2 // System.Security.Cryptography.X509Certificates.X509Chain
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2006 Novell Inc. (http://www.novell.com)
9 // Copyright (C) 2011 Xamarin Inc. (http://www.xamarin.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using MX = Mono.Security.X509;
36 extern alias MonoSecurity;
37 using MX = MonoSecurity::Mono.Security.X509;
40 using System.Collections;
43 namespace System.Security.Cryptography.X509Certificates {
45 public class X509Chain {
47 private StoreLocation location;
48 private X509ChainElementCollection elements;
49 private X509ChainPolicy policy;
50 private X509ChainStatus[] status;
52 static X509ChainStatus[] Empty = new X509ChainStatus [0];
55 private int max_path_length;
56 private X500DistinguishedName working_issuer_name;
57 // private string working_public_key_algorithm;
58 private AsymmetricAlgorithm working_public_key;
61 private X509ChainElement bce_restriction;
70 public X509Chain (bool useMachineContext)
72 location = useMachineContext ? StoreLocation.LocalMachine : StoreLocation.CurrentUser;
73 elements = new X509ChainElementCollection ();
74 policy = new X509ChainPolicy ();
77 [MonoTODO ("Mono's X509Chain is fully managed. All handles are invalid.")]
78 public X509Chain (IntPtr chainContext)
80 // CryptoAPI compatibility (unmanaged handle)
81 throw new NotSupportedException ();
86 [MonoTODO ("Mono's X509Chain is fully managed. Always returns IntPtr.Zero.")]
87 public IntPtr ChainContext {
88 get { return IntPtr.Zero; }
91 public X509ChainElementCollection ChainElements {
92 get { return elements; }
95 public X509ChainPolicy ChainPolicy {
96 get { return policy; }
97 set { policy = value; }
100 public X509ChainStatus[] ChainStatus {
110 [MonoTODO ("Not totally RFC3280 compliant, but neither is MS implementation...")]
111 public bool Build (X509Certificate2 certificate)
113 if (certificate == null)
114 throw new ArgumentException ("certificate");
117 X509ChainStatusFlags flag;
119 flag = BuildChainFrom (certificate);
120 ValidateChain (flag);
122 catch (CryptographicException ce) {
123 throw new ArgumentException ("certificate", ce);
126 X509ChainStatusFlags total = X509ChainStatusFlags.NoError;
127 ArrayList list = new ArrayList ();
128 // build "global" ChainStatus from the ChainStatus of every ChainElements
129 foreach (X509ChainElement ce in elements) {
130 foreach (X509ChainStatus cs in ce.ChainElementStatus) {
131 // we MUST avoid duplicates in the "global" list
132 if ((total & cs.Status) != cs.Status) {
138 // and if required add some
139 if (flag != X509ChainStatusFlags.NoError) {
140 list.Insert (0, new X509ChainStatus (flag));
142 status = (X509ChainStatus[]) list.ToArray (typeof (X509ChainStatus));
144 // (fast path) this ignore everything we have checked
145 if ((status.Length == 0) || (ChainPolicy.VerificationFlags == X509VerificationFlags.AllFlags))
149 // now check if exclude some verification for the "end result" (boolean)
150 foreach (X509ChainStatus cs in status) {
152 case X509ChainStatusFlags.UntrustedRoot:
153 case X509ChainStatusFlags.PartialChain:
154 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.AllowUnknownCertificateAuthority) != 0);
156 case X509ChainStatusFlags.NotTimeValid:
157 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreNotTimeValid) != 0);
159 // FIXME - from here we needs new test cases for all cases
160 case X509ChainStatusFlags.NotTimeNested:
161 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreNotTimeNested) != 0);
163 case X509ChainStatusFlags.InvalidBasicConstraints:
164 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreInvalidBasicConstraints) != 0);
166 case X509ChainStatusFlags.InvalidPolicyConstraints:
167 case X509ChainStatusFlags.NoIssuanceChainPolicy:
168 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreInvalidPolicy) != 0);
170 case X509ChainStatusFlags.InvalidNameConstraints:
171 case X509ChainStatusFlags.HasNotSupportedNameConstraint:
172 case X509ChainStatusFlags.HasNotPermittedNameConstraint:
173 case X509ChainStatusFlags.HasExcludedNameConstraint:
174 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreInvalidName) != 0);
