2 // X509Certificates.cs: Handles X.509 certificates.
5 // Sebastien Pouliot <sebastien@xamarin.com>
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2006 Novell, Inc (http://www.novell.com)
9 // Copyright 2013 Xamarin Inc. (http://www.xamarin.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System.Runtime.Serialization;
33 using System.Security.Cryptography;
34 using SSCX = System.Security.Cryptography.X509Certificates;
35 using System.Security.Permissions;
37 using Mono.Security.Cryptography;
39 namespace Mono.Security.X509 {
42 // a. Internet X.509 Public Key Infrastructure Certificate and CRL Profile
43 // http://www.ietf.org/rfc/rfc3280.txt
44 // b. ITU ASN.1 standards (free download)
45 // http://www.itu.int/ITU-T/studygroups/com17/languages/
48 internal class X509Certificate : ISerializable {
50 public class X509Certificate : ISerializable {
55 private byte[] m_encodedcert;
56 private DateTime m_from;
57 private DateTime m_until;
59 private string m_issuername;
60 private string m_keyalgo;
61 private byte[] m_keyalgoparams;
63 private string m_subject;
64 private byte[] m_publickey;
65 private byte[] signature;
66 private string m_signaturealgo;
67 private byte[] m_signaturealgoparams;
68 private byte[] certhash;
72 // from http://msdn.microsoft.com/en-gb/library/ff635835.aspx
73 private const string OID_DSA = "1.2.840.10040.4.1";
74 private const string OID_RSA = "1.2.840.113549.1.1.1";
76 // from http://www.ietf.org/rfc/rfc2459.txt
78 //Certificate ::= SEQUENCE {
79 // tbsCertificate TBSCertificate,
80 // signatureAlgorithm AlgorithmIdentifier,
81 // signature BIT STRING }
83 //TBSCertificate ::= SEQUENCE {
84 // version [0] Version DEFAULT v1,
85 // serialNumber CertificateSerialNumber,
86 // signature AlgorithmIdentifier,
90 // subjectPublicKeyInfo SubjectPublicKeyInfo,
91 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
92 // -- If present, version shall be v2 or v3
93 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
94 // -- If present, version shall be v2 or v3
95 // extensions [3] Extensions OPTIONAL
96 // -- If present, version shall be v3 -- }
98 private byte[] serialnumber;
100 private byte[] issuerUniqueID;
101 private byte[] subjectUniqueID;
102 private X509ExtensionCollection extensions;
104 private static string encoding_error = Locale.GetText ("Input data cannot be coded as a valid certificate.");
107 // that's were the real job is!
108 private void Parse (byte[] data)
111 decoder = new ASN1 (data);
113 if (decoder.Tag != 0x30)
114 throw new CryptographicException (encoding_error);
115 // Certificate / TBSCertificate
116 if (decoder [0].Tag != 0x30)
117 throw new CryptographicException (encoding_error);
119 ASN1 tbsCertificate = decoder [0];
122 // Certificate / TBSCertificate / Version
123 ASN1 v = decoder [0][tbs];
124 version = 1; // DEFAULT v1
125 if ((v.Tag == 0xA0) && (v.Count > 0)) {
126 // version (optional) is present only in v2+ certs
127 version += v [0].Value [0]; // zero based
131 // Certificate / TBSCertificate / CertificateSerialNumber
132 ASN1 sn = decoder [0][tbs++];
134 throw new CryptographicException (encoding_error);
135 serialnumber = sn.Value;
136 Array.Reverse (serialnumber, 0, serialnumber.Length);
138 // Certificate / TBSCertificate / AlgorithmIdentifier
140 // ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
142 issuer = tbsCertificate.Element (tbs++, 0x30);
143 m_issuername = X501.ToString (issuer);
