[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions Auth
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions AuthorityKeyIdentifierExtension.cs,NONE,1.1 BasicConstraintsExtension.cs,NONE,1.1 CertificatePoliciesExtension.cs,NONE,1.1 CRLDistributionPointsExtension.cs,NONE,1.1 ExtendedKeyUsageExtension.cs,NONE,1.1 KeyAttributesExtension.cs,NONE,1.1 KeyUsageExtension.cs,NONE,1.1 NetscapeCertTypeExtension.cs,NONE,1.1 PrivateKeyUsagePeriodExtension.cs,NONE,1.1 SubjectAltNameExtension.cs,NONE,1.1 SubjectKeyIdentifierExtension.cs,NONE,1.1
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25374 Added Files: AuthorityKeyIdentifierExtension.cs BasicConstraintsExtension.cs CertificatePoliciesExtension.cs CRLDistributionPointsExtension.cs ExtendedKeyUsageExtension.cs KeyAttributesExtension.cs KeyUsageExtension.cs NetscapeCertTypeExtension.cs PrivateKeyUsagePeriodExtension.cs SubjectAltNameExtension.cs SubjectKeyIdentifierExtension.cs Log Message: Sync security stuff with mono CVS classes. --- NEW FILE: AuthorityKeyIdentifierExtension.cs --- // // AuthorityKeyIdentifierExtension.cs: Handles X.509 AuthorityKeyIdentifier extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } * * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, * authorityCertIssuer [1] GeneralNames OPTIONAL, * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } * * KeyIdentifier ::= OCTET STRING */ internal class AuthorityKeyIdentifierExtension : X509Extension { private byte[] aki; public AuthorityKeyIdentifierExtension () : base () { extnOid = "2.5.29.35"; } public AuthorityKeyIdentifierExtension (ASN1 asn1) : base (asn1) {} public AuthorityKeyIdentifierExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid AuthorityKeyIdentifier extension"); for (int i=0; i < sequence.Count; i++) { ASN1 el = sequence [i]; switch (el.Tag) { case 0x80: aki = el.Value; break; case 0x81: case 0x82: default: throw new ArgumentException ("Invalid AuthorityKeyIdentifier extension"); } } } public override string Name { get { return "Authority Key Identifier"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); if (aki != null) { // [0] KeyIdentifier int x = 0; sb.Append ("KeyID="); while (x < aki.Length) { sb.Append (aki [x].ToString ("X2")); if (x % 2 == 1) sb.Append (" "); x++; } // [1] GeneralNames // TODO // [2] CertificateSerialNumber // TODO } return sb.ToString (); } } } --- NEW FILE: BasicConstraintsExtension.cs --- // // BasicConstraintsExtension.cs: Handles X.509 BasicConstrains extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // References: // 1. RFC 3280: Internet X.509 Public Key Infrastructure, Section 4.2.1.10 // http://www.ietf.org/rfc/rfc3280.txt /* id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } * * BasicConstraints ::= SEQUENCE { * cA BOOLEAN DEFAULT FALSE, * pathLenConstraint INTEGER (0..MAX) OPTIONAL * } */ internal class BasicConstraintsExtension : X509Extension { private bool cA; private int pathLenConstraint; public BasicConstraintsExtension () : base () { extnOid = "2.5.29.19"; } public BasicConstraintsExtension (ASN1 asn1) : base (asn1) {} public BasicConstraintsExtension (X509Extension extension) : base (extension) {} protected override void Decode () { // default values cA = false; pathLenConstraint = 0; // no constraint ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid BasicConstraints extension"); int n = 0; ASN1 a = sequence [n++]; if ((a != null) && (a.Tag == 0x01)) { cA = (a.Value [0] == 0xFF); a = sequence [n++]; } if ((a != null) && (a.Tag == 0x02)) pathLenConstraint = ASN1Convert.ToInt32 (a); } protected override void Encode () { if (extnValue == null) { extnValue = new ASN1 (0x30); if (cA) extnValue.Add (new ASN1 (0x01, new byte[] { 0xFF })); if (pathLenConstraint > 0) extnValue.Add (ASN1Convert.FromInt32 (pathLenConstraint)); } } public bool CertificateAuthority { get { return cA; } set { cA = value; } } public override string Name { get { return "Basic Constraints"; } } public int PathLenConstraint { get { return pathLenConstraint; } set { pathLenConstraint = value; } } public override string ToString () { StringBuilder sb = new StringBuilder (); sb.Append ("Subject Type="); sb.Append ((cA) ? "CA" : "End Entity"); sb.Append (Environment.NewLine); sb.Append ("Path