2 // X509Certificates.cs: Handles X.509 certificates.
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
8 // (C) 2004 Novell (http://www.novell.com)
12 using System.Security.Cryptography;
13 using SSCX = System.Security.Cryptography.X509Certificates;
16 namespace Mono.Security.X509 {
19 // a. Internet X.509 Public Key Infrastructure Certificate and CRL Profile
20 // http://www.ietf.org/rfc/rfc3280.txt
21 // b. ITU ASN.1 standards (free download)
22 // http://www.itu.int/ITU-T/studygroups/com17/languages/
29 class X509Certificate {
33 private byte[] m_encodedcert;
34 private DateTime m_from;
35 private DateTime m_until;
36 private string m_issuername;
37 private string m_keyalgo;
38 private byte[] m_keyalgoparams;
39 private string m_subject;
40 private byte[] m_publickey;
41 private byte[] signature;
42 private string m_signaturealgo;
43 private byte[] m_signaturealgoparams;
44 private byte[] certhash;
46 // from http://www.ietf.org/rfc/rfc2459.txt
48 //Certificate ::= SEQUENCE {
49 // tbsCertificate TBSCertificate,
50 // signatureAlgorithm AlgorithmIdentifier,
51 // signature BIT STRING }
53 //TBSCertificate ::= SEQUENCE {
54 // version [0] Version DEFAULT v1,
55 // serialNumber CertificateSerialNumber,
56 // signature AlgorithmIdentifier,
60 // subjectPublicKeyInfo SubjectPublicKeyInfo,
61 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
62 // -- If present, version shall be v2 or v3
63 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
64 // -- If present, version shall be v2 or v3
65 // extensions [3] Extensions OPTIONAL
66 // -- If present, version shall be v3 -- }
68 private byte[] serialnumber;
70 private byte[] issuerUniqueID;
71 private byte[] subjectUniqueID;
72 private X509ExtensionCollection extensions;
74 // that's were the real job is!
75 private void Parse (byte[] data)
77 string e = "Input data cannot be coded as a valid certificate.";
79 decoder = new ASN1 (data);
81 if (decoder.Tag != 0x30)
82 throw new CryptographicException (e);
83 // Certificate / TBSCertificate
84 if (decoder [0].Tag != 0x30)
85 throw new CryptographicException (e);
87 ASN1 tbsCertificate = decoder [0];
90 // Certificate / TBSCertificate / Version
91 ASN1 v = decoder [0][tbs];
92 version = 1; // DEFAULT v1
94 // version (optional) is present only in v2+ certs
95 version += v.Value [0]; // zero based
99 // Certificate / TBSCertificate / CertificateSerialNumber
100 ASN1 sn = decoder [0][tbs++];
102 throw new CryptographicException (e);
103 serialnumber = sn.Value;
104 Array.Reverse (serialnumber, 0, serialnumber.Length);
106 // Certificate / TBSCertificate / AlgorithmIdentifier
107 ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
109 ASN1 issuer = tbsCertificate.Element (tbs++, 0x30);
110 m_issuername = X501.ToString (issuer);
112 ASN1 validity = tbsCertificate.Element (tbs++, 0x30);
113 ASN1 notBefore = validity [0];
114 m_from = ASN1Convert.ToDateTime (notBefore);
115 ASN1 notAfter = validity [1];
116 m_until = ASN1Convert.ToDateTime (notAfter);
118 ASN1 subject = tbsCertificate.Element (tbs++, 0x30);
119 m_subject = X501.ToString (subject);
121 ASN1 subjectPublicKeyInfo = tbsCertificate.Element (tbs++, 0x30);
123 ASN1 algorithm = subjectPublicKeyInfo.Element (0, 0x30);
124 ASN1 algo = algorithm.Element (0, 0x06);
125 m_keyalgo = ASN1Convert.ToOid (algo);
