pgsqlclient-checkins Mailing List for PostgreSqlClient (Page 20)
Status: Inactive
Brought to you by:
carlosga_fb
Menu
▾
▴
pgsqlclient-checkins — Mailing list for CVS commit messages.
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(120) |
Aug
(95) |
Sep
(95) |
Oct
(213) |
Nov
(114) |
Dec
(64) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(6) |
Feb
(134) |
Mar
(88) |
Apr
(28) |
May
(22) |
Jun
(15) |
Jul
(23) |
Aug
(2) |
Sep
(15) |
Oct
(2) |
Nov
(6) |
Dec
|
| 2005 |
Jan
(8) |
Feb
(6) |
Mar
|
Apr
(42) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
(84) |
Oct
|
Nov
|
Dec
|
| 2006 |
Jan
|
Feb
|
Mar
(84) |
Apr
(46) |
May
(40) |
Jun
(8) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <car...@us...> - 2004-03-08 16:39:57
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20814 Modified Files: PgCommand.cs PgCommandBuilder.cs Log Message: 2004-03-08 Carlos Guzman Alvarez <car...@te...> * PostgreSql.Data.PgSqlClient/PgCommandBuilder.cs: - Cleanup. * PostgreSql.Data.PgSqlClient/PgCommand.cs: - Fixed bug. Index: PgCommand.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgCommand.cs,v retrieving revision 1.30 retrieving revision 1.31 diff -C2 -d -r1.30 -r1.31 *** PgCommand.cs 6 Mar 2004 14:50:56 -0000 1.30 --- PgCommand.cs 8 Mar 2004 16:23:25 -0000 1.31 *************** *** 728,731 **** --- 728,732 ---- { this.matchReplaces.Clear(); + this.matchIndex = 0; string pattern = @"(('[^']*?\@[^']*')*[^'@]*?)*(?<param>@\w+)*([^'@]*?('[^']*?\@*[^']*'))*"; Index: PgCommandBuilder.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgCommandBuilder.cs,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** PgCommandBuilder.cs 8 Mar 2004 15:12:26 -0000 1.17 --- PgCommandBuilder.cs 8 Mar 2004 16:23:25 -0000 1.18 *************** *** 107,113 **** get { ! if (dataAdapter.SelectCommand != null) { ! return dataAdapter.SelectCommand; } --- 107,113 ---- get { ! if (this.dataAdapter.SelectCommand != null) { ! return this.dataAdapter.SelectCommand; } *************** *** 229,244 **** public PgCommand GetInsertCommand() { ! if (insertCommand == null) { bool mustClose = false; try { ! if (dataAdapter.SelectCommand.Connection.State == ConnectionState.Closed) { mustClose = true; ! dataAdapter.SelectCommand.Connection.Open(); } ! buildInsertCommand(null, null); } catch (Exception ex) --- 229,244 ---- public PgCommand GetInsertCommand() { ! if (this.insertCommand == null) { bool mustClose = false; try { ! if (this.selectCommand.Connection.State == ConnectionState.Closed) { mustClose = true; ! this.selectCommand.Connection.Open(); } ! this.buildInsertCommand(null, null); } catch (Exception ex) *************** *** 250,254 **** if (mustClose) { ! dataAdapter.SelectCommand.Connection.Close(); } } --- 250,254 ---- if (mustClose) { ! this.selectCommand.Connection.Close(); } } *************** *** 260,275 **** public PgCommand GetUpdateCommand() { ! if (updateCommand == null) { bool mustClose = false; try { ! if (dataAdapter.SelectCommand.Connection.State == ConnectionState.Closed) { mustClose = true; ! dataAdapter.SelectCommand.Connection.Open(); } ! buildUpdateCommand(null, null); } catch (Exception ex) --- 260,275 ---- public PgCommand GetUpdateCommand() { ! if (this.updateCommand == null) { bool mustClose = false; try { ! if (this.selectCommand.Connection.State == ConnectionState.Closed) { mustClose = true; ! this.selectCommand.Connection.Open(); } ! this.buildUpdateCommand(null, null); } catch (Exception ex) *************** *** 281,285 **** if (mustClose) { ! dataAdapter.SelectCommand.Connection.Close(); } } --- 281,285 ---- if (mustClose) { ! this.selectCommand.Connection.Close(); } } *************** *** 296,306 **** try { ! if (dataAdapter.SelectCommand.Connection.State == ConnectionState.Closed) { mustClose = true; ! dataAdapter.SelectCommand.Connection.Open(); } ! buildDeleteCommand(null, null); } catch (Exception ex) --- 296,306 ---- try { ! if (this.selectCommand.Connection.State == ConnectionState.Closed) { mustClose = true; ! this.selectCommand.Connection.Open(); } ! this.buildDeleteCommand(null, null); } catch (Exception ex) *************** *** 312,316 **** if (mustClose) { ! dataAdapter.SelectCommand.Connection.Close(); } } --- 312,316 ---- if (mustClose) { ! this.selectCommand.Connection.Close(); } } *************** *** 339,343 **** string dsColumnName = String.Empty; ! buildSchemaTable(); insertCommand = new PgCommand(sql.ToString(), selectCommand.Connection, selectCommand.Transaction); --- 339,343 ---- string dsColumnName = String.Empty; ! this.buildSchemaTable(); insertCommand = new PgCommand(sql.ToString(), selectCommand.Connection, selectCommand.Transaction); *************** *** 697,701 **** #endregion ! #region Event Handler MEthods private void rowUpdatingHandler(object sender, PgRowUpdatingEventArgs e) --- 697,701 ---- #endregion ! #region Event Handler Methods private void rowUpdatingHandler(object sender, PgRowUpdatingEventArgs e) *************** *** 730,757 **** { case StatementType.Insert: ! if (e.Command == null) ! { ! insertCommand = buildInsertCommand(e.Row, e.TableMapping); ! e.Command = insertCommand; ! } ! e.Status = UpdateStatus.Continue; break; case StatementType.Update: ! if (e.Command == null) ! { ! updateCommand = buildUpdateCommand(e.Row, e.TableMapping); ! e.Command = updateCommand; ! } ! e.Status = UpdateStatus.Continue; break; case StatementType.Delete: ! if (e.Command == null) ! { ! deleteCommand = buildDeleteCommand(e.Row, e.TableMapping); ! e.Command = deleteCommand; ! } ! e.Status = UpdateStatus.Continue; break; } --- 730,742 ---- { case StatementType.Insert: ! e.Command = this.buildInsertCommand(e.Row, e.TableMapping); break; case StatementType.Update: ! e.Command = this.buildUpdateCommand(e.Row, e.TableMapping); break; case StatementType.Delete: ! e.Command = this.buildDeleteCommand(e.Row, e.TableMapping); break; } *************** *** 766,770 **** if (mustClose) { ! dataAdapter.SelectCommand.Connection.Close(); } } --- 751,755 ---- if (mustClose) { ! this.dataAdapter.SelectCommand.Connection.Close(); } } |
|
From: <car...@us...> - 2004-03-08 15:29:18
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4285 Modified Files: changelog.txt Log Message: 2004-03-08 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslClientStream.cs: * Mono.Security.Protocol.Tls/SslServerStream.cs: - Callback cleanup. * PostgreSql.Data.PgSqlClient/PgCommandBuilder.cs: - Cleanup * PostgreSql.Data.PgSqlClient/PgConnectionPool.cs: - New connection pool implementation. * PostgreSql.Data.PgSqlClient/PgConnection.cs: * PostgreSql.Data.PgSqlClient/PgDbConnection.cs: * PostgreSql.Data.PgSqlClient/NPgClient/PgDbClient.cs: - Reworked SSL events hacks. Index: changelog.txt =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/changelog.txt,v retrieving revision 1.101 retrieving revision 1.102 diff -C2 -d -r1.101 -r1.102 *** changelog.txt 6 Mar 2004 14:42:43 -0000 1.101 --- changelog.txt 8 Mar 2004 15:12:48 -0000 1.102 *************** *** 2,7 **** --- 2,34 ---- ------------------------------------------------------- + 2004-03-08 Carlos Guzman Alvarez <car...@te...> + + * Mono.Security.Protocol.Tls/SslClientStream.cs: + * Mono.Security.Protocol.Tls/SslServerStream.cs: + + - Callback cleanup. + + * PostgreSql.Data.PgSqlClient/PgCommandBuilder.cs: + + - Cleanup + + * PostgreSql.Data.PgSqlClient/PgConnectionPool.cs: + + - New connection pool implementation. + + * PostgreSql.Data.PgSqlClient/PgConnection.cs: + * PostgreSql.Data.PgSqlClient/PgDbConnection.cs: + * PostgreSql.Data.PgSqlClient/NPgClient/PgDbClient.cs: + + - Reworked SSL events hacks. + + 2004-03-06 Carlos Guzman Alvarez <car...@te...> + * source/PgCommand.cs: + * source/PgDataReader.cs: + + - Improved Records Affected handling. + * source/PgConnection.cs: |
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4055 Modified Files: PgCommandBuilder.cs PgConnection.cs PgConnectionPool.cs PgDbConnection.cs Log Message: 2004-03-08 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslClientStream.cs: * Mono.Security.Protocol.Tls/SslServerStream.cs: - Callback cleanup. * PostgreSql.Data.PgSqlClient/PgCommandBuilder.cs: - Cleanup * PostgreSql.Data.PgSqlClient/PgConnectionPool.cs: - New connection pool implementation. * PostgreSql.Data.PgSqlClient/PgConnection.cs: * PostgreSql.Data.PgSqlClient/PgDbConnection.cs: * PostgreSql.Data.PgSqlClient/NPgClient/PgDbClient.cs: - Reworked SSL events hacks. Index: PgCommandBuilder.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgCommandBuilder.cs,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** PgCommandBuilder.cs 9 Feb 2004 14:19:22 -0000 1.16 --- PgCommandBuilder.cs 8 Mar 2004 15:12:26 -0000 1.17 *************** *** 756,765 **** break; } - - if (e.Command != null && e.Row != null) - { - e.Row.AcceptChanges(); - e.Status = UpdateStatus.Continue; - } } catch (Exception exception) --- 756,759 ---- Index: PgConnection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgConnection.cs,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** PgConnection.cs 6 Mar 2004 14:42:00 -0000 1.13 --- PgConnection.cs 8 Mar 2004 15:12:26 -0000 1.14 *************** *** 378,384 **** dbConnection = new PgDbConnection(connectionString); if (dbConnection.Settings.Pooling) { ! dbConnection = PgConnectionPool.GetConnection(connectionString); } else --- 378,390 ---- dbConnection = new PgDbConnection(connectionString); + // Add handler for Ssl connections + dbConnection.DB.SslConnectionDelegate = new SslConnectionCallback(this.OnSslConnection); + + // Open connection if (dbConnection.Settings.Pooling) { ! dbConnection = PgConnectionPool.GetConnection( ! connectionString, ! dbConnection); } else *************** *** 405,424 **** notificationHandler = new PgClientNotificationEventHandler(OnNotification); dbConnection.DB.Notification += notificationHandler; - - // If we are working with SSL add event handlers - if (this.dbConnection.Settings.SSL) - { - // Server certificate validation - certificateValidationCallback = new CertificateValidationCallback(OnServerCertificateValidation); - dbConnection.DB.SslClientStream.ServerCertValidationDelegate = certificateValidationCallback; - - // Client certificate selection - certificateSelectionCallback = new CertificateSelectionCallback(OnClientCertificateSelection); - dbConnection.DB.SslClientStream.ClientCertSelectionDelegate = certificateSelectionCallback; - - // Private key selection - privateKeySelectionCallback = new PrivateKeySelectionCallback(OnPrivateKeySelection); - dbConnection.DB.SslClientStream.PrivateKeyCertSelectionDelegate = privateKeySelectionCallback; - } } catch (PgClientException ex) --- 411,414 ---- *************** *** 677,680 **** --- 667,684 ---- } + private void OnSslConnection() + { + // Server certificate validation + certificateValidationCallback = new CertificateValidationCallback(OnServerCertificateValidation); + dbConnection.DB.SslClientStream.ServerCertValidationDelegate = certificateValidationCallback; + + // Client certificate selection + certificateSelectionCallback = new CertificateSelectionCallback(OnClientCertificateSelection); + dbConnection.DB.SslClientStream.ClientCertSelectionDelegate = certificateSelectionCallback; + + // Private key selection + privateKeySelectionCallback = new PrivateKeySelectionCallback(OnPrivateKeySelection); + dbConnection.DB.SslClientStream.PrivateKeyCertSelectionDelegate = privateKeySelectionCallback; + } #endregion Index: PgConnectionPool.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgConnectionPool.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** PgConnectionPool.cs 9 Feb 2004 14:19:22 -0000 1.4 --- PgConnectionPool.cs 8 Mar 2004 15:12:26 -0000 1.5 *************** *** 1,19 **** ! /* PgSqlClient - ADO.NET Data Provider for PostgreSQL 7.4+ ! * Copyright (c) 2003-2004 Carlos Guzman Alvarez ! * ! * This library is free software; you can redistribute it and/or ! * modify it under the terms of the GNU Lesser General Public ! * License as published by the Free Software Foundation; either ! * version 2.1 of the License, or (at your option) any later version. ! * ! * This library is distributed in the hope that it will be useful, ! * but WITHOUT ANY WARRANTY; without even the implied warranty of ! * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ! * Lesser General Public License for more details. ! * ! * You should have received a copy of the GNU Lesser General Public ! * License along with this library; if not, write to the Free Software ! * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ! */ using System; --- 1,19 ---- ! // ! // Firebird .NET Data Provider - Firebird managed data provider for .NET and Mono ! // Copyright (C) 2002-2004 Carlos Guzman Alvarez ! // ! // Distributable under LGPL license. ! // You may obtain a copy of the License at http://www.gnu.org/copyleft/lesser.html ! // ! // This library is free software; you can redistribute it and/or ! // modify it under the terms of the GNU Lesser General Public ! // License as published by the Free Software Foundation; either ! // version 2.1 of the License, or (at your option) any later version. ! // ! // This library is distributed in the hope that it will be useful, ! // but WITHOUT ANY WARRANTY; without even the implied warranty of ! // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ! // Lesser General Public License for more details. ! // using System; *************** *** 21,25 **** using System.Collections; using System.Threading; - using PostgreSql.Data.NPgClient; namespace PostgreSql.Data.PgSqlClient --- 21,24 ---- *************** *** 27,53 **** internal class PgConnectionPool : MarshalByRefObject { ! #region Fields ! private static PgPoolManager pool = null; #endregion ! #region Methods ! public static void Initialize() { if (pool == null) { ! pool = new PgPoolManager(); } } ! ! public static PgDbConnection GetConnection(string connectionString) { ! Initialize(); ! return ((PgDbConnection)pool.CheckOut(connectionString)); } ! public static void FreeConnection(PgDbConnection c) { --- 26,52 ---- internal class PgConnectionPool : MarshalByRefObject { ! #region FIELDS ! private static ConnectionPool pool = null; #endregion ! #region METHODS ! public static void Init() { if (pool == null) { ! pool = new ConnectionPool(); } } ! ! public static PgDbConnection GetConnection(string connectionString, PgDbConnection connection) { ! Init(); ! return ((PgDbConnection)pool.CheckOut(connectionString, connection)); } ! public static void FreeConnection(PgDbConnection c) { *************** *** 58,64 **** } ! internal class PgPoolManager { ! #region Fields private ArrayList locked; --- 57,63 ---- } ! internal class ConnectionPool { ! #region FIELDS private ArrayList locked; *************** *** 68,74 **** #endregion ! #region Constructors ! public PgPoolManager() { locked = ArrayList.Synchronized(new ArrayList()); --- 67,73 ---- #endregion ! #region CONSTRUCTORS ! public ConnectionPool() { locked = ArrayList.Synchronized(new ArrayList()); *************** *** 83,91 **** #endregion ! #region Methods public PgDbConnection CheckOut(string connectionString) { ! PgDbConnection newConnection = null; long now = System.DateTime.Now.Ticks; --- 82,95 ---- #endregion ! #region METHODS public PgDbConnection CheckOut(string connectionString) { ! return this.CheckOut(connectionString, null); ! } ! ! public PgDbConnection CheckOut(string connectionString, PgDbConnection instance) ! { ! PgDbConnection newConnection = null; long now = System.DateTime.Now.Ticks; *************** *** 97,101 **** unlocked.CopyTo(0, list, 0, list.Length); ! foreach(PgDbConnection connection in list) { if (Validate(connection, connectionString)) --- 101,105 ---- unlocked.CopyTo(0, list, 0, list.Length); ! foreach (PgDbConnection connection in list) { if (Validate(connection, connectionString)) *************** *** 132,136 **** } ! newConnection = Create(connectionString); newConnection.Created = System.DateTime.Now.Ticks; --- 136,149 ---- } ! if (instance == null) ! { ! newConnection = Create(connectionString); ! } ! else ! { ! newConnection = instance; ! newConnection.Connect(); ! } ! newConnection.Pooled = true; newConnection.Created = System.DateTime.Now.Ticks; *************** *** 143,147 **** public void CheckIn(PgDbConnection connection) { ! lock (typeof(PgDbConnection)) { connection.Created = System.DateTime.Now.Ticks; --- 156,160 ---- public void CheckIn(PgDbConnection connection) { ! lock (typeof(PgConnectionPool)) { connection.Created = System.DateTime.Now.Ticks; *************** *** 170,178 **** PgDbConnection connection = new PgDbConnection(connectionString); connection.Connect(); - connection.Pooled = true; return connection; } ! catch (PgClientException ex) { throw ex; --- 183,190 ---- PgDbConnection connection = new PgDbConnection(connectionString); connection.Connect(); return connection; } ! catch (Exception ex) { throw ex; *************** *** 184,189 **** try { ! return (connection.ConnectionString == connectionString && ! connection.VerifyConnection()); } catch (Exception ex) --- 196,201 ---- try { ! return (connection.ConnectionString == connectionString && ! connection.Verify()); } catch (Exception ex) *************** *** 197,201 **** try { ! if (connection.VerifyConnection()) { connection.Disconnect(); --- 209,213 ---- try { ! if (connection.Verify()) { connection.Disconnect(); *************** *** 210,214 **** private void CleanUp(object State) { ! long now = System.DateTime.Now.Ticks; lock (unlocked.SyncRoot) --- 222,226 ---- private void CleanUp(object State) { ! long now = System.DateTime.Now.Ticks; lock (unlocked.SyncRoot) Index: PgDbConnection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgDbConnection.cs,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** PgDbConnection.cs 12 Feb 2004 19:50:41 -0000 1.7 --- PgDbConnection.cs 8 Mar 2004 15:12:26 -0000 1.8 *************** *** 44,74 **** public PgDbClient DB { ! get { return db; } } public string ConnectionString { ! get { return connectionString; } } public long Lifetime { ! get { return lifetime; } } public long Created { ! get { return created; } ! set { created = value; } } public bool Pooled { ! get { return pooled; } ! set { pooled = value; } } public PgConnectionParams Settings { ! get { return settings; } } --- 44,74 ---- public PgDbClient DB { ! get { return this.db; } } public string ConnectionString { ! get { return this.connectionString; } } public long Lifetime { ! get { return this.lifetime; } } public long Created { ! get { return this.created; } ! set { this.created = value; } } public bool Pooled { ! get { return this.pooled; } ! set { this.pooled = value; } } public PgConnectionParams Settings { ! get { return this.settings; } } *************** *** 79,89 **** private PgDbConnection() { ! settings = new PgConnectionParams(); ! search = new Regex(@"([\w\s\d]*)\s*=\s*([^;]*)"); ! connectionString = String.Empty; ! lifetime = 0; ! created = 0; ! pooled = true; } --- 79,90 ---- private PgDbConnection() { ! this.settings = new PgConnectionParams(); ! this.search = new Regex(@"([\w\s\d]*)\s*=\s*([^;]*)"); ! this.connectionString = String.Empty; ! this.lifetime = 0; ! this.created = 0; ! this.pooled = true; ! this.db = new PgDbClient(); } *************** *** 91,95 **** { this.connectionString = connectionString; ! parseConnectionString(); } --- 92,96 ---- { this.connectionString = connectionString; ! this.parseConnectionString(); } *************** *** 102,107 **** try { ! db = new PgDbClient(settings); ! db.Connect(); } catch (PgClientException ex) --- 103,108 ---- try { ! this.db.Settings = this.Settings; ! this.db.Connect(); } catch (PgClientException ex) *************** *** 115,119 **** try { ! db.Disconnect(); } catch (PgClientException ex) --- 116,120 ---- try { ! this.db.Disconnect(); } catch (PgClientException ex) *************** *** 125,129 **** private void parseConnectionString() { ! MatchCollection elements = search.Matches(connectionString); foreach (Match element in elements) --- 126,130 ---- private void parseConnectionString() { ! MatchCollection elements = search.Matches(this.connectionString); foreach (Match element in elements) *************** *** 136,184 **** case "server": case "host": ! settings.ServerName = element.Groups[2].Value.Trim(); break; case "database": ! settings.Database = element.Groups[2].Value.Trim(); break; case "user name": case "user": ! settings.UserName = element.Groups[2].Value.Trim(); break; case "user password": case "password": ! settings.UserPassword = element.Groups[2].Value.Trim(); break; case "port": ! settings.ServerPort = Int32.Parse(element.Groups[2].Value.Trim()); break; case "connection lifetime": ! lifetime = Int32.Parse(element.Groups[2].Value.Trim()); ! lifetime *= TimeSpan.TicksPerSecond; break; case "timeout": case "connection timeout": ! settings.Timeout = Int32.Parse(element.Groups[2].Value.Trim()); break; case "packet size": ! settings.PacketSize = Int32.Parse(element.Groups[2].Value.Trim()); break; case "pooling": ! settings.Pooling = Boolean.Parse(element.Groups[2].Value.Trim()); break; case "ssl": ! settings.SSL = Boolean.Parse(element.Groups[2].Value.Trim()); break; case "simple query mode": ! settings.SimpleQueryMode = Boolean.Parse(element.Groups[2].Value.Trim()); break; } --- 137,185 ---- case "server": case "host": ! this.settings.ServerName = element.Groups[2].Value.Trim(); break; case "database": ! this.settings.Database = element.Groups[2].Value.Trim(); break; case "user name": case "user": ! this.settings.UserName = element.Groups[2].Value.Trim(); break; case "user password": case "password": ! this.settings.UserPassword = element.Groups[2].Value.Trim(); break; case "port": ! this.settings.ServerPort = Int32.Parse(element.Groups[2].Value.Trim()); break; case "connection lifetime": ! this.lifetime = Int32.Parse(element.Groups[2].Value.Trim()); ! this.lifetime *= TimeSpan.TicksPerSecond; break; case "timeout": case "connection timeout": ! this.settings.Timeout = Int32.Parse(element.Groups[2].Value.Trim()); break; case "packet size": ! this.settings.PacketSize = Int32.Parse(element.Groups[2].Value.Trim()); break; case "pooling": ! this.settings.Pooling = Boolean.Parse(element.Groups[2].Value.Trim()); break; case "ssl": ! this.settings.SSL = Boolean.Parse(element.Groups[2].Value.Trim()); break; case "simple query mode": ! this.settings.SimpleQueryMode = Boolean.Parse(element.Groups[2].Value.Trim()); break; } *************** *** 203,207 **** } ! internal bool VerifyConnection() { bool isValid = true; --- 204,208 ---- } ! internal bool Verify() { bool isValid = true; |
|
From: <car...@us...> - 2004-03-08 15:28:30
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3814 Modified Files: PgDbClient.cs Log Message: 2004-03-08 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslClientStream.cs: * Mono.Security.Protocol.Tls/SslServerStream.cs: - Callback cleanup. * PostgreSql.Data.PgSqlClient/PgCommandBuilder.cs: - Cleanup * PostgreSql.Data.PgSqlClient/PgConnectionPool.cs: - New connection pool implementation. * PostgreSql.Data.PgSqlClient/PgConnection.cs: * PostgreSql.Data.PgSqlClient/PgDbConnection.cs: * PostgreSql.Data.PgSqlClient/NPgClient/PgDbClient.cs: - Reworked SSL events hacks. Index: PgDbClient.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient/PgDbClient.cs,v retrieving revision 1.44 retrieving revision 1.45 diff -C2 -d -r1.44 -r1.45 *** PgDbClient.cs 6 Mar 2004 14:52:28 -0000 1.44 --- PgDbClient.cs 8 Mar 2004 15:12:01 -0000 1.45 *************** *** 30,33 **** --- 30,35 ---- namespace PostgreSql.Data.NPgClient { + internal delegate void SslConnectionCallback(); + internal class PgDbClient { *************** *** 36,39 **** --- 38,42 ---- public event PgClientMessageEventHandler InfoMessage; public event PgClientNotificationEventHandler Notification; + public event SslConnectionCallback SslConnection; #endregion *************** *** 119,122 **** --- 122,131 ---- } + public SslConnectionCallback SslConnectionDelegate + { + get { return this.SslConnection; } + set { this.SslConnection = value; } + } + #endregion *************** *** 156,160 **** if (this.settings.SSL) { ! this.sslStream = new SslClientStream( this.networkStream, this.settings.ServerName, --- 165,169 ---- if (this.settings.SSL) { ! this.sslStream = new SslClientStream( this.networkStream, this.settings.ServerName, *************** *** 165,168 **** --- 174,182 ---- this.receive = new BinaryReader(this.sslStream); this.send = new BinaryWriter(this.sslStream); + + if (this.SslConnection != null) + { + this.SslConnection(); + } } } *************** *** 287,291 **** this.InfoMessage(this, new PgClientMessageEventArgs(ex)); } ! break; case PgBackendCodes.NOTIFICATION_RESPONSE: --- 301,305 ---- this.InfoMessage(this, new PgClientMessageEventArgs(ex)); } ! break; case PgBackendCodes.NOTIFICATION_RESPONSE: *************** *** 293,297 **** processNotificationResponse(responsePacket); } ! break; default: --- 307,311 ---- processNotificationResponse(responsePacket); } ! break; default: |
|
From: <car...@us...> - 2004-03-08 15:25:51
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3232 Modified Files: changelog.txt Log Message: 2004-03-08 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslClientStream.cs: * Mono.Security.Protocol.Tls/SslServerStream.cs: - Callback cleanup. Index: changelog.txt =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/changelog.txt,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** changelog.txt 6 Mar 2004 14:38:54 -0000 1.17 --- changelog.txt 8 Mar 2004 15:09:21 -0000 1.18 *************** *** 2,5 **** --- 2,13 ---- --------------- ----------- ----------------------------------------- + 2004-03-08 Carlos Guzman Alvarez <car...@te...> + + * Mono.Security.Protocol.Tls/SslClientStream.cs: + * Mono.Security.Protocol.Tls/SslServerStream.cs: + + - Callback cleanup. + + 2004-03-06 Carlos Guzman Alvarez <car...@te...> |
|
From: <car...@us...> - 2004-03-08 15:25:15
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3040 Modified Files: SslClientStream.cs SslServerStream.cs Log Message: 2004-03-08 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslClientStream.cs: * Mono.Security.Protocol.Tls/SslServerStream.cs: - Callback cleanup. Index: SslClientStream.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** SslClientStream.cs 6 Mar 2004 14:38:25 -0000 1.17 --- SslClientStream.cs 8 Mar 2004 15:08:41 -0000 1.18 *************** *** 65,72 **** #region Fields - private CertificateValidationCallback serverCertValidationDelegate; - private CertificateSelectionCallback clientCertSelectionDelegate; - private PrivateKeySelectionCallback privateKeySelectionDelegate; - private Stream innerStream; private BufferedStream inputBuffer; --- 65,68 ---- *************** *** 243,284 **** public CertificateValidationCallback ServerCertValidationDelegate { ! get { return this.serverCertValidationDelegate; } ! set ! { ! if (this.ServerCertValidation != null) ! { ! this.ServerCertValidation -= this.serverCertValidationDelegate; ! } ! this.serverCertValidationDelegate = value; ! this.ServerCertValidation += this.serverCertValidationDelegate; ! } } public CertificateSelectionCallback ClientCertSelectionDelegate { ! get { return this.clientCertSelectionDelegate; } ! set ! { ! if (this.ClientCertSelection != null) ! { ! this.ClientCertSelection -= this.clientCertSelectionDelegate; ! } ! this.clientCertSelectionDelegate = value; ! this.ClientCertSelection += this.clientCertSelectionDelegate; ! } } public PrivateKeySelectionCallback PrivateKeyCertSelectionDelegate { ! get { return this.privateKeySelectionDelegate; } ! set ! { ! if (this.PrivateKeySelection != null) ! { ! this.PrivateKeySelection -= this.privateKeySelectionDelegate; ! } ! this.privateKeySelectionDelegate = value; ! this.PrivateKeySelection += this.privateKeySelectionDelegate; ! } } --- 239,256 ---- public CertificateValidationCallback ServerCertValidationDelegate { ! get { return this.ServerCertValidation; } ! set { this.ServerCertValidation = value; } } public CertificateSelectionCallback ClientCertSelectionDelegate { ! get { return this.ClientCertSelection; } ! set { this.ClientCertSelection = value; } } public PrivateKeySelectionCallback PrivateKeyCertSelectionDelegate { ! get { return this.PrivateKeySelection; } ! set { this.PrivateKeySelection = value; } } *************** *** 402,417 **** } } ! this.ownsStream = false; ! this.innerStream = null; ! if (this.ClientCertSelection != null) ! { ! this.ClientCertSelection -= this.clientCertSelectionDelegate; ! } ! if (this.ServerCertValidation != null) ! { ! this.ServerCertValidation -= this.serverCertValidationDelegate; ! } ! this.serverCertValidationDelegate = null; ! this.clientCertSelectionDelegate = null; } --- 374,382 ---- } } ! this.ownsStream = false; ! this.innerStream = null; ! this.ClientCertSelection = null; ! this.ServerCertValidation = null; ! this.PrivateKeySelection = null; } Index: SslServerStream.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,v retrieving revision 1.7 retrieving revision 1.8 diff -C2 -d -r1.7 -r1.8 *** SslServerStream.cs 6 Mar 2004 14:38:25 -0000 1.7 --- SslServerStream.cs 8 Mar 2004 15:08:42 -0000 1.8 *************** *** 46,52 **** #region Fields - private CertificateValidationCallback clientCertValidationDelegate; - private PrivateKeySelectionCallback privateKeySelectionDelegate; - private ServerRecordProtocol protocol; private BufferedStream inputBuffer; --- 46,49 ---- *************** *** 226,253 **** public CertificateValidationCallback ClientCertValidationDelegate { ! get { return this.clientCertValidationDelegate; } ! set ! { ! if (this.ClientCertValidation != null) ! { ! this.ClientCertValidation -= this.clientCertValidationDelegate; ! } ! this.clientCertValidationDelegate = value; ! this.ClientCertValidation += this.clientCertValidationDelegate; ! } } public PrivateKeySelectionCallback PrivateKeyCertSelectionDelegate { ! get { return this.privateKeySelectionDelegate; } ! set ! { ! if (this.PrivateKeySelection != null) ! { ! this.PrivateKeySelection -= this.privateKeySelectionDelegate; ! } ! this.privateKeySelectionDelegate = value; ! this.PrivateKeySelection += this.privateKeySelectionDelegate; ! } } --- 223,234 ---- public CertificateValidationCallback ClientCertValidationDelegate { ! get { return this.ClientCertValidation; } ! set { this.ClientCertValidation = value; } } public PrivateKeySelectionCallback PrivateKeyCertSelectionDelegate { ! get { return this.PrivateKeySelection; } ! set { this.PrivateKeySelection = value; } } *************** *** 349,359 **** } } ! this.ownsStream = false; ! this.innerStream = null; ! if (this.ClientCertValidation != null) ! { ! this.ClientCertValidation -= this.clientCertValidationDelegate; ! } ! this.clientCertValidationDelegate = null; } --- 330,337 ---- } } ! this.ownsStream = false; ! this.innerStream = null; ! this.ClientCertValidation = null; ! this.PrivateKeySelection = null; } |
|
From: <car...@us...> - 2004-03-08 13:02:20
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv5083 Modified Files: CRLDistributionPointsExtension.cs Log Message: updated file Index: CRLDistributionPointsExtension.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions/CRLDistributionPointsExtension.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** CRLDistributionPointsExtension.cs 5 Mar 2004 23:19:07 -0000 1.1 --- CRLDistributionPointsExtension.cs 8 Mar 2004 12:45:57 -0000 1.2 *************** *** 60,64 **** [Flags] ! public enum ReasonFlags { Unused = 0, KeyCompromise = 1, --- 60,64 ---- [Flags] ! internal enum ReasonFlags { Unused = 0, KeyCompromise = 1, |
|
From: <car...@us...> - 2004-03-06 15:08:11
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3178 Modified Files: CipherSuiteCollection.cs Log Message: Removed spcific mono hack Index: CipherSuiteCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuiteCollection.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** CipherSuiteCollection.cs 3 Mar 2004 16:22:36 -0000 1.1 --- CipherSuiteCollection.cs 6 Mar 2004 14:53:13 -0000 1.2 *************** *** 155,166 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (NotSupportedException) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 155,163 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } |
|
From: <car...@us...> - 2004-03-06 15:07:47
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3068 Modified Files: PgTypeCollection.cs Log Message: Changed the SslClientStream instantiation Index: PgTypeCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient/PgTypeCollection.cs,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** PgTypeCollection.cs 9 Feb 2004 14:20:45 -0000 1.8 --- PgTypeCollection.cs 6 Mar 2004 14:52:50 -0000 1.9 *************** *** 106,117 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (Exception) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 106,114 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } |
|
From: <car...@us...> - 2004-03-06 15:07:25
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3002 Modified Files: PgDbClient.cs Log Message: Changed the SslClientStream instantiation Index: PgDbClient.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient/PgDbClient.cs,v retrieving revision 1.43 retrieving revision 1.44 diff -C2 -d -r1.43 -r1.44 *** PgDbClient.cs 3 Mar 2004 16:25:27 -0000 1.43 --- PgDbClient.cs 6 Mar 2004 14:52:28 -0000 1.44 *************** *** 25,28 **** --- 25,29 ---- using System.Net.Sockets; + using Tls=Mono.Security.Protocol.Tls; using Mono.Security.Protocol.Tls; *************** *** 159,163 **** this.settings.ServerName, true, ! Mono.Security.Protocol.Tls.SecurityProtocolType.Default); this.receive = new BinaryReader(this.sslStream); --- 160,165 ---- this.settings.ServerName, true, ! Tls.SecurityProtocolType.Tls| ! Tls.SecurityProtocolType.Ssl3); this.receive = new BinaryReader(this.sslStream); |
|
From: <car...@us...> - 2004-03-06 15:06:38
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2894 Modified Files: PgCharSetCollection.cs PgClientErrorCollection.cs Log Message: Removed spcific mono hack Index: PgCharSetCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient/PgCharSetCollection.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** PgCharSetCollection.cs 9 Feb 2004 14:20:45 -0000 1.4 --- PgCharSetCollection.cs 6 Mar 2004 14:51:43 -0000 1.5 *************** *** 95,106 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (Exception) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 95,103 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } Index: PgClientErrorCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/NPgClient/PgClientErrorCollection.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** PgClientErrorCollection.cs 9 Feb 2004 14:20:45 -0000 1.4 --- PgClientErrorCollection.cs 6 Mar 2004 14:51:43 -0000 1.5 *************** *** 83,94 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (Exception) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 83,91 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } |
|
From: <car...@us...> - 2004-03-06 15:06:20
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2863 Modified Files: PgErrorCollection.cs PgParameterCollection.cs Log Message: Removed spcific mono hack Index: PgErrorCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgErrorCollection.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** PgErrorCollection.cs 9 Feb 2004 14:19:22 -0000 1.4 --- PgErrorCollection.cs 6 Mar 2004 14:51:23 -0000 1.5 *************** *** 102,113 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (Exception) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 102,110 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } Index: PgParameterCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgParameterCollection.cs,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** PgParameterCollection.cs 9 Feb 2004 14:19:22 -0000 1.6 --- PgParameterCollection.cs 6 Mar 2004 14:51:23 -0000 1.7 *************** *** 254,265 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (Exception) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 254,262 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } |
|
From: <car...@us...> - 2004-03-06 15:05:51
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2788 Modified Files: PgCommand.cs PgDataReader.cs Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * source/PgCommand.cs: * source/PgDataReader.cs: - Improved Records Affected handling. Index: PgCommand.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgCommand.cs,v retrieving revision 1.29 retrieving revision 1.30 diff -C2 -d -r1.29 -r1.30 *** PgCommand.cs 5 Mar 2004 23:38:14 -0000 1.29 --- PgCommand.cs 6 Mar 2004 14:50:56 -0000 1.30 *************** *** 191,194 **** --- 191,198 ---- } + #endregion + + #region Internal Properties + internal CommandBehavior CommandBehavior { *************** *** 201,204 **** --- 205,220 ---- } + internal int RecordsAffected + { + get + { + if (this.statement != null) + { + return this.statement.RecordsAffected; + } + return -1; + } + } + internal bool IsDisposed { *************** *** 571,575 **** bool returnValue = false; ! if (commandBehavior != CommandBehavior.SingleResult) { this.actualCommand++; --- 587,596 ---- bool returnValue = false; ! this.statement.Close(); ! this.statement.ClosePortal(); ! this.statement = null; ! ! if ((this.commandBehavior & CommandBehavior.SingleResult) == CommandBehavior.SingleResult || ! this.commandBehavior == System.Data.CommandBehavior.Default) { this.actualCommand++; *************** *** 585,592 **** if (commandText != null && commandText.Trim().Length > 0) { - this.statement.Close(); - this.statement.ClosePortal(); - this.statement = null; - this.InternalPrepare(); this.InternalExecute(); --- 606,609 ---- Index: PgDataReader.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgDataReader.cs,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** PgDataReader.cs 9 Feb 2004 14:19:22 -0000 1.17 --- PgDataReader.cs 6 Mar 2004 14:50:56 -0000 1.18 *************** *** 817,826 **** private void updateRecordsAffected() { ! if (command != null && !command.IsDisposed) { ! if (command.Statement.RecordsAffected != -1) { ! recordsAffected = recordsAffected == -1 ? 0 : recordsAffected; ! recordsAffected += command.Statement.RecordsAffected; } } --- 817,827 ---- private void updateRecordsAffected() { ! if (this.command != null && !this.command.IsDisposed) { ! if (this.command.RecordsAffected != -1) { ! this.recordsAffected = ! this.recordsAffected == -1 ? 0 : this.recordsAffected; ! this.recordsAffected += this.command.RecordsAffected; } } *************** *** 829,840 **** private bool cultureAwareCompare(string strA, string strB) { ! try ! { ! return CultureInfo.CurrentCulture.CompareInfo.Compare(strA, strB, CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | CompareOptions.IgnoreCase) == 0 ? true : false; ! } ! catch (Exception) ! { ! return strA.ToUpper() == strB.ToUpper() ? true : false; ! } } --- 830,838 ---- private bool cultureAwareCompare(string strA, string strB) { ! return CultureInfo.CurrentCulture.CompareInfo.Compare( ! strA, ! strB, ! CompareOptions.IgnoreKanaType | CompareOptions.IgnoreWidth | ! CompareOptions.IgnoreCase) == 0 ? true : false; } |
