2 // System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension
5 // Tim Coleman (tim@timcoleman.com)
6 // Sebastien Pouliot <sebastien@ximian.com>
8 // Copyright (C) Tim Coleman, 2004
9 // Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
35 using Mono.Security.Cryptography;
37 extern alias MonoSecurity;
38 using MonoSecurity::Mono.Security;
39 using MonoSecurity::Mono.Security.Cryptography;
44 namespace System.Security.Cryptography.X509Certificates {
46 public sealed class X509SubjectKeyIdentifierExtension : X509Extension {
48 internal const string oid = "2.5.29.14";
49 internal const string friendlyName = "Subject Key Identifier";
51 private byte[] _subjectKeyIdentifier;
53 private AsnDecodeStatus _status;
57 public X509SubjectKeyIdentifierExtension ()
59 _oid = new Oid (oid, friendlyName);
62 public X509SubjectKeyIdentifierExtension (AsnEncodedData encodedSubjectKeyIdentifier, bool critical)
64 // ignore the Oid provided by encodedKeyUsage (our rules!)
65 _oid = new Oid (oid, friendlyName);
66 _raw = encodedSubjectKeyIdentifier.RawData;
67 base.Critical = critical;
68 _status = Decode (this.RawData);
71 public X509SubjectKeyIdentifierExtension (byte[] subjectKeyIdentifier, bool critical)
73 if (subjectKeyIdentifier == null)
74 throw new ArgumentNullException ("subjectKeyIdentifier");
75 if (subjectKeyIdentifier.Length == 0)
76 throw new ArgumentException ("subjectKeyIdentifier");
78 _oid = new Oid (oid, friendlyName);
79 base.Critical = critical;
80 _subjectKeyIdentifier = (byte[])subjectKeyIdentifier.Clone ();
84 public X509SubjectKeyIdentifierExtension (string subjectKeyIdentifier, bool critical)
86 if (subjectKeyIdentifier == null)
87 throw new ArgumentNullException ("subjectKeyIdentifier");
88 if (subjectKeyIdentifier.Length < 2)
89 throw new ArgumentException ("subjectKeyIdentifier");
91 _oid = new Oid (oid, friendlyName);
92 base.Critical = critical;
93 _subjectKeyIdentifier = FromHex (subjectKeyIdentifier);
97 public X509SubjectKeyIdentifierExtension (PublicKey key, bool critical)
98 : this (key, X509SubjectKeyIdentifierHashAlgorithm.Sha1, critical)
102 public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
105 throw new ArgumentNullException ("key");
107 byte[] pkraw = key.EncodedKeyValue.RawData;
110 // hash of the public key, excluding Tag, Length and unused bits values
111 case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
112 _subjectKeyIdentifier = SHA1.Create ().ComputeHash (pkraw);
114 // 0100 bit pattern followed by the 60 last bit of the hash
115 case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
116 byte[] hash = SHA1.Create ().ComputeHash (pkraw);
117 _subjectKeyIdentifier = new byte [8];
118 Buffer.BlockCopy (hash, 12, _subjectKeyIdentifier, 0, 8);
119 _subjectKeyIdentifier [0] = (byte) (0x40 | (_subjectKeyIdentifier [0] & 0x0F));
121 // hash of the public key, including Tag, Length and unused bits values
122 case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1:
123 // CryptoAPI does that hash on the complete subjectPublicKeyInfo (unlike PKIX)
124 // http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain
125 ASN1 subjectPublicKeyInfo = new ASN1 (0x30);
126 ASN1 algo = subjectPublicKeyInfo.Add (new ASN1 (0x30));
127 algo.Add (new ASN1 (CryptoConfig.EncodeOID (key.Oid.Value)));
