public void encodeTest1()
{
authorityInfoAccess target = new authorityInfoAccess(testXmlInput);
AuthorityInformationAccess actual = target.AuthorityInformationAccess;
Assert.IsInstanceOfType(actual, typeof(AuthorityInformationAccess));
}
public static List <string> GetAuthorityInformationAccessOcspUrl(X509Certificate cert)
{
var ocspUrls = new List <string>();
try
{
var asn1 = GetExtensionValue(cert, X509Extensions.AuthorityInfoAccess.Id);
if (asn1 == null)
{
return(null);
}
var aia = AuthorityInformationAccess.GetInstance(asn1);
var desc = aia.GetAccessDescriptions();
var ocspUrl = desc.FirstOrDefault(a => a.AccessMethod.Id == "1.3.6.1.5.5.7.48.1").AccessLocation;
ocspUrls.Add(ocspUrl.Name.ToString());
}
catch (Exception e)
{
throw new Exception("Error parsing AuthorityInformationAccess.", e);
}
return(ocspUrls);
}
/// <summary>
/// Checking if the OCSP AIA is in the certifiata and gets the url for the OCSP server.
/// </summary>
/// <param name="cert">Client certifiacte</param>
/// <returns>OCSP url found in certificate</returns>
public string getOCSPUrl(X509Certificate cert)
{
string ocspUrl = "";
try
{
Asn1Object obj = GetExtensionValue(cert, X509Extensions.AuthorityInfoAccess.Id);
if (obj == null)
{
return(null);
}
AuthorityInformationAccess aia = AuthorityInformationAccess.GetInstance(obj);
//log.LogError(Logger.LogLevel.ERROR, "OCSPURL", aia.ToString());
AccessDescription[] des = aia.GetAccessDescriptions();
foreach (var item in des)
{
if (item.ToString() == "AccessDescription: Oid(1.3.6.1.5.5.7.48.1)")
{
GeneralName ocspName = item.AccessLocation;
ocspUrl = DerIA5String.GetInstance(ocspName.Name).GetString();
}
}
}
catch (Exception e)
{
//log.LogError(Logger.LogLevel.ERROR, "OCSPclient - getOCSPUrl", e.Message);
throw new HttpException(401, "Unable to get the URL for OCSP responder: " + e.Message);
}
return(ocspUrl);
}
private string GetAccessLocation(X509Certificate certificate, DerObjectIdentifier
accessMethod)
{
Asn1OctetString authInfoAccessExtensionValue = certificate.GetExtensionValue(X509Extensions
.AuthorityInfoAccess);
if (null == authInfoAccessExtensionValue)
{
return(null);
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.GetInstance(authInfoAccessExtensionValue.GetOctets());
AccessDescription[] accessDescriptions = authorityInformationAccess.GetAccessDescriptions();
foreach (AccessDescription accessDescription in accessDescriptions)
{
logger.Info("access method: " + accessDescription.AccessMethod);
bool correctAccessMethod = accessDescription.AccessMethod.Equals(accessMethod);
if (!correctAccessMethod)
{
continue;
}
GeneralName gn = accessDescription.AccessLocation;
if (gn.TagNo != GeneralName.UniformResourceIdentifier)
{
logger.Info("not a uniform resource identifier");
continue;
}
DerIA5String str = (DerIA5String)((DerTaggedObject)gn.ToAsn1Object()).GetObject();
string accessLocation = str.GetString();
logger.Info("access location: " + accessLocation);
return(accessLocation);
}
return(null);
}
/// <summary>
/// Create AIA extension from an X509Extension
/// </summary>
/// <param name="Extension">X509 extension</param>
/// <remarks>
/// Sub classses must provide an implementation to decode their values
/// </remarks>
public authorityInfoAccess(X509Extension Extension) : base(Extension.IsCritical)
{
base.oid = X509Extensions.AuthorityInfoAccess;
base.name = "AuthorityInfoAccess";
base.displayName = "Authority Information Access";
AuthorityInformationAccess aia = AuthorityInformationAccess.GetInstance(Extension);
decode(aia.GetAccessDescriptions());
}
/// <summary>
/// Adds the authority access information to the certificate, this specifies where the issuing certificate can be found.
/// can be through ldap and http.
