1 // 2 // System.Security.Cryptography.X509Certificates.X509ChainPolicy class 3 // 4 // Author: 5 // Sebastien Pouliot <sebastien@ximian.com> 6 // 7 // (C) 2003 Motus Technologies Inc. (http://www.motus.com) 8 // Copyright (C) 2005-2006 Novell Inc. (http://www.novell.com) 9 // 10 // Permission is hereby granted, free of charge, to any person obtaining 11 // a copy of this software and associated documentation files (the 12 // "Software"), to deal in the Software without restriction, including 13 // without limitation the rights to use, copy, modify, merge, publish, 14 // distribute, sublicense, and/or sell copies of the Software, and to 15 // permit persons to whom the Software is furnished to do so, subject to 16 // the following conditions: 17 // 18 // The above copyright notice and this permission notice shall be 19 // included in all copies or substantial portions of the Software. 20 // 21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 // 29 30 #if SECURITY_DEP 31 32 namespace System.Security.Cryptography.X509Certificates { 33 34 public sealed class X509ChainPolicy { 35 36 private OidCollection apps; 37 private OidCollection cert; 38 private X509CertificateCollection store; 39 private X509Certificate2Collection store2; 40 private X509RevocationFlag rflag; 41 private X509RevocationMode mode; 42 private TimeSpan timeout; 43 private X509VerificationFlags vflags; 44 private DateTime vtime; 45 46 // constructors 47 X509ChainPolicy()48 public X509ChainPolicy () 49 { 50 Reset (); 51 } 52 53 /* 54 * Lazy-init ExtraStore from X509CertificateCollection. 55 * This is called from Mono.Net.Security.SystemCertificateValidator.CreateX509Chain. 56 * 57 * AppleTLS supports a lazily-initialized X509Certificate, but not X509Certificate2 so 58 * we need to fall-back to using Mono.Security.X509 whenever we need an X509Certificate2. 59 * To avoid unnecessary fallbacks, the private Mono.Net.Security APIs use X509Certificate 60 * instead of X509Certificate2. 61 * 62 * Since 'ExtraStore' returns X509Certificate2Collection, we need to convert these to 63 * X509Certificate2. 64 */ X509ChainPolicy(X509CertificateCollection store)65 internal X509ChainPolicy (X509CertificateCollection store) 66 { 67 this.store = store; 68 Reset (); 69 } 70 71 // properties 72 73 public OidCollection ApplicationPolicy { 74 get { return apps; } 75 } 76 77 public OidCollection CertificatePolicy { 78 get { return cert; } 79 } 80 81 public X509Certificate2Collection ExtraStore { 82 get { 83 if (store2 != null) 84 return store2; 85 86 store2 = new X509Certificate2Collection (); 87 if (store != null) { 88 foreach (var cert in store) { 89 store2.Add (new X509Certificate2 (cert)); 90 } 91 } 92 return store2; 93 } 94 internal set { 95 store2 = value; 96 } 97 } 98 99 public X509RevocationFlag RevocationFlag { 100 get { return rflag; } 101 set { 102 if ((value < X509RevocationFlag.EndCertificateOnly) || (value > X509RevocationFlag.ExcludeRoot)) 103 throw new ArgumentException ("RevocationFlag"); 104 rflag = value; 105 } 106 } 107 108 public X509RevocationMode RevocationMode { 109 get { return mode; } 110 set { 111 if ((value < X509RevocationMode.NoCheck) || (value > X509RevocationMode.Offline)) 112 throw new ArgumentException ("RevocationMode"); 113 mode = value; 114 } 115 } 116 117 public TimeSpan UrlRetrievalTimeout { 118 get { return timeout; } 119 set { timeout = value; } 120 } 121 122 public X509VerificationFlags VerificationFlags { 123 get { return vflags; } 124 set { 125 if ((value | X509VerificationFlags.AllFlags) != X509VerificationFlags.AllFlags) 126 throw new ArgumentException ("VerificationFlags"); 127 vflags = value; 128 } 129 } 130 131 public DateTime VerificationTime { 132 get { return vtime; } 133 set { vtime = value; } 134 } 135 136 // methods 137 Reset()138 public void Reset () 139 { 140 apps = new OidCollection (); 141 cert = new OidCollection (); 142 store2 = null; 143 rflag = X509RevocationFlag.ExcludeRoot; 144 mode = X509RevocationMode.Online; 145 timeout = TimeSpan.Zero; 146 vflags = X509VerificationFlags.NoFlag; 147 vtime = DateTime.Now; 148 } 149 } 150 } 151 152 #endif 153