint: false, pathLengthConstraint: 0, critical: true); byte[] bytePayload; if (AspNetHttpsCertificateVersion != 0) { bytePayload = new byte[1]; bytePayload[0] = (byte)AspNetHttpsCertificateVersion; } else { bytePayload = Encoding.ASCII.GetBytes(AspNetHttpsOidFriendlyName); } var aspNetHttpsExtension = new X509Extension( new AsnEncodedData( new Oid(AspNetHttpsOid, AspNetHttpsOidFriendlyName), bytePayload), critical: false); extensions.Add(basicConstraints); extensions.Add(keyUsage); extensions.Add(enhancedKeyUsage); extensions.Add(sanBuilder.Build(critical: true)); extensions.Add(aspNetHttpsExtension); var certificate = CreateSelfSignedCertificate(subject, extensions, notBefore, notAfter); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { certificate.FriendlyName = AspNetHttpsOidFriendlyName; } return(certificate); }
// Indirectly (undocumented but) supported extensions internal string BasicConstraintsExtension(bool multiLine) { try { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(this, false); return(bc.ToString(multiLine)); } catch { return(String.Empty); } }
public void Constructor_FalseFalseNegative() { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(false, false, -1, true); Assert.IsFalse(bc.CertificateAuthority, "CertificateAuthority"); Assert.IsFalse(bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual(0, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual("30-00", BitConverter.ToString(bc.RawData), "RawData"); Assert.AreEqual("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format(true), "Format(true)"); Assert.AreEqual("Subject Type=End Entity, Path Length Constraint=None", bc.Format(false), "Format(false)"); }
public void Constructor_TrueTrueMaxInt() { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(true, true, Int32.MaxValue, true); Assert.IsTrue(bc.CertificateAuthority, "CertificateAuthority"); Assert.IsTrue(bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual(Int32.MaxValue, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual("30-09-01-01-FF-02-04-7F-FF-FF-FF", BitConverter.ToString(bc.RawData), "RawData"); Assert.AreEqual("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=2147483647" + Environment.NewLine, bc.Format(true), "Format(true)"); Assert.AreEqual("Subject Type=CA, Path Length Constraint=2147483647", bc.Format(false), "Format(false)"); }
public void Constructor_TrueTrueZero() { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(true, true, 0, true); Assert.IsTrue(bc.CertificateAuthority, "CertificateAuthority"); Assert.IsTrue(bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual(0, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual("30-06-01-01-FF-02-01-00", BitConverter.ToString(bc.RawData), "RawData"); Assert.AreEqual("Subject Type=CA" + Environment.NewLine + "Path Length Constraint=0" + Environment.NewLine, bc.Format(true), "Format(true)"); Assert.AreEqual("Subject Type=CA, Path Length Constraint=0", bc.Format(false), "Format(false)"); }
/// <summary> /// Gets basic information about a Root certificate and its CA and Critical constraints. /// </summary> /// <param name="rootCert">Root certificate.</param> /// <param name="basicConstraints">Certificate's Basic Constraints.</param> /// <returns>Certificate information for display.</returns> private static string GetCertDetails(X509Certificate2 rootCert, X509BasicConstraintsExtension basicConstraints) { var sb = new StringBuilder(); sb.AppendLine($" Name: {rootCert.GetNameInfo(X509NameType.SimpleName, forIssuer: false)}"); sb.AppendLine($"Thumbprint: {rootCert.Thumbprint}"); sb.AppendLine($" CA: {(basicConstraints?.CertificateAuthority ?? false ? "Set" : "Missing")}"); sb.AppendLine($" Critical: {(basicConstraints?.Critical ?? false ? "Set" : "Missing")}"); return(sb.ToString()); }
/// <summary> /// Determines whether the certificate is allowed to be an issuer. /// </summary> public static bool IsIssuerAllowed(X509Certificate2 certificate) { X509BasicConstraintsExtension constraints = X509Extensions.FindExtension <X509BasicConstraintsExtension>(certificate); if (constraints != null) { return(constraints.CertificateAuthority); } return(false); }
