2005-09-26 Sebastien Pouliot <sebastien@ximian.com>

	* All classes, except X509CertificateCollection, moved from 
	System.Security.dll assembly as part of 2.0 RC changes.

2005-04-27  Sebastien Pouliot  <sebastien@ximian.com>

	* X509BasicConstraintsExtension.cs: Now throw ArgumentNullException in 
	CopyFrom (fixed in beta2).
	* X509CertificateEx.cs: Throw a CryptographicException in the RawData
	property if no certificate is loaded in the instance.
	* X509EnhancedKeyUsageExtension.cs: Now throw ArgumentNullException in 
	CopyFrom (fixed in beta2).
	* X509Extension.cs: Now throw ArgumentNullException in CopyFrom (fixed
	in beta2).
	* X509KeyUsageExtension.cs: Now throw ArgumentNullException in 
	CopyFrom (fixed in beta2).
	* X509Store.cs: Re-added certificate creation to get the exception.
	* X509SubjectKeyIdentifierExtension.cs: Throw ArgumentNullException in
	CopyFrom (fixed in beta2). Fix SubjectKeyIdentifier to return an empty
	string (not null) after (unsucessful) decoding.

2005-04-26  Sebastien Pouliot  <sebastien@ximian.com>

	* X509CertificateEx.cs: Used new features from Mono.Security.dll to 
	load certificates and private keys from PKCS#12.

2005-04-24  Sebastien Pouliot  <sebastien@ximian.com>

	* X509CertificateEx.cs: Added new constructors and Import methods that
	accept SecureString for passwords. Added new property HasPrivateKey and
	Verify method.
	* X509CertificateExCollection.cs: Added new constructor that accept a
	single X509Certificate2.
	* X509EnhancedKeyUsageExtension.cs: Fixed compiler warnings.
	* X509KeyUsageExtension.cs: Fixed new enum name for CrlSign. 
	* X509KeyUsageFlags.cs: Fixed values and removed [Serializable].
	* X509NameType.cs: Fixed values and removed [Serializable].
	* X509Store.cs: Added new constructor that accept an IntPtr and the 
	StoreHandle property. Fixed compiler warnings.

2005-04-23  Sebastien Pouliot  <sebastien@ximian.com>

	* X509CertificateEx.cs, X509CertificateExCollection.cs, 
	X509CertificateExEnumerator.cs, X509Chain.cs, X509ChainElement.cs,
	X509ChainPolicy.cs, X509Store.cs: Changed all references of
	X509CertificateEx to X509Certificate2 to match beta2.

2005-01-17  Sebastien Pouliot  <sebastien@ximian.com>

	* X509BasicConstraintsExtension.cs: Completed implementation.
	* X509Chain.cs: Updated to Dec CTP definitions.
	* X509ChainPolicy.cs: Updated to Dec CTP definitions.
	* X500DistinguishedNameFlags.cs: Added new ForceUTF8Encoding.
	* X509EnhancedKeyUsageExtension.cs: New. Complete implementation.
	* X509Extension.cs: Completed implementation.
	* X509ExtensionCollection.cs: Updated to Dec CTP definitions.
	* X509KeyUsageExtension.cs: Completed implementation.
	* X509RevocationFlag.cs: Minus 1 on each member.
	* X509SubjectKeyIdentifierExtension.cs: Completed implementation 
	except for the new constructor accepting a public key.
	* X509SubjectKeyIdentifierHashAlgorithm.cs: New enum.

2004-09-03  Tim Coleman <tim@timcoleman.com>
	* X509KeyUsageExtension.cs: New stub class
	* X509SubjectKeyIdentifierExtension.cs: New stub class
	* PublicKey.cs X509BasicConstraintsExtension.cs X509CertificateEx.cs
	* X509CertificateExCollection.cs X509Extension.cs
	* X509ExtensionCollection.cs:
		Bring these more in line with 2.0

2004-07-08  Sebastien Pouliot  <sebastien@ximian.com>

	* OpenFlags.cs: Fixed flags values. Added missing attributes.
	* StoreLocation.cs: Fixed enum values. Added missing [Serializable].
	* StoreName.cs: Fixed enum values. Added missing [Serializable].
	* X500DistinguishedName.cs: New. X.501 DN.
	* X500DistinguishedNameFlags.cs: New. X.501 DN flags.
	* X509CertificateEx.cs: Updated to Fx 2.0 beta 1. Added MonoTODO.
	* X509Chain.cs: Added missing Reset method.
	* X509ChainStatusFlags.cs: Fixed flags values. Added missing attrs.
	* X509Extension.cs: Fixed API.
	* X509ExtensionCollection.cs: Fixed API and implemented.
	* X509FindType.cs: Fixed enum values. Added missing [Serializable].
	* X509IncludeOption.cs: Added missing [Serializable].
	* X509KeyUsageFlags.cs: : Fixed flags values. Added missing attrs.
	* X509NameType.cs: Fixed enum values. Added missing [Serializable].
	* X509RevocationFlag.cs: Fixed enum values. Added missing [Serializable].
	* X509RevocationMode.cs: Added missing [Serializable].
	* X509SelectionFlag.cs: Added missing [Serializable].
	* X509VerificationFlags.cs: Fixed flags values. Added missing attrs.

2004-07-07  Sebastien Pouliot  <sebastien@ximian.com>

	* X509Store.cs: Removed old store code (as it has changed a lot in 
	Mono.Security).

2003-12-07  Sebastien Pouliot  <spouliot@videotron.ca>

	* PublicKey.cs: New (1.2). Class that encapsulate an ASN.1 encoded 
	public key. 
	* X509BasicConstraintsExtension.cs: New (1.2). X.509 certification 
	extension for BasicConstraints.
	* X509CertificateEx.cs: New (1.2). Augmented class to use X.509 
	certificates.
	* X509CertificateExCollection.cs: New (1.2). Collection class for 
	X509CertificateEx.
	* X509CertificateExEnumerator.cs: New (1.2). Enumerator class for 
	X509CertificateEx.
	* X509ChainElement.cs: New (1.2). Information (certificate, status, 
	informations) for a member of a certificate chain.
	* X509ChainElementCollection.cs: New (1.2). Collection class for 
	X509ChainElement.
	* X509ChainElementEnumerator.cs: New (1.2). Enumerator class for 
	X509ChainElement.
	* X509ChainStatus.cs: New (1.2). Chain status (many can apply to a 
	single X509ChainElement).
	* X509Extension.cs: New (1.2). Base class for all certificate 
	extensions.
	* X509ExtensionCollection.cs: New (1.2). Collection class for 
	X509Extension.
	* X509ExtensionEnumerator.cs: New (1.2). Enumerator class for 
	X509Extension.

2003-11-08  Sebastien Pouliot  <spouliot@videotron.ca>

	* OpenFlags.cs: New (1.2). Enumeration for certificate stores.
	* StoreLocation.cs: New (1.2). Enumeration for certificate stores.
	* StoreName.cs: New (1.2). Enumeration for certificate stores.
	* X509Chain.cs: New (1.2). Class to build a certificate chain up to a 
	trusted anchor.
	* X509ChainElement.cs: New (1.2). Element from the chain (certificate,
	status and information) - only stubbed for now.
	* X509ChainElementCollection.cs: New (1.2). Collection class for 
	X509ChainElement.
	* X509ChainElementEnumerator.cs: New (1.2). Enumerator class for 
	X509ChainElement.
	* X509ChainPolicy.cs: New (1.2). Policy to build a certificate chain.
	* X509ChainStatusFlags.cs: New (1.2). Enumeration for chain status.
	* X509FindType.cs: New (1.2). Enumeration for how to find X.509 
	certificates in stores.
	* X509IncludeOption.cs: New (1.2). Enumeration for options about which
	certificate(s) to store within a (pkcs7) structure.
	* X509KeyUsageFlags.cs: New (1.2). Enumeration for specifying valid 
	usage for a keypair.
	* X509NameType.cs: New (1.2). Enumeration for different types of name
	that can be present inside a certificate.
	* X509RevocationFlag.cs: New (1.2). Enumeration for specifying which
	certificates should be verified for revocation in a chain.
	* X509RevocationMode.cs: New (1.2). Enumeration for specifying how the
	revocation process should find it's informations.
	* X509SelectionFlag.cs: New (1.2). Enumeration about how to select 
	certificates (ui-related).
	* X509Store.cs: New (1.2). X.509 certificate store access - not complete.
	* X509VerificationFlags.cs: New (1.2). Enumeration for parameters 
	affecting the verification of a certificate chain.