Length Constraint="); if (pathLenConstraint == 0) sb.Append ("None"); else sb.Append (pathLenConstraint.ToString ()); sb.Append (Environment.NewLine); return sb.ToString (); } } } --- NEW FILE: CertificatePoliciesExtension.cs --- // // CertificatePoliciesExtension.cs: Handles X.509 CertificatePolicies extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } * * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificate-policies 0 } * * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation * * PolicyInformation ::= SEQUENCE { * policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL * } * * CertPolicyId ::= OBJECT IDENTIFIER * * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId * } * * -- policyQualifierIds for Internet policy qualifiers * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } * * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) * * Qualifier ::= CHOICE { * cPSuri CPSuri, * userNotice UserNotice * } * * CPSuri ::= IA5String * * UserNotice ::= SEQUENCE { * noticeRef NoticeReference OPTIONAL, * explicitText DisplayText OPTIONAL * } * * NoticeReference ::= SEQUENCE { * organization DisplayText, * noticeNumbers SEQUENCE OF INTEGER * } * * DisplayText ::= CHOICE { * ia5String IA5String (SIZE (1..200)), * visibleString VisibleString (SIZE (1..200)), * bmpString BMPString (SIZE (1..200)), * utf8String UTF8String (SIZE (1..200)) * } */ // note: partial implementation (only policyIdentifier OID are supported) internal class CertificatePoliciesExtension : X509Extension { private Hashtable policies; public CertificatePoliciesExtension () : base () { extnOid = "2.5.29.32"; policies = new Hashtable (); } public CertificatePoliciesExtension (ASN1 asn1) : base (asn1) {} public CertificatePoliciesExtension (X509Extension extension) : base (extension) {} protected override void Decode () { policies = new Hashtable (); ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid CertificatePolicies extension"); // for every policy OID for (int i=0; i < sequence.Count; i++) { policies.Add (ASN1Convert.ToOID (sequence [i][0]), null); } } public override string Name { get { return "Certificate Policies"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); int n = 1; foreach (DictionaryEntry policy in policies) { sb.Append ("["); sb.Append (n++); sb.Append ("]Certificate Policy:"); sb.Append (Environment.NewLine); sb.Append ("\tPolicyIdentifier="); sb.Append ((string)policy.Key); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: CRLDistributionPointsExtension.cs --- // // CRLDistributionPointsExtension.cs: Handles X.509 CRLDistributionPoints extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // References: // a. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile // http://www.ietf.org/rfc/rfc3280.txt // b. 2.5.29.31 - CRL Distribution Points // http://www.alvestrand.no/objectid/2.5.29.31.html /* * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } * * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint * * DistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL * } * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName * } * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), * cACompromise (2), * affiliationChanged (3), * superseded (4), * cessationOfOperation (5), * certificateHold (6), * privilegeWithdrawn (7), * aACompromise (8) } */ internal class CRLDistributionPointsExtension : X509Extension { internal class DP { public string DistributionPoint; public ReasonFlags Reasons; public string CRLIssuer; } [Flags] public enum ReasonFlags { Unused = 0, KeyCompromise = 1, CACompromise = 2, AffiliationChanged = 3, Superseded = 4, CessationOfOperation = 5, CertificateHold = 6, PrivilegeWithdrawn = 7, AACompromise = 8 } private ArrayList dps; public CRLDistributionPointsExtension () : base () { extnOid = "2.5.29.31"; dps = new ArrayList (); } public CRLDistributionPointsExtension (ASN1 asn1) : base (asn1) {} public CRLDistributionPointsExtension (X509Extension extension) : base (extension) {} protected override void Decode () { dps = new ArrayList (); ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid CRLDistributionPoints extension"); // for every distribution point for (int i=0; i < sequence.Count; i++) { dps.Add (null); } } public override string