Expose KeyUsage in X509Certificate

bcgit / bc-csharp

BouncyCastle.NET Cryptography Library (Mirror)

https://www.bouncycastle.org/csharp

MIT License

1.66k stars 554 forks source link

Expose KeyUsage in X509Certificate #44

Open Genbox opened 8 years ago

Genbox commented 8 years ago

The X509Certificate class exposes KeyUsage as a bool[], which is require the user to know the ordering of the bits in the KeyUsage field. It would be a lot more user friendly to expose the KeyUsage class, and provide an API in the KeyUsage class to test for a specific key usage.

Example:

X509Certificate cert = ...;
bool hasUsage = cert.GetKeyUsage().HasUsage(KeyUsage.CRLSign);

jstedfast commented 8 years ago

FWIW, I ended up implementing my own extension for X509Certificate to get this functionality in MimeKit.

A set of bit flags:

https://github.com/jstedfast/MimeKit/blob/master/MimeKit/Cryptography/X509KeyUsageFlags.cs

and the extension method:

https://github.com/jstedfast/MimeKit/blob/master/MimeKit/Cryptography/X509CertificateExtensions.cs#L215

Genbox commented 8 years ago

Actually ended up not using X509Certificate as most of the API is not really functional in my case. I'd rather see the KeyUsage bits exposed as a flags enum (like @jstedfast did) and store the enum value, instead of checking against an array of bool.

I would have made a pull request for this as I did implement the change in the BC library, however, I was not keen on changing 30 unit tests as well.