mcs/class/Mono.Security/Mono.Security.X509.Extensions/KeyAttributesExtension.cs

   1 //
   2 // KeyAttributesExtension.cs: Handles X.509 *DEPRECATED* KeyAttributes extensions.
   3 //
   4 // Author:
   5 //      Sebastien Pouliot  <sebastien@ximian.com>
   6 //
   7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
   8 // (C) 2004 Novell (http://www.novell.com)
   9 //
  10
  11 //
  12 // Permission is hereby granted, free of charge, to any person obtaining
  13 // a copy of this software and associated documentation files (the
  14 // "Software"), to deal in the Software without restriction, including
  15 // without limitation the rights to use, copy, modify, merge, publish,
  16 // distribute, sublicense, and/or sell copies of the Software, and to
  17 // permit persons to whom the Software is furnished to do so, subject to
  18 // the following conditions:
  19 //
  20 // The above copyright notice and this permission notice shall be
  21 // included in all copies or substantial portions of the Software.
  22 //
  23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  30 //
  31
  32 using System;
  33 using System.Globalization;
  34 using System.Text;
  35
  36 using Mono.Security;
  37 using Mono.Security.X509;
  38
  39 namespace Mono.Security.X509.Extensions {
  40         // definition found @ http://groups.yahoo.com/group/ssl-talk/message/1964
  41         //
  42         // keyAttributes EXTENSION ::= {
  43         //      SYNTAX KeyAttributes
  44         //      IDENTIFIED BY { id-ce 2 } }
  45         //
  46         // KeyAttributes ::= SEQUENCE {
  47         //      keyIdentifier KeyIdentifier OPTIONAL,
  48         //      intendedKeyUsage KeyUsage OPTIONAL,
  49         //      privateKeyUsagePeriod PrivateKeyValidity OPTIONAL
  50         // }
  51         // KeyUsage ::= BIT STRING {
  52         //      digitalSignature (0),
  53         //      nonRepudiation (1),
  54         //      keyEncipherment (2),
  55         //      dataEncipherment (3),
  56         //      keyAgreement (4),
  57         //      keyCertSign (5),
  58         //      offLineCRLSign (6)
  59         // }
  60         // PrivateKeyValidity ::= SEQUENCE {
  61         //      notBefore [0] GeneralizedTime OPTIONAL,
  62         //      notAfter [1] GeneralizedTime OPTIONAL
  63         // }
  64         // ( CONSTRAINED BY { -- at least one component shall be present -- })
  65
  66         public class KeyAttributesExtension : X509Extension {
  67
  68                 private byte[] keyId;
  69                 private int kubits;
  70                 private DateTime notBefore;
  71                 private DateTime notAfter;
  72
  73                 public KeyAttributesExtension () : base ()
  74                 {
  75                         extnOid = "2.5.29.2";
  76                 }
  77
  78                 public KeyAttributesExtension (ASN1 asn1) : base (asn1)
  79                 {
  80                 }
  81
  82                 public KeyAttributesExtension (X509Extension extension) : base (extension)
  83                 {
  84                 }
  85
  86                 protected override void Decode ()
  87                 {
  88                         ASN1 seq = new ASN1 (extnValue.Value);
  89                         if (seq.Tag != 0x30)
  90                                 throw new ArgumentException ("Invalid KeyAttributesExtension extension");
  91                         int n = 0;
  92                         // check for KeyIdentifier
  93                         if (n < seq.Count) {
  94                                 ASN1 item = seq [n];
  95                                 if (item.Tag == 0x04) {
  96                                         n++;
  97                                         keyId = item.Value;
  98                                 }
  99                         }
 100                         // check for KeyUsage
 101                         if (n < seq.Count) {
 102                                 ASN1 item = seq [n];
 103                                 if (item.Tag == 0x03) {
 104                                         n++;
 105                                         int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING)
 106                                         while (i < item.Value.Length)
 107                                                 kubits = (kubits << 8) + item.Value [i++];
 108                                 }
 109                         }
 110                         // check for PrivateKeyValidity
 111                         if (n < seq.Count) {
 112                                 ASN1 item = seq [n];
 113                                 if (item.Tag == 0x30) {
 114                                         int i = 0;
 115                                         if (i < item.Count) {
 116                                                 ASN1 dt = item [i];
 117                                                 if (dt.Tag == 0x81) {
 118                                                         i++;
 119                                                         notBefore = ASN1Convert.ToDateTime (dt);
 120                                                 }
 121                                         }
 122                                         if (i < item.Count) {
 123                                                 ASN1 dt = item [i];
 124                                                 if (dt.Tag == 0x82)
 125                                                         notAfter = ASN1Convert.ToDateTime (dt);
 126                                         }
 127                                 }
 128                         }
 129                 }
 130
 131                 public byte[] KeyIdentifier {
 132                         get {
