search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge pull request #645 from knocte/nitpicks
[mono-project.git] / mcs / class / corlib / Mono.Security.X509 / X509Certificate.cs
blob5131e99d5253bb40d15a273b85719cb33e6195dd
1 //
2 // X509Certificates.cs: Handles X.509 certificates.
3 //
4 // Author:
5 // Sebastien Pouliot <sebastien@ximian.com>
6 //
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004-2006 Novell, Inc (http://www.novell.com)
9 //
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
17 //
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
20 //
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
28 //
29
30 using System;
31 using System.Runtime.Serialization;
32 using System.Security.Cryptography;
33 using SSCX = System.Security.Cryptography.X509Certificates;
34 using System.Security.Permissions;
35 using System.Text;
36
37 using Mono.Security.Cryptography;
38
39 namespace Mono.Security.X509 {
40
41 // References:
42 // a. Internet X.509 Public Key Infrastructure Certificate and CRL Profile
43 // http://www.ietf.org/rfc/rfc3280.txt
44 // b. ITU ASN.1 standards (free download)
45 // http://www.itu.int/ITU-T/studygroups/com17/languages/
46
47 #if INSIDE_CORLIB
48 internal class X509Certificate : ISerializable {
49 #else
50 public class X509Certificate : ISerializable {
51 #endif
52 const string encoding_error = "Input data cannot be coded as a valid certificate.";
53
54 private ASN1 decoder;
55
56 private byte[] m_encodedcert;
57 private DateTime m_from;
58 private DateTime m_until;
59 private ASN1 issuer;
60 private string m_issuername;
61 private string m_keyalgo;
62 private byte[] m_keyalgoparams;
63 private ASN1 subject;
64 private string m_subject;
65 private byte[] m_publickey;
66 private byte[] signature;
67 private string m_signaturealgo;
68 private byte[] m_signaturealgoparams;
69 private byte[] certhash;
70 private RSA _rsa;
71 private DSA _dsa;
72
73 // from http://www.ietf.org/rfc/rfc2459.txt
74 //
75 //Certificate ::= SEQUENCE {
76 // tbsCertificate TBSCertificate,
77 // signatureAlgorithm AlgorithmIdentifier,
78 // signature BIT STRING }
79 //
80 //TBSCertificate ::= SEQUENCE {
81 // version [0] Version DEFAULT v1,
82 // serialNumber CertificateSerialNumber,
83 // signature AlgorithmIdentifier,
84 // issuer Name,
85 // validity Validity,
86 // subject Name,
87 // subjectPublicKeyInfo SubjectPublicKeyInfo,
88 // issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
89 // -- If present, version shall be v2 or v3
90 // subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
91 // -- If present, version shall be v2 or v3
92 // extensions [3] Extensions OPTIONAL
93 // -- If present, version shall be v3 -- }
94 private int version;
95 private byte[] serialnumber;
96
97 private byte[] issuerUniqueID;
98 private byte[] subjectUniqueID;
99 private X509ExtensionCollection extensions;
100
101 // that's were the real job is!