svn path=/trunk/mcs/; revision=50767

34 files changed, 3548 insertions, 1 deletions

diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog b/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog
index 4965f14a9cc..58441abdf2a 100644
--- a/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog
@@ -1,9 +1,166 @@
+2005-09-26  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* All classes, except X509CertificateCollection, moved from 
+	System.Security.dll assembly as part of 2.0 RC changes.
+
+2005-04-27  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509BasicConstraintsExtension.cs: Now throw ArgumentNullException in 
+	CopyFrom (fixed in beta2).
+	* X509CertificateEx.cs: Throw a CryptographicException in the RawData
+	property if no certificate is loaded in the instance.
+	* X509EnhancedKeyUsageExtension.cs: Now throw ArgumentNullException in 
+	CopyFrom (fixed in beta2).
+	* X509Extension.cs: Now throw ArgumentNullException in CopyFrom (fixed
+	in beta2).
+	* X509KeyUsageExtension.cs: Now throw ArgumentNullException in 
+	CopyFrom (fixed in beta2).
+	* X509Store.cs: Re-added certificate creation to get the exception.
+	* X509SubjectKeyIdentifierExtension.cs: Throw ArgumentNullException in
+	CopyFrom (fixed in beta2). Fix SubjectKeyIdentifier to return an empty
+	string (not null) after (unsucessful) decoding.
+
+2005-04-26  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509CertificateEx.cs: Used new features from Mono.Security.dll to 
+	load certificates and private keys from PKCS#12.
+
+2005-04-24  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509CertificateEx.cs: Added new constructors and Import methods that
+	accept SecureString for passwords. Added new property HasPrivateKey and
+	Verify method.
+	* X509CertificateExCollection.cs: Added new constructor that accept a
+	single X509Certificate2.
+	* X509EnhancedKeyUsageExtension.cs: Fixed compiler warnings.
+	* X509KeyUsageExtension.cs: Fixed new enum name for CrlSign. 
+	* X509KeyUsageFlags.cs: Fixed values and removed [Serializable].
+	* X509NameType.cs: Fixed values and removed [Serializable].
+	* X509Store.cs: Added new constructor that accept an IntPtr and the 
+	StoreHandle property. Fixed compiler warnings.
+
+2005-04-23  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509CertificateEx.cs, X509CertificateExCollection.cs, 
+	X509CertificateExEnumerator.cs, X509Chain.cs, X509ChainElement.cs,
+	X509ChainPolicy.cs, X509Store.cs: Changed all references of
+	X509CertificateEx to X509Certificate2 to match beta2.
+
+2005-01-17  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509BasicConstraintsExtension.cs: Completed implementation.
+	* X509Chain.cs: Updated to Dec CTP definitions.
+	* X509ChainPolicy.cs: Updated to Dec CTP definitions.
+	* X500DistinguishedNameFlags.cs: Added new ForceUTF8Encoding.
+	* X509EnhancedKeyUsageExtension.cs: New. Complete implementation.
+	* X509Extension.cs: Completed implementation.
+	* X509ExtensionCollection.cs: Updated to Dec CTP definitions.
+	* X509KeyUsageExtension.cs: Completed implementation.
+	* X509RevocationFlag.cs: Minus 1 on each member.
+	* X509SubjectKeyIdentifierExtension.cs: Completed implementation 
+	except for the new constructor accepting a public key.
+	* X509SubjectKeyIdentifierHashAlgorithm.cs: New enum.
+
+2004-09-03  Tim Coleman <tim@timcoleman.com>
+	* X509KeyUsageExtension.cs: New stub class
+	* X509SubjectKeyIdentifierExtension.cs: New stub class
+	* PublicKey.cs X509BasicConstraintsExtension.cs X509CertificateEx.cs
+	* X509CertificateExCollection.cs X509Extension.cs
+	* X509ExtensionCollection.cs:
+		Bring these more in line with 2.0
+
+2004-07-08  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* OpenFlags.cs: Fixed flags values. Added missing attributes.
+	* StoreLocation.cs: Fixed enum values. Added missing [Serializable].
+	* StoreName.cs: Fixed enum values. Added missing [Serializable].
+	* X500DistinguishedName.cs: New. X.501 DN.
+	* X500DistinguishedNameFlags.cs: New. X.501 DN flags.
+	* X509CertificateEx.cs: Updated to Fx 2.0 beta 1. Added MonoTODO.
+	* X509Chain.cs: Added missing Reset method.
+	* X509ChainStatusFlags.cs: Fixed flags values. Added missing attrs.
+	* X509Extension.cs: Fixed API.
+	* X509ExtensionCollection.cs: Fixed API and implemented.
+	* X509FindType.cs: Fixed enum values. Added missing [Serializable].
+	* X509IncludeOption.cs: Added missing [Serializable].
+	* X509KeyUsageFlags.cs: : Fixed flags values. Added missing attrs.
+	* X509NameType.cs: Fixed enum values. Added missing [Serializable].
+	* X509RevocationFlag.cs: Fixed enum values. Added missing [Serializable].
+	* X509RevocationMode.cs: Added missing [Serializable].
+	* X509SelectionFlag.cs: Added missing [Serializable].
+	* X509VerificationFlags.cs: Fixed flags values. Added missing attrs.
+
+2004-07-07  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* X509Store.cs: Removed old store code (as it has changed a lot in 
+	Mono.Security).
+
 2004-06-05  Sebastien Pouliot  <sebastien@ximian.com>
 
 	* X509CertificateCollection.cs: Fixed Contains which works by value
 	(i.e. not by object reference). Fixed Remove for null and unexisting
 	elements.
 
+2003-12-07  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* PublicKey.cs: New (1.2). Class that encapsulate an ASN.1 encoded 
+	public key. 
+	* X509BasicConstraintsExtension.cs: New (1.2). X.509 certification 
+	extension for BasicConstraints.
+	* X509CertificateEx.cs: New (1.2). Augmented class to use X.509 
+	certificates.
+	* X509CertificateExCollection.cs: New (1.2). Collection class for 
+	X509CertificateEx.
+	* X509CertificateExEnumerator.cs: New (1.2). Enumerator class for 
+	X509CertificateEx.
+	* X509ChainElement.cs: New (1.2). Information (certificate, status, 
+	informations) for a member of a certificate chain.
+	* X509ChainElementCollection.cs: New (1.2). Collection class for 
+	X509ChainElement.
+	* X509ChainElementEnumerator.cs: New (1.2). Enumerator class for 
+	X509ChainElement.
+	* X509ChainStatus.cs: New (1.2). Chain status (many can apply to a 
+	single X509ChainElement).
+	* X509Extension.cs: New (1.2). Base class for all certificate 
+	extensions.
+	* X509ExtensionCollection.cs: New (1.2). Collection class for 
+	X509Extension.
+	* X509ExtensionEnumerator.cs: New (1.2). Enumerator class for 
+	X509Extension.
+
+2003-11-08  Sebastien Pouliot  <spouliot@videotron.ca>
+
+	* OpenFlags.cs: New (1.2). Enumeration for certificate stores.
+	* StoreLocation.cs: New (1.2). Enumeration for certificate stores.
+	* StoreName.cs: New (1.2). Enumeration for certificate stores.
+	* X509Chain.cs: New (1.2). Class to build a certificate chain up to a 
+	trusted anchor.
+	* X509ChainElement.cs: New (1.2). Element from the chain (certificate,
+	status and information) - only stubbed for now.
+	* X509ChainElementCollection.cs: New (1.2). Collection class for 
+	X509ChainElement.
+	* X509ChainElementEnumerator.cs: New (1.2). Enumerator class for 
+	X509ChainElement.
+	* X509ChainPolicy.cs: New (1.2). Policy to build a certificate chain.
+	* X509ChainStatusFlags.cs: New (1.2). Enumeration for chain status.
+	* X509FindType.cs: New (1.2). Enumeration for how to find X.509 
+	certificates in stores.
+	* X509IncludeOption.cs: New (1.2). Enumeration for options about which
+	certificate(s) to store within a (pkcs7) structure.
+	* X509KeyUsageFlags.cs: New (1.2). Enumeration for specifying valid 
+	usage for a keypair.
+	* X509NameType.cs: New (1.2). Enumeration for different types of name
+	that can be present inside a certificate.
+	* X509RevocationFlag.cs: New (1.2). Enumeration for specifying which
+	certificates should be verified for revocation in a chain.
+	* X509RevocationMode.cs: New (1.2). Enumeration for specifying how the
+	revocation process should find it's informations.
+	* X509SelectionFlag.cs: New (1.2). Enumeration about how to select 
+	certificates (ui-related).
+	* X509Store.cs: New (1.2). X.509 certificate store access - not complete.
+	* X509VerificationFlags.cs: New (1.2). Enumeration for parameters 
+	affecting the verification of a certificate chain.
+
 2003-03-01  Sebastien Pouliot  <spouliot@videotron.ca>
 
 	* X509CertificateCollection.cs: Fixed bugs in AddRange
@@ -22,4 +179,3 @@
 2002-05-12  Lawrence Pit <loz@cable.a2000.nl>
 
