// this method maps an X509NameType to crypto API flags.
internal static uint MapNameType(X509NameType nameType)
{
uint type = 0;
switch (nameType)
{
case X509NameType.SimpleName:
type = CAPI.CERT_NAME_SIMPLE_DISPLAY_TYPE;
break;
case X509NameType.EmailName:
type = CAPI.CERT_NAME_EMAIL_TYPE;
break;
case X509NameType.UpnName:
type = CAPI.CERT_NAME_UPN_TYPE;
break;
case X509NameType.DnsName:
case X509NameType.DnsFromAlternativeName:
type = CAPI.CERT_NAME_DNS_TYPE;
break;
case X509NameType.UrlName:
type = CAPI.CERT_NAME_URL_TYPE;
break;
default:
throw new ArgumentException(SR.GetString(SR.Argument_InvalidNameType));
}
return(type);
}
private void MapClaimIfFound(X509Certificate2 certificate, X509NameType claimSource, List <Claim> claims, string claimDestination)
{
var value = certificate.GetNameInfo(claimSource, false);
if (!string.IsNullOrWhiteSpace(value))
{
claims.Add(new Claim(claimDestination, value, ClaimValueTypes.String, Options.ClaimsIssuer));
}
}
internal static uint MapNameType(X509NameType nameType)
{
switch (nameType)
{
case X509NameType.SimpleName:
return(4);
case X509NameType.EmailName:
return(1);
case X509NameType.UpnName:
return(8);
case X509NameType.DnsName:
case X509NameType.DnsFromAlternativeName:
return(6);
case X509NameType.UrlName:
return(7);
}
throw new ArgumentException(SR.GetString("Argument_InvalidNameType"));
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
using (SafeBioHandle bioHandle = Interop.Crypto.GetX509NameInfo(_cert, (int)nameType, forIssuer))
{
if (bioHandle.IsInvalid)
{
return("");
}
int bioSize = Interop.Crypto.GetMemoryBioSize(bioHandle);
// Ensure space for the trailing \0
var buf = new byte[bioSize + 1];
int read = Interop.Crypto.BioGets(bioHandle, buf, buf.Length);
if (read < 0)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
return(Encoding.UTF8.GetString(buf, 0, read));
}
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
CertNameType certNameType = MapNameType(nameType);
CertNameFlags certNameFlags = forIssuer ? CertNameFlags.CERT_NAME_ISSUER_FLAG : CertNameFlags.None;
CertNameStrTypeAndFlags strType = CertNameStrTypeAndFlags.CERT_X500_NAME_STR | CertNameStrTypeAndFlags.CERT_NAME_STR_REVERSE_FLAG;
int cchCount = Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, null, 0);
if (cchCount == 0)
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
StringBuilder sb = new StringBuilder(cchCount);
if (Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, sb, cchCount) == 0)
{
throw Marshal.GetLastWin32Error().ToCryptographicException();
}
return(sb.ToString());
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
using (SafeBioHandle bioHandle = Interop.NativeCrypto.GetX509NameInfo(_cert, (int)nameType, forIssuer))
{
if (bioHandle.IsInvalid)
{
return("");
}
int bioSize = Interop.libcrypto.GetMemoryBioSize(bioHandle);
// Ensure space for the trailing \0
StringBuilder builder = new StringBuilder(bioSize + 1);
int read = Interop.libcrypto.BIO_gets(bioHandle, builder, builder.Capacity);
if (read < 0)
{
throw Interop.libcrypto.CreateOpenSslCryptographicException();
}
return(builder.ToString());
}
}
private static void TestComplexGetNameInfo(string expected, X509NameType nameType, bool forIssuer)
