[pgsqlclient-checkins] SF.net SVN: pgsqlclient: [13] pgsqlclient/source
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
[pgsqlclient-checkins] SF.net SVN: pgsqlclient: [13] pgsqlclient/source
|
From: <car...@us...> - 2006-03-13 13:04:18
|
Revision: 13 Author: carlosga_fb Date: 2006-03-13 05:03:54 -0800 (Mon, 13 Mar 2006) ViewCVS: http://svn.sourceforge.net/pgsqlclient/?rev=13&view=rev Log Message: ----------- Bring sources to a buildable state Modified Paths: -------------- pgsqlclient/source/PostgreSql.Data.PostgreSqlClient.suo pgsqlclient/source/SecureSocketLayer/Net/Security/Providers/Common/X509ChainValidator.cs pgsqlclient/source/SecureSocketLayer/Net/Security/SslStream.cs pgsqlclient/source/SecureSocketLayerTest/SecureSocketLayerTest.csproj Modified: pgsqlclient/source/PostgreSql.Data.PostgreSqlClient.suo =================================================================== (Binary files differ) Modified: pgsqlclient/source/SecureSocketLayer/Net/Security/Providers/Common/X509ChainValidator.cs =================================================================== --- pgsqlclient/source/SecureSocketLayer/Net/Security/Providers/Common/X509ChainValidator.cs 2006-03-13 12:39:07 UTC (rev 12) +++ pgsqlclient/source/SecureSocketLayer/Net/Security/Providers/Common/X509ChainValidator.cs 2006-03-13 13:03:54 UTC (rev 13) @@ -26,6 +26,7 @@ using System.Collections; using System.Globalization; using System.Security.Authentication; +using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Text.RegularExpressions; @@ -115,68 +116,84 @@ return true; } - KeyUsages ku = KeyUsages.none; + X509KeyUsageFlags ku = X509KeyUsageFlags.None; switch (cipherSuite.ExchangeAlgorithmType) { case ExchangeAlgorithmType.RsaSign: - ku = KeyUsages.digitalSignature; + ku = X509KeyUsageFlags.DigitalSignature; break; case ExchangeAlgorithmType.RsaKeyX: - ku = KeyUsages.keyEncipherment; + ku = X509KeyUsageFlags.KeyEncipherment; break; case ExchangeAlgorithmType.DiffieHellman: - ku = KeyUsages.keyAgreement; + ku = X509KeyUsageFlags.KeyAgreement; break; } - KeyUsageExtension kux = null; - ExtendedKeyUsageExtension eku = null; + X509KeyUsageExtension kux = null; + X509EnhancedKeyUsageExtension eku = null; - X509Extension xtn = cert.Extensions ["2.5.29.15"]; + X509Extension xtn = cert.Extensions["2.5.29.15"]; if (xtn != null) { - kux = new KeyUsageExtension(xtn); - } + kux = new X509KeyUsageExtension(xtn, xtn.Critical); + } - xtn = cert.Extensions ["2.5.29.37"]; + xtn = cert.Extensions["2.5.29.37"]; if (xtn != null) { - eku = new ExtendedKeyUsageExtension(xtn); + eku = new X509EnhancedKeyUsageExtension(xtn, xtn.Critical); } - if ((kux != null) && (eku != null)) + if (kux != null && eku != null) { // RFC3280 states that when both KeyUsageExtension and // ExtendedKeyUsageExtension are present then BOTH should // be valid - return(kux.Support(ku) && - eku.KeyPurpose.Contains("1.3.6.1.5.5.7.3.1")); + return ((kux.KeyUsages & ku) == ku && this.CheckEnhacedKeyUsage(eku, "1.3.6.1.5.5.7.3.1")); } else if (kux != null) { - return kux.Support(ku); + return ((kux.KeyUsages & ku) == ku); } else if (eku != null) { // Server Authentication(1.3.6.1.5.5.7.3.1) - return eku.KeyPurpose.Contains("1.3.6.1.5.5.7.3.1"); + // return eku.EnhancedKeyUsages.Contains("1.3.6.1.5.5.7.3.1"); + return this.CheckEnhacedKeyUsage(eku, "1.3.6.1.5.5.7.3.1"); } // last chance - try with older(deprecated) Netscape extensions xtn = cert.Extensions ["2.16.840.1.113730.1.1"]; if (xtn != null) { +#warning Change this + /* NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension(xtn); return ct.Support(NetscapeCertTypeExtension.CertTypes.SslServer); + */ } // certificate isn't valid for SSL server usage return false; } + private bool