public static void BasicConstraintsExtension_BER() { // Extensions encoded inside PKCS#8 on Windows may use BER encoding that would be invalid DER. // Ensure that no exception is thrown and the value is decoded correctly. X509BasicConstraintsExtension ext; ext = new X509BasicConstraintsExtension(new AsnEncodedData("30800101000201080000".HexToByteArray()), false); Assert.Equal(false, ext.CertificateAuthority); Assert.Equal(true, ext.HasPathLengthConstraint); Assert.Equal(8, ext.PathLengthConstraint); }
/// <summary> /// Indicates whether a certificate is a certificate authority /// </summary> /// <param name="certificate"><seealso cref="X509Certificate2"/> to check</param> /// <returns>True if the basic constraint's CertificateAuthority extension is true</returns> public static bool IsCertificateAuthority(this X509Certificate2 certificate) { if (certificate == null) { return(false); } X509BasicConstraintsExtension basicContraint = certificate.Extensions[X509Extensions.BasicConstraints.ToString()] as X509BasicConstraintsExtension; return(basicContraint != null ? basicContraint.CertificateAuthority : false); }
public void ConstructorAsnEncodedData_SmallestValid() { AsnEncodedData aed = new AsnEncodedData("1.2.3", new byte[] { 0x30, 0x00 }); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(aed, true); Assert.IsFalse(bc.CertificateAuthority, "CertificateAuthority"); Assert.IsFalse(bc.HasPathLengthConstraint, "HasPathLengthConstraint"); Assert.AreEqual(0, bc.PathLengthConstraint, "PathLengthConstraint"); Assert.AreEqual("30-00", BitConverter.ToString(bc.RawData), "RawData"); Assert.AreEqual("Subject Type=End Entity" + Environment.NewLine + "Path Length Constraint=None" + Environment.NewLine, bc.Format(true), "Format(true)"); Assert.AreEqual("Subject Type=End Entity, Path Length Constraint=None", bc.Format(false), "Format(false)"); }
public void WrongExtension_X509Extension() { X509Extension ex = new X509Extension("1.2.3", new byte[0], true); X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(false, true, 1, false); Assert.IsFalse(bc.Critical, "Critical"); bc.CopyFrom(ex); Assert.IsTrue(bc.Critical, "Critical"); Assert.AreEqual(String.Empty, BitConverter.ToString(bc.RawData), "RawData"); Assert.AreEqual("1.2.3", bc.Oid.Value, "Oid.Value"); Assert.IsNull(bc.Oid.FriendlyName, "Oid.FriendlyName"); }
public static bool IsCertificateAuthorityCertificate(X509Certificate2 x) { foreach (X509Extension ex in x.Extensions) { X509BasicConstraintsExtension ke = ex as X509BasicConstraintsExtension; if (ke != null && ke.CertificateAuthority) { return(true); } } return(false); }
public static bool IsAttnCertCACert(X509ExtensionCollection exts) { foreach (var ext in exts) { if (ext.Oid.FriendlyName == "Basic Constraints") { X509BasicConstraintsExtension baseExt = (X509BasicConstraintsExtension)ext; return(baseExt.CertificateAuthority); } } return(true); }
public void ConstructorEmpty() { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension(); Assert.IsFalse(bc.Critical, "Critical"); Assert.IsNull(bc.RawData, "RawData"); Assert.AreEqual(oid, bc.Oid.Value, "Oid.Value"); // FIXME: Don't expect that FriendlyName is English. This test fails under non-English Windows. //Assert.AreEqual (fname, bc.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual(String.Empty, bc.Format(true), "Format(true)"); Assert.AreEqual(String.Empty, bc.Format(false), "Format(false)"); }
private static X509BasicConstraintsExtension FindBasicConstraintsExtension(X509Certificate2 certificate) { for (int ii = 0; ii < certificate.Extensions.Count; ii++) { X509BasicConstraintsExtension extension = certificate.Extensions[ii] as X509BasicConstraintsExtension; if (extension != null) { return(extension); } } return(null); }