/// </summary>
/// <param name="certificateUrl"></param>
/// <returns></returns>
public CertificateBuilder AddAuthorityInfoAccess(string certificateUrl)
{
var authAccess = new AuthorityInformationAccess(new AccessDescription(
X509ObjectIdentifiers.CrlAccessMethod,
new GeneralName(GeneralName.UniformResourceIdentifier, certificateUrl)));
certificateGenerator.AddExtension(X509Extensions.AuthorityInfoAccess, false, authAccess);
logger.Debug($"[AUTHORITY LOCATION] {certificateUrl}");
return(this);
}
private string GetAccessLocation(X509Certificate certificate, DerObjectIdentifier
accessMethod)
{
try
{
//byte[] authInfoAccessExtensionValue = certificate.GetExtensionValue(X509Extensions
// .AuthorityInfoAccess);
Asn1OctetString authInfoAccessExtensionValue = certificate.GetExtensionValue(X509Extensions
.AuthorityInfoAccess);
if (null == authInfoAccessExtensionValue)
{
return(null);
}
AuthorityInformationAccess authorityInformationAccess;
//DerOctetString oct = (DerOctetString)(new Asn1InputStream(new MemoryStream
// (authInfoAccessExtensionValue)).ReadObject());
DerOctetString oct = (DerOctetString)authInfoAccessExtensionValue;
//authorityInformationAccess = new AuthorityInformationAccess((Asn1Sequence)new Asn1InputStream
// (oct.GetOctets()).ReadObject());
authorityInformationAccess = AuthorityInformationAccess.GetInstance(oct);
AccessDescription[] accessDescriptions = authorityInformationAccess.GetAccessDescriptions
();
foreach (AccessDescription accessDescription in accessDescriptions)
{
LOG.Info("access method: " + accessDescription.AccessMethod);
bool correctAccessMethod = accessDescription.AccessMethod.Equals(accessMethod
);
if (!correctAccessMethod)
{
continue;
}
GeneralName gn = accessDescription.AccessLocation;
if (gn.TagNo != GeneralName.UniformResourceIdentifier)
{
LOG.Info("not a uniform resource identifier");
continue;
}
DerIA5String str = (DerIA5String)((DerTaggedObject)gn.ToAsn1Object()).GetObject();
string accessLocation = str.GetString();
LOG.Info("access location: " + accessLocation);
return(accessLocation);
}
return(null);
}
catch (IOException e)
{
throw new RuntimeException("IO error: " + e.Message, e);
}
}
public static string GetCaIssuerUrl(X509Certificate2 certificate)
{
var extensions = GetX509Extensions(certificate);
AccessDescription[] authorityInformationAccess = AuthorityInformationAccess.GetInstance(extensions.GetExtension(X509Extensions.AuthorityInfoAccess)).GetAccessDescriptions();
if (authorityInformationAccess == null)
{
throw new InvalidCaIssuerUrlException("Could not find CA issuer for certificate " + certificate);
}
var caIssuerUrl = GetAccessDescriptionUrlForOid(AccessDescription.IdADCAIssuers, authorityInformationAccess);
if (caIssuerUrl == null)
{
throw new InvalidCaIssuerUrlException("Could not find CA issuer for certificate " + certificate);
}
return(caIssuerUrl);
}
public static string GetOcspUrl(X509Certificate2 certificate)
{
var extensions = GetX509Extensions(certificate);
AccessDescription[] authorityInformationAccess = AuthorityInformationAccess.GetInstance(extensions.GetExtension(X509Extensions.AuthorityInfoAccess)).GetAccessDescriptions();
if (authorityInformationAccess == null)
{
throw new InvalidOperationException("Could not find ocsp url for certificate " + certificate);
}
var ocspUrl = GetAccessDescriptionUrlForOid(AccessDescription.IdADOcsp, authorityInformationAccess);
if (ocspUrl == null)
{
throw new InvalidOperationException("Could not find ocsp url for certificate " + certificate);
}
return(ocspUrl);
}
public virtual IList <Uri> GetOcspUris()
{
List <Uri> ocspUris;
try
{
byte[] bytes = _Certificate.GetExtensionValue(new DerObjectIdentifier(X509Extensions.AuthorityInfoAccess.Id)).GetOctets();
Asn1InputStream aIn = new Asn1InputStream(bytes);
var Asn1 = aIn.ReadObject();