 	* X509CertificateCollection.cs: implemented
-
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/OpenFlags.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/OpenFlags.cs
new file mode 100644
index 00000000000..56793279aad
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/OpenFlags.cs
@@ -0,0 +1,47 @@
+//
+// OpenFlags.cs - System.Security.Cryptography.X509Certificates.OpenFlags
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Flags]
+	[Serializable]
+	public enum OpenFlags {
+		ReadOnly,
+		ReadWrite, 
+		MaxAllowed,
+		OpenExistingOnly = 4,
+		IncludeArchived = 8
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs
new file mode 100644
index 00000000000..c8108cf776b
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs
@@ -0,0 +1,90 @@
+//
+// PublicKey.cs - System.Security.Cryptography.PublicKey
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//	Tim Coleman (tim@timcoleman.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) Tim Coleman, 2004
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	// Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com
+
+	public sealed class PublicKey {
+
+		private AsymmetricAlgorithm _key;
+		private AsnEncodedData _keyValue;
+		private AsnEncodedData _params;
+		private Oid _oid;
+
+		[MonoTODO]
+		public PublicKey (Oid oid, AsnEncodedData parameters, AsnEncodedData keyValue)
+		{
+			_oid = oid;
+			_params = parameters;
+			_keyValue = keyValue;
+		}
+
+		internal PublicKey (Mono.Security.X509.X509Certificate certificate)
+		{
+			if (certificate.KeyAlgorithm == "1.2.840.113549.1.1.1") {
+				_key = certificate.RSA;
+			}
+			else {
+				_key = certificate.DSA;
+			}
+
+			_oid = new Oid (certificate.KeyAlgorithm);
+			_keyValue = new AsnEncodedData (_oid, certificate.PublicKey);
+			_params = new AsnEncodedData (_oid, certificate.KeyAlgorithmParameters);
+		}
+
+		// properties
+
+		public AsnEncodedData EncodedKeyValue {
+			get { return _keyValue; }
+		}
+
+		public AsnEncodedData EncodedParameters {
+			get { return _params; }
+		}
+
+		public AsymmetricAlgorithm Key {
+			get { return _key; }
+		}
+
+		public Oid Oid {
+			get { return _oid; }
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/StoreLocation.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/StoreLocation.cs
new file mode 100644
index 00000000000..565ba11caef
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/StoreLocation.cs
@@ -0,0 +1,43 @@
+//
+// StoreLocation.cs - System.Security.Cryptography.X509Certificates.StoreLocation
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum StoreLocation {
+		CurrentUser = 1,
+		LocalMachine = 2
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/StoreName.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/StoreName.cs
new file mode 100644
index 00000000000..6e621ff3ea9
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/StoreName.cs
@@ -0,0 +1,49 @@
+//
+// StoreName.cs - System.Security.Cryptography.X509Certificates.StoreName
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum StoreName {
+		AddressBook = 1,
+		AuthRoot = 2,
+		CertificateAuthority = 3,
+		Disallowed = 4,
+		My = 5,
+		Root = 6,
+		TrustedPeople = 7,
+		TrustedPublisher = 8 
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs
new file mode 100644
index 00000000000..d72e47f9160
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedName.cs
@@ -0,0 +1,85 @@
+//
+// System.Security.Cryptography.X509Certificates.X500DistinguishedName
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+using System.Text;
+
+using MX = Mono.Security.X509;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X500DistinguishedName : AsnEncodedData {
+
+		[MonoTODO]
+		public X500DistinguishedName (AsnEncodedData encodedDistinguishedName)
+		{
+		}
+
+		[MonoTODO]
+		public X500DistinguishedName (byte[] encodedDistinguishedName)
+		{
+		}
+
+		[MonoTODO]
+		public X500DistinguishedName (string distinguishedName)
+		{
+		}
+
+		[MonoTODO]
+		public X500DistinguishedName (string distinguishedName, X500DistinguishedNameFlags flag)
+		{
+		}
+
+		[MonoTODO]
+		public X500DistinguishedName (X500DistinguishedName distinguishedName)
+		{
+		}
+
+		[MonoTODO]
+		public string Name {
+			get { return null; }
+		}
+
+		[MonoTODO]
+		public string Decode (X500DistinguishedNameFlags flag)
+		{
+			return null;
+		}
+
+		[MonoTODO]
+		public override string Format (bool multiLine)
+		{
+			return null;
+		}
+
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedNameFlags.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedNameFlags.cs
new file mode 100644
index 00000000000..7361b9d8ccd
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X500DistinguishedNameFlags.cs
@@ -0,0 +1,49 @@
+//
+// System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Flags]
+	[Serializable]
+	public enum X500DistinguishedNameFlags {
+		None = 0,
+		Reversed = 1,
+		UseSemicolons = 16,
+		DoNotUsePlusSign = 32,
+		DoNotUseQuotes = 64,
+		UseCommas = 128,
+		UseNewLines = 256,
+		UseUTF8Encoding = 4096,
+		UseT61Encoding = 8192,
+		ForceUTF8Encoding = 16384
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509BasicConstraintsExtension.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509BasicConstraintsExtension.cs
new file mode 100644
index 00000000000..b342bb04d07
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509BasicConstraintsExtension.cs
@@ -0,0 +1,231 @@
+//
+// System.Security.Cryptography.X509BasicConstraintsExtension
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//	Tim Coleman (tim@timcoleman.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) Tim Coleman, 2004
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Text;
+
+using Mono.Security;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509BasicConstraintsExtension : X509Extension {
+
+		internal const string oid = "2.5.29.19";
+		internal const string friendlyName = "Basic Constraints";
+
+		private bool _certificateAuthority;
+		private bool _hasPathLengthConstraint;
+		private int _pathLengthConstraint;
+		private AsnDecodeStatus _status;
+
+		// constructors
+
+		public X509BasicConstraintsExtension ()
+		{
+			_oid = new Oid (oid, friendlyName);
+		}
+
+		public X509BasicConstraintsExtension (AsnEncodedData encodedBasicConstraints, bool critical)
+		{
+			// ignore the Oid provided by encodedKeyUsage (our rules!)
+			_oid = new Oid (oid, friendlyName);
+			_raw = encodedBasicConstraints.RawData;
+			base.Critical = critical;
+			_status = Decode (this.RawData);
+		}
+
+		public X509BasicConstraintsExtension (bool certificateAuthority, bool hasPathLengthConstraint, int pathLengthConstraint, bool critical)
+		{
+			if (hasPathLengthConstraint) {
+				if (pathLengthConstraint < 0)
+					throw new ArgumentOutOfRangeException ("pathLengthConstraint");
+				_pathLengthConstraint = pathLengthConstraint;
+			}
+			_hasPathLengthConstraint = hasPathLengthConstraint;
+			_certificateAuthority = certificateAuthority;
+			_oid = new Oid (oid, friendlyName);
+			base.Critical = critical;
+			RawData = Encode ();
+		}
+
+		// properties
+
+		public bool CertificateAuthority {
+			get {
+				switch (_status) {
+				case AsnDecodeStatus.Ok:
+				case AsnDecodeStatus.InformationNotAvailable:
+					return _certificateAuthority;
+				default:
+					throw new CryptographicException ("Badly encoded extension.");
+				}
+			}
+		}
+
+		public bool HasPathLengthConstraint {
+			get {
+				switch (_status) {
+				case AsnDecodeStatus.Ok:
+				case AsnDecodeStatus.InformationNotAvailable:
+					return _hasPathLengthConstraint;
+				default:
+					throw new CryptographicException ("Badly encoded extension.");
+				}
+			}
+		}
+
+		public int PathLengthConstraint {
+			get {
+				switch (_status) {
+				case AsnDecodeStatus.Ok:
+				case AsnDecodeStatus.InformationNotAvailable:
+					return _pathLengthConstraint;
+				default:
+					throw new CryptographicException ("Badly encoded extension.");
+				}
+			}
+		}
+
+		// methods
+
+		public override void CopyFrom (AsnEncodedData asnEncodedData) 
+		{
+			if (asnEncodedData == null)
+				throw new ArgumentNullException ("asnEncodedData");
+
+			X509Extension ex = (asnEncodedData as X509Extension);
+			if (ex == null)
+				throw new ArgumentException (Locale.GetText ("Wrong type."), "asnEncodedData");
+
+			if (ex._oid == null)
+				_oid = new Oid (oid, friendlyName);
+			else 
+				_oid = new Oid (ex._oid);
+
+			RawData = ex.RawData;
+			base.Critical = ex.Critical;
+			// and we deal with the rest later
+			_status = Decode (this.RawData);
+		}
+
+		// internal
+
+		internal AsnDecodeStatus Decode (byte[] extension)
+		{
+			if ((extension == null) || (extension.Length == 0))
+				return AsnDecodeStatus.BadAsn;
+			if (extension [0] != 0x30)
+				return AsnDecodeStatus.BadTag;
+			if (extension.Length < 3) {
+				if (!((extension.Length == 2) && (extension [1] == 0x00)))
+					return AsnDecodeStatus.BadLength;
+			}
+
+			try {
+				ASN1 sequence = new ASN1 (extension);
+				int n = 0;
+				ASN1 a = sequence [n++];
+				if ((a != null) && (a.Tag == 0x01)) {
+					_certificateAuthority = (a.Value [0] == 0xFF);
+					a = sequence [n++];
+				}
+				if ((a != null) && (a.Tag == 0x02)) {
+					_hasPathLengthConstraint = true;
+					_pathLengthConstraint = ASN1Convert.ToInt32 (a);
+				}
+			}
+			catch {
+				return AsnDecodeStatus.BadAsn;
+			}
+
+			return AsnDecodeStatus.Ok;
+		}
+
+		internal byte[] Encode ()
+		{
+			ASN1 ex = new ASN1 (0x30);
+
+			if (_certificateAuthority)
+				ex.Add (new ASN1 (0x01, new byte[] { 0xFF }));
+			if (_hasPathLengthConstraint) {
+				// MS encodes the 0 (pathLengthConstraint is OPTIONAL)
+				// and in a long form (02 00 versus 02 01 00)
+				if (_pathLengthConstraint == 0)
+					ex.Add (new ASN1 (0x02, new byte[] { 0x00 }));
+				else
+					ex.Add (ASN1Convert.FromInt32 (_pathLengthConstraint));
+			}
+
+			return ex.GetBytes ();
+		}
+
+		internal override string ToString (bool multiLine)
+		{
+			switch (_status) {
+			case AsnDecodeStatus.BadAsn:
+				return String.Empty;
+			case AsnDecodeStatus.BadTag:
+			case AsnDecodeStatus.BadLength:
+				return FormatUnkownData (_raw);
+			case AsnDecodeStatus.InformationNotAvailable:
+				return "Information Not Available";
+			}
+
+			if (_oid.Value != oid)
+				return String.Format ("Unknown Key Usage ({0})", _oid.Value);
+
+			StringBuilder sb = new StringBuilder ();
+
+			sb.Append ("Subject Type=");
+			if (_certificateAuthority)
+				sb.Append ("CA");
+			else
+				sb.Append ("End Entity");
+			if (multiLine)
+				sb.Append (Environment.NewLine);
+			else
+				sb.Append (", ");
+
+			sb.Append ("Path Length Constraint=");
+			if (_hasPathLengthConstraint) 
+				sb.Append (_pathLengthConstraint);
+			else
+				sb.Append ("None");
+			if (multiLine)
+				sb.Append (Environment.NewLine);
+
+			return sb.ToString ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
new file mode 100644