Name { get { return "CRL Distribution Points"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); foreach (DP dp in dps) { sb.Append ("["); sb.Append (dp.Reasons); sb.Append ("]CRL Distribution Point"); sb.Append (Environment.NewLine); sb.Append ("\tDistribution Point Name:"); sb.Append (dp.DistributionPoint); sb.Append (Environment.NewLine); sb.Append ("\t\tFull Name:"); sb.Append (Environment.NewLine); sb.Append ("\t\t\tDirectory Address:"); sb.Append (dp.CRLIssuer); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: ExtendedKeyUsageExtension.cs --- // // ExtendedKeyUsageExtension.cs: Handles X.509 ExtendedKeyUsage extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } * * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId * * KeyPurposeId ::= OBJECT IDENTIFIER */ internal class ExtendedKeyUsageExtension : X509Extension { private ArrayList keyPurpose; public ExtendedKeyUsageExtension () : base () { extnOid = "2.5.29.37"; keyPurpose = new ArrayList (); } public ExtendedKeyUsageExtension (ASN1 asn1) : base (asn1) {} public ExtendedKeyUsageExtension (X509Extension extension) : base (extension) {} protected override void Decode () { keyPurpose = new ArrayList (); ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid ExtendedKeyUsage extension"); // for every policy OID for (int i=0; i < sequence.Count; i++) keyPurpose.Add (ASN1Convert.ToOID (sequence [i])); } protected override void Encode () { if (extnValue == null) { extnValue = new ASN1 (0x30); foreach (string oid in keyPurpose) { extnValue.Add (ASN1Convert.FromOID (oid)); } } } public ArrayList KeyPurpose { get { return keyPurpose; } } public override string Name { get { return "Extended Key Usage"; } } // serverAuth 1.3.6.1.5.5.7.3.1 // clientAuth 1.3.6.1.5.5.7.3.2 // codeSigning 1.3.6.1.5.5.7.3.3 // emailProtection 1.3.6.1.5.5.7.3.4 // timeStamping 1.3.6.1.5.5.7.3.8 // OCSPSigning 1.3.6.1.5.5.7.3.9 public override string ToString () { StringBuilder sb = new StringBuilder (); foreach (string s in keyPurpose) { switch (s) { case "1.3.6.1.5.5.7.3.3": sb.Append ("Code Signing"); break; default: sb.Append ("unknown"); break; } sb.Append (" ("); sb.Append (s); sb.Append (")"); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: KeyAttributesExtension.cs --- // // KeyAttributesExtension.cs: Handles X.509 *DEPRECATED* KeyAttributes extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // definition found @ http://groups.yahoo.com/group/ssl-talk/message/1964 // // keyAttributes EXTENSION ::= { // SYNTAX KeyAttributes // IDENTIFIED BY { id-ce 2 } } // // KeyAttributes ::= SEQUENCE { // keyIdentifier KeyIdentifier OPTIONAL, // intendedKeyUsage KeyUsage OPTIONAL, // privateKeyUsagePeriod PrivateKeyValidity OPTIONAL // } // KeyUsage ::= BIT STRING { // digitalSignature (0), // nonRepudiation (1), // keyEncipherment (2), // dataEncipherment (3), // keyAgreement (4), // keyCertSign (5), // offLineCRLSign (6) // } // PrivateKeyValidity ::= SEQUENCE { // notBefore [0] GeneralizedTime OPTIONAL, // notAfter [1] GeneralizedTime OPTIONAL // } // ( CONSTRAINED BY { -- at least one component shall be present -- }) internal class KeyAttributesExtension : X509Extension { private byte[] keyId; private int kubits; private DateTime notBefore; private DateTime notAfter; public KeyAttributesExtension () : base () { extnOid = "2.5.29.2"; } public KeyAttributesExtension (ASN1 asn1) : base (asn1) {} public KeyAttributesExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 seq = new ASN1 (extnValue.Value); if (seq.Tag != 0x30) throw new ArgumentException ("Invalid KeyAttributesExtension extension"); int n = 0; // check for KeyIdentifier if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x04) { n++; keyId = item.Value; } } // check for KeyUsage if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x03) { n++; int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < item.Value.Length) kubits = (kubits << 8) + item.Value [i++]; } } // check for PrivateKeyValidity if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x30) { int i = 0; if (i < item.Count) { ASN1 dt = item [i]; if (dt.Tag == 0x81) { i++; notBefore = ASN1Convert.ToDateTime (dt); } } if (i < item.Count) { ASN1 dt = item [i]; if (dt.Tag == 0x82) notAfter = ASN1Convert.ToDateTime (dt); } } } } public byte[] KeyIdentifier { get { return keyId; } } public override string Name { get { return "Key Attributes"; } } public DateTime NotAfter { get { return notAfter; } } public DateTime NotBefore { get { return notBefore; } } public bool Support (KeyUsage usage) { int x = Convert.ToInt32 (usage); return ((x & kubits) == x); } public override string ToString () { StringBuilder sb = new StringBuilder (); if (keyId != null) { sb.Append ("KeyID="); int x = 0; while (x < keyId.Length) { sb.Append (keyId [x].ToString ("X2")); if (x % 2 == 1) sb.Append (" "); x++; } sb.Append (Environment.NewLine); } if (kubits != 0) { sb.Append ("Key Usage="); const string separator = " , "; if (Support (KeyUsage.digitalSignature)) sb.Append ("Digital Signature"); if (Support (KeyUsage.nonRepudiation)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Non-Repudiation"); } if (Support (KeyUsage.keyEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Encipherment"); } if (Support (KeyUsage.dataEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Data Encipherment"); } if (Support (KeyUsage.keyAgreement)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Agreement"); } if (Support (KeyUsage.keyCertSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Certificate Signing"); } if (Support (KeyUsage.cRLSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("CRL Signing"); } if (Support (KeyUsage.encipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Encipher Only "); // ??? } if (Support (KeyUsage.decipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Decipher Only"); // ??? } sb.Append ("("); sb.Append (kubits.ToString ("X2")); sb.Append (")"); sb.Append (Environment.NewLine); } if (notBefore != DateTime.MinValue) { sb.Append ("Not Before="); sb.Append (notBefore.ToString ()); sb.Append (Environment.NewLine); } if (notAfter != DateTime.MinValue) { sb.Append ("Not After="); sb.Append (notAfter.ToString ()); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: KeyUsageExtension.cs --- // // KeyUsageExtension.cs: Handles X.509 KeyUsage extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } * * KeyUsage ::= BIT STRING { * digitalSignature (0), * nonRepudiation (1), * keyEncipherment (2), * dataEncipherment (3), * keyAgreement (4), * keyCertSign (5), * cRLSign (6), * encipherOnly (7), * decipherOnly (8) * } */ // note: because nothing is simple in ASN.1 bits are reversed [Flags] internal enum KeyUsage { digitalSignature = 0x80, nonRepudiation = 0x40, keyEncipherment = 0x20, dataEncipherment = 0x10, keyAgreement = 0x08, keyCertSign = 0x04, cRLSign = 0x02, encipherOnly = 0x01, decipherOnly = 0x800, none = 0x0 } internal class KeyUsageExtension : X509Extension { private int kubits; public KeyUsageExtension (ASN1 asn1) : base (asn1) {} public KeyUsageExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 bitString = new ASN1 (extnValue.Value); if (bitString.Tag != 0x03) throw new ArgumentException ("Invalid KeyUsage extension"); int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < bitString.Value.Length) kubits = (kubits << 8) + bitString.Value [i++]; } public override string Name { get { return "Key Usage"; } } public bool Support (KeyUsage usage) { int x = Convert.ToInt32 (usage); return ((x & kubits) == x); } public override string ToString () { const string separator = " , "; StringBuilder sb = new StringBuilder (); if (Support (KeyUsage.digitalSignature)) sb.Append ("Digital Signature"); if (Support (KeyUsage.nonRepudiation)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Non-Repudiation"); } if (Support (KeyUsage.keyEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Encipherment"); } if (Support (KeyUsage.dataEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Data Encipherment"); } if (Support (KeyUsage.keyAgreement)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Agreement"); } if (Support (KeyUsage.keyCertSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Certificate Signing"); } if (Support (KeyUsage.cRLSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("CRL Signing"); } if (Support (KeyUsage.encipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Encipher Only "); // ??? } if (Support (KeyUsage.decipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Decipher