145 ASN1 validity = tbsCertificate.Element (tbs++, 0x30);
146 ASN1 notBefore = validity [0];
147 m_from = ASN1Convert.ToDateTime (notBefore);
148 ASN1 notAfter = validity [1];
149 m_until = ASN1Convert.ToDateTime (notAfter);
151 subject = tbsCertificate.Element (tbs++, 0x30);
152 m_subject = X501.ToString (subject);
154 ASN1 subjectPublicKeyInfo = tbsCertificate.Element (tbs++, 0x30);
156 ASN1 algorithm = subjectPublicKeyInfo.Element (0, 0x30);
157 ASN1 algo = algorithm.Element (0, 0x06);
158 m_keyalgo = ASN1Convert.ToOid (algo);
159 // parameters ANY DEFINED BY algorithm OPTIONAL
160 // so we dont ask for a specific (Element) type and return DER
161 ASN1 parameters = algorithm [1];
162 m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes () : null);
164 ASN1 subjectPublicKey = subjectPublicKeyInfo.Element (1, 0x03);
165 // we must drop th first byte (which is the number of unused bits
167 int n = subjectPublicKey.Length - 1;
168 m_publickey = new byte [n];
169 Buffer.BlockCopy (subjectPublicKey.Value, 1, m_publickey, 0, n);
171 // signature processing
172 byte[] bitstring = decoder [2].Value;
173 // first byte contains unused bits in first byte
174 signature = new byte [bitstring.Length - 1];
175 Buffer.BlockCopy (bitstring, 1, signature, 0, signature.Length);
177 algorithm = decoder [1];
178 algo = algorithm.Element (0, 0x06);
179 m_signaturealgo = ASN1Convert.ToOid (algo);
180 parameters = algorithm [1];
181 if (parameters != null)
182 m_signaturealgoparams = parameters.GetBytes ();
184 m_signaturealgoparams = null;
186 // Certificate / TBSCertificate / issuerUniqueID
187 ASN1 issuerUID = tbsCertificate.Element (tbs, 0x81);
188 if (issuerUID != null) {
190 issuerUniqueID = issuerUID.Value;
193 // Certificate / TBSCertificate / subjectUniqueID
194 ASN1 subjectUID = tbsCertificate.Element (tbs, 0x82);
195 if (subjectUID != null) {
197 subjectUniqueID = subjectUID.Value;
200 // Certificate / TBSCertificate / Extensions
201 ASN1 extns = tbsCertificate.Element (tbs, 0xA3);
202 if ((extns != null) && (extns.Count == 1))
203 extensions = new X509ExtensionCollection (extns [0]);
205 extensions = new X509ExtensionCollection (null);
207 // keep a copy of the original data
208 m_encodedcert = (byte[]) data.Clone ();
210 catch (Exception ex) {
211 throw new CryptographicException (encoding_error, ex);
217 public X509Certificate (byte[] data)
220 // does it looks like PEM ?
221 if ((data.Length > 0) && (data [0] != 0x30)) {
223 data = PEM ("CERTIFICATE", data);
225 catch (Exception ex) {
226 throw new CryptographicException (encoding_error, ex);
233 private byte[] GetUnsignedBigInteger (byte[] integer)
235 if (integer [0] == 0x00) {
236 // this first byte is added so we're sure it's an unsigned integer
237 // however we can't feed it into RSAParameters or DSAParameters
238 int length = integer.Length - 1;
239 byte[] uinteger = new byte [length];
240 Buffer.BlockCopy (integer, 1, uinteger, 0, length);
251 if (m_keyalgoparams == null)
252 throw new CryptographicException ("Missing key algorithm parameters.");
254 if (_dsa == null && m_keyalgo == OID_DSA) {
255 DSAParameters dsaParams = new DSAParameters ();
256 // for DSA m_publickey contains 1 ASN.1 integer - Y
257 ASN1 pubkey = new ASN1 (m_publickey);
258 if ((pubkey == null) || (pubkey.Tag != 0x02))
260 dsaParams.Y = GetUnsignedBigInteger (pubkey.Value);
262 ASN1 param = new ASN1 (m_keyalgoparams);
263 if ((param == null) || (param.Tag != 0x30) || (param.Count < 3))
