private ResponseObject( CertificateID certId, CertificateStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions extensions) { this.certId = certId; if (certStatus == null) { this.certStatus = new CertStatus(); } else if (certStatus is UnknownStatus) { this.certStatus = new CertStatus(2, DerNull.Instance); } else { RevokedStatus rs = (RevokedStatus)certStatus; CrlReason revocationReason = rs.HasRevocationReason ? new CrlReason(rs.RevocationReason) : null; this.certStatus = new CertStatus( new RevokedInfo(new DerGeneralizedTime(rs.RevocationTime), revocationReason)); } this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; this.extensions = extensions; }
internal CertsNode(CaControl info, CertStatus certStatus) { caInfo = info; status = certStatus; this.ImageIndex = 3; this.SelectedImageIndex = 3; // Create the CaInfoContext instance for use by the ListView CaInfoContext context = new CaInfoContext(info) { certStatus = status }; // Create a ListView for the node. MmcListViewDescription lvd = new MmcListViewDescription(); lvd.DisplayName = caInfo.CAName; lvd.ViewType = typeof(CertListView); lvd.Options = MmcListViewOptions.ExcludeScopeNodes | MmcListViewOptions.SingleSelect; lvd.Tag = context; this.ViewDescriptions.Add(lvd); this.ViewDescriptions.DefaultIndex = 0; Refresh(); }
/// <summary> /// Construct a CA Database object by reading in all the data from the CA DB file /// and convert to a display-friendly format /// </summary> /// <param name="dbLocation">Pathname of the CA DB file</param> /// <param name="certStatus">Status of certificates to load</param> public CaDB(string DbLocation, CertStatus CertStatus) { this.dbLocation = DbLocation; this.certStatus = CertStatus; createDB(); }
public SslStatus(bool isSecureConnection, CertStatus certStatus, SslVersion sslVersion, SslContentStatus contentStatus, X509Certificate2 certificate) { this.isSecureConnection = isSecureConnection; this.certStatus = certStatus; this.sslVersion = sslVersion; this.contentStatus = contentStatus; this.certificate = certificate; }
public SingleResponse(CertID certID, CertStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions singleExtensions) { this.certID = certID; this.certStatus = certStatus; this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; this.singleExtensions = singleExtensions; }
public SslStatus(bool isSecureConnection, CertStatus certStatus, SslVersion sslVersion, SslContentStatus contentStatus, X509Certificate2 certificate) { IsSecureConnection = isSecureConnection; CertStatus = certStatus; SslVersion = sslVersion; ContentStatus = contentStatus; X509Certificate = certificate; }
public virtual CertStatus[] ToCertStatusArray() { CertStatus[] array = new CertStatus[content.Count]; for (int i = 0; i != array.Length; i++) { array[i] = CertStatus.GetInstance(content[i]); } return(array); }
internal static void GetCertStatus(DateTime validDate, X509Crl crl, object cert, CertStatus certStatus) { X509Crl x509Crl = null; try { x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded()))); } catch (Exception innerException) { throw new Exception("Bouncy Castle X509Crl could not be created.", innerException); } X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(GetSerialNumber(cert)); if (revokedCertificate == null) { return; } X509Name issuerPrincipal = GetIssuerPrincipal(cert); if (!issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), inOrder: true) && !issuerPrincipal.Equivalent(crl.IssuerDN, inOrder: true)) { return; } DerEnumerated derEnumerated = null; if (revokedCertificate.HasExtensions) { try { derEnumerated = DerEnumerated.GetInstance(GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode)); } catch (Exception innerException2) { throw new Exception("Reason code CRL entry extension could not be decoded.", innerException2); } } if (validDate.Ticks >= revokedCertificate.RevocationDate.Ticks || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8)) { if (derEnumerated != null) { certStatus.Status = derEnumerated.Value.SignValue; } else { certStatus.Status = 0; } certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate); } }