{
// ComplexNameInfoCert has the following characteristics:
// Subject: [email protected], CN=cn.subject.example.org, OU=ExampleOU, O=ExampleO, L=Locality, ST=State, C=Country
// Issuer: [email protected], CN=cn.issuer.example.org, OU=ExampleOU, O=ExampleO, L=Locality, ST=State, C=Country
// Subject Alternative Names:
// DNS Name=dns1.subject.example.org
// DNS Name=dns2.subject.example.org
// RFC822 [email protected]
// RFC822 [email protected]
// Other Name:
// Principal [email protected]
// Other Name:
// Principal [email protected]
// URL=http://uri1.subject.example.org/
// URL=http://uri2.subject.example.org/
// Issuer Alternative Names:
// DNS Name=dns1.issuer.example.org
// DNS Name=dns2.issuer.example.org
// RFC822 [email protected]
// RFC822 [email protected]
// Other Name:
// Principal [email protected]
// Other Name:
// Principal [email protected]
// URL=http://uri1.issuer.example.org/
// URL=http://uri2.issuer.example.org/
string result;
using (var cert = new X509Certificate2(TestData.ComplexNameInfoCert))
{
result = cert.GetNameInfo(nameType, forIssuer);
}
Assert.Equal(expected, result);
}
private static CertNameType MapNameType(X509NameType nameType)
{
switch (nameType)
{
case X509NameType.SimpleName:
return(CertNameType.CERT_NAME_SIMPLE_DISPLAY_TYPE);
case X509NameType.EmailName:
return(CertNameType.CERT_NAME_EMAIL_TYPE);
case X509NameType.UpnName:
return(CertNameType.CERT_NAME_UPN_TYPE);
case X509NameType.DnsName:
case X509NameType.DnsFromAlternativeName:
return(CertNameType.CERT_NAME_DNS_TYPE);
case X509NameType.UrlName:
return(CertNameType.CERT_NAME_URL_TYPE);
default:
throw new ArgumentException(SR.Argument_InvalidNameType);
}
}
private static CertNameType MapNameType(X509NameType nameType)
{
switch (nameType)
{
case X509NameType.SimpleName:
return CertNameType.CERT_NAME_SIMPLE_DISPLAY_TYPE;
case X509NameType.EmailName:
return CertNameType.CERT_NAME_EMAIL_TYPE;
case X509NameType.UpnName:
return CertNameType.CERT_NAME_UPN_TYPE;
case X509NameType.DnsName:
case X509NameType.DnsFromAlternativeName:
return CertNameType.CERT_NAME_DNS_TYPE;
case X509NameType.UrlName:
return CertNameType.CERT_NAME_URL_TYPE;
default:
throw new ArgumentException(SR.Argument_InvalidNameType);
}
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
EnsureCertData();
return(_certData.GetNameInfo(nameType, forIssuer));
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
CertNameType certNameType = MapNameType(nameType);
CertNameFlags certNameFlags = forIssuer ? CertNameFlags.CERT_NAME_ISSUER_FLAG : CertNameFlags.None;
CertNameStrTypeAndFlags strType = CertNameStrTypeAndFlags.CERT_X500_NAME_STR | CertNameStrTypeAndFlags.CERT_NAME_STR_REVERSE_FLAG;
int cchCount = Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, null, 0);
if (cchCount == 0)
throw Marshal.GetLastWin32Error().ToCryptographicException();
StringBuilder sb = new StringBuilder(cchCount);
if (Interop.crypt32.CertGetNameString(_certContext, certNameType, certNameFlags, ref strType, sb, cchCount) == 0)
throw Marshal.GetLastWin32Error().ToCryptographicException();
return sb.ToString();
}
// this method maps an X509NameType to crypto API flags.