|
From: <car...@us...> - 2004-03-06 14:57:38
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1569 Modified Files: changelog.txt Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * source/PgConnection.cs: - Added event for allow client certificate private key selection. Index: changelog.txt =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/changelog.txt,v retrieving revision 1.100 retrieving revision 1.101 diff -C2 -d -r1.100 -r1.101 *** changelog.txt 5 Mar 2004 23:38:35 -0000 1.100 --- changelog.txt 6 Mar 2004 14:42:43 -0000 1.101 *************** *** 2,5 **** --- 2,17 ---- ------------------------------------------------------- + 2004-03-06 Carlos Guzman Alvarez <car...@te...> + + * source/PgConnection.cs: + + - Added event for allow client certificate private key selection. + + * Mono.Security.Protocol.Tls/SslServerStream.cs: + + - Added PrivateKeySelection event and callback. + + - Added methods for event raising. + 2004-03-06 Carlos Guzman Alvarez <car...@te...> |
|
From: <car...@us...> - 2004-03-06 14:56:55
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1452 Modified Files: PgConnection.cs Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * source/PgConnection.cs: - Added event for allow client certificate private key selection. Index: PgConnection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgConnection.cs,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** PgConnection.cs 9 Feb 2004 14:19:22 -0000 1.12 --- PgConnection.cs 6 Mar 2004 14:42:00 -0000 1.13 *************** *** 23,28 **** --- 23,31 ---- using System.Collections; using System.ComponentModel; + using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; + using Mono.Security.Protocol.Tls; + using PostgreSql.Data.NPgClient; using PostgreSql.Data.PgSqlClient.DbSchema; *************** *** 42,46 **** public event CertificateValidationCallback ServerCertValidation; public event CertificateSelectionCallback ClientCertSelection; ! #endregion --- 45,49 ---- public event CertificateValidationCallback ServerCertValidation; public event CertificateSelectionCallback ClientCertSelection; ! public event PrivateKeySelectionCallback PrivateKeySelection; #endregion *************** *** 56,63 **** private ArrayList activeCommands; ! private PgClientMessageEventHandler infoMessageHandler; ! private PgClientNotificationEventHandler notificationHandler; ! private CertificateValidationCallback certificateValidation; ! private CertificateSelectionCallback certificateSelectionCallback; #endregion --- 59,67 ---- private ArrayList activeCommands; ! private PgClientMessageEventHandler infoMessageHandler; ! private PgClientNotificationEventHandler notificationHandler; ! private CertificateValidationCallback certificateValidationCallback; ! private CertificateSelectionCallback certificateSelectionCallback; ! private PrivateKeySelectionCallback privateKeySelectionCallback; #endregion *************** *** 406,415 **** { // Server certificate validation ! certificateValidation = new CertificateValidationCallback(OnServerCertificateValidation); ! dbConnection.DB.SslClientStream.ServerCertValidationDelegate = certificateValidation; // Client certificate selection certificateSelectionCallback = new CertificateSelectionCallback(OnClientCertificateSelection); dbConnection.DB.SslClientStream.ClientCertSelectionDelegate = certificateSelectionCallback; } } --- 410,423 ---- { // Server certificate validation ! certificateValidationCallback = new CertificateValidationCallback(OnServerCertificateValidation); ! dbConnection.DB.SslClientStream.ServerCertValidationDelegate = certificateValidationCallback; // Client certificate selection certificateSelectionCallback = new CertificateSelectionCallback(OnClientCertificateSelection); dbConnection.DB.SslClientStream.ClientCertSelectionDelegate = certificateSelectionCallback; + + // Private key selection + privateKeySelectionCallback = new PrivateKeySelectionCallback(OnPrivateKeySelection); + dbConnection.DB.SslClientStream.PrivateKeyCertSelectionDelegate = privateKeySelectionCallback; } } *************** *** 455,460 **** if (this.dbConnection.Settings.SSL) { ! ServerCertValidation -= certificateValidation; ClientCertSelection -= certificateSelectionCallback; } --- 463,469 ---- if (this.dbConnection.Settings.SSL) { ! ServerCertValidation -= certificateValidationCallback; ClientCertSelection -= certificateSelectionCallback; + PrivateKeySelection -= privateKeySelectionCallback; } *************** *** 627,631 **** private bool OnServerCertificateValidation( ! X509Certificate certificate, int[] certificateErrors) { if (this.ServerCertValidation != null) --- 636,641 ---- private bool OnServerCertificateValidation( ! X509Certificate certificate, ! int[] certificateErrors) { if (this.ServerCertValidation != null) *************** *** 638,645 **** private X509Certificate OnClientCertificateSelection( ! X509CertificateCollection clientCertificates, ! X509Certificate serverCertificate, ! string targetHost, ! X509CertificateCollection serverRequestedCertificates) { if (this.ClientCertSelection != null) --- 648,655 ---- private X509Certificate OnClientCertificateSelection( ! X509CertificateCollection clientCertificates, ! X509Certificate serverCertificate, ! string targetHost, ! X509CertificateCollection serverRequestedCertificates) { if (this.ClientCertSelection != null) *************** *** 655,658 **** --- 665,681 ---- } + private AsymmetricAlgorithm OnPrivateKeySelection( + X509Certificate clientCertificate, + string targetHost) + { + if (this.PrivateKeySelection != null) + { + return this.PrivateKeySelection(clientCertificate, targetHost); + } + + return null; + } + + #endregion } |
|
From: <car...@us...> - 2004-03-06 14:53:49
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1014 Modified Files: changelog.txt Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslServerStream.cs: - Added PrivateKeySelection event and callback. - Added methods for event raising. Index: changelog.txt =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/changelog.txt,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** changelog.txt 3 Mar 2004 17:32:46 -0000 1.16 --- changelog.txt 6 Mar 2004 14:38:54 -0000 1.17 *************** *** 2,5 **** --- 2,13 ---- --------------- ----------- ----------------------------------------- + 2004-03-06 Carlos Guzman Alvarez <car...@te...> + + * Mono.Security.Protocol.Tls/SslServerStream.cs: + + - Added PrivateKeySelection event and callback. + + - Added methods for event raising. + 2004-03-03 Carlos Guzman Alvarez <car...@te...> |
|
From: <car...@us...> - 2004-03-06 14:53:35
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv952 Modified Files: SslClientStream.cs SslServerStream.cs Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * Mono.Security.Protocol.Tls/SslServerStream.cs: - Added PrivateKeySelection event and callback. - Added methods for event raising. Index: SslClientStream.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslClientStream.cs,v retrieving revision 1.16 retrieving revision 1.17 diff -C2 -d -r1.16 -r1.17 *** SslClientStream.cs 3 Mar 2004 16:22:36 -0000 1.16 --- SslClientStream.cs 6 Mar 2004 14:38:25 -0000 1.17 *************** *** 48,52 **** public delegate AsymmetricAlgorithm PrivateKeySelectionCallback( ! X509Certificate clientCertificate, string targetHost); --- 48,52 ---- public delegate AsymmetricAlgorithm PrivateKeySelectionCallback( ! X509Certificate certificate, string targetHost); *************** *** 68,71 **** --- 68,72 ---- private CertificateSelectionCallback clientCertSelectionDelegate; private PrivateKeySelectionCallback privateKeySelectionDelegate; + private Stream innerStream; private BufferedStream inputBuffer; *************** *** 784,788 **** } ! return (certificateErrors != null && certificateErrors.Length > 0); } --- 785,789 ---- } ! return (certificateErrors != null && certificateErrors.Length == 0); } *************** *** 806,817 **** internal AsymmetricAlgorithm RaisePrivateKeySelection( ! X509Certificate clientCertificate, string targetHost) { if (this.PrivateKeySelection != null) { ! return this.PrivateKeySelection( ! clientCertificate, ! targetHost); } --- 807,816 ---- internal AsymmetricAlgorithm RaisePrivateKeySelection( ! X509Certificate certificate, string targetHost) { if (this.PrivateKeySelection != null) { ! return this.PrivateKeySelection(certificate, targetHost); } Index: SslServerStream.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** SslServerStream.cs 5 Mar 2004 23:21:55 -0000 1.6 --- SslServerStream.cs 6 Mar 2004 14:38:25 -0000 1.7 *************** *** 39,43 **** #region Internal Events ! internal event CertificateValidationCallback ClientCertValidation; #endregion --- 39,44 ---- #region Internal Events ! internal event CertificateValidationCallback ClientCertValidation; ! internal event PrivateKeySelectionCallback PrivateKeySelection; #endregion *************** *** 46,49 **** --- 47,51 ---- private CertificateValidationCallback clientCertValidationDelegate; + private PrivateKeySelectionCallback privateKeySelectionDelegate; private ServerRecordProtocol protocol; *************** *** 236,239 **** --- 238,255 ---- } + public PrivateKeySelectionCallback PrivateKeyCertSelectionDelegate + { + get { return this.privateKeySelectionDelegate; } + set + { + if (this.PrivateKeySelection != null) + { + this.PrivateKeySelection -= this.privateKeySelectionDelegate; + } + this.privateKeySelectionDelegate = value; + this.PrivateKeySelection += this.privateKeySelectionDelegate; + } + } + #endregion *************** *** 708,711 **** --- 724,755 ---- #endregion + + #region Event Methods + + internal virtual bool RaiseClientCertificateValidation( + X509Certificate certificate, + int[] certificateErrors) + { + if (this.ClientCertValidation != null) + { + return this.ClientCertValidation(certificate, certificateErrors); + } + + return (certificateErrors != null && certificateErrors.Length == 0); + } + + internal AsymmetricAlgorithm RaisePrivateKeySelection( + X509Certificate certificate, + string targetHost) + { + if (this.PrivateKeySelection != null) + { + return this.PrivateKeySelection(certificate, targetHost); + } + + return null; + } + + #endregion } } |
|
From: <car...@us...> - 2004-03-05 23:53:02
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29002 Modified Files: changelog.txt Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * source/PgCommand.cs: - Improved named parameters support. Index: changelog.txt =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/changelog.txt,v retrieving revision 1.99 retrieving revision 1.100 diff -C2 -d -r1.99 -r1.100 *** changelog.txt 3 Mar 2004 16:24:49 -0000 1.99 --- changelog.txt 5 Mar 2004 23:38:35 -0000 1.100 *************** *** 2,5 **** --- 2,13 ---- ------------------------------------------------------- + + 2004-03-06 Carlos Guzman Alvarez <car...@te...> + + * source/PgCommand.cs: + + - Improved named parameters support. + + 2004-03-03 Carlos Guzman Alvarez <car...@te...> |
|
From: <car...@us...> - 2004-03-05 23:52:40
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28925 Modified Files: PgCommand.cs Log Message: 2004-03-06 Carlos Guzman Alvarez <car...@te...> * source/PgCommand.cs: - Improved named parameters support. Index: PgCommand.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/PostgreSql.Data.PgSqlClient/source/PgCommand.cs,v retrieving revision 1.28 retrieving revision 1.29 diff -C2 -d -r1.28 -r1.29 *** PgCommand.cs 12 Feb 2004 19:50:41 -0000 1.28 --- PgCommand.cs 5 Mar 2004 23:38:14 -0000 1.29 *************** *** 21,24 **** --- 21,25 ---- using System.Drawing; using System.Collections; + using System.Collections.Specialized; using System.ComponentModel; using System.Text; *************** *** 47,52 **** private int commandTimeout; private bool designTimeVisible; ! private Regex search; ! private MatchCollection namedParameters; private int matchIndex; private Hashtable matchReplaces; --- 48,52 ---- private int commandTimeout; private bool designTimeVisible; ! private StringCollection namedParameters; private int matchIndex; private Hashtable matchReplaces; *************** *** 220,224 **** this.designTimeVisible = true; this.parameters = new PgParameterCollection(); ! this.search = new Regex("(@[a-zA-Z-$][a-zA-Z0-9_$]*)"); GC.SuppressFinalize(this); --- 220,225 ---- this.designTimeVisible = true; this.parameters = new PgParameterCollection(); ! this.namedParameters = new StringCollection(); ! this.matchReplaces = new Hashtable(); GC.SuppressFinalize(this); *************** *** 264,269 **** this.commandText = String.Empty; this.actualCommand = -1; - this.search = null; this.commands = null; } --- 265,275 ---- this.commandText = String.Empty; this.actualCommand = -1; this.commands = null; + + this.matchReplaces.Clear(); + this.matchReplaces = null; + + this.namedParameters.Clear(); + this.namedParameters = null; } *************** *** 455,461 **** commands[actualCommand] = parseSPCommandText(); } - - // Get named parameters in CommandText - namedParameters = search.Matches(commands[actualCommand]); string prepareName = "PS" + getStmtName(); --- 461,464 ---- *************** *** 465,469 **** prepareName, portalName, ! parseParameterNames()); // Parse statement --- 468,472 ---- prepareName, portalName, ! this.parseParameterNames()); // Parse statement *************** *** 534,541 **** } - // Get named parameters in CommandText - this.namedParameters = this.search.Matches( - this.commands[this.actualCommand]); - this.statement = this.connection.DbConnection.DB.CreateStatement( String.Empty, --- 537,540 ---- *************** *** 705,721 **** private string parseParameterNames() { ! string sql = commands[actualCommand]; ! if (namedParameters.Count != 0) { ! matchIndex = 0; ! matchReplaces = new Hashtable(); ! sql = search.Replace( ! sql, ! new MatchEvaluator(matchEvaluator)); ! matchReplaces.Clear(); ! } return sql; --- 704,725 ---- private string parseParameterNames() { ! string sql = this.commands[actualCommand]; ! ! this.namedParameters.Clear(); ! if (sql.IndexOf("@") != -1) { ! this.matchReplaces.Clear(); ! string pattern = @"(('[^']*?\@[^']*')*[^'@]*?)*(?<param>@\w+)*([^'@]*?('[^']*?\@*[^']*'))*"; ! Regex r = new Regex(pattern, RegexOptions.ExplicitCapture); ! ! MatchEvaluator me = new MatchEvaluator(matchEvaluator); ! ! sql = r.Replace(sql, me); ! ! this.matchReplaces.Clear(); ! } return sql; *************** *** 724,744 **** private string matchEvaluator(Match match) { ! if (!this.matchReplaces.ContainsKey(match.Value)) ! { ! if (this.connection.DbConnection.Settings.SimpleQueryMode) { ! this.matchReplaces.Add( ! match.Value, ! this.parameters[matchIndex++].ConvertToPgString()); } else { ! this.matchReplaces.Add( ! match.Value, ! "$" + ((matchIndex++) + 1).ToString()); } } - - return this.matchReplaces[match.Value].ToString(); } --- 728,764 ---- private string matchEvaluator(Match match) { ! string input = match.Value; ! string replace = String.Empty; ! ! if (match.Groups["param"].Success) ! { ! Group g = match.Groups["param"]; ! ! if (!this.matchReplaces.ContainsKey(g.Value)) { ! this.namedParameters.Add(g.Value); ! ! if (this.connection.DbConnection.Settings.SimpleQueryMode) ! { ! replace = this.parameters[matchIndex++].ConvertToPgString(); ! } ! else ! { ! replace = "$" + ((this.matchIndex++) + 1).ToString(); ! } ! ! this.matchReplaces.Add(g.Value, replace); } else { ! replace = this.matchReplaces[g.Value].ToString(); } + + return Regex.Replace(input, g.Value, replace); + } + else + { + return match.Value; } } *************** *** 754,758 **** try { ! parameterName = namedParameters[i].Value.Trim(); } catch --- 774,778 ---- try { ! parameterName = namedParameters[i].Trim(); } catch |
|
From: <car...@us...> - 2004-03-05 23:37:22
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26297 Modified Files: TlsClientHello.cs TlsClientKeyExchange.cs Log Message: Added implementation for some server side handshake messages Index: TlsClientHello.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientHello.cs,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** TlsClientHello.cs 4 Mar 2004 15:41:55 -0000 1.5 --- TlsClientHello.cs 5 Mar 2004 23:22:57 -0000 1.6 *************** *** 81,85 **** // Session id // Send the session ID empty ! byte[] sessionId = this.ReadBytes(this.ReadByte()); // Read Supported Cipher Suites count --- 81,85 ---- // Session id // Send the session ID empty ! this.sessionId = this.ReadBytes(this.ReadByte()); // Read Supported Cipher Suites count Index: TlsClientKeyExchange.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Server/TlsClientKeyExchange.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** TlsClientKeyExchange.cs 4 Mar 2004 15:41:55 -0000 1.4 --- TlsClientKeyExchange.cs 5 Mar 2004 23:22:57 -0000 1.5 *************** *** 60,64 **** RSAPKCS1KeyExchangeDeformatter deformatter = new RSAPKCS1KeyExchangeDeformatter(rsa); ! byte[] preMasterSecret = deformatter.CreateKeyExchange(preMasterSecret); // Create master secret --- 60,64 ---- RSAPKCS1KeyExchangeDeformatter deformatter = new RSAPKCS1KeyExchangeDeformatter(rsa); ! byte[] preMasterSecret = deformatter.DecryptKeyExchange(clientSecret); // Create master secret |
|
From: <car...@us...> - 2004-03-05 23:36:22
