diff options
author | Sebastien Pouliot <sebastien@ximian.com> | 2006-11-25 00:06:53 +0300 |
---|---|---|
committer | Sebastien Pouliot <sebastien@ximian.com> | 2006-11-25 00:06:53 +0300 |
commit | 6ef7d4011c916e1f0897d7ddcd1f14239605d844 (patch) | |
tree | b0040d56159b2816a88aa0adff70cd73c700ee74 /mcs/class/System/System.Security.Cryptography.X509Certificates | |
parent | 7e52dd64590a7cf91e1505316fcc482c65d424fb (diff) |
2006-11-24 Sebastien Pouliot <sebastien@ximian.com>
* X509Certificate2.cs: Modified Verify to use CryptoConfig to create
the X509Chain used to verify the certificate. This makes it possible
to change the default chaining (certificate path creation and
validation) algorithm.
* X509Chain.cs: Started implementation based on the options and error
codes defined. Work in progress (incomplete and needs a lot more test
cases).
* X509ChainElementCollection.cs: Added internal methods to Add and
Clear the collection.
* X509ChainElement.cs: Implemented, MonoTODO removed.
* X509ChainPolicy.cs: Add missing checks on enum-based properties.
Renamed fields to match guidelines.
* X509ChainStatus.cs: Provide a default StatusInformation value based
on the Status.
svn path=/trunk/mcs/; revision=68441
Diffstat (limited to 'mcs/class/System/System.Security.Cryptography.X509Certificates')
7 files changed, 463 insertions, 72 deletions
diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog b/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog index a5b2a0cedb5..e9ff6713f7b 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/ChangeLog @@ -1,3 +1,20 @@ +2006-11-24 Sebastien Pouliot <sebastien@ximian.com> + + * X509Certificate2.cs: Modified Verify to use CryptoConfig to create + the X509Chain used to verify the certificate. This makes it possible + to change the default chaining (certificate path creation and + validation) algorithm. + * X509Chain.cs: Started implementation based on the options and error + codes defined. Work in progress (incomplete and needs a lot more test + cases). + * X509ChainElementCollection.cs: Added internal methods to Add and + Clear the collection. + * X509ChainElement.cs: Implemented, MonoTODO removed. + * X509ChainPolicy.cs: Add missing checks on enum-based properties. + Renamed fields to match guidelines. + * X509ChainStatus.cs: Provide a default StatusInformation value based + on the Status. + 2006-11-22 Sebastien Pouliot <sebastien@ximian.com> * X509Certificate2Collection.cs: Remove comment that proved to be diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs index 6c5eac9acf0..ebc1423f3c4 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs @@ -558,13 +558,13 @@ namespace System.Security.Cryptography.X509Certificates { } } - [MonoTODO ("depends on incomplete X509Chain")] + [MonoTODO ("by default this depends on the incomplete X509Chain")] public bool Verify () { if (_cert == null) throw new CryptographicException (empty_error); - X509Chain chain = new X509Chain (); + X509Chain chain = (X509Chain) CryptoConfig.CreateFromName ("X509Chain"); if (!chain.Build (this)) return false; // TODO - check chain and other stuff ??? diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs index 8ec41a21e52..4676e927278 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs @@ -5,7 +5,7 @@ // Sebastien Pouliot <sebastien@ximian.com> // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) -// Copyright (C) 2004-2005 Novell Inc. (http://www.novell.com) +// Copyright (C) 2004-2006 Novell Inc. (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the @@ -29,29 +29,35 @@ #if NET_2_0 && SECURITY_DEP +using System.Collections; + namespace System.Security.Cryptography.X509Certificates { public class X509Chain { // Set to internal to remove a warning - internal bool _machineContext; - private X509ChainElementCollection _elements; - private X509ChainPolicy _policy; - private X509ChainStatus[] _status; + private StoreLocation location; + private X509ChainElementCollection elements; + private X509ChainPolicy policy; + private X509ChainStatus[] status; + + static X509ChainStatus[] Empty = new X509ChainStatus [0]; // constructors - public X509Chain () : this (false) + public X509Chain () + : this (false) { } public X509Chain (bool useMachineContext) { - _machineContext = useMachineContext; - _elements = new X509ChainElementCollection (); - _policy = new X509ChainPolicy (); + location = useMachineContext ? StoreLocation.LocalMachine : StoreLocation.CurrentUser; + elements = new X509ChainElementCollection (); + policy = new X509ChainPolicy (); } + [MonoTODO ("Mono's X509Chain is fully managed. All handles are invalid.")] public X509Chain (IntPtr chainContext) { // CryptoAPI compatibility (unmanaged handle) @@ -60,45 +66,289 @@ namespace System.Security.Cryptography.X509Certificates { // properties + [MonoTODO ("Mono's X509Chain is fully managed. Always returns IntPtr.Zero.")] public IntPtr ChainContext { get { return IntPtr.Zero; } } public X509ChainElementCollection ChainElements { - get { return _elements; } + get { return elements; } } public X509ChainPolicy ChainPolicy { - get { return _policy; } - set { _policy = value; } + get { return policy; } + set { policy = value; } } public X509ChainStatus[] ChainStatus { get { - if (_status == null) - _status = new X509ChainStatus [0]; - return _status; + if (status == null) + return Empty; + return status; } } // methods - [MonoTODO] + [MonoTODO ("Work in progress")] public bool Build (X509Certificate2 certificate) { - return false; + if (certificate == null) + throw new ArgumentException ("certificate"); + + Reset (); + + X509ChainStatusFlags flag; + try { + flag = BuildFrom (certificate); + } + catch (CryptographicException ce) { + throw new ArgumentException ("certificate", ce); + } + + ArrayList list = new ArrayList (); + // build "global" ChainStatus from the ChainStatus of every ChainElements
+ foreach (X509ChainElement ce in elements) {
+ foreach (X509ChainStatus cs in ce.ChainElementStatus) {
+ // FIXME - avoid duplicates ?
+ list.Add (cs);
+ }
+ } + // and if required add some + if (flag != X509ChainStatusFlags.NoError) { + list.Insert (0, new X509ChainStatus (flag)); + } + status = (X509ChainStatus[]) list.ToArray (typeof (X509ChainStatus)); + + // (fast path) this ignore everything we have checked
+ if (ChainPolicy.VerificationFlags == X509VerificationFlags.AllFlags)
+ return true;
+
+ bool result = true; + // now check if exclude some verification for the "end result" (boolean)
+ foreach (X509ChainStatus cs in status) {
+ switch (cs.Status) {
+ case X509ChainStatusFlags.UntrustedRoot:
+ case X509ChainStatusFlags.PartialChain:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.AllowUnknownCertificateAuthority) != 0);
+ break;
+ case X509ChainStatusFlags.NotTimeValid:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreNotTimeValid) != 0); + break;
+ // FIXME - from here we needs new test cases for all cases
+ case X509ChainStatusFlags.NotTimeNested:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreNotTimeNested) != 0);
+ break;
+ case X509ChainStatusFlags.InvalidBasicConstraints:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreInvalidBasicConstraints) != 0);
+ break;
+ case X509ChainStatusFlags.InvalidPolicyConstraints:
+ case X509ChainStatusFlags.NoIssuanceChainPolicy:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreInvalidPolicy) != 0);
+ break;
+ case X509ChainStatusFlags.InvalidNameConstraints:
+ case X509ChainStatusFlags.HasNotSupportedNameConstraint:
+ case X509ChainStatusFlags.HasNotPermittedNameConstraint:
+ case X509ChainStatusFlags.HasExcludedNameConstraint:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreInvalidName) != 0);
+ break;
+ case X509ChainStatusFlags.InvalidExtension:
+ // not sure ?!?
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreWrongUsage) != 0);
+ break;
+ //
+ // ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreRootRevocationUnknown) != 0)
+ // ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreEndRevocationUnknown) != 0)
+ case X509ChainStatusFlags.CtlNotTimeValid:
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreCtlNotTimeValid) != 0);
+ break;
+ case X509ChainStatusFlags.CtlNotSignatureValid:
+ // ?
