/// <summary>Fetches the CRL bytes from an URL.</summary>
/// <remarks>
/// Fetches the CRL bytes from an URL.
/// If no url is passed as parameter, the url will be obtained from the certificate.
/// If you want to load a CRL from a local file, subclass this method and pass an
/// URL with the path to the local file to this method. An other option is to use
/// the CrlClientOffline class.
/// </remarks>
/// <seealso cref="ICrlClient.GetEncoded(Org.BouncyCastle.X509.X509Certificate, System.String)"/>
public virtual ICollection <byte[]> GetEncoded(X509Certificate checkCert, String url)
{
if (checkCert == null)
{
return(null);
}
IList <Uri> urllist = new List <Uri>(urls);
if (urllist.Count == 0)
{
LOGGER.Info("Looking for CRL for certificate " + checkCert.SubjectDN);
try {
if (url == null)
{
url = CertificateUtil.GetCRLURL(checkCert);
}
if (url == null)
{
throw new ArgumentException("Passed url can not be null.");
}
urllist.Add(new Uri(url));
LOGGER.Info("Found CRL url: " + url);
}
catch (Exception e) {
LOGGER.Info("Skipped CRL url: " + e.Message);
}
}
IList <byte[]> ar = new List <byte[]>();
foreach (Uri urlt in urllist)
{
try {
LOGGER.Info("Checking CRL: " + urlt);
Stream inp = SignUtils.GetHttpResponse(urlt);
byte[] buf = new byte[1024];
MemoryStream bout = new MemoryStream();
while (true)
{
int n = inp.JRead(buf, 0, buf.Length);
if (n <= 0)
{
break;
}
bout.Write(buf, 0, n);
}
inp.Dispose();
ar.Add(bout.ToArray());
LOGGER.Info("Added CRL found at: " + urlt);
}
catch (Exception e) {
LOGGER.Info("Skipped CRL: " + e.Message + " for " + urlt);
}
}
return(ar);
}
/// <summary>Creates a CrlClientOnline instance using a certificate chain.</summary>
public CrlClientOnline(X509Certificate[] chain)
{
for (int i = 0; i < chain.Length; i++)
{
X509Certificate cert = (X509Certificate)chain[i];
LOGGER.Info("Checking certificate: " + cert.SubjectDN);
try {
AddUrl(CertificateUtil.GetCRLURL(cert));
}
catch (CertificateParsingException) {
LOGGER.Info("Skipped CRL url (certificate could not be parsed)");
}
}
}
/// <summary>Fetches a CRL for a specific certificate online (without further checking).</summary>
/// <param name="signCert">the certificate</param>
/// <param name="issuerCert">its issuer</param>
/// <returns>an X509CRL object</returns>
public virtual X509Crl GetCRL(X509Certificate signCert, X509Certificate issuerCert)
{
if (issuerCert == null)
{
issuerCert = signCert;
}
try {
// gets the URL from the certificate
String crlurl = CertificateUtil.GetCRLURL(signCert);
if (crlurl == null)
{
return(null);
}
LOGGER.Info("Getting CRL from " + crlurl);
return((X509Crl)SignUtils.ParseCrlFromStream(UrlUtil.OpenStream(new Uri(crlurl))));
}
catch (System.IO.IOException) {
return(null);
}
catch (GeneralSecurityException) {
return(null);
}
}
// Certificate Revocation Lists
/// <summary>Gets a CRL from an X509 certificate.</summary>
/// <param name="certificate">the X509Certificate to extract the CRL from</param>
/// <returns>CRL or null if there's no CRL available</returns>
public static X509Crl GetCRL(X509Certificate certificate)
{
return(CertificateUtil.GetCRL(CertificateUtil.GetCRLURL(certificate)));
}
