private bool checkServerIdentity(Mono.Security.X509.X509Certificate cert) { string targetHost = this.Context.ClientSettings.TargetHost; Mono.Security.X509.X509Extension extension = cert.Extensions["2.5.29.17"]; if (extension != null) { SubjectAltNameExtension altNameExtension = new SubjectAltNameExtension(extension); foreach (string dnsName in altNameExtension.DNSNames) { if (TlsServerCertificate.Match(targetHost, dnsName)) { return(true); } } foreach (string ipAddress in altNameExtension.IPAddresses) { if (ipAddress == targetHost) { return(true); } } } return(this.checkDomainName(cert.SubjectName)); }
private bool checkCertificateUsage(Mono.Security.X509.X509Certificate cert) { ClientContext context = (ClientContext)this.Context; if (cert.Version < 3) { return(true); } KeyUsages usage = KeyUsages.none; switch (context.Negotiating.Cipher.ExchangeAlgorithmType) { case ExchangeAlgorithmType.DiffieHellman: usage = KeyUsages.keyAgreement; break; case ExchangeAlgorithmType.Fortezza: return(false); case ExchangeAlgorithmType.RsaKeyX: usage = KeyUsages.keyEncipherment; break; case ExchangeAlgorithmType.RsaSign: usage = KeyUsages.digitalSignature; break; } KeyUsageExtension keyUsageExtension1 = (KeyUsageExtension)null; ExtendedKeyUsageExtension keyUsageExtension2 = (ExtendedKeyUsageExtension)null; Mono.Security.X509.X509Extension extension1 = cert.Extensions["2.5.29.15"]; if (extension1 != null) { keyUsageExtension1 = new KeyUsageExtension(extension1); } Mono.Security.X509.X509Extension extension2 = cert.Extensions["2.5.29.37"]; if (extension2 != null) { keyUsageExtension2 = new ExtendedKeyUsageExtension(extension2); } if (keyUsageExtension1 != null && keyUsageExtension2 != null) { if (!keyUsageExtension1.Support(usage)) { return(false); } return(keyUsageExtension2.KeyPurpose.Contains((object)"1.3.6.1.5.5.7.3.1") || keyUsageExtension2.KeyPurpose.Contains((object)"2.16.840.1.113730.4.1")); } if (keyUsageExtension1 != null) { return(keyUsageExtension1.Support(usage)); } if (keyUsageExtension2 != null) { return(keyUsageExtension2.KeyPurpose.Contains((object)"1.3.6.1.5.5.7.3.1") || keyUsageExtension2.KeyPurpose.Contains((object)"2.16.840.1.113730.4.1")); } Mono.Security.X509.X509Extension extension3 = cert.Extensions["2.16.840.1.113730.1.1"]; return(extension3 == null || new NetscapeCertTypeExtension(extension3).Support(NetscapeCertTypeExtension.CertTypes.SslServer)); }
internal ServiceMetadata GetMetaDataFromSml(string recipientParticipant, string businessIdScheme, string smlDomain, string documentIdScheme, string documentIdValue) { XmlDocument doc = LoadMetadataXml(recipientParticipant, businessIdScheme, smlDomain, documentIdScheme, documentIdValue); XmlDocument nextDoc = null; int redirectFromDoc = doc.GetElementsByTagName("Redirect", "*").Count; // Redirect node exits if (redirectFromDoc > 0) { // Get Redirect href from doc metadata string href = doc.GetElementsByTagName("Redirect", "*")[0].Attributes["href"].InnerText; // Get certificateUID from doc string UIDFromDoc = doc.GetElementsByTagName("CertificateUID", "*")[0].InnerText; // Load new metadata from redirect nextDoc = LoadMetadataXml(href); // If there is another redirect in metadata, throw ex; int redirectFromNextDoc = nextDoc.GetElementsByTagName("Redirect", "*").Count; if (redirectFromNextDoc > 0) { //TODO: log throw new Exception("WARNING: More than one Redirection was found in Metadata for Participant."); } // Get certificate from redirect request string smpCertificate = nextDoc.GetElementsByTagName("X509Certificate", "*")[0].InnerText; byte[] arrayCertificate; arrayCertificate = Convert.FromBase64String(smpCertificate); Mono.Security.X509.X509Certificate smpCrt = new Mono.Security.X509.X509Certificate(arrayCertificate); // Get Subject UID if (smpCrt.SubjectUniqueIdentifier != null) { Encoding enc = Encoding.Default; string smpSubjectUID = enc.GetString(smpCrt.SubjectUniqueIdentifier); // If subject UID from metadata and certificate are not equal, throw ex; if (smpSubjectUID != UIDFromDoc) { throw new Exception("WARNING: Identifier of the destination SMP signing certificate does not corresponds to the unique identifier which the redirecting SMP claims belongs to the destination SMP."); } } else { // Certificate does not contain subject UID Trace.WriteLine("WARNING: Subject Unique Identifier Could not be obtained from the Certificate Entry."); } } else { VerifySignature(doc); // process continues as default, throws exception if invalid nextDoc = doc; } return(ReadMetadataFromXml(nextDoc)); }