265 if ((param [0].Tag != 0x02) || (param [1].Tag != 0x02) || (param [2].Tag != 0x02))
267 dsaParams.P = GetUnsignedBigInteger (param [0].Value);
268 dsaParams.Q = GetUnsignedBigInteger (param [1].Value);
269 dsaParams.G = GetUnsignedBigInteger (param [2].Value);
271 // BUG: MS BCL 1.0 can't import a key which
272 // isn't the same size as the one present in
274 _dsa = (DSA) new DSACryptoServiceProvider (dsaParams.Y.Length << 3);
275 _dsa.ImportParameters (dsaParams);
287 public X509ExtensionCollection Extensions {
288 get { return extensions; }
293 if (certhash == null) {
294 if ((decoder == null) || (decoder.Count < 1))
296 string algo = PKCS1.HashNameFromOid (m_signaturealgo, false);
299 byte[] toBeSigned = decoder [0].GetBytes ();
300 using (var hash = PKCS1.CreateFromName (algo))
301 certhash = hash.ComputeHash (toBeSigned, 0, toBeSigned.Length);
303 return (byte[]) certhash.Clone ();
307 public virtual string IssuerName {
308 get { return m_issuername; }
311 public virtual string KeyAlgorithm {
312 get { return m_keyalgo; }
315 public virtual byte[] KeyAlgorithmParameters {
317 if (m_keyalgoparams == null)
319 return (byte[]) m_keyalgoparams.Clone ();
321 set { m_keyalgoparams = value; }
324 public virtual byte[] PublicKey {
326 if (m_publickey == null)
328 return (byte[]) m_publickey.Clone ();
332 public virtual RSA RSA {
334 if (_rsa == null && m_keyalgo == OID_RSA) {
335 RSAParameters rsaParams = new RSAParameters ();
336 // for RSA m_publickey contains 2 ASN.1 integers
337 // the modulus and the public exponent
338 ASN1 pubkey = new ASN1 (m_publickey);
339 ASN1 modulus = pubkey [0];
340 if ((modulus == null) || (modulus.Tag != 0x02))
342 ASN1 exponent = pubkey [1];
343 if (exponent.Tag != 0x02)
346 rsaParams.Modulus = GetUnsignedBigInteger (modulus.Value);
347 rsaParams.Exponent = exponent.Value;
349 // BUG: MS BCL 1.0 can't import a key which
350 // isn't the same size as the one present in
352 int keySize = (rsaParams.Modulus.Length << 3);
353 _rsa = (RSA) new RSACryptoServiceProvider (keySize);
354 _rsa.ImportParameters (rsaParams);
366 public virtual byte[] RawData {
368 if (m_encodedcert == null)
370 return (byte[]) m_encodedcert.Clone ();
374 public virtual byte[] SerialNumber {
376 if (serialnumber == null)
378 return (byte[]) serialnumber.Clone ();
382 public virtual byte[] Signature {
384 if (signature == null)
387 switch (m_signaturealgo) {
388 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
389 case "1.2.840.113549.1.1.3": // MD4 with RSA encryption
390 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
391 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
392 case "1.3.14.3.2.29": // SHA1 with RSA signature
393 case "1.2.840.113549.1.1.11": // SHA-256 with RSA Encryption
394 case "1.2.840.113549.1.1.12": // SHA-384 with RSA Encryption
395 case "1.2.840.113549.1.1.13": // SHA-512 with RSA Encryption
396 case "1.3.36.3.3.1.2": // RIPEMD160 with RSA Encryption
397 return (byte[]) signature.Clone ();
399 case "1.2.840.10040.4.3": // SHA-1 with DSA
400 ASN1 sign = new ASN1 (signature);
401 if ((sign == null) || (sign.Count != 2))
403 byte[] part1 = sign [0].Value;
404 byte[] part2 = sign [1].Value;
405 byte[] sig = new byte [40];
406 // parts may be less than 20 bytes (i.e. first bytes were 0x00)
407 // parts may be more than 20 bytes (i.e. first byte > 0x80, negative)
408 int s1 = System.Math.Max (0, part1.Length - 20);
409 int e1 = System.Math.Max (0, 20 - part1.Length);
