/ /
// X509Certificates.cs: Handles X.509 certificates.
/ /
// Author:
// Sebastien Pouliot <sebastien@xamarin.com>
/ /
// (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
// Copyright (C) 2004-2006 Novell, Inc (http://www.novell.com)
// Copyright 2013 Xamarin Inc. (http://www.xamarin.com)
/ /
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
//
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
/ /
using System ;
using System.Runtime.Serialization ;
using System.Security.Cryptography ;
using System.Security.Permissions ;
using System.Text ;
namespace MediaBrowser.Server.Mono.Security {
// References:
// a. Internet X.509 Public Key Infrastructure Certificate and CRL Profile
// http://www.ietf.org/rfc/rfc3280.txt
// b. ITU ASN.1 standards (free download)
// http://www.itu.int/ITU-T/studygroups/com17/languages/
public class X509Certificate : ISerializable
{
private ASN1 decoder ;
private byte [ ] m_encodedcert ;
private DateTime m_from ;
private DateTime m_until ;
private ASN1 issuer ;
private string m_issuername ;
private string m_keyalgo ;
private byte [ ] m_keyalgoparams ;
private ASN1 subject ;
private string m_subject ;
private byte [ ] m_publickey ;
private byte [ ] signature ;
private string m_signaturealgo ;
private byte [ ] m_signaturealgoparams ;
private byte [ ] certhash ;
private RSA _rsa ;
private DSA _dsa ;
// from http://msdn.microsoft.com/en-gb/library/ff635835.aspx
private const string OID_DSA = "1.2.840.10040.4.1" ;
private const string OID_RSA = "1.2.840.113549.1.1.1" ;
// from http://www.ietf.org/rfc/rfc2459.txt
/ /
//Certificate ::= SEQUENCE {
// tbsCertificate TBSCertificate,
// signatureAlgorithm AlgorithmIdentifier,
// signature BIT STRING }
/ /
//TBSCertificate ::= SEQUENCE {
// version [0] Version DEFAULT v1,
// serialNumber CertificateSerialNumber,
// signature AlgorithmIdentifier,
// issuer Name,
// validity Validity,
// subject Name,
// subjectPublicKeyInfo SubjectPublicKeyInfo,
// issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
// -- If present, version shall be v2 or v3
// subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
// -- If present, version shall be v2 or v3
// extensions [3] Extensions OPTIONAL
// -- If present, version shall be v3 -- }
private int version ;
private byte [ ] serialnumber ;
private byte [ ] issuerUniqueID ;
private byte [ ] subjectUniqueID ;
private X509ExtensionCollection extensions ;
private static string encoding_error = ( "Input data cannot be coded as a valid certificate." ) ;
// that's were the real job is!
private void Parse ( byte [ ] data )
{
try {
decoder = new ASN1 ( data ) ;
// Certificate
if ( decoder . Tag ! = 0x30 )
throw new CryptographicException ( encoding_error ) ;
// Certificate / TBSCertificate
if ( decoder [ 0 ] . Tag ! = 0x30 )
throw new CryptographicException ( encoding_error ) ;
ASN1 tbsCertificate = decoder [ 0 ] ;
int tbs = 0 ;
// Certificate / TBSCertificate / Version
ASN1 v = decoder [ 0 ] [ tbs ] ;
version = 1 ; // DEFAULT v1
if ( ( v . Tag = = 0xA0 ) & & ( v . Count > 0 ) ) {
// version (optional) is present only in v2+ certs