index 00000000000..59753e8defe
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs
@@ -0,0 +1,348 @@
+//
+// System.Security.Cryptography.X509Certificate2 class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+using System.IO;
+using System.Text;
+
+using MX = Mono.Security.X509;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public class X509Certificate2 : X509Certificate {
+
+		private bool _archived;
+		private X509ExtensionCollection _extensions;
+		private string _name;
+		private string _serial;
+		private PublicKey _publicKey;
+
+		private MX.X509Certificate _cert;
+
+		// constructors
+
+		public X509Certificate2 () : base () 
+		{
+			_cert = null;
+		}
+
+		public X509Certificate2 (byte[] rawData) : base (rawData) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (byte[] rawData, string password) : base (rawData, password) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (byte[] rawData, SecureString password) : base (rawData, password) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
+			: base (rawData, password, keyStorageFlags) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
+			: base (rawData, password, keyStorageFlags) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (string fileName) : base (fileName) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (string fileName, string password) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (string fileName, SecureString password) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (string fileName, string password, X509KeyStorageFlags keyStorageFlags)
+			: base (fileName, password, keyStorageFlags) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
+			: base (fileName, password, keyStorageFlags) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (IntPtr handle) : base (handle) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		public X509Certificate2 (X509Certificate certificate) 
+		{
+			_cert = new MX.X509Certificate (base.GetRawCertData ());
+		}
+
+		// properties
+
+		public bool Archived {
+			get { return _archived; }
+			set { _archived = value; }
+		}
+
+		public X509ExtensionCollection Extensions {
+			get { return _extensions; }
+		}
+
+		public string FriendlyName {
+			get { return _name; }
+			set { _name = value; }
+		}
+
+		[MonoTODO]
+		public bool HasPrivateKey {
+			get { return false; }
+		}
+
+		[MonoTODO]
+		public X500DistinguishedName IssuerName {
+			get { return null; }
+		} 
+
+		public DateTime NotAfter {
+			get { return _cert.ValidUntil; }
+		}
+
+		public DateTime NotBefore {
+			get { return _cert.ValidFrom; }
+		}
+
+		public AsymmetricAlgorithm PrivateKey {
+			get {
+				if (_cert.RSA != null)
+					return _cert.RSA; 
+				else if (_cert.DSA != null)
+					return _cert.DSA;
+				return null;
+			}
+			set {
+				if (value is RSA)
+					_cert.RSA = (RSA) value;
+				else if (value is DSA)
+					_cert.DSA = (DSA) value;
+				else
+					throw new NotSupportedException ();
+			}
+		} 
+
+		public PublicKey PublicKey {
+			get { 
+				if (_publicKey == null) {
+					_publicKey = new PublicKey (_cert);
+				}
+				return _publicKey;
+			}
+		} 
+
+		public byte[] RawData {
+			get {
+				if (_cert == null) {
+					throw new CryptographicException (Locale.GetText ("No certificate data."));
+				}
+				return base.GetRawCertData ();
+			}
+		} 
+
+		public string SerialNumber {
+			get { 
+				if (_serial == null) {
+					StringBuilder sb = new StringBuilder ();
+					byte[] serial = _cert.SerialNumber;
+					for (int i=serial.Length - 1; i >= 0; i--)
+						sb.Append (serial [i].ToString ("X2"));
+					_serial = sb.ToString ();
+				}
+				return _serial; 
+			}
+		} 
+
+		public Oid SignatureAlgorithm {
+			get { return null; }
+		} 
+
+		[MonoTODO]
+		public X500DistinguishedName SubjectName {
+			get { return null; }
+		} 
+
+		public string Thumbprint {
+			get { return base.GetCertHashString (); }
+		} 
+
+		public int Version {
+			get { return _cert.Version; }
+		}
+
+		// methods
+
+		[MonoTODO]
+		public void Display ()
+		{
+		}
+
+		[MonoTODO]
+		public void Display (IntPtr hwndParent) 
+		{
+		}
+
+		[MonoTODO]
+		public string GetNameInfo (X509NameType nameType, bool forIssuer) 
+		{
+			return null;
+		}
+
+		public override void Import (byte[] rawData) 
+		{
+			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		[MonoTODO ("missing KeyStorageFlags support")]
+		public override void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+			base.Import (rawData, password, keyStorageFlags);
+			if (password == null) {
+				_cert = new Mono.Security.X509.X509Certificate (rawData);
+				// TODO - PKCS12 without password
+			} else {
+				// try PKCS#12
+				MX.PKCS12 pfx = new MX.PKCS12 (rawData, password);
+				if (pfx.Certificates.Count > 0) {
+					_cert = pfx.Certificates [0];
+				} else {
+					_cert = null;
+				}
+				if (pfx.Keys.Count > 0) {
+					_cert.RSA = (pfx.Keys [0] as RSA);
+					_cert.DSA = (pfx.Keys [0] as DSA);
+				}
+			}
+		}
+
+		[MonoTODO ("SecureString is incomplete")]
+		public override void Import (byte[] rawData, SecureString password, X509KeyStorageFlags keyStorageFlags)
+		{
+			Import (rawData, (string) null, keyStorageFlags);
+		}
+
+		public override void Import (string fileName) 
+		{
+			byte[] rawData = Load (fileName);
+			Import (rawData, (string)null, X509KeyStorageFlags.DefaultKeySet);
+		}
+
+		[MonoTODO ("missing KeyStorageFlags support")]
+		public override void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags) 
+		{
+			byte[] rawData = Load (fileName);
+			Import (rawData, password, keyStorageFlags);
+		}
+
+		[MonoTODO ("SecureString is incomplete")]
+		public override void Import (string fileName, SecureString password, X509KeyStorageFlags keyStorageFlags) 
+		{
+			byte[] rawData = Load (fileName);
+			Import (rawData, (string)null, keyStorageFlags);
+		}
+
+		private byte[] Load (string fileName)
+		{
+			byte[] data = null;
+			using (FileStream fs = new FileStream (fileName, FileMode.Open)) {
+				data = new byte [fs.Length];
+				fs.Read (data, 0, data.Length);
+				fs.Close ();
+			}
+			return data;
+		}
+
+		public override void Reset () 
+		{
+			_serial = null;
+			_publicKey = null;
+			base.Reset ();
+		}
+
+		[MonoTODO]
+		public override string ToString ()
+		{
+			return null;
+		}
+
+		[MonoTODO]
+		public override string ToString (bool verbose)
+		{
+			return null;
+		}
+
+		[MonoTODO]
+		public bool Verify ()
+		{
+			X509Chain chain = new X509Chain ();
+			if (!chain.Build (this))
+				return false;
+			// TODO - check chain and other stuff ???
+			return true;
+		}
+
+		// static methods
+
+		[MonoTODO]
+		public static X509ContentType GetCertContentType (byte[] rawData)
+		{
+			return X509ContentType.Unknown;
+		}
+
+		[MonoTODO]
+		public static X509ContentType GetCertContentType (string fileName)
+		{
+			return X509ContentType.Unknown;
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Collection.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Collection.cs
new file mode 100644
index 00000000000..e247fdf2313
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Collection.cs
@@ -0,0 +1,206 @@
+//
+// System.Security.Cryptography.X509Certificates.X509Certificate2Collection class
+//
+// Authors:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//	Tim Coleman (tim@timcoleman.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) Tim Coleman, 2004
+// Copyright (C) 2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Collections;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509Certificate2Collection : X509CertificateCollection {
+
+		// constructors
+
+		public X509Certificate2Collection ()
+		{
+		}
+
+		public X509Certificate2Collection (X509Certificate2Collection certificates)
+		{
+			AddRange (certificates);
+		}
+
+		public X509Certificate2Collection (X509Certificate2 certificate) 
+		{
+			Add (certificate);
+		}
+
+		public X509Certificate2Collection (X509Certificate2[] certificates) 
+		{
+			AddRange (certificates);
+		}
+
+		// properties
+
+		public new X509Certificate2 this [int index] {
+			get {
+				if (index < 0)
+					throw new ArgumentOutOfRangeException ("negative index");
+				if (index >= InnerList.Count)
+					throw new ArgumentOutOfRangeException ("index >= Count");
+				return (X509Certificate2) InnerList [index];
+			}
+			set { InnerList [index] = value; }
+		}
+
+		// methods
+
+		public int Add (X509Certificate2 certificate)
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+
+			return InnerList.Add (certificate);
+		}
+
+		// note: transactional
+		public void AddRange (X509Certificate2[] certificates) 
+		{
+			if (certificates == null)
+				throw new ArgumentNullException ("certificates");
+
+			for (int i=0; i < certificates.Length; i++)
+				InnerList.Add (certificates [i]);
+		}
+
+		// note: transactional
+		public void AddRange (X509Certificate2Collection certificates) 
+		{
+			if (certificates == null)
+				throw new ArgumentNullException ("certificates");
+
+			InnerList.AddRange (certificates);
+		}
+
+		public bool Contains (X509Certificate2 certificate) 
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+
+			foreach (X509Certificate2 c in InnerList) {
+				if (certificate.Equals (c))
+					return true;
+			}
+			return false;
+		}
+
+		public byte[] Export (X509ContentType contentType) 
+		{
+			return null;
+		}
+
+		public byte[] Export (X509ContentType contentType, string password) 
+		{
+			return null;
+		}
+
+		public X509Certificate2Collection Find (X509FindType findType, object findValue, bool validOnly) 
+		{
+			return null;
+		}
+
+		public new X509Certificate2Enumerator GetEnumerator () 
+		{
+			return null;
+		}
+
+		public void Import (byte[] rawData) 
+		{
+		}
+
+		public void Import (byte[] rawData, string password, X509KeyStorageFlags keyStorageFlags)
+		{
+		}
+
+		public void Import (string fileName) 
+		{
+		}
+
+		public void Import (string fileName, string password, X509KeyStorageFlags keyStorageFlags) 
+		{
+		}
+
+		public void Insert (int index, X509Certificate2 certificate) 
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+			if (index < 0)
+				throw new ArgumentOutOfRangeException ("negative index");
+			if (index >= InnerList.Count)
+				throw new ArgumentOutOfRangeException ("index >= Count");
+
+			InnerList.Insert (index, certificate);
+		}
+
+		public void Remove (X509Certificate2 certificate) 
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+
+			for (int i=0; i < InnerList.Count; i++) {
+				X509Certificate2 c = (X509Certificate2) InnerList [i];
+				if (certificate.Equals (c)) {
+					InnerList.RemoveAt (i);
+					// only first instance is removed
+					return;
+				}
+			}
+		}
+
+		// note: transactional
+		public void RemoveRange (X509Certificate2[] certificates)
+		{
+			if (certificates == null)
+				throw new ArgumentNullException ("certificate");
+		}
+
+		// note: transactional