public object GetCertStatus() { CertStatus certStatus = this.resp.CertStatus; if (certStatus.TagNo == 0) { return(null); } if (certStatus.TagNo == 1) { return(new RevokedStatus(RevokedInfo.GetInstance(certStatus.Status))); } return(new UnknownStatus()); }
public Object getCertStatus() { CertStatus s = resp.getCertStatus(); if (s.getTagNo() == 0) { return(null); // good } else if (s.getTagNo() == 1) { return(new RevokedStatus(RevokedInfo.getInstance(s.getStatus()))); } return(new UnknownStatus()); }
/// <summary> /// Return a list of certs with a given status /// </summary> /// <param name="status">Status to search on</param> /// <returns>List of certificates matching search term</returns> public List <DataBase> GetCerts(CertStatus status) { switch (status) { case CertStatus.Current: return(CurrentCerts); case CertStatus.Revoked: return(RevokedCerts); case CertStatus.Expired: return(ExpiredCerts); } return(null); }
/** * Return the status object for the response - null indicates good. * * @return the status object for the response, null if it is good. */ public object GetCertStatus() { CertStatus s = resp.CertStatus; if (s.TagNo == 0) { return(null); // good } if (s.TagNo == 1) { return(new RevokedStatus(RevokedInfo.GetInstance(s.Status))); } return(new UnknownStatus()); }
public ResponseObject(CertificateID certId, CertificateStatus certStatus, DateTime thisUpdate, Object nextUpdate, X509Extensions extensions) { this.certId = certId; if (certStatus == null) { this.certStatus = new CertStatus(); } else if (certStatus is UnknownStatus) { this.certStatus = new CertStatus(2, new DERNull()); } else { RevokedStatus rs = (RevokedStatus)certStatus; if (rs.hasRevocationReason()) { this.certStatus = new CertStatus( new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), new CRLReason(rs.getRevocationReason())) ); } else { this.certStatus = new CertStatus( new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), null)); } } this.thisUpdate = new DERGeneralizedTime(thisUpdate); if (nextUpdate != null) { this.nextUpdate = new DERGeneralizedTime((DateTime)nextUpdate); } this.extensions = extensions; }
public SingleResponse(Asn1Sequence seq) { certID = CertID.GetInstance(seq[0]); certStatus = CertStatus.GetInstance(seq[1]); thisUpdate = (DerGeneralizedTime)seq[2]; if (seq.Count > 4) { nextUpdate = DerGeneralizedTime.GetInstance((Asn1TaggedObject)seq[3], isExplicit: true); singleExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[4], explicitly: true); } else if (seq.Count > 3) { Asn1TaggedObject asn1TaggedObject = (Asn1TaggedObject)seq[3]; if (asn1TaggedObject.TagNo == 0) { nextUpdate = DerGeneralizedTime.GetInstance(asn1TaggedObject, isExplicit: true); } else { singleExtensions = X509Extensions.GetInstance(asn1TaggedObject, explicitly: true); } } }
private static void CheckCrl(DistributionPoint dp, IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, DateTime validDate, X509Certificate issuerCert, CertStatus certStatus, ReasonsMask reasonMask, IList certPathCerts) { if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null) { DateTime utcNow = DateTime.UtcNow; if (validDate.CompareTo((object)utcNow) > 0) { throw new Exception("Validation time is in future."); } ISet completeCrls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, attrCert, utcNow, paramsPKIX); bool flag = false; Exception ex = null; IEnumerator enumerator = completeCrls.GetEnumerator(); while (enumerator.MoveNext() && certStatus.Status == 11 && !reasonMask.IsAllReasons) { try { X509Crl x509Crl = (X509Crl)enumerator.Current; ReasonsMask reasonsMask = Rfc3280CertPathUtilities.ProcessCrlD(x509Crl, dp); if (reasonsMask.HasNewReasons(reasonMask)) { ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(x509Crl, attrCert, null, null, paramsPKIX, certPathCerts); AsymmetricKeyParameter key = Rfc3280CertPathUtilities.ProcessCrlG(x509Crl, keys); X509Crl x509Crl2 = null; if (paramsPKIX.IsUseDeltasEnabled) { ISet deltaCrls = PkixCertPathValidatorUtilities.GetDeltaCrls(utcNow, paramsPKIX, x509Crl); x509Crl2 = Rfc3280CertPathUtilities.ProcessCrlH(deltaCrls, key); } if (paramsPKIX.ValidityModel != 1 && attrCert.NotAfter.CompareTo((object)x509Crl.ThisUpdate) < 0) { throw new Exception("No valid CRL for current time found."); } Rfc3280CertPathUtilities.ProcessCrlB1(dp, attrCert, x509Crl); Rfc3280CertPathUtilities.ProcessCrlB2(dp, attrCert, x509Crl); Rfc3280CertPathUtilities.ProcessCrlC(x509Crl2, x509Crl, paramsPKIX); Rfc3280CertPathUtilities.ProcessCrlI(validDate, x509Crl2, attrCert, certStatus, paramsPKIX); Rfc3280CertPathUtilities.ProcessCrlJ(validDate, x509Crl, attrCert, certStatus); if (certStatus.Status == 8) { certStatus.Status = 11; } reasonMask.AddReasons(reasonsMask); flag = true; } } catch (Exception ex2) { ex = ex2; } } if (!flag) { throw ex; } } }