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25946 Modified Files: CipherSuite.cs ClientRecordProtocol.cs Context.cs RecordProtocol.cs ServerContext.cs ServerRecordProtocol.cs SslServerStream.cs Log Message: Added implementation for some server side handshake messages Index: CipherSuite.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/CipherSuite.cs,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** CipherSuite.cs 3 Mar 2004 16:22:36 -0000 1.6 --- CipherSuite.cs 5 Mar 2004 23:21:55 -0000 1.7 *************** *** 58,62 **** private byte ivSize; private byte blockSize; ! private Context context; private SymmetricAlgorithm encryptionAlgorithm; private ICryptoTransform encryptionCipher; --- 58,62 ---- private byte ivSize; private byte blockSize; ! private Context context; private SymmetricAlgorithm encryptionAlgorithm; private ICryptoTransform encryptionCipher; *************** *** 198,202 **** { get { return this.context; } ! set { this.context = value; } } --- 198,205 ---- { get { return this.context; } ! set ! { ! this.context = value; ! } } *************** *** 354,359 **** { TlsStream stream = new TlsStream(); ! ClientContext context = (ClientContext)this.Context; ! // Write protocol version // We need to send here the protocol version used in --- 357,362 ---- { TlsStream stream = new TlsStream(); ! ClientContext context = (ClientContext)this.context; ! // Write protocol version // We need to send here the protocol version used in Index: ClientRecordProtocol.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/ClientRecordProtocol.cs,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** ClientRecordProtocol.cs 3 Mar 2004 16:22:36 -0000 1.4 --- ClientRecordProtocol.cs 5 Mar 2004 23:21:55 -0000 1.5 *************** *** 79,82 **** --- 79,85 ---- message = this.createServerHandshakeMessage(handshakeType, data); + // Update the last handshake message + this.Context.LastHandshakeMsg = handshakeType; + // Update session if (message != null) Index: Context.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/Context.cs,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** Context.cs 3 Mar 2004 16:22:36 -0000 1.3 --- Context.cs 5 Mar 2004 23:21:55 -0000 1.4 *************** *** 211,215 **** { get { return this.cipher; } ! set { this.cipher = value; } } --- 211,219 ---- { get { return this.cipher; } ! set ! { ! this.cipher = value; ! this.cipher.Context = this; ! } } Index: RecordProtocol.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/RecordProtocol.cs,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** RecordProtocol.cs 3 Mar 2004 16:22:36 -0000 1.6 --- RecordProtocol.cs 5 Mar 2004 23:21:55 -0000 1.7 *************** *** 108,112 **** // Check that the message has a valid protocol version ! if (protocol != this.context.Protocol && this.context.ProtocolNegotiated) { throw this.context.CreateException("Invalid protocol version on message received from server"); --- 108,113 ---- // Check that the message has a valid protocol version ! if (protocol != this.context.Protocol && ! this.context.ProtocolNegotiated) { throw this.context.CreateException("Invalid protocol version on message received from server"); *************** *** 128,134 **** } byte[] result = message.ToArray(); - // Process record switch (contentType) { --- 129,138 ---- } + // Set last handshake message received to None + this.context.LastHandshakeMsg = HandshakeType.None; + + // Process record byte[] result = message.ToArray(); switch (contentType) { Index: ServerContext.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/ServerContext.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** ServerContext.cs 23 Feb 2004 12:16:08 -0000 1.1 --- ServerContext.cs 5 Mar 2004 23:21:55 -0000 1.2 *************** *** 24,31 **** using System; - using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; namespace Mono.Security.Protocol.Tls { --- 24,32 ---- using System; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; + using MonoX509 = Mono.Security.X509; + namespace Mono.Security.Protocol.Tls { *************** *** 64,68 **** this.sslStream = stream; this.clientCertificateRequired = clientCertificateRequired; ! // this.ServerSettings.Certificates.Add(serverCertificate); } --- 65,75 ---- this.sslStream = stream; this.clientCertificateRequired = clientCertificateRequired; ! ! // Convert the System.Security cert to a Mono Cert ! MonoX509.X509Certificate cert = new MonoX509.X509Certificate(serverCertificate.GetRawCertData()); ! ! // Add server certificate to the certificate collection ! this.ServerSettings.Certificates = new MonoX509.X509CertificateCollection(); ! this.ServerSettings.Certificates.Add(cert); } Index: ServerRecordProtocol.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/ServerRecordProtocol.cs,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** ServerRecordProtocol.cs 3 Mar 2004 16:22:36 -0000 1.2 --- ServerRecordProtocol.cs 5 Mar 2004 23:21:55 -0000 1.3 *************** *** 79,82 **** --- 79,85 ---- message = this.createClientHandshakeMessage(handshakeType, data); + // Update the last handshake message + this.Context.LastHandshakeMsg = handshakeType; + // Update session if (message != null) Index: SslServerStream.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** SslServerStream.cs 3 Mar 2004 16:22:36 -0000 1.5 --- SslServerStream.cs 5 Mar 2004 23:21:55 -0000 1.6 *************** *** 639,642 **** --- 639,648 ---- try { + // Reset the context if needed + if (this.context.HandshakeState != HandshakeState.None) + { + this.context.Clear(); + } + // Obtain supported cipher suites this.context.SupportedCiphers = CipherSuiteFactory.GetSupportedCiphers(this.context.SecurityProtocol); *************** *** 662,669 **** // If the negotiated cipher is a KeyEx cipher send ServerKeyExchange - // and Certificate request messages if (this.context.Cipher.ExchangeAlgorithmType == ExchangeAlgorithmType.RsaKeyX) { this.protocol.SendRecord(HandshakeType.ServerKeyExchange); this.protocol.SendRecord(HandshakeType.CertificateRequest); } --- 668,682 ---- // If the negotiated cipher is a KeyEx cipher send ServerKeyExchange if (this.context.Cipher.ExchangeAlgorithmType == ExchangeAlgorithmType.RsaKeyX) { this.protocol.SendRecord(HandshakeType.ServerKeyExchange); + + } + + // If the negotiated cipher is a KeyEx cipher or + // the client certificate is required send the CertificateRequest message + if (this.context.Cipher.ExchangeAlgorithmType == ExchangeAlgorithmType.RsaKeyX || + this.context.ClientCertificateRequired) + { this.protocol.SendRecord(HandshakeType.CertificateRequest); } |
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25374 Added Files: AuthorityKeyIdentifierExtension.cs BasicConstraintsExtension.cs CertificatePoliciesExtension.cs CRLDistributionPointsExtension.cs ExtendedKeyUsageExtension.cs KeyAttributesExtension.cs KeyUsageExtension.cs NetscapeCertTypeExtension.cs PrivateKeyUsagePeriodExtension.cs SubjectAltNameExtension.cs SubjectKeyIdentifierExtension.cs Log Message: Sync security stuff with mono CVS classes. --- NEW FILE: AuthorityKeyIdentifierExtension.cs --- // // AuthorityKeyIdentifierExtension.cs: Handles X.509 AuthorityKeyIdentifier extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } * * AuthorityKeyIdentifier ::= SEQUENCE { * keyIdentifier [0] KeyIdentifier OPTIONAL, * authorityCertIssuer [1] GeneralNames OPTIONAL, * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } * * KeyIdentifier ::= OCTET STRING */ internal class AuthorityKeyIdentifierExtension : X509Extension { private byte[] aki; public AuthorityKeyIdentifierExtension () : base () { extnOid = "2.5.29.35"; } public AuthorityKeyIdentifierExtension (ASN1 asn1) : base (asn1) {} public AuthorityKeyIdentifierExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid AuthorityKeyIdentifier extension"); for (int i=0; i < sequence.Count; i++) { ASN1 el = sequence [i]; switch (el.Tag) { case 0x80: aki = el.Value; break; case 0x81: case 0x82: default: throw new ArgumentException ("Invalid AuthorityKeyIdentifier extension"); } } } public override string Name { get { return "Authority Key Identifier"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); if (aki != null) { // [0] KeyIdentifier int x = 0; sb.Append ("KeyID="); while (x < aki.Length) { sb.Append (aki [x].ToString ("X2")); if (x % 2 == 1) sb.Append (" "); x++; } // [1] GeneralNames // TODO // [2] CertificateSerialNumber // TODO } return sb.ToString (); } } } --- NEW FILE: BasicConstraintsExtension.cs --- // // BasicConstraintsExtension.cs: Handles X.509 BasicConstrains extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // References: // 1. RFC 3280: Internet X.509 Public Key Infrastructure, Section 4.2.1.10 // http://www.ietf.org/rfc/rfc3280.txt /* id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } * * BasicConstraints ::= SEQUENCE { * cA BOOLEAN DEFAULT FALSE, * pathLenConstraint INTEGER (0..MAX) OPTIONAL * } */ internal class BasicConstraintsExtension : X509Extension { private bool cA; private int pathLenConstraint; public BasicConstraintsExtension () : base () { extnOid = "2.5.29.19"; } public BasicConstraintsExtension (ASN1 asn1) : base (asn1) {} public BasicConstraintsExtension (X509Extension extension) : base (extension) {} protected override void Decode () { // default values cA = false; pathLenConstraint = 0; // no constraint ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid BasicConstraints extension"); int n = 0; ASN1 a = sequence [n++]; if ((a != null) && (a.Tag == 0x01)) { cA = (a.Value [0] == 0xFF); a = sequence [n++]; } if ((a != null) && (a.Tag == 0x02)) pathLenConstraint = ASN1Convert.ToInt32 (a); } protected override void Encode () { if (extnValue == null) { extnValue = new ASN1 (0x30); if (cA) extnValue.Add (new ASN1 (0x01, new byte[] { 0xFF })); if (pathLenConstraint > 0) extnValue.Add (ASN1Convert.FromInt32 (pathLenConstraint)); } } public bool CertificateAuthority { get { return cA; } set { cA = value; } } public override string Name { get { return "Basic Constraints"; } } public int PathLenConstraint { get { return pathLenConstraint; } set { pathLenConstraint = value; } } public override string ToString () { StringBuilder sb = new StringBuilder (); sb.Append ("Subject Type="); sb.Append ((cA) ? "CA" : "End Entity"); sb.Append (Environment.NewLine); sb.Append ("Path Length Constraint="); if (pathLenConstraint == 0) sb.Append ("None"); else sb.Append (pathLenConstraint.ToString ()); sb.Append (Environment.NewLine); return sb.ToString (); } } } --- NEW FILE: CertificatePoliciesExtension.cs --- // // CertificatePoliciesExtension.cs: Handles X.509 CertificatePolicies extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } * * anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificate-policies 0 } * * certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation * * PolicyInformation ::= SEQUENCE { * policyIdentifier CertPolicyId, * policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL * } * * CertPolicyId ::= OBJECT IDENTIFIER * * PolicyQualifierInfo ::= SEQUENCE { * policyQualifierId PolicyQualifierId, * qualifier ANY DEFINED BY policyQualifierId * } * * -- policyQualifierIds for Internet policy qualifiers * id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } * id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } * id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } * * PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) * * Qualifier ::= CHOICE { * cPSuri CPSuri, * userNotice UserNotice * } * * CPSuri ::= IA5String * * UserNotice ::= SEQUENCE { * noticeRef NoticeReference OPTIONAL, * explicitText DisplayText OPTIONAL * } * * NoticeReference ::= SEQUENCE { * organization DisplayText, * noticeNumbers SEQUENCE OF INTEGER * } * * DisplayText ::= CHOICE { * ia5String IA5String (SIZE (1..200)), * visibleString VisibleString (SIZE (1..200)), * bmpString BMPString (SIZE (1..200)), * utf8String UTF8String (SIZE (1..200)) * } */ // note: partial implementation (only policyIdentifier OID are supported) internal class CertificatePoliciesExtension : X509Extension { private Hashtable policies; public CertificatePoliciesExtension () : base () { extnOid = "2.5.29.32"; policies = new Hashtable (); } public CertificatePoliciesExtension (ASN1 asn1) : base (asn1) {} public CertificatePoliciesExtension (X509Extension extension) : base (extension) {} protected override void Decode () { policies = new Hashtable (); ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid CertificatePolicies extension"); // for every policy OID for (int i=0; i < sequence.Count; i++) { policies.Add (ASN1Convert.ToOID (sequence [i][0]), null); } } public override string Name { get { return "Certificate Policies"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); int n = 1; foreach (DictionaryEntry policy in policies) { sb.Append ("["); sb.Append (n++); sb.Append ("]Certificate Policy:"); sb.Append (Environment.NewLine); sb.Append ("\tPolicyIdentifier="); sb.Append ((string)policy.Key); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: CRLDistributionPointsExtension.cs --- // // CRLDistributionPointsExtension.cs: Handles X.509 CRLDistributionPoints extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // References: // a. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile // http://www.ietf.org/rfc/rfc3280.txt // b. 2.5.29.31 - CRL Distribution Points // http://www.alvestrand.no/objectid/2.5.29.31.html /* * id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 } * * CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint * * DistributionPoint ::= SEQUENCE { * distributionPoint [0] DistributionPointName OPTIONAL, * reasons [1] ReasonFlags OPTIONAL, * cRLIssuer [2] GeneralNames OPTIONAL * } * * DistributionPointName ::= CHOICE { * fullName [0] GeneralNames, * nameRelativeToCRLIssuer [1] RelativeDistinguishedName * } * * ReasonFlags ::= BIT STRING { * unused (0), * keyCompromise (1), * cACompromise (2), * affiliationChanged (3), * superseded (4), * cessationOfOperation (5), * certificateHold (6), * privilegeWithdrawn (7), * aACompromise (8) } */ internal class CRLDistributionPointsExtension : X509Extension { internal class DP { public string DistributionPoint; public ReasonFlags Reasons; public string CRLIssuer; } [Flags] public enum ReasonFlags { Unused = 0, KeyCompromise = 1, CACompromise = 2, AffiliationChanged = 3, Superseded = 4, CessationOfOperation = 5, CertificateHold = 6, PrivilegeWithdrawn = 7, AACompromise = 8 } private ArrayList dps; public CRLDistributionPointsExtension () : base () { extnOid = "2.5.29.31"; dps = new ArrayList (); } public CRLDistributionPointsExtension (ASN1 asn1) : base (asn1) {} public CRLDistributionPointsExtension (X509Extension extension) : base (extension) {} protected override void Decode () { dps = new ArrayList (); ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid CRLDistributionPoints extension"); // for every distribution point for (int i=0; i < sequence.Count; i++) { dps.Add (null); } } public override string Name { get { return "CRL Distribution Points"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); foreach (DP dp in dps) { sb.Append ("["); sb.Append (dp.Reasons); sb.Append ("]CRL Distribution Point"); sb.Append (Environment.NewLine); sb.Append ("\tDistribution Point Name:"); sb.Append (dp.DistributionPoint); sb.Append (Environment.NewLine); sb.Append ("\t\tFull Name:"); sb.Append (Environment.NewLine); sb.Append ("\t\t\tDirectory Address:"); sb.Append (dp.CRLIssuer); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: ExtendedKeyUsageExtension.cs --- // // ExtendedKeyUsageExtension.cs: Handles X.509 ExtendedKeyUsage extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } * * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId * * KeyPurposeId ::= OBJECT IDENTIFIER */ internal class ExtendedKeyUsageExtension : X509Extension { private ArrayList keyPurpose; public ExtendedKeyUsageExtension () : base () { extnOid = "2.5.29.37"; keyPurpose = new ArrayList (); } public ExtendedKeyUsageExtension (ASN1 asn1) : base (asn1) {} public ExtendedKeyUsageExtension (X509Extension extension) : base (extension) {} protected override void Decode () { keyPurpose = new ArrayList (); ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid ExtendedKeyUsage extension"); // for every policy OID for (int i=0; i < sequence.Count; i++) keyPurpose.Add (ASN1Convert.ToOID (sequence [i])); } protected override void Encode () { if (extnValue == null) { extnValue = new ASN1 (0x30); foreach (string oid in keyPurpose) { extnValue.Add (ASN1Convert.FromOID (oid)); } } } public ArrayList KeyPurpose { get { return keyPurpose; } } public override string Name { get { return "Extended Key Usage"; } } // serverAuth 1.3.6.1.5.5.7.3.1 // clientAuth 1.3.6.1.5.5.7.3.2 // codeSigning 1.3.6.1.5.5.7.3.3 // emailProtection 1.3.6.1.5.5.7.3.4 // timeStamping 1.3.6.1.5.5.7.3.8 // OCSPSigning 1.3.6.1.5.5.7.3.9 public override string ToString () { StringBuilder sb = new StringBuilder (); foreach (string s in keyPurpose) { switch (s) { case "1.3.6.1.5.5.7.3.3": sb.Append ("Code Signing"); break; default: sb.Append ("unknown"); break; } sb.Append (" ("); sb.Append (s); sb.Append (")"); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: KeyAttributesExtension.cs --- // // KeyAttributesExtension.cs: Handles X.509 *DEPRECATED* KeyAttributes extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // definition found @ http://groups.yahoo.com/group/ssl-talk/message/1964 // // keyAttributes EXTENSION ::= { // SYNTAX KeyAttributes // IDENTIFIED BY { id-ce 2 } } // // KeyAttributes ::= SEQUENCE { // keyIdentifier KeyIdentifier OPTIONAL, // intendedKeyUsage KeyUsage OPTIONAL, // privateKeyUsagePeriod PrivateKeyValidity OPTIONAL // } // KeyUsage ::= BIT STRING { // digitalSignature (0), // nonRepudiation (1), // keyEncipherment (2), // dataEncipherment (3), // keyAgreement (4), // keyCertSign (5), // offLineCRLSign (6) // } // PrivateKeyValidity ::= SEQUENCE { // notBefore [0] GeneralizedTime OPTIONAL, // notAfter [1] GeneralizedTime OPTIONAL // } // ( CONSTRAINED BY { -- at least one component shall be present -- }) internal class KeyAttributesExtension : X509Extension { private byte[] keyId; private int kubits; private DateTime notBefore; private DateTime notAfter; public KeyAttributesExtension () : base () { extnOid = "2.5.29.2"; } public KeyAttributesExtension (ASN1 asn1) : base (asn1) {} public KeyAttributesExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 seq = new ASN1 (extnValue.Value); if (seq.Tag != 0x30) throw new ArgumentException ("Invalid KeyAttributesExtension extension"); int n = 0; // check for KeyIdentifier if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x04) { n++; keyId = item.Value; } } // check for KeyUsage if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x03) { n++; int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < item.Value.Length) kubits = (kubits << 8) + item.Value [i++]; } } // check for PrivateKeyValidity if (n < seq.Count) { ASN1 item = seq [n]; if (item.Tag == 0x30) { int i = 0; if (i < item.Count) { ASN1 dt = item [i]; if (dt.Tag == 0x81) { i++; notBefore = ASN1Convert.ToDateTime (dt); } } if (i < item.Count) { ASN1 dt = item [i]; if (dt.Tag == 0x82) notAfter = ASN1Convert.ToDateTime (dt); } } } } public byte[] KeyIdentifier { get { return keyId; } } public override string Name { get { return "Key Attributes"; } } public DateTime NotAfter { get { return