public ValidationResponse ValidateCertificate(X509Certificate2 certificate, X509Certificate2 issuer)
        {
            Org.BouncyCastle.X509.X509Certificate certificateBC = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate);
            try
            {
                Asn1Object      derAiaExtension = Asn1Object.FromByteArray(certificateBC.GetExtensionValue(new DerObjectIdentifier("1.3.6.1.5.5.7.1.1")).GetOctets());
                Asn1InputStream asn1Stream      = new Asn1InputStream(derAiaExtension.GetDerEncoded());
                Asn1Sequence    asn1Sequence    = (Asn1Sequence)asn1Stream.ReadObject();

                foreach (Asn1Encodable entry in asn1Sequence)
                {
                    AccessDescription aiaEntry = AccessDescription.GetInstance(entry.ToAsn1Object());
                    if (aiaEntry.AccessMethod.Id == AccessDescription.IdADOcsp.Id)
                    {
                        Console.Out.WriteLine(aiaEntry.AccessLocation.ToString());
                        GeneralName        gn = (GeneralName)aiaEntry.AccessLocation;
                        ValidationResponse validationResponse = ValidateCertificate(certificate, issuer, gn.Name.ToString());
                        if ((validationResponse.status == ValidationExtensions.Enums.CertificateStatus.VALID) ||
                            (validationResponse.status == ValidationExtensions.Enums.CertificateStatus.REVOKED))
                        {
                            return(validationResponse);
                        }
                    }
                }
            }
            catch (NullReferenceException)
            {
                // No Access Information Exception
            }

            return(new ValidationResponse(ValidationExtensions.Enums.CertificateStatus.UNKNOWN));
        }
Beispiel #2
0
        internal static ISet GetDeltaCrls(DateTime currentDate, PkixParameters paramsPKIX, X509Crl completeCRL)
        {
            X509CrlStoreSelector x509CrlStoreSelector = new X509CrlStoreSelector();

            try
            {
                IList list = Platform.CreateArrayList();
                list.Add(completeCRL.IssuerDN);
                x509CrlStoreSelector.Issuers = list;
            }
            catch (IOException innerException)
            {
                throw new Exception("Cannot extract issuer from CRL.", innerException);
            }
            BigInteger bigInteger = null;

            try
            {
                Asn1Object extensionValue = PkixCertPathValidatorUtilities.GetExtensionValue(completeCRL, X509Extensions.CrlNumber);
                if (extensionValue != null)
                {
                    bigInteger = DerInteger.GetInstance(extensionValue).PositiveValue;
                }
            }
            catch (Exception innerException2)
            {
                throw new Exception("CRL number extension could not be extracted from CRL.", innerException2);
            }
            byte[] issuingDistributionPoint = null;
            try
            {
                Asn1Object extensionValue2 = PkixCertPathValidatorUtilities.GetExtensionValue(completeCRL, X509Extensions.IssuingDistributionPoint);
                if (extensionValue2 != null)
                {
                    issuingDistributionPoint = extensionValue2.GetDerEncoded();
                }
            }
            catch (Exception innerException3)
            {
                throw new Exception("Issuing distribution point extension value could not be read.", innerException3);
            }
            x509CrlStoreSelector.MinCrlNumber                    = ((bigInteger == null) ? null : bigInteger.Add(BigInteger.One));
            x509CrlStoreSelector.IssuingDistributionPoint        = issuingDistributionPoint;
            x509CrlStoreSelector.IssuingDistributionPointEnabled = true;
            x509CrlStoreSelector.MaxBaseCrlNumber                = bigInteger;
            ISet set  = PkixCertPathValidatorUtilities.CrlUtilities.FindCrls(x509CrlStoreSelector, paramsPKIX, currentDate);
            ISet set2 = new HashSet();

