GetExcludedCerts() public method

Excluded certificates are not used for building a certification path.
public GetExcludedCerts ( ) : ISet
return ISet
        private PkixCertPathBuilderResult Build(IX509AttributeCertificate attrCert, X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath)
        {
            if (tbvPath.Contains(tbvCert))
            {
                return(null);
            }
            if (pkixParams.GetExcludedCerts().Contains(tbvCert))
            {
                return(null);
            }
            if (pkixParams.MaxPathLength != -1 && tbvPath.Count - 1 > pkixParams.MaxPathLength)
            {
                return(null);
            }
            tbvPath.Add(tbvCert);
            PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
            PkixAttrCertPathValidator pkixAttrCertPathValidator = new PkixAttrCertPathValidator();

            try
            {
                if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
                {
                    PkixCertPath certPath = new PkixCertPath(tbvPath);
                    PkixCertPathValidatorResult pkixCertPathValidatorResult;
                    try
                    {
                        pkixCertPathValidatorResult = pkixAttrCertPathValidator.Validate(certPath, pkixParams);
                    }
                    catch (Exception innerException)
                    {
                        throw new Exception("Certification path could not be validated.", innerException);
                    }
                    return(new PkixCertPathBuilderResult(certPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey));
                }
                try
                {
                    PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
                }
                catch (CertificateParsingException innerException2)
                {
                    throw new Exception("No additional X.509 stores can be added from certificate locations.", innerException2);
                }
                ISet set = new HashSet();
                try
                {
                    set.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
                }
                catch (Exception innerException3)
                {
                    throw new Exception("Cannot find issuer certificate for certificate in certification path.", innerException3);
                }
                if (set.IsEmpty)
                {
                    throw new Exception("No issuer certificate for certificate in certification path found.");
                }
                foreach (X509Certificate x509Certificate in set)
                {
                    if (!PkixCertPathValidatorUtilities.IsSelfIssued(x509Certificate))
                    {
                        pkixCertPathBuilderResult = this.Build(attrCert, x509Certificate, pkixParams, tbvPath);
                        if (pkixCertPathBuilderResult != null)
                        {
                            break;
                        }
                    }
                }
            }
            catch (Exception innerException4)
            {
                this.certPathException = new Exception("No valid certification path could be build.", innerException4);
            }
            if (pkixCertPathBuilderResult == null)
            {
                tbvPath.Remove(tbvCert);
            }
            return(pkixCertPathBuilderResult);
        }
Ejemplo n.º 2
0
		private PkixCertPathBuilderResult Build(
			IX509AttributeCertificate	attrCert,
			X509Certificate				tbvCert,
			PkixBuilderParameters		pkixParams,
			IList						tbvPath)
		{
			// If tbvCert is readily present in tbvPath, it indicates having run
			// into a cycle in the
			// PKI graph.
			if (tbvPath.Contains(tbvCert))
				return null;

			// step out, the certificate is not allowed to appear in a certification
			// chain
			if (pkixParams.GetExcludedCerts().Contains(tbvCert))
				return null;

			// test if certificate path exceeds maximum length
			if (pkixParams.MaxPathLength != -1)
			{
				if (tbvPath.Count - 1 > pkixParams.MaxPathLength)
					return null;
			}

			tbvPath.Add(tbvCert);

			PkixCertPathBuilderResult builderResult = null;

//			X509CertificateParser certParser = new X509CertificateParser();
			PkixAttrCertPathValidator validator = new PkixAttrCertPathValidator();

			try
			{
				// check whether the issuer of <tbvCert> is a TrustAnchor
				if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
				{
					PkixCertPath certPath = new PkixCertPath(tbvPath);
					PkixCertPathValidatorResult result;

					try
					{
						result = validator.Validate(certPath, pkixParams);
					}
					catch (Exception e)
					{
						throw new Exception("Certification path could not be validated.", e);
					}

					return new PkixCertPathBuilderResult(certPath, result.TrustAnchor,
						result.PolicyTree, result.SubjectPublicKey);
				}
				else
				{
					// add additional X.509 stores from locations in certificate
					try
					{
						PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
					}
					catch (CertificateParsingException e)
					{
						throw new Exception("No additional X.509 stores can be added from certificate locations.", e);
					}

					// try to get the issuer certificate from one of the stores
					ISet issuers = new HashSet();
					try
					{
						issuers.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
					}
					catch (Exception e)
					{
						throw new Exception("Cannot find issuer certificate for certificate in certification path.", e);
					}

					if (issuers.IsEmpty)
						throw new Exception("No issuer certificate for certificate in certification path found.");

					foreach (X509Certificate issuer in issuers)
					{
						// if untrusted self signed certificate continue
						if (PkixCertPathValidatorUtilities.IsSelfIssued(issuer))
							continue;

						builderResult = Build(attrCert, issuer, pkixParams, tbvPath);

						if (builderResult != null)
							break;
					}
				}
			}
			catch (Exception e)
			{
				certPathException = new Exception("No valid certification path could be build.", e);
			}

			if (builderResult == null)
			{
				tbvPath.Remove(tbvCert);
			}

			return builderResult;
		}
Ejemplo n.º 3
0
        protected virtual PkixCertPathBuilderResult Build(
            X509Certificate tbvCert,
            PkixBuilderParameters pkixParams,
            IList tbvPath)
        {
            // If tbvCert is readily present in tbvPath, it indicates having run
            // into a cycle in the PKI graph.
            if (tbvPath.Contains(tbvCert))
            {
                return(null);
            }

