/// <summary>Fetches the CRL bytes from an URL.</summary>
        /// <remarks>
        /// Fetches the CRL bytes from an URL.
        /// If no url is passed as parameter, the url will be obtained from the certificate.
        /// If you want to load a CRL from a local file, subclass this method and pass an
        /// URL with the path to the local file to this method. An other option is to use
        /// the CrlClientOffline class.
        /// </remarks>
        /// <seealso cref="ICrlClient.GetEncoded(Org.BouncyCastle.X509.X509Certificate, System.String)"/>
        public virtual ICollection <byte[]> GetEncoded(X509Certificate checkCert, String url)
        {
            if (checkCert == null)
            {
                return(null);
            }
            IList <Uri> urllist = new List <Uri>(urls);

            if (urllist.Count == 0)
            {
                LOGGER.Info("Looking for CRL for certificate " + checkCert.SubjectDN);
                try {
                    if (url == null)
                    {
                        url = CertificateUtil.GetCRLURL(checkCert);
                    }
                    if (url == null)
                    {
                        throw new ArgumentException("Passed url can not be null.");
                    }
                    urllist.Add(new Uri(url));
                    LOGGER.Info("Found CRL url: " + url);
                }
                catch (Exception e) {
                    LOGGER.Info("Skipped CRL url: " + e.Message);
                }
            }
            IList <byte[]> ar = new List <byte[]>();

            foreach (Uri urlt in urllist)
            {
                try {
                    LOGGER.Info("Checking CRL: " + urlt);
                    Stream       inp  = SignUtils.GetHttpResponse(urlt);
                    byte[]       buf  = new byte[1024];
                    MemoryStream bout = new MemoryStream();
                    while (true)
                    {
                        int n = inp.JRead(buf, 0, buf.Length);
                        if (n <= 0)
                        {
                            break;
                        }
                        bout.Write(buf, 0, n);
                    }
                    inp.Dispose();
                    ar.Add(bout.ToArray());
                    LOGGER.Info("Added CRL found at: " + urlt);
                }
                catch (Exception e) {
                    LOGGER.Info("Skipped CRL: " + e.Message + " for " + urlt);
                }
            }
            return(ar);
        }
 /// <summary>Creates a CrlClientOnline instance using a certificate chain.</summary>
 public CrlClientOnline(X509Certificate[] chain)
 {
     for (int i = 0; i < chain.Length; i++)
     {
         X509Certificate cert = (X509Certificate)chain[i];
         LOGGER.Info("Checking certificate: " + cert.SubjectDN);
         try {
             AddUrl(CertificateUtil.GetCRLURL(cert));
         }
         catch (CertificateParsingException) {
             LOGGER.Info("Skipped CRL url (certificate could not be parsed)");
         }
     }
 }
Example #3
0
 /// <summary>Fetches a CRL for a specific certificate online (without further checking).</summary>
 /// <param name="signCert">the certificate</param>
 /// <param name="issuerCert">its issuer</param>
 /// <returns>an X509CRL object</returns>
 public virtual X509Crl GetCRL(X509Certificate signCert, X509Certificate issuerCert)
 {
     if (issuerCert == null)
     {
         issuerCert = signCert;
     }
     try {
         // gets the URL from the certificate
         String crlurl = CertificateUtil.GetCRLURL(signCert);
         if (crlurl == null)
         {
             return(null);
         }
         LOGGER.Info("Getting CRL from " + crlurl);
         return((X509Crl)SignUtils.ParseCrlFromStream(UrlUtil.OpenStream(new Uri(crlurl))));
     }
     catch (System.IO.IOException) {
         return(null);
     }
     catch (GeneralSecurityException) {
         return(null);
     }
 }
Example #4
0
 // Certificate Revocation Lists
 /// <summary>Gets a CRL from an X509 certificate.</summary>
 /// <param name="certificate">the X509Certificate to extract the CRL from</param>
 /// <returns>CRL or null if there's no CRL available</returns>
 public static X509Crl GetCRL(X509Certificate certificate)
 {
     return(CertificateUtil.GetCRL(CertificateUtil.GetCRLURL(certificate)));
 }