Only"); // ??? } sb.Append ("("); sb.Append (kubits.ToString ("X2")); sb.Append (")"); sb.Append (Environment.NewLine); return sb.ToString (); } } } --- NEW FILE: NetscapeCertTypeExtension.cs --- // // NetscapeCertTypeExtension.cs: Handles Netscape CertType extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // References: // a. Netscape Certificate Extensions Navigator 3.0 Version // http://wp.netscape.com/eng/security/cert-exts.html // b. Netscape Certificate Extensions Communicator 4.0 Version // http://wp.netscape.com/eng/security/comm4-cert-exts.html // c. 2.16.840.1.113730.1.1 - Netscape certificate type // http://www.alvestrand.no/objectid/2.16.840.1.113730.1.1.html internal class NetscapeCertTypeExtension : X509Extension { /* * bit-0 SSL client - this cert is certified for SSL client authentication use * bit-1 SSL server - this cert is certified for SSL server authentication use * bit-2 S/MIME - this cert is certified for use by clients(New in PR3) * bit-3 Object Signing - this cert is certified for signing objects such as Java applets and plugins(New in PR3) * bit-4 Reserved - this bit is reserved for future use * bit-5 SSL CA - this cert is certified for issuing certs for SSL use * bit-6 S/MIME CA - this cert is certified for issuing certs for S/MIME use(New in PR3) * bit-7 Object Signing CA - this cert is certified for issuing certs for Object Signing(New in PR3) */ // note: because nothing is simple in ASN.1 bits are reversed [Flags] public enum CertType { SslClient = 0x80, SslServer = 0x40, Smime = 0x20, ObjectSigning = 0x10, SslCa = 0x04, SmimeCa = 0x02, ObjectSigningCA = 0x01 } private int ctbits; public NetscapeCertTypeExtension () : base () { extnOid = "2.16.840.1.113730.1.1"; } public NetscapeCertTypeExtension (ASN1 asn1) : base (asn1) {} public NetscapeCertTypeExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 bitString = new ASN1 (extnValue.Value); if (bitString.Tag != 0x03) throw new ArgumentException ("Invalid NetscapeCertType extension"); int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < bitString.Value.Length) ctbits = (ctbits << 8) + bitString.Value [i++]; } public override string Name { get { return "NetscapeCertType"; } } /* public CertType Type { get { return ctbits; } set { ctbits = value; } }*/ public bool Support (CertType usage) { int x = Convert.ToInt32 (usage); return ((x & ctbits) == x); } public override string ToString () { const string separator = " , "; StringBuilder sb = new StringBuilder (); if (Support (CertType.SslClient)) sb.Append ("SSL Client Authentication"); if (Support (CertType.SslServer)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SSL Server Authentication"); } if (Support (CertType.Smime)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SMIME"); } if (Support (CertType.ObjectSigning)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Object Signing"); } if (Support (CertType.SslCa)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SSL CA"); } if (Support (CertType.SmimeCa)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SMIME CA"); } if (Support (CertType.ObjectSigningCA)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Object Signing CA"); } sb.Append ("("); sb.Append (ctbits.ToString ("X2")); sb.Append (")"); sb.Append (Environment.NewLine); return sb.ToString (); } } } --- NEW FILE: PrivateKeyUsagePeriodExtension.cs --- // // PrivateKeyUsagePeriodExtension.cs: Handles X.509 PrivateKeyUsagePeriod extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } * * PrivateKeyUsagePeriod ::= SEQUENCE { * notBefore [0] GeneralizedTime OPTIONAL, * notAfter [1] GeneralizedTime OPTIONAL * } */ internal class PrivateKeyUsagePeriodExtension : X509Extension { private DateTime notBefore; private DateTime notAfter; public PrivateKeyUsagePeriodExtension () : base () { extnOid = "2.5.29.16"; } public PrivateKeyUsagePeriodExtension (ASN1 asn1) : base (asn1) {} public PrivateKeyUsagePeriodExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid PrivateKeyUsagePeriod extension"); for (int i=0; i < sequence.Count; i++) { switch (sequence [i].Tag) { case 0x80: notBefore = ASN1Convert.ToDateTime (sequence [i]); break; case 0x81: notAfter = ASN1Convert.ToDateTime (sequence [i]); break; default: throw new