2 // System.Security.Cryptography.X509Certificates.X509Certificate2Collection class
5 // Sebastien Pouliot <sebastien@ximian.com>
6 // Tim Coleman (tim@timcoleman.com)
8 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
9 // Copyright (C) Tim Coleman, 2004
10 // Copyright (C) 2005, 2006 Novell Inc. (http://www.novell.com)
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Collections;
35 using System.Globalization;
37 namespace System.Security.Cryptography.X509Certificates {
39 public class X509Certificate2Collection : X509CertificateCollection {
43 public X509Certificate2Collection ()
47 public X509Certificate2Collection (X509Certificate2Collection certificates)
49 AddRange (certificates);
52 public X509Certificate2Collection (X509Certificate2 certificate)
57 public X509Certificate2Collection (X509Certificate2[] certificates)
59 AddRange (certificates);
64 public new X509Certificate2 this [int index] {
67 throw new ArgumentOutOfRangeException ("negative index");
68 if (index >= InnerList.Count)
69 throw new ArgumentOutOfRangeException ("index >= Count");
70 return (X509Certificate2) InnerList [index];
72 set { InnerList [index] = value; }
77 public int Add (X509Certificate2 certificate)
79 if (certificate == null)
80 throw new ArgumentNullException ("certificate");
82 return InnerList.Add (certificate);
85 [MonoTODO ("Method isn't transactional (like documented)")]
86 public void AddRange (X509Certificate2[] certificates)
88 if (certificates == null)
89 throw new ArgumentNullException ("certificates");
91 for (int i=0; i < certificates.Length; i++)
92 InnerList.Add (certificates [i]);
95 [MonoTODO ("Method isn't transactional (like documented)")]
96 public void AddRange (X509Certificate2Collection certificates)
98 if (certificates == null)
99 throw new ArgumentNullException ("certificates");
101 InnerList.AddRange (certificates);
104 public bool Contains (X509Certificate2 certificate)
106 if (certificate == null)
107 throw new ArgumentNullException ("certificate");
109 foreach (X509Certificate2 c in InnerList) {
110 if (c.Equals (certificate))
116 [MonoTODO ("only support X509ContentType.Cert")]
117 public byte[] Export (X509ContentType contentType)
119 return Export (contentType, null);
122 [MonoTODO ("only support X509ContentType.Cert")]
123 public byte[] Export (X509ContentType contentType, string password)
125 switch (contentType) {
126 case X509ContentType.Cert:
127 case X509ContentType.Pfx: // this includes Pkcs12
128 case X509ContentType.SerializedCert:
129 // if multiple certificates are present we only export the last one
131 return this [Count - 1].Export (contentType, password);
133 case X509ContentType.Pkcs7:
136 case X509ContentType.SerializedStore:
140 // this includes Authenticode, Unknown and bad values
141 string msg = Locale.GetText ("Cannot export certificate(s) to the '{0}' format", contentType);
142 throw new CryptographicException (msg);
147 static string[] newline_split = new string[] { Environment.NewLine };
149 [MonoTODO ("Does not support X509FindType.FindByTemplateName, FindByApplicationPolicy and FindByCertificatePolicy")]
150 public X509Certificate2Collection Find (X509FindType findType, object findValue, bool validOnly)
152 if (findValue == null)
153 throw new ArgumentNullException ("findValue");
155 string str = String.Empty;
156 string oid = String.Empty;
157 X509KeyUsageFlags ku = X509KeyUsageFlags.None;
158 DateTime dt = DateTime.MinValue;
161 case X509FindType.FindByThumbprint:
162 case X509FindType.FindBySubjectName:
163 case X509FindType.FindBySubjectDistinguishedName:
164 case X509FindType.FindByIssuerName:
165 case X509FindType.FindByIssuerDistinguishedName:
166 case X509FindType.FindBySerialNumber:
167 case X509FindType.FindByTemplateName:
168 case X509FindType.FindBySubjectKeyIdentifier:
170 str = (string) findValue;
172 catch (Exception e) {
173 string msg = Locale.GetText ("Invalid find value type '{0}', expected '{1}'.",
174 findValue.GetType (), "string");
175 throw new CryptographicException (msg, e);
178 case X509FindType.FindByApplicationPolicy:
179 case X509FindType.FindByCertificatePolicy:
180 case X509FindType.FindByExtension:
182 oid = (string) findValue;
184 catch (Exception e) {
185 string msg = Locale.GetText ("Invalid find value type '{0}', expected '{1}'.",
186 findValue.GetType (), "X509KeyUsageFlags");
187 throw new CryptographicException (msg, e);
191 CryptoConfig.EncodeOID (oid);
193 catch (CryptographicUnexpectedOperationException) {
194 string msg = Locale.GetText ("Invalid OID value '{0}'.", oid);
195 throw new ArgumentException ("findValue", msg);
198 case X509FindType.FindByKeyUsage:
200 ku = (X509KeyUsageFlags) findValue;
202 catch (Exception e) {
203 string msg = Locale.GetText ("Invalid find value type '{0}', expected '{1}'.",
204 findValue.GetType (), "X509KeyUsageFlags");
205 throw new CryptographicException (msg, e);
208 case X509FindType.FindByTimeValid:
209 case X509FindType.FindByTimeNotYetValid:
210 case X509FindType.FindByTimeExpired:
212 dt = (DateTime) findValue;
214 catch (Exception e) {
215 string msg = Locale.GetText ("Invalid find value type '{0}', expected '{1}'.",
216 findValue.GetType (), "X509DateTime");
