| public Add ( Mono.Security.X509.X509Certificate value ) : int | ||
| value | Mono.Security.X509.X509Certificate | |
| return | int | |
protected override void ProcessAsTls1()
{
certificates = new Mono.Security.X509.X509CertificateCollection();
int num = 0;
int num2 = ReadInt24();
while (num < num2)
{
int num3 = ReadInt24();
num += 3;
if (num3 > 0)
{
byte[] data = ReadBytes(num3);
Mono.Security.X509.X509Certificate value = new Mono.Security.X509.X509Certificate(data);
certificates.Add(value);
num += num3;
}
}
validateCertificates(certificates);
}
protected override void ProcessAsTls1()
{
int num = 0;
int num2 = ReadInt24();
clientCertificates = new Mono.Security.X509.X509CertificateCollection();
while (num2 > num)
{
int num3 = ReadInt24();
num += num3 + 3;
byte[] data = ReadBytes(num3);
clientCertificates.Add(new Mono.Security.X509.X509Certificate(data));
}
if (clientCertificates.Count > 0)
{
validateCertificates(clientCertificates);
}
else if ((base.Context as ServerContext).ClientCertificateRequired)
{
throw new TlsException(AlertDescription.NoCertificate);
}
}
static X509CertificateCollection DecodeCollection ()
{
X509CertificateCollection roots = new X509CertificateCollection ();
StringBuilder sb = new StringBuilder ();
bool processing = false;
using (Stream s = GetFile ()) {
if (s == null) {
WriteLine ("Couldn't retrieve the file using the supplied information.");
return null;
}
StreamReader sr = new StreamReader (s);
while (true) {
string line = sr.ReadLine ();
if (line == null)
break;
if (processing) {
if (line.StartsWith ("-----END CERTIFICATE-----")) {
processing = false;
X509Certificate root = DecodeCertificate (sb.ToString ());
roots.Add (root);
sb = new StringBuilder ();
continue;
}
sb.Append (line);
} else {
processing = line.StartsWith ("-----BEGIN CERTIFICATE-----");
}
}
return roots;
}
}
static int Process ()
{
X509CertificateCollection roots = DecodeCollection ();
if (roots == null) {
return 1;
} else if (roots.Count == 0) {
WriteLine ("No certificates were found.");
return 0;
}
X509Stores stores;
if (userStore)
stores = btlsStore ? X509StoreManager.NewCurrentUser : X509StoreManager.CurrentUser;
else
stores = btlsStore ? X509StoreManager.NewLocalMachine : X509StoreManager.LocalMachine;
X509Store store = stores.TrustedRoot;
X509CertificateCollection trusted = store.Certificates;
int additions = 0;
WriteLine ("I already trust {0}, your new list has {1}", trusted.Count, roots.Count);
foreach (X509Certificate root in roots) {
if (!trusted.Contains (root)) {
try {
store.Import (root);
WriteLine ("Certificate added: {0}", root.SubjectName);
additions++;
} catch (Exception e) {
WriteLine ("Warning: Could not import {0}", root.SubjectName);
WriteLine (e.ToString ());
}
}
}
if (additions > 0)
WriteLine ("{0} new root certificates were added to your trust store.", additions);
X509CertificateCollection removed = new X509CertificateCollection ();
foreach (X509Certificate trust in trusted) {
if (!roots.Contains (trust)) {
removed.Add (trust);
}
}
if (removed.Count > 0) {
WriteLine ("{0} previously trusted certificates were removed.", removed.Count);
foreach (X509Certificate old in removed) {
store.Remove (old);
WriteLine ("Certificate removed: {0}", old.SubjectName);
}
}
WriteLine ("Import process completed.");
return 0;
}
private X509CertificateCollection BuildCertificatesCollection (string storeName)
{
X509CertificateCollection coll = new X509CertificateCollection ();
string path = Path.Combine (_storePath, storeName);
if (!CheckStore (path, false))
return coll; // empty collection
string[] files = Directory.GetFiles (path, "*.cer");
if ((files != null) && (files.Length > 0)) {
foreach (string file in files) {
try {
X509Certificate cert = LoadCertificate (file);
coll.Add (cert);
}
catch {
// in case someone is dumb enough
// (like me) to include a base64
// encoded certs (or other junk
// into the store).