private static Mono.Security.X509.X509Certificate FindCertificateParent(Mono.Security.X509.X509Certificate child) { foreach (Mono.Security.X509.X509Certificate potentialParent in certs) { if (IsParent(child, potentialParent)) { return(potentialParent); } } return(null); }
public void UpdateCertificateRSA() { if (this.clientCertificate == null) { this.certificateRSA = (RSAManaged)null; } else { Mono.Security.X509.X509Certificate x509Certificate = new Mono.Security.X509.X509Certificate(this.clientCertificate.GetRawCertData()); this.certificateRSA = new RSAManaged(x509Certificate.RSA.KeySize); this.certificateRSA.ImportParameters(x509Certificate.RSA.ExportParameters(false)); } }
private static string CertificateNumber(Mono.Security.X509.X509Certificate cert) { var sn = cert.SerialNumber; Array.Reverse(sn); string hexadecimalString = ToHexString(sn); StringBuilder sb = new StringBuilder(); for (int i = 0; i <= hexadecimalString.Length - 2; i += 2) { sb.Append(Convert.ToString(Convert.ToChar(Int32.Parse(hexadecimalString.Substring(i, 2), System.Globalization.NumberStyles.HexNumber)))); } return(sb.ToString()); }
/// <summary> /// Checks if the specfied certificate is signed by the specified public key. /// </summary> /// <param name="certificate">The certificate to validate.</param> /// <param name="issuerCertificate">The certificate of the issuer.</param> /// <returns> /// <c>true</c> on success; <c>false</c> if the specified certificate is not signed by the /// specified issuer. /// </returns> /// <exception cref="ArgumentNullException"><paramref name="certificate"/> /// or <paramref name="issuerCertificate"/> is <c>null</c>.</exception> public static bool ValidateCertificateIssuer(X509Certificate2 certificate, PublicKey publicKey) { if (certificate == null) { throw new ArgumentNullException("certificate"); } if (publicKey == null) { throw new ArgumentNullException("publicKey"); } var monoCertificate = new Mono.Security.X509.X509Certificate(certificate.GetRawCertData()); return(monoCertificate.VerifySignature(publicKey.Key)); }
// // // obj is SslStream public bool ValidateClientCertificate(object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Policy is ({0})", sslPolicyErrors); X509Certificate2 certificate2 = new X509Certificate2(certificate); string simplename = certificate2.GetNameInfo(X509NameType.SimpleName, false); //m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Simple Name is \"{0}\"", simplename); /* * // RemoteCertificateNotAvailableはエラーとする. * if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable)==SslPolicyErrors.RemoteCertificateNotAvailable) { * m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Policy Error! {0}", sslPolicyErrors); * return false; * } */ // None, ChainErrors 以外は全てエラーとする. if (sslPolicyErrors != SslPolicyErrors.None && sslPolicyErrors != SslPolicyErrors.RemoteCertificateChainErrors) { m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Policy Error! {0}", sslPolicyErrors); return(false); } // check CRL if (m_clientcrl != null) { Mono.Security.X509.X509Certificate monocert = new Mono.Security.X509.X509Certificate(certificate.GetRawCertData()); Mono.Security.X509.X509Crl.X509CrlEntry entry = m_clientcrl.GetCrlEntry(monocert); if (entry != null) { m_log.InfoFormat("[NSL CERT VERIFY]: Common Name \"{0}\" was revoked at {1}", simplename, entry.RevocationDate.ToString()); return(false); } } bool valid = CheckPrivateChain(certificate2); if (valid) { m_log.InfoFormat("[NSL CERT VERIFY]: Valid Client Certification for \"{0}\"", simplename); } else { m_log.InfoFormat("[NSL CERT VERIFY]: Failed to Verify Client Certification for \"{0}\"", simplename); } return(valid); }