410 Buffer.BlockCopy (part1, s1, sig, e1, part1.Length - s1);
411 int s2 = System.Math.Max (0, part2.Length - 20);
412 int e2 = System.Math.Max (20, 40 - part2.Length);
413 Buffer.BlockCopy (part2, s2, sig, e2, part2.Length - s2);
417 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
422 public virtual string SignatureAlgorithm {
423 get { return m_signaturealgo; }
426 public virtual byte[] SignatureAlgorithmParameters {
428 if (m_signaturealgoparams == null)
429 return m_signaturealgoparams;
430 return (byte[]) m_signaturealgoparams.Clone ();
434 public virtual string SubjectName {
435 get { return m_subject; }
438 public virtual DateTime ValidFrom {
439 get { return m_from; }
442 public virtual DateTime ValidUntil {
443 get { return m_until; }
447 get { return version; }
450 public bool IsCurrent {
451 get { return WasCurrent (DateTime.UtcNow); }
454 public bool WasCurrent (DateTime instant)
456 return ((instant > ValidFrom) && (instant <= ValidUntil));
459 // uncommon v2 "extension"
460 public byte[] IssuerUniqueIdentifier {
462 if (issuerUniqueID == null)
464 return (byte[]) issuerUniqueID.Clone ();
468 // uncommon v2 "extension"
469 public byte[] SubjectUniqueIdentifier {
471 if (subjectUniqueID == null)
473 return (byte[]) subjectUniqueID.Clone ();
477 internal bool VerifySignature (DSA dsa)
479 // signatureOID is check by both this.Hash and this.Signature
480 DSASignatureDeformatter v = new DSASignatureDeformatter (dsa);
481 // only SHA-1 is supported
482 v.SetHashAlgorithm ("SHA1");
483 return v.VerifySignature (this.Hash, this.Signature);
486 internal bool VerifySignature (RSA rsa)
489 if (m_signaturealgo == "1.2.840.10040.4.3")
491 RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter (rsa);
492 v.SetHashAlgorithm (PKCS1.HashNameFromOid (m_signaturealgo));
493 return v.VerifySignature (this.Hash, this.Signature);
496 public bool VerifySignature (AsymmetricAlgorithm aa)
499 throw new ArgumentNullException ("aa");
502 return VerifySignature (aa as RSA);
504 return VerifySignature (aa as DSA);
506 throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ());
509 public bool CheckSignature (byte[] hash, string hashAlgorithm, byte[] signature)
511 RSACryptoServiceProvider r = (RSACryptoServiceProvider) RSA;
512 return r.VerifyHash (hash, hashAlgorithm, signature);
515 public bool IsSelfSigned {
517 if (m_issuername != m_subject)
522 return VerifySignature (RSA);
523 else if (DSA != null)
524 return VerifySignature (DSA);
526 return false; // e.g. a certificate with only DSA parameters
528 catch (CryptographicException) {
534 public ASN1 GetIssuerName ()
539 public ASN1 GetSubjectName ()
544 protected X509Certificate (SerializationInfo info, StreamingContext context)
546 Parse ((byte[]) info.GetValue ("raw", typeof (byte[])));
549 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
550 public virtual void GetObjectData (SerializationInfo info, StreamingContext context)
552 info.AddValue ("raw", m_encodedcert);
553 // note: we NEVER serialize the private key
556 static byte[] PEM (string type, byte[] data)
558 string pem = Encoding.ASCII.GetString (data);
559 string header = String.Format ("-----BEGIN {0}-----", type);
560 string footer = String.Format ("-----END {0}-----", type);
561 int start = pem.IndexOf (header) + header.Length;
562 int end = pem.IndexOf (footer, start);
563 string base64 = pem.Substring (start, (end - start));
564 return Convert.FromBase64String (base64);