Implement ParseDistinguishedName

StefanGreve · StefanGreve · commit 1d33eb81d800 · 2024-11-19T23:37:38.000+01:00
diff --git a/AdvancedSystems.Security/Cryptography/DistinguishedName.cs b/AdvancedSystems.Security/Cryptography/DistinguishedName.cs
@@ -0,0 +1,61 @@
+﻿using System.Security.Cryptography.X509Certificates;
+
+namespace AdvancedSystems.Security.Cryptography;
+
+/// <summary>
+///     Defines the Distinguished Name (DN) of an entity that owns or issued the certificate.
+///     This entity is typically a Certificate Authority (CA) or an intermediate CA in a chain of trust.
+/// </summary>
+/// <remarks>
+///     DN is a term that describes the identifying information in a certificate and is
+///     part of the <seealso cref="X509Certificate2"/> itself. A certificate contains DN
+///     information for both the owner or requestor of the certificate (called the Subject DN)
+///     and the CA that issues the certificate (called the Issuer DN). Depending on the
+///     identification policy of the CA that issues a certificate, the DN can include a variety
+///     of information.
+/// </remarks>
+/// <seealso href="https://datatracker.ietf.org/doc/html/rfc4514"/>
+public sealed record DistinguishedName
+{
+    /// <summary>
+    ///     Gets or sets the <inheritdoc cref="RDN.C" path="/summary"/>.
+    /// </summary>
+    /// <remarks>
+    ///     <inheritdoc cref="RDN.C" path="/remarks"/>
+    /// </remarks>
+    public string? Country { get; init; }
+
+    /// <summary>
+    ///     Gets or sets the <inheritdoc cref="RDN.CN" path="/summary"/>.
+    /// </summary>
+    /// <remarks>
+    ///     <inheritdoc cref="RDN.CN" path="/remarks"/>
+    /// </remarks>
+    public string? CommonName { get; init; }
+
+    /// <summary>
+    ///     Gets or sets the <inheritdoc cref="RDN.L" path="/summary"/>.
+    /// </summary>
+    /// <remarks>
+    ///     <inheritdoc cref="RDN.L" path="/remarks"/>
+    /// </remarks>
+    public string? Locality { get; init; }
+
+    /// <summary>
+    ///     Gets or sets the <inheritdoc cref="RDN.O" path="/summary"/>.
+    /// </summary>
+    public string? Organization { get; init; }
+
+    /// <summary>
+    ///     Gets or sets the <inheritdoc cref="RDN.OU" path="/summary"/>.
+    /// </summary>
+    public string? OrganizationalUnit { get; init; }
+
+    /// <summary>
+    ///     Gets or sets the <inheritdoc cref="RDN.S" path="/summary"/>..
+    /// </summary>
+    /// <remarks>
+    ///     <inheritdoc cref="RDN.S" path="/remarks"/>
+    /// </remarks>
+    public string? State { get; init; }
+}
diff --git a/AdvancedSystems.Security/Cryptography/RDN.cs b/AdvancedSystems.Security/Cryptography/RDN.cs
@@ -0,0 +1,55 @@
+﻿namespace AdvancedSystems.Security.Cryptography;
+
+/// <summary>
+///     The Relative Distinguished Names (RDNs) are attribute-value pairs that
+///     uniquely identify an entity.
+/// </summary>
+/// <remarks>
+///     This class defines the attributes that annotate one or more values.
+/// </remarks>
+/// <seealso cref="DistinguishedName"/>
+/// <seealso href="https://datatracker.ietf.org/doc/html/rfc4514"/>
+public static class RDN
+{
+    /// <summary>
+    ///     Country (<c>C</c>)
+    /// </summary>
+    /// <remarks>
+    ///     This field could also be used to store the region.
+    /// </remarks>
+    public const string C = "C";
+
+    /// <summary>
+    ///     Common Name (<c>CN</c>)
+    /// </summary>
+    /// <remarks>
+    ///     This field denotes the certificate owner's common name.
+    /// </remarks>
+    public const string CN = "CN";
+
+    /// <summary>
+    ///     Locality (<c>L</c>)
+    /// </summary>
+    /// <remarks>
+    ///     This field could also be used to store the city.
+    /// </remarks>
+    public const string L = "L";
+
+    /// <summary>
+    ///     Organization (<c>O</c>)
+    /// </summary>
+    public const string O = "O";
+
+    /// <summary>
+    ///     Organizational Unit (<c>OU</c>)
+    /// </summary>
+    public const string OU = "OU";
+
+    /// <summary>
+    ///     State (<c>S</c>)
+    /// </summary>
+    /// <remarks>
+    ///     This field could also be used to store the province.
+    /// </remarks>
+    public const string S = "S";
+}
diff --git a/AdvancedSystems.Security/Extensions/CertificateExtensions.cs b/AdvancedSystems.Security/Extensions/CertificateExtensions.cs
@@ -1,16 +1,19 @@
-﻿using System.Linq;
+﻿using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Security.Cryptography.X509Certificates;
 
 using AdvancedSystems.Security.Abstractions;
 using AdvancedSystems.Security.Abstractions.Exceptions;
+using AdvancedSystems.Security.Cryptography;
 
 namespace AdvancedSystems.Security.Extensions;
 
 /// <summary>
 ///     Defines functions for interacting with X.509 certificates.
 /// </summary>
 /// <seealso href="https://datatracker.ietf.org/doc/rfc5280/"/>
-public static class CertificateStore
+public static partial class CertificateExtensions
 {
     /// <summary>
     ///     Retrieves an X.509 certificate from the specified store using the provided thumbprint.
@@ -42,4 +45,37 @@ public static X509Certificate2 GetCertificate<T>(this T store, string thumbprint
         return certificate
             ?? throw new CertificateNotFoundException("No valid certificate matching the search criteria could be found in the store.");
     }
+
+    public static DistinguishedName ParseDistinguishedName(string distinguishedName)
+    {
+        var rdns = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+        var dn = new X500DistinguishedName(distinguishedName);
+
+        foreach (var rdn in dn.EnumerateRelativeDistinguishedNames())
+        {
+            string? attribute = rdn.GetSingleElementType().FriendlyName;
+            string value = rdn.GetSingleElementValue() ?? string.Empty;
+
+            if (string.IsNullOrEmpty(attribute)) continue;
+
+            rdns.Add(attribute, value);
+        }
+
+        rdns.TryGetValue(RDN.C, out string? country);
+        rdns.TryGetValue(RDN.CN, out string? commonName);
+        rdns.TryGetValue(RDN.L, out string? locality);
+        rdns.TryGetValue(RDN.O, out string? organization);
+        rdns.TryGetValue(RDN.OU, out string? organizationalUnit);
+        rdns.TryGetValue(RDN.S, out string? state);
+
+        return new DistinguishedName
+        {
+            CommonName = commonName,
+            OrganizationalUnit = organizationalUnit,
+            Organization = organization,
+            Locality = locality,
+            State = state,
+            Country = country,
+        };
+    }
 }