notAfter; } } public DateTime NotBefore { get { return notBefore; } } public bool Support (KeyUsage usage) { int x = Convert.ToInt32 (usage); return ((x & kubits) == x); } public override string ToString () { StringBuilder sb = new StringBuilder (); if (keyId != null) { sb.Append ("KeyID="); int x = 0; while (x < keyId.Length) { sb.Append (keyId [x].ToString ("X2")); if (x % 2 == 1) sb.Append (" "); x++; } sb.Append (Environment.NewLine); } if (kubits != 0) { sb.Append ("Key Usage="); const string separator = " , "; if (Support (KeyUsage.digitalSignature)) sb.Append ("Digital Signature"); if (Support (KeyUsage.nonRepudiation)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Non-Repudiation"); } if (Support (KeyUsage.keyEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Encipherment"); } if (Support (KeyUsage.dataEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Data Encipherment"); } if (Support (KeyUsage.keyAgreement)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Agreement"); } if (Support (KeyUsage.keyCertSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Certificate Signing"); } if (Support (KeyUsage.cRLSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("CRL Signing"); } if (Support (KeyUsage.encipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Encipher Only "); // ??? } if (Support (KeyUsage.decipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Decipher Only"); // ??? } sb.Append ("("); sb.Append (kubits.ToString ("X2")); sb.Append (")"); sb.Append (Environment.NewLine); } if (notBefore != DateTime.MinValue) { sb.Append ("Not Before="); sb.Append (notBefore.ToString ()); sb.Append (Environment.NewLine); } if (notAfter != DateTime.MinValue) { sb.Append ("Not After="); sb.Append (notAfter.ToString ()); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: KeyUsageExtension.cs --- // // KeyUsageExtension.cs: Handles X.509 KeyUsage extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } * * KeyUsage ::= BIT STRING { * digitalSignature (0), * nonRepudiation (1), * keyEncipherment (2), * dataEncipherment (3), * keyAgreement (4), * keyCertSign (5), * cRLSign (6), * encipherOnly (7), * decipherOnly (8) * } */ // note: because nothing is simple in ASN.1 bits are reversed [Flags] internal enum KeyUsage { digitalSignature = 0x80, nonRepudiation = 0x40, keyEncipherment = 0x20, dataEncipherment = 0x10, keyAgreement = 0x08, keyCertSign = 0x04, cRLSign = 0x02, encipherOnly = 0x01, decipherOnly = 0x800, none = 0x0 } internal class KeyUsageExtension : X509Extension { private int kubits; public KeyUsageExtension (ASN1 asn1) : base (asn1) {} public KeyUsageExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 bitString = new ASN1 (extnValue.Value); if (bitString.Tag != 0x03) throw new ArgumentException ("Invalid KeyUsage extension"); int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < bitString.Value.Length) kubits = (kubits << 8) + bitString.Value [i++]; } public override string Name { get { return "Key Usage"; } } public bool Support (KeyUsage usage) { int x = Convert.ToInt32 (usage); return ((x & kubits) == x); } public override string ToString () { const string separator = " , "; StringBuilder sb = new StringBuilder (); if (Support (KeyUsage.digitalSignature)) sb.Append ("Digital Signature"); if (Support (KeyUsage.nonRepudiation)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Non-Repudiation"); } if (Support (KeyUsage.keyEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Encipherment"); } if (Support (KeyUsage.dataEncipherment)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Data Encipherment"); } if (Support (KeyUsage.keyAgreement)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Key Agreement"); } if (Support (KeyUsage.keyCertSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Certificate Signing"); } if (Support (KeyUsage.cRLSign)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("CRL Signing"); } if (Support (KeyUsage.encipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Encipher Only "); // ??? } if (Support (KeyUsage.decipherOnly)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Decipher Only"); // ??? } sb.Append ("("); sb.Append (kubits.ToString ("X2")); sb.Append (")"); sb.Append (Environment.NewLine); return sb.ToString (); } } } --- NEW FILE: NetscapeCertTypeExtension.cs --- // // NetscapeCertTypeExtension.cs: Handles Netscape CertType extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { // References: // a. Netscape Certificate Extensions Navigator 3.0 Version // http://wp.netscape.com/eng/security/cert-exts.html // b. Netscape Certificate Extensions Communicator 4.0 Version // http://wp.netscape.com/eng/security/comm4-cert-exts.html // c. 2.16.840.1.113730.1.1 - Netscape certificate type // http://www.alvestrand.no/objectid/2.16.840.1.113730.1.1.html internal class NetscapeCertTypeExtension : X509Extension { /* * bit-0 SSL client - this cert is certified for SSL client authentication use * bit-1 SSL server - this cert is certified for SSL server authentication use * bit-2 S/MIME - this cert is certified for use by clients(New in PR3) * bit-3 Object Signing - this cert is certified for signing objects such as Java applets and plugins(New in PR3) * bit-4 Reserved - this bit is reserved for future use * bit-5 SSL CA - this cert is certified for issuing certs for SSL use * bit-6 S/MIME CA - this cert is certified for issuing certs for S/MIME use(New in PR3) * bit-7 Object Signing CA - this cert is certified for issuing certs for Object Signing(New in PR3) */ // note: because nothing is simple in ASN.1 bits are reversed [Flags] public enum CertType { SslClient = 0x80, SslServer = 0x40, Smime = 0x20, ObjectSigning = 0x10, SslCa = 0x04, SmimeCa = 0x02, ObjectSigningCA = 0x01 } private int ctbits; public NetscapeCertTypeExtension () : base () { extnOid = "2.16.840.1.113730.1.1"; } public NetscapeCertTypeExtension (ASN1 asn1) : base (asn1) {} public NetscapeCertTypeExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 bitString = new ASN1 (extnValue.Value); if (bitString.Tag != 0x03) throw new ArgumentException ("Invalid NetscapeCertType extension"); int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING) while (i < bitString.Value.Length) ctbits = (ctbits << 8) + bitString.Value [i++]; } public override string Name { get { return "NetscapeCertType"; } } /* public CertType Type { get { return ctbits; } set { ctbits = value; } }*/ public bool Support (CertType usage) { int x = Convert.ToInt32 (usage); return ((x & ctbits) == x); } public override string ToString () { const string separator = " , "; StringBuilder sb = new StringBuilder (); if (Support (CertType.SslClient)) sb.Append ("SSL Client Authentication"); if (Support (CertType.SslServer)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SSL Server Authentication"); } if (Support (CertType.Smime)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SMIME"); } if (Support (CertType.ObjectSigning)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Object Signing"); } if (Support (CertType.SslCa)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SSL CA"); } if (Support (CertType.SmimeCa)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("SMIME CA"); } if (Support (CertType.ObjectSigningCA)) { if (sb.Length > 0) sb.Append (separator); sb.Append ("Object Signing CA"); } sb.Append ("("); sb.Append (ctbits.ToString ("X2")); sb.Append (")"); sb.Append (Environment.NewLine); return sb.ToString (); } } } --- NEW FILE: PrivateKeyUsagePeriodExtension.cs --- // // PrivateKeyUsagePeriodExtension.cs: Handles X.509 PrivateKeyUsagePeriod extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } * * PrivateKeyUsagePeriod ::= SEQUENCE { * notBefore [0] GeneralizedTime OPTIONAL, * notAfter [1] GeneralizedTime OPTIONAL * } */ internal class PrivateKeyUsagePeriodExtension : X509Extension { private DateTime notBefore; private DateTime notAfter; public PrivateKeyUsagePeriodExtension () : base () { extnOid = "2.5.29.16"; } public PrivateKeyUsagePeriodExtension (ASN1 asn1) : base (asn1) {} public PrivateKeyUsagePeriodExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid PrivateKeyUsagePeriod extension"); for (int i=0; i < sequence.Count; i++) { switch (sequence [i].Tag) { case 0x80: notBefore = ASN1Convert.ToDateTime (sequence [i]); break; case 0x81: notAfter = ASN1Convert.ToDateTime (sequence [i]); break; default: throw new ArgumentException ("Invalid PrivateKeyUsagePeriod extension"); } } } public override string Name { get { return "Private Key Usage Period"; } } public override string ToString () { StringBuilder sb = new StringBuilder (); if (notBefore != DateTime.MinValue) { sb.Append ("Not Before: "); sb.Append (notBefore.ToString ()); sb.Append (Environment.NewLine); } if (notAfter != DateTime.MinValue) { sb.Append ("Not After: "); sb.Append (notAfter.ToString ()); sb.Append (Environment.NewLine); } return sb.ToString (); } } } --- NEW FILE: SubjectAltNameExtension.cs --- // // SubjectAltNameExtension.cs: Handles X.509 SubjectAltName extensions. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; using System.Net; using System.Collections; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } * * SubjectAltName ::= GeneralNames * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * * GeneralName ::= CHOICE { * otherName [0] OtherName, * rfc822Name [1] IA5String, * dNSName [2] IA5String, * x400Address [3] ORAddress, * directoryName [4] Name, * ediPartyName [5] EDIPartyName, * uniformResourceIdentifier [6] IA5String, * iPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER * } * * OtherName ::= SEQUENCE { * type-id OBJECT IDENTIFIER, * value [0] EXPLICIT ANY DEFINED BY type-id * } * * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString OPTIONAL, * partyName [1] DirectoryString * } */ // TODO - incomplete (only rfc822Name, dNSName are supported) internal class SubjectAltNameExtension : X509Extension { private ArrayList rfc822Name; private ArrayList dnsName; private ArrayList ipAddr; public SubjectAltNameExtension () : base () { extnOid = "2.5.29.17"; } public SubjectAltNameExtension (ASN1 asn1) : base (asn1) {} public SubjectAltNameExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x30) throw new ArgumentException ("Invalid SubjectAltName extension"); for (int i=0; i < sequence.Count; i++) { switch (sequence [i].Tag) { case 0x81: // rfc822Name [1] IA5String if (rfc822Name == null) rfc822Name = new ArrayList (); rfc822Name.Add (Encoding.ASCII.GetString (sequence [i].Value)); break; case 0x82: // dNSName [2] IA5String if (dnsName == null) dnsName = new ArrayList (); dnsName.Add (Encoding.ASCII.GetString (sequence [i].Value)); break; case 0x87: // iPAddress [7] OCTET STRING if (ipAddr == null) ipAddr = new ArrayList (); // TODO - Must find sample certificates break; default: break; } } } public override string Name { get { return "Subject Alternative Name"; } } public string[] RFC822 { get { string[] names = new string [rfc822Name.Count]; for (int i=0; i < rfc822Name.Count; i++) names [i] = (string) rfc822Name [i]; return names; } } public string[] DNSNames { get { if (dnsName == null) return new string [0]; return (string[]) dnsName.ToArray (typeof(string)); } } // Incomplete support public string[] IPAddresses { get { if (ipAddr == null) return new string [0]; return (string[]) ipAddr.ToArray (typeof(string)); } } public override string ToString () { StringBuilder sb = new StringBuilder (); if (rfc822Name != null) { foreach (string s in rfc822Name) { sb.Append ("RFC822 Name="); sb.Append (s); sb.Append (Environment.NewLine); } } if (dnsName != null) { foreach (string s in dnsName) { sb.Append ("DNS Name="); sb.Append (s); sb.Append (Environment.NewLine); } } if (ipAddr != null) { foreach (string s in ipAddr) { sb.Append ("IP Address="); sb.Append (s); sb.Append (Environment.NewLine); } } return sb.ToString (); } } } --- NEW FILE: SubjectKeyIdentifierExtension.cs --- // // SubjectKeyIdentifierExtension.cs: Handles X.509 SubjectKeyIdentifier extensions. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Text; using Mono.Security; using Mono.Security.X509; namespace Mono.Security.X509.Extensions { /* * id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } * * SubjectKeyIdentifier ::= KeyIdentifier * * KeyIdentifier ::= OCTET STRING */ internal class SubjectKeyIdentifierExtension : X509Extension { private byte[] ski; public SubjectKeyIdentifierExtension () : base () { extnOid = "2.5.29.14"; } public SubjectKeyIdentifierExtension (ASN1 asn1) : base (asn1) {} public SubjectKeyIdentifierExtension (X509Extension extension) : base (extension) {} protected override void Decode () { ASN1 sequence = new ASN1 (extnValue.Value); if (sequence.Tag != 0x04) throw new ArgumentException ("Invalid SubjectKeyIdentifier extension"); ski = sequence.Value; } public override string Name { get { return "Subject Key Identifier"; } } public byte[] Identifier { get { return (byte[]) ski.Clone (); } } public override string ToString () { if (ski == null) return null; StringBuilder sb = new StringBuilder (); int x = 0; while (x < ski.Length) { sb.Append (ski [x].ToString ("X2")); if (x % 2 == 1) sb.Append (" "); x++; } return sb.ToString (); } } } |
|
From: <car...@us...> - 2004-03-05 23:32:55
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25237/Mono.Security.X509.Extensions Log Message: Directory /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509.Extensions added to the repository |
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv25152 Modified Files: TrustAnchors.cs X509Certificate.cs X509CertificateCollection.cs X509Chain.cs X520Attributes.cs Added Files: PKCS12.cs X509Builder.cs X509CertificateBuilder.cs X509ChainStatusFlags.cs X509CRL.cs X509Store.cs X509StoreManager.cs X509Stores.cs Log Message: Sync security stuff with mono CVS classes. --- NEW FILE: PKCS12.cs --- // // PKCS12.cs: PKCS 12 - Personal Information Exchange Syntax // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // // Key derivation translated from Bouncy Castle JCE (http://www.bouncycastle.org/) // See bouncycastle.txt for license. // using System; using System.Collections; using System.IO; using System.Security.Cryptography; using System.Text; using Mono.Security; using Mono.Security.Cryptography; namespace Mono.Security.X509 { internal class PKCS5 { public const string pbeWithMD2AndDESCBC = "1.2.840.113549.1.5.1"; public const string pbeWithMD5AndDESCBC = "1.2.840.113549.1.5.3"; public const string pbeWithMD2AndRC2CBC = "1.2.840.113549.1.5.4"; public const string pbeWithMD5AndRC2CBC = "1.2.840.113549.1.5.6"; public const string pbeWithSHA1AndDESCBC = "1.2.840.113549.1.5.10"; public const string pbeWithSHA1AndRC2CBC = "1.2.840.113549.1.5.11"; public PKCS5 () {} } internal class PKCS12 { public const string pbeWithSHAAnd128BitRC4 = "1.2.840.113549.1.12.1.1"; public const string pbeWithSHAAnd40BitRC4 = "1.2.840.113549.1.12.1.2"; public const string pbeWithSHAAnd3KeyTripleDESCBC = "1.2.840.113549.1.12.1.3"; public const string pbeWithSHAAnd2KeyTripleDESCBC = "1.2.840.113549.1.12.1.4"; public const string pbeWithSHAAnd128BitRC2CBC = "1.2.840.113549.1.12.1.5"; public const string pbeWithSHAAnd40BitRC2CBC = "1.2.840.113549.1.12.1.6"; // bags public const string keyBag = "1.2.840.113549.1.12.10.1.1"; public const string pkcs8ShroudedKeyBag = "1.2.840.113549.1.12.10.1.2"; public const string certBag = "1.2.840.113549.1.12.10.1.3"; public const string crlBag = "1.2.840.113549.1.12.10.1.4"; public const string secretBag = "1.2.840.113549.1.12.10.1.5"; public const string safeContentsBag = "1.2.840.113549.1.12.10.1.6"; // types public const string x509Certificate = "1.2.840.113549.1.9.22.1"; public const string sdsiCertificate = "1.2.840.113549.1.9.22.2"; public const string x509Crl = "1.2.840.113549.1.9.23.1"; // Adapted from BouncyCastle PKCS12ParametersGenerator.java public class DeriveBytes { public enum Purpose { Key, IV, MAC } static private byte[] keyDiversifier = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 }; static private byte[] ivDiversifier = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 }; static private byte[] macDiversifier = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 }; private string _hashName; private int _iterations; private byte[] _password; private byte[] _salt; public DeriveBytes () {} public string HashName { get { return _hashName; } set { _hashName = value; } } public int IterationCount { get { return _iterations; } set { _iterations = value; } } public byte[] Password { get { return (byte[]) _password.Clone (); } set { if (value == null) _password = new byte [0]; else _password = (byte[]) value.Clone (); } } public byte[] Salt { get { return (byte[]) _salt.Clone (); } set { if (value != null) _salt = (byte[]) value.Clone (); else _salt = null; } } private void Adjust (byte[] a, int aOff, byte[] b) { int x = (b[b.Length - 1] & 0xff) + (a [aOff + b.Length - 1] & 0xff) + 1; a [aOff + b.Length - 1] = (byte) x; x >>= 8; for (int i = b.Length - 2; i >= 0; i--) { x += (b [i] & 0xff) + (a [aOff + i] & 0xff); a [aOff + i] = (byte) x; x >>= 8; } } private byte[] Derive (byte[] diversifier, int n) { HashAlgorithm digest = HashAlgorithm.Create (_hashName); int u = (digest.HashSize >> 3); // div 8 int v = 64; byte[] dKey = new byte [n]; byte[] S; if ((_salt != null) && (_salt.Length != 0)) { S = new byte[v * ((_salt.Length + v - 1) / v)]; for (int i = 0; i != S.Length; i++) { S[i] = _salt[i % _salt.Length]; } } else { S = new byte[0]; } byte[] P; if ((_password != null) && (_password.Length != 0)) { P = new byte[v * ((_password.Length + v - 1) / v)]; for (int i = 0; i != P.Length; i++) { P[i] = _password[i % _password.Length]; } } else { P = new byte[0]; } byte[] I = new byte [S.Length + P.Length]; Buffer.BlockCopy (S, 0, I, 0, S.Length); Buffer.BlockCopy (P, 0, I, S.Length, P.Length); byte[] B = new byte[v]; int c = (n + u - 1) / u; for (int i = 1; i <= c; i++) { digest.TransformBlock (diversifier, 0, diversifier.Length, diversifier, 0); digest.TransformFinalBlock (I, 0, I.Length); byte[] A = digest.Hash; digest.Initialize (); for (int j = 1; j != _iterations; j++) { A = digest.ComputeHash (A, 0, A.Length); } for (int j = 0; j != B.Length; j++) { B [j] = A [j % A.Length]; } for (int j = 0; j != I.Length / v; j++) { Adjust (I, j * v, B); } if (i == c) { Buffer.BlockCopy(A, 0, dKey, (i - 1) * u, dKey.Length - ((i - 1) * u)); } else { Buffer.BlockCopy(A, 0, dKey, (i - 1) * u, A.Length); } } return dKey; } public byte[] DeriveKey (int size) { return Derive (keyDiversifier, size); } public byte[] DeriveIV (int size) { return Derive (ivDiversifier, size); } public byte[] DeriveMAC (int size) { return Derive (macDiversifier, size); } } private int _version; private byte[] _password; private ArrayList _keyBags; private X509CertificateCollection _certs; // constructors public PKCS12 () { _keyBags = new ArrayList (); _certs = new X509CertificateCollection (); } public PKCS12 (byte[] data) : this (data, null) {} /* * PFX ::= SEQUENCE { * version INTEGER {v3(3)}(v3,...), * authSafe ContentInfo, * macData MacData OPTIONAL * } * * MacData ::= SEQUENCE { * mac DigestInfo, * macSalt OCTET STRING, * iterations INTEGER DEFAULT 1 * -- Note: The default is for historical reasons and its use is deprecated. A higher * -- value, like 1024 is recommended. * } * * SafeContents ::= SEQUENCE OF SafeBag * * SafeBag ::= SEQUENCE { * bagId BAG-TYPE.