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.GetInstance(Asn1);
var ocspValues = authorityInformationAccess.GetAccessDescriptions().Where(x => x.AccessMethod.Id.Equals("1.3.6.1.5.5.7.48.1"));
ocspUris = ocspValues.Select(x => new Uri(x.AccessLocation.Name.ToString())).ToList();
}
catch
{
ocspUris = new List <Uri>();
}
return(ocspUris);
}
protected void ApplyAuthorityInfoAccess(
X509V3CertificateGenerator certGen,
string rootCertLink
)
{
if (string.IsNullOrEmpty(rootCertLink))
{
return;
}
int uri = GeneralName.UniformResourceIdentifier;
GeneralName gn = new GeneralName(uri, rootCertLink);
AuthorityInformationAccess authorityInformationAccess = new AuthorityInformationAccess(X509ObjectIdentifiers.IdADCAIssuers, gn);
certGen.AddExtension(
X509Extensions.AuthorityInfoAccess,
false,
authorityInformationAccess
);
}
private List <string> GetOcspEndPoints(BcX509Certificate x509Certificate)
{
Asn1OctetString aiaAsn1OctetString = x509Certificate.GetExtensionValue(X509Extensions.AuthorityInfoAccess);
if (aiaAsn1OctetString == null)
{
return(new List <string>());
}
Asn1InputStream aiaAsn1InputStream = new Asn1InputStream(aiaAsn1OctetString.GetOctets());
Asn1Object aiaAsn1Object = aiaAsn1InputStream.ReadObject();
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.GetInstance(aiaAsn1Object);
authorityInformationAccess.GetAccessDescriptions();
//want url not issuing cert
return(authorityInformationAccess.GetAccessDescriptions()
.Where(_ => _.AccessMethod.Id == "1.3.6.1.5.5.7.48.1")
.Select(_ => _.AccessLocation.Name.ToString())
.ToList());
}
/// <inheritdoc />
public override void InjectReferenceValue(X509Certificate2 value)
{
Certificate = value;
Asn1Object exValue = GetExtensionValue(value);
if (exValue == null)
{
if (IsRequired())
{
throw new PolicyRequiredException("Extention " + ExtentionIdentifier.Display +
" is marked as required but is not present.");
}
var emptyList = new List <string>();
PolicyValue = new PolicyValue <IList <string> >(emptyList);
return;
}
AuthorityInformationAccess aia = AuthorityInformationAccess.GetInstance(exValue);
IList <String> retVal = new List <String>();
foreach (var accessDescription in aia.GetAccessDescriptions())
{
string accessMethod = Standard.AuthorityInfoAccessMethodIdentifier.FromId(
accessDescription.AccessMethod.ToString()).Name;
retVal.Add(accessMethod + ":" + accessDescription.AccessLocation.Name);
}
if (!retVal.Any() && IsRequired())
{
throw new PolicyRequiredException("Extention " + ExtentionIdentifier.Display +
" is marked as required by is not present.");
}
PolicyValue = new PolicyValue <IList <string> >(retVal);
}
static void Main(string[] args)
{
foreach (string s in args)
{
if (s.StartsWith("-out:"))
{
outputfile = s.Replace("-out:", "");
}
if (s.StartsWith("-in:"))
{
certfile = s.Replace("-in:", "");
}
}
if (outputfile != "stdout")
{
str = new StreamWriter(outputfile, false);
}
System.Security.Cryptography.X509Certificates.X509Certificate2 cer = new System.Security.Cryptography.X509Certificates.X509Certificate2(File.ReadAllBytes(certfile));
Al.Security.X509.X509Certificate CERT = Al.Security.Security.DotNetUtilities.FromX509Certificate(cer);
Print("Certificate");
Print(" Data");
Print(" Version : " + cer.Version.ToString());
Print(" Valid : " + cer.Verify().ToString());
Print(" Serial Number:");
Print(" " + cer.SerialNumber);
Print(" Signature Algorithm : ");
Print(" " + cer.SignatureAlgorithm.FriendlyName);
Print(" Issuer : " + cer.Issuer);
Print(" Validity : ");
Print(" Not Before : " + GetRFC822Date(cer.NotBefore));
Print(" Not After : " + GetRFC822Date(cer.NotAfter));
Print(" Subject : " + cer.Subject);
Print(" Subject Public Key Info:");
Print(" Public Key Exchange Algorithm: " + cer.PublicKey.Key.KeyExchangeAlgorithm);
Print(" Public Key: " + cer.PublicKey.Key.KeySize.ToString() + " bit");
