You've already forked linux-packaging-mono
							
							
		
			
				
	
	
		
			418 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
			
		
		
	
	
			418 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
| //
 | |
| // System.Security.Cryptography.X509Certificate2 class
 | |
| //
 | |
| // Author:
 | |
| //	Sebastien Pouliot  <sebastien@ximian.com>
 | |
| //
 | |
| // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
 | |
| // Copyright (C) 2004-2006 Novell Inc. (http://www.novell.com)
 | |
| //
 | |
| // Permission is hereby granted, free of charge, to any person obtaining
 | |
| // a copy of this software and associated documentation files (the
 | |
| // "Software"), to deal in the Software without restriction, including
 | |
| // without limitation the rights to use, copy, modify, merge, publish,
 | |
| // distribute, sublicense, and/or sell copies of the Software, and to
 | |
| // permit persons to whom the Software is furnished to do so, subject to
 | |
| // the following conditions:
 | |
| // 
 | |
| // The above copyright notice and this permission notice shall be
 | |
| // included in all copies or substantial portions of the Software.
 | |
| // 
 | |
| // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 | |
| // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 | |
| // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 | |
| // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 | |
| // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 | |
| // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 | |
| // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 | |
| //
 | |
| 
 | |
| #if SECURITY_DEP
 | |
| 
 | |
| #if MONO_SECURITY_ALIAS
 | |
| extern alias MonoSecurity;
 | |
| using MonoSecurity::Mono.Security;
 | |
| using MonoSecurity::Mono.Security.Cryptography;
 | |
| using MX = MonoSecurity::Mono.Security.X509;
 | |
| #else
 | |
| using Mono.Security;
 | |
| using Mono.Security.Cryptography;
 | |
| using MX = Mono.Security.X509;
 | |
| #endif
 | |
| 
 | |
| #endif
 | |
| 
 | |
| using System.IO;
 | |
| using System.Text;
 | |
| using System.Collections;
 | |
| using System.Runtime.Serialization;
 | |
| 
 | |
| namespace System.Security.Cryptography.X509Certificates {
 | |
| 
 | |
| 	[Serializable]
 | |
| 	public class X509Certificate2 : X509Certificate {
 | |
| 	
 | |
| #if !SECURITY_DEP
 | |
| 		// Used in Mono.Security HttpsClientStream
 | |
| 		public X509Certificate2 (byte[] rawData)
 | |
| 		{
 | |
| 		}
 | |
| #endif
 | |
| #if SECURITY_DEP
 | |
| 		new internal X509Certificate2Impl Impl {
 | |
| 			get {
 | |
| 				var impl2 = base.Impl as X509Certificate2Impl;
 | |
| 				X509Helper2.ThrowIfContextInvalid (impl2);
 | |
| 				return impl2;
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		string friendlyName = string.Empty;
 | |
| 
 | |
| 		// constructors
 | |
| 
 | |
| 		public X509Certificate2 ()
 | |
| 		{
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (byte[] rawData)
 | |
| 		{
 | |
| 			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (byte[] rawData, string password)
 | |
| 		{
 | |
| 			Import (rawData, password, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (byte[] rawData, SecureString password)
 | |
| 		{
 | |
| 			Import (rawData, password, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
 | |
| 		{
 | |
| 			Import (rawData, password, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
 | |
| 		{
 | |