128 algo.Add (new ASN1 (key.EncodedParameters.RawData));
129 // add an extra byte for the unused bits (none)
130 byte[] full = new byte [pkraw.Length + 1];
131 Buffer.BlockCopy (pkraw, 0, full, 1, pkraw.Length);
132 subjectPublicKeyInfo.Add (new ASN1 (0x03, full));
133 _subjectKeyIdentifier = SHA1.Create ().ComputeHash (subjectPublicKeyInfo.GetBytes ());
136 throw new ArgumentException ("algorithm");
139 _oid = new Oid (oid, friendlyName);
140 base.Critical = critical;
146 public string SubjectKeyIdentifier {
149 case AsnDecodeStatus.Ok:
150 case AsnDecodeStatus.InformationNotAvailable:
151 if (_subjectKeyIdentifier != null)
152 _ski = CryptoConvert.ToHex (_subjectKeyIdentifier);
155 throw new CryptographicException ("Badly encoded extension.");
162 public override void CopyFrom (AsnEncodedData encodedData)
164 if (encodedData == null)
165 throw new ArgumentNullException ("encodedData");
167 X509Extension ex = (encodedData as X509Extension);
169 throw new ArgumentException (Locale.GetText ("Wrong type."), "encodedData");
172 _oid = new Oid (oid, friendlyName);
174 _oid = new Oid (ex._oid);
176 RawData = ex.RawData;
177 base.Critical = ex.Critical;
178 // and we deal with the rest later
179 _status = Decode (this.RawData);
184 static internal byte FromHexChar (char c)
186 if ((c >= 'a') && (c <= 'f'))
187 return (byte) (c - 'a' + 10);
188 if ((c >= 'A') && (c <= 'F'))
189 return (byte) (c - 'A' + 10);
190 if ((c >= '0') && (c <= '9'))
191 return (byte) (c - '0');
195 static internal byte FromHexChars (char c1, char c2)
197 byte result = FromHexChar (c1);
199 result = (byte) ((result << 4) | FromHexChar (c2));
203 static internal byte[] FromHex (string hex)
205 // here we can't use CryptoConvert.FromHex because we
206 // must convert any *illegal* (non hex) 2 characters
207 // to 'FF' and ignore last char on odd length
211 int length = hex.Length >> 1;
213 byte[] result = new byte [length]; // + (odd ? 1 : 0)];
217 result [n++] = FromHexChars (hex [i++], hex [i++]);
222 internal AsnDecodeStatus Decode (byte[] extension)
224 if ((extension == null) || (extension.Length == 0))
225 return AsnDecodeStatus.BadAsn;
227 if (extension [0] != 0x04)
228 return AsnDecodeStatus.BadTag;
229 if (extension.Length == 2)
230 return AsnDecodeStatus.InformationNotAvailable;
231 if (extension.Length < 3)
232 return AsnDecodeStatus.BadLength;
235 ASN1 ex = new ASN1 (extension);
236 _subjectKeyIdentifier = ex.Value;
239 return AsnDecodeStatus.BadAsn;
242 return AsnDecodeStatus.Ok;
245 internal byte[] Encode ()
247 ASN1 ex = new ASN1 (0x04, _subjectKeyIdentifier);
248 return ex.GetBytes ();
251 internal override string ToString (bool multiLine)
254 case AsnDecodeStatus.BadAsn:
256 case AsnDecodeStatus.BadTag:
257 case AsnDecodeStatus.BadLength:
258 return FormatUnkownData (_raw);
259 case AsnDecodeStatus.InformationNotAvailable:
260 return "Information Not Available";
263 if (_oid.Value != oid)
264 return String.Format ("Unknown Key Usage ({0})", _oid.Value);
266 StringBuilder sb = new StringBuilder ();
268 for (int i=0; i < _subjectKeyIdentifier.Length; i++) {
269 sb.Append (_subjectKeyIdentifier [i].ToString ("x2"));
270 if (i != _subjectKeyIdentifier.Length - 1)
275 sb.Append (Environment.NewLine);
277 return sb.ToString ();