}
}
}
return coll;
}
public bool Build (X509Certificate leaf)
{
_status = X509ChainStatusFlags.NoError;
if (_chain == null) {
// chain not supplied - we must built it ourselve
_chain = new X509CertificateCollection ();
X509Certificate x = leaf;
X509Certificate tmp = null;
while ((x != null) && (!x.IsSelfSigned)) {
tmp = FindCertificateParent (x);
if (x != null) {
_chain.Add (x);
x = tmp; // last valid
}
}
// find a trusted root
_root = FindCertificateRoot (tmp);
}
else {
// chain supplied - still have to check signatures!
int last = _chain.Count;
if (last > 0) {
if (IsParent (leaf, _chain [0])) {
int i = 1;
for (; i < last; i++) {
if (!IsParent (_chain [i-1], _chain [i]))
break;
}
if (i == last)
_root = FindCertificateRoot (_chain [last - 1]);
}
}
else {
// is the leaf a root ? (trusted or untrusted)
_root = FindCertificateRoot (leaf);
}
}
// validate the chain
if ((_chain != null) && (_status == X509ChainStatusFlags.NoError)) {
foreach (X509Certificate x in _chain) {
// validate dates for each certificate in the chain
// note: we DO NOT check for nested date/time
if (!IsValid (x)) {
return false;
}
}
// check leaf
if (!IsValid (leaf)) {
// switch status code if the failure is expiration
if (_status == X509ChainStatusFlags.NotTimeNested)
_status = X509ChainStatusFlags.NotTimeValid;
return false;
}
// check root
if ((_root != null) && !IsValid (_root)) {
return false;
}
}
return (_status == X509ChainStatusFlags.NoError);
}
static int Process ()
{
X509CertificateCollection roots = DecodeCollection ();
if (roots == null) {
return 1;
} else if (roots.Count == 0) {
WriteLine ("No certificates were found.");
return 0;
}
if (pkcs7filename != null) {
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate ();
pkcs7.Certificates.AddRange (roots);
WriteLine ("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite (pkcs7filename)) {
byte[] data = pkcs7.GetBytes ();
fs.Write (data, 0, data.Length);
fs.Close ();
}
}
if (import) {
WriteLine ("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots) {
if (!trusted.Contains (root)) {
if (!confirmAddition || AskConfirmation ("add", root)) {
stores.TrustedRoot.Import (root);
if (confirmAddition)
WriteLine ("Certificate added.{0}", Environment.NewLine);
additions++;
}
}
}
if (additions > 0)
WriteLine ("{0} new root certificates were added to your trust store.", additions);
X509CertificateCollection removed = new X509CertificateCollection ();
foreach (X509Certificate trust in trusted) {
if (!roots.Contains (trust)) {
removed.Add (trust);
}
}
if (removed.Count > 0) {
if (confirmRemoval) {
WriteLine ("{0} previously trusted certificates were not part of the update.", removed.Count);
} else {
WriteLine ("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed) {
if (!confirmRemoval || AskConfirmation ("remove", old)) {
stores.TrustedRoot.Remove (old);
if (confirmRemoval)
WriteLine ("Certificate removed.{0}", Environment.NewLine);
}
}
}
WriteLine ("Import process completed.{0}", Environment.NewLine);
}
return 0;
}
static X509CertificateCollection DecodeCollection ()
{
X509CertificateCollection roots = new X509CertificateCollection ();
StringBuilder sb = new StringBuilder ();
bool processing = false;
Stream s = GetFile ();
if (s == null) {
WriteLine ("Couldn't retrieve the file using the supplied informations.");
return null;
}
StreamReader sr = new StreamReader (s);