126 // parameters ANY DEFINED BY algorithm OPTIONAL
127 // so we dont ask for a specific (Element) type and return DER
128 ASN1 parameters = algorithm [1];
129 m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes () : null);
131 ASN1 subjectPublicKey = subjectPublicKeyInfo.Element (1, 0x03);
132 // we must drop th first byte (which is the number of unused bits
134 int n = subjectPublicKey.Length - 1;
135 m_publickey = new byte [n];
136 Buffer.BlockCopy (subjectPublicKey.Value, 1, m_publickey, 0, n);
138 // signature processing
139 byte[] bitstring = decoder [2].Value;
140 // first byte contains unused bits in first byte
141 signature = new byte [bitstring.Length - 1];
142 Buffer.BlockCopy (bitstring, 1, signature, 0, signature.Length);
144 algorithm = decoder [1];
145 algo = algorithm.Element (0, 0x06);
146 m_signaturealgo = ASN1Convert.ToOid (algo);
147 parameters = algorithm [1];
148 if (parameters != null)
149 m_signaturealgoparams = parameters.GetBytes ();
151 m_signaturealgoparams = null;
153 // Certificate / TBSCertificate / issuerUniqueID
154 ASN1 issuerUID = tbsCertificate.Element (tbs, 0xA1);
155 if (issuerUID != null) {
157 issuerUniqueID = issuerUID.Value;
160 // Certificate / TBSCertificate / subjectUniqueID
161 ASN1 subjectUID = tbsCertificate.Element (tbs, 0xA2);
162 if (subjectUID != null) {
164 subjectUniqueID = subjectUID.Value;
167 // Certificate / TBSCertificate / Extensions
168 ASN1 extns = tbsCertificate.Element (tbs, 0xA3);
169 if ((extns != null) && (extns.Count == 1))
170 extensions = new X509ExtensionCollection (extns [0]);
172 extensions = new X509ExtensionCollection (null);
174 // keep a copy of the original data
175 m_encodedcert = (byte[]) data.Clone ();
177 catch (Exception ex) {
178 throw new CryptographicException (e, ex);
184 public X509Certificate (byte[] data)
190 private byte[] GetUnsignedBigInteger (byte[] integer)
192 if (integer [0] == 0x00) {
193 // this first byte is added so we're sure it's an unsigned integer
194 // however we can't feed it into RSAParameters or DSAParameters
195 int length = integer.Length - 1;
196 byte[] uinteger = new byte [length];
197 Buffer.BlockCopy (integer, 1, uinteger, 0, length);
208 DSAParameters dsaParams = new DSAParameters ();
209 // for DSA m_publickey contains 1 ASN.1 integer - Y
210 ASN1 pubkey = new ASN1 (m_publickey);
211 if ((pubkey == null) || (pubkey.Tag != 0x02))
213 dsaParams.Y = GetUnsignedBigInteger (pubkey.Value);
215 ASN1 param = new ASN1 (m_keyalgoparams);
216 if ((param == null) || (param.Tag != 0x30) || (param.Count < 3))
218 if ((param [0].Tag != 0x02) || (param [1].Tag != 0x02) || (param [2].Tag != 0x02))
220 dsaParams.P = GetUnsignedBigInteger (param [0].Value);
221 dsaParams.Q = GetUnsignedBigInteger (param [1].Value);
222 dsaParams.G = GetUnsignedBigInteger (param [2].Value);
224 // BUG: MS BCL 1.0 can't import a key which
225 // isn't the same size as the one present in
227 DSACryptoServiceProvider dsa = new DSACryptoServiceProvider (dsaParams.Y.Length << 3);
228 dsa.ImportParameters (dsaParams);
233 public X509ExtensionCollection Extensions {
234 get { return extensions; }
239 if (certhash == null) {
240 HashAlgorithm hash = null;
241 switch (m_signaturealgo) {
242 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
243 // maybe someone installed MD2 ?
