public override bool Equals(object obj) { if (ReferenceEquals(null, obj)) { return(false); } if (ReferenceEquals(this, obj)) { return(true); } Certificate cert = obj as Certificate; if (cert == null) { return(false); } if (_version != cert._version) { return(false); } if (_type != cert._type) { return(false); } if (_serialNumber != cert._serialNumber) { return(false); } if (!_issuedTo.Equals(cert._issuedTo)) { return(false); } if (_capability != cert._capability) { return(false); } if (_issuedOnUTC != cert._issuedOnUTC) { return(false); } if (_expiresOnUTC != cert._expiresOnUTC) { return(false); } if (_publicKeyEncryptionAlgorithm != cert._publicKeyEncryptionAlgorithm) { return(false); } if (_publicKeyXML != cert._publicKeyXML) { return(false); } if (_issuerSignature == cert._issuerSignature) { return(true); } return(_issuerSignature.Equals(cert._issuerSignature)); }
public CertificateStore(Certificate cert, AsymmetricCryptoKey privateKey, string password) : base(SymmetricEncryptionAlgorithm.Rijndael, 256, password) { _cert = cert; _privateKey = privateKey; }
public void Verify(Certificate[] trustedRootCAs) { Certificate issuerCert = _issuerSignature.SigningCertificate; #region verify signature switch (_type) { case CertificateType.RootCA: if (!_issuerSignature.Verify(GetHash(_issuerSignature.HashAlgorithm), this)) { throw new InvalidCertificateException("Root CA certificate issued to '" + _issuedTo.Name + "' by self has invalid signature."); } break; case CertificateType.CA: if (!_issuerSignature.Verify(GetHash(_issuerSignature.HashAlgorithm), trustedRootCAs)) { throw new InvalidCertificateException("CA certificate issued to '" + _issuedTo.Name + "' by issuer '" + issuerCert._issuedTo.Name + "' has invalid signature."); } break; default: if (!_issuerSignature.Verify(GetHash(_issuerSignature.HashAlgorithm), trustedRootCAs)) { throw new InvalidCertificateException("Certificate issued to '" + _issuedTo.Name + "' by issuer '" + issuerCert._issuedTo.Name + "' has invalid signature."); } break; } #endregion #region check capability switch (_type) { case CertificateType.RootCA: //self if (_capability != CertificateCapability.SignCACertificate) { throw new InvalidCertificateException("Root CA certificate can only be used to sign a CA certificate."); } //root ca doesnt have issuer break; case CertificateType.CA: //self switch (_capability) { case CertificateCapability.SignCACertificate: case CertificateCapability.SignAnyUserCertificate: case CertificateCapability.SignDomainUserCertificate: break; default: throw new InvalidCertificateException("CA certificates can only be used to sign a CA or user certificate."); } //ca issuer must have ca signing capability if (issuerCert._capability != CertificateCapability.SignCACertificate) { throw new InvalidCertificateException("CA certificate issuer '" + issuerCert._issuedTo.Name + "' doesn't have capability to sign CA certificate."); } break; default: //self switch (_capability) { case CertificateCapability.SignCACertificate: case CertificateCapability.SignAnyUserCertificate: case CertificateCapability.SignDomainUserCertificate: throw new InvalidCertificateException("User certificate cannot sign other certificates."); } //issuer switch (issuerCert._capability) { case CertificateCapability.SignAnyUserCertificate: break; case CertificateCapability.SignDomainUserCertificate: //check if issuer email domain matches with user email domain if (!_issuedTo.FieldExists(CertificateProfileFlags.EmailAddress) || !issuerCert.IssuedTo.EmailAddress.Host.Equals(_issuedTo.EmailAddress.Host, StringComparison.CurrentCultureIgnoreCase)) { throw new CryptoException("Certificate issuer '" + issuerCert._issuedTo.Name + "' domain must match with user certificate email address domain."); } break; default: throw new InvalidCertificateException("Certificate issuer '" + issuerCert._issuedTo.Name + "' doesn't have capability to sign user certificate."); } break; } #endregion #region check if root is trusted and issued date against signer date range switch (_type) { case CertificateType.RootCA: bool trustedRootCA = false; foreach (Certificate rootCA in trustedRootCAs) { if (this.Equals(rootCA)) { trustedRootCA = true; break; } } if (!trustedRootCA) { throw new InvalidCertificateException("Root certificate issued by '" + _issuedTo.Name + "' is not trusted."); } break; default: if ((issuerCert._issuedOnUTC > _issuedOnUTC) || (_issuedOnUTC > issuerCert._expiresOnUTC)) { throw new InvalidCertificateException("Issuer '" + issuerCert._issuedTo.Name + "' certificate was expired during signing certificate for '" + _issuedTo.Name + "'."); } break; } #endregion #region check if user cert is expired if ((_type == CertificateType.User) && HasExpired()) { throw new InvalidCertificateException("Certificate issued to '" + _issuedTo.Name + "' has expired."); } #endregion }
public CertificateStore(Certificate cert, AsymmetricCryptoKey privateKey) { _cert = cert; _privateKey = privateKey; }