public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!this.CheckSignature(certificate.PublicKey.Key)) { return false; } if (verifySignatureOnly) { SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return true; } X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator(); while (enumerator.MoveNext()) { X509Extension current = enumerator.Current; if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsages = new X509KeyUsageExtension(); keyUsages.CopyFrom(current); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsages); if (((keyUsages.KeyUsages & X509KeyUsageFlags.DigitalSignature) != X509KeyUsageFlags.None) || ((keyUsages.KeyUsages & X509KeyUsageFlags.NonRepudiation) != X509KeyUsageFlags.None)) { break; } SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage")); return false; } } X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(this.BuildBagOfCerts()); bool flag2 = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!flag2) { SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain")); return false; } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return true; }
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore) { int num1; int num2 = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), (OidCollection)null, (OidCollection)null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void*)&num1)); if (num2 != 0) return num1; foreach (X509Extension x509Extension in certificate.Extensions) { if (string.Compare(x509Extension.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsageExtension = new X509KeyUsageExtension(); keyUsageExtension.CopyFrom((AsnEncodedData)x509Extension); if ((keyUsageExtension.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None && (keyUsageExtension.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None) { num2 = -2146762480; break; } } } return num2; }
private static unsafe int VerifyCertificate(X509Certificate2 certificate, X509Certificate2Collection extraStore) { int num; int num2 = System.Security.Cryptography.X509Certificates.X509Utils.VerifyCertificate(System.Security.Cryptography.X509Certificates.X509Utils.GetCertContext(certificate), null, null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(1L), new IntPtr((void*) &num)); if (num2 != 0) { return num; } X509ExtensionEnumerator enumerator = certificate.Extensions.GetEnumerator(); while (enumerator.MoveNext()) { X509Extension current = enumerator.Current; if (string.Compare(current.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension extension2 = new X509KeyUsageExtension(); extension2.CopyFrom(current); if (((extension2.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None)) { return -2146762480; } } } return num2; }
public void WrongAsnEncodedData () { AsnEncodedData aed = new AsnEncodedData (new byte[0]); X509KeyUsageExtension ku = new X509KeyUsageExtension (X509KeyUsageFlags.CrlSign, true); ku.CopyFrom (aed); // note: not the same behaviour than using the constructor! }
public void CopyFrom_Null () { X509KeyUsageExtension eku = new X509KeyUsageExtension (); eku.CopyFrom (null); }
public void WrongExtension_X509Extension () { X509Extension ex = new X509Extension ("1.2.3", new byte [0], true); X509KeyUsageExtension ku = new X509KeyUsageExtension (X509KeyUsageFlags.CrlSign, true); ku.CopyFrom (ex); Assert.IsTrue (ku.Critical, "Critical"); Assert.AreEqual (String.Empty, BitConverter.ToString (ku.RawData), "RawData"); Assert.AreEqual ("1.2.3", ku.Oid.Value, "Oid.Value"); Assert.IsNull (ku.Oid.FriendlyName, "Oid.FriendlyName"); }
public void WrongExtension_X509Extension_KeyUsages () { X509Extension ex = new X509Extension ("1.2.3", new byte[0], true); X509KeyUsageExtension ku = new X509KeyUsageExtension (); ku.CopyFrom (ex); Assert.AreEqual (0, ku.KeyUsages, "KeyUsages"); }
internal static X509Certificate2 SelectSignerCertificate() { X509Store store = new X509Store(); store.Open(OpenFlags.IncludeArchived | OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = new X509Certificate2Collection(); X509Certificate2Enumerator enumerator = store.Certificates.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate2 current = enumerator.Current; if ((current.HasPrivateKey && (current.NotBefore <= DateTime.Now)) && (current.NotAfter >= DateTime.Now)) { bool flag = true; X509ExtensionEnumerator enumerator2 = current.Extensions.GetEnumerator(); while (enumerator2.MoveNext()) { X509Extension asnEncodedData = enumerator2.Current; if (string.Compare(asnEncodedData.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension extension2 = new X509KeyUsageExtension(); extension2.CopyFrom(asnEncodedData); if (((extension2.KeyUsages & X509KeyUsageFlags.DigitalSignature) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.NonRepudiation) == X509KeyUsageFlags.None)) { flag = false; } break; } } if (flag) { certificates.Add(current); } } } if (certificates.Count < 1) { throw new CryptographicException(-2146889714); } certificates = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.SingleSelection); if (certificates.Count < 1) { throw new CryptographicException(0x4c7); } return certificates[0]; }
public void WrongExtension_X509EnhancedKeyUsageExtension () { X509EnhancedKeyUsageExtension eku = new X509EnhancedKeyUsageExtension (); X509KeyUsageExtension ku = new X509KeyUsageExtension (); ku.CopyFrom (eku); }