            foreach (X509Crl x509Crl in set)
            {
                if (PkixCertPathValidatorUtilities.isDeltaCrl(x509Crl))
                {
                    set2.Add(x509Crl);
                }
            }
            return(set2);
        }
Beispiel #3
0
        public void Export(Container container, Stream output)
        {
            Asn1Object privateKey = EncodePrivateKey(container);
            PemObject  pemObject  = new PemObject("PRIVATE KEY", privateKey.GetDerEncoded());

            using (StreamWriter sw = new StreamWriter(output))
            {
                PemWriter writer = new PemWriter(sw);
                writer.WriteObject(pemObject);
            }
        }
Beispiel #4
0
    public DerApplicationSpecific(bool isExplicit, int tag, Asn1Encodable obj)
    {
        Asn1Object asn1Object = obj.ToAsn1Object();

        byte[] derEncoded = asn1Object.GetDerEncoded();
        isConstructed = Asn1TaggedObject.IsConstructed(isExplicit, asn1Object);
        this.tag      = tag;
        if (isExplicit)
        {
            octets = derEncoded;
            return;
        }
        int lengthOfHeader = GetLengthOfHeader(derEncoded);

        byte[] array = new byte[derEncoded.Length - lengthOfHeader];
        Array.Copy(derEncoded, lengthOfHeader, array, 0, array.Length);
        octets = array;
    }
        /**
         * Fetches delta CRLs according to RFC 3280 section 5.2.4.
         *
         * @param currentDate The date for which the delta CRLs must be valid.
         * @param paramsPKIX The extended PKIX parameters.
         * @param completeCRL The complete CRL the delta CRL is for.
         * @return A <code>Set</code> of <code>X509CRL</code>s with delta CRLs.
         * @throws Exception if an exception occurs while picking the delta
         *             CRLs.
         */
        internal static ISet GetDeltaCrls(
            DateTime currentDate,
            PkixParameters paramsPKIX,
            X509Crl completeCRL)
        {
            X509CrlStoreSelector deltaSelect = new X509CrlStoreSelector();

            // 5.2.4 (a)
            try
            {
                IList deltaSelectIssuer = Platform.CreateArrayList();
                deltaSelectIssuer.Add(completeCRL.IssuerDN);
                deltaSelect.Issuers = deltaSelectIssuer;
            }
            catch (IOException e)
            {
                throw new Exception("Cannot extract issuer from CRL.", e);
            }

            BigInteger completeCRLNumber = null;

            try
            {
                Asn1Object asn1Object = GetExtensionValue(completeCRL, X509Extensions.CrlNumber);
                if (asn1Object != null)
                {
                    completeCRLNumber = CrlNumber.GetInstance(asn1Object).PositiveValue;
                }
            }
            catch (Exception e)
            {
                throw new Exception(
                          "CRL number extension could not be extracted from CRL.", e);
            }

            // 5.2.4 (b)
            byte[] idp = null;

            try
            {
                Asn1Object obj = GetExtensionValue(completeCRL, X509Extensions.IssuingDistributionPoint);
                if (obj != null)
                {
                    idp = obj.GetDerEncoded();
                }
            }
            catch (Exception e)
            {
                throw new Exception(
                          "Issuing distribution point extension value could not be read.",
                          e);
            }

            // 5.2.4 (d)

            deltaSelect.MinCrlNumber = (completeCRLNumber == null)
                                ?       null
                                :       completeCRLNumber.Add(BigInteger.One);

            deltaSelect.IssuingDistributionPoint        = idp;
            deltaSelect.IssuingDistributionPointEnabled = true;

            // 5.2.4 (c)
            deltaSelect.MaxBaseCrlNumber = completeCRLNumber;

            // find delta CRLs
            ISet temp = CrlUtilities.FindCrls(deltaSelect, paramsPKIX, currentDate);