version + = v [ 0 ] . Value [ 0 ] ; // zero based
tbs + + ;
}
// Certificate / TBSCertificate / CertificateSerialNumber
ASN1 sn = decoder [ 0 ] [ tbs + + ] ;
if ( sn . Tag ! = 0x02 )
throw new CryptographicException ( encoding_error ) ;
serialnumber = sn . Value ;
Array . Reverse ( serialnumber , 0 , serialnumber . Length ) ;
// Certificate / TBSCertificate / AlgorithmIdentifier
tbs + + ;
// ASN1 signatureAlgo = tbsCertificate.Element (tbs++, 0x30);
issuer = tbsCertificate . Element ( tbs + + , 0x30 ) ;
m_issuername = X501 . ToString ( issuer ) ;
ASN1 validity = tbsCertificate . Element ( tbs + + , 0x30 ) ;
ASN1 notBefore = validity [ 0 ] ;
m_from = ASN1Convert . ToDateTime ( notBefore ) ;
ASN1 notAfter = validity [ 1 ] ;
m_until = ASN1Convert . ToDateTime ( notAfter ) ;
subject = tbsCertificate . Element ( tbs + + , 0x30 ) ;
m_subject = X501 . ToString ( subject ) ;
ASN1 subjectPublicKeyInfo = tbsCertificate . Element ( tbs + + , 0x30 ) ;
ASN1 algorithm = subjectPublicKeyInfo . Element ( 0 , 0x30 ) ;
ASN1 algo = algorithm . Element ( 0 , 0x06 ) ;
m_keyalgo = ASN1Convert . ToOid ( algo ) ;
// parameters ANY DEFINED BY algorithm OPTIONAL
// so we dont ask for a specific (Element) type and return DER
ASN1 parameters = algorithm [ 1 ] ;
m_keyalgoparams = ( ( algorithm . Count > 1 ) ? parameters . GetBytes ( ) : null ) ;
ASN1 subjectPublicKey = subjectPublicKeyInfo . Element ( 1 , 0x03 ) ;
// we must drop th first byte (which is the number of unused bits
// in the BITSTRING)
int n = subjectPublicKey . Length - 1 ;
m_publickey = new byte [ n ] ;
Buffer . BlockCopy ( subjectPublicKey . Value , 1 , m_publickey , 0 , n ) ;
// signature processing
byte [ ] bitstring = decoder [ 2 ] . Value ;
// first byte contains unused bits in first byte
signature = new byte [ bitstring . Length - 1 ] ;
Buffer . BlockCopy ( bitstring , 1 , signature , 0 , signature . Length ) ;
algorithm = decoder [ 1 ] ;
algo = algorithm . Element ( 0 , 0x06 ) ;
m_signaturealgo = ASN1Convert . ToOid ( algo ) ;
parameters = algorithm [ 1 ] ;
if ( parameters ! = null )
m_signaturealgoparams = parameters . GetBytes ( ) ;
else
m_signaturealgoparams = null ;
// Certificate / TBSCertificate / issuerUniqueID
ASN1 issuerUID = tbsCertificate . Element ( tbs , 0x81 ) ;
if ( issuerUID ! = null ) {
tbs + + ;
issuerUniqueID = issuerUID . Value ;
}
// Certificate / TBSCertificate / subjectUniqueID
ASN1 subjectUID = tbsCertificate . Element ( tbs , 0x82 ) ;
if ( subjectUID ! = null ) {
tbs + + ;
subjectUniqueID = subjectUID . Value ;
}
// Certificate / TBSCertificate / Extensions
ASN1 extns = tbsCertificate . Element ( tbs , 0xA3 ) ;
if ( ( extns ! = null ) & & ( extns . Count = = 1 ) )
extensions = new X509ExtensionCollection ( extns [ 0 ] ) ;
else
extensions = new X509ExtensionCollection ( null ) ;
// keep a copy of the original data
m_encodedcert = ( byte [ ] ) data . Clone ( ) ;
}
catch ( Exception ex ) {
throw new CryptographicException ( encoding_error , ex ) ;
}
}
// constructors
public X509Certificate ( byte [ ] data )
{
if ( data ! = null ) {
// does it looks like PEM ?