ArgumentException ("Invalid PrivateKeyUsagePeriod extension"); } } } public override string Name { get { return "Private Key Usage Period"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); if (notBefore != DateTime.MinValue) { sb.Append ("Not Before: "); sb.Append (notBefore.ToString ()); sb.Append (Environment.NewLine); } if (notAfter != DateTime.MinValue) { sb.Append ("Not After: "); sb.Append (notAfter.ToString ()); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: SubjectAltNameExtension.cs --- // // SubjectAltNameExtension.cs: Handles X.509 SubjectAltName extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Net; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } * * SubjectAltName ::= GeneralNames * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * * GeneralName ::= CHOICE { * otherName [0] OtherName, * rfc822Name [1] IA5String, * dNSName [2] IA5String, * x400Address [3] ORAddress, * directoryName [4] Name, * ediPartyName [5] EDIPartyName, * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER * } * * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id * } * * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString * } */ // TODO - incomplete (only rfc822Name, dNSName are supported) internal class SubjectAltNameExtension : X509Extension { private ArrayList rfc822Name; private ArrayList dnsName; private ArrayList ipAddr; public SubjectAltNameExtension () : base () { extnOid = "2.5.29.17"; } public SubjectAltNameExtension (ASN1 asn1) : base (asn1) {} public SubjectAltNameExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid SubjectAltName extension"); for (int i=0; i < sequence.Count; i++) { switch (sequence [i].Tag) { case 0x81: // rfc822Name [1] IA5String if (rfc822Name == null) rfc822Name = new ArrayList (); rfc822Name.Add (Encoding.ASCII.GetString (sequence [i].Value)); break; case 0x82: // dNSName [2] IA5String if (dnsName == null) dnsName = new ArrayList (); dnsName.Add (Encoding.ASCII.GetString (sequence [i].Value)); break; case 0x87: // iPAddress [7] OCTET STRING if (ipAddr == null) ipAddr = new ArrayList (); // TODO - Must find sample certificates break; default: break; } } } public override string Name { get { return "Subject Alternative Name"; } } public string[] RFC822 { get { string[] names = new string [rfc822Name.Count]; for (int i=0; i < rfc822Name.Count; i++) names [i] = (string) rfc822Name [i]; return names; } } public string[] DNSNames { get { if (dnsName == null) return new string [0]; return (string[]) dnsName.ToArray (typeof(string)); } } // Incomplete support public string[] IPAddresses { get { if (ipAddr == null) return new string [0]; return (string[]) ipAddr.ToArray (typeof(string)); } } public override string ToString () { StringBuilder sb = new StringBuilder (); if (rfc822Name != null) { foreach (string s in rfc822Name) { sb.Append ("RFC822 Name="); sb.Append (s); sb.Append (Environment.NewLine); } } if (dnsName != null) { foreach (string s in dnsName) { sb.Append ("DNS Name="); sb.Append (s); sb.Append (Environment.NewLine); } } if (ipAddr != null) { foreach (string s in ipAddr) { sb.Append ("IP Address="); sb.Append (s); sb.Append (Environment.NewLine); } } return sb.ToString (); } } } --- NEW FILE: SubjectKeyIdentifierExtension.cs --- // // SubjectKeyIdentifierExtension.cs: Handles X.509 SubjectKeyIdentifier extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } * * SubjectKeyIdentifier ::= KeyIdentifier * * KeyIdentifier ::= OCTET STRING */ internal class SubjectKeyIdentifierExtension : X509Extension { private byte[] ski; public SubjectKeyIdentifierExtension () : base () { extnOid = "2.5.29.14"; } public SubjectKeyIdentifierExtension (ASN1 asn1) : base (asn1) {} public SubjectKeyIdentifierExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x04) throw new ArgumentException ("Invalid SubjectKeyIdentifier extension"); ski = sequence.Value; } public override string Name { get { return "Subject Key Identifier"; } } public byte[] Identifier { get { return (byte[]) ski.Clone (); } } public override string ToString () { if (ski == null) return null; StringBuilder sb = new StringBuilder (); int x = 0; while (x < ski.Length) { sb.Append (ski [x].ToString ("X2")); if (x % 2 == 1) sb.Append (" "); x++; } return sb.ToString (); } } } |
