2 // System.Security.Cryptography.X509Certificate2 class
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2006 Novell Inc. (http://www.novell.com)
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 #if MONO_SECURITY_ALIAS
33 extern alias MonoSecurity;
34 using MonoSecurity::Mono.Security;
35 using MonoSecurity::Mono.Security.Cryptography;
36 using MX = MonoSecurity::Mono.Security.X509;
39 using Mono.Security.Cryptography;
40 using MX = Mono.Security.X509;
47 using System.Collections;
48 using System.Runtime.Serialization;
50 namespace System.Security.Cryptography.X509Certificates {
53 public class X509Certificate2 : X509Certificate {
56 // Used in Mono.Security HttpsClientStream
57 public X509Certificate2 (byte[] rawData)
62 new internal X509Certificate2Impl Impl {
64 var impl2 = base.Impl as X509Certificate2Impl;
65 X509Helper2.ThrowIfContextInvalid (impl2);
70 string friendlyName = string.Empty;
74 public X509Certificate2 ()
78 public X509Certificate2 (byte[] rawData)
80 Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
83 public X509Certificate2 (byte[] rawData, string password)
85 Import (rawData, password, X509KeyStorageFlags.DefaultKeySet);
88 public X509Certificate2 (byte[] rawData, SecureString password)
90 Import (rawData, password, X509KeyStorageFlags.DefaultKeySet);
93 public X509Certificate2 (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
95 Import (rawData, password, keyStorageFlags);
98 public X509Certificate2 (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
100 Import (rawData, password, keyStorageFlags);
103 public X509Certificate2 (string fileName)
105 Import (fileName, String.Empty, X509KeyStorageFlags.DefaultKeySet);
108 public X509Certificate2 (string fileName, string password)
110 Import (fileName, password, X509KeyStorageFlags.DefaultKeySet);
113 public X509Certificate2 (string fileName, SecureString password)
115 Import (fileName, password, X509KeyStorageFlags.DefaultKeySet);
118 public X509Certificate2 (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
120 Import (fileName, password, keyStorageFlags);
123 public X509Certificate2 (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
125 Import (fileName, password, keyStorageFlags);
128 public X509Certificate2 (IntPtr handle) : base (handle)
130 throw new NotImplementedException ();
133 public X509Certificate2 (X509Certificate certificate)
134 : base (X509Helper2.Import (certificate))
138 protected X509Certificate2 (SerializationInfo info, StreamingContext context) : base (info, context)
142 internal X509Certificate2 (X509Certificate2Impl impl)
149 public bool Archived {
150 get { return Impl.Archived; }
151 set { Impl.Archived = true; }
154 public X509ExtensionCollection Extensions {
155 get { return Impl.Extensions; }
158 public string FriendlyName {
160 ThrowIfContextInvalid ();
164 ThrowIfContextInvalid ();
165 friendlyName = value;
169 public bool HasPrivateKey {
170 get { return Impl.HasPrivateKey; }
173 public X500DistinguishedName IssuerName {
174 get { return Impl.IssuerName; }
177 public DateTime NotAfter {
178 get { return Impl.GetValidUntil ().ToLocalTime (); }
181 public DateTime NotBefore {
182 get { return Impl.GetValidFrom ().ToLocalTime (); }
185 public AsymmetricAlgorithm PrivateKey {
186 get { return Impl.PrivateKey; }
187 set { Impl.PrivateKey = value; }
190 public PublicKey PublicKey {
191 get { return Impl.PublicKey; }
194 public byte[] RawData {
195 get { return GetRawCertData (); }
198 public string SerialNumber {
199 get { return GetSerialNumberString (); }
202 public Oid SignatureAlgorithm {
203 get { return Impl.SignatureAlgorithm; }
206 public X500DistinguishedName SubjectName {
207 get { return Impl.SubjectName; }
210 public string Thumbprint {
211 get { return GetCertHashString (); }
215 get { return Impl.Version; }
220 [MonoTODO ("always return String.Empty for UpnName, DnsFromAlternativeName and UrlName")]
221 public string GetNameInfo (X509NameType nameType, bool forIssuer)
223 return Impl.GetNameInfo (nameType, forIssuer);
226 public override void Import (byte[] rawData)
228 Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
231 [MonoTODO ("missing KeyStorageFlags support")]
232 public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
234 var impl = X509Helper2.Import (rawData, password, keyStorageFlags);
238 [MonoTODO ("SecureString is incomplete")]
239 public override void Import (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
241 Import (rawData, (string) null, keyStorageFlags);
244 public override void Import (string fileName)
246 byte[] rawData = File.ReadAllBytes (fileName);
247 Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