/// <summary> /// Validate Client Certificate Callback Function /// </summary> /// <param name="obj"></param> /// <param name="certificate"></param> /// <param name="chain"></param> /// <param name="sslPolicyErrors"></param> /// <returns></returns> public bool ValidateClientCertificate(object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: ValidateClientCertificate: Start."); if (certificate == null) { m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: ValidateClientCertificate: Client does not have a Certificate!"); return(false); } X509Certificate2 certificate2 = new X509Certificate2(certificate); string commonname = certificate2.GetNameInfo(X509NameType.SimpleName, false); m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: ValidateClientCertificate: Common Name is \"{0}\"", commonname); // None, ChainErrors 以外は全てエラーとする. if (sslPolicyErrors != SslPolicyErrors.None && sslPolicyErrors != SslPolicyErrors.RemoteCertificateChainErrors) { m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: ValidateClientCertificate: Policy Error! {0}", sslPolicyErrors); return(false); } // check CRL if (m_clientcrl != null) { Mono.Security.X509.X509Certificate monocert = new Mono.Security.X509.X509Certificate(certificate.GetRawCertData()); Mono.Security.X509.X509Crl.X509CrlEntry entry = m_clientcrl.GetCrlEntry(monocert); if (entry != null) { m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: Common Name \"{0}\" was revoked at {1}", commonname, entry.RevocationDate.ToString()); return(false); } } bool valid = CheckPrivateChain(certificate2); if (valid) { m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: Valid Client Certification for \"{0}\"", commonname); } else { m_log.InfoFormat("[NSL CLIENT CERT VERIFY]: Failed to Verify Client Certification for \"{0}\"", commonname); } return(valid); }
private static string CertificateTaxId(Mono.Security.X509.X509Certificate certificate) { string taxIdCertificate = ""; string[] subjects = certificate.SubjectName.Trim().Split(','); foreach (var strTemp in subjects.ToList()) { string[] strConceptoTemp = strTemp.Split('='); if (strConceptoTemp[0].Trim() == "OID.2.5.4.45") { taxIdCertificate = strConceptoTemp[1].Trim().Split('/')[0]; //Bug Fix replace " taxIdCertificate = taxIdCertificate.Replace("\"", ""); break; } } return(taxIdCertificate.Trim().ToUpper()); }
private static bool IsParent(Mono.Security.X509.X509Certificate child, Mono.Security.X509.X509Certificate parent) { if (child.IssuerName != parent.SubjectName) { return(false); } if (parent.RSA != null && child.VerifySignature(parent.RSA)) { return(true); } if (parent.DSA != null && child.VerifySignature(parent.DSA)) { return(true); } return(false); }
public static void Main(string[] args) { // check that name on cert = name of host user is connecting to // var x5092 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificateBytes); // string hostName = x5092.GetNameInfo(System.Security.Cryptography.X509Certificates.X509NameType.DnsName, false); // bool hostNameMatch = string.Compare(hostName, this.Server, true) == 0; // need to build x509chain obj , call build with cert, examine chainstatus property to see why failed. // open store X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); byte[] b = GetStreamBytes(); var x509 = new Mono.Security.X509.X509Certificate(b); var chain = new Mono.Security.X509.X509Chain(); bool certificateStatus = chain.Build(x509); Console.WriteLine(certificateStatus); // output true // X509Certificate2 newcert = new X509Certificate2(); //byte[] b = GetStreamBytes(); //newcert.Import(b); //buildChain(newcert); //byte[] b = GetStreamBytes(); //newcert.Import(b); //store.Add(newcert); //PrintStore(); //PrintMore(); // 3 // read certs }
public static byte[] CrearPFX(byte[] bytesCER, byte[] bytesKEY, string password) { try { if (bytesCER == null || bytesKEY == null) { throw new Exception("Empty cer and or key"); } var certificate = new Mono.Security.X509.X509Certificate(bytesCER); char[] arrayOfChars = password.ToCharArray(); AsymmetricKeyParameter privateKey = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(arrayOfChars, bytesKEY); RSA subjectKey = DotNetUtilitiesCustom.ToRSA((RsaPrivateCrtKeyParameters)privateKey); Mono.Security.X509.PKCS12 p12 = new Mono.Security.X509.PKCS12(); p12.Password = password; ArrayList list = new ArrayList(); // we use a fixed array to avoid endianess issues // (in case some tools requires the ID to be 1). list.Add(new byte[4] { 1, 0, 0, 0 }); Hashtable attributes = new Hashtable(1); attributes.Add(Mono.Security.X509.PKCS9.localKeyId, list); p12.AddCertificate(certificate, attributes); p12.AddPkcs8ShroudedKeyBag(subjectKey, attributes); return(p12.GetBytes()); } catch (Exception ex) { throw new Exception("Los datos del Certificado CER KEY o Password son incorrectos. No es posible leer la llave privada.", ex); } }