            ISet result = new HashSet();

            foreach (X509Crl crl in temp)
            {
                if (isDeltaCrl(crl))
                {
                    result.Add(crl);
                }
            }

            return(result);
        }
Beispiel #6
0
        private void AddAsn1Object(string name, DataKey root, Asn1Object obj, int level, Logger logger)
        {
            Asn1Sequence     seq      = obj as Asn1Sequence;
            Asn1Set          set      = obj as Asn1Set;
            Asn1TaggedObject tag      = obj as Asn1TaggedObject;
            string           currName = name ?? obj.GetType().Name;

            System.Diagnostics.Trace.WriteLine(String.Format("{0} {1}", currName, obj.GetType()));

            if (seq != null)
            {
                if (!Config.IgnoreSequences)
                {
                    DataKey key = new Asn1SequenceKey(currName, Config.NoVerify);

                    foreach (Asn1Object o in seq)
                    {
                        AddAsn1Object(null, key, o, level + 1, logger);
                    }

                    root.AddSubNode(key);
                }
                else
                {
                    root.AddValue(currName, obj.GetDerEncoded());
                }
            }
            else if (set != null)
            {
                if (!Config.IgnoreSets)
                {
                    DataKey key = new Asn1SetKey(currName, Config.NoVerify);

                    foreach (Asn1Object o in set)
                    {
                        AddAsn1Object(null, key, o, level + 1, logger);
                    }

                    root.AddSubNode(key);
                }
                else
                {
                    root.AddValue(currName, obj.GetDerEncoded());
                }
            }
            else if (tag != null)
            {
                if (!Config.IgnoreTaggedObjects)
                {
                    DataKey key = new Asn1TaggedObjectKey(currName, tag.TagNo, Config.NoVerify);

                    root.AddSubNode(key);

                    Asn1Object     o   = tag.GetObject();
                    DerOctetString oct = o as DerOctetString;

                    AddAsn1Object("Object", key, tag.GetObject(), level + 1, logger);

                    //if (oct != null)
                    //{
                    //    Asn1InputStream input = new Asn1InputStream(oct.GetOctetStream());

                    //    try
                    //    {
                    //        Asn1Object next = input.ReadObject();
                    //        if (next == null)
                    //        {
                    //            AddAsn1Object("Object", key, o, logger);
                    //        }
                    //        else
                    //        {
                    //            Asn1OctetStringObject newRoot = new Asn1OctetStringObject("Object");

                    //            while (next != null)
                    //            {
                    //                AddAsn1Object(next.GetType().Name, newRoot, next, logger);

                    //                next = input.ReadObject();
                    //            }

                    //            key.AddSubNode(newRoot);
                    //        }
                    //    }
                    //    catch (IOException)
                    //    {
                    //        AddAsn1Object("Object", key, o, logger);
                    //    }
                    //}
                    //else
                    //{
                    //    AddAsn1Object("Object", key, tag.GetObject(), logger);
                    //}
                }
                else
                {
                    root.AddValue(currName, obj.GetDerEncoded());
                }
            }
            else
            {
                if (!Config.NoDecode)
                {
                    DerStringBase          str  = obj as DerStringBase;
                    DerObjectIdentifier    oid  = obj as DerObjectIdentifier;
                    DerInteger             i    = obj as DerInteger;
                    DerOctetString         oct  = obj as DerOctetString;
                    DerBitString           bits = obj as DerBitString;
                    DerBoolean             boo  = obj as DerBoolean;
                    DerNull                n    = obj as DerNull;
                    DerUtcTime             time = obj as DerUtcTime;
                    DerGeneralizedTime     gt   = obj as DerGeneralizedTime;
                    DerApplicationSpecific app  = obj as DerApplicationSpecific;

                    if (oct != null)
                    {
                        root.AddValue(new Asn1OctetStringValue(currName, oct.GetOctets()));
                    }
                    else if (bits != null)
                    {
                        root.AddSubNode(new Asn1BitStringKey(currName, bits.PadBits, bits.GetBytes()));
                    }
                    else if (str != null)
                    {
                        Type stringType = typeof(Asn1StringValue <>).MakeGenericType(str.GetType());

