public static string ConvertDistinguishedNameToString(X500DistinguishedName dnString)
{
string name = dnString.Name;
bool flag = false;
string[] strArray = dnString.Decode(X500DistinguishedNameFlags.UseNewLines).Split(new char[] { '\n', '\r' }, StringSplitOptions.RemoveEmptyEntries);
if (strArray.Length > 0)
{
flag = true;
string pairAndValue = string.Empty;
for (int i = 0; i < strArray.Length; i++)
{
pairAndValue = strArray[i];
Pair pair = ConvertStringToPair(pairAndValue);
if (string.Equals((string) pair.First, "CN", StringComparison.OrdinalIgnoreCase))
{
name = (string) pair.Second;
flag = false;
break;
}
}
}
else
{
name = (string) ConvertStringToPair(name).Second;
flag = false;
}
if (flag)
{
name = dnString.Name;
}
return name;
}
// of all X500DistinguishedNameFlags flags nothing can do a "correct" comparison :|
internal static bool AreEqual(X500DistinguishedName name1, X500DistinguishedName name2)
{
if (name1 == null)
{
return(name2 == null);
}
if (name2 == null)
{
return(false);
}
if (name1.canonEncoding != null && name2.canonEncoding != null)
{
if (name1.canonEncoding.Length != name2.canonEncoding.Length)
{
return(false);
}
for (int i = 0; i < name1.canonEncoding.Length; i++)
{
if (name1.canonEncoding[i] != name2.canonEncoding[2])
{
return(false);
}
}
return(true);
}
X500DistinguishedNameFlags flags = X500DistinguishedNameFlags.UseNewLines | X500DistinguishedNameFlags.DoNotUseQuotes;
string[] split = new string[] { Environment.NewLine };
string[] parts1 = name1.Decode(flags).Split(split, StringSplitOptions.RemoveEmptyEntries);
string[] parts2 = name2.Decode(flags).Split(split, StringSplitOptions.RemoveEmptyEntries);
if (parts1.Length != parts2.Length)
{
return(false);
}
for (int i = 0; i < parts1.Length; i++)
{
if (Canonize(parts1[i]) != Canonize(parts2[i]))
{
return(false);
}
}
return(true);
}
// of all X500DistinguishedNameFlags flags nothing can do a "correct" comparison :|
internal static bool AreEqual (X500DistinguishedName name1, X500DistinguishedName name2)
{
if (name1 == null)
return (name2 == null);
if (name2 == null)
return false;
if (name1.canonEncoding != null && name2.canonEncoding != null) {
if (name1.canonEncoding.Length != name2.canonEncoding.Length)
return false;
for (int i = 0; i < name1.canonEncoding.Length; i++) {
if (name1.canonEncoding[i] != name2.canonEncoding[i])
return false;
}
return true;
}
X500DistinguishedNameFlags flags = X500DistinguishedNameFlags.UseNewLines | X500DistinguishedNameFlags.DoNotUseQuotes;
string[] split = new string[] { Environment.NewLine };
string[] parts1 = name1.Decode (flags).Split (split, StringSplitOptions.RemoveEmptyEntries);
string[] parts2 = name2.Decode (flags).Split (split, StringSplitOptions.RemoveEmptyEntries);
if (parts1.Length != parts2.Length)
return false;
for (int i = 0; i < parts1.Length; i++) {
if (Canonize (parts1[i]) != Canonize (parts2[i]))
return false;
}
return true;
}
private void Empty (X500DistinguishedName dn)
{
Assert.AreEqual (String.Empty, dn.Name, "Name");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.None), "Decode(None)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.Reversed), "Decode(Reversed)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.UseSemicolons), "Decode(UseSemicolons)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.DoNotUsePlusSign), "Decode(DoNotUsePlusSign)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.DoNotUseQuotes), "Decode(DoNotUseQuotes)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.UseCommas), "Decode(UseCommas)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.UseNewLines), "Decode(UseNewLines)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.UseUTF8Encoding), "Decode(UseUTF8Encoding)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.UseT61Encoding), "Decode(UseT61Encoding)");
Assert.AreEqual (String.Empty, dn.Decode (X500DistinguishedNameFlags.ForceUTF8Encoding), "Decode(ForceUTF8Encoding)");
Assert.AreEqual (String.Empty, dn.Format (true), "Format(true)");
Assert.AreEqual (String.Empty, dn.Format (false), "Format(false)");
}
public void Decode_Separators ()
{
string semicolons = "C=US; O=\"RSA Data Security, Inc.\"; OU=Secure Server Certification Authority";
string newline = String.Format ("C=US{0}O=\"RSA Data Security, Inc.\"{0}OU=Secure Server Certification Authority", Environment.NewLine);
X500DistinguishedName dn = new X500DistinguishedName (rname, X500DistinguishedNameFlags.None);
Assert.AreEqual (rname, dn.Name, "Name");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.None), "Decode(None)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseCommas), "Decode(UseCommas)");
Assert.AreEqual (semicolons, dn.Decode (X500DistinguishedNameFlags.UseSemicolons), "Decode(UseCommas|UseSemicolons)");
Assert.AreEqual (newline, dn.Decode (X500DistinguishedNameFlags.UseNewLines), "Decode(UseNewLines)");