102 private void Parse (byte[] data)
103 {
104 try {
105 decoder = new ASN1 (data);
106 // Certificate
107 if (decoder.Tag != 0x30)
108 throw new CryptographicException (encoding_error);
109 // Certificate / TBSCertificate
110 if (decoder [0].Tag != 0x30)
111 throw new CryptographicException (encoding_error);
112
113 ASN1 tbsCertificate = decoder [0];
114
115 int tbs = 0;
116 // Certificate / TBSCertificate / Version
117 ASN1 v = decoder [0][tbs];
118 version = 1; // DEFAULT v1
119 if ((v.Tag == 0xA0) && (v.Count > 0)) {
120 // version (optional) is present only in v2+ certs
121 version += v [0].Value [0]; // zero based
122 tbs++;
123 }
124
125 // Certificate / TBSCertificate / CertificateSerialNumber
126 ASN1 sn = decoder [0][tbs++];
127 if (sn.Tag != 0x02)
128 throw new CryptographicException (encoding_error);
129 serialnumber = sn.Value;
130 Array.Reverse (serialnumber, 0, serialnumber.Length);
131
132 // Certificate / TBSCertificate / AlgorithmIdentifier
133 tbs++;
134 // ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
135
136 issuer = tbsCertificate.Element (tbs++, 0x30);
137 m_issuername = X501.ToString (issuer);
138
139 ASN1 validity = tbsCertificate.Element (tbs++, 0x30);
140 ASN1 notBefore = validity [0];
141 m_from = ASN1Convert.ToDateTime (notBefore);
142 ASN1 notAfter = validity [1];
143 m_until = ASN1Convert.ToDateTime (notAfter);
144
145 subject = tbsCertificate.Element (tbs++, 0x30);
146 m_subject = X501.ToString (subject);
147
148 ASN1 subjectPublicKeyInfo = tbsCertificate.Element (tbs++, 0x30);
149
150 ASN1 algorithm = subjectPublicKeyInfo.Element (0, 0x30);
151 ASN1 algo = algorithm.Element (0, 0x06);
152 m_keyalgo = ASN1Convert.ToOid (algo);
153 // parameters ANY DEFINED BY algorithm OPTIONAL
154 // so we dont ask for a specific (Element) type and return DER
155 ASN1 parameters = algorithm [1];
156 m_keyalgoparams = ((algorithm.Count > 1) ? parameters.GetBytes () : null);
157
158 ASN1 subjectPublicKey = subjectPublicKeyInfo.Element (1, 0x03);
159 // we must drop th first byte (which is the number of unused bits
160 // in the BITSTRING)
161 int n = subjectPublicKey.Length - 1;
162 m_publickey = new byte [n];
163 Buffer.BlockCopy (subjectPublicKey.Value, 1, m_publickey, 0, n);
164
165 // signature processing
166 byte[] bitstring = decoder [2].Value;
167 // first byte contains unused bits in first byte
168 signature = new byte [bitstring.Length - 1];
169 Buffer.BlockCopy (bitstring, 1, signature, 0, signature.Length);
170
171 algorithm = decoder [1];
172 algo = algorithm.Element (0, 0x06);
173 m_signaturealgo = ASN1Convert.ToOid (algo);
174 parameters = algorithm [1];
175 if (parameters != null)
176 m_signaturealgoparams = parameters.GetBytes ();
177 else
178 m_signaturealgoparams = null;
179
180 // Certificate / TBSCertificate / issuerUniqueID
181 ASN1 issuerUID = tbsCertificate.Element (tbs, 0x81);
182 if (issuerUID != null) {
183 tbs++;
184 issuerUniqueID = issuerUID.Value;
185 }
186
187 // Certificate / TBSCertificate / subjectUniqueID
188 ASN1 subjectUID = tbsCertificate.Element (tbs, 0x82);
189 if (subjectUID != null) {
190 tbs++;
191 subjectUniqueID = subjectUID.Value;
192 }
193
194 // Certificate / TBSCertificate / Extensions
195 ASN1 extns = tbsCertificate.Element (tbs, 0xA3);
196 if ((extns != null) && (extns.Count == 1))
197 extensions = new X509ExtensionCollection (extns [0]);
198 else
199 extensions = new X509ExtensionCollection (null);
200
201 // keep a copy of the original data
202 m_encodedcert = (byte[]) data.Clone ();
203 }
204 catch (Exception ex) {
205 throw new CryptographicException (encoding_error, ex);
206 }
207 }
208
209 // constructors
210
211 public X509Certificate (byte[] data)
212 {
213 if (data != null) {
214 // does it looks like PEM ?
