1 //
2 // System.Security.Cryptography.X509Certificates.X509ChainPolicy class
3 //
4 // Author:
5 //	Sebastien Pouliot  <sebastien@ximian.com>
6 //
7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2005-2006 Novell Inc. (http://www.novell.com)
9 //
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
17 //
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
20 //
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
28 //
29 
30 #if SECURITY_DEP
31 
32 namespace System.Security.Cryptography.X509Certificates {
33 
34 	public sealed class X509ChainPolicy {
35 
36 		private OidCollection apps;
37 		private OidCollection cert;
38 		private X509CertificateCollection store;
39 		private X509Certificate2Collection store2;
40 		private X509RevocationFlag rflag;
41 		private X509RevocationMode mode;
42 		private TimeSpan timeout;
43 		private X509VerificationFlags vflags;
44 		private DateTime vtime;
45 
46 		// constructors
47 
X509ChainPolicy()48 		public X509ChainPolicy ()
49 		{
50 			Reset ();
51 		}
52 
53 		/*
54 		 * Lazy-init ExtraStore from X509CertificateCollection.
55 		 * This is called from Mono.Net.Security.SystemCertificateValidator.CreateX509Chain.
56 		 *
57 		 * AppleTLS supports a lazily-initialized X509Certificate, but not X509Certificate2 so
58 		 * we need to fall-back to using Mono.Security.X509 whenever we need an X509Certificate2.
59 		 * To avoid unnecessary fallbacks, the private Mono.Net.Security APIs use X509Certificate
60 		 * instead of X509Certificate2.
61 		 *
62 		 * Since 'ExtraStore' returns X509Certificate2Collection, we need to convert these to
63 		 * X509Certificate2.
64 		 */
X509ChainPolicy(X509CertificateCollection store)65 		internal X509ChainPolicy (X509CertificateCollection store)
66 		{
67 			this.store = store;
68 			Reset ();
69 		}
70 
71 		// properties
72 
73 		public OidCollection ApplicationPolicy {
74 			get { return apps; }
75 		}
76 
77 		public OidCollection CertificatePolicy {
78 			get { return cert; }
79 		}
80 
81 		public X509Certificate2Collection ExtraStore {
82 			get {
83 				if (store2 != null)
84 					return store2;
85 
86 				store2 = new X509Certificate2Collection ();
87 				if (store != null) {
88 					foreach (var cert in store) {
89 						store2.Add (new X509Certificate2 (cert));
90 					}
91 				}
92 				return store2;
93 			}
94 			internal set {
95 				store2 = value;
96 			}
97 		}
98 
99 		public X509RevocationFlag RevocationFlag {
100 			get { return rflag; }
101 			set {
102 				if ((value < X509RevocationFlag.EndCertificateOnly) || (value > X509RevocationFlag.ExcludeRoot))
103 					throw new ArgumentException ("RevocationFlag");
104 				rflag = value;
105 			}
106 		}
107 
108 		public X509RevocationMode RevocationMode {
109 			get { return mode; }
110 			set {
111 				if ((value < X509RevocationMode.NoCheck) || (value > X509RevocationMode.Offline))
112 					throw new ArgumentException ("RevocationMode");
113 				mode = value;
114 			}
115 		}
116 
117 		public TimeSpan UrlRetrievalTimeout {
118 			get { return timeout; }
119 			set { timeout = value; }
120 		}
121 
122 		public X509VerificationFlags VerificationFlags {
123 			get { return vflags; }
124 			set {
125 				if ((value | X509VerificationFlags.AllFlags) != X509VerificationFlags.AllFlags)
126 					throw new ArgumentException ("VerificationFlags");
127 				vflags = value;
128 			}
129 		}
130 
131 		public DateTime VerificationTime {
132 			get { return vtime; }
133 			set { vtime = value; }
134 		}
135 
136 		// methods
137 
Reset()138 		public void Reset ()
139 		{
140 			apps = new OidCollection ();
141 			cert = new OidCollection ();
142 			store2 = null;
143 			rflag = X509RevocationFlag.ExcludeRoot;
144 			mode = X509RevocationMode.Online;
145 			timeout = TimeSpan.Zero;
146 			vflags = X509VerificationFlags.NoFlag;
147 			vtime = DateTime.Now;
148 		}
149 	}
150 }
151 
152 #endif
153