public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters pkixParams) { //IL_002d: Unknown result type (might be due to invalid IL or missing references) IX509Selector targetConstraints = pkixParams.GetTargetConstraints(); if (!(targetConstraints is X509AttrCertStoreSelector)) { throw new ArgumentException("TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).get_FullName(), "pkixParams"); } IX509AttributeCertificate attributeCert = ((X509AttrCertStoreSelector)targetConstraints).AttributeCert; PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attributeCert, pkixParams); PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams); X509Certificate x509Certificate = (X509Certificate)certPath.Certificates.get_Item(0); Rfc3281CertPathUtilities.ProcessAttrCert3(x509Certificate, pkixParams); Rfc3281CertPathUtilities.ProcessAttrCert4(x509Certificate, pkixParams); Rfc3281CertPathUtilities.ProcessAttrCert5(attributeCert, pkixParams); Rfc3281CertPathUtilities.ProcessAttrCert7(attributeCert, certPath, holderCertPath, pkixParams); Rfc3281CertPathUtilities.AdditionalChecks(attributeCert, pkixParams); global::System.DateTime validCertDateFromValidityModel; try { validCertDateFromValidityModel = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1); } catch (global::System.Exception cause) { throw new PkixCertPathValidatorException("Could not get validity date from attribute certificate.", cause); } Rfc3281CertPathUtilities.CheckCrls(attributeCert, pkixParams, x509Certificate, validCertDateFromValidityModel, certPath.Certificates); return(result); }
/** * Validates an attribute certificate with the given certificate path. * * <p> * <code>params</code> must be an instance of * <code>ExtendedPkixParameters</code>. * </p><p> * The target constraints in the <code>params</code> must be an * <code>X509AttrCertStoreSelector</code> with at least the attribute * certificate criterion set. Obey that also target informations may be * necessary to correctly validate this attribute certificate. * </p><p> * The attribute certificate issuer must be added to the trusted attribute * issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}. * </p> * @param certPath The certificate path which belongs to the attribute * certificate issuer public key certificate. * @param params The PKIX parameters. * @return A <code>PKIXCertPathValidatorResult</code> of the result of * validating the <code>certPath</code>. * @throws InvalidAlgorithmParameterException if <code>params</code> is * inappropriate for this validator. * @throws CertPathValidatorException if the verification fails. */ public virtual PkixCertPathValidatorResult Validate( PkixCertPath certPath, PkixParameters pkixParams) { IX509Selector certSelect = pkixParams.GetTargetConstraints(); if (!(certSelect is X509AttrCertStoreSelector)) { throw new ArgumentException( "TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName, "pkixParams"); } IX509AttributeCertificate attrCert = ((X509AttrCertStoreSelector)certSelect).AttributeCert; PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attrCert, pkixParams); PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams); X509Certificate issuerCert = (X509Certificate)certPath.Certificates[0]; Rfc3281CertPathUtilities.ProcessAttrCert3(issuerCert, pkixParams); Rfc3281CertPathUtilities.ProcessAttrCert4(issuerCert, pkixParams); Rfc3281CertPathUtilities.ProcessAttrCert5(attrCert, pkixParams); // 6 already done in X509AttrCertStoreSelector Rfc3281CertPathUtilities.ProcessAttrCert7(attrCert, certPath, holderCertPath, pkixParams); Rfc3281CertPathUtilities.AdditionalChecks(attrCert, pkixParams); DateTime date; try { date = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1); } catch (Exception e) { throw new PkixCertPathValidatorException( "Could not get validity date from attribute certificate.", e); } Rfc3281CertPathUtilities.CheckCrls(attrCert, pkixParams, issuerCert, date, certPath.Certificates); return(result); }
protected virtual PkixCertPathBuilderResult Build( X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath) { // If tbvCert is readily present in tbvPath, it indicates having run // into a cycle in the PKI graph. if (tbvPath.Contains(tbvCert)) { return(null); } // step out, the certificate is not allowed to appear in a certification // chain. if (pkixParams.GetExcludedCerts().Contains(tbvCert)) { return(null); } // test if certificate path exceeds maximum length if (pkixParams.MaxPathLength != -1) { if (tbvPath.Count - 1 > pkixParams.MaxPathLength) { return(null); } } tbvPath.Add(tbvCert); X509CertificateParser certParser = new X509CertificateParser(); PkixCertPathBuilderResult builderResult = null; PkixCertPathValidator validator = new PkixCertPathValidator(); try { // check whether the issuer of <tbvCert> is a TrustAnchor if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null) { // exception message from possibly later tried certification // chains PkixCertPath certPath = null; try { certPath = new PkixCertPath(tbvPath); } catch (Exception e) { throw new Exception( "Certification path could not be constructed from certificate list.", e); } PkixCertPathValidatorResult result = null; try { result = (PkixCertPathValidatorResult)validator.Validate( certPath, pkixParams); } catch (Exception e) { throw new Exception( "Certification path could not be validated.", e); } return(new PkixCertPathBuilderResult(certPath, result.TrustAnchor, result.PolicyTree, result.SubjectPublicKey)); } else { // add additional X.509 stores from locations in certificate try { PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames( tbvCert, pkixParams); } catch (CertificateParsingException e) { throw new Exception( "No additiontal X.509 stores can be added from certificate locations.", e); } // try to get the issuer certificate from one of the stores HashSet issuers = new HashSet(); try { issuers.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams)); } catch (Exception e) { throw new Exception( "Cannot find issuer certificate for certificate in certification path.", e); } if (issuers.IsEmpty) { throw new Exception("No issuer certificate for certificate in certification path found."); } foreach (X509Certificate issuer in issuers) { builderResult = Build(issuer, pkixParams, tbvPath); if (builderResult != null) { break; } } } } catch (Exception e) { certPathException = e; } if (builderResult == null) { tbvPath.Remove(tbvCert); } return(builderResult); }