215 if ((data.Length > 0) && (data [0] != 0x30)) {
216 try {
217 data = PEM ("CERTIFICATE", data);
218 }
219 catch (Exception ex) {
220 throw new CryptographicException (encoding_error, ex);
221 }
222 }
223 Parse (data);
224 }
225 }
226
227 private byte[] GetUnsignedBigInteger (byte[] integer)
228 {
229 if (integer [0] == 0x00) {
230 // this first byte is added so we're sure it's an unsigned integer
231 // however we can't feed it into RSAParameters or DSAParameters
232 int length = integer.Length - 1;
233 byte[] uinteger = new byte [length];
234 Buffer.BlockCopy (integer, 1, uinteger, 0, length);
235 return uinteger;
236 }
237 else
238 return integer;
239 }
240
241 // public methods
242
243 public DSA DSA {
244 get {
245 if (m_keyalgoparams == null)
246 throw new CryptographicException ("Missing key algorithm parameters.");
247
248 if (_dsa == null) {
249 DSAParameters dsaParams = new DSAParameters ();
250 // for DSA m_publickey contains 1 ASN.1 integer - Y
251 ASN1 pubkey = new ASN1 (m_publickey);
252 if ((pubkey == null) || (pubkey.Tag != 0x02))
253 return null;
254 dsaParams.Y = GetUnsignedBigInteger (pubkey.Value);
255
256 ASN1 param = new ASN1 (m_keyalgoparams);
257 if ((param == null) || (param.Tag != 0x30) || (param.Count < 3))
258 return null;
259 if ((param [0].Tag != 0x02) || (param [1].Tag != 0x02) || (param [2].Tag != 0x02))
260 return null;
261 dsaParams.P = GetUnsignedBigInteger (param [0].Value);
262 dsaParams.Q = GetUnsignedBigInteger (param [1].Value);
263 dsaParams.G = GetUnsignedBigInteger (param [2].Value);
264
265 // BUG: MS BCL 1.0 can't import a key which
266 // isn't the same size as the one present in
267 // the container.
268 _dsa = (DSA) new DSACryptoServiceProvider (dsaParams.Y.Length << 3);
269 _dsa.ImportParameters (dsaParams);
270 }
271 return _dsa;
272 }
273
274 set {
275 _dsa = value;
276 if (value != null)
277 _rsa = null;
278 }
279 }
280
281 public X509ExtensionCollection Extensions {
282 get { return extensions; }
283 }
284
285 public byte[] Hash {
286 get {
287 if (certhash == null) {
288 HashAlgorithm hash = null;
289 switch (m_signaturealgo) {
290 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
291 // maybe someone installed MD2 ?
292 #if INSIDE_CORLIB
293 hash = HashAlgorithm.Create ("MD2");
294 #else
295 hash = Mono.Security.Cryptography.MD2.Create ();
296 #endif
297 break;
298 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
299 hash = MD5.Create ();
300 break;
301 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
302 case "1.3.14.3.2.29": // SHA1 with RSA signature
303 case "1.2.840.10040.4.3": // SHA1-1 with DSA
304 hash = SHA1.Create ();
305 break;
306 default:
307 return null;
308 }
309 if ((decoder == null) || (decoder.Count < 1))
310 return null;
311 byte[] toBeSigned = decoder [0].GetBytes ();
312 certhash = hash.ComputeHash (toBeSigned, 0, toBeSigned.Length);
313 }
314 return (byte[]) certhash.Clone ();
315 }
316 }
317
318 public virtual string IssuerName {
319 get { return m_issuername; }
320 }
321
322 public virtual string KeyAlgorithm {
323 get { return m_keyalgo; }
324 }
325
326 public virtual byte[] KeyAlgorithmParameters {
327 get {
328 if (m_keyalgoparams == null)
329 return null;
330 return (byte[]) m_keyalgoparams.Clone ();
331 }
332 set { m_keyalgoparams = value; }
333 }
334
335 public virtual byte[] PublicKey {
336 get {
337 if (m_publickey == null)
338 return null;
339 return (byte[]) m_publickey.Clone ();
340 }
341 }
342
343 public virtual RSA RSA {
344 get {
345 if (_rsa == null) {
346 RSAParameters rsaParams = new RSAParameters ();
347 // for RSA m_publickey contains 2 ASN.1 integers
348 // the modulus and the public exponent
349 ASN1 pubkey = new ASN1 (m_publickey);
350 ASN1 modulus = pubkey [0];
351 if ((modulus == null) || (modulus.Tag != 0x02))
352 return null;
353 ASN1 exponent = pubkey [1];
354 if (exponent.Tag != 0x02)
355 return null;
356
357 rsaParams.Modulus = GetUnsignedBigInteger (modulus.Value);
358 rsaParams.Exponent = exponent.Value;
359
360 // BUG: MS BCL 1.0 can't import a key which
361 // isn't the same size as the one present in
362 // the container.