            // step out, the certificate is not allowed to appear in a certification
            // chain.
            if (pkixParams.GetExcludedCerts().Contains(tbvCert))
            {
                return(null);
            }

            // test if certificate path exceeds maximum length
            if (pkixParams.MaxPathLength != -1)
            {
                if (tbvPath.Count - 1 > pkixParams.MaxPathLength)
                {
                    return(null);
                }
            }

            tbvPath.Add(tbvCert);

            X509CertificateParser     certParser    = new X509CertificateParser();
            PkixCertPathBuilderResult builderResult = null;
            PkixCertPathValidator     validator     = new PkixCertPathValidator();

            try
            {
                // check whether the issuer of <tbvCert> is a TrustAnchor
                if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
                {
                    // exception message from possibly later tried certification
                    // chains
                    PkixCertPath certPath = null;
                    try
                    {
                        certPath = new PkixCertPath(tbvPath);
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Certification path could not be constructed from certificate list.",
                                  e);
                    }

                    PkixCertPathValidatorResult result = null;
                    try
                    {
                        result = (PkixCertPathValidatorResult)validator.Validate(
                            certPath, pkixParams);
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Certification path could not be validated.", e);
                    }

                    return(new PkixCertPathBuilderResult(certPath, result.TrustAnchor,
                                                         result.PolicyTree, result.SubjectPublicKey));
                }
                else
                {
                    // add additional X.509 stores from locations in certificate
                    try
                    {
                        PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(
                            tbvCert, pkixParams);
                    }
                    catch (CertificateParsingException e)
                    {
                        throw new Exception(
                                  "No additiontal X.509 stores can be added from certificate locations.",
                                  e);
                    }

                    // try to get the issuer certificate from one of the stores
                    HashSet issuers = new HashSet();
                    try
                    {
                        issuers.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Cannot find issuer certificate for certificate in certification path.",
                                  e);
                    }

                    if (issuers.IsEmpty)
                    {
                        throw new Exception("No issuer certificate for certificate in certification path found.");
                    }

                    foreach (X509Certificate issuer in issuers)
                    {
                        builderResult = Build(issuer, pkixParams, tbvPath);

                        if (builderResult != null)
                        {
                            break;
                        }
                    }
                }
            }
            catch (Exception e)
            {
                certPathException = e;
            }

            if (builderResult == null)
            {
                tbvPath.Remove(tbvCert);
            }

            return(builderResult);
        }
Ejemplo n.º 4
0
        private PkixCertPathBuilderResult Build(IX509AttributeCertificate attrCert, X509Certificate tbvCert, PkixBuilderParameters pkixParams, global::System.Collections.IList tbvPath)
        {
            if (tbvPath.Contains((object)tbvCert))
            {
                return(null);
            }
            if (pkixParams.GetExcludedCerts().Contains(tbvCert))
            {
                return(null);
            }
            if (pkixParams.MaxPathLength != -1 && ((global::System.Collections.ICollection)tbvPath).get_Count() - 1 > pkixParams.MaxPathLength)
            {
                return(null);
            }
            tbvPath.Add((object)tbvCert);
            PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
            PkixAttrCertPathValidator pkixAttrCertPathValidator = new PkixAttrCertPathValidator();

            try
            {
                if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
                {
                    PkixCertPath certPath = new PkixCertPath((global::System.Collections.ICollection)tbvPath);
                    PkixCertPathValidatorResult pkixCertPathValidatorResult;
                    try
                    {
                        pkixCertPathValidatorResult = pkixAttrCertPathValidator.Validate(certPath, pkixParams);
                    }
                    catch (global::System.Exception ex)
                    {
                        throw new global::System.Exception("Certification path could not be validated.", ex);
                    }
                    return(new PkixCertPathBuilderResult(certPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey));
                }
                try
                {
                    PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
                }
                catch (CertificateParsingException ex2)
                {
                    throw new global::System.Exception("No additional X.509 stores can be added from certificate locations.", (global::System.Exception)ex2);
                }
                ISet set = new HashSet();
                try
                {
                    set.AddAll((global::System.Collections.IEnumerable)PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
                }
                catch (global::System.Exception ex3)
                {
                    throw new global::System.Exception("Cannot find issuer certificate for certificate in certification path.", ex3);
                }
                if (set.IsEmpty)
                {
                    throw new global::System.Exception("No issuer certificate for certificate in certification path found.");
                }
                global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)set).GetEnumerator();
                try
                {
                    while (enumerator.MoveNext())
                    {
                        X509Certificate x509Certificate = (X509Certificate)enumerator.get_Current();
                        if (!PkixCertPathValidatorUtilities.IsSelfIssued(x509Certificate))
                        {
                            pkixCertPathBuilderResult = Build(attrCert, x509Certificate, pkixParams, tbvPath);
                            if (pkixCertPathBuilderResult != null)
                            {
                                break;
                            }
                        }
                    }
                }
                finally
                {
                    global::System.IDisposable disposable = enumerator as global::System.IDisposable;
                    if (disposable != null)
                    {
                        disposable.Dispose();
                    }
                }
            }
            catch (global::System.Exception ex4)
            {
                certPathException = new global::System.Exception("No valid certification path could be build.", ex4);
            }
            if (pkixCertPathBuilderResult == null)
            {
                tbvPath.Remove((object)tbvCert);
            }
            return(pkixCertPathBuilderResult);
        }