if ( ( data . Length > 0 ) & & ( data [ 0 ] ! = 0x30 ) ) {
try {
data = PEM ( "CERTIFICATE" , data ) ;
}
catch ( Exception ex ) {
throw new CryptographicException ( encoding_error , ex ) ;
}
}
Parse ( data ) ;
}
}
private byte [ ] GetUnsignedBigInteger ( byte [ ] integer )
{
if ( integer [ 0 ] = = 0x00 ) {
// this first byte is added so we're sure it's an unsigned integer
// however we can't feed it into RSAParameters or DSAParameters
int length = integer . Length - 1 ;
byte [ ] uinteger = new byte [ length ] ;
Buffer . BlockCopy ( integer , 1 , uinteger , 0 , length ) ;
return uinteger ;
}
else
return integer ;
}
// public methods
public DSA DSA {
get {
if ( m_keyalgoparams = = null )
throw new CryptographicException ( "Missing key algorithm parameters." ) ;
if ( _dsa = = null & & m_keyalgo = = OID_DSA ) {
DSAParameters dsaParams = new DSAParameters ( ) ;
// for DSA m_publickey contains 1 ASN.1 integer - Y
ASN1 pubkey = new ASN1 ( m_publickey ) ;
if ( ( pubkey = = null ) | | ( pubkey . Tag ! = 0x02 ) )
return null ;
dsaParams . Y = GetUnsignedBigInteger ( pubkey . Value ) ;
ASN1 param = new ASN1 ( m_keyalgoparams ) ;
if ( ( param = = null ) | | ( param . Tag ! = 0x30 ) | | ( param . Count < 3 ) )
return null ;
if ( ( param [ 0 ] . Tag ! = 0x02 ) | | ( param [ 1 ] . Tag ! = 0x02 ) | | ( param [ 2 ] . Tag ! = 0x02 ) )
return null ;
dsaParams . P = GetUnsignedBigInteger ( param [ 0 ] . Value ) ;
dsaParams . Q = GetUnsignedBigInteger ( param [ 1 ] . Value ) ;
dsaParams . G = GetUnsignedBigInteger ( param [ 2 ] . Value ) ;
// BUG: MS BCL 1.0 can't import a key which
// isn't the same size as the one present in
// the container.
_dsa = ( DSA ) new DSACryptoServiceProvider ( dsaParams . Y . Length < < 3 ) ;
_dsa . ImportParameters ( dsaParams ) ;
}
return _dsa ;
}
set {
_dsa = value ;
if ( value ! = null )
_rsa = null ;
}
}
public X509ExtensionCollection Extensions {
get { return extensions ; }
}
public byte [ ] Hash {
get {
if ( certhash = = null ) {
if ( ( decoder = = null ) | | ( decoder . Count < 1 ) )
return null ;
string algo = PKCS1 . HashNameFromOid ( m_signaturealgo , false ) ;
if ( algo = = null )
return null ;
byte [ ] toBeSigned = decoder [ 0 ] . GetBytes ( ) ;
using ( var hash = PKCS1 . CreateFromName ( algo ) )
certhash = hash . ComputeHash ( toBeSigned , 0 , toBeSigned . Length ) ;
}
return ( byte [ ] ) certhash . Clone ( ) ;
}
}
public virtual string IssuerName {
get { return m_issuername ; }
}
public virtual string KeyAlgorithm {
get { return m_keyalgo ; }
}
public virtual byte [ ] KeyAlgorithmParameters {
get {
if ( m_keyalgoparams = = null )
return null ;
return ( byte [ ] ) m_keyalgoparams . Clone ( ) ;
}
set { m_keyalgoparams = value ; }
}
public virtual byte [ ] PublicKey {
get {
if ( m_publickey = = null )
return null ;
return ( byte [ ] ) m_publickey . Clone ( ) ;
}
}
public virtual RSA RSA {
get {
if ( _rsa = = null & & m_keyalgo = = OID_RSA ) {
RSAParameters rsaParams = new RSAParameters ( ) ;
// for RSA m_publickey contains 2 ASN.1 integers
// the modulus and the public exponent
ASN1 pubkey = new ASN1 ( m_publickey ) ;
ASN1 modulus = pubkey [ 0 ] ;
if ( ( modulus = = null ) | | ( modulus . Tag ! = 0x02 ) )
return null ;
ASN1 exponent = pubkey [ 1 ] ;
if ( exponent . Tag ! = 0x02 )
return null ;
rsaParams . Modulus = GetUnsignedBigInteger ( modulus . Value ) ;
rsaParams . Exponent = exponent . Value ;
// BUG: MS BCL 1.0 can't import a key which
// isn't the same size as the one present in
// the container.