&id ({PKCS12BagSet}), * bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), * bagAttributes SET OF PKCS12Attribute OPTIONAL * } */ public PKCS12 (byte[] data, string password) : this () { Password = password; ASN1 pfx = new ASN1 (data); if (pfx.Tag != 0x30) throw new ArgumentException ("invalid data"); ASN1 version = pfx [0]; if (version.Tag != 0x02) throw new ArgumentException ("invalid PFX version"); _version = version.Value [0]; PKCS7.ContentInfo authSafe = new PKCS7.ContentInfo (pfx [1]); if (authSafe.ContentType != PKCS7.data) throw new ArgumentException ("invalid authenticated safe"); // now that we know it's a PKCS#12 file, check the (optional) MAC // before decoding anything else in the file if (pfx.Count > 2) { ASN1 macData = pfx [2]; if (macData.Tag != 0x30) throw new ArgumentException ("invalid MAC"); ASN1 mac = macData [0]; if (mac.Tag != 0x30) throw new ArgumentException ("invalid MAC"); ASN1 macAlgorithm = mac [0]; string macOid = ASN1Convert.ToOID (macAlgorithm [0]); if (macOid != "1.3.14.3.2.26") throw new ArgumentException ("unsupported HMAC"); byte[] macValue = mac [1].Value; ASN1 macSalt = macData [1]; if (macSalt.Tag != 0x04) throw new ArgumentException ("missing MAC salt"); int iterations = 1; // default value if (macData.Count > 2) { ASN1 iters = macData [2]; if (iters.Tag != 0x02) throw new ArgumentException ("invalid MAC iteration"); iterations = ASN1Convert.ToInt32 (iters); } PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes (); pd.HashName = "SHA1"; pd.Password = _password; pd.Salt = macSalt.Value; pd.IterationCount = iterations; HMACSHA1 hmac = (HMACSHA1) HMACSHA1.Create (); hmac.Key = pd.DeriveMAC (20); byte[] authSafeData = authSafe.Content [0].Value; byte[] calculatedMac = hmac.ComputeHash (authSafeData, 0, authSafeData.Length); if (!Compare (macValue, calculatedMac)) throw new CryptographicException ("Invalid MAC - file may have been tampered!"); } // we now returns to our original presentation - PFX ASN1 authenticatedSafe = new ASN1 (authSafe.Content [0].Value); for (int i=0; i < authenticatedSafe.Count; i++) { PKCS7.ContentInfo ci = new PKCS7.ContentInfo (authenticatedSafe [i]); switch (ci.ContentType) { case PKCS7.data: // unencrypted (by PKCS#12) ASN1 safeContents = new ASN1 (ci.Content [0].Value); for (int j=0; j < safeContents.Count; j++) { ASN1 safeBag = safeContents [j]; ReadSafeBag (safeBag); } break; case PKCS7.encryptedData: // password encrypted PKCS7.EncryptedData ed = new PKCS7.EncryptedData (ci.Content [0]); ASN1 decrypted = new ASN1 (Decrypt (ed)); for (int j=0; j < decrypted.Count; j++) { ASN1 safeBag = decrypted [j]; ReadSafeBag (safeBag); } break; case PKCS7.envelopedData: // public key encrypted throw new NotImplementedException ("public key encrypted"); default: throw new ArgumentException ("unknown authenticatedSafe"); } } } ~PKCS12 () { if (_password != null) { Array.Clear (_password, 0, _password.Length); } } // properties public string Password { set { if (value != null) { if (value.EndsWith ("\0")) _password = Encoding.BigEndianUnicode.GetBytes (value); else _password = Encoding.BigEndianUnicode.GetBytes (value + "\0"); } else _password = null; // no password } } public ArrayList Keys { get { return _keyBags; } } public X509CertificateCollection Certificates { get { return _certs; } } // private methods private bool Compare (byte[] expected, byte[] actual) { bool compare = false; if (expected.Length == actual.Length) { for (int i=0; i < expected.Length; i++) { if (expected [i] != actual [i]) return false; } compare = true; } return compare; } public byte[] Decrypt (string algorithmOid, byte[] salt, int iterationCount, byte[] encryptedData) { string algorithm = null; int keyLength = 8; // 64 bits (default) int ivLength = 8; // 64 bits (default) PKCS12.DeriveBytes pd = new PKCS12.DeriveBytes (); pd.Password = _password; pd.Salt = salt; pd.IterationCount = iterationCount; switch (algorithmOid) { case PKCS5.pbeWithMD2AndDESCBC: // no unit test available pd.HashName = "MD2"; algorithm = "DES"; break; case PKCS5.pbeWithMD5AndDESCBC: // no unit test available pd.HashName = "MD5"; algorithm = "DES"; break; case PKCS5.pbeWithMD2AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "MD2"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS5.pbeWithMD5AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "MD5"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS5.pbeWithSHA1AndDESCBC: // no unit test available pd.HashName = "SHA1"; algorithm = "DES"; break; case PKCS5.pbeWithSHA1AndRC2CBC: // no unit test available // TODO - RC2-CBC-Parameter (PKCS5) // if missing default to 32 bits !!! pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 4; // default break; case PKCS12.pbeWithSHAAnd128BitRC4: // no unit test available pd.HashName = "SHA1"; algorithm = "RC4"; keyLength = 16; ivLength = 0; // N/A break; case PKCS12.pbeWithSHAAnd40BitRC4: // no unit test available pd.HashName = "SHA1"; algorithm = "RC4"; keyLength = 5; ivLength = 0; // N/A break; case PKCS12.pbeWithSHAAnd3KeyTripleDESCBC: pd.HashName = "SHA1"; algorithm = "TripleDES"; keyLength = 24; break; case PKCS12.pbeWithSHAAnd2KeyTripleDESCBC: // no unit test available pd.HashName = "SHA1"; algorithm = "TripleDES"; keyLength = 16; break; case PKCS12.pbeWithSHAAnd128BitRC2CBC: // no unit test available pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 16; break; case PKCS12.pbeWithSHAAnd40BitRC2CBC: pd.HashName = "SHA1"; algorithm = "RC2"; keyLength = 5; break; default: throw new NotSupportedException ("unknown oid " + algorithm); } SymmetricAlgorithm sa = SymmetricAlgorithm.Create (algorithm); sa.Key = pd.DeriveKey (keyLength); // IV required only for block ciphers (not stream ciphers) if (ivLength > 0) { sa.IV = pd.DeriveIV (ivLength); sa.Mode = CipherMode.CBC; } ICryptoTransform ct = sa.CreateDecryptor (); return ct.TransformFinalBlock (encryptedData, 0, encryptedData.Length); } public byte[] Decrypt (PKCS7.EncryptedData ed) { return Decrypt (ed.EncryptionAlgorithm.ContentType, ed.EncryptionAlgorithm.Content [0].Value, ASN1Convert.ToInt32 (ed.EncryptionAlgorithm.Content [1]), ed.EncryptedContent); } private void AddPrivateKey (PKCS8.PrivateKeyInfo pki) { byte[] privateKey = pki.PrivateKey; switch (privateKey [0]) { case 0x02: DSAParameters p = new DSAParameters (); // FIXME _keyBags.Add (PKCS8.PrivateKeyInfo.DecodeDSA (privateKey, p)); break; case 0x30: _keyBags.Add (PKCS8.PrivateKeyInfo.DecodeRSA (privateKey)); break; default: Array.Clear (privateKey, 0, privateKey.Length); throw new CryptographicException ("Unknown private key format"); } Array.Clear (privateKey, 0, privateKey.Length); } private void ReadSafeBag (ASN1 safeBag) { if (safeBag.Tag != 0x30) throw new ArgumentException ("invalid safeBag"); ASN1 bagId = safeBag [0]; if (bagId.Tag != 0x06) throw new ArgumentException ("invalid safeBag id"); ASN1 bagValue = safeBag [1]; string oid = ASN1Convert.ToOID (bagId); switch (oid) { case keyBag: // NEED UNIT TEST AddPrivateKey (new PKCS8.PrivateKeyInfo (bagValue.Value)); break; case pkcs8ShroudedKeyBag: PKCS8.EncryptedPrivateKeyInfo epki = new PKCS8.EncryptedPrivateKeyInfo (bagValue.Value); byte[] decrypted = Decrypt (epki.Algorithm, epki.Salt, epki.IterationCount, epki.EncryptedData); AddPrivateKey (new PKCS8.PrivateKeyInfo (decrypted)); Array.Clear (decrypted, 0, decrypted.Length); break; case certBag: PKCS7.ContentInfo cert = new PKCS7.ContentInfo (bagValue.Value); if (cert.ContentType != x509Certificate) throw new NotSupportedException ("unsupport certificate type"); X509Certificate x509 = new X509Certificate (cert.Content [0].Value); _certs.Add (x509); break; case crlBag: // TODO break; case secretBag: // TODO break; case safeContentsBag: // TODO - ? recurse ? break; default: throw new ArgumentException ("unknown safeBag oid"); } } static private int recommendedIterationCount = 2000; /* * SafeContents ::= SEQUENCE OF SafeBag * * SafeBag ::= SEQUENCE { * bagId BAG-TYPE.&id ({PKCS12BagSet}), * bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), * bagAttributes SET OF PKCS12Attribute OPTIONAL * } */ public byte[] GetBytes () { PKCS7.ContentInfo authSafe = new PKCS7.ContentInfo (PKCS7.data); // TODO (incomplete) byte[] salt = new byte [20]; RandomNumberGenerator rng = RandomNumberGenerator.Create (); rng.GetBytes (salt); ASN1 macData = new ASN1 (0x30); byte[] macValue = null; if (macValue != null) { // only for password based encryption ASN1 mac = new ASN1 (0x30); mac.Add (ASN1Convert.FromOID ("1.3.14.3.2.26")); // SHA1 mac.Add (new ASN1 (0x04, macValue)); macData.Add (mac); macData.Add (new ASN1 (0x04, salt)); macData.Add (ASN1Convert.FromInt32 (recommendedIterationCount)); } ASN1 version = new ASN1 (0x02, new byte [1] { 0x03 }); ASN1 pfx = new ASN1 (0x30); pfx.Add (version); pfx.Add (authSafe.ASN1); if (macValue != null) { // only for password based encryption pfx.Add (macData); } return pfx.GetBytes (); } // static methods static private byte[] LoadFile (string filename) { byte[] data = null; using (FileStream fs = File.OpenRead (filename)) { data = new byte [fs.Length]; fs.Read (data, 0, data.Length); fs.Close (); } return data; } static public PKCS12 LoadFromFile (string filename) { if (filename == null) throw new ArgumentNullException ("filename"); return new PKCS12 (LoadFile (filename)); } static public PKCS12 LoadFromFile (string filename, string password) { if (filename == null) throw new ArgumentNullException ("filename"); if (password == null) throw new ArgumentNullException ("password"); return new PKCS12 (LoadFile (filename), password); } } } --- NEW FILE: X509Builder.cs --- using System; using System.Security.Cryptography; using Mono.Security; namespace Mono.Security.X509 { internal abstract class X509Builder { private const string defaultHash = "SHA1"; private string hashName; public X509Builder () { hashName = defaultHash; } protected abstract ASN1 ToBeSigned (string hashName); // move to PKCS1 protected string GetOID (string hashName) { switch (hashName.ToLower ()) { case "md2": // md2withRSAEncryption (1 2 840 113549 1 1 2) return "1.2.840.113549.1.1.2"; case "md4": // md4withRSAEncryption (1 2 840 113549 1 1 3) return "1.2.840.113549.1.1.3"; case "md5": // md5withRSAEncryption (1 2 840 113549 1 1 4) return "1.2.840.113549.1.1.4"; case "sha1": // sha1withRSAEncryption (1 2 840 113549 1 1 5) return "1.2.840.113549.1.1.5"; case "sha256": // sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } return "1.2.840.113549.1.1.11"; case "sha384": // sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } return "1.2.840.113549.1.1.12"; case "sha512": // sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } return "1.2.840.113549.1.1.13"; default: throw new NotSupportedException ("Unknown hash algorithm " + hashName); } } public string Hash { get { return hashName; } set { if (hashName == null) hashName = defaultHash; else hashName = value; } } public virtual byte[] Sign (AsymmetricAlgorithm aa) { if (aa is RSA) return Sign (aa as RSA); else if (aa is DSA) return Sign (aa as DSA); else throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString()); } private byte[] Build (ASN1 tbs, string hashoid, byte[] signature) { ASN1 builder = new ASN1 (0x30); builder.Add (tbs); builder.Add (PKCS7.AlgorithmIdentifier (hashoid)); // first byte of BITSTRING is the number of unused bits in the first byte byte[] bitstring = new byte [signature.Length + 1]; Array.Copy (signature, 0, bitstring, 1, signature.Length); builder.Add (new ASN1 (0x03, bitstring)); return builder.GetBytes (); } public virtual byte[] Sign (RSA key) { string oid = GetOID (hashName); ASN1 tbs = ToBeSigned (oid); HashAlgorithm ha = HashAlgorithm.Create (hashName); byte[] hash = ha.ComputeHash (tbs.GetBytes ()); RSAPKCS1SignatureFormatter pkcs1 = new RSAPKCS1SignatureFormatter (key); pkcs1.SetHashAlgorithm (hashName); byte[] signature = pkcs1.CreateSignature (hash); return Build (tbs, oid, signature); } public virtual byte[] Sign (DSA key) { string oid = "1.2.840.10040.4.3"; ASN1 tbs = ToBeSigned (oid); HashAlgorithm ha = HashAlgorithm.Create (hashName); if (!(ha is SHA1)) throw new NotSupportedException ("Only SHA-1 is supported for DSA"); byte[] hash = ha.ComputeHash (tbs.GetBytes ()); DSASignatureFormatter dsa = new DSASignatureFormatter (key); dsa.SetHashAlgorithm (hashName); byte[] rs = dsa.CreateSignature (hash); // split R and S byte[] r = new byte [20]; Array.Copy (rs, 0, r, 0, 20); byte[] s = new byte [20]; Array.Copy (rs, 20, s, 0, 20); ASN1 signature = new ASN1 (0x30); signature.Add (new ASN1 (0x02, r)); signature.Add (new ASN1 (0x02, s)); // dsaWithSha1 (1 2 840 10040 4 3) return Build (tbs, oid, signature.GetBytes ()); } } } --- NEW FILE: X509CertificateBuilder.cs --- // // X509CertificateBuilder.cs: Handles building of X.509 certificates. // // Author: // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) using System; using System.Security.Cryptography; namespace Mono.Security.X509 { // From RFC3280 /* * Certificate ::= SEQUENCE { * tbsCertificate TBSCertificate, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING * } * TBSCertificate ::= SEQUENCE { * version [0] Version DEFAULT v1, * serialNumber CertificateSerialNumber, * signature AlgorithmIdentifier, * issuer Name, * validity Validity, * subject Name, * subjectPublicKeyInfo SubjectPublicKeyInfo, * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, * -- If present, version MUST be v2 or v3 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, * -- If present, version MUST be v2 or v3 * extensions [3] Extensions OPTIONAL * -- If present, version MUST be v3 -- * } * Version ::= INTEGER { v1(0), v2(1), v3(2) } * CertificateSerialNumber ::= INTEGER * Validity ::= SEQUENCE { * notBefore Time, * notAfter Time * } * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime * } */ internal class X509CertificateBuilder : X509Builder { private byte version; private byte[] sn; private string issuer; private DateTime notBefore; private DateTime notAfter; private string subject; private AsymmetricAlgorithm aa; private byte[] issuerUniqueID; private byte[] subjectUniqueID; private X509Extensions extensions; public X509CertificateBuilder () : this (3) {} public X509CertificateBuilder (byte version) { if (version > 3) throw new ArgumentException ("Invalid certificate version"); this.version = version; extensions = new X509Extensions (); } public byte Version { get { return version; } set { version = value; } } public byte[] SerialNumber { get { return sn; } set { sn = value; } } public string IssuerName { get { return issuer; } set { issuer = value; } } public DateTime NotBefore { get { return notBefore; } set { notBefore = value; } } public DateTime NotAfter { get { return notAfter; } set { notAfter = value; } } public string SubjectName { get { return subject; } set { subject = value; } } public AsymmetricAlgorithm SubjectPublicKey { get { return aa; } set { aa = value; } } public byte[] IssuerUniqueID { get { return issuerUniqueID; } set { issuerUniqueID = value; } } public byte[] SubjectUniqueID { get { return subjectUniqueID; } set { subjectUniqueID = value; } } public X509Extensions Extensions { get { return extensions; } } /* SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ private ASN1 SubjectPublicKeyInfo () { ASN1 keyInfo = new ASN1 (0x30); if (aa is RSA) { keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.113549.1.1.1")); RSAParameters p = (aa as RSA).ExportParameters (false); /* RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER } -- e */ ASN1 key = new ASN1 (0x30); key.Add (ASN1Convert.FromUnsignedBigInteger (p.Modulus)); key.Add (ASN1Convert.FromUnsignedBigInteger (p.Exponent)); keyInfo.Add (new ASN1 (UniqueIdentifier (key.GetBytes ()))); } else if (aa is DSA) { DSAParameters p = (aa as DSA).ExportParameters (false); /* Dss-Parms ::= SEQUENCE { * p INTEGER, * q INTEGER, * g INTEGER } */ ASN1 param = new ASN1 (0x30); param.Add (ASN1Convert.FromUnsignedBigInteger (p.P)); param.Add (ASN1Convert.FromUnsignedBigInteger (p.Q)); param.Add (ASN1Convert.FromUnsignedBigInteger (p.G)); keyInfo.Add (PKCS7.AlgorithmIdentifier ("1.2.840.10040.4.1", param)); ASN1 key = keyInfo.Add (new ASN1 (0x03)); // DSAPublicKey ::= INTEGER -- public key, y key.Add (ASN1Convert.FromUnsignedBigInteger (p.Y)); } else throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ()); return keyInfo; } private byte[] UniqueIdentifier (byte[] id) { // UniqueIdentifier ::= BIT STRING ASN1 uid = new ASN1 (0x03); // first byte in a BITSTRING is the number of unused bits in the first byte byte[] v = new byte [id.Length + 1]; Array.Copy (id, 0, v, 1, id.Length); uid.Value = v; return uid.GetBytes (); } protected override ASN1 ToBeSigned (string oid) { // TBSCertificate ASN1 tbsCert = new ASN1 (0x30); if (version > 1) { // TBSCertificate / [0] Version DEFAULT v1, byte[] ver = { (byte)(version - 1) }; ASN1 v = tbsCert.Add (new ASN1 (0xA0)); v.Add (new ASN1 (0x02, ver)); } // TBSCertificate / CertificateSerialNumber, tbsCert.Add (new ASN1 (0x02, sn)); // TBSCertificate / AlgorithmIdentifier, tbsCert.Add (PKCS7.AlgorithmIdentifier (oid)); // TBSCertificate / Name tbsCert.Add (X501.FromString (issuer)); // TBSCertificate / Validity ASN1 validity = tbsCert.Add (new ASN1 (0x30)); // TBSCertificate / Validity / Time validity.Add (ASN1Convert.FromDateTime (notBefore)); // TBSCertificate / Validity / Time validity.Add (ASN1Convert.FromDateTime (notAfter)); // TBSCertificate / Name tbsCert.Add (X501.FromString (subject)); // TBSCertificate / SubjectPublicKeyInfo ASN1 keyInfo = tbsCert.Add (SubjectPublicKeyInfo ()); if (version > 1) { // TBSCertificate / [1] IMPLICIT UniqueIdentifier OPTIONAL if (issuerUniqueID != null) tbsCert.Add (new ASN1 (0xA1, UniqueIdentifier (issuerUniqueID))); // TBSCertificate / [2] IMPLICIT UniqueIdentifier OPTIONAL if (subjectUniqueID != null) tbsCert.Add (new ASN1 (0xA1, UniqueIdentifier (subjectUniqueID))); // TBSCertificate / [3] Extensions OPTIONAL if ((version > 2) && (extensions.Count > 0)) tbsCert.Add (new ASN1 (0xA3, extensions.GetBytes ())); } return tbsCert; } } } --- NEW FILE: X509ChainStatusFlags.cs --- // // X509ChainStatusFlags.cs: X.509 Chain Status // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; namespace Mono.Security.X509 { // definitions from Fx 1.2 // commented flags aren't implemented in X509Chain [Serializable] internal enum X509ChainStatusFlags { // CtlNotSignatureValid = 262144, // CtlNotTimeValid = 131072, // CtlNotValidForUsage = 524288, // Cyclic = 128, // HasExcludedNameConstraint = 32768, // HasNotDefinedNameConstraint = 8192, // HasNotPermittedNameConstraint = 16384, // HasNotSupportedNameConstraint = 4096, InvalidBasicConstraints = 1024, // InvalidExtension = 256, // InvalidNameConstraints = 2048, // InvalidPolicyConstraints = 512, NoError = 0, // NoIssuanceChainPolicy = 33554432, NotSignatureValid = 8, NotTimeNested = 2, NotTimeValid = 1, // NotValidForUsage = 16, // OfflineRevocation = 16777216, PartialChain = 65536, // RevocationStatusUnknown = 64, // Revoked = 4, UntrustedRoot = 32 } } --- NEW FILE: X509CRL.cs --- // // X509CRL.cs: Handles X.509 certificates revocation lists. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.IO; using System.Security.Cryptography; using Mono.Security.X509.Extensions; namespace Mono.Security.X509 { /* * CertificateList ::= SEQUENCE { * tbsCertList TBSCertList, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING * } * * TBSCertList ::= SEQUENCE { * version Version OPTIONAL, * -- if present, MUST be v2 * signature AlgorithmIdentifier, * issuer Name, * thisUpdate Time, * nextUpdate Time OPTIONAL, * revokedCertificates SEQUENCE OF SEQUENCE { * userCertificate CertificateSerialNumber, * revocationDate Time, * crlEntryExtensions Extensions OPTIONAL * -- if present, MUST be v2 * } OPTIONAL, * crlExtensions [0] Extensions OPTIONAL } * -- if present, MUST be v2 */ internal class X509CRL { internal class X509CRLEntry { private byte[] sn; private DateTime revocationDate; private X509Extensions extensions; internal X509CRLEntry (byte[] serialNumber, DateTime revocationDate, X509Extensions extensions) { sn = serialNumber; this.revocationDate = revocationDate; if (extensions == null) this.extensions = new X509Extensions (); else this.extensions = extensions; } internal X509CRLEntry (ASN1 entry) { sn = entry [0].Value; Array.Reverse (sn); revocationDate = ASN1Convert.ToDateTime (entry [1]); extensions = new X509Extensions (entry [2]); } public byte[] SerialNumber { get { return sn; } } public DateTime RevocationDate { get { return revocationDate; } } public X509Extensions Extensions { get { return extensions; } } public byte[] GetBytes () { ASN1 sequence = new ASN1 (0x30); sequence.Add (new ASN1 (0x02, sn)); sequence.Add (ASN1Convert.FromDateTime (revocationDate)); if (extensions.Count > 0) sequence.Add (new ASN1 (extensions.GetBytes ())); return sequence.GetBytes (); } } private string issuer; private byte version; private DateTime thisUpdate; private DateTime nextUpdate; private ArrayList entries; private string signatureOID; private byte[] signature; private X509Extensions extensions; private byte[] encoded; public X509CRL (byte[] crl) { if (crl == null) throw new ArgumentNullException ("crl"); encoded = (byte[]) crl.Clone (); Parse (encoded); } private void Parse (byte[] crl) { string e = "Input data cannot be coded as a valid CRL."; try { // CertificateList ::= SEQUENCE { ASN1 encodedCRL = new ASN1 (encoded); if ((encodedCRL.Tag != 0x30) || (encodedCRL.Count != 3)) throw new CryptographicException (e); // CertificateList / TBSCertList, ASN1 toBeSigned = encodedCRL [0]; if ((toBeSigned.Tag != 0x30) || (toBeSigned.Count < 3)) throw new CryptographicException (e); int n = 0; // CertificateList / TBSCertList / Version OPTIONAL, -- if present, MUST be v2 if (toBeSigned [n].Tag == 0x02) { version = (byte) (toBeSigned [n++].Value [0] + 1); } else version = 1; // DEFAULT // CertificateList / TBSCertList / AlgorithmIdentifier, signatureOID = ASN1Convert.ToOID (toBeSigned [n++][0]); // CertificateList / TBSCertList / Name, issuer = X501.ToString (toBeSigned [n++]); // CertificateList / TBSCertList / Time, thisUpdate = ASN1Convert.ToDateTime (toBeSigned [n++]); // CertificateList / TBSCertList / Time OPTIONAL, ASN1 next = toBeSigned [n++]; if ((next.Tag == 0x17) || (next.Tag == 0x18)) { nextUpdate = ASN1Convert.ToDateTime (next); next = toBeSigned [n++]; } // CertificateList / TBSCertList / revokedCertificates SEQUENCE OF SEQUENCE { entries = new ArrayList (); ASN1 revokedCertificates = next; for (int i=0; i < revokedCertificates.Count; i++) { entries.Add (new X509CRLEntry (revokedCertificates [i])); } // CertificateList / TBSCertList / crlExtensions [0] Extensions OPTIONAL } ASN1 extns = toBeSigned [n]; if ((extns != null) && (extns.Tag == 0xA0) && (extns.Count == 1)) extensions = new X509Extensions (extns [0]); else extensions = new X509Extensions (null); // result in a read only object // CertificateList / AlgorithmIdentifier string signatureAlgorithm = ASN1Convert.ToOID (encodedCRL [1][0]); if (signatureOID != signatureAlgorithm) throw new CryptographicException (e + " [Non-matching signature algorithms in CRL]"); // CertificateList / BIT STRING byte[] bitstring = encodedCRL [2].Value; // first byte contains unused bits in first byte signature = new byte [bitstring.Length - 1]; Array.Copy (bitstring, 1, signature, 0, signature.Length); } catch { throw new CryptographicException (e); } } public ArrayList Entries { get { return ArrayList.ReadOnly (entries); } } public X509CRLEntry this [int index] { get { return (X509CRLEntry) entries [index]; } } public X509CRLEntry this [byte[] serialNumber] { get { return GetCRLEntry (serialNumber); } } public X509Extensions Extensions { get { return extensions; } } public string IssuerName { get { return issuer; } } public DateTime NextUpdate { get { return nextUpdate; } } public DateTime ThisUpdate { get { return thisUpdate; } } public string SignatureAlgorithm { get { return signatureOID; } } public byte[] Signature { get { return signature; } } public byte Version { get { return version; } } public bool IsCurrent { get { return WasCurrent (DateTime.UtcNow); } } public bool WasCurrent (DateTime date) { if (nextUpdate == DateTime.MinValue) return (date >= thisUpdate); else return ((date >= thisUpdate) && (date <= nextUpdate)); } public byte[] GetBytes () { return encoded; } private bool Compare (byte[] array1, byte[] array2) { if ((array1 == null) && (array2 == null)) return true; if ((array1 == null) || (array2 == null)) return false; if (array1.Length != array2.Length) return false; for (int i=0; i < array1.Length; i++) { if (array1 [i] != array2 [i]) return false; } return true; } public X509CRLEntry GetCRLEntry (X509Certificate x509) { if (x509 == null) throw new ArgumentNullException ("x509"); return GetCRLEntry (x509.SerialNumber); } public X509CRLEntry GetCRLEntry (byte[] serialNumber) { if (serialNumber == null) throw new ArgumentNullException ("serialNumber"); for (int i=0; i < entries.Count; i++) { X509CRLEntry entry = (X509CRLEntry) entries [i]; if (Compare (serialNumber, entry.SerialNumber)) return entry; } return null; } public bool VerifySignature (X509Certificate x509) { // 1. x509 certificate must be a CA certificate (unknown for v1 or v2 certs) if (x509.Version >= 3) { // 1.1. Check for "cRLSign" bit in KeyUsage extension X509Extension ext = x509.Extensions ["2.5.29.15"]; if (ext != null) { KeyUsageExtension keyUsage = new KeyUsageExtension (ext); if (!keyUsage.Support (KeyUsage.cRLSign)) return false; } // 1.2. Check for ca = true in BasicConstraint ext = x509.Extensions ["2.5.29.19"]; if (ext != null) { BasicConstraintsExtension basicConstraints = new BasicConstraintsExtension (ext); if (!basicConstraints.CertificateAuthority) return false; } } // 2. CRL issuer must match CA subject name if (issuer != x509.SubjectName) return false; // 3. Check the CRL signature with the CA certificate public key switch (signatureOID) { case "1.2.840.10040.4.3": return VerifySignature (x509.DSA); default: return VerifySignature (x509.RSA); } } private byte[] GetHash (string hashName) { ASN1 encodedCRL = new ASN1 (encoded); byte[] toBeSigned = encodedCRL [0].GetBytes (); HashAlgorithm ha = HashAlgorithm.Create (hashName); return ha.ComputeHash (toBeSigned); } public bool VerifySignature (DSA dsa) { if (signatureOID != "1.2.840.10040.4.3") throw new CryptographicException ("Unsupported hash algorithm: " + signatureOID); DSASignatureDeformatter v = new DSASignatureDeformatter (dsa); // only SHA-1 is supported string hashName = "SHA1"; v.SetHashAlgorithm (hashName); ASN1 sign = new ASN1 (signature); if ((sign == null) || (sign.Count != 2)) return false; // parts may be less than 20 bytes (i.e. first bytes were 0x00) byte[] part1 = sign [0].Value; byte[] part2 = sign [1].Value; byte[] sig = new byte [40]; Array.Copy (part1, 0, sig, (20 - part1.Length), part1.Length); Array.Copy (part2, 0, sig, (40 - part2.Length), part2.Length); return v.VerifySignature (GetHash (hashName), sig); } public bool VerifySignature (RSA rsa) { RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter (rsa); string hashName = null; switch (signatureOID) { // MD2 with RSA encryption case "1.2.840.113549.1.1.2": // maybe someone installed MD2 ? hashName = "MD2"; break; // MD5 with RSA encryption case "1.2.840.113549.1.1.4": hashName = "MD5"; break; // SHA-1 with RSA Encryption case "1.2.840.113549.1.1.5": hashName = "SHA1"; break; default: throw new CryptographicException ("Unsupported hash algorithm: " + signatureOID); } v.SetHashAlgorithm (hashName); return v.VerifySignature (GetHash (hashName), signature); } public bool VerifySignature (AsymmetricAlgorithm aa) { // only validate the signature (in case we don't have the CA certificate) if (aa is RSA) return VerifySignature (aa as RSA); else if (aa is DSA) return VerifySignature (aa as DSA); else throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ()); } static public X509CRL CreateFromFile (string filename) { FileStream fs = File.Open (filename, FileMode.Open, FileAccess.Read, FileShare.Read); byte[] crl = new byte [fs.Length]; fs.Read (crl, 0, crl.Length); fs.Close (); return new X509CRL (crl); } } } --- NEW FILE: X509Store.cs --- // // X509Store.cs: Handles a X.509 certificates/CRLs store // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.IO; using System.Text; using Mono.Security.X509.Extensions; namespace Mono.Security.X509 { internal class X509Store { private string _storePath; private X509CertificateCollection _certificates; private ArrayList _crls; private bool _crl; private string _name; internal X509Store (string path, bool crl) { _storePath = path; _crl = crl; } // properties public X509CertificateCollection Certificates { get { if (_certificates == null) { _certificates = BuildCertificatesCollection (_storePath); } return _certificates; } } public ArrayList CRLs { get { // CRL aren't applicable to all stores // but returning null is a little rude if (!_crl) { _crls = new ArrayList (); } if (_crls == null) { _crls = BuildCRLsCollection (_storePath); } return _crls; } } public string Name { get { if (_name == null) { int n = _storePath.LastIndexOf (Path.DirectorySeparatorChar); _name = _storePath.Substring (n+1); } return _name; } } // methods public void Clear () { if (_certificates != null) _certificates.Clear (); _certificates = null; if (_crls != null) _crls.Clear (); _crls = null; } public void Import (X509Certificate certificate) { if (!Directory.Exists (_storePath)) { Directory.CreateDirectory (_storePath); } string filename = Path.Combine (_storePath, GetUniqueName (certificate)); if (!File.Exists (filename)) { using (FileStream fs = File.OpenWrite (filename)) { byte[] data = certificate.RawData; fs.Write (data, 0, data.Length); fs.Close (); } } } public void Remove (X509Certificate certificate) { string filename = Path.Combine (_storePath, GetUniqueName (certificate)); if (File.Exists (filename)) { File.Delete (filename); } } // private stuff private string GetUniqueName (X509Certificate certificate) { string method = null; byte[] name = null; // We prefer Subject Key Identifier as the unique name // as it will provide faster lookups X509Extension ext = certificate.Extensions ["2.5.29.14"]; if (ext != null) { SubjectKeyIdentifierExtension ski = new SubjectKeyIdentifierExtension (ext); name = ski.Identifier; method = "ski"; } else { method = "tbp"; // thumbprint name = certificate.Hash; } StringBuilder sb = new StringBuilder (method); sb.Append ("-"); foreach (byte b in name) { sb.Append (b.ToString ("X2")); } sb.Append (".cer"); return sb.ToString (); } private byte[] Load (string filename) { byte[] data = null; using (FileStream fs = File.OpenRead (filename)) { data = new byte [fs.Length]; fs.Read (data, 0, data.Length); fs.Close (); } return data; } private X509Certificate LoadCertificate (string filename) { byte[] data = Load (filename); X509Certificate cert = new X509Certificate (data); return cert; } private X509CRL LoadCRL (string filename) { byte[] data = Load (filename); X509CRL crl = new X509CRL (data); return crl; } private X509CertificateCollection BuildCertificatesCollection (string storeName) { string path = Path.Combine (_storePath, storeName); if (!Directory.Exists (path)) { Directory.CreateDirectory (path); } X509CertificateCollection coll = new X509CertificateCollection (); string[] files = Directory.GetFiles (path, "*.cer"); if ((files != null) && (files.Length > 0)) { foreach (string file in files) { try { X509Certificate cert = LoadCertificate (file); coll.Add (cert); } catch { // in case someone is dumb enough // (like me) to include a base64 // encoded certs (or other junk // into the store). } } } return coll; } private ArrayList BuildCRLsCollection (string storeName) { ArrayList list = new ArrayList (); string path = Path.Combine (_storePath, storeName); string[] files = Directory.GetFiles (path, "*.crl"); if ((files != null) && (files.Length > 0)) { foreach (string file in files) { try { X509CRL crl = LoadCRL (file); list.Add (crl); } catch { // junk catcher } } } return list; } } } --- NEW FILE: X509StoreManager.cs --- // // X509StoreManager.cs: X.509 store manager. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.IO; using Mono.Security.X509.Extensions; namespace Mono.Security.X509 { internal class X509StoreManager { static private X509Stores _userStore; static private X509Stores _machineStore; protected X509StoreManager () {} static public X509Stores CurrentUser { get { if (_userStore == null) { string _userPath = Path.Combine ( Environment.GetFolderPath (Environment.SpecialFolder.ApplicationData), ".mono"); _userPath = Path.Combine (_userPath, "certs"); _userStore = new X509Stores (_userPath); } return _userStore; } } static public X509Stores LocalMachine { get { if (_machineStore == null) { // FIXME: where should it be ? string _machinePath = Path.Combine ( Environment.GetFolderPath (Environment.SpecialFolder.ApplicationData), ".mono"); _machinePath = Path.Combine (_machinePath, "machinecerts"); // FIXME _machineStore = new X509Stores (_machinePath); } return _machineStore; } } // Merged stores collections // we need to look at both the user and the machine (entreprise) // certificates/CRLs when building/validating a chain static public X509CertificateCollection IntermediateCACertificates { get { X509CertificateCollection intermediateCerts = new X509CertificateCollection (); intermediateCerts.AddRange (CurrentUser.IntermediateCA.Certificates); intermediateCerts.AddRange (LocalMachine.IntermediateCA.Certificates); return intermediateCerts; } } static public ArrayList IntermediateCACRLs { get { ArrayList intermediateCRLs = new ArrayList (); intermediateCRLs.AddRange (CurrentUser.IntermediateCA.CRLs); intermediateCRLs.AddRange (LocalMachine.IntermediateCA.CRLs); return intermediateCRLs; } } static public X509CertificateCollection TrustedRootCertificates { get { X509CertificateCollection trustedCerts = new X509CertificateCollection (); trustedCerts.AddRange (CurrentUser.TrustedRoot.Certificates); trustedCerts.AddRange (LocalMachine.TrustedRoot.Certificates); return trustedCerts; } } static public ArrayList TrustedRootCACRLs { get { ArrayList trustedCRLs = new ArrayList (); trustedCRLs.AddRange (CurrentUser.TrustedRoot.CRLs); trustedCRLs.AddRange (LocalMachine.TrustedRoot.CRLs); return trustedCRLs; } } static public X509CertificateCollection UntrustedCertificates { get { X509CertificateCollection untrustedCerts = new X509CertificateCollection (); untrustedCerts.AddRange (CurrentUser.Untrusted.Certificates); untrustedCerts.AddRange (LocalMachine.Untrusted.Certificates); return untrustedCerts; } } } } --- NEW FILE: X509Stores.cs --- // // X509Stores.cs: Handles X.509 certificates/CRLs stores group. // // Author: // Sebastien Pouliot <seb...@xi...> // // (C) 2004 Novell (http://www.novell.com) // using System; using System.Collections; using System.IO; using Mono.Security.X509.Extensions; namespace Mono.Security.X509 { internal class X509Stores { private string _storePath; private X509Store _personal; private X509Store _other; private X509Store _intermediate; private X509Store _trusted; private X509Store _untrusted; internal X509Stores (string path) { _storePath = path; } // properties public X509Store Personal { get { if (_personal == null) { string path = Path.Combine (_storePath, Names.Personal); _personal = new X509Store (path, false); } return _personal; } } public X509Store OtherPeople { get { if (_other == null) { string path = Path.Combine (_storePath, Names.OtherPeople); _other = new X509Store (path, false); } return _other; } } public X509Store IntermediateCA { get { if (_intermediate == null) { string path = Path.Combine (_storePath, Names.IntermediateCA); _intermediate = new X509Store (path, true); } return _intermediate; } } public X509Store TrustedRoot { get { if (_trusted == null) { string path = Path.Combine (_storePath, Names.TrustedRoot); _trusted = new X509Store (path, true); } return _trusted; } } public X509Store Untrusted { get { if (_untrusted == null) { string path = Path.Combine (_storePath, Names.Untrusted); _untrusted = new X509Store (path, false); } return _untrusted; } } // methods public void Clear () { // this will force a reload of all stores if (_personal != null) _personal.Clear (); _personal = null; if (_other != null) _other.Clear (); _other = null; if (_intermediate != null) _intermediate.Clear (); _intermediate = null; if (_trusted != null) _trusted.Clear (); _trusted = null; if (_untrusted != null) _untrusted.Clear (); _untrusted = null; } // names internal class Names { // do not translate public const string Personal = "My"; public const string OtherPeople = "AddressBook"; public const string IntermediateCA = "CA"; public const string TrustedRoot = "Trust"; public const string Untrusted = "Disallowed"; public Names () {} } } } Index: TrustAnchors.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509/TrustAnchors.