C# Class Brunet.Security.CertificateHandler

.NET provides a very complicated (and complete) x509 Certificate handler. We do not require all those features and we also embed data that we use for quick retrieval that wouldn't be easy to reproduce using that framework. This model can be used on non-x509 certificate models and perhaps even abstract to support handshakes on pre-shared keys. In our system, certificate's serial numbers are equivalent to the data common to a certificate request and signed certificate, so that the model can support self-signed CAs. Thus a cert.SerialNumber == hash(cert.ca.unsigned data). This class is thread-safe.

Show file Open project: pstjuste/brunet Class Usage Examples

Public Properties

Property	Type	Description
CertDir	String

Protected Properties

Property	Type	Description
_cas	X509Certificate>.Dictionary
_certificate_verifiers	List
_lc	X509Certificate>.Dictionary
_lc_issuers	List
_local_id	string
_supported_cas	List
_sync	object

Public Methods

Method	Description
AddCACertificate ( Mono.Security.X509.X509Certificate cert ) : bool	Adds CA certificate to this CH.
AddCertificate ( string filename ) : bool
AddCertificateVerification ( ICertificateVerification certificate_verifier ) : bool	Add an ICertificateVerification to be called during verification of certificates
AddSignedCertificate ( Mono.Security.X509.X509Certificate cert ) : bool	Adds a local signed public certificate to this CH.
CertificateHandler ( ) : Brunet
CertificateHandler ( string cert_dir ) : Brunet
CertificateHandler ( string cert_dir, string local_id ) : Brunet
FindCertificate ( List supported_cas ) : Mono.Security.X509.X509Certificate	Returns the first certificate that matches one of the CAs listed in the array.
LoadAllCertificates ( ) : void	Loads all the local certificates.
ReadCertificate ( string Filename ) : Mono.Security.X509.X509Certificate	Reads a certificate from a file.
RemoveCertificateVerification ( ICertificateVerification certificate_verifier ) : bool	Remove an ICertificateVerification.
Verify ( Mono.Security.X509.X509Certificate x509, ISender sender ) : bool	True if this certificate is signed by a CA whose cetificate we have, false otherwise.
Verify ( Mono.Security.X509.X509Certificate x509, ISender sender, string remote_id ) : bool	First makes sure we have a CA that supports this certificate, then looks through an x509 certificates SubjectAltName Extension's URI list to determine if the given URI (RemoteID) exists in the certificate.
Verify ( Mono.Security.X509.X509Certificate x509, string remote_id ) : bool	Given a string, this looks inside the certificates SANE to see if the string is present. This isn't inefficient as it looks, there tends to be no entries at most of those places, so this usually has runtime of 1. Also this doesn't actually verify any other properties of the certificate, such as being properly signed.

Method Details

AddCACertificate() public method

Adds CA certificate to this CH.

public AddCACertificate ( Mono.Security.X509.X509Certificate cert ) : bool
cert	Mono.Security.X509.X509Certificate
return	bool

AddCertificate() public method

public AddCertificate ( string filename ) : bool
filename	string
return	bool

AddCertificateVerification() public method

Add an ICertificateVerification to be called during verification of certificates

public AddCertificateVerification ( ICertificateVerification certificate_verifier ) : bool
certificate_verifier	ICertificateVerification
return	bool

AddSignedCertificate() public method

Adds a local signed public certificate to this CH.

public AddSignedCertificate ( Mono.Security.X509.X509Certificate cert ) : bool
cert	Mono.Security.X509.X509Certificate
return	bool

CertificateHandler() public method

public CertificateHandler ( ) : Brunet
return	Brunet

CertificateHandler() public method

public CertificateHandler ( string cert_dir ) : Brunet
cert_dir	string
return	Brunet

CertificateHandler() public method

public CertificateHandler ( string cert_dir, string local_id ) : Brunet
cert_dir	string
local_id	string
return	Brunet

FindCertificate() public method

Returns the first certificate that matches one of the CAs listed in the array.

public FindCertificate ( List supported_cas ) : Mono.Security.X509.X509Certificate
supported_cas	List	A list of CAs of which you would like to /// find a certificate that matches.
return	Mono.Security.X509.X509Certificate

LoadAllCertificates() public method

Loads all the local certificates.

public LoadAllCertificates ( ) : void
return	void

ReadCertificate() public method

Reads a certificate from a file.

public ReadCertificate ( string Filename ) : Mono.Security.X509.X509Certificate
Filename	string
return	Mono.Security.X509.X509Certificate

RemoveCertificateVerification() public method

Remove an ICertificateVerification.

public RemoveCertificateVerification ( ICertificateVerification certificate_verifier ) : bool
certificate_verifier	ICertificateVerification
return	bool

Verify() public method

True if this certificate is signed by a CA whose cetificate we have, false otherwise.

public Verify ( Mono.Security.X509.X509Certificate x509, ISender sender ) : bool
x509	Mono.Security.X509.X509Certificate
sender	ISender
return	bool

Verify() public method

First makes sure we have a CA that supports this certificate, then looks through an x509 certificates SubjectAltName Extension's URI list to determine if the given URI (RemoteID) exists in the certificate.

public Verify ( Mono.Security.X509.X509Certificate x509, ISender sender, string remote_id ) : bool
x509	Mono.Security.X509.X509Certificate	The certificate to check
sender	ISender
remote_id	string
return	bool

Verify() static public method

Given a string, this looks inside the certificates SANE to see if the string is present. This isn't inefficient as it looks, there tends to be no entries at most of those places, so this usually has runtime of 1. Also this doesn't actually verify any other properties of the certificate, such as being properly signed.

static public Verify ( Mono.Security.X509.X509Certificate x509, string remote_id ) : bool
x509	Mono.Security.X509.X509Certificate
remote_id	string
return	bool

Property Details

CertDir public property

Default directory for storing certificates.

public String CertDir
return	String

_cas protected property

Dictionary for authorities local certificates by SerialNumber.

protected Dictionary _cas
return	X509Certificate>.Dictionary

_certificate_verifiers protected property

protected List _certificate_verifiers
return	List

_lc protected property

Dictionary for local certificates by SerialNumber.

protected Dictionary _lc
return	X509Certificate>.Dictionary

_lc_issuers protected property

List of local certificate serial numbers.

protected List _lc_issuers
return	List

_local_id protected property

protected string _local_id
return	string

_supported_cas protected property

List of supported CAs serial numbers.

protected List _supported_cas
return	List

_sync protected property

protected object _sync
return	object