public void WrongExtension_X509EnhancedKeyUsageExtension() { X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension(); X509KeyUsageExtension ku = new X509KeyUsageExtension(); ku.CopyFrom(eku); }
public void WrongAsnEncodedData() { AsnEncodedData aed = new AsnEncodedData(new byte[0]); X509KeyUsageExtension ku = new X509KeyUsageExtension(X509KeyUsageFlags.CrlSign, true); ku.CopyFrom(aed); // note: not the same behaviour than using the constructor! }
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore) { int num; int num2 = System.Security.Cryptography.X509Certificates.X509Utils.VerifyCertificate(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), null, null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void *)&num)); if (num2 != 0) { return(num); } X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator(); while (enumerator.MoveNext()) { X509Extension current = enumerator.Current; if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension extension2 = new X509KeyUsageExtension(); extension2.CopyFrom(current); if (((extension2.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None)) { return(-2146762480); } } } return(num2); }
public void WrongExtension_X509Extension_KeyUsages() { X509Extension ex = new X509Extension("1.2.3", new byte[0], true); X509KeyUsageExtension ku = new X509KeyUsageExtension(); ku.CopyFrom(ex); Assert.AreEqual(0, ku.KeyUsages, "KeyUsages"); }
public void WrongExtension_X509Extension() { X509Extension ex = new X509Extension("1.2.3", new byte [0], true); X509KeyUsageExtension ku = new X509KeyUsageExtension(X509KeyUsageFlags.CrlSign, true); ku.CopyFrom(ex); Assert.IsTrue(ku.Critical, "Critical"); Assert.AreEqual(String.Empty, BitConverter.ToString(ku.RawData), "RawData"); Assert.AreEqual("1.2.3", ku.Oid.Value, "Oid.Value"); Assert.IsNull(ku.Oid.FriendlyName, "Oid.FriendlyName"); }
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!CheckSignature(certificate.PublicKey.Key)) { return(false); } if (verifySignatureOnly) { SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); } // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage); bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 || (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0; if (!validKeyUsage) { SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage")); return(false); } break; } } // Do the chain verification to make sure the certificate is valid. X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts()); bool chainVerified = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!chainVerified) { SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain")); return(false); } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); }
internal static X509Certificate2 SelectSignerCertificate() { X509Store x509Store = new X509Store(); x509Store.Open(OpenFlags.OpenExistingOnly | OpenFlags.IncludeArchived); X509Certificate2Collection certificates = new X509Certificate2Collection(); foreach (X509Certificate2 certificate in x509Store.Certificates) { if (certificate.HasPrivateKey && certificate.NotBefore <= DateTime.Now && certificate.NotAfter >= DateTime.Now) { bool flag = true; foreach (X509Extension x509Extension in certificate.Extensions) { if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension(); keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension); if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None) { flag = false; break; } else { break; } } } if (flag) { certificates.Add(certificate); } } } if (certificates.Count < 1) { throw new CryptographicException(-2146889714); } X509Certificate2Collection certificate2Collection = X509Certificate2UI.SelectFromCollection(certificates, (string)null, (string)null, X509SelectionFlag.SingleSelection); if (certificate2Collection.Count < 1) { throw new CryptographicException(1223); } else { return(certificate2Collection[0]); } }
internal static CmsRecipientCollection SelectRecipients(SubjectIdentifierType recipientIdentifierType) { X509Store x509Store = new X509Store("AddressBook"); x509Store.Open(OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates1 = new X509Certificate2Collection(x509Store.Certificates); foreach (X509Certificate2 certificate in x509Store.Certificates) { if (certificate.NotBefore <= DateTime.Now && certificate.NotAfter >= DateTime.Now) { bool flag = true; foreach (X509Extension x509Extension in certificate.Extensions) { if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension(); keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension); if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.KeyAgreement) == X509KeyUsageFlags.None) { flag = false; break; } else { break; } } } if (flag) { certificates1.Add(certificate); } } } if (certificates1.Count < 1) { throw new CryptographicException(-2146889717); } X509Certificate2Collection certificates2 = X509Certificate2UI.SelectFromCollection(certificates1, (string)null, (string)null, X509SelectionFlag.MultiSelection); if (certificates2.Count < 1) { throw new CryptographicException(1223); } else { return(new CmsRecipientCollection(recipientIdentifierType, certificates2)); } }
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!verifySignatureOnly) { // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (string.Equals(extension.Oid.Value, "2.5.29.15" /* szOID_KEY_USAGE */, StringComparison.OrdinalIgnoreCase)) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage); bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 || (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0; if (!validKeyUsage) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509KeyUsage); return(false); } break; } } // Do the chain verification to make sure the certificate is valid. X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts()); bool chainVerified = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!chainVerified) { SignedXmlDebugLog.LogVerificationFailure(this, SR.Log_VerificationFailed_X509Chain); return(false); } } using (AsymmetricAlgorithm publicKey = Utils.GetAnyPublicKey(certificate)) { if (!CheckSignature(publicKey)) { return(false); } } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); }