+		public void RemoveRange (X509Certificate2Collection certificates) 
+		{
+			if (certificates == null)
+				throw new ArgumentNullException ("certificate");
+		}
+
+		// note: UI
+		public X509Certificate2Collection Select (string title, string message, X509SelectionFlag selectionFlag)
+		{
+			return null;
+		}
+
+		// note: UI
+		public X509Certificate2Collection Select (string title, string message, X509SelectionFlag selectionFlag, IntPtr hwndParent) 
+		{
+			return null;
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Enumerator.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Enumerator.cs
new file mode 100644
index 00000000000..343ee097bec
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2Enumerator.cs
@@ -0,0 +1,69 @@
+//
+// System.Security.Cryptography.X509Certificates.X509Certificate2Enumerator class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Collections;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509Certificate2Enumerator : IEnumerator {
+
+		private IEnumerator enumerator;
+
+		internal X509Certificate2Enumerator (X509Certificate2Collection collection) 
+		{
+			enumerator = ((IEnumerable) collection).GetEnumerator ();
+		}
+
+		// properties
+
+		public X509Certificate2 Current {
+			get { return (X509Certificate2) enumerator.Current; }
+		}
+
+		object IEnumerator.Current {
+			get { return enumerator.Current; }
+		}
+
+		// methods
+
+		public bool MoveNext () 
+		{
+			return enumerator.MoveNext ();
+		}
+
+		public void Reset ()
+		{
+			enumerator.Reset ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs
new file mode 100644
index 00000000000..88e67e5c1e6
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs
@@ -0,0 +1,105 @@
+//
+// System.Security.Cryptography.X509Certificates.X509Chain
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public class X509Chain {
+
+		private bool _machineContext;
+		private X509ChainElementCollection _elements;
+		private X509ChainPolicy _policy;
+		private X509ChainStatus[] _status;
+
+		// constructors
+
+		public X509Chain () : this (false)
+		{
+		}
+
+		public X509Chain (bool useMachineContext) 
+		{
+			_machineContext = useMachineContext;
+			_elements = new X509ChainElementCollection ();
+			_policy = new X509ChainPolicy ();
+		}
+
+		public X509Chain (IntPtr chainContext)
+		{
+			// CryptoAPI compatibility (unmanaged handle)
+			throw new NotSupportedException ();
+		}
+
+		// properties
+
+		public IntPtr ChainContext {
+			get { return IntPtr.Zero; }
+		}
+
+		public X509ChainElementCollection ChainElements {
+			get { return _elements; }
+		}
+
+		public X509ChainPolicy ChainPolicy {
+			get { return _policy; }
+			set { _policy = value; }
+		}
+
+		public X509ChainStatus[] ChainStatus {
+			get { 
+				if (_status == null)
+					_status = new X509ChainStatus [0]; 
+				return _status;
+			}
+		} 
+
+		// methods
+
+		[MonoTODO]
+		public bool Build (X509Certificate2 certificate)
+		{
+			return false;
+		}
+
+		[MonoTODO]
+		public void Reset () 
+		{
+		}
+
+		// static methods
+
+		public static X509Chain Create ()
+		{
+			return new X509Chain ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs
new file mode 100644
index 00000000000..0d067ce2170
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs
@@ -0,0 +1,62 @@
+//
+// X509ChainElement.cs - System.Security.Cryptography.X509Certificates.X509ChainElement
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public class X509ChainElement {
+
+		// constructors
+
+		// only accessible from X509Chain.ChainElements
+		internal X509ChainElement ()
+		{
+		}
+
+		// properties
+
+		[MonoTODO]
+		public X509Certificate2 Certificate {
+			get { return null; }
+		}
+
+		[MonoTODO]
+		public X509ChainStatus[] ChainElementStatus {
+			get { return null; }
+		}
+
+		[MonoTODO]
+		public string Information {
+			get { return null; }
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs
new file mode 100644
index 00000000000..3fafdb8a62d
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs
@@ -0,0 +1,94 @@
+//
+// X509ChainElementCollection.cs - System.Security.Cryptography.X509Certificates.X509ChainElementCollection
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+using System.Collections;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	// Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com
+
+	public sealed class X509ChainElementCollection : ICollection, IEnumerable {
+
+		private ArrayList _list;
+
+		// constructors
+
+		// only accessible from X509Chain
+		internal X509ChainElementCollection () 
+		{
+			_list = new ArrayList ();
+		}
+
+		// properties
+
+		public int Count {
+			get { return _list.Count; }
+		}
+
+		public bool IsSynchronized {
+			get { return _list.IsSynchronized; }
+		}
+
+		public X509ChainElement this [int index] {
+			get { return (X509ChainElement) _list [index]; }
+		}
+
+		public object SyncRoot {
+			get { return _list.SyncRoot; }
+		}
+
+		// methods
+
+		public void CopyTo (X509ChainElement[] array, int index) 
+		{
+			_list.CopyTo ((Array)array, index);
+		}
+
+		void ICollection.CopyTo (Array array, int index) 
+		{
+			_list.CopyTo (array, index);
+		}
+
+		public X509ChainElementEnumerator GetEnumerator ()
+		{
+			return new X509ChainElementEnumerator (_list);
+		}
+
+		IEnumerator IEnumerable.GetEnumerator ()
+		{
+			return new X509ChainElementEnumerator (_list);
+		}
+	}
+}
+
+#endif
\ No newline at end of file
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementEnumerator.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementEnumerator.cs
new file mode 100644
index 00000000000..ca4a636b83b
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementEnumerator.cs
@@ -0,0 +1,73 @@
+//
+// X509ChainElementEnumerator.cs - System.Security.Cryptography.X509Certificates.X509ChainElementEnumerator
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+using System.Collections;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	// Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com
+
+	public sealed class X509ChainElementEnumerator : IEnumerator {
+
+		private IEnumerator enumerator;
+
+		internal X509ChainElementEnumerator (IEnumerable enumerable) 
+		{
+			enumerator = enumerable.GetEnumerator ();
+		}
+
+		// properties
+
+		public X509ChainElement Current {
+			get { return (X509ChainElement) enumerator.Current; }
+		}
+
+		object IEnumerator.Current {
+			get { return enumerator.Current; }
+		}
+
+		// methods
+
+		public bool MoveNext ()
+		{
+			return enumerator.MoveNext ();
+		}
+
+		public void Reset() 
+		{
+			enumerator.Reset ();
+		}
+	}
+}
+
+#endif
\ No newline at end of file
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs
new file mode 100644
index 00000000000..bfd74c181ee
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs
@@ -0,0 +1,107 @@
+//
+// System.Security.Cryptography.X509Certificates.X509ChainPolicy class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509ChainPolicy {
+
+		private OidCollection _apps;
+		private OidCollection _cert;
+		private X509Certificate2Collection _store;
+		private X509RevocationFlag _rflag;
+		private X509RevocationMode _mode;
+		private TimeSpan _timeout;
+		private X509VerificationFlags _vflags;
+		private DateTime _vtime;
+
+		// constructors
+
+		public X509ChainPolicy () 
+		{
+			Reset ();
+		}
+
+		// properties
+
+		public OidCollection ApplicationPolicy {
+			get { return _apps; }
+		}
+
+		public OidCollection CertificatePolicy {
+			get { return _cert; }
+		}
+
+		public X509Certificate2Collection ExtraStore {
+			get { return _store; }
+		}
+
+		public X509RevocationFlag RevocationFlag {
+			get { return _rflag; }
+			set { _rflag = value; }
+		}
+
+		public X509RevocationMode RevocationMode {
+			get { return _mode; }
+			set { _mode = value; }
+		}
+
+		public TimeSpan UrlRetrievalTimeout {
+			get { return _timeout; }
+			set { _timeout = value; }
+		}
+
+		public X509VerificationFlags VerificationFlags {
+			get { return _vflags; }
+			set { _vflags = value; }
+		}
+
+		public DateTime VerificationTime {
+			get { return _vtime; }
+			set { _vtime = value; }
+		}
+
+		// methods
+
+		public void Reset ()
+		{
+			_apps = new OidCollection ();
+			_cert = new OidCollection ();
+			_store = new X509Certificate2Collection ();
+			_rflag = X509RevocationFlag.ExcludeRoot;
+			_mode = X509RevocationMode.Online;
+			_timeout = new TimeSpan (0);
+			_vflags = X509VerificationFlags.NoFlag;
+			_vtime = DateTime.Now;
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs
new file mode 100644
index 00000000000..982e50f0289
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs
@@ -0,0 +1,58 @@
+//
+// X509ChainStatus.cs - System.Security.Cryptography.X509Certificates.X509ChainStatus
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	// Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com
+
+	public struct X509ChainStatus {
+
+		private X509ChainStatusFlags _status;
+		private string _info;
+
+		// properties
+
+		public X509ChainStatusFlags Status {
+			get { return _status; }
+			set { _status = value; }
+		}
+
+		public string StatusInformation {
+			get { return _info; }
+			set { _info = value; }
+		}
+	}
+}
+
+#endif
\ No newline at end of file
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatusFlags.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatusFlags.cs
new file mode 100644
index 00000000000..41cbbccc6f8
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatusFlags.cs
@@ -0,0 +1,65 @@
+//
+// X509ChainStatusFlags.cs - System.Security.Cryptography.X509Certificates.X509ChainStatusFlags
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Flags]
+	[Serializable]
+	public enum X509ChainStatusFlags {
+		NoError = 0,
+		NotTimeValid = 1,
+		NotTimeNested = 2,
+		Revoked = 4,
+		NotSignatureValid = 8,
+		NotValidForUsage = 16,
+		UntrustedRoot = 32,
+		RevocationStatusUnknown = 64,
+		Cyclic = 128,
+		InvalidExtension = 256,
+		InvalidPolicyConstraints = 512,
+		InvalidBasicConstraints = 1024,
+		InvalidNameConstraints = 2048,
+		HasNotSupportedNameConstraint = 4096,
+		HasNotDefinedNameConstraint = 8192,
+		HasNotPermittedNameConstraint = 16384,
+		HasExcludedNameConstraint = 32768,
+		PartialChain = 65536,
+		CtlNotTimeValid = 131072,
+		CtlNotSignatureValid = 262144,
+		CtlNotValidForUsage = 524288,
+		OfflineRevocation = 16777216,
+		NoIssuanceChainPolicy = 33554432
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509EnhancedKeyUsageExtension.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509EnhancedKeyUsageExtension.cs
new file mode 100644
index 00000000000..c867d3548e5
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509EnhancedKeyUsageExtension.cs
@@ -0,0 +1,190 @@
+//
+// System.Security.Cryptography.X509EnhancedKeyUsageExtension
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Text;
+
+using Mono.Security;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509EnhancedKeyUsageExtension : X509Extension {