176 case X509ChainStatusFlags.InvalidExtension:
178 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreWrongUsage) != 0);
181 // ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreRootRevocationUnknown) != 0)
182 // ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreEndRevocationUnknown) != 0)
183 case X509ChainStatusFlags.CtlNotTimeValid:
184 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreCtlNotTimeValid) != 0);
186 case X509ChainStatusFlags.CtlNotSignatureValid:
189 // ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreCtlSignerRevocationUnknown) != 0);
190 case X509ChainStatusFlags.CtlNotValidForUsage:
191 // FIXME - does IgnoreWrongUsage apply to CTL (it doesn't have Ctl in it's name like the others)
192 result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreWrongUsage) != 0);
198 // once we have one failure there's no need to check further
203 // every "problem" was excluded
209 // note: this call doesn't Reset the X509ChainPolicy
210 if ((status != null) && (status.Length != 0))
212 if (elements.Count > 0)
214 if (user_root_store != null) {
215 user_root_store.Close ();
216 user_root_store = null;
218 if (root_store != null) {
222 if (user_ca_store != null) {
223 user_ca_store.Close ();
224 user_ca_store = null;
226 if (ca_store != null) {
233 bce_restriction = null;
234 working_public_key = null;
239 public static X509Chain Create ()
242 return new X509Chain ();
244 return (X509Chain) CryptoConfig.CreateFromName ("X509Chain");
250 private X509Certificate2Collection roots;
251 private X509Certificate2Collection cas;
252 private X509Store root_store;
253 private X509Store ca_store;
254 private X509Store user_root_store;
255 private X509Store user_ca_store;
257 private X509Certificate2Collection Roots {
260 X509Certificate2Collection c = new X509Certificate2Collection ();
261 X509Store store = LMRootStore;
262 if (location == StoreLocation.CurrentUser)
263 c.AddRange (UserRootStore.Certificates);
264 c.AddRange (store.Certificates);
271 private X509Certificate2Collection CertificateAuthorities {
274 X509Certificate2Collection c = new X509Certificate2Collection ();
275 X509Store store = LMCAStore;
276 if (location == StoreLocation.CurrentUser)
277 c.AddRange (UserCAStore.Certificates);
278 c.AddRange (store.Certificates);
285 private X509Store LMRootStore {
287 if (root_store == null) {
288 root_store = new X509Store (StoreName.Root, StoreLocation.LocalMachine);
290 root_store.Open (OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
298 private X509Store UserRootStore {
300 if (user_root_store == null) {
301 user_root_store = new X509Store (StoreName.Root, StoreLocation.CurrentUser);
303 user_root_store.Open (OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
307 return user_root_store;
311 private X509Store LMCAStore {
313 if (ca_store == null) {
314 ca_store = new X509Store (StoreName.CertificateAuthority, StoreLocation.LocalMachine);
316 ca_store.Open (OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
324 private X509Store UserCAStore {
326 if (user_ca_store == null) {
327 user_ca_store = new X509Store (StoreName.CertificateAuthority, StoreLocation.CurrentUser);
329 user_ca_store.Open (OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
333 return user_ca_store;
336 // *** certificate chain/path building stuff ***
338 private X509Certificate2Collection collection;
340 // we search local user (default) or machine certificate store
341 // and in the extra certificate supplied in ChainPolicy.ExtraStore
342 private X509Certificate2Collection CertificateCollection {
344 if (collection == null) {
345 collection = new X509Certificate2Collection (ChainPolicy.ExtraStore);
346 collection.AddRange (Roots);
347 collection.AddRange (CertificateAuthorities);
353 // This is a non-recursive chain/path building algorithm.
355 // At this stage we only checks for PartialChain, Cyclic and UntrustedRoot errors are they
356 // affect the path building (other errors are verification errors).
358 // Note that the order match the one we need to match MS and not the one defined in RFC3280,
359 // we also include the trusted root certificate (trust anchor in RFC3280) in the list.