// this gets complicated because we must: // 1. build the chain using a X509Certificate2 class; // 2. test for root using the Mono.Security.X509.X509Certificate class; // 3. add the certificates as X509Certificate instances; private void AddCertificatesChainFrom(X509Certificate cert, bool root) { X509Chain chain = new X509Chain(); chain.Build(new X509Certificate2(cert)); foreach (X509ChainElement ce in chain.ChainElements) { byte[] rawdata = ce.Certificate.RawData; if (!root) { // exclude root Mono.Security.X509.X509Certificate mx = new Mono.Security.X509.X509Certificate(rawdata); if (mx.IsSelfSigned) { rawdata = null; } } if (rawdata != null) { AddCertificate(new X509Certificate(rawdata)); } } }
public void RemoveCertificate(Mono.Security.X509.X509Certificate cert, System.Collections.IDictionary attrs) { }
VoidSecurity.Cryptography.X509Certificates.X509ExtensionCollection::.ctor(Mono.Security.X509.X509Certificate) VoidSecurity.Cryptography.X509Certificates.X509ExtensionCollection::System.Collections.ICollection.CopyToArrayInt32)
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates) { ClientContext context = (ClientContext)this.Context; AlertDescription description1 = AlertDescription.BadCertificate; if (context.SslStream.HaveRemoteValidation2Callback) { ValidationResult validationResult = context.SslStream.RaiseServerCertificateValidation2(certificates); if (!validationResult.Trusted) { long errorCode = (long)validationResult.ErrorCode; AlertDescription description2; switch (errorCode) { case 2148204801: description2 = AlertDescription.CertificateExpired; break; case 2148204809: description2 = AlertDescription.UnknownCA; break; case 2148204810: description2 = AlertDescription.UnknownCA; break; default: description2 = AlertDescription.CertificateUnknown; break; } string str = string.Format("0x{0:x}", (object)errorCode); throw new TlsException(description2, "Invalid certificate received from server. Error code: " + str); } } else { Mono.Security.X509.X509Certificate certificate1 = certificates[0]; System.Security.Cryptography.X509Certificates.X509Certificate certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate1.RawData); ArrayList arrayList = new ArrayList(); if (!this.checkCertificateUsage(certificate1)) { arrayList.Add((object)-2146762490); } if (!this.checkServerIdentity(certificate1)) { arrayList.Add((object)-2146762481); } Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates); chain.Remove(certificate1); Mono.Security.X509.X509Chain x509Chain = new Mono.Security.X509.X509Chain(chain); bool flag; try { flag = x509Chain.Build(certificate1); } catch (Exception) { flag = false; } if (!flag) { switch (x509Chain.Status) { case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid: description1 = AlertDescription.CertificateExpired; arrayList.Add((object)-2146762495); break; case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested: arrayList.Add((object)-2146762494); break; case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid: arrayList.Add((object)-2146869232); break; case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot: description1 = AlertDescription.UnknownCA; arrayList.Add((object)-2146762487); break; case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints: arrayList.Add((object)-2146869223); break; case Mono.Security.X509.X509ChainStatusFlags.PartialChain: description1 = AlertDescription.UnknownCA; arrayList.Add((object)-2146762486); break; default: description1 = AlertDescription.CertificateUnknown; arrayList.Add((object)(int)x509Chain.Status); break; } } int[] array = (int[])arrayList.ToArray(typeof(int)); if (!context.SslStream.RaiseServerCertificateValidation(certificate2, array)) { throw new TlsException(description1, "Invalid certificate received from server."); } } }