+
+		internal const string oid = "2.5.29.37";
+		internal const string friendlyName = "Enhanced Key Usage";
+
+		private OidCollection _enhKeyUsage;
+		private AsnDecodeStatus _status;
+
+		// constructors
+
+		public X509EnhancedKeyUsageExtension ()
+		{
+			_oid = new Oid (oid, friendlyName);
+		}
+
+		public X509EnhancedKeyUsageExtension (AsnEncodedData encodedEnhancedKeyUsages, bool critical)
+		{
+			// ignore the Oid provided by encodedKeyUsage (our rules!)
+			_oid = new Oid (oid, friendlyName);
+			_raw = encodedEnhancedKeyUsages.RawData;
+			base.Critical = critical;
+			_status = Decode (this.RawData);
+		}
+
+		public X509EnhancedKeyUsageExtension (OidCollection enhancedKeyUsages, bool critical)
+		{
+			if (enhancedKeyUsages == null)
+				throw new ArgumentNullException ("enhancedKeyUsages");
+
+			_oid = new Oid (oid, friendlyName);
+			base.Critical = critical;
+			_enhKeyUsage = enhancedKeyUsages.ReadOnlyCopy ();
+			RawData = Encode ();
+		}
+
+		// properties
+
+		public OidCollection EnhancedKeyUsages {
+			get {
+				switch (_status) {
+				case AsnDecodeStatus.Ok:
+				case AsnDecodeStatus.InformationNotAvailable:
+					if (_enhKeyUsage == null)
+						_enhKeyUsage = new OidCollection ();
+					_enhKeyUsage.ReadOnly = true;
+					return _enhKeyUsage;
+				default:
+					throw new CryptographicException ("Badly encoded extension.");
+				}
+			}
+		}
+
+		// methods
+
+		public override void CopyFrom (AsnEncodedData asnEncodedData) 
+		{
+			if (asnEncodedData == null)
+				throw new ArgumentNullException ("encodedData");
+
+			X509Extension ex = (asnEncodedData as X509Extension);
+			if (ex == null)
+				throw new ArgumentException (Locale.GetText ("Wrong type."), "asnEncodedData");
+
+			if (ex._oid == null)
+				_oid = new Oid (oid, friendlyName);
+			else 
+				_oid = new Oid (ex._oid);
+
+			RawData = ex.RawData;
+			base.Critical = ex.Critical;
+			// and we deal with the rest later
+			_status = Decode (this.RawData);
+		}
+
+		// internal
+
+		internal AsnDecodeStatus Decode (byte[] extension)
+		{
+			if ((extension == null) || (extension.Length == 0))
+				return AsnDecodeStatus.BadAsn;
+			if (extension [0] != 0x30)
+				return AsnDecodeStatus.BadTag;
+
+			if (_enhKeyUsage == null)
+				_enhKeyUsage = new OidCollection ();
+
+			try {
+				ASN1 ex = new ASN1 (extension);
+				if (ex.Tag != 0x30)
+					throw new CryptographicException (Locale.GetText ("Invalid ASN.1 Tag"));
+				for (int i=0; i < ex.Count; i++) {
+					_enhKeyUsage.Add (new Oid (ASN1Convert.ToOid (ex [i])));
+				}
+			}
+			catch {
+				return AsnDecodeStatus.BadAsn;
+			}
+
+			return AsnDecodeStatus.Ok;
+		}
+
+		internal byte[] Encode ()
+		{
+			ASN1 ex = new ASN1 (0x30);
+			foreach (Oid oid in _enhKeyUsage) {
+				ex.Add (ASN1Convert.FromOid (oid.Value));
+			}
+			return ex.GetBytes ();
+		}
+
+		internal override string ToString (bool multiLine)
+		{
+			switch (_status) {
+			case AsnDecodeStatus.BadAsn:
+				return String.Empty;
+			case AsnDecodeStatus.BadTag:
+			case AsnDecodeStatus.BadLength:
+				return FormatUnkownData (_raw);
+			case AsnDecodeStatus.InformationNotAvailable:
+				return "Information Not Available";
+			}
+
+			if (_oid.Value != oid)
+				return String.Format ("Unknown Key Usage ({0})", _oid.Value);
+			if (_enhKeyUsage.Count == 0)
+				return "Information Not Available";
+
+			StringBuilder sb = new StringBuilder ();
+
+			for (int i=0; i < _enhKeyUsage.Count; i++) {
+				Oid o = _enhKeyUsage [i];
+				switch (o.Value) {
+				case "1.3.6.1.5.5.7.3.1":
+					sb.Append ("Server Authentication (");
+					break;
+				default:
+					sb.Append ("Unknown Key Usage (");
+					break;
+				}
+				sb.Append (o.Value);
+				sb.Append (")");
+
+				if (multiLine)
+					sb.Append (Environment.NewLine);
+				else if (i != (_enhKeyUsage.Count - 1))
+					sb.Append (", ");
+			}
+
+			return sb.ToString ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Extension.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Extension.cs
new file mode 100644
index 00000000000..311690968fa
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Extension.cs
@@ -0,0 +1,115 @@
+//
+// System.Security.Cryptography.X509Certificates.X509Extension
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//	Tim Coleman (tim@timcoleman.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) Tim Coleman, 2004
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Text;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public class X509Extension : AsnEncodedData {
+
+		private bool _critical;
+
+		// constructors
+
+		protected X509Extension () 
+		{
+		}
+
+		public X509Extension (AsnEncodedData encodedExtension, bool critical)
+		{
+// Match MS		if (encodedExtension == null)
+//				throw new ArgumentNullException ("encodedExtension");
+			if (encodedExtension.Oid == null)
+				throw new ArgumentNullException ("encodedExtension.Oid");
+
+			Oid = encodedExtension.Oid;
+			RawData = encodedExtension.RawData;
+			_critical = critical;
+		}
+
+		public X509Extension (Oid oid, byte[] rawData, bool critical)
+		{
+			if (oid == null)
+				throw new ArgumentNullException ("oid");
+			Oid = oid;
+			RawData = rawData;
+			_critical = critical;
+		}
+
+		public X509Extension (string oid, byte[] rawData, bool critical)
+			: base (oid, rawData)
+		{
+			_critical = critical;
+		}
+
+		// properties
+
+		public bool Critical {
+			get { return _critical; }
+			set { _critical = value; }
+		}
+
+		// methods
+
+		public override void CopyFrom (AsnEncodedData asnEncodedData) 
+		{
+			if (asnEncodedData == null)
+				throw new ArgumentNullException ("encodedData");
+
+			X509Extension ex = (asnEncodedData as X509Extension);
+			if (ex == null)
+				throw new ArgumentException (Locale.GetText ("Expected a X509Extension instance."));
+
+			base.CopyFrom (asnEncodedData);
+			// and we deal with critical
+			_critical = ex.Critical;
+		}
+
+		// internal stuff
+
+		// this version doesn't includes spaces between bytes and use uppercase hexadecimal values
+		internal string FormatUnkownData (byte[] data)
+		{
+			if ((data == null) || (data.Length == 0))
+				return String.Empty;
+
+			StringBuilder sb = new StringBuilder ();
+			for (int i=0; i < data.Length; i++) {
+				sb.Append (data [i].ToString ("X2"));
+			}
+			return sb.ToString ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionCollection.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionCollection.cs
new file mode 100644
index 00000000000..68de493d1c7
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionCollection.cs
@@ -0,0 +1,112 @@
+//
+// System.Security.Cryptography.X509Certificates.X509ExtensionCollection
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//	Tim Coleman (tim@timcoleman.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) Tim Coleman, 2004
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Collections;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509ExtensionCollection : ICollection, IEnumerable {
+
+		private ArrayList _list;
+
+		// constructors
+
+		public X509ExtensionCollection ()
+		{
+			_list = new ArrayList ();
+		}
+
+		// properties
+
+		public int Count {
+			get { return _list.Count; }
+		}
+
+		public bool IsSynchronized {
+			get { return _list.IsSynchronized; }
+		}
+
+		public object SyncRoot {
+			get { return _list.SyncRoot; }
+		}
+
+		public X509Extension this [int index] {
+			get { return (X509Extension) _list [index]; }
+		}
+
+		public X509Extension this [string oid] {
+			get { 
+				foreach (X509Extension extension in this) {
+					if (extension.Oid.Value.Equals (oid))
+						return extension;
+				}
+				return null;
+			}
+		}
+
+		// methods
+
+		public int Add (X509Extension extension) 
+		{
+			return _list.Add (extension);
+		}
+
+		[MonoTODO]
+		public void CopyTo (X509Extension[] array, int index) 
+		{
+			if (array == null)
+				throw new ArgumentNullException ("array");
+			if (index < 0)
+				throw new ArgumentException ("negative index");
+			if (index > array.Length)
+				throw new ArgumentOutOfRangeException ("index > array.Length");
+		}
+
+		void ICollection.CopyTo (Array array, int index)
+		{
+			_list.CopyTo (array, index);
+		}
+
+		public X509ExtensionEnumerator GetEnumerator () 
+		{
+			return new X509ExtensionEnumerator (this);
+		}
+
+		IEnumerator IEnumerable.GetEnumerator () 
+		{
+			return new X509ExtensionEnumerator (this);
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionEnumerator.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionEnumerator.cs
new file mode 100644
index 00000000000..9dc652d04ed
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ExtensionEnumerator.cs
@@ -0,0 +1,73 @@
+//
+// X509ExtensionEnumerator.cs - System.Security.Cryptography.X509ExtensionEnumerator
+//
+// Author:
+//	Sebastien Pouliot (spouliot@motus.com)
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+using System.Collections;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	// Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com
+
+	public sealed class X509ExtensionEnumerator : IEnumerator {
+
+		private IEnumerator enumerator;
+
+		internal X509ExtensionEnumerator (X509ExtensionCollection collection)
+		{
+			enumerator = ((IEnumerable) collection).GetEnumerator ();
+		}
+
+		// properties
+
+		public X509Extension Current {
+			get { return (X509Extension) enumerator.Current; }
+		}
+
+		object IEnumerator.Current {
+			get { return enumerator.Current; }
+		}
+
+		// methods
+
+		public bool MoveNext () 
+		{
+			return enumerator.MoveNext ();
+		}
+
+		public void Reset ()
+		{
+			enumerator.Reset ();
+		}
+	}
+}
+
+#endif
\ No newline at end of file
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509FindType.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509FindType.cs
new file mode 100644
index 00000000000..7ebc8b72880
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509FindType.cs
@@ -0,0 +1,56 @@
+//
+// X509FindType.cs - System.Security.Cryptography.X509Certificates.X509FindType
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum X509FindType {
+		FindByThumbprint,
+		FindBySubjectName,
+		FindBySubjectDistinguishedName,
+		FindByIssuerName,
+		FindByIssuerDistinguishedName,
+		FindBySerialNumber,
+		FindByTimeValid,
+		FindByTimeNotYetValid,
+		FindByTimeExpired,
+		FindByTemplateName,
+		FindByApplicationPolicy,
+		FindByCertificatePolicy,
+		FindByExtension,
+		FindByKeyUsage,
+		FindBySubjectKeyIdentifier,
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509IncludeOption.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509IncludeOption.cs
new file mode 100644
index 00000000000..0699eac0a1a
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509IncludeOption.cs
@@ -0,0 +1,45 @@
+//
+// X509IncludeOption.cs - System.Security.Cryptography.X509IncludeOption