internal CertificateValidationResult(PkixCertPathValidatorResult result) { _result = result; Success = true; }
protected virtual PkixCertPathBuilderResult Build(X509Certificate tbvCert, PkixBuilderParameters pkixParams, global::System.Collections.IList tbvPath) { if (tbvPath.Contains((object)tbvCert)) { return(null); } if (pkixParams.GetExcludedCerts().Contains(tbvCert)) { return(null); } if (pkixParams.MaxPathLength != -1 && ((global::System.Collections.ICollection)tbvPath).get_Count() - 1 > pkixParams.MaxPathLength) { return(null); } tbvPath.Add((object)tbvCert); PkixCertPathBuilderResult pkixCertPathBuilderResult = null; PkixCertPathValidator pkixCertPathValidator = new PkixCertPathValidator(); try { if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null) { PkixCertPath pkixCertPath = null; try { pkixCertPath = new PkixCertPath((global::System.Collections.ICollection)tbvPath); } catch (global::System.Exception ex) { throw new global::System.Exception("Certification path could not be constructed from certificate list.", ex); } PkixCertPathValidatorResult pkixCertPathValidatorResult = null; try { pkixCertPathValidatorResult = pkixCertPathValidator.Validate(pkixCertPath, pkixParams); } catch (global::System.Exception ex2) { throw new global::System.Exception("Certification path could not be validated.", ex2); } return(new PkixCertPathBuilderResult(pkixCertPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey)); } try { PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams); } catch (CertificateParsingException ex3) { throw new global::System.Exception("No additiontal X.509 stores can be added from certificate locations.", (global::System.Exception)ex3); } HashSet hashSet = new HashSet(); try { hashSet.AddAll((global::System.Collections.IEnumerable)PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams)); } catch (global::System.Exception ex4) { throw new global::System.Exception("Cannot find issuer certificate for certificate in certification path.", ex4); } if (hashSet.IsEmpty) { throw new global::System.Exception("No issuer certificate for certificate in certification path found."); } global::System.Collections.IEnumerator enumerator = hashSet.GetEnumerator(); try { while (enumerator.MoveNext()) { X509Certificate tbvCert2 = (X509Certificate)enumerator.get_Current(); pkixCertPathBuilderResult = Build(tbvCert2, pkixParams, tbvPath); if (pkixCertPathBuilderResult != null) { break; } } } finally { global::System.IDisposable disposable = enumerator as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } } catch (global::System.Exception ex5) { global::System.Exception ex6 = (certPathException = ex5); } if (pkixCertPathBuilderResult == null) { tbvPath.Remove((object)tbvCert); } return(pkixCertPathBuilderResult); }
protected virtual PkixCertPathBuilderResult Build(X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath) { if (tbvPath.Contains(tbvCert)) { return(null); } if (pkixParams.GetExcludedCerts().Contains(tbvCert)) { return(null); } if (pkixParams.MaxPathLength != -1 && tbvPath.Count - 1 > pkixParams.MaxPathLength) { return(null); } tbvPath.Add(tbvCert); PkixCertPathBuilderResult pkixCertPathBuilderResult = null; PkixCertPathValidator pkixCertPathValidator = new PkixCertPathValidator(); try { if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null) { PkixCertPath certPath = null; try { certPath = new PkixCertPath(tbvPath); } catch (Exception innerException) { throw new Exception("Certification path could not be constructed from certificate list.", innerException); } PkixCertPathValidatorResult pkixCertPathValidatorResult = null; try { pkixCertPathValidatorResult = pkixCertPathValidator.Validate(certPath, pkixParams); } catch (Exception innerException2) { throw new Exception("Certification path could not be validated.", innerException2); } return(new PkixCertPathBuilderResult(certPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey)); } try { PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams); } catch (CertificateParsingException innerException3) { throw new Exception("No additiontal X.509 stores can be added from certificate locations.", innerException3); } HashSet hashSet = new HashSet(); try { hashSet.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams)); } catch (Exception innerException4) { throw new Exception("Cannot find issuer certificate for certificate in certification path.", innerException4); } if (hashSet.IsEmpty) { throw new Exception("No issuer certificate for certificate in certification path found."); } foreach (X509Certificate tbvCert2 in hashSet) { pkixCertPathBuilderResult = this.Build(tbvCert2, pkixParams, tbvPath); if (pkixCertPathBuilderResult != null) { break; } } } catch (Exception ex) { this.certPathException = ex; } if (pkixCertPathBuilderResult == null) { tbvPath.Remove(tbvCert); } return(pkixCertPathBuilderResult); }