internal static uint MapNameType (X509NameType nameType) {
uint type = 0;
switch (nameType) {
case X509NameType.SimpleName:
type = CAPI.CERT_NAME_SIMPLE_DISPLAY_TYPE;
break;
case X509NameType.EmailName:
type = CAPI.CERT_NAME_EMAIL_TYPE;
break;
case X509NameType.UpnName:
type = CAPI.CERT_NAME_UPN_TYPE;
break;
case X509NameType.DnsName:
case X509NameType.DnsFromAlternativeName:
type = CAPI.CERT_NAME_DNS_TYPE;
break;
case X509NameType.UrlName:
type = CAPI.CERT_NAME_URL_TYPE;
break;
default:
throw new ArgumentException(SR.GetString(SR.Argument_InvalidNameType));
}
return type;
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
}
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) =>
Interop.crypt32.CertGetNameString(
_certContext,
MapNameType(nameType),
forIssuer ? CertNameFlags.CERT_NAME_ISSUER_FLAG : CertNameFlags.None,
CertNameStringType.CERT_X500_NAME_STR | CertNameStringType.CERT_NAME_STR_REVERSE_FLAG);
public override string GetNameInfo(X509NameType nameType, bool forIssuer)
{
return(FallbackImpl.GetNameInfo(nameType, forIssuer));
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
throw new NotImplementedException();
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
switch (nameType)
{
case X509NameType.SimpleName:
if (_cert == null)
{
throw new CryptographicException(empty_error);
}
// return CN= or, if missing, the first part of the DN
ASN1 sn = forIssuer ? _cert.GetIssuerName() : _cert.GetSubjectName();
ASN1 dn = Find(commonName, sn);
if (dn != null)
{
return(GetValueAsString(dn));
}
if (sn.Count == 0)
{
return(String.Empty);
}
ASN1 last_entry = sn [sn.Count - 1];
if (last_entry.Count == 0)
{
return(String.Empty);
}
return(GetValueAsString(last_entry [0]));
case X509NameType.EmailName:
// return the E= part of the DN (if present)
ASN1 e = Find(email, forIssuer ? _cert.GetIssuerName() : _cert.GetSubjectName());
if (e != null)
{
return(GetValueAsString(e));
}
return(String.Empty);
case X509NameType.UpnName:
// FIXME - must find/create test case
return(String.Empty);
case X509NameType.DnsName:
// return the CN= part of the DN (if present)
ASN1 cn = Find(commonName, forIssuer ? _cert.GetIssuerName() : _cert.GetSubjectName());
if (cn != null)
{
return(GetValueAsString(cn));
}
return(String.Empty);
case X509NameType.DnsFromAlternativeName:
// FIXME - must find/create test case
return(String.Empty);
case X509NameType.UrlName:
// FIXME - must find/create test case
return(String.Empty);
default:
throw new ArgumentException("nameType");
}
}
public String GetNameInfo(X509NameType nameType, bool forIssuer)
{
return Pal.GetNameInfo(nameType, forIssuer);
}
private static void TestComplexGetNameInfo(string expected, X509NameType nameType, bool forIssuer)
{
// ComplexNameInfoCert has the following characteristics:
// Subject: [email protected], CN=cn.subject.example.org, OU=ExampleOU, O=ExampleO, L=Locality, ST=State, C=Country
// Issuer: [email protected], CN=cn.issuer.example.org, OU=ExampleOU, O=ExampleO, L=Locality, ST=State, C=Country
// Subject Alternative Names:
// DNS Name=dns1.subject.example.org
// DNS Name=dns2.subject.example.org
// RFC822 [email protected]
// RFC822 [email protected]
// Other Name:
// Principal [email protected]
// Other Name:
// Principal [email protected]
// URL=http://uri1.subject.example.org/
// URL=http://uri2.subject.example.org/
// Issuer Alternative Names:
// DNS Name=dns1.issuer.example.org
// DNS Name=dns2.issuer.example.org
// RFC822 [email protected]
// RFC822 [email protected]
// Other Name:
// Principal [email protected]
// Other Name:
// Principal [email protected]
// URL=http://uri1.issuer.example.org/
// URL=http://uri2.issuer.example.org/
string result;
using (var cert = new X509Certificate2(TestData.ComplexNameInfoCert))
{
result = cert.GetNameInfo(nameType, forIssuer);
}
Assert.Equal(expected, result);