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum X509IncludeOption {
+		None,
+		ExcludeRoot,
+		EndCertOnly,
+		WholeChain
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509KeyUsageExtension.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509KeyUsageExtension.cs
new file mode 100644
index 00000000000..dc13d962df7
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509KeyUsageExtension.cs
@@ -0,0 +1,254 @@
+//
+// System.Security.Cryptography.X509Certificates.X509KeyUsageExtension
+//
+// Authors:
+//	Tim Coleman (tim@timcoleman.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) Tim Coleman, 2004
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Text;
+
+using Mono.Security;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509KeyUsageExtension : X509Extension {
+
+		internal const string oid = "2.5.29.15";
+		internal const string friendlyName = "Key Usage";
+
+		internal const X509KeyUsageFlags all = X509KeyUsageFlags.EncipherOnly | X509KeyUsageFlags.CrlSign | 
+			X509KeyUsageFlags.KeyCertSign | X509KeyUsageFlags.KeyAgreement | X509KeyUsageFlags.DataEncipherment |
+			X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.NonRepudiation | 
+			X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.DecipherOnly;
+
+		private X509KeyUsageFlags _keyUsages;
+		private AsnDecodeStatus _status;
+
+		// constructors
+
+		public X509KeyUsageExtension ()
+		{
+			_oid = new Oid (oid, friendlyName);
+		}
+
+		public X509KeyUsageExtension (AsnEncodedData encodedKeyUsage, bool critical)
+		{
+			// ignore the Oid provided by encodedKeyUsage (our rules!)
+			_oid = new Oid (oid, friendlyName);
+			_raw = encodedKeyUsage.RawData;
+			base.Critical = critical;
+			_status = Decode (this.RawData);
+		}
+
+		public X509KeyUsageExtension (X509KeyUsageFlags keyUsages, bool critical)
+		{
+			_oid = new Oid (oid, friendlyName);
+			base.Critical = critical;
+			_keyUsages = GetValidFlags (keyUsages);
+			RawData = Encode ();
+		}
+
+		// properties
+
+		public X509KeyUsageFlags KeyUsages {
+			get {
+				switch (_status) {
+				case AsnDecodeStatus.Ok:
+				case AsnDecodeStatus.InformationNotAvailable:
+					return _keyUsages;
+				default:
+					throw new CryptographicException ("Badly encoded extension.");
+				}
+			}
+		}
+
+		// methods
+
+		public override void CopyFrom (AsnEncodedData encodedData)
+		{
+			if (encodedData == null)
+				throw new ArgumentNullException ("encodedData");
+
+			X509Extension ex = (encodedData as X509Extension);
+			if (ex == null)
+				throw new ArgumentException (Locale.GetText ("Wrong type."), "encodedData");
+
+			if (ex._oid == null)
+				_oid = new Oid (oid, friendlyName);
+			else 
+				_oid = new Oid (ex._oid);
+
+			RawData = ex.RawData;
+			base.Critical = ex.Critical;
+			// and we deal with the rest later
+			_status = Decode (this.RawData);
+		}
+
+		// internal
+
+		internal X509KeyUsageFlags GetValidFlags (X509KeyUsageFlags flags)
+		{
+			if ((flags & all) != flags)
+				return (X509KeyUsageFlags) 0;
+			return flags;
+		}
+
+		internal AsnDecodeStatus Decode (byte[] extension)
+		{
+			if ((extension == null) || (extension.Length == 0))
+				return AsnDecodeStatus.BadAsn;
+			if (extension [0] != 0x03)
+				return AsnDecodeStatus.BadTag;
+			if (extension.Length < 3)
+				return AsnDecodeStatus.BadLength;
+			if (extension.Length < 4)
+				return AsnDecodeStatus.InformationNotAvailable;
+
+			try {
+				ASN1 ex = new ASN1 (extension);
+				int kubits = 0;
+				int i = 1; // byte zero has the number of unused bits (ASN1's BITSTRING)
+				while (i < ex.Value.Length)
+					kubits = (kubits << 8) + ex.Value [i++];
+
+				_keyUsages = GetValidFlags ((X509KeyUsageFlags)kubits);
+			}
+			catch {
+				return AsnDecodeStatus.BadAsn;
+			}
+
+			return AsnDecodeStatus.Ok;
+		}
+
+		internal byte[] Encode ()
+		{
+			ASN1 ex = null;
+			int kubits = (int)_keyUsages;
+			byte empty = 0;
+
+			if (kubits == 0) {
+				ex = new ASN1 (0x03, new byte[] { empty });
+			} else {
+				// count empty bits (applicable to first byte only)
+				int ku = ((kubits < Byte.MaxValue) ? kubits : (kubits >> 8));
+				while (((ku & 0x01) == 0x00) && (empty < 8)) {
+					empty++;
+					ku >>= 1;
+				}
+
+				if (kubits <= Byte.MaxValue) {
+					ex = new ASN1 (0x03, new byte[] { empty, (byte)kubits });
+				} else {
+					ex = new ASN1 (0x03, new byte[] { empty, (byte)kubits, (byte)(kubits >> 8) });
+				}
+			}
+
+			return ex.GetBytes ();
+		}
+
+		internal override string ToString (bool multiLine)
+		{
+			switch (_status) {
+			case AsnDecodeStatus.BadAsn:
+				return String.Empty;
+			case AsnDecodeStatus.BadTag:
+			case AsnDecodeStatus.BadLength:
+				return FormatUnkownData (_raw);
+			case AsnDecodeStatus.InformationNotAvailable:
+				return "Information Not Available";
+			}
+
+			if (_oid.Value != oid)
+				return String.Format ("Unknown Key Usage ({0})", _oid.Value);
+			if (_keyUsages == 0)
+				return "Information Not Available";
+
+			StringBuilder sb = new StringBuilder ();
+
+			if ((_keyUsages & X509KeyUsageFlags.DigitalSignature) != 0) {
+				sb.Append ("Digital Signature");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.NonRepudiation) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Non-Repudiation");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.KeyEncipherment) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Key Encipherment");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.DataEncipherment) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Data Encipherment");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.KeyAgreement) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Key Agreement");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.KeyCertSign) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Certificate Signing");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.CrlSign) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Off-line CRL Signing, CRL Signing");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.EncipherOnly) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Encipher Only");
+			}
+			if ((_keyUsages & X509KeyUsageFlags.DecipherOnly) != 0) {
+				if (sb.Length > 0)
+					sb.Append (", ");
+				sb.Append ("Decipher Only");
+			}
+
+			int ku = (int)_keyUsages;
+			sb.Append (" (");
+			sb.Append (((byte)ku).ToString ("x2"));
+			if (ku > Byte.MaxValue) {
+				sb.Append (" ");
+				sb.Append (((byte)(ku >> 8)).ToString ("x2"));
+			}
+			sb.Append (")");
+
+			if (multiLine)
+				sb.Append (Environment.NewLine);
+
+			return sb.ToString ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509KeyUsageFlags.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509KeyUsageFlags.cs
new file mode 100644
index 00000000000..a8f8cec6a32
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509KeyUsageFlags.cs
@@ -0,0 +1,49 @@
+//
+// X509KeyUsageFlags.cs - System.Security.Cryptography.X509Certificates.X509KeyUsageFlags
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Flags]
+	public enum X509KeyUsageFlags {
+		None = 0,
+		EncipherOnly = 1,
+		CrlSign = 2,
+		KeyCertSign = 4,
+		KeyAgreement = 8,
+		DataEncipherment = 16,
+		KeyEncipherment = 32,
+		NonRepudiation = 64,
+		DigitalSignature = 128,
+		DecipherOnly = 32768
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509NameType.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509NameType.cs
new file mode 100644
index 00000000000..a370ac05104
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509NameType.cs
@@ -0,0 +1,43 @@
+//
+// X509NameType.cs - System.Security.Cryptography.X509NameType
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public enum X509NameType {
+		SimpleName,
+		EmailName,
+		UpnName,
+		DnsName,
+		UrlName
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509RevocationFlag.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509RevocationFlag.cs
new file mode 100644
index 00000000000..94fe8f21aa3
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509RevocationFlag.cs
@@ -0,0 +1,42 @@
+//
+// X509RevocationFlag.cs - System.Security.Cryptography.X509Certificates.X509RevocationFlag
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum X509RevocationFlag {
+		EndCertificateOnly = 0,
+		EntireChain = 1,
+		ExcludeRoot = 2
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509RevocationMode.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509RevocationMode.cs
new file mode 100644
index 00000000000..fa7fa4f3432
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509RevocationMode.cs
@@ -0,0 +1,44 @@
+//
+// X509RevocationMode.cs - System.Security.Cryptography.X509Certificates.X509RevocationMode
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum X509RevocationMode {
+		NoCheck,
+		Online,
+		Offline
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SelectionFlag.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SelectionFlag.cs
new file mode 100644
index 00000000000..75381deaa99
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SelectionFlag.cs
@@ -0,0 +1,43 @@
+//
+// System.Security.Cryptography.X509Certificates.X509SelectionFlag
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum X509SelectionFlag {
+		SingleSelection,
+		MultiSelection
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Store.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Store.cs
new file mode 100644
index 00000000000..4021dd3876f
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Store.cs
@@ -0,0 +1,201 @@
+//
+// System.Security.Cryptography.X509Certificates.X509Store class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using Mono.Security.X509;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509Store {
+
+		private string _name;
+		private StoreLocation _location;
+		private X509Certificate2Collection _certs;
+		private OpenFlags _flags;
+
+		// constructors
+
+		// BUG: MY when using this constructor - My when using StoreName.My
+		public X509Store () 
+			: this ("MY", StoreLocation.CurrentUser) 
+		{
+		}
+
+		public X509Store (string storeName) 
+			: this (storeName, StoreLocation.CurrentUser) 
+		{
+		}
+
+		public X509Store (StoreName storeName) 
+			: this (StoreNameToString (storeName), StoreLocation.CurrentUser)
+		{
+		}
+
+		public X509Store (StoreLocation storeLocation) 
+			: this ("MY", storeLocation)
+		{
+		}
+
+		public X509Store (StoreName storeName, StoreLocation storeLocation)
+			: this (StoreNameToString (storeName), StoreLocation.CurrentUser)
+		{
+		}
+
+		public X509Store (IntPtr storeHandle)
+		{
+			// CryptoAPI compatibility (unmanaged handle)
+			throw new NotSupportedException ();
+		}
+
+		[MonoTODO ("call Mono.Security.X509.X509Store*")]
+		public X509Store (string storeName, StoreLocation storeLocation)
+		{
+			if (storeName == null)
+				throw new ArgumentNullException ("storeName");
+
+			_name = storeName;
+			_location = storeLocation;
+		}
+
+		// properties
+
+		public X509Certificate2Collection Certificates {