int keySize = ( rsaParams . Modulus . Length < < 3 ) ;
_rsa = ( RSA ) new RSACryptoServiceProvider ( keySize ) ;
_rsa . ImportParameters ( rsaParams ) ;
}
return _rsa ;
}
set {
if ( value ! = null )
_dsa = null ;
_rsa = value ;
}
}
public virtual byte [ ] RawData {
get {
if ( m_encodedcert = = null )
return null ;
return ( byte [ ] ) m_encodedcert . Clone ( ) ;
}
}
public virtual byte [ ] SerialNumber {
get {
if ( serialnumber = = null )
return null ;
return ( byte [ ] ) serialnumber . Clone ( ) ;
}
}
public virtual byte [ ] Signature {
get {
if ( signature = = null )
return null ;
switch ( m_signaturealgo ) {
case "1.2.840.113549.1.1.2" : // MD2 with RSA encryption
case "1.2.840.113549.1.1.3" : // MD4 with RSA encryption
case "1.2.840.113549.1.1.4" : // MD5 with RSA encryption
case "1.2.840.113549.1.1.5" : // SHA-1 with RSA Encryption
case "1.3.14.3.2.29" : // SHA1 with RSA signature
case "1.2.840.113549.1.1.11" : // SHA-256 with RSA Encryption
case "1.2.840.113549.1.1.12" : // SHA-384 with RSA Encryption
case "1.2.840.113549.1.1.13" : // SHA-512 with RSA Encryption
case "1.3.36.3.3.1.2" : // RIPEMD160 with RSA Encryption
return ( byte [ ] ) signature . Clone ( ) ;
case "1.2.840.10040.4.3" : // SHA-1 with DSA
ASN1 sign = new ASN1 ( signature ) ;
if ( ( sign = = null ) | | ( sign . Count ! = 2 ) )
return null ;
byte [ ] part1 = sign [ 0 ] . Value ;
byte [ ] part2 = sign [ 1 ] . Value ;
byte [ ] sig = new byte [ 40 ] ;
// parts may be less than 20 bytes (i.e. first bytes were 0x00)
// parts may be more than 20 bytes (i.e. first byte > 0x80, negative)
int s1 = System . Math . Max ( 0 , part1 . Length - 20 ) ;
int e1 = System . Math . Max ( 0 , 20 - part1 . Length ) ;
Buffer . BlockCopy ( part1 , s1 , sig , e1 , part1 . Length - s1 ) ;
int s2 = System . Math . Max ( 0 , part2 . Length - 20 ) ;
int e2 = System . Math . Max ( 20 , 40 - part2 . Length ) ;
Buffer . BlockCopy ( part2 , s2 , sig , e2 , part2 . Length - s2 ) ;
return sig ;
default :
throw new CryptographicException ( "Unsupported hash algorithm: " + m_signaturealgo ) ;
}
}
}
public virtual string SignatureAlgorithm {
get { return m_signaturealgo ; }
}
public virtual byte [ ] SignatureAlgorithmParameters {
get {
if ( m_signaturealgoparams = = null )
return m_signaturealgoparams ;
return ( byte [ ] ) m_signaturealgoparams . Clone ( ) ;
}
}
public virtual string SubjectName {
get { return m_subject ; }
}
public virtual DateTime ValidFrom {
get { return m_from ; }
}
public virtual DateTime ValidUntil {
get { return m_until ; }
}
public int Version {
get { return version ; }
}
public bool IsCurrent {
get { return WasCurrent ( DateTime . UtcNow ) ; }
}
public bool WasCurrent ( DateTime instant )
{
return ( ( instant > ValidFrom ) & & ( instant < = ValidUntil ) ) ;
}
// uncommon v2 "extension"