public Boolean Mono.Security.X509.X509Crl::VerifySignature(Mono.Security.X509.X509Certificate) String Mono.Security.X509.X509Crl::GetHashName()
private void validateCertificates(Mono.Security.X509.X509CertificateCollection certificates) { ServerContext context = (ServerContext)this.Context; AlertDescription description = AlertDescription.BadCertificate; System.Security.Cryptography.X509Certificates.X509Certificate certificate1 = (System.Security.Cryptography.X509Certificates.X509Certificate)null; int[] certificateErrors; if (certificates.Count > 0) { Mono.Security.X509.X509Certificate certificate2 = certificates[0]; ArrayList arrayList = new ArrayList(); if (!this.checkCertificateUsage(certificate2)) { arrayList.Add((object)-2146762490); } Mono.Security.X509.X509Chain x509Chain; if (certificates.Count > 1) { Mono.Security.X509.X509CertificateCollection chain = new Mono.Security.X509.X509CertificateCollection(certificates); chain.Remove(certificate2); x509Chain = new Mono.Security.X509.X509Chain(chain); } else { x509Chain = new Mono.Security.X509.X509Chain(); } bool flag; try { flag = x509Chain.Build(certificate2); } catch (Exception) { flag = false; } if (!flag) { switch (x509Chain.Status) { case Mono.Security.X509.X509ChainStatusFlags.NotTimeValid: description = AlertDescription.CertificateExpired; arrayList.Add((object)-2146762495); break; case Mono.Security.X509.X509ChainStatusFlags.NotTimeNested: arrayList.Add((object)-2146762494); break; case Mono.Security.X509.X509ChainStatusFlags.NotSignatureValid: arrayList.Add((object)-2146869232); break; case Mono.Security.X509.X509ChainStatusFlags.UntrustedRoot: description = AlertDescription.UnknownCA; arrayList.Add((object)-2146762487); break; case Mono.Security.X509.X509ChainStatusFlags.InvalidBasicConstraints: arrayList.Add((object)-2146869223); break; case Mono.Security.X509.X509ChainStatusFlags.PartialChain: description = AlertDescription.UnknownCA; arrayList.Add((object)-2146762486); break; default: description = AlertDescription.CertificateUnknown; arrayList.Add((object)(int)x509Chain.Status); break; } } certificate1 = new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData); certificateErrors = (int[])arrayList.ToArray(typeof(int)); } else { certificateErrors = new int[0]; } System.Security.Cryptography.X509Certificates.X509CertificateCollection certificateCollection = new System.Security.Cryptography.X509Certificates.X509CertificateCollection(); foreach (Mono.Security.X509.X509Certificate certificate2 in certificates) { certificateCollection.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(certificate2.RawData)); } if (!context.SslStream.RaiseClientCertificateValidation(certificate1, certificateErrors)) { throw new TlsException(description, "Invalid certificate received from client."); } this.Context.ClientSettings.ClientCertificate = certificate1; }
Mono.Security.X509.X509Certificate Mono.Security.X509.X509Chain::FindCertificateRoot(Mono.Security.X509.X509Certificate) Boolean Mono.Security.X509.X509Chain::IsTrusted(Mono.Security.X509.X509Certificate)
public bool VerifySignature(Mono.Security.X509.X509Certificate x509) { throw new NotImplementedException(); }
// this gets complicated because we must: // 1. build the chain using a X509Certificate2 class; // 2. test for root using the Mono.Security.X509.X509Certificate class; // 3. add the certificates as X509Certificate instances; private void AddCertificatesChainFrom (X509Certificate cert, bool root) { X509Chain chain = new X509Chain (); chain.Build (new X509Certificate2 (cert)); foreach (X509ChainElement ce in chain.ChainElements) { byte[] rawdata = ce.Certificate.RawData; if (!root) { // exclude root Mono.Security.X509.X509Certificate mx = new Mono.Security.X509.X509Certificate (rawdata); if (mx.IsSelfSigned) rawdata = null; } if (rawdata != null) AddCertificate (new X509Certificate (rawdata)); } }
