public void Certificate_CSR_AddressBound() { X500DistinguishedName dn = new X500DistinguishedName("[email protected],o=TNT,c=US"); AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair(); Extensions extensions = new Extensions(); extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.KeyEncipherment | KeyUsage.DigitalSignature)); extensions.Add(new TNT.Cryptography.Extension.SubjectAlternativeName(new GeneralName(GeneralName.Rfc822Name, dn.Name.Split(',')[0].Split('=')[1]))); extensions.Add(new TNT.Cryptography.Extension.ExtendedKeyUsage(KeyPurposeID.IdKPEmailProtection)); extensions.Add(new TNT.Cryptography.Extension.AuthorityKeyIdentifier(TA)); extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(false))); List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") }); extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris)); Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions); X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate, TA); System.Security.Cryptography.X509Certificates.X509Extension ski = TA.Extensions[1]; System.Security.Cryptography.X509Certificates.X509Extension aki = cert.Extensions[3]; Assert.AreEqual("CN=Trust Anchor, O=TNT, C=US", cert.Issuer); Assert.AreEqual("C=US, O=TNT, [email protected]", cert.Subject); var skiCount = ski.Format(false).Length; Assert.AreEqual(ski.Format(false), aki.Format(false).Substring(6, skiCount)); File.WriteAllBytes("CSR_AddressBound.cer", cert.Export(X509ContentType.Cert)); }
public void Certificate_CSR_TA_SelfSigned() { X500DistinguishedName dn = new X500DistinguishedName("CN=Secondary Trust Anchor,O=TNT,C=US"); AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair(); Extensions extensions = new Extensions(); extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.CrlSign | KeyUsage.KeyCertSign | KeyUsage.DigitalSignature)); extensions.Add(new TNT.Cryptography.Extension.AuthorityKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(0))); List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") }); extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris)); Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions); X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate, null); X509KeyUsageExtension keyUsageEx = cert.Extensions[0] as X509KeyUsageExtension; X509BasicConstraintsExtension basicConstraintEx = cert.Extensions[3] as X509BasicConstraintsExtension; System.Security.Cryptography.X509Certificates.X509Extension aki = cert.Extensions[1]; System.Security.Cryptography.X509Certificates.X509Extension ski = cert.Extensions[2]; Assert.AreEqual(X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.DigitalSignature, keyUsageEx.KeyUsages); Assert.IsTrue(basicConstraintEx.CertificateAuthority); Assert.AreEqual("C=US, O=TNT, CN=Secondary Trust Anchor", cert.Subject); Assert.AreEqual(cert.Subject, cert.Issuer); var skiCount = ski.Format(false).Length; Assert.AreEqual(ski.Format(false), aki.Format(false).Substring(6, skiCount)); File.WriteAllBytes("CSR_TA_SS.cer", cert.Export(X509ContentType.Cert)); File.WriteAllBytes("CSR_TA_SS.pfx", cert.Export(X509ContentType.Pfx, "P")); }