+			get { 
+				if (_certs == null)
+					_certs = new X509Certificate2Collection ();
+				return _certs; 
+			}
+		} 
+
+		public StoreLocation Location {
+			get { return _location; }
+		}
+
+		public string Name {
+			get { return _name; }
+		}
+
+		private bool ReadOnly {
+			get { return ((_flags & OpenFlags.ReadOnly) != OpenFlags.ReadOnly); }
+		}
+
+		public IntPtr StoreHandle {
+			get { return IntPtr.Zero; }
+		}
+
+		// methods
+
+		private static string StoreNameToString (StoreName sn) 
+		{
+			switch (sn) {
+				case StoreName.CertificateAuthority:
+					return "CA";
+				default:
+					return sn.ToString ();
+			}
+		}
+
+		[MonoTODO ("call Mono.Security.X509.X509Store*")]
+		public void Add (X509Certificate2 certificate)
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+
+			if (!ReadOnly) {
+				try {
+					new Mono.Security.X509.X509Certificate (certificate.RawData);
+					// Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate (certificate.RawData);
+					// TODO
+				}
+				catch {
+					throw new CryptographicException ("couldn't add certificate");
+				}
+			}
+		}
+
+		public void AddRange (X509Certificate2Collection certificates)
+		{
+			if (certificates == null)
+				throw new ArgumentNullException ("certificates");
+
+			if (!ReadOnly) {
+				foreach (X509Certificate2 certificate in certificates) {
+					Add (certificate);
+				}
+			}
+		}
+
+		[MonoTODO ("call Mono.Security.X509.X509Store*")]
+		public void Close () 
+		{
+		}
+
+		[MonoTODO ("call Mono.Security.X509.X509Store*")]
+		public void Open (OpenFlags flags)
+		{
+			_flags = flags;
+			/*bool readOnly = ((flags & OpenFlags.ReadOnly) == OpenFlags.ReadOnly);
+			bool create = !((flags & OpenFlags.OpenExistingOnly) == OpenFlags.OpenExistingOnly);
+			bool archive = ((flags & OpenFlags.IncludeArchived) == OpenFlags.IncludeArchived);*/
+			// TODO
+		}
+
+		[MonoTODO ("call Mono.Security.X509.X509Store*")]
+		public void Remove (X509Certificate2 certificate) 
+		{
+			if (certificate == null)
+				throw new ArgumentNullException ("certificate");
+
+			if (!ReadOnly) {
+				try {
+					//Mono.Security.X509.X509Certificate x = new Mono.Security.X509.X509Certificate (certificate.RawData);
+					// TODO
+				}
+				catch {
+					throw new CryptographicException ("couldn't remove certificate");
+				}
+			}
+		}
+
+		public void RemoveRange (X509Certificate2Collection certificates) 
+		{
+			if (certificates == null)
+				throw new ArgumentNullException ("certificates");
+
+			if (!this.ReadOnly) {
+				foreach (X509Certificate2 certificate in certificates) {
+					Remove (certificate);
+				}
+			}
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierExtension.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierExtension.cs
new file mode 100644
index 00000000000..fa212b03c23
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierExtension.cs
@@ -0,0 +1,242 @@
+//
+// System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierExtension
+//
+// Authors:
+//	Tim Coleman (tim@timcoleman.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) Tim Coleman, 2004
+// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System.Text;
+
+using Mono.Security;
+using Mono.Security.Cryptography;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	public sealed class X509SubjectKeyIdentifierExtension : X509Extension {
+
+		internal const string oid = "2.5.29.14";
+		internal const string friendlyName = "Subject Key Identifier";
+
+		private byte[] _subjectKeyIdentifier;
+		private string _ski;
+		private AsnDecodeStatus _status;
+
+		// constructors
+
+		public X509SubjectKeyIdentifierExtension ()
+		{
+			_oid = new Oid (oid, friendlyName);
+		}
+
+		public X509SubjectKeyIdentifierExtension (AsnEncodedData encodedSubjectKeyIdentifier, bool critical)
+		{
+			// ignore the Oid provided by encodedKeyUsage (our rules!)
+			_oid = new Oid (oid, friendlyName);
+			_raw = encodedSubjectKeyIdentifier.RawData;
+			base.Critical = critical;
+			_status = Decode (this.RawData);
+		}
+
+		public X509SubjectKeyIdentifierExtension (byte[] subjectKeyIdentifier, bool critical)
+		{
+			if (subjectKeyIdentifier == null)
+				throw new ArgumentNullException ("subjectKeyIdentifier");
+			if (subjectKeyIdentifier.Length == 0)
+				throw new ArgumentException ("subjectKeyIdentifier");
+
+			_oid = new Oid (oid, friendlyName);
+			base.Critical = critical;
+			_subjectKeyIdentifier = (byte[])subjectKeyIdentifier.Clone ();
+			RawData = Encode ();
+		}
+
+		public X509SubjectKeyIdentifierExtension (string subjectKeyIdentifier, bool critical)
+		{
+			if (subjectKeyIdentifier == null)
+				throw new ArgumentNullException ("subjectKeyIdentifier");
+			if (subjectKeyIdentifier.Length < 2)
+				throw new ArgumentException ("subjectKeyIdentifier");
+
+			_oid = new Oid (oid, friendlyName);
+			base.Critical = critical;
+			_subjectKeyIdentifier = FromHex (subjectKeyIdentifier);
+			RawData = Encode ();
+		}
+
+		[MonoTODO]
+		public X509SubjectKeyIdentifierExtension (PublicKey key, bool critical)
+			: this (key, X509SubjectKeyIdentifierHashAlgorithm.Sha1, critical)
+		{
+		}
+
+		[MonoTODO]
+		public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical)
+		{
+			if (key == null)
+				throw new ArgumentNullException ("key");
+		}
+
+		// properties
+
+		public string SubjectKeyIdentifier {
+			get {
+				switch (_status) {
+				case AsnDecodeStatus.Ok:
+				case AsnDecodeStatus.InformationNotAvailable:
+					if (_subjectKeyIdentifier != null)
+						_ski = CryptoConvert.ToHex (_subjectKeyIdentifier);
+					return _ski;
+				default:
+					throw new CryptographicException ("Badly encoded extension.");
+				}
+			}
+		}
+
+		// methods
+
+		public override void CopyFrom (AsnEncodedData encodedData)
+		{
+			if (encodedData == null)
+				throw new ArgumentNullException ("encodedData");
+
+			X509Extension ex = (encodedData as X509Extension);
+			if (ex == null)
+				throw new ArgumentException (Locale.GetText ("Wrong type."), "encodedData");
+
+			if (ex._oid == null)
+				_oid = new Oid (oid, friendlyName);
+			else 
+				_oid = new Oid (ex._oid);
+
+			RawData = ex.RawData;
+			base.Critical = ex.Critical;
+			// and we deal with the rest later
+			_status = Decode (this.RawData);
+		}
+
+		// internal
+
+		static internal byte FromHexChar (char c) 
+		{
+			if ((c >= 'a') && (c <= 'f'))
+				return (byte) (c - 'a' + 10);
+			if ((c >= 'A') && (c <= 'F'))
+				return (byte) (c - 'A' + 10);
+			if ((c >= '0') && (c <= '9'))
+				return (byte) (c - '0');
+			return 255;	// F
+		}
+
+		static internal byte FromHexChars (char c1, char c2)
+		{
+			byte result = FromHexChar (c1);
+			if (result < 255)
+				result = (byte) ((result << 4) | FromHexChar (c2));
+			return result;
+		}
+
+		static internal byte[] FromHex (string hex)
+		{
+			// here we can't use CryptoConvert.FromHex because we
+			// must convert any *illegal* (non hex) 2 characters 
+			// to 'FF' and ignore last char on odd length
+			if (hex == null)
+				return null;
+
+			int length = hex.Length >> 1;
+
+			byte[] result = new byte [length]; // + (odd ? 1 : 0)];
+			int n = 0;
+			int i = 0;
+			while (n < length) {
+				result [n++] = FromHexChars (hex [i++], hex [i++]);
+			}
+			return result;
+		}
+
+		internal AsnDecodeStatus Decode (byte[] extension)
+		{
+			if ((extension == null) || (extension.Length == 0))
+				return AsnDecodeStatus.BadAsn;
+			_ski = String.Empty;
+			if (extension [0] != 0x04)
+				return AsnDecodeStatus.BadTag;
+			if (extension.Length == 2)
+				return AsnDecodeStatus.InformationNotAvailable;
+			if (extension.Length < 3)
+				return AsnDecodeStatus.BadLength;
+
+			try {
+				ASN1 ex = new ASN1 (extension);
+				_subjectKeyIdentifier = ex.Value;
+			}
+			catch {
+				return AsnDecodeStatus.BadAsn;
+			}
+
+			return AsnDecodeStatus.Ok;
+		}
+
+		internal byte[] Encode ()
+		{
+			ASN1 ex = new ASN1 (0x04, _subjectKeyIdentifier);
+			return ex.GetBytes ();
+		}
+
+		internal override string ToString (bool multiLine)
+		{
+			switch (_status) {
+			case AsnDecodeStatus.BadAsn:
+				return String.Empty;
+			case AsnDecodeStatus.BadTag:
+			case AsnDecodeStatus.BadLength:
+				return FormatUnkownData (_raw);
+			case AsnDecodeStatus.InformationNotAvailable:
+				return "Information Not Available";
+			}
+
+			if (_oid.Value != oid)
+				return String.Format ("Unknown Key Usage ({0})", _oid.Value);
+
+			StringBuilder sb = new StringBuilder ();
+
+			for (int i=0; i < _subjectKeyIdentifier.Length; i++) {
+				sb.Append (_subjectKeyIdentifier [i].ToString ("x2"));
+				if (i != _subjectKeyIdentifier.Length - 1)
+					sb.Append (" ");
+			}
+
+			if (multiLine)
+				sb.Append (Environment.NewLine);
+
+			return sb.ToString ();
+		}
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierHashAlgorithm.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierHashAlgorithm.cs
new file mode 100644
index 00000000000..5b57ad0f320
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509SubjectKeyIdentifierHashAlgorithm.cs
@@ -0,0 +1,41 @@
+//
+// System.Security.Cryptography.X509Certificates.X509SubjectKeyIdentifierHashAlgorithm
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Serializable]
+	public enum X509SubjectKeyIdentifierHashAlgorithm {
+		Sha1 = 0,
+		ShortSha1 = 1,
+		CapiSha1 = 2
+	}
+}
+
+#endif
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509VerificationFlags.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509VerificationFlags.cs
new file mode 100644
index 00000000000..713c15a5bc0
--- /dev/null
+++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509VerificationFlags.cs
@@ -0,0 +1,60 @@
+//
+// X509VerificationFlags.cs - System.Security.Cryptography.X509Certificates.X509VerificationFlags
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2003 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004 Novell Inc. (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_2_0
+
+using System;
+
+namespace System.Security.Cryptography.X509Certificates {
+
+	[Flags]
+	[Serializable]
+	public enum X509VerificationFlags {
+		NoFlag = 0,
+		IgnoreNotTimeValid = 1,
+		IgnoreCtlNotTimeValid = 2,
+		IgnoreNotTimeNested = 4,
+		IgnoreInvalidBasicConstraints = 8,
+		AllowUnknownCertificateAuthority = 16,
+		IgnoreWrongUsage = 32,
+		IgnoreInvalidName = 64,
+		IgnoreInvalidPolicy = 128,
+		IgnoreEndRevocationUnknown = 256,
+		IgnoreCtlSignerRevocationUnknown = 512,
+		IgnoreCertificateAuthorityRevocationUnknown = 1024,
+		IgnoreRootRevocationUnknown = 2048,
+		AllFlags = IgnoreNotTimeValid | IgnoreCtlNotTimeValid | IgnoreNotTimeNested |
+			IgnoreInvalidBasicConstraints | AllowUnknownCertificateAuthority |
+			IgnoreWrongUsage | IgnoreInvalidName | IgnoreInvalidPolicy | 
+			IgnoreEndRevocationUnknown | IgnoreCtlSignerRevocationUnknown |
+			IgnoreCertificateAuthorityRevocationUnknown | IgnoreRootRevocationUnknown
+	}
+}
+
+#endif