Assert.AreEqual (semicolons, dn.Decode (X500DistinguishedNameFlags.UseCommas | X500DistinguishedNameFlags.UseSemicolons), "Decode(UseCommas|UseSemicolons)");
Assert.AreEqual (semicolons, dn.Decode (X500DistinguishedNameFlags.UseNewLines | X500DistinguishedNameFlags.UseSemicolons), "Decode(UseNewLines|UseSemicolons)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseCommas | X500DistinguishedNameFlags.UseNewLines), "Decode(UseCommas|UseNewLines)");
}
public void Constructor_String_Flags_Reversed ()
{
X500DistinguishedName dn = new X500DistinguishedName (name, X500DistinguishedNameFlags.None);
// can't call RsaIssuer because Name is reversed from None in those cases
Assert.AreEqual (name, dn.Name, "Name");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.None), "Decode(None)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.Reversed), "Decode(Reversed)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.DoNotUsePlusSign), "Decode(DoNotUsePlusSign)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.UseCommas), "Decode(UseCommas)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.UseUTF8Encoding), "Decode(UseUTF8Encoding)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.UseT61Encoding), "Decode(UseT61Encoding)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.ForceUTF8Encoding), "Decode(ForceUTF8Encoding)");
}
public void Constructor_String_Flags_None ()
{
X500DistinguishedName dn = new X500DistinguishedName (rname, X500DistinguishedNameFlags.None);
// can't call RsaIssuer because Name is reversed from None in those cases
// i.e. X500DistinguishedName (string) != X500DistinguishedName (string, X500DistinguishedNameFlags)
Assert.AreEqual (rname, dn.Name, "Name");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.None), "Decode(None)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.Reversed), "Decode(Reversed)");
Assert.AreEqual ("C=US; O=\"RSA Data Security, Inc.\"; OU=Secure Server Certification Authority", dn.Decode (X500DistinguishedNameFlags.UseSemicolons), "Decode(UseSemicolons)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.DoNotUsePlusSign), "Decode(DoNotUsePlusSign)");
Assert.AreEqual ("C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority", dn.Decode (X500DistinguishedNameFlags.DoNotUseQuotes), "Decode(DoNotUseQuotes)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseCommas), "Decode(UseCommas)");
string newline = String.Format ("C=US{0}O=\"RSA Data Security, Inc.\"{0}OU=Secure Server Certification Authority", Environment.NewLine);
Assert.AreEqual (newline, dn.Decode (X500DistinguishedNameFlags.UseNewLines), "Decode(UseNewLines)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseUTF8Encoding), "Decode(UseUTF8Encoding)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseT61Encoding), "Decode(UseT61Encoding)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.ForceUTF8Encoding), "Decode(ForceUTF8Encoding)");
}
private void RsaIssuer (X500DistinguishedName dn)
{
Assert.AreEqual (name, dn.Name, "Name");
Assert.AreEqual (97, dn.RawData.Length, "RawData");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.None), "Decode(None)");
Assert.AreEqual (name, dn.Decode (X500DistinguishedNameFlags.Reversed), "Decode(Reversed)");
Assert.AreEqual ("C=US; O=\"RSA Data Security, Inc.\"; OU=Secure Server Certification Authority", dn.Decode (X500DistinguishedNameFlags.UseSemicolons), "Decode(UseSemicolons)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.DoNotUsePlusSign), "Decode(DoNotUsePlusSign)");
Assert.AreEqual ("C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority", dn.Decode (X500DistinguishedNameFlags.DoNotUseQuotes), "Decode(DoNotUseQuotes)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseCommas), "Decode(UseCommas)");
string newline = String.Format ("C=US{0}O=\"RSA Data Security, Inc.\"{0}OU=Secure Server Certification Authority", Environment.NewLine);
Assert.AreEqual (newline, dn.Decode (X500DistinguishedNameFlags.UseNewLines), "Decode(UseNewLines)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseUTF8Encoding), "Decode(UseUTF8Encoding)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.UseT61Encoding), "Decode(UseT61Encoding)");
Assert.AreEqual (rname, dn.Decode (X500DistinguishedNameFlags.ForceUTF8Encoding), "Decode(ForceUTF8Encoding)");
Assert.AreEqual (newline + Environment.NewLine, dn.Format (true), "Format(true)");
Assert.AreEqual (rname, dn.Format (false), "Format(false)");
}
public static X509Certificate2 LookupCertificateBySubjectDn(X500DistinguishedName subjectDn)
{
foreach (var entry in TheRootCertificates)
{
if (entry.Value.SubjectName.Decode(X500DistinguishedNameFlags.None).ToLower() == subjectDn.Decode(X500DistinguishedNameFlags.None).ToLower())
{
return entry.Value;
}
}
throw new ArgumentException("No certificate for subjectDn: " + subjectDn.Format(false));
}
private static X509Certificate2Collection findCertificates(string prop, StoreLocation storeLocation,
string name, string value)
{
//
// Open the X509 certificate store.