public static void Main() { try { X509Store store = new X509Store("MY", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates; for (int i = 0; i < collection.Count; i++) { foreach (X509Extension extension in collection[i].Extensions) { Console.WriteLine(extension.Oid.FriendlyName + "(" + extension.Oid.Value + ")"); if (extension.Oid.FriendlyName == "Key Usage") { X509KeyUsageExtension ext = (X509KeyUsageExtension)extension; Console.WriteLine(ext.KeyUsages); } if (extension.Oid.FriendlyName == "Basic Constraints") { X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)extension; Console.WriteLine(ext.CertificateAuthority); Console.WriteLine(ext.HasPathLengthConstraint); Console.WriteLine(ext.PathLengthConstraint); } if (extension.Oid.FriendlyName == "Subject Key Identifier") { X509SubjectKeyIdentifierExtension ext = (X509SubjectKeyIdentifierExtension)extension; Console.WriteLine(ext.SubjectKeyIdentifier); } if (extension.Oid.FriendlyName == "Enhanced Key Usage") { X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)extension; OidCollection oids = ext.EnhancedKeyUsages; foreach (Oid oid in oids) { Console.WriteLine(oid.FriendlyName + "(" + oid.Value + ")"); } } } } store.Close(); } catch (CryptographicException) { Console.WriteLine("Information could not be written out for this certificate."); } }
private bool IsCertCA(X509Certificate2 cert) { foreach (var currExt in cert.Extensions) { if (currExt.Oid.FriendlyName == BasicConstraintsExtensionName) { X509BasicConstraintsExtension ext = (X509BasicConstraintsExtension)currExt; return(ext.CertificateAuthority); } } return(false); }
public static void BasicConstraintsExtensionDefault() { X509BasicConstraintsExtension e = new X509BasicConstraintsExtension(); string oidValue = e.Oid.Value; Assert.Equal("2.5.29.19", oidValue); Assert.Empty(e.RawData); Assert.False(e.CertificateAuthority); Assert.False(e.HasPathLengthConstraint); Assert.Equal(0, e.PathLengthConstraint); }
// Indirectly (undocumented but) supported extensions internal string BasicConstraintsExtension (bool multiLine) { try { X509BasicConstraintsExtension bc = new X509BasicConstraintsExtension (this, false); return bc.ToString (multiLine); } catch { return String.Empty; } }
public static void BasicConstraintsExtensionDecode( bool certificateAuthority, bool hasPathLengthConstraint, int pathLengthConstraint, bool critical, string rawDataString) { byte[] rawData = rawDataString.HexToByteArray(); X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension(new AsnEncodedData(rawData), critical); Assert.Equal(certificateAuthority, ext.CertificateAuthority); Assert.Equal(hasPathLengthConstraint, ext.HasPathLengthConstraint); Assert.Equal(pathLengthConstraint, ext.PathLengthConstraint); }
public static void BasicConstraintsExtensionEncode( bool certificateAuthority, bool hasPathLengthConstraint, int pathLengthConstraint, bool critical, string expectedDerString) { X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension( certificateAuthority, hasPathLengthConstraint, pathLengthConstraint, critical); byte[] expectedDer = expectedDerString.HexToByteArray(); Assert.Equal(expectedDer, ext.RawData); }
public static void BasicConstraintsExtensionDefault() { X509BasicConstraintsExtension e = new X509BasicConstraintsExtension(); string oidValue = e.Oid.Value; Assert.Equal("2.5.29.19", oidValue); byte[] rawData = e.RawData; Assert.Null(rawData); Assert.False(e.CertificateAuthority); Assert.False(e.HasPathLengthConstraint); Assert.Equal(0, e.PathLengthConstraint); }
private static void TestBasicConstraintsExtension( bool certificateAuthority, bool hasPathLengthConstraint, int pathLengthConstraint, bool critical, byte[] expectedDer) { X509BasicConstraintsExtension ext = new X509BasicConstraintsExtension( certificateAuthority, hasPathLengthConstraint, pathLengthConstraint, critical); byte[] rawData = ext.RawData; Assert.Equal(expectedDer, rawData); ext = new X509BasicConstraintsExtension(new AsnEncodedData(rawData), critical); Assert.Equal(certificateAuthority, ext.CertificateAuthority); Assert.Equal(hasPathLengthConstraint, ext.HasPathLengthConstraint); Assert.Equal(pathLengthConstraint, ext.PathLengthConstraint); }