363 int keySize = (rsaParams.Modulus.Length << 3);
364 _rsa = (RSA) new RSACryptoServiceProvider (keySize);
365 _rsa.ImportParameters (rsaParams);
366 }
367 return _rsa;
368 }
369
370 set {
371 if (value != null)
372 _dsa = null;
373 _rsa = value;
374 }
375 }
376
377 public virtual byte[] RawData {
378 get {
379 if (m_encodedcert == null)
380 return null;
381 return (byte[]) m_encodedcert.Clone ();
382 }
383 }
384
385 public virtual byte[] SerialNumber {
386 get {
387 if (serialnumber == null)
388 return null;
389 return (byte[]) serialnumber.Clone ();
390 }
391 }
392
393 public virtual byte[] Signature {
394 get {
395 if (signature == null)
396 return null;
397
398 switch (m_signaturealgo) {
399 case "1.2.840.113549.1.1.2": // MD2 with RSA encryption
400 case "1.2.840.113549.1.1.4": // MD5 with RSA encryption
401 case "1.2.840.113549.1.1.5": // SHA-1 with RSA Encryption
402 case "1.3.14.3.2.29": // SHA1 with RSA signature
403 return (byte[]) signature.Clone ();
404
405 case "1.2.840.10040.4.3": // SHA-1 with DSA
406 ASN1 sign = new ASN1 (signature);
407 if ((sign == null) || (sign.Count != 2))
408 return null;
409 byte[] part1 = sign [0].Value;
410 byte[] part2 = sign [1].Value;
411 byte[] sig = new byte [40];
412 // parts may be less than 20 bytes (i.e. first bytes were 0x00)
413 // parts may be more than 20 bytes (i.e. first byte > 0x80, negative)
414 int s1 = System.Math.Max (0, part1.Length - 20);
415 int e1 = System.Math.Max (0, 20 - part1.Length);
416 Buffer.BlockCopy (part1, s1, sig, e1, part1.Length - s1);
417 int s2 = System.Math.Max (0, part2.Length - 20);
418 int e2 = System.Math.Max (20, 40 - part2.Length);
419 Buffer.BlockCopy (part2, s2, sig, e2, part2.Length - s2);
420 return sig;
421
422 default:
423 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
424 }
425 }
426 }
427
428 public virtual string SignatureAlgorithm {
429 get { return m_signaturealgo; }
430 }
431
432 public virtual byte[] SignatureAlgorithmParameters {
433 get {
434 if (m_signaturealgoparams == null)
435 return m_signaturealgoparams;
436 return (byte[]) m_signaturealgoparams.Clone ();
437 }
438 }
439
440 public virtual string SubjectName {
441 get { return m_subject; }
442 }
443
444 public virtual DateTime ValidFrom {
445 get { return m_from; }
446 }
447
448 public virtual DateTime ValidUntil {
449 get { return m_until; }
450 }
451
452 public int Version {
453 get { return version; }
454 }
455
456 public bool IsCurrent {
457 get { return WasCurrent (DateTime.UtcNow); }
458 }
459
460 public bool WasCurrent (DateTime instant)
461 {
462 return ((instant > ValidFrom) && (instant <= ValidUntil));
463 }
464
465 // uncommon v2 "extension"
466 public byte[] IssuerUniqueIdentifier {
467 get {
468 if (issuerUniqueID == null)
469 return null;
470 return (byte[]) issuerUniqueID.Clone ();
471 }
472 }
473
474 // uncommon v2 "extension"
475 public byte[] SubjectUniqueIdentifier {
476 get {
477 if (subjectUniqueID == null)
478 return null;
479 return (byte[]) subjectUniqueID.Clone ();
480 }
481 }
482
483 internal bool VerifySignature (DSA dsa)
484 {
485 // signatureOID is check by both this.Hash and this.Signature
486 DSASignatureDeformatter v = new DSASignatureDeformatter (dsa);
487 // only SHA-1 is supported
488 v.SetHashAlgorithm ("SHA1");
489 return v.VerifySignature (this.Hash, this.Signature);
490 }
491
492 internal string GetHashNameFromOID (string oid)
493 {
494 switch (oid) {
495 // MD2 with RSA encryption
496 case "1.2.840.113549.1.1.2":
497 // maybe someone installed MD2 ?
