2 // X509Certificates.cs: Handles X.509 certificates.
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2006 Novell, Inc (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using System.Runtime.Serialization;
32 using System.Security.Cryptography;
33 using SSCX = System.Security.Cryptography.X509Certificates;
34 using System.Security.Permissions;
37 namespace Mono.Security.X509 {
40 // a. Internet X.509 Public Key Infrastructure Certificate and CRL Profile
41 // http://www.ietf.org/rfc/rfc3280.txt
42 // b. ITU ASN.1 standards (free download)
43 // http://www.itu.int/ITU-T/studygroups/com17/languages/
46 internal class X509Certificate : ISerializable {
48 public class X509Certificate : ISerializable {
50 public class X509Certificate {
55 private byte[] m_encodedcert;
56 private DateTime m_from;
57 private DateTime m_until;
58 private string m_issuername;
59 private string m_keyalgo;
60 private byte[] m_keyalgoparams;
61 private string m_subject;
62 private byte[] m_publickey;
63 private byte[] signature;
64 private string m_signaturealgo;
65 private byte[] m_signaturealgoparams;
66 private byte[] certhash;
70 // from http://www.ietf.org/rfc/rfc2459.txt
72 //Certificate ::= SEQUENCE {
73 // tbsCertificate TBSCertificate,
74 // signatureAlgorithm AlgorithmIdentifier,
75 // signature BIT STRING }
77 //TBSCertificate ::= SEQUENCE {
78 // version [0] Version DEFAULT v1,
79 // serialNumber CertificateSerialNumber,
80 // signature AlgorithmIdentifier,
84 // subjectPublicKeyInfo SubjectPublicKeyInfo,
85 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
86 // -- If present, version shall be v2 or v3
87 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
88 // -- If present, version shall be v2 or v3
89 // extensions [3] Extensions OPTIONAL
90 // -- If present, version shall be v3 -- }
92 private byte[] serialnumber;
94 // private byte[] issuerUniqueID;
95 // private byte[] subjectUniqueID;
96 private X509ExtensionCollection extensions;
98 // that's were the real job is!
99 private void Parse (byte[] data)
101 string e = "Input data cannot be coded as a valid certificate.";
103 decoder = new ASN1 (data);
105 if (decoder.Tag != 0x30)
106 throw new CryptographicException (e);
107 // Certificate / TBSCertificate
108 if (decoder [0].Tag != 0x30)
109 throw new CryptographicException (e);
111 ASN1 tbsCertificate = decoder [0];
114 // Certificate / TBSCertificate / Version
115 ASN1 v = decoder [0][tbs];
116 version = 1; // DEFAULT v1
117 if ((v.Tag == 0xA0) && (v.Count > 0)) {
118 // version (optional) is present only in v2+ certs
119 version += v [0].Value [0]; // zero based
123 // Certificate / TBSCertificate / CertificateSerialNumber
124 ASN1 sn = decoder [0][tbs++];
126 throw new CryptographicException (e);
127 serialnumber = sn.Value;
128 Array.Reverse (serialnumber, 0, serialnumber.Length);
130 // Certificate / TBSCertificate / AlgorithmIdentifier
132 // ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
134 ASN1 issuer = tbsCertificate.Element (tbs++, 0x30);
135 m_issuername = X501.ToString (issuer);
137 ASN1 validity = tbsCertificate.Element (tbs++, 0x30);
138 ASN1 notBefore = validity [0];
139 m_from = ASN1Convert.ToDateTime (notBefore);
140 ASN1 notAfter = validity [1];
141 m_until = ASN1Convert.ToDateTime (notAfter);
143 ASN1 subject = tbsCertificate.Element (tbs++, 0x30);
144 m_subject = X501.ToString (subject);
146 ASN1 subjectPublicKeyInfo = tbsCertificate.Element (tbs++, 0x30);