360 // (this isn't an issue, just keep that in mind if you look at the source and the RFC)
361 private X509ChainStatusFlags BuildChainFrom (X509Certificate2 certificate)
363 elements.Add (certificate);
365 while (!IsChainComplete (certificate)) {
366 certificate = FindParent (certificate);
368 if (certificate == null)
369 return X509ChainStatusFlags.PartialChain;
371 if (elements.Contains (certificate))
372 return X509ChainStatusFlags.Cyclic;
374 elements.Add (certificate);
377 // roots may be supplied (e.g. in the ExtraStore) so we need to confirm their
378 // trustiness (what a cute word) in the trusted root collection
379 if (!Roots.Contains (certificate))
380 elements [elements.Count - 1].StatusFlags |= X509ChainStatusFlags.UntrustedRoot;
382 return X509ChainStatusFlags.NoError;
386 private X509Certificate2 SelectBestFromCollection (X509Certificate2 child, X509Certificate2Collection c)
394 // multiple candidate, keep only the ones that are still valid
395 X509Certificate2Collection time_valid = c.Find (X509FindType.FindByTimeValid, ChainPolicy.VerificationTime, false);
396 switch (time_valid.Count) {
398 // that's too restrictive, let's revert and try another thing...
402 return time_valid [0];
407 // again multiple candidates, let's find the AKI that match the SKI (if we have one)
408 string aki = GetAuthorityKeyIdentifier (child);
409 if (String.IsNullOrEmpty (aki)) {
410 return time_valid [0]; // FIXME: out of luck, you get the first one
412 foreach (X509Certificate2 parent in time_valid) {
413 string ski = GetSubjectKeyIdentifier (parent);
414 // if both id are available then they must match
418 return time_valid [0]; // FIXME: out of luck, you get the first one
422 private X509Certificate2 FindParent (X509Certificate2 certificate)
424 X509Certificate2Collection subset = CertificateCollection.Find (X509FindType.FindBySubjectDistinguishedName, certificate.Issuer, false);
425 string aki = GetAuthorityKeyIdentifier (certificate);
426 if ((aki != null) && (aki.Length > 0)) {
427 subset.AddRange (CertificateCollection.Find (X509FindType.FindBySubjectKeyIdentifier, aki, false));
429 X509Certificate2 parent = SelectBestFromCollection (certificate, subset);
430 // if parent==certificate we're looping but it's not (probably) a bug and not a true cyclic (over n certs)
431 return certificate.Equals (parent) ? null : parent;
434 private bool IsChainComplete (X509Certificate2 certificate)
436 // the chain is complete if we have a self-signed certificate
437 if (!IsSelfIssued (certificate))
440 // we're very limited to what we can do without certificate extensions
441 if (certificate.Version < 3)
444 // check that Authority Key Identifier == Subject Key Identifier
445 // e.g. it will be different if a self-signed certificate is part (not the end) of the chain
446 string ski = GetSubjectKeyIdentifier (certificate);
447 if (String.IsNullOrEmpty (ski))
449 string aki = GetAuthorityKeyIdentifier (certificate);
450 if (String.IsNullOrEmpty (aki))
452 // if both id are available then they must match
456 // check for "self-issued" certificate - without verifying the signature
457 // note that self-issued doesn't always mean it's a root certificate!
458 private bool IsSelfIssued (X509Certificate2 certificate)
460 return (certificate.Issuer == certificate.Subject);
464 // *** certificate chain/path validation stuff ***
466 // Currently a subset of RFC3280 (hopefully a full implementation someday)
467 private void ValidateChain (X509ChainStatusFlags flag)
469 // 'n' should be the root certificate...
470 int n = elements.Count - 1;
471 X509Certificate2 certificate = elements [n].Certificate;
473 // ... and, if so, must be treated outside the chain...