| 			Import (rawData, password, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (string fileName)
 | |
| 		{
 | |
| 			Import (fileName, String.Empty, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (string fileName, string password)
 | |
| 		{
 | |
| 			Import (fileName, password, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (string fileName, SecureString password)
 | |
| 		{
 | |
| 			Import (fileName, password, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
 | |
| 		{
 | |
| 			Import (fileName, password, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
 | |
| 		{
 | |
| 			Import (fileName, password, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (IntPtr handle) : base (handle) 
 | |
| 		{
 | |
| 			throw new NotImplementedException ();
 | |
| 		}
 | |
| 
 | |
| 		public X509Certificate2 (X509Certificate certificate) 
 | |
| 			: base (X509Helper2.Import (certificate))
 | |
| 		{
 | |
| 		}
 | |
| 
 | |
| 		protected X509Certificate2 (SerializationInfo info, StreamingContext context) : base (info, context)
 | |
| 		{
 | |
| 		}
 | |
| 
 | |
| 		internal X509Certificate2 (X509Certificate2Impl impl)
 | |
| 			: base (impl)
 | |
| 		{
 | |
| 		}
 | |
| 
 | |
| 		// properties
 | |
| 
 | |
| 		public bool Archived {
 | |
| 			get { return Impl.Archived; }
 | |
| 			set { Impl.Archived = true; }
 | |
| 		}
 | |
| 
 | |
| 		public X509ExtensionCollection Extensions {
 | |
| 			get { return Impl.Extensions; }
 | |
| 		}
 | |
| 
 | |
| 		public string FriendlyName {
 | |
| 			get {
 | |
| 				ThrowIfContextInvalid ();
 | |
| 				return friendlyName;
 | |
| 			}
 | |
| 			set {
 | |
| 				ThrowIfContextInvalid ();
 | |
| 				friendlyName = value;
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		public bool HasPrivateKey {
 | |
| 			get { return Impl.HasPrivateKey; }
 | |
| 		}
 | |
| 
 | |
| 		public X500DistinguishedName IssuerName {
 | |
| 			get { return Impl.IssuerName; }
 | |
| 		} 
 | |
| 
 | |
| 		public DateTime NotAfter {
 | |
| 			get { return Impl.GetValidUntil ().ToLocalTime (); }
 | |
| 		}
 | |
| 
 | |
| 		public DateTime NotBefore {
 | |
| 			get { return Impl.GetValidFrom ().ToLocalTime (); }
 | |
| 		}
 | |
| 
 | |
| 		public AsymmetricAlgorithm PrivateKey {
 | |
| 			get { return Impl.PrivateKey; }
 | |
| 			set { Impl.PrivateKey = value; }
 | |
| 		} 
 | |
| 
 | |
| 		public PublicKey PublicKey {
 | |
| 			get { return Impl.PublicKey; }
 | |
| 		} 
 | |
| 
 | |
| 		public byte[] RawData {
 | |
| 			get { return GetRawCertData (); }
 | |
| 		}
 | |
| 
 | |
| 		public string SerialNumber {
 | |
| 			get { return GetSerialNumberString (); }
 | |
| 		} 
 | |
| 
 | |
| 		public Oid SignatureAlgorithm {
 | |
| 			get { return Impl.SignatureAlgorithm; }
 | |
| 		} 
 | |
| 
 | |
| 		public X500DistinguishedName SubjectName {
 | |
| 			get { return Impl.SubjectName; }
 | |
| 		} 
 | |
| 
 | |
| 		public string Thumbprint {
 | |
| 			get { return GetCertHashString (); }
 | |
| 		} 
 | |
| 
 | |
| 		public int Version {
 | |
| 			get { return Impl.Version; }
 | |
| 		}
 | |
| 
 | |
| 		// methods
 | |
| 
 | |
| 		[MonoTODO ("always return String.Empty for UpnName, DnsFromAlternativeName and UrlName")]
 | |
| 		public string GetNameInfo (X509NameType nameType, bool forIssuer) 
 | |
| 		{
 | |
| 			return Impl.GetNameInfo (nameType, forIssuer);
 | |
| 		}
 | |
| 
 | |
| 		public override void Import (byte[] rawData) 
 | |
| 		{
 | |
| 			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("missing KeyStorageFlags support")]
 | |