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** TrustAnchors.cs 10 Feb 2004 09:46:25 -0000 1.1 --- TrustAnchors.cs 5 Mar 2004 23:18:17 -0000 1.2 *************** *** 268,271 **** --- 268,339 ---- 0xBD, 0x2B, 0x22, 0xFF, 0x1C }; + static byte[] thawte = { + 0x30, 0x82, 0x03, 0x13, 0x30, 0x82, 0x02, 0x7C, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x04, 0x05, 0x00, 0x30, 0x81, 0xC4, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x5A, 0x41, 0x31, + 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0C, 0x57, 0x65, + 0x73, 0x74, 0x65, 0x72, 0x6E, 0x20, 0x43, 0x61, 0x70, 0x65, 0x31, 0x12, + 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x61, 0x70, + 0x65, 0x20, 0x54, 0x6F, 0x77, 0x6E, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x13, 0x14, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x20, 0x63, + 0x63, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x1F, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, + 0x6E, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, + 0x69, 0x76, 0x69, 0x73, 0x69, 0x6F, 0x6E, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x54, 0x68, 0x61, 0x77, 0x74, 0x65, + 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x31, 0x26, + 0x30, 0x24, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x17, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x63, 0x65, + 0x72, 0x74, 0x73, 0x40, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x39, 0x36, 0x30, 0x38, 0x30, 0x31, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x30, 0x31, + 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x81, + 0xC4, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x5A, 0x41, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, + 0x0C, 0x57, 0x65, 0x73, 0x74, 0x65, 0x72, 0x6E, 0x20, 0x43, 0x61, 0x70, + 0x65, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, + 0x43, 0x61, 0x70, 0x65, 0x20, 0x54, 0x6F, 0x77, 0x6E, 0x31, 0x1D, 0x30, + 0x1B, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x14, 0x54, 0x68, 0x61, 0x77, + 0x74, 0x65, 0x20, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, + 0x67, 0x20, 0x63, 0x63, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x13, 0x1F, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6F, 0x6E, 0x31, 0x19, + 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x54, 0x68, 0x61, + 0x77, 0x74, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, + 0x41, 0x31, 0x26, 0x30, 0x24, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x17, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2D, 0x63, 0x65, 0x72, 0x74, 0x73, 0x40, 0x74, 0x68, 0x61, 0x77, 0x74, + 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xD3, 0xA4, + 0x50, 0x6E, 0xC8, 0xFF, 0x56, 0x6B, 0xE6, 0xCF, 0x5D, 0xB6, 0xEA, 0x0C, + 0x68, 0x75, 0x47, 0xA2, 0xAA, 0xC2, 0xDA, 0x84, 0x25, 0xFC, 0xA8, 0xF4, + 0x47, 0x51, 0xDA, 0x85, 0xB5, 0x20, 0x74, 0x94, 0x86, 0x1E, 0x0F, 0x75, + 0xC9, 0xE9, 0x08, 0x61, 0xF5, 0x06, 0x6D, 0x30, 0x6E, 0x15, 0x19, 0x02, + 0xE9, 0x52, 0xC0, 0x62, 0xDB, 0x4D, 0x99, 0x9E, 0xE2, 0x6A, 0x0C, 0x44, + 0x38, 0xCD, 0xFE, 0xBE, 0xE3, 0x64, 0x09, 0x70, 0xC5, 0xFE, 0xB1, 0x6B, + 0x29, 0xB6, 0x2F, 0x49, 0xC8, 0x3B, 0xD4, 0x27, 0x04, 0x25, 0x10, 0x97, + 0x2F, 0xE7, 0x90, 0x6D, 0xC0, 0x28, 0x42, 0x99, 0xD7, 0x4C, 0x43, 0xDE, + 0xC3, 0xF5, 0x21, 0x6D, 0x54, 0x9F, 0x5D, 0xC3, 0x58, 0xE1, 0xC0, 0xE4, + 0xD9, 0x5B, 0xB0, 0xB8, 0xDC, 0xB4, 0x7B, 0xDF, 0x36, 0x3A, 0xC2, 0xB5, + 0x66, 0x22, 0x12, 0xD6, 0x87, 0x0D, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, + 0x13, 0x30, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, + 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04, 0x05, 0x00, 0x03, + 0x81, 0x81, 0x00, 0x07, 0xFA, 0x4C, 0x69, 0x5C, 0xFB, 0x95, 0xCC, 0x46, + 0xEE, 0x85, 0x83, 0x4D, 0x21, 0x30, 0x8E, 0xCA, 0xD9, 0xA8, 0x6F, 0x49, + 0x1A, 0xE6, 0xDA, 0x51, 0xE3, 0x60, 0x70, 0x6C, 0x84, 0x61, 0x11, 0xA1, + 0x1A, 0xC8, 0x48, 0x3E, 0x59, 0x43, 0x7D, 0x4F, 0x95, 0x3D, 0xA1, 0x8B, + 0xB7, 0x0B, 0x62, 0x98, 0x7A, 0x75, 0x8A, 0xDD, 0x88, 0x4E, 0x4E, 0x9E, + 0x40, 0xDB, 0xA8, 0xCC, 0x32, 0x74, 0xB9, 0x6F, 0x0D, 0xC6, 0xE3, 0xB3, + 0x44, 0x0B, 0xD9, 0x8A, 0x6F, 0x9A, 0x29, 0x9B, 0x99, 0x18, 0x28, 0x3B, + 0xD1, 0xE3, 0x40, 0x28, 0x9A, 0x5A, 0x3C, 0xD5, 0xB5, 0xE7, 0x20, 0x1B, + 0x8B, 0xCA, 0xA4, 0xAB, 0x8D, 0xE9, 0x51, 0xD9, 0xE2, 0x4C, 0x2C, 0x59, + 0xA9, 0xDA, 0xB9, 0xB2, 0x75, 0x1B, 0xF6, 0x42, 0xF2, 0xEF, 0xC7, 0xF2, + 0x18, 0xF9, 0x89, 0xBC, 0xA3, 0xFF, 0x8A, 0x23, 0x2E, 0x70, 0x47 }; + static internal X509CertificateCollection coll; *************** *** 276,279 **** --- 344,348 ---- coll.Add (new X509Certificate (verisign)); coll.Add (new X509Certificate (verisign_ts_root)); + coll.Add (new X509Certificate (thawte)); } Index: X509Certificate.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509/X509Certificate.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** X509Certificate.cs 10 Feb 2004 09:46:25 -0000 1.1 --- X509Certificate.cs 5 Mar 2004 23:18:17 -0000 1.2 *************** *** 120,124 **** // so we dont ask for a specific (Element) type and return DER ASN1 parameters = algorithm [1]; ! m_keyalgoparams = parameters.GetBytes (); ASN1 subjectPublicKey = subjectPublicKeyInfo.Element (1, 0x03); --- 120,124 ---- // so we dont ask for a specific (Element) type and return DER ASN1 parameters = algorithm [1]; ! m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes () : null); ASN1 subjectPublicKey = subjectPublicKeyInfo.Element (1, 0x03); *************** *** 240,243 **** --- 240,244 ---- break; case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption + case "1.3.14.3.2.29": // SHA1 with RSA signature case "1.2.840.10040.4.3": // SHA1-1 with DSA hash = SHA1.Create (); *************** *** 312,315 **** --- 313,317 ---- case "1.2.840.113549.1.1.4": // MD5 with RSA encryption case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption + case "1.3.14.3.2.29": // SHA1 with RSA signature return signature; case "1.2.840.10040.4.3": // SHA-1 with DSA *************** *** 394,397 **** --- 396,400 ---- // SHA-1 with RSA Encryption case "1.2.840.113549.1.1.5": + case "1.3.14.3.2.29": v.SetHashAlgorithm ("SHA1"); break; Index: X509CertificateCollection.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509/X509CertificateCollection.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** X509CertificateCollection.cs 10 Feb 2004 09:46:25 -0000 1.1 --- X509CertificateCollection.cs 5 Mar 2004 23:18:17 -0000 1.2 *************** *** 5,9 **** // Authors: // Lawrence Pit (lo...@ca...) ! // Sebastien Pouliot (spo...@mo...) // --- 5,9 ---- // Authors: // Lawrence Pit (lo...@ca...) ! // Sebastien Pouliot <seb...@xi...> // *************** *** 65,69 **** public bool Contains (X509Certificate value) { ! return InnerList.Contains (value); } --- 65,69 ---- public bool Contains (X509Certificate value) { ! return (IndexOf (value) != -1); } *************** *** 90,94 **** public int IndexOf (X509Certificate value) { ! return InnerList.IndexOf (value); } --- 90,103 ---- public int IndexOf (X509Certificate value) { ! if (value == null) ! throw new ArgumentNullException ("value"); ! ! byte[] hash = value.Hash; ! for (int i=0; i < InnerList.Count; i++) { ! X509Certificate x509 = (X509Certificate) InnerList [i]; ! if (Compare (x509.Hash, hash)) ! return i; ! } ! return -1; } *************** *** 103,109 **** } // Inner Class ! public class X509CertificateEnumerator : IEnumerator { private IEnumerator enumerator; --- 112,135 ---- } + // private stuff + + private bool Compare (byte[] array1, byte[] array2) + { + if ((array1 == null) && (array2 == null)) + return true; + if ((array1 == null) || (array2 == null)) + return false; + if (array1.Length != array2.Length) + return false; + for (int i=0; i < array1.Length; i++) { + if (array1 [i] != array2 [i]) + return false; + } + return true; + } + // Inner Class ! internal class X509CertificateEnumerator : IEnumerator { private IEnumerator enumerator; Index: X509Chain.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.X509/X509Chain.cs,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** X509Chain.cs 10 Feb 2004 09:46:25 -0000 1.1 --- X509Chain.cs 5 Mar 2004 23:18:17 -0000 1.2 *************** *** 1,13 **** // // X509Chain.cs: X.509 Certificate Path ! // This is a VERY simplified and minimal version (for Authenticode support) // // Author: ! // Sebastien Pouliot (spo...@mo...) // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) // using System; namespace Mono.Security.X509 { --- 1,20 ---- // // X509Chain.cs: X.509 Certificate Path ! // This is a VERY simplified and minimal version ! // used for ! // Authenticode support ! // TLS/SSL support // // Author: ! // Sebastien Pouliot <seb...@xi...> // // (C) 2003 Motus Technologies Inc. (http://www.m... [truncated message content] |
|
From: <car...@us...> - 2004-03-05 23:30:54
|
Update of /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24752 Modified Files: TlsServerCertificate.cs Log Message: Sync security stuff with mono CVS classes. Index: TlsServerCertificate.cs =================================================================== RCS file: /cvsroot/pgsqlclient/pgsqlclient_10/Mono.Security/Mono.Security/Mono.Security.Protocol.Tls.Handshake.Client/TlsServerCertificate.cs,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** TlsServerCertificate.cs 3 Mar 2004 16:21:03 -0000 1.6 --- TlsServerCertificate.cs 5 Mar 2004 23:16:29 -0000 1.7 *************** *** 1,4 **** --- 1,5 ---- /* Transport Security Layer (TLS) * Copyright (c) 2003-2004 Carlos Guzman Alvarez + * Sebastien Pouliot, Copyright (c) 2004 Novell (http://www.novell.com) * * Permission is hereby granted, free of charge, to any person *************** *** 26,29 **** --- 27,31 ---- using System.Net; using System.Collections; + using System.Globalization; using System.Text.RegularExpressions; using System.Security.Cryptography; *************** *** 31,34 **** --- 33,37 ---- using Mono.Security.X509; + using Mono.Security.X509.Extensions; namespace Mono.Security.Protocol.Tls.Handshake.Client *************** *** 38,42 **** #region Fields ! private X509CertificateCollection certificates; #endregion --- 41,45 ---- #region Fields ! private X509CertificateCollection certificates; #endregion *************** *** 96,101 **** } ! // Restrict validation to the first certificate ! this.validateCertificate(certificates[0]); } --- 99,103 ---- } ! this.validateCertificates(certificates); } *************** *** 104,184 **** #region Private Methods ! private void validateCertificate(X509Certificate certificate) { ! ArrayList errors = new ArrayList(); ! ClientContext context = (ClientContext)this.Context; ! // 1 step : Validate dates ! if (!certificate.IsCurrent) { ! // errors.Add(0x800B0101); ! errors.Add(0x01); } ! // 2 step: Validate CA ! ! // 3 step: Validate digital sign ! /* ! if (!certificate.VerifySignature(certificate.RSA)) { ! throw this.Context.CreateException("Certificate received from the server has invalid signature."); } ! */ ! ! // 4 step: Validate domain name ! if (!this.checkDomainName(certificate.SubjectName)) { ! // errors.Add(0x800B010F); ! errors.Add(0x02); } ! ! if (errors.Count > 0) { ! int[] certificateErrors = (int[])errors.ToArray(typeof(int)); ! if (!context.SslStream.RaiseServerCertificateValidation( ! new X509Cert.X509Certificate(certificate.RawData), ! certificateErrors)) ! { ! throw this.Context.CreateException("Invalid certificate received form server."); ! } } } ! private bool checkDomainName(string subjectName) { ! string domainName = String.Empty; ! // Regex search = new Regex(@"([\w\s\d]*)\s*=\s*([^,]*)"); ! Regex search = new Regex(@"CN=\s*([^,]*)"); ! MatchCollection elements = search.Matches(subjectName); ! if (elements[0].Value.StartsWith("CN=")) { ! domainName = elements[0].Value.Remove(0, 3); } ! if (domainName == String.Empty) { ! return false; } - else - { - string targetHost = this.Context.ClientSettings.TargetHost; ! // Check that the IP is correct ! try { ! IPAddress ipHost = Dns.Resolve(targetHost).AddressList[0]; ! IPAddress ipDomain = Dns.Resolve(domainName).AddressList[0]; ! return (ipHost.Address == ipDomain.Address); } ! catch (Exception) { ! return false; } } } --- 106,357 ---- #region Private Methods ! // Note: this method only works for RSA certificates ! // DH certificates requires some changes - does anyone use one ? ! private bool checkCertificateUsage (X509Certificate cert) { ! ClientContext context = (ClientContext)this.Context; ! // certificate extensions are required for this ! // we "must" accept older certificates without proofs ! if (cert.Version < 3) ! return true; ! ! KeyUsage ku = KeyUsage.none; ! switch (context.Cipher.ExchangeAlgorithmType) { ! case ExchangeAlgorithmType.RsaSign: ! ku = KeyUsage.digitalSignature; ! break; ! case ExchangeAlgorithmType.RsaKeyX: ! ku = KeyUsage.keyEncipherment; ! break; ! case ExchangeAlgorithmType.DiffieHellman: ! ku = KeyUsage.keyAgreement; ! break; ! case ExchangeAlgorithmType.Fortezza: ! return false; // unsupported certificate type } ! KeyUsageExtension kux = null; ! ExtendedKeyUsageExtension eku = null; ! X509Extension xtn = cert.Extensions ["2.5.29.15"]; ! if (xtn != null) ! kux = new KeyUsageExtension (xtn); ! ! xtn = cert.Extensions ["2.5.29.37"]; ! if (xtn != null) ! eku = new ExtendedKeyUsageExtension (xtn); ! ! if ((kux != null) && (eku != null)) { ! // RFC3280 states that when both KeyUsageExtension and ! // ExtendedKeyUsageExtension are present then BOTH should ! // be valid ! return (kux.Support (ku) && ! eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1")); } ! else if (kux != null) { ! return kux.Support (ku); } ! else if (eku != null) { ! // Server Authentication (1.3.6.1.5.5.7.3.1) ! return eku.KeyPurpose.Contains ("1.3.6.1.5.5.7.3.1"); ! } ! // last chance - try with older (deprecated) Netscape extensions ! xtn = cert.Extensions ["2.16.840.1.113730.1.1"]; ! if (xtn != null) ! { ! NetscapeCertTypeExtension ct = new NetscapeCertTypeExtension (xtn); ! return ct.Support (NetscapeCertTypeExtension.CertType.SslServer); } + + // certificate isn't valid for SSL server usage + return false; } ! private void validateCertificates(X509CertificateCollection certificates) { ! ClientContext context = (ClientContext)this.Context; ! // the leaf is the web server certificate ! X509Certificate leaf = certificates [0]; ! X509Cert.X509Certificate cert = new X509Cert.X509Certificate (leaf.RawData); ! ArrayList errors = new ArrayList(); ! ! // SSL specific check - not all certificates can be ! // used to server-side SSL some rules applies after ! // all ;-) ! if (!checkCertificateUsage (leaf)) { ! // WinError.h CERT_E_PURPOSE 0x800B0106 ! errors.Add ((int)-2146762490); } ! // SSL specific check - does the certificate match ! // the host ? ! if (!checkServerIdentity (leaf)) { ! // WinError.h CERT_E_CN_NO_MATCH 0x800B010F ! errors.Add ((int)-2146762481); } ! // Note: building and verifying a chain can take much time ! // so we do it last (letting simple things fails first) ! ! // Note: In TLS the certificates MUST be in order (and ! // optionally include the root certificate) so we're not ! // building the chain using LoadCertificate (it's faster) ! ! // Note: IIS doesn't seem to send the whole certificate chain ! // but only the server certificate :-( it's assuming that you ! // already have this chain installed on your computer. duh! ! // http://groups.google.ca/groups?q=IIS+server+certificate+chain&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=85058s%24avd%241%40nnrp1.deja.com&rnum=3 ! ! // we must remove the leaf certificate from the chain ! X509CertificateCollection chain = new X509CertificateCollection (certificates); ! chain.Remove (leaf); ! X509Chain verify = new X509Chain (chain); ! if (!verify.Build (leaf)) ! { ! switch (verify.Status) { ! case X509ChainStatusFlags.InvalidBasicConstraints: ! // WinError.h TRUST_E_BASIC_CONSTRAINTS 0x80096019 ! errors.Add ((int)-2146869223); ! break; ! case X509ChainStatusFlags.NotSignatureValid: ! // WinError.h TRUST_E_BAD_DIGEST 0x80096010 ! errors.Add ((int)-2146869232); ! break; ! case X509ChainStatusFlags.NotTimeNested: ! // WinError.h CERT_E_VALIDITYPERIODNESTING 0x800B0102 ! errors.Add ((int)-2146762494); ! break; ! case X509ChainStatusFlags.NotTimeValid: ! // WinError.h CERT_E_EXPIRED 0x800B0101 ! errors.Add ((int)-2146762495); ! break; ! case X509ChainStatusFlags.PartialChain: ! // WinError.h CERT_E_CHAINING 0x800B010A ! errors.Add ((int)-2146762486); ! break; ! case X509ChainStatusFlags.UntrustedRoot: ! // WinError.h CERT_E_UNTRUSTEDROOT 0x800B0109 ! errors.Add ((int)-2146762487); ! break; ! default: ! // unknown error ! errors.Add ((int)verify.Status); ! break; ! } ! } ! int[] certificateErrors = (int[])errors.ToArray(typeof(int)); ! ! if (!context.SslStream.RaiseServerCertificateValidation( ! cert, ! certificateErrors)) ! { ! throw context.CreateException("Invalid certificate received form server."); ! } ! } ! ! // RFC2818 - HTTP Over TLS, Section 3.1 ! // http://www.ietf.org/rfc/rfc2818.txt ! // ! // 1. if present MUST use subjectAltName dNSName as identity ! // 1.1. if multiples entries a match of any one is acceptable ! // 1.2. wildcard * is acceptable ! // 2. URI may be an IP address -> subjectAltName.iPAddress ! // 2.1. exact match is required ! // 3. Use of the most specific Common Name (CN=) in the Subject ! // 3.1 Existing practice but DEPRECATED ! private bool checkServerIdentity (X509Certificate cert) ! { ! ClientContext context = (ClientContext)this.Context; ! ! string targetHost = context.ClientSettings.TargetHost; ! ! X509Extension ext = cert.Extensions ["2.5.29.17"]; ! // 1. subjectAltName ! if (ext != null) ! { ! SubjectAltNameExtension subjectAltName = new SubjectAltNameExtension (ext); ! // 1.1 - multiple dNSName ! foreach (string dns in subjectAltName.DNSNames) ! { ! // 1.2 TODO - wildcard support ! if (dns == targetHost) ! return true; } ! // 2. ipAddress ! foreach (string ip in subjectAltName.IPAddresses) { ! // 2.1. Exact match required ! if (ip == targetHost) ! return true; ! } ! } ! // 3. Common Name (CN=) ! return checkDomainName (cert.SubjectName); ! } ! ! private bool checkDomainName(string subjectName) ! { ! ClientContext context = (ClientContext)this.Context; ! ! string domainName = String.Empty; ! Regex search = new Regex(@"([\w\s\d]*)\s*=\s*([^,]*)"); ! ! MatchCollection elements = search.Matches(subjectName); ! ! foreach (Match element in elements) ! { ! switch (element.Groups[1].Value.Trim().ToUpper()) ! { ! case "CN": ! domainName = element.Groups[2].Value; ! break; } } + + // TODO: add wildcard * support + return (String.Compare (context.ClientSettings.TargetHost, domainName, true, CultureInfo.InvariantCulture) == 0); + + /* + * the only document found describing this is: + * http://www.geocities.com/SiliconValley/Byte/4170/articulos/tls/autentic.htm#Autenticaci%F3n%20del%20Server + * however I don't see how this could deal with wildcards ? + * other issues + * a. there could also be many address returned + * b. Address property is obsoleted in .NET 1.1 + * + if (domainName == String.Empty) + { + return false; + } + else + { + string targetHost = context.ClientSettings.TargetHost; + + // Check that the IP is correct + try + { + IPAddress ipHost = Dns.Resolve(targetHost).AddressList[0]; + IPAddress ipDomain = Dns.Resolve(domainName).AddressList[0]; + + // Note: Address is obsolete in 1.1 + return (ipHost.Address == ipDomain.Address); + } + catch (Exception) + { + return false; + } + }*/ } |