}
public string GetNameInfo(X509NameType nameType, bool forIssuer);
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer)
{
uint dwFlags = forIssuer ? 1 : 0;
uint dwDisplayType = System.Security.Cryptography.X509Certificates.X509Utils.MapNameType(nameType);
switch (dwDisplayType)
{
case 1:
return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType));
case 4:
return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType));
}
string str = string.Empty;
CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT *) this.m_safeCertContext.DangerousGetHandle());
CAPIBase.CERT_INFO cert_info = (CAPIBase.CERT_INFO)Marshal.PtrToStructure(cert_context.pCertInfo, typeof(CAPIBase.CERT_INFO));
IntPtr[] ptrArray = new IntPtr[] { CAPISafe.CertFindExtension(forIssuer ? "2.5.29.8" : "2.5.29.7", cert_info.cExtension, cert_info.rgExtension), CAPISafe.CertFindExtension(forIssuer ? "2.5.29.18" : "2.5.29.17", cert_info.cExtension, cert_info.rgExtension) };
for (int i = 0; i < ptrArray.Length; i++)
{
if (ptrArray[i] != IntPtr.Zero)
{
CAPIBase.CERT_EXTENSION cert_extension = (CAPIBase.CERT_EXTENSION)Marshal.PtrToStructure(ptrArray[i], typeof(CAPIBase.CERT_EXTENSION));
byte[] destination = new byte[cert_extension.Value.cbData];
Marshal.Copy(cert_extension.Value.pbData, destination, 0, destination.Length);
uint cbDecodedValue = 0;
SafeLocalAllocHandle decodedValue = null;
SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr(cert_extension.pszObjId);
bool flag = CAPI.DecodeObject(handle2.DangerousGetHandle(), destination, out decodedValue, out cbDecodedValue);
handle2.Dispose();
if (flag)
{
CAPIBase.CERT_ALT_NAME_INFO cert_alt_name_info = (CAPIBase.CERT_ALT_NAME_INFO)Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_ALT_NAME_INFO));
for (int j = 0; j < cert_alt_name_info.cAltEntry; j++)
{
IntPtr ptr = new IntPtr(((long)cert_alt_name_info.rgAltEntry) + (j * Marshal.SizeOf(typeof(CAPIBase.CERT_ALT_NAME_ENTRY))));
CAPIBase.CERT_ALT_NAME_ENTRY cert_alt_name_entry = (CAPIBase.CERT_ALT_NAME_ENTRY)Marshal.PtrToStructure(ptr, typeof(CAPIBase.CERT_ALT_NAME_ENTRY));
switch (dwDisplayType)
{
case 6:
if (cert_alt_name_entry.dwAltNameChoice == 3)
{
str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszDNSName);
}
break;
case 7:
if (cert_alt_name_entry.dwAltNameChoice == 7)
{
str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszURL);
}
break;
case 8:
if (cert_alt_name_entry.dwAltNameChoice == 1)
{
CAPIBase.CERT_OTHER_NAME cert_other_name = (CAPIBase.CERT_OTHER_NAME)Marshal.PtrToStructure(cert_alt_name_entry.Value.pOtherName, typeof(CAPIBase.CERT_OTHER_NAME));
if (cert_other_name.pszObjId == "1.3.6.1.4.1.311.20.2.3")
{
uint num6 = 0;
SafeLocalAllocHandle handle3 = null;
if (CAPI.DecodeObject(new IntPtr(0x18L), System.Security.Cryptography.X509Certificates.X509Utils.PtrToByte(cert_other_name.Value.pbData, cert_other_name.Value.cbData), out handle3, out num6))
{
CAPIBase.CERT_NAME_VALUE cert_name_value = (CAPIBase.CERT_NAME_VALUE)Marshal.PtrToStructure(handle3.DangerousGetHandle(), typeof(CAPIBase.CERT_NAME_VALUE));
if (System.Security.Cryptography.X509Certificates.X509Utils.IsCertRdnCharString(cert_name_value.dwValueType))
{
str = Marshal.PtrToStringUni(cert_name_value.Value.pbData);
}
handle3.Dispose();
}
}
}
break;
}
}
decodedValue.Dispose();
}
}
}
if ((nameType != X509NameType.DnsName) || ((str != null) && (str.Length != 0)))
{
return(str);
}
return(CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, 3));
}
public override string GetNameInfo (X509NameType nameType, bool forIssuer)
{
return FallbackImpl.GetNameInfo (nameType, forIssuer);
}
public string GetNameInfo (X509NameType nameType, bool forIssuer)
{
switch (nameType) {
case X509NameType.SimpleName:
if (_cert == null)
throw new CryptographicException (empty_error);