CheckEnhacedKeyUsage(X509EnhancedKeyUsageExtension extension, string oid) + { + foreach (Oid keyUsage in extension.EnhancedKeyUsages) + { + if (keyUsage.FriendlyName == oid) + { + return true; + } + } + + return false; + } + // RFC2818 - HTTP Over TLS, Section 3.1 // http://www.ietf.org/rfc/rfc2818.txt // @@ -189,32 +206,42 @@ // 3.1 Existing practice but DEPRECATED private bool CheckServerIdentity(X509Certificate cert, string targetHost) { - X509Extension ext = cert.Extensions ["2.5.29.17"]; + X509Extension ext = ((X509Certificate2)cert).Extensions["2.5.29.17"]; // 1. subjectAltName if (ext != null) { - SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension(ext); + X500DistinguishedName subjectName = new X500DistinguishedName(ext.RawData); + X509SubjectKeyIdentifierExtension ski = new X509SubjectKeyIdentifierExtension(ext, ext.Critical); - // 1.1 - multiple dNSName - foreach (string dns in subjectAltName.DNSNames) +#warning Fix this + /* + SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension(); + + // 1.1 - multiple DNSName + foreach (string dns in subjectName.DNSNames) { // 1.2 TODO - wildcard support - if (dns == targetHost) - return true; + if (dns == targetHost) + { + return true; + } } // 2. ipAddress foreach (string ip in subjectAltName.IPAddresses) { // 2.1. Exact match required - if (ip == targetHost) - return true; + if (ip == targetHost) + { + return true; + } } + */ } // 3. Common Name(CN=) - return this.CheckDomainName(cert.SubjectName, targetHost); + return this.CheckDomainName(cert.Subject, targetHost); } private bool CheckDomainName(string subjectName, string targetHost) Modified: pgsqlclient/source/SecureSocketLayer/Net/Security/SslStream.cs =================================================================== --- pgsqlclient/source/SecureSocketLayer/Net/Security/SslStream.cs 2006-03-13 12:39:07 UTC (rev 12) +++ pgsqlclient/source/SecureSocketLayer/Net/Security/SslStream.cs 2006-03-13 13:03:54 UTC (rev 13) @@ -367,7 +367,6 @@ clientCertificateRequired, sslProtocolType, checkCertificateRevocation); - this.session.InputStream = this.recordStream; } } @@ -474,6 +473,7 @@ { try { + /* // If actual buffer is full readed reset it if (this.inputBuffer.Position == this.inputBuffer.Length && this.inputBuffer.Length > 0) @@ -502,6 +502,7 @@ // return the record(s) to the caller asyncResult = rd.BeginInvoke(buffer, offset, count, callback, state); + */ } catch (SecureException) { @@ -584,11 +585,9 @@ throw new ArgumentNullException("asyncResult is null or was not obtained by calling BeginRead."); } - recordEvent.Reset(); + return this.InnerStream.EndRead(asyncResult); + } - return this.rd.EndInvoke(asyncResult); - } - public override void EndWrite(IAsyncResult asyncResult) { this.CheckDisposed(); @@ -598,7 +597,7 @@ throw new ArgumentNullException("asyncResult is null or was not obtained by calling BeginRead."); } - this.innerStream.EndWrite(asyncResult); + this.InnerStream.EndWrite(asyncResult); } #endregion Modified: pgsqlclient/source/SecureSocketLayerTest/SecureSocketLayerTest.csproj =================================================================== --- pgsqlclient/source/SecureSocketLayerTest/SecureSocketLayerTest.csproj 2006-03-13 12:39:07 UTC (rev 12) +++ pgsqlclient/source/SecureSocketLayerTest/SecureSocketLayerTest.csproj 2006-03-13 13:03:54 UTC (rev 13) @@ -9,6 +9,7 @@ <AppDesignerFolder>Properties</AppDesignerFolder> <RootNamespace>SecureSocketLayerTest</RootNamespace> <AssemblyName>SecureSocketLayerTest</AssemblyName> + <StartupObject>SecureSocketsLayer.Test.Class1</StartupObject> </PropertyGroup> <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' "> <DebugSymbols>true</DebugSymbols> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