498 return "MD2";
499 // MD5 with RSA encryption
500 case "1.2.840.113549.1.1.4":
501 return "MD5";
502 // SHA-1 with RSA Encryption
503 case "1.2.840.113549.1.1.5":
504 case "1.3.14.3.2.29":
505 return "SHA1";
506 default:
507 return null;
508 }
509 }
510
511 internal bool VerifySignature (RSA rsa)
512 {
513 RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter (rsa);
514 string hashName = GetHashNameFromOID (m_signaturealgo);
515 if (hashName == null)
516 throw new CryptographicException ("Unsupported hash algorithm: " + m_signaturealgo);
517
518 v.SetHashAlgorithm (hashName);
519 return v.VerifySignature (this.Hash, this.Signature);
520 }
521
522 public bool VerifySignature (AsymmetricAlgorithm aa)
523 {
524 if (aa == null)
525 throw new ArgumentNullException ("aa");
526
527 if (aa is RSA)
528 return VerifySignature (aa as RSA);
529 else if (aa is DSA)
530 return VerifySignature (aa as DSA);
531 else
532 throw new NotSupportedException ("Unknown Asymmetric Algorithm " + aa.ToString ());
533 }
534
535 public bool CheckSignature (byte[] hash, string hashAlgorithm, byte[] signature)
536 {
537 RSACryptoServiceProvider r = (RSACryptoServiceProvider) RSA;
538 return r.VerifyHash (hash, hashAlgorithm, signature);
539 }
540
541 public bool IsSelfSigned {
542 get {
543 if (m_issuername == m_subject)
544 return VerifySignature (RSA);
545 else
546 return false;
547 }
548 }
549
550 public ASN1 GetIssuerName ()
551 {
552 return issuer;
553 }
554
555 public ASN1 GetSubjectName ()
556 {
557 return subject;
558 }
559
560 protected X509Certificate (SerializationInfo info, StreamingContext context)
561 {
562 Parse ((byte[]) info.GetValue ("raw", typeof (byte[])));
563 }
564
565 [SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
566 public virtual void GetObjectData (SerializationInfo info, StreamingContext context)
567 {
568 info.AddValue ("raw", m_encodedcert);
569 // note: we NEVER serialize the private key
570 }
571
572 static byte[] PEM (string type, byte[] data)
573 {
574 string pem = Encoding.ASCII.GetString (data);
575 string header = String.Format ("-----BEGIN {0}-----", type);
576 string footer = String.Format ("-----END {0}-----", type);
577 int start = pem.IndexOf (header) + header.Length;
578 int end = pem.IndexOf (footer, start);
579 string base64 = pem.Substring (start, (end - start));
580 return Convert.FromBase64String (base64);
581 }
582 }
583 }
Mirror of the official Mono project git repository