474 if (((flag & X509ChainStatusFlags.PartialChain) == 0)) {
476 // deal with the case where the chain == the root certificate
477 // (which isn't for RFC3280) part of the chain
479 elements [0].UncompressFlags ();
482 // skip the root certificate when processing the chain (in 6.1.3)
485 // ... unless the chain is a partial one (then we start with that one)
488 // 6.1.1.a - a prospective certificate path of length n (i.e. elements)
489 // 6.1.1.b - the current date/time (i.e. ChainPolicy.VerificationTime)
490 // 6.1.1.c - user-initial-policy-set (i.e. ChainPolicy.CertificatePolicy)
491 // 6.1.1.d - the trust anchor information (i.e. certificate, unless it's a partial chain)
492 // 6.1.1.e - initial-policy-mapping-inhibit (NOT SUPPORTED BY THE API)
493 // 6.1.1.f - initial-explicit-policy (NOT SUPPORTED BY THE API)
494 // 6.1.1.g - initial-any-policy-inhibit (NOT SUPPORTED BY THE API)
496 // 6.1.2 - Initialization (incomplete)
497 // 6.1.2.a-f - policy stuff, some TODO, some not supported
498 // 6.1.2.g - working public key algorithm
499 // working_public_key_algorithm = certificate.PublicKey.Oid.Value;
500 // 6.1.2.h-i - our key contains both the "working public key" and "working public key parameters" data
501 working_public_key = certificate.PublicKey.Key;
502 // 6.1.2.j - working issuer name
503 working_issuer_name = certificate.IssuerName;
504 // 6.1.2.k - this integer is initialized to n, is decremented for each non-self-issued, certificate and
505 // may be reduced to the value in the path length constraint field
508 // 6.1.3 - Basic Certificate Processing
509 // note: loop looks reversed (the list is) but we process this part just like RFC3280 does
510 for (int i = n; i > 0; i--) {
512 // 6.1.4 - preparation for certificate i+1 (for not with i+1, or i-1 in our loop)
513 PrepareForNextCertificate (i);
517 // 6.1.3.a.3 - revocation checks
518 CheckRevocationOnChain (flag);
520 // 6.1.5 - Wrap-up procedure
524 private void Process (int n)
526 X509ChainElement element = elements [n];
527 X509Certificate2 certificate = element.Certificate;
529 // pre-step: DSA certificates may inherit the parameters of their CA
530 if ((n != elements.Count - 1) && (certificate.MonoCertificate.KeyAlgorithm == "1.2.840.10040.4.1")) {
531 if (certificate.MonoCertificate.KeyAlgorithmParameters == null) {
532 X509Certificate2 parent = elements [n+1].Certificate;
533 certificate.MonoCertificate.KeyAlgorithmParameters = parent.MonoCertificate.KeyAlgorithmParameters;
537 bool root = (working_public_key == null);
538 // 6.1.3.a.1 - check signature (with special case to deal with root certificates)
539 if (!IsSignedWith (certificate, root ? certificate.PublicKey.Key : working_public_key)) {
540 // another special case where only an end-entity is available and can't be verified.
541 // In this case we do not report an invalid signature (since this is unknown)
542 if (root || (n != elements.Count - 1) || IsSelfIssued (certificate)) {
543 element.StatusFlags |= X509ChainStatusFlags.NotSignatureValid;
547 // 6.1.3.a.2 - check validity period
548 if ((ChainPolicy.VerificationTime < certificate.NotBefore) ||
549 (ChainPolicy.VerificationTime > certificate.NotAfter)) {
550 element.StatusFlags |= X509ChainStatusFlags.NotTimeValid;
552 // TODO - for X509ChainStatusFlags.NotTimeNested (needs global structure)
554 // note: most of them don't apply to the root certificate
559 // 6.1.3.a.3 - revocation check (we're doing at the last stage)
560 // note: you revoke a trusted root by removing it from your trusted store (i.e. no CRL can do this job)
562 // 6.1.3.a.4 - check certificate issuer name
563 if (!X500DistinguishedName.AreEqual (certificate.IssuerName, working_issuer_name)) {
564 // NOTE: this is not the "right" error flag, but it's the closest one defined
565 element.StatusFlags |= X509ChainStatusFlags.InvalidNameConstraints;
568 if (!IsSelfIssued (certificate) && (n != 0)) {
569 // TODO 6.1.3.b - subject name in the permitted_subtrees ...
570 // TODO 6.1.3.c - subject name not within excluded_subtrees...
