/// <summary>Fetches the CRL bytes from an URL.</summary> /// <remarks> /// Fetches the CRL bytes from an URL. /// If no url is passed as parameter, the url will be obtained from the certificate. /// If you want to load a CRL from a local file, subclass this method and pass an /// URL with the path to the local file to this method. An other option is to use /// the CrlClientOffline class. /// </remarks> /// <seealso cref="ICrlClient.GetEncoded(Org.BouncyCastle.X509.X509Certificate, System.String)"/> public virtual ICollection <byte[]> GetEncoded(X509Certificate checkCert, String url) { if (checkCert == null) { return(null); } IList <Uri> urllist = new List <Uri>(urls); if (urllist.Count == 0) { LOGGER.Info("Looking for CRL for certificate " + checkCert.SubjectDN); try { if (url == null) { url = CertificateUtil.GetCRLURL(checkCert); } if (url == null) { throw new ArgumentException("Passed url can not be null."); } urllist.Add(new Uri(url)); LOGGER.Info("Found CRL url: " + url); } catch (Exception e) { LOGGER.Info("Skipped CRL url: " + e.Message); } } IList <byte[]> ar = new List <byte[]>(); foreach (Uri urlt in urllist) { try { LOGGER.Info("Checking CRL: " + urlt); Stream inp = SignUtils.GetHttpResponse(urlt); byte[] buf = new byte[1024]; MemoryStream bout = new MemoryStream(); while (true) { int n = inp.JRead(buf, 0, buf.Length); if (n <= 0) { break; } bout.Write(buf, 0, n); } inp.Dispose(); ar.Add(bout.ToArray()); LOGGER.Info("Added CRL found at: " + urlt); } catch (Exception e) { LOGGER.Info("Skipped CRL: " + e.Message + " for " + urlt); } } return(ar); }
/// <summary>Creates a CrlClientOnline instance using a certificate chain.</summary> public CrlClientOnline(X509Certificate[] chain) { for (int i = 0; i < chain.Length; i++) { X509Certificate cert = (X509Certificate)chain[i]; LOGGER.Info("Checking certificate: " + cert.SubjectDN); try { AddUrl(CertificateUtil.GetCRLURL(cert)); } catch (CertificateParsingException) { LOGGER.Info("Skipped CRL url (certificate could not be parsed)"); } } }
/// <summary>Fetches a CRL for a specific certificate online (without further checking).</summary> /// <param name="signCert">the certificate</param> /// <param name="issuerCert">its issuer</param> /// <returns>an X509CRL object</returns> public virtual X509Crl GetCRL(X509Certificate signCert, X509Certificate issuerCert) { if (issuerCert == null) { issuerCert = signCert; } try { // gets the URL from the certificate String crlurl = CertificateUtil.GetCRLURL(signCert); if (crlurl == null) { return(null); } LOGGER.Info("Getting CRL from " + crlurl); return((X509Crl)SignUtils.ParseCrlFromStream(UrlUtil.OpenStream(new Uri(crlurl)))); } catch (System.IO.IOException) { return(null); } catch (GeneralSecurityException) { return(null); } }
// Certificate Revocation Lists /// <summary>Gets a CRL from an X509 certificate.</summary> /// <param name="certificate">the X509Certificate to extract the CRL from</param> /// <returns>CRL or null if there's no CRL available</returns> public static X509Crl GetCRL(X509Certificate certificate) { return(CertificateUtil.GetCRL(CertificateUtil.GetCRLURL(certificate))); }