+ break;
+ // ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreCtlSignerRevocationUnknown) != 0);
+ case X509ChainStatusFlags.CtlNotValidForUsage:
+ // FIXME - does IgnoreWrongUsage apply to CTL (it doesn't have Ctl in it's name like the others)
+ result &= ((ChainPolicy.VerificationFlags & X509VerificationFlags.IgnoreWrongUsage) != 0);
+ break;
+ default:
+ result = false;
+ break;
+ }
+ // once we have one failure there's no need to check further
+ if (!result)
+ return false;
+ } + + // every "problem" was excluded + return true; } - [MonoTODO] public void Reset () { + if ((status != null) && (status.Length != 0)) + status = null; + if (elements.Count > 0) + elements.Clear (); + // note: this call doesn't Reset the X509ChainPolicy } // static methods public static X509Chain Create () { - return new X509Chain (); + return (X509Chain) CryptoConfig.CreateFromName ("X509Chain"); + } + + // private stuff + + private X509ChainStatusFlags BuildFrom (X509Certificate2 certificate) + {
+ X509ChainStatusFlags result = X509ChainStatusFlags.NoError; + X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; + + // check certificate + Process (certificate, ref flags); + + // check if certificate is self-signed + if (IsSelfSigned (certificate)) { + // FIXME - add support for cross-certificate, bridges + ProcessRoot (certificate, ref flags); + } else {
+ CheckRevocation (certificate, ref flags);
+ + X509Certificate2 parent = FindParent (certificate, ref flags); + if (parent != null) { + // recurse + result = BuildFrom (parent); + if (result != X509ChainStatusFlags.NoError) + return result; + } else { + // we didn't end with a root, nor could we find one (stores) + result = X509ChainStatusFlags.PartialChain; + } + } + elements.Add (certificate, flags); + return result; + } + + private void Process (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + // is it the end-entity ? + if (elements.Count == 0) { + }
+
+ if ((ChainPolicy.VerificationTime < certificate.NotBefore) ||
+ (ChainPolicy.VerificationTime > certificate.NotAfter)) {
+ flags |= X509ChainStatusFlags.NotTimeValid;
+ } + + // TODO - for X509ChainStatusFlags.NotTimeNested (needs global structure)
+
+ // TODO - for X509ChainStatusFlags.InvalidExtension + + // TODO - check for X509ChainStatusFlags.InvalidBasicConstraint + + // TODO - for X509ChainStatusFlags.InvalidPolicyConstraints + // using X509ChainPolicy.ApplicationPolicy and X509ChainPolicy.CertificatePolicy + + // TODO - check for X509ChainStatusFlags.NoIssuanceChainPolicy + + // TODO - check for X509ChainStatusFlags.InvalidNameConstraint + // TODO - check for X509ChainStatusFlags.HasNotSupportedNameConstraint + // TODO - check for X509ChainStatusFlags.HasNotPermittedNameConstraint + // TODO - check for X509ChainStatusFlags.HasExcludedNameConstraint + } + + private void ProcessEndEntity (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + } + + private void ProcessCertificateAuthority (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + } + + // CTL == Certificate Trust List / not sure how/if they apply here + private void ProcessCTL (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + // TODO - check for X509ChainStatusFlags.CtlNotTimeValid + // TODO - check for X509ChainStatusFlags.CtlNotSignatureValid + // TODO - check for X509ChainStatusFlags.CtlNotValidForUsage + } + + private void ProcessRoot (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + X509Store trust = new X509Store (StoreName.Root, location); + trust.Open (OpenFlags.ReadOnly); + if (!trust.Certificates.Contains (certificate)) { + flags |= X509ChainStatusFlags.UntrustedRoot; + } + trust.Close (); + + if (!IsSignedBy (certificate, certificate)) { + flags |= X509ChainStatusFlags.NotSignatureValid; + } + } + + // we search local user (default) or machine certificate store + // and in the extra certificate supplied in ChainPolicy.ExtraStore + private X509Certificate2 FindParent (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + X509Certificate2 parent = null; + + // TODO - check for X509ChainStatusFlags.Cyclic + + if ((parent != null) && !IsSignedBy (certificate, parent)) { + flags |= X509ChainStatusFlags.NotSignatureValid; + } + return null; + } + + // check for "self-signed" certificate - without verifying the signature + private bool IsSelfSigned (X509Certificate2 certificate) + {
+ // FIXME - very incomplete
+ return (certificate.Issuer == certificate.Subject);
+ } + + // this method verify the signature + private bool IsSignedBy (X509Certificate2 signed, X509Certificate2 signer) + {
+ // FIXME + return true; + }
+
+ private void CheckRevocation (X509Certificate2 certificate, ref X509ChainStatusFlags flags)
+ {
+ switch (ChainPolicy.RevocationMode) {
+ case X509RevocationMode.Online:
+ // local?/download CRL and OCSP
+ CheckOnlineRevocation (certificate, ref flags);
+ break;
+ case X509RevocationMode.Offline:
+ // only local CRL ?