572 // TODO - check for X509ChainStatusFlags.InvalidNameConstraint
573 // TODO - check for X509ChainStatusFlags.HasNotSupportedNameConstraint
574 // TODO - check for X509ChainStatusFlags.HasNotPermittedNameConstraint
575 // TODO - check for X509ChainStatusFlags.HasExcludedNameConstraint
578 // TODO 6.1.3.d - check if certificate policies extension is present
580 // TODO - for X509ChainStatusFlags.InvalidPolicyConstraints
581 // using X509ChainPolicy.ApplicationPolicy and X509ChainPolicy.CertificatePolicy
583 // TODO - check for X509ChainStatusFlags.NoIssuanceChainPolicy
586 // TODO 6.1.3.e - set valid_policy_tree to NULL
589 // TODO 6.1.3.f - verify explict_policy > 0 if valid_policy_tree != NULL
592 // CTL == Certificate Trust List / NOT SUPPORTED
593 // TODO - check for X509ChainStatusFlags.CtlNotTimeValid
594 // TODO - check for X509ChainStatusFlags.CtlNotSignatureValid
595 // TODO - check for X509ChainStatusFlags.CtlNotValidForUsage
597 private void PrepareForNextCertificate (int n)
599 X509ChainElement element = elements [n];
600 X509Certificate2 certificate = element.Certificate;
605 working_issuer_name = certificate.SubjectName;
606 // 6.1.4.d-e - our key includes both the public key and it's parameters
607 working_public_key = certificate.PublicKey.Key;
609 // working_public_key_algorithm = certificate.PublicKey.Oid.Value;
613 // 6.1.4.k - Verify that the certificate is a CA certificate
614 X509BasicConstraintsExtension bce = (certificate.Extensions["2.5.29.19"] as X509BasicConstraintsExtension);
616 if (!bce.CertificateAuthority) {
617 element.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints;
619 } else if (certificate.Version >= 3) {
620 // recent (v3+) CA certificates must include BCE
621 element.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints;
624 // 6.1.4.l - if the certificate isn't self-issued...
625 if (!IsSelfIssued (certificate)) {
626 // ... verify that max_path_length > 0
627 if (max_path_length > 0) {
630 // to match MS the reported status must be against the certificate
631 // with the BCE and not where the path is too long. It also means
632 // that this condition has to be reported only once
633 if (bce_restriction != null) {
634 bce_restriction.StatusFlags |= X509ChainStatusFlags.InvalidBasicConstraints;
639 // 6.1.4.m - if pathLengthConstraint is present...
640 if ((bce != null) && (bce.HasPathLengthConstraint)) {
641 // ... and is less that max_path_length, set max_path_length to it's value
642 if (bce.PathLengthConstraint < max_path_length) {
643 max_path_length = bce.PathLengthConstraint;
644 bce_restriction = element;
648 // 6.1.4.n - if key usage extension is present...
649 X509KeyUsageExtension kue = (certificate.Extensions["2.5.29.15"] as X509KeyUsageExtension);
651 // ... verify keyCertSign is set
652 X509KeyUsageFlags success = X509KeyUsageFlags.KeyCertSign;
653 if ((kue.KeyUsages & success) != success)
654 element.StatusFlags |= X509ChainStatusFlags.NotValidForUsage;
657 // 6.1.4.o - recognize and process other critical extension present in the certificate
658 ProcessCertificateExtensions (element);
661 private void WrapUp ()
663 X509ChainElement element = elements [0];
664 X509Certificate2 certificate = element.Certificate;
666 // 6.1.5.a - TODO if certificate n (our 0) wasn't self issued and explicit_policy != 0
667 if (IsSelfIssued (certificate)) {
668 // TODO... decrement explicit_policy by 1
673 // 6.1.5.c,d,e - not required by the X509Chain implementation
675 // 6.1.5.f - recognize and process other critical extension present in the certificate
676 ProcessCertificateExtensions (element);
680 // uncompressed the flags into several elements
681 for (int i = elements.Count - 1; i >= 0; i--) {
682 elements [i].UncompressFlags ();
686 private void ProcessCertificateExtensions (X509ChainElement element)
688 foreach (X509Extension ext in element.Certificate.Extensions) {
690 switch (ext.Oid.Value) {
691 case "2.5.29.15": // X509KeyUsageExtension
692 case "2.5.29.19": // X509BasicConstraintsExtension
693 // we processed this extension
696 // note: Under Windows XP MS implementation seems to ignore
697 // certificate with unknown critical extensions.