                        root.AddValue((DataValue)Activator.CreateInstance(stringType, currName, str.GetString()));
                    }
                    else if (oid != null)
                    {
                        root.AddValue(new Asn1ObjectIdentifierValue(currName, oid.Id));
                    }
                    else if (i != null)
                    {
                        root.AddValue(new Asn1IntegerValue(currName, i.Value.ToByteArray()));
                    }
                    else if (boo != null)
                    {
                        root.AddValue(new Asn1BooleanValue(currName, boo.IsTrue));
                    }
                    else if (n != null)
                    {
                        root.AddValue(new Asn1NullValue(currName));
                    }
                    else if (time != null)
                    {
                        root.AddValue(new Asn1DateTimeValue(currName, time.ToDateTime()));
                    }
                    else if (gt != null)
                    {
                        root.AddValue(new Asn1GeneralizedTimeValue(currName, gt.ToDateTime()));
                    }
                    else if (app != null)
                    {
                        root.AddSubNode(new Asn1ApplicationSpecificValue(currName, app.ApplicationTag, app.GetContents()));
                    }
                    else
                    {
                        logger.LogError("Cannot convert type {0} to a class", obj.GetType().Name);
                        root.AddValue(currName, obj.GetDerEncoded());
                    }
                }
                else
                {
                    root.AddValue(currName, obj.GetDerEncoded());
                }
            }
        }
Beispiel #7
0
        internal static ISet GetDeltaCrls(global::System.DateTime currentDate, PkixParameters paramsPKIX, X509Crl completeCRL)
        {
            //IL_0023: Expected O, but got Unknown
            X509CrlStoreSelector x509CrlStoreSelector = new X509CrlStoreSelector();

            try
            {
                global::System.Collections.IList list = Platform.CreateArrayList();
                list.Add((object)completeCRL.IssuerDN);
                x509CrlStoreSelector.Issuers = (global::System.Collections.ICollection)list;
            }
            catch (IOException val)
            {
                IOException val2 = val;
                throw new global::System.Exception("Cannot extract issuer from CRL.", (global::System.Exception)(object) val2);
            }
            BigInteger bigInteger = null;

            try
            {
                Asn1Object extensionValue = GetExtensionValue(completeCRL, X509Extensions.CrlNumber);
                if (extensionValue != null)
                {
                    bigInteger = DerInteger.GetInstance(extensionValue).PositiveValue;
                }
            }
            catch (global::System.Exception ex)
            {
                throw new global::System.Exception("CRL number extension could not be extracted from CRL.", ex);
            }
            byte[] issuingDistributionPoint = null;
            try
            {
                Asn1Object extensionValue2 = GetExtensionValue(completeCRL, X509Extensions.IssuingDistributionPoint);
                if (extensionValue2 != null)
                {
                    issuingDistributionPoint = extensionValue2.GetDerEncoded();
                }
            }
            catch (global::System.Exception ex2)
            {
                throw new global::System.Exception("Issuing distribution point extension value could not be read.", ex2);
            }
            x509CrlStoreSelector.MinCrlNumber                    = bigInteger?.Add(BigInteger.One);
            x509CrlStoreSelector.IssuingDistributionPoint        = issuingDistributionPoint;
            x509CrlStoreSelector.IssuingDistributionPointEnabled = true;
            x509CrlStoreSelector.MaxBaseCrlNumber                = bigInteger;
            ISet set  = CrlUtilities.FindCrls(x509CrlStoreSelector, paramsPKIX, currentDate);
            ISet set2 = new HashSet();

            global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)set).GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    X509Crl x509Crl = (X509Crl)enumerator.get_Current();
                    if (isDeltaCrl(x509Crl))
                    {
                        set2.Add(x509Crl);
                    }
                }
                return(set2);
            }
            finally
            {
                global::System.IDisposable disposable = enumerator as global::System.IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
        }