148 ASN1 algorithm = subjectPublicKeyInfo.Element (0, 0x30);
149 ASN1 algo = algorithm.Element (0, 0x06);
150 m_keyalgo = ASN1Convert.ToOid (algo);
151 // parameters ANY DEFINED BY algorithm OPTIONAL
152 // so we dont ask for a specific (Element) type and return DER
153 ASN1 parameters = algorithm [1];
154 m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes () : null);
156 ASN1 subjectPublicKey = subjectPublicKeyInfo.Element (1, 0x03);
157 // we must drop th first byte (which is the number of unused bits
159 int n = subjectPublicKey.Length - 1;
160 m_publickey = new byte [n];
161 Buffer.BlockCopy (subjectPublicKey.Value, 1, m_publickey, 0, n);
163 // signature processing
164 byte[] bitstring = decoder [2].Value;
165 // first byte contains unused bits in first byte
166 signature = new byte [bitstring.Length - 1];
167 Buffer.BlockCopy (bitstring, 1, signature, 0, signature.Length);
169 algorithm = decoder [1];
170 algo = algorithm.Element (0, 0x06);
171 m_signaturealgo = ASN1Convert.ToOid (algo);
172 parameters = algorithm [1];
173 if (parameters != null)
174 m_signaturealgoparams = parameters.GetBytes ();
176 m_signaturealgoparams = null;
178 // Certificate / TBSCertificate / issuerUniqueID
179 ASN1 issuerUID = tbsCertificate.Element (tbs, 0xA1);
180 if (issuerUID != null) {
182 // issuerUniqueID = issuerUID.Value;
185 // Certificate / TBSCertificate / subjectUniqueID
186 ASN1 subjectUID = tbsCertificate.Element (tbs, 0xA2);
187 if (subjectUID != null) {
189 // subjectUniqueID = subjectUID.Value;
192 // Certificate / TBSCertificate / Extensions
193 ASN1 extns = tbsCertificate.Element (tbs, 0xA3);
194 if ((extns != null) && (extns.Count == 1))
195 extensions = new X509ExtensionCollection (extns [0]);
197 extensions = new X509ExtensionCollection (null);
199 // keep a copy of the original data
200 m_encodedcert = (byte[]) data.Clone ();
202 catch (Exception ex) {
203 throw new CryptographicException (e, ex);
209 public X509Certificate (byte[] data)
215 private byte[] GetUnsignedBigInteger (byte[] integer)
217 if (integer [0] == 0x00) {
218 // this first byte is added so we're sure it's an unsigned integer
219 // however we can't feed it into RSAParameters or DSAParameters
220 int length = integer.Length - 1;
221 byte[] uinteger = new byte [length];
222 Buffer.BlockCopy (integer, 1, uinteger, 0, length);
234 DSAParameters dsaParams = new DSAParameters ();
235 // for DSA m_publickey contains 1 ASN.1 integer - Y
236 ASN1 pubkey = new ASN1 (m_publickey);
237 if ((pubkey == null) || (pubkey.Tag != 0x02))
239 dsaParams.Y = GetUnsignedBigInteger (pubkey.Value);
241 ASN1 param = new ASN1 (m_keyalgoparams);
242 if ((param == null) || (param.Tag != 0x30) || (param.Count < 3))
244 if ((param [0].Tag != 0x02) || (param [1].Tag != 0x02) || (param [2].Tag != 0x02))
246 dsaParams.P = GetUnsignedBigInteger (param [0].Value);
247 dsaParams.Q = GetUnsignedBigInteger (param [1].Value);
248 dsaParams.G = GetUnsignedBigInteger (param [2].Value);
250 // BUG: MS BCL 1.0 can't import a key which
251 // isn't the same size as the one present in
253 _dsa = (DSA) new DSACryptoServiceProvider (dsaParams.Y.Length << 3);
254 _dsa.ImportParameters (dsaParams);
267 public X509ExtensionCollection Extensions {
268 get { return extensions; }
273 if (certhash == null) {
274 HashAlgorithm hash = null;
275 switch (m_signaturealgo) {
276 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
277 // maybe someone installed MD2 ?