698 element.StatusFlags |= X509ChainStatusFlags.InvalidExtension;
705 private bool IsSignedWith (X509Certificate2 signed, AsymmetricAlgorithm pubkey)
709 // Sadly X509Certificate2 doesn't expose the signature nor the tbs (to be signed) structure
710 MX.X509Certificate mx = signed.MonoCertificate;
711 return (mx.VerifySignature (pubkey));
714 private string GetSubjectKeyIdentifier (X509Certificate2 certificate)
716 X509SubjectKeyIdentifierExtension ski = (certificate.Extensions["2.5.29.14"] as X509SubjectKeyIdentifierExtension);
717 return (ski == null) ? String.Empty : ski.SubjectKeyIdentifier;
720 // System.dll v2 doesn't have a class to deal with the AuthorityKeyIdentifier extension
721 static string GetAuthorityKeyIdentifier (X509Certificate2 certificate)
723 return GetAuthorityKeyIdentifier (certificate.MonoCertificate.Extensions ["2.5.29.35"]);
726 // but anyway System.dll v2 doesn't expose CRL in any way so...
727 static string GetAuthorityKeyIdentifier (MX.X509Crl crl)
729 return GetAuthorityKeyIdentifier (crl.Extensions ["2.5.29.35"]);
732 static string GetAuthorityKeyIdentifier (MX.X509Extension ext)
736 MX.Extensions.AuthorityKeyIdentifierExtension aki = new MX.Extensions.AuthorityKeyIdentifierExtension (ext);
737 byte[] id = aki.Identifier;
740 StringBuilder sb = new StringBuilder ();
741 foreach (byte b in id)
742 sb.Append (b.ToString ("X02"));
743 return sb.ToString ();
746 // we check the revocation only once we have built the complete chain
747 private void CheckRevocationOnChain (X509ChainStatusFlags flag)
749 bool partial = ((flag & X509ChainStatusFlags.PartialChain) != 0);
752 switch (ChainPolicy.RevocationMode) {
753 case X509RevocationMode.Online:
757 case X509RevocationMode.Offline:
760 case X509RevocationMode.NoCheck:
763 throw new InvalidOperationException (Locale.GetText ("Invalid revocation mode."));
766 bool unknown = partial;
767 // from the root down to the end-entity
768 for (int i = elements.Count - 1; i >= 0; i--) {
771 switch (ChainPolicy.RevocationFlag) {
772 case X509RevocationFlag.EndCertificateOnly:
775 case X509RevocationFlag.EntireChain:
778 case X509RevocationFlag.ExcludeRoot:
780 check = (i != (elements.Count - 1));
781 // anyway, who's gonna sign that the root is invalid ?
785 X509ChainElement element = elements [i];
787 // we can't assume the revocation status if the certificate is bad (e.g. invalid signature)
789 unknown |= ((element.StatusFlags & X509ChainStatusFlags.NotSignatureValid) != 0);
792 // we can skip the revocation checks as we can't be sure of them anyway
793 element.StatusFlags |= X509ChainStatusFlags.RevocationStatusUnknown;
794 element.StatusFlags |= X509ChainStatusFlags.OfflineRevocation;
795 } else if (check && !partial && !IsSelfIssued (element.Certificate)) {
796 // check for revocation (except for the trusted root and self-issued certs)
797 element.StatusFlags |= CheckRevocation (element.Certificate, i+1, online);
798 // if revoked, then all others following in the chain are unknown...
799 unknown |= ((element.StatusFlags & X509ChainStatusFlags.Revoked) != 0);
804 // This isn't how RFC3280 (section 6.3) deals with CRL, but then we don't (yet) support DP, deltas...