// return CN= or, if missing, the first part of the DN
ASN1 sn = forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName ();
ASN1 dn = Find (commonName, sn);
if (dn != null)
return GetValueAsString (dn);
if (sn.Count == 0)
return String.Empty;
ASN1 last_entry = sn [sn.Count - 1];
if (last_entry.Count == 0)
return String.Empty;
return GetValueAsString (last_entry [0]);
case X509NameType.EmailName:
// return the E= part of the DN (if present)
ASN1 e = Find (email, forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName ());
if (e != null)
return GetValueAsString (e);
return String.Empty;
case X509NameType.UpnName:
// FIXME - must find/create test case
return String.Empty;
case X509NameType.DnsName:
// return the CN= part of the DN (if present)
ASN1 cn = Find (commonName, forIssuer ? _cert.GetIssuerName () : _cert.GetSubjectName ());
if (cn != null)
return GetValueAsString (cn);
return String.Empty;
case X509NameType.DnsFromAlternativeName:
// FIXME - must find/create test case
return String.Empty;
case X509NameType.UrlName:
// FIXME - must find/create test case
return String.Empty;
default:
throw new ArgumentException ("nameType");
}
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
return default(string);
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
using (SafeBioHandle bioHandle = Interop.Crypto.GetX509NameInfo(_cert, (int)nameType, forIssuer))
{
if (bioHandle.IsInvalid)
{
return "";
}
int bioSize = Interop.Crypto.GetMemoryBioSize(bioHandle);
// Ensure space for the trailing \0
StringBuilder builder = new StringBuilder(bioSize + 1);
int read = Interop.Crypto.BioGets(bioHandle, builder, builder.Capacity);
if (read < 0)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
return builder.ToString();
}
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
using (SafeBioHandle bioHandle = Interop.Crypto.GetX509NameInfo(_cert, (int)nameType, forIssuer))
{
if (bioHandle.IsInvalid)
{
return "";
}
int bioSize = Interop.Crypto.GetMemoryBioSize(bioHandle);
// Ensure space for the trailing \0
var buf = new byte[bioSize + 1];
int read = Interop.Crypto.BioGets(bioHandle, buf, buf.Length);
if (read < 0)
{
throw Interop.Crypto.CreateOpenSslCryptographicException();
}
return Encoding.UTF8.GetString(buf, 0, read);
}
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
return(default(string));
}
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer) {
uint issuerFlag = forIssuer ? CAPI.CERT_NAME_ISSUER_FLAG : 0;
uint type = X509Utils.MapNameType(nameType);
switch(type) {
case CAPI.CERT_NAME_SIMPLE_DISPLAY_TYPE:
return CAPI.GetCertNameInfo(m_safeCertContext, issuerFlag, type);
case CAPI.CERT_NAME_EMAIL_TYPE:
return CAPI.GetCertNameInfo(m_safeCertContext, issuerFlag, type);
}
string name = String.Empty;
// If the type requested is not supported in downlevel platforms; we try to decode the alt name extension by hand.
CAPI.CERT_CONTEXT pCertContext = *((CAPI.CERT_CONTEXT*) m_safeCertContext.DangerousGetHandle());
CAPI.CERT_INFO pCertInfo = (CAPI.CERT_INFO) Marshal.PtrToStructure(pCertContext.pCertInfo, typeof(CAPI.CERT_INFO));
IntPtr[] pAltName = new IntPtr[2];
pAltName[0] = CAPI.CertFindExtension(forIssuer ? CAPI.szOID_ISSUER_ALT_NAME : CAPI.szOID_SUBJECT_ALT_NAME,
pCertInfo.cExtension,
pCertInfo.rgExtension);
pAltName[1] = CAPI.CertFindExtension(forIssuer ? CAPI.szOID_ISSUER_ALT_NAME2 : CAPI.szOID_SUBJECT_ALT_NAME2,
pCertInfo.cExtension,
pCertInfo.rgExtension);
for (int i = 0; i < pAltName.Length; i++) {
if (pAltName[i] != IntPtr.Zero) {
CAPI.CERT_EXTENSION extension = (CAPI.CERT_EXTENSION) Marshal.PtrToStructure(pAltName[i], typeof(CAPI.CERT_EXTENSION));
byte[] rawData = new byte[extension.Value.cbData];
Marshal.Copy(extension.Value.pbData, rawData, 0, rawData.Length);
uint cbDecoded = 0;
SafeLocalAllocHandle decoded = null;
// Decode the extension.