| 		public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
 | |
| 		{
 | |
| 			var impl = X509Helper2.Import (rawData, password, keyStorageFlags);
 | |
| 			ImportHandle (impl);
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("SecureString is incomplete")]
 | |
| 		public override void Import (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
 | |
| 		{
 | |
| 			Import (rawData, (string) null, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		public override void Import (string fileName) 
 | |
| 		{
 | |
| 			byte[] rawData = File.ReadAllBytes (fileName);
 | |
| 			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("missing KeyStorageFlags support")]
 | |
| 		public override void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags) 
 | |
| 		{
 | |
| 			byte[] rawData = File.ReadAllBytes (fileName);
 | |
| 			Import (rawData, password, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("SecureString is incomplete")]
 | |
| 		public override void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) 
 | |
| 		{
 | |
| 			byte[] rawData = File.ReadAllBytes (fileName);
 | |
| 			Import (rawData, (string)null, keyStorageFlags);
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("X509ContentType.SerializedCert is not supported")]
 | |
| 		public override byte[] Export (X509ContentType contentType, string password)
 | |
| 		{
 | |
| 			return Impl.Export (contentType, password);
 | |
| 		}
 | |
| 
 | |
| 		public override void Reset () 
 | |
| 		{
 | |
| 			friendlyName = string.Empty;
 | |
| 			base.Reset ();
 | |
| 		}
 | |
| 
 | |
| 		public override string ToString ()
 | |
| 		{
 | |
| 			if (!IsValid)
 | |
| 				return "System.Security.Cryptography.X509Certificates.X509Certificate2";
 | |
| 			return base.ToString (true);
 | |
| 		}
 | |
| 
 | |
| 		public override string ToString (bool verbose)
 | |
| 		{
 | |
| 			if (!IsValid)
 | |
| 				return "System.Security.Cryptography.X509Certificates.X509Certificate2";
 | |
| 
 | |
| 			// the non-verbose X509Certificate2 == verbose X509Certificate
 | |
| 			if (!verbose)
 | |
| 				return base.ToString (true);
 | |
| 
 | |
| 			string nl = Environment.NewLine;
 | |
| 			StringBuilder sb = new StringBuilder ();
 | |
| 			sb.AppendFormat ("[Version]{0}  V{1}{0}{0}", nl, Version);
 | |
| 			sb.AppendFormat ("[Subject]{0}  {1}{0}{0}", nl, Subject);
 | |
| 			sb.AppendFormat ("[Issuer]{0}  {1}{0}{0}", nl, Issuer);
 | |
| 			sb.AppendFormat ("[Serial Number]{0}  {1}{0}{0}", nl, SerialNumber);
 | |
| 			sb.AppendFormat ("[Not Before]{0}  {1}{0}{0}", nl, NotBefore);
 | |
| 			sb.AppendFormat ("[Not After]{0}  {1}{0}{0}", nl, NotAfter);
 | |
| 			sb.AppendFormat ("[Thumbprint]{0}  {1}{0}{0}", nl, Thumbprint);
 | |
| 			sb.AppendFormat ("[Signature Algorithm]{0}  {1}({2}){0}{0}", nl, SignatureAlgorithm.FriendlyName, 
 | |
| 				SignatureAlgorithm.Value);
 | |
| 
 | |
| 			AsymmetricAlgorithm key = PublicKey.Key;
 | |
| 			sb.AppendFormat ("[Public Key]{0}  Algorithm: ", nl);
 | |
| 			if (key is RSA)
 | |
| 				sb.Append ("RSA");
 | |
| 			else if (key is DSA)
 | |
| 				sb.Append ("DSA");
 | |
| 			else
 | |
| 				sb.Append (key.ToString ());
 | |
| 			sb.AppendFormat ("{0}  Length: {1}{0}  Key Blob: ", nl, key.KeySize);
 | |
| 			AppendBuffer (sb, PublicKey.EncodedKeyValue.RawData);
 | |
| 			sb.AppendFormat ("{0}  Parameters: ", nl);
 | |
| 			AppendBuffer (sb, PublicKey.EncodedParameters.RawData);
 | |
| 			sb.Append (nl);
 | |
| 
 | |
| 			return sb.ToString ();
 | |
| 		}
 | |