250 [MonoTODO ("missing KeyStorageFlags support")]
251 public override void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
253 byte[] rawData = File.ReadAllBytes (fileName);
254 Import (rawData, password, keyStorageFlags);
257 [MonoTODO ("SecureString is incomplete")]
258 public override void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
260 byte[] rawData = File.ReadAllBytes (fileName);
261 Import (rawData, (string)null, keyStorageFlags);
264 [MonoTODO ("X509ContentType.SerializedCert is not supported")]
265 public override byte[] Export (X509ContentType contentType, string password)
267 return Impl.Export (contentType, password);
270 public override void Reset ()
272 friendlyName = string.Empty;
276 public override string ToString ()
279 return "System.Security.Cryptography.X509Certificates.X509Certificate2";
280 return base.ToString (true);
283 public override string ToString (bool verbose)
286 return "System.Security.Cryptography.X509Certificates.X509Certificate2";
288 // the non-verbose X509Certificate2 == verbose X509Certificate
290 return base.ToString (true);
292 string nl = Environment.NewLine;
293 StringBuilder sb = new StringBuilder ();
294 sb.AppendFormat ("[Version]{0} V{1}{0}{0}", nl, Version);
295 sb.AppendFormat ("[Subject]{0} {1}{0}{0}", nl, Subject);
296 sb.AppendFormat ("[Issuer]{0} {1}{0}{0}", nl, Issuer);
297 sb.AppendFormat ("[Serial Number]{0} {1}{0}{0}", nl, SerialNumber);
298 sb.AppendFormat ("[Not Before]{0} {1}{0}{0}", nl, NotBefore);
299 sb.AppendFormat ("[Not After]{0} {1}{0}{0}", nl, NotAfter);
300 sb.AppendFormat ("[Thumbprint]{0} {1}{0}{0}", nl, Thumbprint);
301 sb.AppendFormat ("[Signature Algorithm]{0} {1}({2}){0}{0}", nl, SignatureAlgorithm.FriendlyName,
302 SignatureAlgorithm.Value);
304 AsymmetricAlgorithm key = PublicKey.Key;
305 sb.AppendFormat ("[Public Key]{0} Algorithm: ", nl);
311 sb.Append (key.ToString ());
312 sb.AppendFormat ("{0} Length: {1}{0} Key Blob: ", nl, key.KeySize);
313 AppendBuffer (sb, PublicKey.EncodedKeyValue.RawData);
314 sb.AppendFormat ("{0} Parameters: ", nl);
315 AppendBuffer (sb, PublicKey.EncodedParameters.RawData);
318 return sb.ToString ();
321 private static void AppendBuffer (StringBuilder sb, byte[] buffer)
325 for (int i=0; i < buffer.Length; i++) {
326 sb.Append (buffer [i].ToString ("x2"));
327 if (i < buffer.Length - 1)
332 [MonoTODO ("by default this depends on the incomplete X509Chain")]
333 public bool Verify ()
335 return Impl.Verify (this);
340 private static byte[] signedData = new byte[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02 };
342 [MonoTODO ("Detection limited to Cert, Pfx, Pkcs12, Pkcs7 and Unknown")]
343 public static X509ContentType GetCertContentType (byte[] rawData)
345 if ((rawData == null) || (rawData.Length == 0))
346 throw new ArgumentException ("rawData");
348 X509ContentType type = X509ContentType.Unknown;
350 ASN1 data = new ASN1 (rawData);
351 if (data.Tag != 0x30) {
352 string msg = Locale.GetText ("Unable to decode certificate.");
353 throw new CryptographicException (msg);
359 if (data.Count == 3) {
360 switch (data [0].Tag) {
362 // SEQUENCE / SEQUENCE / BITSTRING
363 if ((data [1].Tag == 0x30) && (data [2].Tag == 0x03))
364 type = X509ContentType.Cert;
367 // INTEGER / SEQUENCE / SEQUENCE
368 if ((data [1].Tag == 0x30) && (data [2].Tag == 0x30))
369 type = X509ContentType.Pkcs12;
370 // note: Pfx == Pkcs12
374 // check for PKCS#7 (count unknown but greater than 0)
375 // SEQUENCE / OID (signedData)
376 if ((data [0].Tag == 0x06) && data [0].CompareValue (signedData))
377 type = X509ContentType.Pkcs7;
379 catch (Exception e) {
380 string msg = Locale.GetText ("Unable to decode certificate.");
381 throw new CryptographicException (msg, e);
387 [MonoTODO ("Detection limited to Cert, Pfx, Pkcs12 and Unknown")]
388 public static X509ContentType GetCertContentType (string fileName)
390 if (fileName == null)
391 throw new ArgumentNullException ("fileName");
392 if (fileName.Length == 0)
393 throw new ArgumentException ("fileName");
395 byte[] data = File.ReadAllBytes (fileName);
396 return GetCertContentType (data);
399 // internal stuff because X509Certificate2 isn't complete enough
400 // (maybe X509Certificate3 will be better?)
403 internal MX.X509Certificate MonoCertificate {
405 var monoImpl = Impl as X509Certificate2ImplMono;
406 if (monoImpl == null)
407 throw new NotSupportedException ();
408 return monoImpl.MonoCertificate;
413 // HACK - this ensure the type X509Certificate2 and PrivateKey property exists in the build before
414 // Mono.Security.dll is built. This is required to get working client certificate in SSL/TLS
415 public AsymmetricAlgorithm PrivateKey {