public void Certificate_CSR_SelfSigned_DomainBound() { X500DistinguishedName dn = new X500DistinguishedName("cn=domain.com,o=TNT,c=US"); AsymmetricCipherKeyPair keyPair = Certificate.CreateRSAKeyPair(); Extensions extensions = new Extensions(); extensions.Add(new TNT.Cryptography.Extension.KeyUsage(KeyUsage.KeyEncipherment | KeyUsage.DigitalSignature)); extensions.Add(new TNT.Cryptography.Extension.SubjectAlternativeName(new GeneralName(GeneralName.DnsName, dn.Name.Split(',')[0].Split('=')[1]))); extensions.Add(new TNT.Cryptography.Extension.ExtendedKeyUsage(KeyPurposeID.IdKPEmailProtection)); extensions.Add(new TNT.Cryptography.Extension.SubjectKeyIdentifier(keyPair.Public)); extensions.Add(new TNT.Cryptography.Extension.BasicConstraints(new BasicConstraints(false))); List <Uri> uris = new List <Uri>(new Uri[] { new Uri("http://domain1.com"), new Uri("http://domain2.com") }); extensions.Add(new TNT.Cryptography.Extension.CrlDistributionPoints(uris)); Pkcs10CertificationRequest csr = Certificate.CreateCertificationRequest(dn.Name, keyPair, extensions); X509Certificate2 cert = Certificate.CreateCertificate(csr, keyPair, m_EffectiveDate, m_ExpirationDate); System.Security.Cryptography.X509Certificates.X509Extension subAltNameEx = cert.Extensions[1]; X509EnhancedKeyUsageExtension enhancedKUEx = cert.Extensions[2] as X509EnhancedKeyUsageExtension; X509BasicConstraintsExtension basicConstraintEx = cert.Extensions[4] as X509BasicConstraintsExtension; enhancedKUEx = cert.GetEnhancedKeyUsage(); Assert.AreEqual("DNS Name=domain.com", subAltNameEx.Format(false)); Assert.AreEqual(KeyPurposeID.IdKPEmailProtection.Id, enhancedKUEx.EnhancedKeyUsages[0].Value); Assert.IsFalse(basicConstraintEx.CertificateAuthority); Assert.AreEqual("C=US, O=TNT, CN=domain.com", cert.Issuer); Assert.AreEqual("C=US, O=TNT, CN=domain.com", cert.Subject); File.WriteAllBytes("CSR_SelfSigned_DomainBound.cer", cert.Export(X509ContentType.Cert)); }
/// <summary> /// Returns a formatted version of the Abstract Syntax Notation One (ASN.1)-encoded data as a string. /// </summary> /// <param name="multiLine"><strong>True</strong> if the return string should contain carriage returns; otherwise, <strong>False</strong>.</param> /// <returns>A formatted string that represents the Abstract Syntax Notation One (ASN.1)-encoded data.</returns> public override String Format(Boolean multiLine) { StringBuilder SB = new StringBuilder(); SB.Append("[0]Certificate issuer: "); if (multiLine) { SB.Append(Environment.NewLine + " "); } SB.Append(IssuerName); if (multiLine) { SB.Append(Environment.NewLine); } if (AIARaw.Length > 1) { if (!multiLine) { SB.Append(", "); } X509Extension aia = new X509Extension(new Oid(X509CertExtensions.X509AuthorityInformationAccess), AIARaw, false); SB.Append(aia.Format(multiLine)); } return(SB.ToString()); }
// static initializer runs only when one of the properties is accessed static X509SubjectAlternativeNameConstants() { // Extracted a well-known X509Extension byte[] x509ExtensionBytes = new byte[] { 48, 36, 130, 21, 110, 111, 116, 45, 114, 101, 97, 108, 45, 115, 117, 98, 106, 101, 99, 116, 45, 110, 97, 109, 101, 130, 11, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109 }; const string subjectName1 = "not-real-subject-name"; try { X509Extension x509Extension = new X509Extension(Oid, x509ExtensionBytes, true); string x509ExtensionFormattedString = x509Extension.Format(false); // Each OS has a different dNSName identifier and delimiter // On Windows, dNSName == "DNS Name" (localizable), on Linux, dNSName == "DNS" // e.g., // Windows: x509ExtensionFormattedString is: "DNS Name=not-real-subject-name, DNS Name=example.com" // Linux: x509ExtensionFormattedString is: "DNS:not-real-subject-name, DNS:example.com" // Parse: <identifier><delimter><value><separator(s)> int delimiterIndex = x509ExtensionFormattedString.IndexOf(subjectName1) - 1; _delimiter = x509ExtensionFormattedString[delimiterIndex]; // Make an assumption that all characters from the the start of string to the delimiter // are part of the identifier _identifier = x509ExtensionFormattedString.Substring(0, delimiterIndex); int separatorFirstChar = delimiterIndex + subjectName1.Length + 1; int separatorLength = 1; for (int i = separatorFirstChar + 1; i < x509ExtensionFormattedString.Length; i++) { // We advance until the first character of the identifier to determine what the // separator is. This assumes that the identifier assumption above is correct if (x509ExtensionFormattedString[i] == _identifier[0]) { break; } separatorLength++; } _separator = x509ExtensionFormattedString.Substring(separatorFirstChar, separatorLength); _successfullyInitialized = true; } catch (Exception ex) { _successfullyInitialized = false; _initializationException = ex; } }
public void ConstructorAsnEncodedData_BadAsn () { AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[0]); X509Extension ex = new X509Extension (aed, true); Assert.AreEqual (String.Empty, ex.Format (true), "Format(true)"); Assert.AreEqual (String.Empty, ex.Format (false), "Format(false)"); // no exception for an "empty" extension }
public void ConstructorAsnEncodedData_BadAsnTag () { AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x05, 0x00 }); X509Extension ex = new X509Extension (aed, true); Assert.AreEqual ("05 00", ex.Format (true), "Format(true)"); Assert.AreEqual ("05 00", ex.Format (false), "Format(false)"); // no exception for an "unknown" (ASN.1 NULL) extension }
public void ConstructorAsnEncodedData_BadAsnLength () { AsnEncodedData aed = new AsnEncodedData ("1.2.3", new byte[] { 0x30, 0x01 }); X509Extension ex = new X509Extension (aed, true); Assert.AreEqual ("30 01", ex.Format (true), "Format(true)"); Assert.AreEqual ("30 01", ex.Format (false), "Format(false)"); // no exception for an bad (invalid length) extension }
// static initializer runs only when one of the properties is accessed static X509SubjectAlternativeNameConstants() { // Extracted a well-known X509Extension const string x509ExtensionBase64String = "MCSCFW5vdC1yZWFsLXN1YmplY3QtbmFtZYILZXhhbXBsZS5jb20="; const string subjectName1 = "not-real-subject-name"; X509Extension x509Extension = new X509Extension(Oid, Convert.FromBase64String(x509ExtensionBase64String), true); string x509ExtensionFormattedString = x509Extension.Format(false); // Each OS has a different dNSName identifier and delimiter // On Windows, dNSName == "DNS Name" (localizable), on Linux, dNSName == "DNS" // e.g., // Windows: x509ExtensionFormattedString is: "DNS Name=not-real-subject-name, DNS Name=example.com" // Linux: x509ExtensionFormattedString is: "DNS:not-real-subject-name, DNS:example.com" // Parse: <identifier><delimter><value><separator(s)> int delimiterIndex = x509ExtensionFormattedString.IndexOf(subjectName1) - 1; Delimiter = x509ExtensionFormattedString[delimiterIndex]; // Make an assumption that all characters from the the start of string to the delimiter // are part of the identifier Identifier = x509ExtensionFormattedString.Substring(0, delimiterIndex); int separatorFirstChar = delimiterIndex + subjectName1.Length + 1; int separatorLength = 1; for (int i = separatorFirstChar + 1; i < x509ExtensionFormattedString.Length; i++) { // We advance until the first character of the identifier to determine what the // separator is. This assumes that the identifier assumption above is correct if (x509ExtensionFormattedString[i] == Identifier[0]) { break; } else { separatorLength++; } } Separator = x509ExtensionFormattedString.Substring(separatorFirstChar, separatorLength); }