//
X509Store store = null;
try
{
try
{
store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), name, true), storeLocation);
}
catch(ArgumentException)
{
store = new X509Store(name, storeLocation);
}
store.Open(OpenFlags.ReadOnly);
}
catch(Exception ex)
{
Ice.PluginInitializationException e = new Ice.PluginInitializationException(ex);
e.reason = "IceSSL: failure while opening store specified by " + prop;
throw e;
}
//
// Start with all of the certificates in the collection and filter as necessary.
//
// - If the value is "*", return all certificates.
// - Otherwise, search using key:value pairs. The following keys are supported:
//
// Issuer
// IssuerDN
// Serial
// Subject
// SubjectDN
// SubjectKeyId
// Thumbprint
//
// A value must be enclosed in single or double quotes if it contains whitespace.
//
X509Certificate2Collection result = new X509Certificate2Collection();
result.AddRange(store.Certificates);
try
{
if(value != "*")
{
if(value.IndexOf(':') == -1)
{
Ice.PluginInitializationException e = new Ice.PluginInitializationException();
e.reason = "IceSSL: no key in `" + value + "'";
throw e;
}
int start = 0;
int pos;
while((pos = value.IndexOf(':', start)) != -1)
{
//
// Parse the X509FindType.
//
string field = value.Substring(start, pos - start).Trim().ToUpperInvariant();
X509FindType findType;
if(field.Equals("SUBJECT"))
{
findType = X509FindType.FindBySubjectName;
}
else if(field.Equals("SUBJECTDN"))
{
findType = X509FindType.FindBySubjectDistinguishedName;
}
else if(field.Equals("ISSUER"))
{
findType = X509FindType.FindByIssuerName;
}
else if(field.Equals("ISSUERDN"))
{
findType = X509FindType.FindByIssuerDistinguishedName;
}
else if(field.Equals("THUMBPRINT"))
{
findType = X509FindType.FindByThumbprint;
}
else if(field.Equals("SUBJECTKEYID"))
{
findType = X509FindType.FindBySubjectKeyIdentifier;
}
else if(field.Equals("SERIAL"))
{
findType = X509FindType.FindBySerialNumber;
}
else
{
Ice.PluginInitializationException e = new Ice.PluginInitializationException();
e.reason = "IceSSL: unknown key in `" + value + "'";
throw e;
}
//
// Parse the argument.
//
start = pos + 1;
while(start < value.Length && (value[start] == ' ' || value[start] == '\t'))
{
++start;
}
if(start == value.Length)
{
Ice.PluginInitializationException e = new Ice.PluginInitializationException();
e.reason = "IceSSL: missing argument in `" + value + "'";
throw e;
}
string arg;
if(value[start] == '"' || value[start] == '\'')
{
int end = start;
++end;
while(end < value.Length)
{
if(value[end] == value[start] && value[end - 1] != '\\')
{
break;
}
++end;
}
if(end == value.Length || value[end] != value[start])
{
Ice.PluginInitializationException e = new Ice.PluginInitializationException();
e.reason = "IceSSL: unmatched quote in `" + value + "'";
throw e;
}
++start;
arg = value.Substring(start, end - start);
start = end + 1;
}
else
{
char[] ws = new char[] { ' ', '\t' };
int end = value.IndexOfAny(ws, start);
if(end == -1)
{
arg = value.Substring(start);
start = value.Length;
}
else
{
arg = value.Substring(start, end - start);
start = end + 1;
}
}
//
// Execute the query.
//
// TODO: allow user to specify a value for validOnly?
//
bool validOnly = false;
if(findType == X509FindType.FindBySubjectDistinguishedName ||
findType == X509FindType.FindByIssuerDistinguishedName)
{
X500DistinguishedNameFlags[] flags = {
X500DistinguishedNameFlags.None,
X500DistinguishedNameFlags.Reversed,
};
X500DistinguishedName dn = new X500DistinguishedName(arg);
X509Certificate2Collection r = result;
for(int i = 0; i < flags.Length; ++i)
{
r = result.Find(findType, dn.Decode(flags[i]), validOnly);
if(r.Count > 0)
{
break;
}
}
result = r;
}
else
{
result = result.Find(findType, arg, validOnly);
}
}
}
}
finally
{
store.Close();
}
return result;
}