| 
 | |
| 		private static void AppendBuffer (StringBuilder sb, byte[] buffer)
 | |
| 		{
 | |
| 			if (buffer == null)
 | |
| 				return;
 | |
| 			for (int i=0; i < buffer.Length; i++) {
 | |
| 				sb.Append (buffer [i].ToString ("x2"));
 | |
| 				if (i < buffer.Length - 1)
 | |
| 					sb.Append (" ");
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("by default this depends on the incomplete X509Chain")]
 | |
| 		public bool Verify ()
 | |
| 		{
 | |
| 			return Impl.Verify (this);
 | |
| 		}
 | |
| 
 | |
| 		// static methods
 | |
| 
 | |
| 		private static byte[] signedData = new byte[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02 };
 | |
| 
 | |
| 		[MonoTODO ("Detection limited to Cert, Pfx, Pkcs12, Pkcs7 and Unknown")]
 | |
| 		public static X509ContentType GetCertContentType (byte[] rawData)
 | |
| 		{
 | |
| 			if ((rawData == null) || (rawData.Length == 0))
 | |
| 				throw new ArgumentException ("rawData");
 | |
| 
 | |
| 			X509ContentType type = X509ContentType.Unknown;
 | |
| 			try {
 | |
| 				ASN1 data = new ASN1 (rawData);
 | |
| 				if (data.Tag != 0x30) {
 | |
| 					string msg = Locale.GetText ("Unable to decode certificate.");
 | |
| 					throw new CryptographicException (msg);
 | |
| 				}
 | |
| 
 | |
| 				if (data.Count == 0)
 | |
| 					return type;
 | |
| 
 | |
| 				if (data.Count == 3) {
 | |
| 					switch (data [0].Tag) {
 | |
| 					case 0x30:
 | |
| 						// SEQUENCE / SEQUENCE / BITSTRING
 | |
| 						if ((data [1].Tag == 0x30) && (data [2].Tag == 0x03))
 | |
| 							type = X509ContentType.Cert;
 | |
| 						break;
 | |
| 					case 0x02:
 | |
| 						// INTEGER / SEQUENCE / SEQUENCE
 | |
| 						if ((data [1].Tag == 0x30) && (data [2].Tag == 0x30))
 | |
| 							type = X509ContentType.Pkcs12;
 | |
| 						// note: Pfx == Pkcs12
 | |
| 						break;
 | |
| 					}
 | |
| 				}
 | |
| 				// check for PKCS#7 (count unknown but greater than 0)
 | |
| 				// SEQUENCE / OID (signedData)
 | |
| 				if ((data [0].Tag == 0x06) && data [0].CompareValue (signedData))
 | |
| 					type = X509ContentType.Pkcs7;
 | |
| 			}
 | |
| 			catch (Exception e) {
 | |
| 				string msg = Locale.GetText ("Unable to decode certificate.");
 | |
| 				throw new CryptographicException (msg, e);
 | |
| 			}
 | |
| 
 | |
| 			return type;
 | |
| 		}
 | |
| 
 | |
| 		[MonoTODO ("Detection limited to Cert, Pfx, Pkcs12 and Unknown")]
 | |
| 		public static X509ContentType GetCertContentType (string fileName)
 | |
| 		{
 | |
| 			if (fileName == null)
 | |
| 				throw new ArgumentNullException ("fileName");
 | |
| 			if (fileName.Length == 0)
 | |
| 				throw new ArgumentException ("fileName");
 | |
| 
 | |
| 			byte[] data = File.ReadAllBytes (fileName);
 | |
| 			return GetCertContentType (data);
 | |
| 		}
 | |
| 
 | |
| 		// internal stuff because X509Certificate2 isn't complete enough
 | |
| 		// (maybe X509Certificate3 will be better?)
 | |
| 
 | |
| 		[MonoTODO ("See comment in X509Helper2.GetMonoCertificate().")]
 | |
| 		internal MX.X509Certificate MonoCertificate {
 | |
| 			get {
 | |
| 				return X509Helper2.GetMonoCertificate (this);
 | |
| 			}
 | |
| 		}
 | |
| 
 | |
| #else
 | |
| 		// HACK - this ensure the type X509Certificate2 and PrivateKey property exists in the build before
 | |
| 		// Mono.Security.dll is built. This is required to get working client certificate in SSL/TLS
 | |
| 		public AsymmetricAlgorithm PrivateKey {
 | |
| 			get { return null; }
 | |
| 		}
 | |
| #endif
 | |
| 	}
 | |
| }
 |