while (true) {
string line = sr.ReadLine ();
if (line == null)
break;
int start = line.IndexOf ("</a> ");
if (start < 0)
continue;
if (processing) {
if (line.IndexOf ("END") > start) {
processing = false;
X509Certificate root = DecodeCertificate (sb.ToString ());
roots.Add (root);
sb = new StringBuilder ();
continue;
}
sb.Append (line.Substring (start + 5));
} else {
processing = (line.IndexOf ("CKA_VALUE MULTILINE_OCTAL") > start);
}
}
return roots;
}
public SignedData (ASN1 asn1)
{
if ((asn1[0].Tag != 0x30) || (asn1[0].Count < 4))
throw new ArgumentException ("Invalid SignedData");
if (asn1[0][0].Tag != 0x02)
throw new ArgumentException ("Invalid version");
version = asn1[0][0].Value[0];
contentInfo = new ContentInfo (asn1[0][2]);
int n = 3;
certs = new X509CertificateCollection ();
if (asn1[0][n].Tag == 0xA0) {
for (int i=0; i < asn1[0][n].Count; i++)
certs.Add (new X509Certificate (asn1[0][n][i].GetBytes ()));
n++;
}
crls = new ArrayList ();
if (asn1[0][n].Tag == 0xA1) {
for (int i=0; i < asn1[0][n].Count; i++)
crls.Add (asn1[0][n][i].GetBytes ());
n++;
}
if (asn1[0][n].Count > 0)
signerInfo = new SignerInfo (asn1[0][n]);
else
signerInfo = new SignerInfo ();
// Exchange hash algorithm Oid from SignerInfo
if (signerInfo.HashName != null) {
HashName = OidToName(signerInfo.HashName);
}
// Check if SignerInfo has authenticated attributes
mda = (signerInfo.AuthenticatedAttributes.Count > 0);
}
public bool Build(X509Certificate leaf)
{
_status = X509ChainStatusFlags.NoError;
if (_chain == null)
{
// chain not supplied - we must build it ourselve
_chain = new X509CertificateCollection();
X509Certificate x = leaf;
X509Certificate tmp = x;
while ((x != null) && (!x.IsSelfSigned))
{
tmp = x; // last valid
_chain.Add(x);
x = FindCertificateParent(x);
}
// find a trusted root
_root = FindCertificateRoot(tmp);
}
else
{
// chain supplied - still have to check signatures!
int last = _chain.Count;
if (last > 0)
{
if (IsParent(leaf, _chain [0]))
{
int i = 1;
for (; i < last; i++)
{
if (!IsParent(_chain [i - 1], _chain [i]))
{
break;
}
}
if (i == last)
{
_root = FindCertificateRoot(_chain [last - 1]);
}
}
}
else
{
// is the leaf a root ? (trusted or untrusted)
_root = FindCertificateRoot(leaf);
}
}
// validate the chain
if ((_chain != null) && (_status == X509ChainStatusFlags.NoError))
{
foreach (X509Certificate x in _chain)
{
// validate dates for each certificate in the chain
// note: we DO NOT check for nested date/time
if (!IsValid(x))
{
return(false);
}
}
// check leaf
if (!IsValid(leaf))
{
// switch status code if the failure is expiration
if (_status == X509ChainStatusFlags.NotTimeNested)
{
_status = X509ChainStatusFlags.NotTimeValid;
}
return(false);
}
// check root
if ((_root != null) && !IsValid(_root))
{
return(false);
}
}
return(_status == X509ChainStatusFlags.NoError);
}
// methods
public void LoadCertificate(X509Certificate x509)
{
certs.Add(x509);
}
public bool Build(X509Certificate leaf)
{
_status = X509ChainStatusFlags.NoError;
if (_chain == null)
{
_chain = new X509CertificateCollection();
X509Certificate x509Certificate = leaf;
X509Certificate potentialRoot = x509Certificate;
while (x509Certificate != null && !x509Certificate.IsSelfSigned)
{
potentialRoot = x509Certificate;
_chain.Add(x509Certificate);
x509Certificate = FindCertificateParent(x509Certificate);
}
_root = FindCertificateRoot(potentialRoot);