217 throw new CryptographicException (msg,e );
222 string msg = Locale.GetText ("Invalid find type '{0}'.", findType);
223 throw new CryptographicException (msg);
227 CultureInfo cinv = CultureInfo.InvariantCulture;
228 X509Certificate2Collection results = new X509Certificate2Collection ();
229 foreach (X509Certificate2 x in InnerList) {
230 bool value_match = false;
233 case X509FindType.FindByThumbprint:
234 // works with Thumbprint, GetCertHashString in both normal (upper) and lower case
235 value_match = ((String.Compare (str, x.Thumbprint, true, cinv) == 0) ||
236 (String.Compare (str, x.GetCertHashString (), true, cinv) == 0));
238 case X509FindType.FindBySubjectName:
239 string [] names = x.SubjectName.Format (true).Split (newline_split, StringSplitOptions.RemoveEmptyEntries);
240 foreach (string name in names) {
241 int pos = name.IndexOf ('=');
242 value_match = (name.IndexOf (str, pos, StringComparison.InvariantCultureIgnoreCase) >= 0);
247 case X509FindType.FindBySubjectDistinguishedName:
248 value_match = (String.Compare (str, x.Subject, true, cinv) == 0);
250 case X509FindType.FindByIssuerName:
251 string iname = x.GetNameInfo (X509NameType.SimpleName, true);
252 value_match = (iname.IndexOf (str, StringComparison.InvariantCultureIgnoreCase) >= 0);
254 case X509FindType.FindByIssuerDistinguishedName:
255 value_match = (String.Compare (str, x.Issuer, true, cinv) == 0);
257 case X509FindType.FindBySerialNumber:
258 value_match = (String.Compare (str, x.SerialNumber, true, cinv) == 0);
260 case X509FindType.FindByTemplateName:
261 // TODO - find a valid test case
263 case X509FindType.FindBySubjectKeyIdentifier:
264 X509SubjectKeyIdentifierExtension ski = (x.Extensions ["2.5.29.14"] as X509SubjectKeyIdentifierExtension);
266 value_match = (String.Compare (str, ski.SubjectKeyIdentifier, true, cinv) == 0);
269 case X509FindType.FindByApplicationPolicy:
270 // note: include when no extensions are present (even if v3)
271 value_match = (x.Extensions.Count == 0);
272 // TODO - find test case with extension
274 case X509FindType.FindByCertificatePolicy:
275 // TODO - find test case with extension
277 case X509FindType.FindByExtension:
278 value_match = (x.Extensions [oid] != null);
280 case X509FindType.FindByKeyUsage:
281 X509KeyUsageExtension kue = (x.Extensions ["2.5.29.15"] as X509KeyUsageExtension);
283 // key doesn't have any hard coded limitations
284 // note: MS doesn't check for ExtendedKeyUsage
287 value_match = ((kue.KeyUsages & ku) == ku);
290 case X509FindType.FindByTimeValid:
291 value_match = ((dt >= x.NotBefore) && (dt <= x.NotAfter));
293 case X509FindType.FindByTimeNotYetValid:
294 value_match = (dt < x.NotBefore);
296 case X509FindType.FindByTimeExpired:
297 value_match = (dt > x.NotAfter);
318 public new X509Certificate2Enumerator GetEnumerator ()
320 return new X509Certificate2Enumerator (this);
323 [MonoTODO ("same limitations as X509Certificate2.Import")]
324 public void Import (byte[] rawData)
326 // FIXME: can it import multiple certificates, e.g. a pkcs7 file ?
327 X509Certificate2 cert = new X509Certificate2 ();
328 cert.Import (rawData);
332 [MonoTODO ("same limitations as X509Certificate2.Import")]
333 public void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
335 // FIXME: can it import multiple certificates, e.g. a pkcs7 file ?
336 X509Certificate2 cert = new X509Certificate2 ();
337 cert.Import (rawData, password, keyStorageFlags);
341 [MonoTODO ("same limitations as X509Certificate2.Import")]
342 public void Import (string fileName)
344 // FIXME: can it import multiple certificates, e.g. a pkcs7 file ?
345 X509Certificate2 cert = new X509Certificate2 ();
346 cert.Import (fileName);
350 [MonoTODO ("same limitations as X509Certificate2.Import")]
351 public void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
353 // FIXME: can it import multiple certificates, e.g. a pkcs7 file ?
354 X509Certificate2 cert = new X509Certificate2 ();
355 cert.Import (fileName, password, keyStorageFlags);
359 public void Insert (int index, X509Certificate2 certificate)
361 if (certificate == null)
362 throw new ArgumentNullException ("certificate");
364 throw new ArgumentOutOfRangeException ("negative index");
365 if (index >= InnerList.Count)
366 throw new ArgumentOutOfRangeException ("index >= Count");
368 InnerList.Insert (index, certificate);
371 public void Remove (X509Certificate2 certificate)
373 if (certificate == null)
374 throw new ArgumentNullException ("certificate");
376 for (int i=0; i < InnerList.Count; i++) {
377 X509Certificate c = (X509Certificate) InnerList [i];
378 if (c.Equals (certificate)) {
379 InnerList.RemoveAt (i);
380 // only first instance is removed
386 [MonoTODO ("Method isn't transactional (like documented)")]
387 public void RemoveRange (X509Certificate2[] certificates)
389 if (certificates == null)
390 throw new ArgumentNullException ("certificate");
392 foreach (X509Certificate2 x in certificates)
396 [MonoTODO ("Method isn't transactional (like documented)")]
397 public void RemoveRange (X509Certificate2Collection certificates)
399 if (certificates == null)
400 throw new ArgumentNullException ("certificate");
402 foreach (X509Certificate2 x in certificates)