public byte [ ] IssuerUniqueIdentifier {
get {
if ( issuerUniqueID = = null )
return null ;
return ( byte [ ] ) issuerUniqueID . Clone ( ) ;
}
}
// uncommon v2 "extension"
public byte [ ] SubjectUniqueIdentifier {
get {
if ( subjectUniqueID = = null )
return null ;
return ( byte [ ] ) subjectUniqueID . Clone ( ) ;
}
}
internal bool VerifySignature ( DSA dsa )
{
// signatureOID is check by both this.Hash and this.Signature
DSASignatureDeformatter v = new DSASignatureDeformatter ( dsa ) ;
// only SHA-1 is supported
v . SetHashAlgorithm ( "SHA1" ) ;
return v . VerifySignature ( this . Hash , this . Signature ) ;
}
internal bool VerifySignature ( RSA rsa )
{
// SHA1-1 with DSA
if ( m_signaturealgo = = "1.2.840.10040.4.3" )
return false ;
RSAPKCS1SignatureDeformatter v = new RSAPKCS1SignatureDeformatter ( rsa ) ;
v . SetHashAlgorithm ( PKCS1 . HashNameFromOid ( m_signaturealgo ) ) ;
return v . VerifySignature ( this . Hash , this . Signature ) ;
}
public bool VerifySignature ( AsymmetricAlgorithm aa )
{
if ( aa = = null )
throw new ArgumentNullException ( "aa" ) ;
if ( aa is RSA )
return VerifySignature ( aa as RSA ) ;
else if ( aa is DSA )
return VerifySignature ( aa as DSA ) ;
else
throw new NotSupportedException ( "Unknown Asymmetric Algorithm " + aa . ToString ( ) ) ;
}
public bool CheckSignature ( byte [ ] hash , string hashAlgorithm , byte [ ] signature )
{
RSACryptoServiceProvider r = ( RSACryptoServiceProvider ) RSA ;
return r . VerifyHash ( hash , hashAlgorithm , signature ) ;
}
public bool IsSelfSigned {
get {
if ( m_issuername ! = m_subject )
return false ;
try {
if ( RSA ! = null )
return VerifySignature ( RSA ) ;
else if ( DSA ! = null )
return VerifySignature ( DSA ) ;
else
return false ; // e.g. a certificate with only DSA parameters
}
catch ( CryptographicException ) {
return false ;
}
}
}
public ASN1 GetIssuerName ( )
{
return issuer ;
}
public ASN1 GetSubjectName ( )
{
return subject ;
}
protected X509Certificate ( SerializationInfo info , StreamingContext context )
{
Parse ( ( byte [ ] ) info . GetValue ( "raw" , typeof ( byte [ ] ) ) ) ;
}
[SecurityPermission (SecurityAction.Demand, SerializationFormatter = true)]
public virtual void GetObjectData ( SerializationInfo info , StreamingContext context )
{
info . AddValue ( "raw" , m_encodedcert ) ;
// note: we NEVER serialize the private key
}
static byte [ ] PEM ( string type , byte [ ] data )
{
string pem = Encoding . ASCII . GetString ( data ) ;
string header = String . Format ( "-----BEGIN {0}-----" , type ) ;
string footer = String . Format ( "-----END {0}-----" , type ) ;
int start = pem . IndexOf ( header ) + header . Length ;
int end = pem . IndexOf ( footer , start ) ;
string base64 = pem . Substring ( start , ( end - start ) ) ;
return Convert . FromBase64String ( base64 ) ;
}
}
}