Print(" Modulus:");
Print(cer.GetPublicKey(), " ");
if (CERT.GetPublicKey() is Al.Security.Crypto.Parameters.RsaKeyParameters)
{
RsaKeyParameters rsa = (RsaKeyParameters)CERT.GetPublicKey();
Print(" Exponent:" + rsa.Exponent);
}
else if (CERT.GetPublicKey() is Al.Security.Crypto.Parameters.DsaKeyParameters)
{
DsaKeyParameters dsa = (DsaKeyParameters)CERT.GetPublicKey();
Print(" DSA Parameters:");
Print(" G:");
Print(" " + dsa.Parameters.G.ToString());
Print(" P:");
Print(" " + dsa.Parameters.P.ToString());
Print(" Q:");
Print(" " + dsa.Parameters.Q.ToString());
}
// Extensions
Print(" X509 Extensions");
string extab = " ";
bool critical = true;
foreach (string oid in CERT.GetCriticalExtensionOids())
{
Print(" ");
X509Extension ext = new X509Extension(true, CERT.GetExtensionValue(oid));
if (oid == X509Extensions.BasicConstraints.Id)
{
BasicConstraints bc = BasicConstraints.GetInstance(ext);
Print(extab + "Basic Constraints Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " CA:" + bc.IsCA().ToString());
if (bc.PathLenConstraint != null)
{
Print(extab + " Path Length:" + bc.PathLenConstraint.ToString());
}
else
{
Print(extab + " Path Length:Null");
}
}
else if (oid == X509Extensions.KeyUsage.Id)
{
KeyUsage keyu = KeyUsage.GetInstance(ext);
Print(extab + "Key Usage Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Key Usages:" + keyu.ToString());
}
else if (oid == X509Extensions.ExtendedKeyUsage.Id)
{
ExtendedKeyUsage keyu = ExtendedKeyUsage.GetInstance(ext);
Print(extab + "Extended Key Usage Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Extended Key Usages:");
foreach (DerObjectIdentifier id in keyu.GetAllUsages())
{
Print(extab + " " + id.Id);
}
}
else if (oid == X509Extensions.SubjectKeyIdentifier.Id)
{
SubjectKeyIdentifier keyu = SubjectKeyIdentifier.GetInstance(ext);
Print(extab + "Subject Key Identifier Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Key Identifier:");
Print(keyu.GetKeyIdentifier(), extab + " ");
}
else if (oid == X509Extensions.AuthorityKeyIdentifier.Id)
{
AuthorityKeyIdentifier keyu = AuthorityKeyIdentifier.GetInstance(ext);
Print(extab + "Authority Key Identifier Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Key Identifier:");
Print(keyu.GetKeyIdentifier(), extab + " ");
}
else if (oid == X509Extensions.SubjectAlternativeName.Id)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value);
GeneralNames keyu = GeneralNames.GetInstance(asn1Object);
Print(extab + "Subject Alternative Name Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " General Names:");
foreach (GeneralName gen in keyu.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + " " + gen.Name);
}
}
else if (oid == X509Extensions.IssuerAlternativeName.Id)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value);
GeneralNames keyu = GeneralNames.GetInstance(asn1Object);
Print(extab + "Issuer Alternative Name Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " General Names:");
foreach (GeneralName gen in keyu.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + " " + gen.Name);
}
}
else if (oid == X509Extensions.AuthorityInfoAccess.Id)
{
AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext);
Print(extab + "Authority Information Access Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Access Descriptions:");
foreach (AccessDescription acc in keyu.GetAccessDescriptions())
{
Print(extab + " Method:" + acc.AccessMethod.Id);
GeneralName gen = acc.AccessLocation;
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " Access Location:" + tagname + "=" + gen.Name);
}
}
else if (oid == X509Extensions.SubjectInfoAccess.Id)
{
AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext);
Print(extab + "Subject Information Access Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Access Descriptions:");