SafeLocalAllocHandle ptr = X509Utils.StringToAnsiPtr(extension.pszObjId);
bool result = CAPI.DecodeObject(ptr.DangerousGetHandle(),
rawData,
out decoded,
out cbDecoded);
ptr.Dispose();
if (result) {
CAPI.CERT_ALT_NAME_INFO altNameInfo = (CAPI.CERT_ALT_NAME_INFO) Marshal.PtrToStructure(decoded.DangerousGetHandle(), typeof(CAPI.CERT_ALT_NAME_INFO));
for (int index = 0; index < altNameInfo.cAltEntry; index++) {
IntPtr pAltInfoPtr = new IntPtr((long) altNameInfo.rgAltEntry + index * Marshal.SizeOf(typeof(CAPI.CERT_ALT_NAME_ENTRY)));
CAPI.CERT_ALT_NAME_ENTRY altNameEntry = (CAPI.CERT_ALT_NAME_ENTRY) Marshal.PtrToStructure(pAltInfoPtr, typeof(CAPI.CERT_ALT_NAME_ENTRY));
switch(type) {
case CAPI.CERT_NAME_UPN_TYPE:
if (altNameEntry.dwAltNameChoice == CAPI.CERT_ALT_NAME_OTHER_NAME) {
CAPI.CERT_OTHER_NAME otherName = (CAPI.CERT_OTHER_NAME) Marshal.PtrToStructure(altNameEntry.Value.pOtherName, typeof(CAPI.CERT_OTHER_NAME));
if (otherName.pszObjId == CAPI.szOID_NT_PRINCIPAL_NAME) {
uint cbUpnName = 0;
SafeLocalAllocHandle pUpnName = null;
result = CAPI.DecodeObject(new IntPtr(CAPI.X509_UNICODE_ANY_STRING),
X509Utils.PtrToByte(otherName.Value.pbData, otherName.Value.cbData),
out pUpnName,
out cbUpnName);
if (result) {
CAPI.CERT_NAME_VALUE nameValue = (CAPI.CERT_NAME_VALUE) Marshal.PtrToStructure(pUpnName.DangerousGetHandle(), typeof(CAPI.CERT_NAME_VALUE));
if (X509Utils.IsCertRdnCharString(nameValue.dwValueType))
name = Marshal.PtrToStringUni(nameValue.Value.pbData);
pUpnName.Dispose();
}
}
}
break;
case CAPI.CERT_NAME_DNS_TYPE:
if (altNameEntry.dwAltNameChoice == CAPI.CERT_ALT_NAME_DNS_NAME)
name = Marshal.PtrToStringUni(altNameEntry.Value.pwszDNSName);
break;
case CAPI.CERT_NAME_URL_TYPE:
if (altNameEntry.dwAltNameChoice == CAPI.CERT_ALT_NAME_URL)
name = Marshal.PtrToStringUni(altNameEntry.Value.pwszURL);
break;
}
}
decoded.Dispose();
}
}
}
if (nameType == X509NameType.DnsName) {
// If no DNS name is found in the CERT_ALT_NAME extension, return the CommonName.
// Commercial CAs such as Verisign don't include a SubjectAltName extension in the certificates they use for SSL server authentication.
// Instead they use the CommonName in the subject RDN as the server's DNS name.
if (name == null || name.Length == 0)
name = CAPI.GetCertNameInfo(m_safeCertContext, issuerFlag, CAPI.CERT_NAME_ATTR_TYPE);
}
return name;
}
public unsafe string GetNameInfo(X509NameType nameType, bool forIssuer)
{
uint dwFlags = forIssuer ? 1 : 0;
uint dwDisplayType = System.Security.Cryptography.X509Certificates.X509Utils.MapNameType(nameType);
switch (dwDisplayType)
{
case 1:
return CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType);
case 4:
return CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, dwDisplayType);
}
string str = string.Empty;
CAPIBase.CERT_CONTEXT cert_context = *((CAPIBase.CERT_CONTEXT*) this.m_safeCertContext.DangerousGetHandle());
CAPIBase.CERT_INFO cert_info = (CAPIBase.CERT_INFO) Marshal.PtrToStructure(cert_context.pCertInfo, typeof(CAPIBase.CERT_INFO));