}
else
{
int count = _chain.Count;
if (count > 0)
{
if (IsParent(leaf, _chain[0]))
{
int i;
for (i = 1; i < count && IsParent(_chain[i - 1], _chain[i]); i++)
{
}
if (i == count)
{
_root = FindCertificateRoot(_chain[count - 1]);
}
}
}
else
{
_root = FindCertificateRoot(leaf);
}
}
if (_chain != null && _status == X509ChainStatusFlags.NoError)
{
foreach (X509Certificate item in _chain)
{
if (!IsValid(item))
{
return(false);
}
}
if (!IsValid(leaf))
{
if (_status == X509ChainStatusFlags.NotTimeNested)
{
_status = X509ChainStatusFlags.NotTimeValid;
}
return(false);
}
if (_root != null && !IsValid(_root))
{
return(false);
}
}
return(_status == X509ChainStatusFlags.NoError);
}
static TrustAnchors ()
{
coll = new X509CertificateCollection ();
coll.Add (new X509Certificate (msroot));
coll.Add (new X509Certificate (verisign));
coll.Add (new X509Certificate (verisign_ts_root));
coll.Add (new X509Certificate (thawte));
}
static int Process ()
{
ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
Console.WriteLine ("WARNING: Downloading the trusted certificate list couldn't be done securely (error: {0}), continuing anyway. If you're using mozroots to bootstrap Mono's trust store on a clean system this might be OK, otherwise it could indicate a network intrusion. Please ensure you're using a trusted network or move to cert-sync.", sslPolicyErrors);
// this is very bad, but on a clean system without an existing trust store we don't really have a better option
return true;
};
X509CertificateCollection roots = DecodeCollection ();
if (roots == null) {
return 1;
} else if (roots.Count == 0) {
WriteLine ("No certificates were found.");
return 0;
}
if (pkcs7filename != null) {
SoftwarePublisherCertificate pkcs7 = new SoftwarePublisherCertificate ();
pkcs7.Certificates.AddRange (roots);
WriteLine ("Saving root certificates into '{0}' file...", pkcs7filename);
using (FileStream fs = File.OpenWrite (pkcs7filename)) {
byte[] data = pkcs7.GetBytes ();
fs.Write (data, 0, data.Length);
fs.Close ();
}
}
if (import) {
WriteLine ("Importing certificates into {0} store...",
machine ? "machine" : "user");
X509Stores stores = (machine ? X509StoreManager.LocalMachine : X509StoreManager.CurrentUser);
X509CertificateCollection trusted = stores.TrustedRoot.Certificates;
int additions = 0;
foreach (X509Certificate root in roots) {
if (!trusted.Contains (root)) {
if (!confirmAddition || AskConfirmation ("add", root)) {
stores.TrustedRoot.Import (root);
if (confirmAddition)
WriteLine ("Certificate added.{0}", Environment.NewLine);
additions++;
}
}
}
if (additions > 0)
WriteLine ("{0} new root certificates were added to your trust store.", additions);
X509CertificateCollection removed = new X509CertificateCollection ();
foreach (X509Certificate trust in trusted) {
if (!roots.Contains (trust)) {
removed.Add (trust);
}
}
if (removed.Count > 0) {
if (confirmRemoval) {
WriteLine ("{0} previously trusted certificates were not part of the update.", removed.Count);
} else {
WriteLine ("{0} previously trusted certificates were removed.", removed.Count);
}
foreach (X509Certificate old in removed) {
if (!confirmRemoval || AskConfirmation ("remove", old)) {
stores.TrustedRoot.Remove (old);
if (confirmRemoval)
WriteLine ("Certificate removed.{0}", Environment.NewLine);
}
}
}
WriteLine ("Import process completed.{0}", Environment.NewLine);
}
return 0;
}