+ CheckOfflineRevocation (certificate, ref flags);
+ break;
+ case X509RevocationMode.NoCheck:
+ break;
+ default:
+ throw new InvalidOperationException ();
+ }
+ }
+
+ private void CheckOfflineRevocation (X509Certificate2 certificate, ref X509ChainStatusFlags flags)
+ {
+ // TODO - check for X509ChainStatusFlags.Revoked
+ // TODO - check for X509ChainStatusFlags.RevocationStatusUnknown
+ // TODO - check for X509ChainStatusFlags.OfflineRevocation
+ // (using X509ChainPolicy.RevocationFlag and X509ChainPolicy.RevocationMode)
+ }
+
+ private void CheckOnlineRevocation (X509Certificate2 certificate, ref X509ChainStatusFlags flags) + { + // TODO - check for X509ChainStatusFlags.Revoked + // TODO - check for X509ChainStatusFlags.RevocationStatusUnknown + // TODO - check for X509ChainStatusFlags.OfflineRevocation + // (using X509ChainPolicy.RevocationFlag and X509ChainPolicy.RevocationMode) } } } diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs index 086ce7c8a6c..103f2a11992 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElement.cs @@ -5,7 +5,7 @@ // Sebastien Pouliot <sebastien@ximian.com> // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) -// Copyright (C) 2005 Novell Inc. (http://www.novell.com) +// Copyright (C) 2005-2006 Novell Inc. (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the @@ -33,28 +33,91 @@ namespace System.Security.Cryptography.X509Certificates { public class X509ChainElement { + private X509Certificate2 certificate; + private X509ChainStatus[] status; + private string info; + // constructors // only accessible from X509Chain.ChainElements - internal X509ChainElement () + internal X509ChainElement (X509Certificate2 certificate, X509ChainStatusFlags flags) { + this.certificate = certificate; + + if (flags == X509ChainStatusFlags.NoError) { + status = new X509ChainStatus [0]; + } else { + int size = Count (flags); + status = new X509ChainStatus [size]; + + int n = 0; + // process every possible error
+ Set (status, ref n, flags, X509ChainStatusFlags.UntrustedRoot);
+ Set (status, ref n, flags, X509ChainStatusFlags.NotTimeValid); + // not yet sorted after this... + Set (status, ref n, flags, X509ChainStatusFlags.NotTimeNested); + Set (status, ref n, flags, X509ChainStatusFlags.Revoked); + Set (status, ref n, flags, X509ChainStatusFlags.NotSignatureValid); + Set (status, ref n, flags, X509ChainStatusFlags.NotValidForUsage); + Set (status, ref n, flags, X509ChainStatusFlags.RevocationStatusUnknown); + Set (status, ref n, flags, X509ChainStatusFlags.Cyclic); + Set (status, ref n, flags, X509ChainStatusFlags.InvalidExtension); + Set (status, ref n, flags, X509ChainStatusFlags.InvalidPolicyConstraints); + Set (status, ref n, flags, X509ChainStatusFlags.InvalidBasicConstraints); + Set (status, ref n, flags, X509ChainStatusFlags.InvalidNameConstraints); + Set (status, ref n, flags, X509ChainStatusFlags.HasNotSupportedNameConstraint); + Set (status, ref n, flags, X509ChainStatusFlags.HasNotDefinedNameConstraint); + Set (status, ref n, flags, X509ChainStatusFlags.HasNotPermittedNameConstraint); + Set (status, ref n, flags, X509ChainStatusFlags.HasExcludedNameConstraint); + Set (status, ref n, flags, X509ChainStatusFlags.PartialChain); + Set (status, ref n, flags, X509ChainStatusFlags.CtlNotTimeValid); + Set (status, ref n, flags, X509ChainStatusFlags.CtlNotSignatureValid); + Set (status, ref n, flags, X509ChainStatusFlags.CtlNotValidForUsage); + Set (status, ref n, flags, X509ChainStatusFlags.OfflineRevocation); + Set (status, ref n, flags, X509ChainStatusFlags.NoIssuanceChainPolicy); + } + // so far String.Empty is the only thing I've seen. + // The interesting stuff is inside X509ChainStatus.Information + info = String.Empty; } // properties - [MonoTODO] public X509Certificate2 Certificate { - get { return