805 private X509ChainStatusFlags CheckRevocation (X509Certificate2 certificate, int ca, bool online)
807 X509ChainStatusFlags result = X509ChainStatusFlags.RevocationStatusUnknown;
808 X509ChainElement element = elements [ca];
809 X509Certificate2 ca_cert = element.Certificate;
811 // find the CRL from the "right" CA
812 while (IsSelfIssued (ca_cert) && (ca < elements.Count - 1)) {
813 // try with this self-issued
814 result = CheckRevocation (certificate, ca_cert, online);
815 if (result != X509ChainStatusFlags.RevocationStatusUnknown)
818 element = elements [ca];
819 ca_cert = element.Certificate;
821 if (result == X509ChainStatusFlags.RevocationStatusUnknown)
822 result = CheckRevocation (certificate, ca_cert, online);
826 private X509ChainStatusFlags CheckRevocation (X509Certificate2 certificate, X509Certificate2 ca_cert, bool online)
828 // change this if/when we support OCSP
829 X509KeyUsageExtension kue = (ca_cert.Extensions["2.5.29.15"] as X509KeyUsageExtension);
831 // ... verify CrlSign is set
832 X509KeyUsageFlags success = X509KeyUsageFlags.CrlSign;
833 if ((kue.KeyUsages & success) != success) {
834 // FIXME - we should try to find an alternative CA that has the CrlSign bit
835 return X509ChainStatusFlags.RevocationStatusUnknown;
839 MX.X509Crl crl = FindCrl (ca_cert);
841 if ((crl == null) && online) {
842 // FIXME - download and install new CRL
843 // then you get a second chance
844 // crl = FindCrl (ca_cert, ref valid, ref out_of_date);
846 // We need to get the subjectAltName and an URI from there (or use OCSP)
847 // X509KeyUsageExtension subjectAltName = (ca_cert.Extensions["2.5.29.17"] as X509KeyUsageExtension);
851 // validate the digital signature on the CRL using the CA public key
852 // note #1: we can't use X509Crl.VerifySignature(X509Certificate) because it duplicates
853 // checks and we loose the "why" of the failure
854 // note #2: we do this before other tests as an invalid signature could be a hacked CRL
855 // (so anything within can't be trusted)
856 if (!crl.VerifySignature (ca_cert.PublicKey.Key)) {
857 return X509ChainStatusFlags.RevocationStatusUnknown;
860 MX.X509Crl.X509CrlEntry entry = crl.GetCrlEntry (certificate.MonoCertificate);
862 // We have an entry for this CRL that includes an unknown CRITICAL extension
863 // See [X.509 7.3] NOTE 4
864 if (!ProcessCrlEntryExtensions (entry))
865 return X509ChainStatusFlags.Revoked;
867 // FIXME - a little more is involved
868 if (entry.RevocationDate <= ChainPolicy.VerificationTime)
869 return X509ChainStatusFlags.Revoked;
872 // are we overdue for a CRL update ? if so we can't be sure of any certificate status
873 if (crl.NextUpdate < ChainPolicy.VerificationTime)
874 return X509ChainStatusFlags.RevocationStatusUnknown | X509ChainStatusFlags.OfflineRevocation;
876 // we have a CRL that includes an unknown CRITICAL extension
877 // we put this check at the end so we do not "hide" any Revoked flags
878 if (!ProcessCrlExtensions (crl)) {
879 return X509ChainStatusFlags.RevocationStatusUnknown;
882 return X509ChainStatusFlags.RevocationStatusUnknown;
885 return X509ChainStatusFlags.NoError;
888 static MX.X509Crl CheckCrls (string subject, string ski, MX.X509Store store)
893 var crls = store.Crls;
894 foreach (MX.X509Crl crl in crls) {
895 if (crl.IssuerName == subject && (ski.Length == 0 || ski == GetAuthorityKeyIdentifier (crl)))
898 return null; // No CRL found
901 private MX.X509Crl FindCrl (X509Certificate2 caCertificate)
903 string subject = caCertificate.SubjectName.Decode (X500DistinguishedNameFlags.None);
904 string ski = GetSubjectKeyIdentifier (caCertificate);
906 // consider that the LocalMachine directories could not exists... and cannot be created by the user
907 MX.X509Crl result = CheckCrls (subject, ski, LMCAStore.Store);
910 if (location == StoreLocation.CurrentUser) {
911 result = CheckCrls (subject, ski, UserCAStore.Store);
916 // consider that the LocalMachine directories could not exists... and cannot be created by the user
917 result = CheckCrls (subject, ski, LMRootStore.Store);
920 if (location == StoreLocation.CurrentUser) {
921 result = CheckCrls (subject, ski, UserRootStore.Store);
928 private bool ProcessCrlExtensions (MX.X509Crl crl)
930 foreach (MX.X509Extension ext in crl.Extensions) {
933 case "2.5.29.20": // cRLNumber
934 case "2.5.29.35": // authorityKeyIdentifier
935 // we processed/know about this extension
945 private bool ProcessCrlEntryExtensions (MX.X509Crl.X509CrlEntry entry)
947 foreach (MX.X509Extension ext in entry.Extensions) {
950 case "2.5.29.21": // cRLReason
951 // we processed/know about this extension
963 namespace System.Security.Cryptography.X509Certificates {
964 public class X509Chain {
965 public bool Build (X509Certificate2 cert)