public void Open(OpenFlags flags)
{
if (String.IsNullOrEmpty(_name))
{
throw new CryptographicException(Locale.GetText("Invalid store name (null or empty)."));
}
/* keep existing Mono installations (pre 2.0) compatible with new stuff */
string name;
switch (_name)
{
case "Root":
name = "Trust";
break;
default:
name = _name;
break;
}
bool create = ((flags & OpenFlags.OpenExistingOnly) != OpenFlags.OpenExistingOnly);
store = Factory.Open(name, create);
if (store == null)
{
throw new CryptographicException(Locale.GetText("Store {0} doesn't exists.", _name));
}
_flags = flags;
foreach (MX.X509Certificate x in store.Certificates)
{
Certificates.Add(new X509Certificate2(x.RawData));
}
}
public void Close()
{
store = null;
if (list != null)
{
list.Clear();
}
}
static MX.X509Crl CheckCrls(string subject, string ski, MX.X509Store store)
{
if (store == null)
{
return(null);
}
var crls = store.Crls;
foreach (MX.X509Crl crl in crls)
{
if (crl.IssuerName == subject && (ski.Length == 0 || ski == GetAuthorityKeyIdentifier(crl)))
{
return(crl);
}
}
return(null); // No CRL found
}
static void Download (string url, X509Store store)
{
if (verbose)
Console.WriteLine ("Downloading: {0}", url);
WebClient wc = new WebClient ();
string error = "download";
try {
byte [] data = wc.DownloadData (url);
error = "decode";
X509Crl crl = new X509Crl (data);
error = "import";
store.Import (crl);
}
catch (Exception e) {
Console.WriteLine ("ERROR: could not {0}: {1}", error, url);
if (verbose) {
Console.WriteLine (e);
Console.WriteLine ();
}
}
}
public void Open (OpenFlags flags)
{
if (String.IsNullOrEmpty (_name))
throw new CryptographicException (Locale.GetText ("Invalid store name (null or empty)."));
/* keep existing Mono installations (pre 2.0) compatible with new stuff */
string name;
switch (_name) {
case "Root":
name = "Trust";
break;
default:
name = _name;
break;
}
bool create = ((flags & OpenFlags.OpenExistingOnly) != OpenFlags.OpenExistingOnly);
store = Factory.Open (name, create);
if (store == null)
throw new CryptographicException (Locale.GetText ("Store {0} doesn't exists.", _name));
_flags = flags;
foreach (MX.X509Certificate x in store.Certificates) {
Certificates.Add (new X509Certificate2 (x.RawData));
}
}
public void Close ()
{
store = null;
if (list != null)
list.Clear ();
}
// methods
public void Clear ()
{
// this will force a reload of all stores
if (_personal != null)
_personal.Clear ();
_personal = null;
if (_other != null)
_other.Clear ();
_other = null;
if (_intermediate != null)
_intermediate.Clear ();
_intermediate = null;
if (_trusted != null)
_trusted.Clear ();
_trusted = null;
if (_untrusted != null)
_untrusted.Clear ();
_untrusted = null;
}
static void UpdateStore (X509Store store)
{
// for each certificate
foreach (X509Certificate cert in store.Certificates) {
// do we already have a matching CRL ? (or are we forced to download?)
X509Crl crl = force ? null : FindCrl (cert, store);
// without a CRL (or with a CRL in need of updating)
if ((crl == null) || !crl.IsCurrent) {
X509Extension ext = cert.Extensions ["2.5.29.31"];
if (ext == null) {
if (verbose)
Console.WriteLine ("WARNING: No cRL distribution point found for '{0}'", cert.SubjectName);
continue;
}
CRLDistributionPointsExtension crlDP = new CRLDistributionPointsExtension (ext);
foreach (var dp in crlDP.DistributionPoints) {
string name = dp.Name.Trim ();
if (name.StartsWith ("URL="))
Download (name.Substring (4), store);
else if (verbose)
Console.WriteLine ("WARNING: Unsupported distribution point: '{0}'", name);
}
}
}
}
static X509Crl FindCrl (X509Certificate cert, X509Store store)
{
string name = cert.SubjectName;
byte [] ski = GetSubjectKeyIdentifier (cert.Extensions ["2.5.29.14"]);
foreach (X509Crl crl in store.Crls) {
if (crl.IssuerName != cert.SubjectName)
continue;
if ((ski == null) || Compare (ski, GetAuthorityKeyIdentifier (crl.Extensions ["2.5.29.35"])))
return crl;
}
return null;
}
static void Download (string url, X509Store store)
{
if (verbose)
Console.WriteLine ("Downloading: {0}", url);
WebClient wc = new WebClient ();
string error = "download";
try {
byte [] data = wc.DownloadData (url);
error = "decode";
X509Crl crl = new X509Crl (data);
error = "import";
// warn if CRL is not current - but still allow it to be imported
if (!crl.IsCurrent && verbose)
Console.WriteLine ("WARNING: CRL is not current: {0}", url);
// only import the CRL if its signature is valid and coming from a trusted root
if (VerifyCrl (crl))
store.Import (crl);
else
Console.WriteLine ("ERROR: could not validate CRL: {0}", url);
}
catch (Exception e) {
Console.WriteLine ("ERROR: could not {0}: {1}", error, url);
if (verbose) {
Console.WriteLine (e);
Console.WriteLine ();
}
}
}