null; } + get { return certificate; } } - [MonoTODO] public X509ChainStatus[] ChainElementStatus { - get { return null; } + get { return status; } } - [MonoTODO] public string Information { - get { return null; } + get { return info; } + } + + // private stuff + + private int Count (X509ChainStatusFlags flags) + { + int size = 0; + int n = 0; + int f = (int) flags; + int m = 0x1; + while (n++ < 32) { + if ((f & m) == m) + size++; + m <<= 1; + } + return size; + } + + private void Set (X509ChainStatus[] status, ref int position, X509ChainStatusFlags flags, X509ChainStatusFlags mask) + { + if ((flags & mask) != 0) { + status [position].Status = mask; + status [position].StatusInformation = X509ChainStatus.GetInformation (mask); + position++; + } } } } diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs index 12f904ba502..f47e4c859e9 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainElementCollection.cs @@ -34,8 +34,6 @@ using System.Collections; namespace System.Security.Cryptography.X509Certificates { - // Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com - public sealed class X509ChainElementCollection : ICollection, IEnumerable { private ArrayList _list; @@ -87,6 +85,18 @@ namespace System.Security.Cryptography.X509Certificates { { return new X509ChainElementEnumerator (_list); } + + // private stuff + + internal void Add (X509Certificate2 certificate, X509ChainStatusFlags flags) + { + _list.Add (new X509ChainElement (certificate, flags)); + } + + internal void Clear () + { + _list.Clear (); + } } } diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs index 5bd0b10a883..4a828a8b8f5 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainPolicy.cs @@ -5,7 +5,7 @@ // Sebastien Pouliot <sebastien@ximian.com> // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) -// Copyright (C) 2005 Novell Inc. (http://www.novell.com) +// Copyright (C) 2005-2006 Novell Inc. (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the @@ -33,14 +33,14 @@ namespace System.Security.Cryptography.X509Certificates { public sealed class X509ChainPolicy { - private OidCollection _apps; - private OidCollection _cert; - private X509Certificate2Collection _store; - private X509RevocationFlag _rflag; - private X509RevocationMode _mode; - private TimeSpan _timeout; - private X509VerificationFlags _vflags; - private DateTime _vtime; + private OidCollection apps; + private OidCollection cert; + private X509Certificate2Collection store; + private X509RevocationFlag rflag; + private X509RevocationMode mode; + private TimeSpan timeout; + private X509VerificationFlags vflags; + private DateTime vtime; // constructors @@ -52,54 +52,66 @@ namespace System.Security.Cryptography.X509Certificates { // properties public OidCollection ApplicationPolicy { - get { return _apps; } + get { return apps; } } public OidCollection CertificatePolicy { - get { return _cert; } + get { return cert; } } public X509Certificate2Collection ExtraStore { - get { return _store; } + get { return store; } } public X509RevocationFlag RevocationFlag { - get { return _rflag; } - set { _rflag = value; } + get { return rflag; } + set { + if ((value < X509RevocationFlag.EndCertificateOnly) || (value > X509RevocationFlag.ExcludeRoot)) + throw new ArgumentException ("RevocationFlag"); + rflag = value; + } } public X509RevocationMode RevocationMode { - get { return _mode; } - set { _mode = value; } + get { return mode; } + set { + if ((value < X509RevocationMode.NoCheck) || (value > X509RevocationMode.Offline)) + throw new ArgumentException ("RevocationMode"); + mode = value; + } } public TimeSpan UrlRetrievalTimeout { - get { return _timeout; } - set { _timeout = value; } + get { return timeout; } + set { timeout = value; } } public X509VerificationFlags VerificationFlags { - get { return _vflags; } - set { _vflags = value; } + get { return vflags; } + set { + if ((value | X509VerificationFlags.AllFlags) != X509VerificationFlags.AllFlags) + throw new ArgumentException ("VerificationFlags"); + vflags = value; + } } public DateTime VerificationTime { - get { return _vtime; } - set { _vtime = value; } + get { return vtime; } + set { vtime = value; } } // methods public void Reset () { - _apps = new OidCollection (); - _cert = new OidCollection (); - _store = new X509Certificate2Collection (); - _rflag = X509RevocationFlag.ExcludeRoot; - _mode = X509RevocationMode.Online; - _timeout = new TimeSpan (0); - _vflags = X509VerificationFlags.NoFlag; - _vtime = DateTime.Now; + apps = new OidCollection (); + cert = new OidCollection (); + store = new X509Certificate2Collection (); + rflag = X509RevocationFlag.ExcludeRoot; + mode = X509RevocationMode.Online; + timeout = TimeSpan.Zero; + vflags = X509VerificationFlags.NoFlag; + vtime = DateTime.Now; } } } diff --git a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs index 7f4d6701300..78d68c17898 100644 --- a/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs +++ b/mcs/class/System/System.Security.Cryptography.X509Certificates/X509ChainStatus.cs @@ -2,11 +2,10 @@ // X509ChainStatus.cs - System.Security.Cryptography.X509Certificates.X509ChainStatus // // Author: -// Sebastien Pouliot (spouliot@motus.com) +// Sebastien Pouliot <sebastien@ximian.com> // // (C) 2003 Motus Technologies Inc. (http://www.motus.com) -// - +// Copyright (C) 2006 Novell Inc. (http://www.novell.com) // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the @@ -32,23 +31,63 @@ namespace System.Security.Cryptography.X509Certificates { - // Note: Match the definition of framework version 1.2.3400.0 on http://longhorn.msdn.microsoft.com - public struct X509ChainStatus { - private X509ChainStatusFlags _status; - private string _info; + private X509ChainStatusFlags status; + private string info; + + internal X509ChainStatus (X509ChainStatusFlags flag) + { + status = flag; + info = GetInformation (flag); + } // properties public X509ChainStatusFlags Status { - get { return _status; } - set { _status = value; } + get { return status; } + set { status = value; } } public string StatusInformation { - get { return _info; } - set { _info = value; } + get { return info; } + set { info = value; } + } + + // private stuff + + // note: flags isn't a flag (i.e. multiple values) when used here + static internal string GetInformation (X509ChainStatusFlags flags) + { + switch (flags) { + case X509ChainStatusFlags.NotTimeValid: + case X509ChainStatusFlags.NotTimeNested: + case X509ChainStatusFlags.Revoked: + case X509ChainStatusFlags.NotSignatureValid: + case X509ChainStatusFlags.NotValidForUsage: + case X509ChainStatusFlags.UntrustedRoot: + case X509ChainStatusFlags.RevocationStatusUnknown: + case X509ChainStatusFlags.Cyclic: + case X509ChainStatusFlags.InvalidExtension: + case X509ChainStatusFlags.InvalidPolicyConstraints: + case X509ChainStatusFlags.InvalidBasicConstraints: + case X509ChainStatusFlags.InvalidNameConstraints: + case X509ChainStatusFlags.HasNotSupportedNameConstraint: + case X509ChainStatusFlags.HasNotDefinedNameConstraint: + case X509ChainStatusFlags.HasNotPermittedNameConstraint: + case X509ChainStatusFlags.HasExcludedNameConstraint: + case X509ChainStatusFlags.PartialChain: + case X509ChainStatusFlags.CtlNotTimeValid: + case X509ChainStatusFlags.CtlNotSignatureValid: + case X509ChainStatusFlags.CtlNotValidForUsage: + case X509ChainStatusFlags.OfflineRevocation: + case X509ChainStatusFlags.NoIssuanceChainPolicy: + return Locale.GetText (flags.ToString ()); // FIXME - add a better description + case X509ChainStatusFlags.NoError: + default: + // should never happen + return String.Empty; + } } } } |