244 hash = HashAlgorithm.Create ("MD2");
246 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
247 hash = MD5.Create ();
249 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
250 case "1.3.14.3.2.29": // SHA1 with RSA signature
251 case "1.2.840.10040.4.3": // SHA1-1 with DSA
252 hash = SHA1.Create ();
257 if ((decoder == null) || (decoder.Count < 1))
259 byte[] toBeSigned = decoder [0].GetBytes ();
260 certhash = hash.ComputeHash (toBeSigned, 0, toBeSigned.Length);
262 return (byte[]) certhash.Clone ();
266 public virtual string IssuerName {
267 get { return m_issuername; }
270 public virtual string KeyAlgorithm {
271 get { return m_keyalgo; }
274 public virtual byte[] KeyAlgorithmParameters {
276 if (m_keyalgoparams == null)
278 return (byte[]) m_keyalgoparams.Clone ();
282 public virtual byte[] PublicKey {
284 if (m_publickey == null)
286 return (byte[]) m_publickey.Clone ();
290 public virtual RSA RSA {
292 RSAParameters rsaParams = new RSAParameters ();
293 // for RSA m_publickey contains 2 ASN.1 integers
294 // the modulus and the public exponent
295 ASN1 pubkey = new ASN1 (m_publickey);
296 ASN1 modulus = pubkey [0];
297 if ((modulus == null) || (modulus.Tag != 0x02))
299 ASN1 exponent = pubkey [1];
300 if (exponent.Tag != 0x02)
303 rsaParams.Modulus = GetUnsignedBigInteger (modulus.Value);
304 rsaParams.Exponent = exponent.Value;
306 // BUG: MS BCL 1.0 can't import a key which
307 // isn't the same size as the one present in
309 int keySize = (rsaParams.Modulus.Length << 3);
310 RSACryptoServiceProvider rsa = new RSACryptoServiceProvider (keySize);
311 rsa.ImportParameters (rsaParams);
316 public virtual byte[] RawData {
317 get { return (byte[]) m_encodedcert.Clone (); }
320 public virtual byte[] SerialNumber {
322 if (serialnumber == null)
324 return (byte[]) serialnumber.Clone ();
328 public virtual byte[] Signature {
330 if (signature == null)
333 switch (m_signaturealgo) {
334 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
335 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
336 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
337 case "1.3.14.3.2.29": // SHA1 with RSA signature
338 return (byte[]) signature.Clone ();
340 case "1.2.840.10040.4.3": // SHA-1 with DSA
341 ASN1 sign = new ASN1 (signature);
342 if ((sign == null) || (sign.Count != 2))
344 // parts may be less than 20 bytes (i.e. first bytes were 0x00)
345 byte[] part1 = sign [0].Value;
346 byte[] part2 = sign [1].Value;
347 byte[] sig = new byte [40];
348 Buffer.BlockCopy (part1, 0, sig, (20 - part1.Length), part1.Length);
349 Buffer.BlockCopy (part2, 0, sig, (40 - part2.Length), part2.Length);
353 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
358 public virtual string SignatureAlgorithm {
359 get { return m_signaturealgo; }
362 public virtual byte[] SignatureAlgorithmParameters {
364 if (m_signaturealgoparams == null)
365 return m_signaturealgoparams;
366 return (byte[]) m_signaturealgoparams.Clone ();
370 public virtual string SubjectName {
371 get { return m_subject; }
374 public virtual DateTime ValidFrom {
375 get { return m_from; }
378 public virtual DateTime ValidUntil {
379 get { return m_until; }
383 get { return version; }
386 public bool IsCurrent {
387 get { return WasCurrent (DateTime.UtcNow); }
390 public bool WasCurrent (DateTime instant)
392 return ((instant > ValidFrom) && (instant <= ValidUntil));
395 internal bool VerifySignature (DSA dsa)
397 // signatureOID is check by both this.Hash and this.Signature
398 DSASignatureDeformatter v = new DSASignatureDeformatter (dsa);
399 // only SHA-1 is supported
400 v.SetHashAlgorithm ("SHA1");
401 return v.VerifySignature (this.Hash, this.Signature);
404 internal bool VerifySignature (RSA rsa)
406 RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter (rsa);
407 switch (m_signaturealgo) {
408 // MD2 with RSA encryption
409 case "1.2.840.113549.1.1.2":
410 // maybe someone installed MD2 ?
411 v.SetHashAlgorithm ("MD2");
413 // MD5 with RSA encryption
414 case "1.2.840.113549.1.1.4":
415 v.SetHashAlgorithm ("MD5");
417 // SHA-1 with RSA Encryption
418 case "1.2.840.113549.1.1.5":
419 case "1.3.14.3.2.29":
420 v.SetHashAlgorithm ("SHA1");
423 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
425 return v.VerifySignature (this.Hash, this.Signature);
428 public bool VerifySignature (AsymmetricAlgorithm aa)
431 throw new ArgumentNullException ("aa");
434 return VerifySignature (aa as RSA);
436 return VerifySignature (aa as DSA);
438 throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ());
441 public bool CheckSignature (byte[] hash, string hashAlgorithm, byte[] signature)
443 RSACryptoServiceProvider r = (RSACryptoServiceProvider) RSA;
444 return r.VerifyHash (hash, hashAlgorithm, signature);
447 public bool IsSelfSigned {
449 if (m_issuername == m_subject)
450 return VerifySignature (RSA);