foreach (AccessDescription acc in keyu.GetAccessDescriptions())
{
Print(extab + " Method:" + acc.AccessMethod.Id);
GeneralName gen = acc.AccessLocation;
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " Access Location:" + tagname + "=" + gen.Name);
}
}
else if (oid == X509Extensions.CrlDistributionPoints.Id)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value);
CrlDistPoint keyu = CrlDistPoint.GetInstance(asn1Object);
Print(extab + "Crl Distribution Points Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Distribution Points:");
foreach (DistributionPoint acc in keyu.GetDistributionPoints())
{
if (acc.Reasons != null)
{
Print(extab + " Reasons:" + acc.Reasons.GetString());
}
else
{
Print(extab + " Reasons:Null");
}
if (acc.CrlIssuer != null)
{
Print(extab + " Crl Issuer:");
foreach (GeneralName gen in acc.CrlIssuer.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + ": " + gen.Name);
}
}
else
{
Print(extab + " Crl Issuer:Null");
}
Print(extab + " Distribution Point Name:");
if (acc.DistributionPointName.PointType == DistributionPointName.FullName)
{
GeneralNames sgen = GeneralNames.GetInstance(acc.DistributionPointName.Name);
foreach (GeneralName gen in sgen.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + " " + gen.Name);
}
}
else
{
Print(extab + " Not Supported by OCT");
}
}
}
}
critical = false;
foreach (string oid in CERT.GetNonCriticalExtensionOids())
{
Print(" ");
X509Extension ext = new X509Extension(true, CERT.GetExtensionValue(oid));
if (oid == X509Extensions.BasicConstraints.Id)
{
BasicConstraints bc = BasicConstraints.GetInstance(ext);
Print(extab + "Basic Constraints Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " CA:" + bc.IsCA().ToString());
if (bc.PathLenConstraint != null)
{
Print(extab + " Path Length:" + bc.PathLenConstraint.ToString());
}
else
{
Print(extab + " Path Length:Null");
}
}
else if (oid == X509Extensions.KeyUsage.Id)
{
KeyUsage keyu = KeyUsage.GetInstance(ext);
Print(extab + "Key Usage Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Key Usages:" + keyu.ToString());
}
else if (oid == X509Extensions.ExtendedKeyUsage.Id)
{
ExtendedKeyUsage keyu = ExtendedKeyUsage.GetInstance(ext);
Print(extab + "Extended Key Usage Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Extended Key Usages:");
foreach (DerObjectIdentifier id in keyu.GetAllUsages())
{
Print(extab + " " + id.Id);
}
}
else if (oid == X509Extensions.SubjectKeyIdentifier.Id)
{
SubjectKeyIdentifier keyu = SubjectKeyIdentifier.GetInstance(ext);
Print(extab + "Subject Key Identifier Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Key Identifier:");
Print(keyu.GetKeyIdentifier(), extab + " ");
}
else if (oid == X509Extensions.AuthorityKeyIdentifier.Id)
{
AuthorityKeyIdentifier keyu = AuthorityKeyIdentifier.GetInstance(ext);
Print(extab + "Authority Key Identifier Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Key Identifier:");
Print(keyu.GetKeyIdentifier(), extab + " ");
}
else if (oid == X509Extensions.SubjectAlternativeName.Id)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value);
GeneralNames keyu = GeneralNames.GetInstance(asn1Object);
Print(extab + "Subject Alternative Name Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " General Names:");
foreach (GeneralName gen in keyu.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + " " + gen.Name);
}
}
else if (oid == X509Extensions.IssuerAlternativeName.Id)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value);
GeneralNames keyu = GeneralNames.GetInstance(asn1Object);
Print(extab + "Issuer Alternative Name Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " General Names:");
foreach (GeneralName gen in keyu.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + " " + gen.Name);
}
}
else if (oid == X509Extensions.AuthorityInfoAccess.Id)
{
AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext);
Print(extab + "Authority Information Access Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Access Descriptions:");
foreach (AccessDescription acc in keyu.GetAccessDescriptions())
{
Print(extab + " Method:" + acc.AccessMethod.Id);
GeneralName gen = acc.AccessLocation;
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " Access Location:" + tagname + "=" + gen.Name);
}
}
else if (oid == X509Extensions.SubjectInfoAccess.Id)
{
AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext);
Print(extab + "Subject Information Access Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Access Descriptions:");
foreach (AccessDescription acc in keyu.GetAccessDescriptions())
{
Print(extab + " Method:" + acc.AccessMethod.Id);
GeneralName gen = acc.AccessLocation;
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " Access Location:" + tagname + "=" + gen.Name);
}
}
else if (oid == X509Extensions.CrlDistributionPoints.Id)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value);
CrlDistPoint keyu = CrlDistPoint.GetInstance(asn1Object);
Print(extab + "Crl Distribution Points Extension");
Print(extab + " Critical:" + critical.ToString());
Print(extab + " Distribution Points:");
foreach (DistributionPoint acc in keyu.GetDistributionPoints())
{
if (acc.Reasons != null)
{
Print(extab + " Reasons:" + acc.Reasons.GetString());
}
else
{
Print(extab + " Reasons:Null");
}
if (acc.CrlIssuer != null)
{
Print(extab + " Crl Issuer:");
foreach (GeneralName gen in acc.CrlIssuer.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + ": " + gen.Name);
}
}
else
{
Print(extab + " Crl Issuer:Null");
}
Print(extab + " Distribution Point Name:");
if (acc.DistributionPointName.PointType == DistributionPointName.FullName)
{
GeneralNames sgen = GeneralNames.GetInstance(acc.DistributionPointName.Name);
foreach (GeneralName gen in sgen.GetNames())
{
string tagname = "Dns Name:";
if (gen.TagNo == GeneralName.EdiPartyName)
{
tagname = "Edi Party Name:";
}
else if (gen.TagNo == GeneralName.IPAddress)
{
tagname = "IP Address:";
}
else if (gen.TagNo == GeneralName.OtherName)
{
tagname = "Other Name:";
}
else if (gen.TagNo == GeneralName.RegisteredID)
{
tagname = "Registered ID:";
}
else if (gen.TagNo == GeneralName.Rfc822Name)
{
tagname = "Rfc822 Name:";
}
else if (gen.TagNo == GeneralName.UniformResourceIdentifier)
{
tagname = "URI:";
}
else if (gen.TagNo == GeneralName.X400Address)
{
tagname = "X400 Address:";
}
else if (gen.TagNo == GeneralName.DirectoryName)
{
tagname = "Directory Name:";
}
Print(extab + " " + tagname + " " + gen.Name);
}
}
else
{
Print(extab + " Not Supported by OCT");
}
}
}
}
// Signature
Print(" Signature Algorithm: " + cer.SignatureAlgorithm.FriendlyName + " " + (CERT.GetSignature().Length * 8) + " bit");
Print(CERT.GetSignature(), " ");
Print(" SHA1 Fingerprint : ");
Print(Sha1(CERT.GetEncoded()), " ");
Print(" SHA224 Fingerprint : ");
Print(Sha224(CERT.GetEncoded()), " ");
Print(" SHA256 Fingerprint : ");
Print(Sha256(CERT.GetEncoded()), " ");
Print(" SHA384 Fingerprint : ");
Print(Sha384(CERT.GetEncoded()), " ");
Print(" SHA512 Fingerprint : ");
Print(Sha512(CERT.GetEncoded()), " ");
Print(" MD5 Fingerprint : ");
Print(MD5(CERT.GetEncoded()), " ");
Print("Issuer Base64:" + Convert.ToBase64String(CERT.IssuerDN.GetDerEncoded()));
Print("Subject Base64:" + Convert.ToBase64String(CERT.SubjectDN.GetDerEncoded()));
Print("Serial Base64:" + Convert.ToBase64String(CERT.SerialNumber.ToByteArray()));
if (outputfile == "stdout")
{
Console.Read();
}
else
{
str.Close();
}
}
/// <summary>
/// Verifies the certificate chain via OCSP
/// </summary>
/// <returns>
/// <c>true</c>, if certificate is revoked, <c>false</c> otherwise.
/// </returns>
/// <param name='chain'>
/// The certificate chain.