internal static CmsRecipientCollection SelectRecipients(SubjectIdentifierType recipientIdentifierType) { X509Store store = new X509Store("AddressBook"); store.Open(OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = new X509Certificate2Collection(store.Certificates); X509Certificate2Enumerator enumerator = store.Certificates.GetEnumerator(); while (enumerator.MoveNext()) { X509Certificate2 current = enumerator.Current; if ((current.NotBefore <= DateTime.Now) && (current.NotAfter >= DateTime.Now)) { bool flag = true; X509ExtensionEnumerator enumerator2 = current.Extensions.GetEnumerator(); while (enumerator2.MoveNext()) { X509Extension asnEncodedData = enumerator2.Current; if (string.Compare(asnEncodedData.Oid.Value, "2.5.29.15", StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension extension2 = new X509KeyUsageExtension(); extension2.CopyFrom(asnEncodedData); if (((extension2.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == X509KeyUsageFlags.None) && ((extension2.KeyUsages & X509KeyUsageFlags.KeyAgreement) == X509KeyUsageFlags.None)) { flag = false; } break; } } if (flag) { certificates.Add(current); } } } if (certificates.Count < 1) { throw new CryptographicException(-2146889717); } X509Certificate2Collection certificates2 = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.MultiSelection); if (certificates2.Count < 1) { throw new CryptographicException(0x4c7); } return new CmsRecipientCollection(recipientIdentifierType, certificates2); }
private static unsafe int VerifyCertificate (X509Certificate2 certificate, X509Certificate2Collection extraStore) { int dwErrorStatus; int hr = X509Utils.VerifyCertificate(X509Utils.GetCertContext(certificate), null, null, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot, DateTime.Now, new TimeSpan(0, 0, 0), extraStore, new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE), new IntPtr(&dwErrorStatus)); if (hr != CAPI.S_OK) return dwErrorStatus; // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0 && (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0) { hr = CAPI.CERT_E_WRONG_USAGE; break; } } } return hr; }
internal static X509Certificate2 SelectSignerCertificate () { X509Store store = new X509Store(); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly | OpenFlags.IncludeArchived); X509Certificate2Collection certificates = new X509Certificate2Collection(); foreach (X509Certificate2 certificate in store.Certificates) { if (certificate.HasPrivateKey && certificate.NotBefore <= DateTime.Now && certificate.NotAfter >= DateTime.Now) { bool validUsages = true; foreach (X509Extension extension in certificate.Extensions) { if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); if ((keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) == 0 && (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) == 0) { validUsages = false; } break; } } if (validUsages) { certificates.Add(certificate); } } } if (certificates.Count < 1) throw new CryptographicException(CAPI.CRYPT_E_SIGNER_NOT_FOUND); certificates = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.SingleSelection); if (certificates.Count < 1) throw new CryptographicException(CAPI.ERROR_CANCELLED); Debug.Assert(certificates.Count == 1); return certificates[0]; }
internal static CmsRecipientCollection SelectRecipients (SubjectIdentifierType recipientIdentifierType) { X509Store store = new X509Store("AddressBook"); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = new X509Certificate2Collection(store.Certificates); foreach (X509Certificate2 certificate in store.Certificates) { if (certificate.NotBefore <= DateTime.Now && certificate.NotAfter >= DateTime.Now) { bool validUsages = true; foreach (X509Extension extension in certificate.Extensions) { if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); if ((keyUsage.KeyUsages & X509KeyUsageFlags.KeyEncipherment) == 0 && (keyUsage.KeyUsages & X509KeyUsageFlags.KeyAgreement) == 0) { validUsages = false; } break; } } if (validUsages) { certificates.Add(certificate); } } } if (certificates.Count < 1) throw new CryptographicException(CAPI.CRYPT_E_RECIPIENT_NOT_FOUND); X509Certificate2Collection recipients = X509Certificate2UI.SelectFromCollection(certificates, null, null, X509SelectionFlag.MultiSelection); if (recipients.Count < 1) throw new CryptographicException(CAPI.ERROR_CANCELLED); return new CmsRecipientCollection(recipientIdentifierType, recipients); }
public bool CheckSignature(X509Certificate2 certificate, bool verifySignatureOnly) { if (!CheckSignature(certificate.PublicKey.Key)) { return false; } if (verifySignatureOnly) { SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return true; } // Check key usages to make sure it is good for signing. foreach (X509Extension extension in certificate.Extensions) { if (String.Compare(extension.Oid.Value, CAPI.szOID_KEY_USAGE, StringComparison.OrdinalIgnoreCase) == 0) { X509KeyUsageExtension keyUsage = new X509KeyUsageExtension(); keyUsage.CopyFrom(extension); SignedXmlDebugLog.LogVerifyKeyUsage(this, certificate, keyUsage); bool validKeyUsage = (keyUsage.KeyUsages & X509KeyUsageFlags.DigitalSignature) != 0 || (keyUsage.KeyUsages & X509KeyUsageFlags.NonRepudiation) != 0; if (!validKeyUsage) { SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509KeyUsage")); return false; } break; } } // Do the chain verification to make sure the certificate is valid. X509Chain chain = new X509Chain(); chain.ChainPolicy.ExtraStore.AddRange(BuildBagOfCerts()); bool chainVerified = chain.Build(certificate); SignedXmlDebugLog.LogVerifyX509Chain(this, chain, certificate); if (!chainVerified) { SignedXmlDebugLog.LogVerificationFailure(this, SecurityResources.GetResourceString("Log_VerificationFailed_X509Chain")); return false; } SignedXmlDebugLog.LogVerificationResult(this, certificate, true); return true; }