IntPtr[] ptrArray = new IntPtr[] { CAPISafe.CertFindExtension(forIssuer ? "2.5.29.8" : "2.5.29.7", cert_info.cExtension, cert_info.rgExtension), CAPISafe.CertFindExtension(forIssuer ? "2.5.29.18" : "2.5.29.17", cert_info.cExtension, cert_info.rgExtension) };
for (int i = 0; i < ptrArray.Length; i++)
{
if (ptrArray[i] != IntPtr.Zero)
{
CAPIBase.CERT_EXTENSION cert_extension = (CAPIBase.CERT_EXTENSION) Marshal.PtrToStructure(ptrArray[i], typeof(CAPIBase.CERT_EXTENSION));
byte[] destination = new byte[cert_extension.Value.cbData];
Marshal.Copy(cert_extension.Value.pbData, destination, 0, destination.Length);
uint cbDecodedValue = 0;
SafeLocalAllocHandle decodedValue = null;
SafeLocalAllocHandle handle2 = System.Security.Cryptography.X509Certificates.X509Utils.StringToAnsiPtr(cert_extension.pszObjId);
bool flag = CAPI.DecodeObject(handle2.DangerousGetHandle(), destination, out decodedValue, out cbDecodedValue);
handle2.Dispose();
if (flag)
{
CAPIBase.CERT_ALT_NAME_INFO cert_alt_name_info = (CAPIBase.CERT_ALT_NAME_INFO) Marshal.PtrToStructure(decodedValue.DangerousGetHandle(), typeof(CAPIBase.CERT_ALT_NAME_INFO));
for (int j = 0; j < cert_alt_name_info.cAltEntry; j++)
{
IntPtr ptr = new IntPtr(((long) cert_alt_name_info.rgAltEntry) + (j * Marshal.SizeOf(typeof(CAPIBase.CERT_ALT_NAME_ENTRY))));
CAPIBase.CERT_ALT_NAME_ENTRY cert_alt_name_entry = (CAPIBase.CERT_ALT_NAME_ENTRY) Marshal.PtrToStructure(ptr, typeof(CAPIBase.CERT_ALT_NAME_ENTRY));
switch (dwDisplayType)
{
case 6:
if (cert_alt_name_entry.dwAltNameChoice == 3)
{
str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszDNSName);
}
break;
case 7:
if (cert_alt_name_entry.dwAltNameChoice == 7)
{
str = Marshal.PtrToStringUni(cert_alt_name_entry.Value.pwszURL);
}
break;
case 8:
if (cert_alt_name_entry.dwAltNameChoice == 1)
{
CAPIBase.CERT_OTHER_NAME cert_other_name = (CAPIBase.CERT_OTHER_NAME) Marshal.PtrToStructure(cert_alt_name_entry.Value.pOtherName, typeof(CAPIBase.CERT_OTHER_NAME));
if (cert_other_name.pszObjId == "1.3.6.1.4.1.311.20.2.3")
{
uint num6 = 0;
SafeLocalAllocHandle handle3 = null;
if (CAPI.DecodeObject(new IntPtr(0x18L), System.Security.Cryptography.X509Certificates.X509Utils.PtrToByte(cert_other_name.Value.pbData, cert_other_name.Value.cbData), out handle3, out num6))
{
CAPIBase.CERT_NAME_VALUE cert_name_value = (CAPIBase.CERT_NAME_VALUE) Marshal.PtrToStructure(handle3.DangerousGetHandle(), typeof(CAPIBase.CERT_NAME_VALUE));
if (System.Security.Cryptography.X509Certificates.X509Utils.IsCertRdnCharString(cert_name_value.dwValueType))
{
str = Marshal.PtrToStringUni(cert_name_value.Value.pbData);
}
handle3.Dispose();
}
}
}
break;
}
}
decodedValue.Dispose();
}
}
}
if ((nameType != X509NameType.DnsName) || ((str != null) && (str.Length != 0)))
{
return str;
}
return CAPI.GetCertNameInfo(this.m_safeCertContext, dwFlags, 3);
}
public abstract string GetNameInfo(X509NameType nameType, bool forIssuer);
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
// Algorithm behaviors (pseudocode). When forIssuer is true, replace "Subject" with "Issuer" and
// SAN (Subject Alternative Names) with IAN (Issuer Alternative Names).
//
// SimpleName: Subject[CN] ?? Subject[OU] ?? Subject[O] ?? Subject[E] ?? Subject.Rdns.FirstOrDefault() ??