public override string ToString(bool verbose) { if (!verbose || this.m_safeCertContext.IsInvalid) { return(this.ToString()); } StringBuilder sb = new StringBuilder(); sb.Append("[Version]" + Environment.NewLine + " "); sb.Append("V" + this.Version); sb.Append(Environment.NewLine + Environment.NewLine + "[Subject]" + Environment.NewLine + " "); sb.Append(this.SubjectName.Name); string nameInfo = this.GetNameInfo(X509NameType.SimpleName, false); if (nameInfo.Length > 0) { sb.Append(Environment.NewLine + " Simple Name: "); sb.Append(nameInfo); } string str2 = this.GetNameInfo(X509NameType.EmailName, false); if (str2.Length > 0) { sb.Append(Environment.NewLine + " Email Name: "); sb.Append(str2); } string str3 = this.GetNameInfo(X509NameType.UpnName, false); if (str3.Length > 0) { sb.Append(Environment.NewLine + " UPN Name: "); sb.Append(str3); } string str4 = this.GetNameInfo(X509NameType.DnsName, false); if (str4.Length > 0) { sb.Append(Environment.NewLine + " DNS Name: "); sb.Append(str4); } sb.Append(Environment.NewLine + Environment.NewLine + "[Issuer]" + Environment.NewLine + " "); sb.Append(this.IssuerName.Name); nameInfo = this.GetNameInfo(X509NameType.SimpleName, true); if (nameInfo.Length > 0) { sb.Append(Environment.NewLine + " Simple Name: "); sb.Append(nameInfo); } str2 = this.GetNameInfo(X509NameType.EmailName, true); if (str2.Length > 0) { sb.Append(Environment.NewLine + " Email Name: "); sb.Append(str2); } str3 = this.GetNameInfo(X509NameType.UpnName, true); if (str3.Length > 0) { sb.Append(Environment.NewLine + " UPN Name: "); sb.Append(str3); } str4 = this.GetNameInfo(X509NameType.DnsName, true); if (str4.Length > 0) { sb.Append(Environment.NewLine + " DNS Name: "); sb.Append(str4); } sb.Append(Environment.NewLine + Environment.NewLine + "[Serial Number]" + Environment.NewLine + " "); sb.Append(this.SerialNumber); sb.Append(Environment.NewLine + Environment.NewLine + "[Not Before]" + Environment.NewLine + " "); sb.Append(X509Certificate.FormatDate(this.NotBefore)); sb.Append(Environment.NewLine + Environment.NewLine + "[Not After]" + Environment.NewLine + " "); sb.Append(X509Certificate.FormatDate(this.NotAfter)); sb.Append(Environment.NewLine + Environment.NewLine + "[Thumbprint]" + Environment.NewLine + " "); sb.Append(this.Thumbprint); sb.Append(Environment.NewLine + Environment.NewLine + "[Signature Algorithm]" + Environment.NewLine + " "); sb.Append(this.SignatureAlgorithm.FriendlyName + "(" + this.SignatureAlgorithm.Value + ")"); System.Security.Cryptography.X509Certificates.PublicKey publicKey = this.PublicKey; sb.Append(Environment.NewLine + Environment.NewLine + "[Public Key]" + Environment.NewLine + " Algorithm: "); sb.Append(publicKey.Oid.FriendlyName); sb.Append(Environment.NewLine + " Length: "); sb.Append(publicKey.Key.KeySize); sb.Append(Environment.NewLine + " Key Blob: "); sb.Append(publicKey.EncodedKeyValue.Format(true)); sb.Append(Environment.NewLine + " Parameters: "); sb.Append(publicKey.EncodedParameters.Format(true)); this.AppendPrivateKeyInfo(sb); X509ExtensionCollection extensions = this.Extensions; if (extensions.Count > 0) { sb.Append(Environment.NewLine + Environment.NewLine + "[Extensions]"); X509ExtensionEnumerator enumerator = extensions.GetEnumerator(); while (enumerator.MoveNext()) { X509Extension current = enumerator.Current; sb.Append(Environment.NewLine + "* " + current.Oid.FriendlyName + "(" + current.Oid.Value + "):" + Environment.NewLine + " " + current.Format(true)); } } sb.Append(Environment.NewLine); return(sb.ToString()); }