public static SignatureDetails ValidateXMLSignature(string SignedXML) { if (SignedXML == null) throw new ArgumentNullException("SignedXML"); //Make sure the SAPI Library is loaded SAPIInit(); SignatureDetails SigDetails = new SignatureDetails(); SigFieldSettings SigFieldSettings = new SigFieldSettingsClass(); SigFieldInfo SignatureFieldInfo = new SigFieldInfoClass(); SAPICrypt SAPI = new SAPICryptClass(); SigFieldHandle hField = null; int rc; SESHandle hSession = new SESHandleClass(); if ((rc = SAPI.HandleAcquire(out hSession)) != 0) { throw new Exception(string.Format( "Memory allocation error (#{0})", rc.ToString("X"))); } SAPIContext ctxValidateSignature = new SAPIContextClass(); int num = 0; if ((rc = SAPI.SignatureFieldEnumInit(hSession, ctxValidateSignature, SAPI_ENUM_FILE_TYPE.SAPI_ENUM_FILE_XML, SignedXML, 0, ref num)) != 0) { SAPI.HandleRelease(hSession); throw new Exception(string.Format( "An error occured while initializing the signature validation process (#{0})", rc.ToString("X"))); } if (num < 1) throw new Exception("The XML file is not signed!"); if (num > 1) throw new Exception("SAPI only supports a single signature per XML file!"); if ((rc = SAPI.SignatureFieldEnumCont(hSession, ctxValidateSignature, out hField)) != 0) { SAPI.ContextRelease(ctxValidateSignature); SAPI.HandleRelease(hSession); throw new Exception(string.Format( "Failed to retrieve signature (#{0})", rc.ToString("X"))); } if ((rc = SAPI.SignatureFieldInfoGet(hSession, hField, SigFieldSettings, SignatureFieldInfo)) != 0) { SAPI.ContextRelease(ctxValidateSignature); SAPI.HandleRelease(hSession); throw new Exception(string.Format( "Failed to parse signature details (#{0})", rc.ToString("X"))); } CertStatus not_used = new CertStatus(); SigDetails.isValid = SAPI.SignatureFieldVerify(hSession, hField, not_used, 0) == 0; SigDetails.SignerCertificate = new X509Certificate2( (byte[])(((SAPIByteArray)SignatureFieldInfo.Certificate).ToArray())); SigDetails.SignerName = SignatureFieldInfo.SignerName; //Convert FILE_TIME to ticks ulong filetime = SignatureFieldInfo.SignatureTime.HighDateTime; filetime <<= 32; filetime += SignatureFieldInfo.SignatureTime.LowDateTime; SigDetails.SignatureTimeTicks = DateTime.FromFileTimeUtc((long)filetime).Ticks; //Cleanup memory SAPI.ContextRelease(ctxValidateSignature); SAPI.HandleRelease(hSession); return SigDetails; }
public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus) { this.digestAlgFinder = digestAlgFinder; this.certStatus = certStatus; }
public static SignatureDetails ValidateXMLSignature(string SignedXML) { if (SignedXML == null) { throw new ArgumentNullException("SignedXML"); } //Make sure the SAPI Library is loaded SAPIInit(); SignatureDetails SigDetails = new SignatureDetails(); SigFieldSettings SigFieldSettings = new SigFieldSettingsClass(); SigFieldInfo SignatureFieldInfo = new SigFieldInfoClass(); SAPICrypt SAPI = new SAPICryptClass(); SigFieldHandle hField = null; int rc; SESHandle hSession = new SESHandleClass(); if ((rc = SAPI.HandleAcquire(out hSession)) != 0) { throw new Exception(string.Format( "Memory allocation error (#{0})", rc.ToString("X"))); } SAPIContext ctxValidateSignature = new SAPIContextClass(); int num = 0; if ((rc = SAPI.SignatureFieldEnumInit(hSession, ctxValidateSignature, SAPI_ENUM_FILE_TYPE.SAPI_ENUM_FILE_XML, SignedXML, 0, ref num)) != 0) { SAPI.HandleRelease(hSession); throw new Exception(string.Format( "An error occured while initializing the signature validation process (#{0})", rc.ToString("X"))); } if (num < 1) { throw new Exception("The XML file is not signed!"); } if (num > 1) { throw new Exception("SAPI only supports a single signature