/// <summary> /// Determine whether a cert can be used for code signing. /// </summary> /// <param name="cert">Certificate</param> /// <returns>True or false</returns> public static bool CanSignWith(X509Certificate2 cert) { // Check key usages to make sure it is good for signing. bool bCodeSigningEnabled = true; if (cert.Extensions.Count > 0) { foreach (X509Extension extension in cert.Extensions) { bool?bCodeSignEnhancedKeyPresent = null; if (String.Compare(extension.Oid.Value, szOID_KEY_USAGE, true, CultureInfo.InvariantCulture) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0) { bCodeSigningEnabled = false; } else { // Check if enhanced code-signing key is present. foreach (X509Extension codesignextension in cert.Extensions) { bCodeSignEnhancedKeyPresent = CodeSignEnhancedKeyPresent(codesignextension); if (bCodeSignEnhancedKeyPresent.HasValue) { bCodeSigningEnabled = bCodeSignEnhancedKeyPresent.Value; break; } } break; } } else { bCodeSignEnhancedKeyPresent = CodeSignEnhancedKeyPresent(extension); if (bCodeSignEnhancedKeyPresent.HasValue && bCodeSignEnhancedKeyPresent.Value == false) { bCodeSigningEnabled = false; } } } } return(bCodeSigningEnabled); }
internal static CmsRecipientCollection SelectRecipients(SubjectIdentifierType recipientIdentifierType) { X509Store store = new X509Store("AddressBook"); store.Open(OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = new X509Certificate2Collection(store.Certificates); X509Certificate2Enumerator enumerator = store.Certificates.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate2 current = enumerator.Current; if ((current.NotBefore <= DateTime.Now) && (current.NotAfter >= DateTime.Now)) { bool flag = true; X509ExtensionEnumerator enumerator2 = current.Extensions.GetEnumerator(); while (enumerator2.MoveNext()) { X509Extension asnEncodedData = enumerator2.Current; if (string.Compare(asnEncodedData.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension extension2 = new X509KeyUsageExtension(); extension2.CopyFrom(asnEncodedData); if (((extension2.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.KeyAgreement) == X509KeyUsageFlags.None)) { flag = false; } break; } } if (flag) { certificates.Add(current); } } } if (certificates.Count < 1) { throw new CryptographicException(-2146889717); } X509Certificate2Collection certificates2 = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.MultiSelection); if (certificates2.Count < 1) { throw new CryptographicException(0x4c7); } return(new CmsRecipientCollection(recipientIdentifierType, certificates2)); }
internal static X509Certificate2 SelectSignerCertificate() { X509Store store = new X509Store(); store.Open(OpenFlags.IncludeArchived | OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = new X509Certificate2Collection(); X509Certificate2Enumerator enumerator = store.Certificates.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate2 current = enumerator.Current; if ((current.HasPrivateKey && (current.NotBefore <= DateTime.Now)) && (current.NotAfter >= DateTime.Now)) { bool flag = true; X509ExtensionEnumerator enumerator2 = current.Extensions.GetEnumerator(); while (enumerator2.MoveNext()) { X509Extension asnEncodedData = enumerator2.Current; if (string.Compare(asnEncodedData.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension extension2 = new X509KeyUsageExtension(); extension2.CopyFrom(asnEncodedData); if (((extension2.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None)) { flag = false; } break; } } if (flag) { certificates.Add(current); } } } if (certificates.Count < 1) { throw new CryptographicException(-2146889714); } certificates = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.SingleSelection); if (certificates.Count < 1) { throw new CryptographicException(0x4c7); } return(certificates[0]); }
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!this.CheckSignature(certificate.PublicKey.Key)) { return(false); } if (verifySignatureOnly) { SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); } X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator(); while (enumerator.MoveNext()) { X509Extension current = enumerator.Current; if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsages = new X509KeyUsageExtension(); keyUsages.CopyFrom(current); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsages); if (((keyUsages.KeyUsages & X509KeyUsageFlags.DigitalSignature) != X509KeyUsageFlags.None) || ((keyUsages.KeyUsages & X509KeyUsageFlags.NonRepudiation) != X509KeyUsageFlags.None)) { break; } SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage")); return(false); } } X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(this.BuildBagOfCerts()); bool flag2 = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!flag2) { SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain")); return(false); } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return(true); }
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore) { int dwErrorStatus; int hr = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), null, null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE), new IntPtr(&dwErrorStatus)); if (hr != CAPI.S_OK) { return(dwErrorStatus); } // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0 && (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0) { hr = CAPI.CERT_E_WRONG_USAGE; break; } } } return(hr); }
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore) { int num1; int num2 = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), (OidCollection)null, (OidCollection)null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void *)&num1)); if (num2 != 0) { return(num1); } foreach (X509Extension x509Extension in certificate.Extensions) { if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension(); keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension); if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None) { num2 = -2146762480; break; } } } return(num2); }
public void CopyFrom_Null() { X509KeyUsageExtension eku = new X509KeyUsageExtension(); eku.CopyFrom(null); }