279 hash = HashAlgorithm.Create ("MD2");
281 hash = Mono.Security.Cryptography.MD2.Create ();
284 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
285 hash = MD5.Create ();
287 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
288 case "1.3.14.3.2.29": // SHA1 with RSA signature
289 case "1.2.840.10040.4.3": // SHA1-1 with DSA
290 hash = SHA1.Create ();
295 if ((decoder == null) || (decoder.Count < 1))
297 byte[] toBeSigned = decoder [0].GetBytes ();
298 certhash = hash.ComputeHash (toBeSigned, 0, toBeSigned.Length);
300 return (byte[]) certhash.Clone ();
304 public virtual string IssuerName {
305 get { return m_issuername; }
308 public virtual string KeyAlgorithm {
309 get { return m_keyalgo; }
312 public virtual byte[] KeyAlgorithmParameters {
314 if (m_keyalgoparams == null)
316 return (byte[]) m_keyalgoparams.Clone ();
320 public virtual byte[] PublicKey {
322 if (m_publickey == null)
324 return (byte[]) m_publickey.Clone ();
328 public virtual RSA RSA {
331 RSAParameters rsaParams = new RSAParameters ();
332 // for RSA m_publickey contains 2 ASN.1 integers
333 // the modulus and the public exponent
334 ASN1 pubkey = new ASN1 (m_publickey);
335 ASN1 modulus = pubkey [0];
336 if ((modulus == null) || (modulus.Tag != 0x02))
338 ASN1 exponent = pubkey [1];
339 if (exponent.Tag != 0x02)
342 rsaParams.Modulus = GetUnsignedBigInteger (modulus.Value);
343 rsaParams.Exponent = exponent.Value;
345 // BUG: MS BCL 1.0 can't import a key which
346 // isn't the same size as the one present in
348 int keySize = (rsaParams.Modulus.Length << 3);
349 _rsa = (RSA) new RSACryptoServiceProvider (keySize);
350 _rsa.ImportParameters (rsaParams);
363 public virtual byte[] RawData {
365 if (m_encodedcert == null)
367 return (byte[]) m_encodedcert.Clone ();
371 public virtual byte[] SerialNumber {
373 if (serialnumber == null)
375 return (byte[]) serialnumber.Clone ();
379 public virtual byte[] Signature {
381 if (signature == null)
384 switch (m_signaturealgo) {
385 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
386 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
387 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
388 case "1.3.14.3.2.29": // SHA1 with RSA signature
389 return (byte[]) signature.Clone ();
391 case "1.2.840.10040.4.3": // SHA-1 with DSA
392 ASN1 sign = new ASN1 (signature);
393 if ((sign == null) || (sign.Count != 2))
395 // parts may be less than 20 bytes (i.e. first bytes were 0x00)
396 byte[] part1 = sign [0].Value;
397 byte[] part2 = sign [1].Value;
398 byte[] sig = new byte [40];
399 Buffer.BlockCopy (part1, 0, sig, (20 - part1.Length), part1.Length);
400 Buffer.BlockCopy (part2, 0, sig, (40 - part2.Length), part2.Length);
404 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
409 public virtual string SignatureAlgorithm {
410 get { return m_signaturealgo; }
413 public virtual byte[] SignatureAlgorithmParameters {
415 if (m_signaturealgoparams == null)
416 return m_signaturealgoparams;
417 return (byte[]) m_signaturealgoparams.Clone ();
421 public virtual string SubjectName {
422 get { return m_subject; }
425 public virtual DateTime ValidFrom {
426 get { return m_from; }
429 public virtual DateTime ValidUntil {
430 get { return m_until; }
434 get { return version; }
437 public bool IsCurrent {
438 get { return WasCurrent (DateTime.Now); }
441 public bool WasCurrent (DateTime instant)
443 return ((instant > ValidFrom) && (instant <= ValidUntil));
446 internal bool VerifySignature (DSA dsa)
448 // signatureOID is check by both this.Hash and this.Signature
449 DSASignatureDeformatter v = new DSASignatureDeformatter (dsa);
450 // only SHA-1 is supported
451 v.SetHashAlgorithm ("SHA1");
452 return v.VerifySignature (this.Hash, this.Signature);
455 internal bool VerifySignature (RSA rsa)
457 RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter (rsa);
458 switch (m_signaturealgo) {
459 // MD2 with RSA encryption
460 case "1.2.840.113549.1.1.2":
461 // maybe someone installed MD2 ?
462 v.SetHashAlgorithm ("MD2");
464 // MD5 with RSA encryption
465 case "1.2.840.113549.1.1.4":
466 v.SetHashAlgorithm ("MD5");
468 // SHA-1 with RSA Encryption
469 case "1.2.840.113549.1.1.5":
470 case "1.3.14.3.2.29":
471 v.SetHashAlgorithm ("SHA1");
474 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
476 return v.VerifySignature (this.Hash, this.Signature);
479 public bool VerifySignature (AsymmetricAlgorithm aa)
482 throw new ArgumentNullException ("aa");
485 return VerifySignature (aa as RSA);
487 return VerifySignature (aa as DSA);
489 throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ());
492 public bool CheckSignature (byte[] hash, string hashAlgorithm, byte[] signature)
494 RSACryptoServiceProvider r = (RSACryptoServiceProvider) RSA;
495 return r.VerifyHash (hash, hashAlgorithm, signature);
498 public bool IsSelfSigned {
500 if (m_issuername == m_subject)
501 return VerifySignature (RSA);
507 #if INSIDE_CORLIB || NET_2_0
508 protected X509Certificate (SerializationInfo info, StreamingContext context)
510 Parse ((byte[]) info.GetValue ("raw", typeof (byte[])));
513 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
514 public virtual void GetObjectData (SerializationInfo info, StreamingContext context)
516 info.AddValue ("raw", m_encodedcert);
517 // note: we NEVER serialize the private key