per XML file!"); } if ((rc = SAPI.SignatureFieldEnumCont(hSession, ctxValidateSignature, out hField)) != 0) { SAPI.ContextRelease(ctxValidateSignature); SAPI.HandleRelease(hSession); throw new Exception(string.Format( "Failed to retrieve signature (#{0})", rc.ToString("X"))); } if ((rc = SAPI.SignatureFieldInfoGet(hSession, hField, SigFieldSettings, SignatureFieldInfo)) != 0) { SAPI.ContextRelease(ctxValidateSignature); SAPI.HandleRelease(hSession); throw new Exception(string.Format( "Failed to parse signature details (#{0})", rc.ToString("X"))); } CertStatus not_used = new CertStatus(); SigDetails.isValid = SAPI.SignatureFieldVerify(hSession, hField, not_used, 0) == 0; SigDetails.SignerCertificate = new X509Certificate2( (byte[])(((SAPIByteArray)SignatureFieldInfo.Certificate).ToArray())); SigDetails.SignerName = SignatureFieldInfo.SignerName; //Convert FILE_TIME to ticks ulong filetime = SignatureFieldInfo.SignatureTime.HighDateTime; filetime <<= 32; filetime += SignatureFieldInfo.SignatureTime.LowDateTime; SigDetails.SignatureTimeTicks = DateTime.FromFileTimeUtc((long)filetime).Ticks; //Cleanup memory SAPI.ContextRelease(ctxValidateSignature); SAPI.HandleRelease(hSession); return(SigDetails); }
internal static void CheckCrls(IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts) { if (!paramsPKIX.IsRevocationEnabled) { return; } if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null) { CrlDistPoint crlDistPoint = null; try { crlDistPoint = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(attrCert, X509Extensions.CrlDistributionPoints)); } catch (Exception cause) { throw new PkixCertPathValidatorException("CRL distribution point extension could not be read.", cause); } try { PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(crlDistPoint, paramsPKIX); } catch (Exception cause2) { throw new PkixCertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", cause2); } CertStatus certStatus = new CertStatus(); ReasonsMask reasonsMask = new ReasonsMask(); Exception cause3 = null; bool flag = false; if (crlDistPoint != null) { DistributionPoint[] array = null; try { array = crlDistPoint.GetDistributionPoints(); } catch (Exception cause4) { throw new PkixCertPathValidatorException("Distribution points could not be read.", cause4); } try { for (int i = 0; i < array.Length; i++) { if (certStatus.Status != 11) { break; } if (reasonsMask.IsAllReasons) { break; } PkixParameters paramsPKIX2 = (PkixParameters)paramsPKIX.Clone(); CheckCrl(array[i], attrCert, paramsPKIX2, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); flag = true; } } catch (Exception innerException) { cause3 = new Exception("No valid CRL for distribution point found.", innerException); } } if (certStatus.Status == 11 && !reasonsMask.IsAllReasons) { try { Asn1Object asn1Object = null; try { asn1Object = new Asn1InputStream(attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject(); } catch (Exception innerException2) { throw new Exception("Issuer from certificate for CRL could not be reencoded.", innerException2); } DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(4, asn1Object))), null, null); PkixParameters paramsPKIX3 = (PkixParameters)paramsPKIX.Clone(); CheckCrl(dp, attrCert, paramsPKIX3, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); flag = true; } catch (Exception innerException3) { cause3 = new Exception("No valid CRL for distribution point found.", innerException3); } } if (!flag) { throw new PkixCertPathValidatorException("No valid CRL found.", cause3); } if (certStatus.Status != 11) { string str = certStatus.RevocationDate.Value.ToString("ddd MMM dd HH:mm:ss K yyyy"); string str2 = "Attribute certificate revocation after " + str; str2 = str2 + ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status]; throw new PkixCertPathValidatorException(str2); } if (!reasonsMask.IsAllReasons && certStatus.Status == 11) { certStatus.Status = 12; } if (certStatus.Status == 12) { throw new PkixCertPathValidatorException("Attribute certificate status could not be determined."); } } else if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null) { throw new PkixCertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer."); } }