// static initializer will run before properties are accessed static X509SubjectAlternativeNameConstants() { // Extracted a well-known X509Extension byte[] x509ExtensionBytes = new byte[] { 48, 36, 130, 21, 110, 111, 116, 45, 114, 101, 97, 108, 45, 115, 117, 98, 106, 101, 99, 116, 45, 110, 97, 109, 101, 130, 11, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109 }; const string subjectName = "not-real-subject-name"; string x509ExtensionFormattedString = string.Empty; try { X509Extension x509Extension = new X509Extension(SanOid, x509ExtensionBytes, true); x509ExtensionFormattedString = x509Extension.Format(false); // Each OS has a different dNSName identifier and delimiter // On Windows, dNSName == "DNS Name" (localizable), on Linux, dNSName == "DNS" // e.g., // Windows: x509ExtensionFormattedString is: "DNS Name=not-real-subject-name, DNS Name=example.com" // Linux: x509ExtensionFormattedString is: "DNS:not-real-subject-name, DNS:example.com" // Parse: <identifier><delimiter><value><separator(s)> int delimiterIndex = x509ExtensionFormattedString.IndexOf(subjectName) - 1; Delimiter = x509ExtensionFormattedString[delimiterIndex]; // Make an assumption that all characters from the the start of string to the delimiter // are part of the identifier Identifier = x509ExtensionFormattedString.Substring(0, delimiterIndex); int separatorFirstChar = delimiterIndex + subjectName.Length + 1; int separatorLength = 1; for (int i = separatorFirstChar + 1; i < x509ExtensionFormattedString.Length; i++) { // We advance until the first character of the identifier to determine what the // separator is. This assumes that the identifier assumption above is correct if (x509ExtensionFormattedString[i] == Identifier[0]) { break; } separatorLength++; } Separator = x509ExtensionFormattedString.Substring(separatorFirstChar, separatorLength); SeparatorArray = new string[1] { Separator }; SuccessfullyInitialized = true; } catch (Exception ex) { SuccessfullyInitialized = false; DiagnosticUtility.TraceHandledException( new FormatException(string.Format(CultureInfo.InvariantCulture, "There was an error parsing the SubjectAlternativeNames: '{0}'. See inner exception for more details.{1}Detected values were: Identifier: '{2}'; Delimiter:'{3}'; Separator:'{4}'", x509ExtensionFormattedString, Environment.NewLine, Identifier, Delimiter, Separator), ex), TraceEventType.Warning); } }
public void ConstructorAsnEncodedData () { AsnEncodedData aed = new AsnEncodedData (new Oid ("2.5.29.37"), new byte[] { 0x30, 0x05, 0x06, 0x03, 0x2A, 0x03, 0x04 }); X509Extension ex = new X509Extension (aed, true); Assert.IsTrue (ex.Critical, "Critical"); Assert.AreEqual (7, ex.RawData.Length, "RawData"); // original Oid ignored Assert.AreEqual ("2.5.29.37", ex.Oid.Value, "Oid.Value"); Assert.AreEqual ("Enhanced Key Usage", ex.Oid.FriendlyName, "Oid.FriendlyName"); Assert.AreEqual ("Unknown Key Usage (1.2.3.4)" + Environment.NewLine, ex.Format (true), "Format(true)"); Assert.AreEqual ("Unknown Key Usage (1.2.3.4)", ex.Format (false), "Format(false)"); }
public void Build_NetscapeCertTypeExtension () { X509Extension ex = new X509Extension (new Oid ("2.16.840.1.113730.1.1"), new byte[] { 0x03, 0x02, 0x00, 0xFF }, false); // strangely no NewLine is being appended to Format(true) Assert.AreEqual ("SSL Client Authentication, SSL Server Authentication, SMIME, Signature, Unknown cert type, SSL CA, SMIME CA, Signature CA (ff)", ex.Format (true), "aed.Format(true)"); Assert.AreEqual ("SSL Client Authentication, SSL Server Authentication, SMIME, Signature, Unknown cert type, SSL CA, SMIME CA, Signature CA (ff)", ex.Format (false), "aed.Format(false)"); }