Mono.Security.X509.X509Certificate Mono.Security.X509.X509Chain::FindCertificateParent(Mono.Security.X509.X509Certificate) Mono.Security.X509.X509Certificate Mono.Security.X509.X509Chain::FindCertificateRoot(Mono.Security.X509.X509Certificate)
static int Main( string[] args ) { if (args.Length == 0) { Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile"); return 0; } OTFile f = new OTFile(); Table_DSIG tDSIG = null; string filename = null; verbose = 0; for ( int i = 0; i < args.Length; i++ ) { if ( "-v" == args[i] ) verbose++; else filename = args[i]; } if ( !f.open(filename) ) { Console.WriteLine("Error: Cannot open {0} as font file", filename); return 0; } TTCHeader ttc = null; if ( f.IsCollection() ) { ttc = f.GetTTCHeader(); if ( f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG" ) { MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength); tDSIG = (Table_DSIG) f.GetTableManager().CreateTableObject(ttc.DsigTag, buf); } for (uint i = 0; i < f.GetNumFonts() ; i++) { OTFont fn = f.GetFont(i); Table_DSIG memDSIG = (Table_DSIG) fn.GetTable("DSIG"); if (memDSIG != null) { Console.WriteLine("Warning: DSIG in member font"); break; } } } else { OTFont fn = f.GetFont(0); tDSIG = (Table_DSIG) fn.GetTable("DSIG"); } Console.WriteLine("{0} DSIG table: {1}", filename, ( tDSIG == null ) ? "Absent" : "Present" ); if (tDSIG == null) return 0; if ( f.IsCollection() && ttc.version != 0x00020000 ) Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8")); if ( tDSIG.usNumSigs != 1 ) Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs); for ( uint v = 0; v < tDSIG.usNumSigs ; v++ ) { Table_DSIG.SignatureBlock sgb; try { sgb = tDSIG.GetSignatureBlock(v); } catch (IndexOutOfRangeException) { Console.WriteLine("Error: Out of Range SignatureBlock {0}", v); break; } SignedCms cms = new SignedCms(); cms.Decode(sgb.bSignature); if ( cms.SignerInfos.Count > 1 ) Console.WriteLine( "#SignerInfos: {0}", cms.SignerInfos.Count ); foreach ( var si in cms.SignerInfos ) { Console.WriteLine(si.Certificate); if ( Type.GetType("Mono.Runtime") == null ) foreach ( var ua in si.UnsignedAttributes ) { foreach ( var asnd in ua.Values ) { try { ASN1 vv = new ASN1(asnd.RawData); ASN1 t = new ASN1(vv[3][1][1].Value); Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime (t) ); } catch (Exception e) {/* Nothing to do */ } } } } Console.WriteLine( "#Certificates: {0}", cms.Certificates.Count ); #if HAVE_MONO_X509 certs = new Mono.Security.X509.X509CertificateCollection (); //Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain (); #endif foreach ( var x509 in cms.Certificates ) { #if HAVE_MONO_X509 certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData)); #endif if ( verbose > 0 ) { Console.WriteLine(x509); } else { Console.WriteLine(x509.Subject); } }; #if HAVE_MONO_X509 Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData); Mono.Security.X509.X509Certificate parent = x; while (x != null) { // Self-signed is fine - the font bundled CA is self-signed. parent = x; // last valid x = FindCertificateParent (x); if (x != null && x.Equals(parent)) break; } #endif ASN1 spc = new ASN1(cms.ContentInfo.Content); ASN1 playload_oid = null; ASN1 oid = null; ASN1 digest = null; ASN1 obsolete = null; if ( Type.GetType("Mono.Runtime") == null ) { // DotNet is much saner! playload_oid = spc[0][0]; obsolete = spc[0][1][0]; oid = spc[1][0][0]; digest = spc[1][1]; } else { playload_oid = spc[0]; obsolete = spc[1][0]; oid = spc[2][0][0]; digest = spc[2][1]; } string algo = ASN1Convert.ToOid (oid); string algoname = (new Oid(algo)).FriendlyName; Console.WriteLine("Digest Algorithm: {0}", algoname); byte[] Value = digest.Value; StringBuilder hexLine_sig = new StringBuilder (); for (int i = 0; i < Value.Length; i++) { hexLine_sig.AppendFormat ("{0} ", Value [i].ToString ("X2")); } hexLine_sig.AppendFormat (Environment.NewLine); switch ( algoname ) { case "md5": hash = HashAlgorithm.Create ("MD5"); break; case "sha1": hash = HashAlgorithm.Create ("SHA1"); break; default: throw new NotImplementedException("Unknown HashAlgorithm: " + algoname ); } byte[] cdigest; if ( f.IsCollection() ) { cdigest = get_TTC_digest( f ); } else { cdigest = get_TTF_digest( f ); } StringBuilder hexLine = new StringBuilder (); for (int i = 0; i < cdigest.Length; i++) { hexLine.AppendFormat ("{0} ", cdigest [i].ToString ("X2")); } hexLine.AppendFormat (Environment.NewLine); Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig); Console.WriteLine("Calculated Digest:\t{0}", hexLine); string root_thumb = ""; #if HAVE_MONO_X509 root_thumb = (new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint; Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName); Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned); #endif Console.WriteLine("ChainEnd: {0}", root_thumb); bool trusted = false; try { string root_id = trusted_roots[root_thumb]; Console.WriteLine("RootID: {0}", root_id); trusted = true; } catch (KeyNotFoundException) {} Console.WriteLine("Trusted: {0}", trusted); } return 0; }
Boolean Mono.Security.X509.X509Chain::IsParent(Mono.Security.X509.X509Certificate,Mono.Security.X509.X509Certificate)
static int Main(string[] args) { if (args.Length == 0) { Console.WriteLine("DSIGInfo [-v] [-v] [-v] fontfile"); return(0); } OTFile f = new OTFile(); Table_DSIG tDSIG = null; string filename = null; verbose = 0; for (int i = 0; i < args.Length; i++) { if ("-v" == args[i]) { verbose++; } else { filename = args[i]; } } if (!f.open(filename)) { Console.WriteLine("Error: Cannot open {0} as font file", filename); return(0); } TTCHeader ttc = null; if (f.IsCollection()) { ttc = f.GetTTCHeader(); if (f.GetTableManager().GetUnaliasedTableName(ttc.DsigTag) == "DSIG") { MBOBuffer buf = f.ReadPaddedBuffer(ttc.DsigOffset, ttc.DsigLength); tDSIG = (Table_DSIG)f.GetTableManager().CreateTableObject(ttc.DsigTag, buf); } for (uint i = 0; i < f.GetNumFonts(); i++) { OTFont fn = f.GetFont(i); Table_DSIG memDSIG = (Table_DSIG)fn.GetTable("DSIG"); if (memDSIG != null) { Console.WriteLine("Warning: DSIG in member font"); break; } } } else { OTFont fn = f.GetFont(0); tDSIG = (Table_DSIG)fn.GetTable("DSIG"); } Console.WriteLine("{0} DSIG table: {1}", filename, (tDSIG == null) ? "Absent" : "Present"); if (tDSIG == null) { return(0); } if (f.IsCollection() && ttc.version != 0x00020000) { Console.WriteLine("Warning: TTC has DSIG but header version is 0x{0}, != 0x00020000", ttc.version.ToString("X8")); } if (tDSIG.usNumSigs != 1) { Console.WriteLine("NumSigs = {0}", tDSIG.usNumSigs); } for (uint v = 0; v < tDSIG.usNumSigs; v++) { Table_DSIG.SignatureBlock sgb; try { sgb = tDSIG.GetSignatureBlock(v); } catch (IndexOutOfRangeException) { Console.WriteLine("Error: Out of Range SignatureBlock {0}", v); break; } SignedCms cms = new SignedCms(); try { cms.Decode(sgb.bSignature); } catch (Exception e) { if (e is NullReferenceException || /* Mono */ e is CryptographicException /* .Net2 */) { Console.WriteLine("Error: Malformed Signature"); break; } Console.WriteLine("Error: Malformed Signature (Unexpected Case 1)"); throw; } if (cms.SignerInfos.Count > 1) { Console.WriteLine("#SignerInfos: {0}", cms.SignerInfos.Count); } foreach (var si in cms.SignerInfos) { Console.WriteLine(si.Certificate); if (Type.GetType("Mono.Runtime") == null) { foreach (var ua in si.UnsignedAttributes) { foreach (var asnd in ua.Values) { try { ASN1 vv = new ASN1(asnd.RawData); ASN1 t = new ASN1(vv[3][1][1].Value); Console.WriteLine("Decoded Signing Time: {0}", ASN1Convert.ToDateTime(t)); } catch (Exception) { /* Nothing to do */ } } } } } Console.WriteLine("#Certificates: {0}", cms.Certificates.Count); #if HAVE_MONO_X509 certs = new Mono.Security.X509.X509CertificateCollection(); //Mono.Security.X509.X509Chain signerChain = new Mono.Security.X509.X509Chain (); #endif foreach (var x509 in cms.Certificates) { #if HAVE_MONO_X509 certs.Add(new Mono.Security.X509.X509Certificate(x509.RawData)); #endif if (verbose > 0) { Console.WriteLine(x509); } else { Console.WriteLine(x509.Subject); } } ; #if HAVE_MONO_X509 Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate(cms.SignerInfos[0].Certificate.RawData); Mono.Security.X509.X509Certificate parent = x; while (x != null) // Self-signed is fine - the font bundled CA is self-signed. { parent = x; // last valid x = FindCertificateParent(x); if (x != null && x.Equals(parent)) { break; } } #endif // Windows 10/.net 4.6.x throws here ASN1 spc; try { spc = new