/// </param>
private static bool VerifyCertificateOCSP(System.Security.Cryptography.X509Certificates.X509Chain chain)
{
List <X509Certificate> certsList = new List <X509Certificate> ();
List <Uri> certsUrls = new List <Uri> ();
bool bCertificateIsRevoked = false;
try {
//Get the OCSP URLS to be validated for each certificate.
foreach (System.Security.Cryptography.X509Certificates.X509ChainElement cert in chain.ChainElements)
{
X509Certificate BCCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert.Certificate);
if (BCCert.CertificateStructure.TbsCertificate.Extensions != null)
{
X509Extension ext = BCCert.CertificateStructure.TbsCertificate.Extensions.GetExtension(X509Extensions.AuthorityInfoAccess);
if (ext != null)
{
AccessDescription[] certUrls = AuthorityInformationAccess.GetInstance(ext).GetAccessDescriptions();
Uri url = (certUrls != null && certUrls.Length > 0 && certUrls [0].AccessLocation.Name.ToString().StartsWith("http://")) ? new Uri(certUrls [0].AccessLocation.Name.ToString()) : null;
certsList.Add(BCCert);
if (!certsUrls.Contains(url))
{
certsUrls.Add(url);
}
}
}
}
if (certsUrls.Count > 0)
{
//create requests for each cert
List <OcspReq> RequestList = new List <OcspReq>();
OcspReqGenerator OCSPRequestGenerator;
for (int i = 0; i < (certsList.Count - 1); i++)
{
OCSPRequestGenerator = new OcspReqGenerator();
BigInteger nonce = BigInteger.ValueOf(DateTime.Now.Ticks);
List <DerObjectIdentifier> oids = new List <DerObjectIdentifier> ();
oids.Add(Org.BouncyCastle.Asn1.Ocsp.OcspObjectIdentifiers.PkixOcspNonce);
List <X509Extension> values = new List <X509Extension> ();
values.Add(new X509Extension(false, new DerOctetString(nonce.ToByteArray())));
OCSPRequestGenerator.SetRequestExtensions(new X509Extensions(oids, values));
CertificateID ID = new CertificateID(CertificateID.HashSha1, certsList [i + 1], certsList [i].SerialNumber);
OCSPRequestGenerator.AddRequest(ID);
RequestList.Add(OCSPRequestGenerator.Generate());
}
//send requests to the OCSP server and read the response
for (int i = 0; i < certsUrls.Count && !bCertificateIsRevoked; i++)
{
for (int j = 0; j < RequestList.Count && !bCertificateIsRevoked; j++)
{
HttpWebRequest requestToOCSPServer = (HttpWebRequest)WebRequest.Create(certsUrls [i]);
requestToOCSPServer.Method = "POST";
requestToOCSPServer.ContentType = "application/ocsp-request";
requestToOCSPServer.Accept = "application/ocsp-response";
requestToOCSPServer.ReadWriteTimeout = 15000; // 15 seconds waiting to stablish connection
requestToOCSPServer.Timeout = 100000; // 100 seconds timeout reading response
byte[] bRequestBytes = RequestList[j].GetEncoded();
using (Stream requestStream = requestToOCSPServer.GetRequestStream()) {
requestStream.Write(bRequestBytes, 0, bRequestBytes.Length);
requestStream.Flush();
}
HttpWebResponse serverResponse = (HttpWebResponse)requestToOCSPServer.GetResponse();
OcspResp OCSPResponse = new OcspResp(serverResponse.GetResponseStream());
BasicOcspResp basicOCSPResponse = (BasicOcspResp)OCSPResponse.GetResponseObject();
//get the status from the response
if (basicOCSPResponse != null)
{
foreach (SingleResp singleResponse in basicOCSPResponse.Responses)
{
object certStatus = singleResponse.GetCertStatus();
if (certStatus is RevokedStatus)
{
bCertificateIsRevoked = true;
}
}
}
}
}
}
else
{
SystemLogger.Log(SystemLogger.Module.PLATFORM, "*************** Certificate Validation. No OCSP url service found. Cannot verify revocation.");
}
} catch (Exception e) {
SystemLogger.Log(SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Unhandled exception during revocation checking: " + e.Message);
bCertificateIsRevoked = true;
}
if (bCertificateIsRevoked)
{
SystemLogger.Log(SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Certificate is revoked");
}
return(bCertificateIsRevoked);
}
/// <summary>
/// Encode the extension
/// </summary>
private new void encode()
{
base.encValue = AuthorityInformationAccess.GetInstance(base.encode());
}