// SAN.Entries.FirstOrDefault(type == GEN_EMAIL);
// EmailName: SAN.Entries.FirstOrDefault(type == GEN_EMAIL) ?? Subject[E];
// UpnName: SAN.Entries.FirsOrDefaultt(type == GEN_OTHER && entry.AsOther().OID == szOidUpn).AsOther().Value;
// DnsName: SAN.Entries.FirstOrDefault(type == GEN_DNS) ?? Subject[CN];
// DnsFromAlternativeName: SAN.Entries.FirstOrDefault(type == GEN_DNS);
// UrlName: SAN.Entries.FirstOrDefault(type == GEN_URI);
if (nameType == X509NameType.SimpleName)
{
X500DistinguishedName name = forIssuer ? Issuer : Subject;
string candidate = GetSimpleNameInfo(name);
if (candidate != null)
{
return(candidate);
}
}
// Check the Subject Alternative Name (or Issuer Alternative Name) for the right value;
{
string extensionId = forIssuer ? Oids.IssuerAltName : Oids.SubjectAltName;
GeneralNameType?matchType = null;
string otherOid = null;
// Currently all X509NameType types have a path where they look at the SAN/IAN,
// but we need to figure out which kind they want.
switch (nameType)
{
case X509NameType.DnsName:
case X509NameType.DnsFromAlternativeName:
matchType = GeneralNameType.DnsName;
break;
case X509NameType.SimpleName:
case X509NameType.EmailName:
matchType = GeneralNameType.Email;
break;
case X509NameType.UpnName:
matchType = GeneralNameType.OtherName;
otherOid = Oids.UserPrincipalName;
break;
case X509NameType.UrlName:
matchType = GeneralNameType.UniformResourceIdentifier;
break;
}
if (matchType.HasValue)
{
foreach (X509Extension extension in Extensions)
{
if (extension.Oid.Value == extensionId)
{
string candidate = FindAltNameMatch(extension.RawData, matchType.Value, otherOid);
if (candidate != null)
{
return(candidate);
}
}
}
}
else
{
Debug.Fail($"Unresolved matchType for X509NameType.{nameType}");
}
}
// Subject-based fallback
{
string expectedKey = null;
switch (nameType)
{
case X509NameType.EmailName:
expectedKey = Oids.EmailAddress;
break;
case X509NameType.DnsName:
// Note: This does not include DnsFromAlternativeName, since
// the subject (or issuer) is not the Alternative Name.
expectedKey = Oids.CommonName;
break;
}
if (expectedKey != null)
{
X500DistinguishedName name = forIssuer ? Issuer : Subject;
foreach (var kvp in ReadReverseRdns(name))
{
if (kvp.Key == expectedKey)
{
return(kvp.Value);
}
}
}
}
return("");
}
public string GetNameInfo (X509NameType nameType, bool forIssuer)
{
return null;
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
return(Pal.GetNameInfo(nameType, forIssuer));
}
public string GetNameInfo(X509NameType nameType, bool forIssuer)
{
switch (nameType)
{
case X509NameType.SimpleName:
{
if (this._cert == null)
{
throw new CryptographicException(X509Certificate2.empty_error);
}
ASN1 asn = (!forIssuer) ? this._cert.GetSubjectName() : this._cert.GetIssuerName();
ASN1 asn2 = this.Find(X509Certificate2.commonName, asn);
if (asn2 != null)
{
return(this.GetValueAsString(asn2));
}
if (asn.Count == 0)
{
return(string.Empty);
}
ASN1 asn3 = asn[asn.Count - 1];
if (asn3.Count == 0)
{
return(string.Empty);
}
return(this.GetValueAsString(asn3[0]));
}
case X509NameType.EmailName:
{
ASN1 asn4 = this.Find(X509Certificate2.email, (!forIssuer) ? this._cert.GetSubjectName() : this._cert.GetIssuerName());
if (asn4 != null)
{
return(this.GetValueAsString(asn4));
}
return(string.Empty);
}
case X509NameType.UpnName:
return(string.Empty);
case X509NameType.DnsName:
{
ASN1 asn5 = this.Find(X509Certificate2.commonName, (!forIssuer) ? this._cert.GetSubjectName() : this._cert.GetIssuerName());
if (asn5 != null)
{
return(this.GetValueAsString(asn5));
}
return(string.Empty);
}
case X509NameType.DnsFromAlternativeName:
return(string.Empty);
case X509NameType.UrlName:
return(string.Empty);
default:
throw new ArgumentException("nameType");
}
}