 133                                 if (keyId == null)
 134                                         return null;
 135                                 return (byte[]) keyId.Clone ();
 136                         }
 137                 }
 138
 139                 public override string Name {
 140                         get { return "Key Attributes"; }
 141                 }
 142
 143                 public DateTime NotAfter {
 144                         get { return notAfter; }
 145                 }
 146
 147                 public DateTime NotBefore {
 148                         get { return notBefore; }
 149                 }
 150
 151                 public bool Support (KeyUsages usage)
 152                 {
 153                         int x = Convert.ToInt32 (usage, CultureInfo.InvariantCulture);
 154                         return ((x & kubits) == x);
 155                 }
 156
 157                 public override string ToString ()
 158                 {
 159                         StringBuilder sb = new StringBuilder ();
 160                         if (keyId != null) {
 161                                 sb.Append ("KeyID=");
 162                                 int x = 0;
 163                                 while (x < keyId.Length) {
 164                                         sb.Append (keyId [x].ToString ("X2", CultureInfo.InvariantCulture));
 165                                         if (x % 2 == 1)
 166                                                 sb.Append (" ");
 167                                         x++;
 168                                 }
 169                                 sb.Append (Environment.NewLine);
 170                         }
 171
 172                         if (kubits != 0) {
 173                                 sb.Append ("Key Usage=");
 174                                 const string separator = " , ";
 175                                 if (Support (KeyUsages.digitalSignature))
 176                                         sb.Append ("Digital Signature");
 177                                 if (Support (KeyUsages.nonRepudiation)) {
 178                                         if (sb.Length > 0)
 179                                                 sb.Append (separator);
 180                                         sb.Append ("Non-Repudiation");
 181                                 }
 182                                 if (Support (KeyUsages.keyEncipherment)) {
 183                                         if (sb.Length > 0)
 184                                                 sb.Append (separator);
 185                                         sb.Append ("Key Encipherment");
 186                                 }
 187                                 if (Support (KeyUsages.dataEncipherment)) {
 188                                         if (sb.Length > 0)
 189                                                 sb.Append (separator);
 190                                         sb.Append ("Data Encipherment");
 191                                 }
 192                                 if (Support (KeyUsages.keyAgreement)) {
 193                                         if (sb.Length > 0)
 194                                                 sb.Append (separator);
 195                                         sb.Append ("Key Agreement");
 196                                 }
 197                                 if (Support (KeyUsages.keyCertSign)) {
 198                                         if (sb.Length > 0)
 199                                                 sb.Append (separator);
 200                                         sb.Append ("Certificate Signing");
 201                                 }
 202                                 if (Support (KeyUsages.cRLSign)) {
 203                                         if (sb.Length > 0)
 204                                                 sb.Append (separator);
 205                                         sb.Append ("CRL Signing");
 206                                 }
 207                                 if (Support (KeyUsages.encipherOnly)) {
 208                                         if (sb.Length > 0)
 209                                                 sb.Append (separator);
 210                                         sb.Append ("Encipher Only ");   // ???
 211                                 }
 212                                 if (Support (KeyUsages.decipherOnly)) {
 213                                         if (sb.Length > 0)
 214                                                 sb.Append (separator);
 215                                         sb.Append ("Decipher Only");    // ???
 216                                 }
 217                                 sb.Append ("(");
 218                                 sb.Append (kubits.ToString ("X2", CultureInfo.InvariantCulture));
 219                                 sb.Append (")");
 220                                 sb.Append (Environment.NewLine);
 221                         }
 222
 223                         if (notBefore != DateTime.MinValue) {
 224                                 sb.Append ("Not Before=");
 225                                 sb.Append (notBefore.ToString (CultureInfo.CurrentUICulture));
 226                                 sb.Append (Environment.NewLine);
 227                         }
 228                         if (notAfter != DateTime.MinValue) {
 229                                 sb.Append ("Not After=");
 230                                 sb.Append (notAfter.ToString (CultureInfo.CurrentUICulture));
 231                                 sb.Append (Environment.NewLine);
 232                         }
 233                         return sb.ToString ();
 234                 }
 235         }
 236 }