ASN1(cms.ContentInfo.Content); } catch (Exception e) { if (e is IndexOutOfRangeException) { Console.WriteLine("Error: Malformed Signature (Win10/.net 4.6.x)"); break; } Console.WriteLine("Error: Malformed Signature (Unexpected Case 2)"); throw; } ASN1 playload_oid = null; ASN1 oid = null; ASN1 digest = null; ASN1 obsolete = null; if (Type.GetType("Mono.Runtime") == null) { // DotNet is much saner! playload_oid = spc[0][0]; obsolete = spc[0][1][0]; oid = spc[1][0][0]; digest = spc[1][1]; } else { playload_oid = spc[0]; obsolete = spc[1][0]; oid = spc[2][0][0]; digest = spc[2][1]; } string algo = ASN1Convert.ToOid(oid); string algoname = (new Oid(algo)).FriendlyName; Console.WriteLine("Digest Algorithm: {0}", algoname); byte[] Value = digest.Value; StringBuilder hexLine_sig = new StringBuilder(); for (int i = 0; i < Value.Length; i++) { hexLine_sig.AppendFormat("{0} ", Value [i].ToString("X2")); } hexLine_sig.AppendFormat(Environment.NewLine); switch (algoname) { case "md5": hash = HashAlgorithm.Create("MD5"); break; case "sha1": hash = HashAlgorithm.Create("SHA1"); break; default: throw new NotImplementedException("Unknown HashAlgorithm: " + algoname); } byte[] cdigest; if (f.IsCollection()) { cdigest = get_TTC_digest(f); } else { cdigest = get_TTF_digest(f); } StringBuilder hexLine = new StringBuilder(); for (int i = 0; i < cdigest.Length; i++) { hexLine.AppendFormat("{0} ", cdigest [i].ToString("X2")); } hexLine.AppendFormat(Environment.NewLine); Console.WriteLine("{0} Signed Digest:\t{1}", algoname.ToUpper(), hexLine_sig); Console.WriteLine("Calculated Digest:\t{0}", hexLine); string root_thumb = ""; #if HAVE_MONO_X509 root_thumb = (new System.Security.Cryptography.X509Certificates.X509Certificate2(parent.RawData)).Thumbprint; Console.WriteLine("ChainEnd Name: {0}", parent.SubjectName); Console.WriteLine("ChainEnd Self-Signed: {0}", parent.IsSelfSigned); #endif Console.WriteLine("ChainEnd: {0}", root_thumb); bool trusted = false; try { string root_id = trusted_roots[root_thumb]; Console.WriteLine("RootID: {0}", root_id); trusted = true; } catch (KeyNotFoundException) {} Console.WriteLine("Trusted: {0}", trusted); } return(0); }
public static ASN1 IssuerAndSerialNumber(Mono.Security.X509.X509Certificate x509) { throw new NotImplementedException(); }
public X509CrlEntry GetCrlEntry(Mono.Security.X509.X509Certificate x509) { throw new NotImplementedException(); }
Boolean Mono.Security.X509.X509Chain::IsValid(Mono.Security.X509.X509Certificate) Mono.Security.X509.X509Certificate Mono.Security.X509.X509Chain::FindCertificateParent(Mono.Security.X509.X509Certificate)
public void Import(Mono.Security.X509.X509Certificate certificate) { }
public void Remove(Mono.Security.X509.X509Certificate certificate) { }
// // // obj is SslStream public bool ValidateClientCertificate(object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Policy is ({0})", sslPolicyErrors); X509Certificate2 certificate2 = new X509Certificate2(certificate); string simplename = certificate2.GetNameInfo(X509NameType.SimpleName, false); // None, ChainErrors 以外は全てエラーとする. if (sslPolicyErrors!=SslPolicyErrors.None && sslPolicyErrors!=SslPolicyErrors.RemoteCertificateChainErrors) { m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Simple Name is \"{0}\"", simplename); m_log.InfoFormat("[NSL CERT VERIFY]: ValidateClientCertificate: Policy Error!"); return false; } // check CRL if (m_clientcrl!=null) { Mono.Security.X509.X509Certificate monocert = new Mono.Security.X509.X509Certificate(certificate.GetRawCertData()); Mono.Security.X509.X509Crl.X509CrlEntry entry = m_clientcrl.GetCrlEntry(monocert); if (entry!=null) { m_log.InfoFormat("[NSL CERT VERIFY]: Common Name \"{0}\" was revoked at {1}", simplename, entry.RevocationDate.ToString()); return false; } } bool valid = CheckPrivateChain(certificate2); if (valid) { m_log.InfoFormat("[NSL CERT VERIFY]: Valid Client Certification for \"{0}\"", simplename); } else { m_log.InfoFormat("[NSL CERT VERIFY]: Failed to Verify Client Certification for \"{0}\"", simplename); } return valid; }
public void AddCertificate(Mono.Security.X509.X509Certificate cert, System.Collections.IDictionary attributes) { }