private long?GetCRLNumber(Org.BouncyCastle.X509.X509Crl crlEntry)
{
Asn1OctetString extValue = crlEntry.GetExtensionValue(Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber);
if (extValue != null)
{
Asn1Object asn1Value = Org.BouncyCastle.X509.Extension.X509ExtensionUtilities.FromExtensionValue(extValue);
return(DerInteger.GetInstance(asn1Value).PositiveValue.LongValue);
}
return(null);
}
/// <summary>
/// Read the Crl number from a X509Crl.
/// </summary>
private static Org.BouncyCastle.Math.BigInteger GetCrlNumber(Org.BouncyCastle.X509.X509Crl crl)
{
Org.BouncyCastle.Math.BigInteger crlNumber = Org.BouncyCastle.Math.BigInteger.One;
try
{
Org.BouncyCastle.Asn1.Asn1Object asn1Object = GetExtensionValue(crl, Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber);
if (asn1Object != null)
{
crlNumber = Org.BouncyCastle.Asn1.DerInteger.GetInstance(asn1Object).PositiveValue;
}
}
finally
{
}
return(crlNumber);
}
/// <summary>
/// Revoke the certificate.
/// The CRL number is increased by one and the new CRL is returned.
/// </summary>
public static X509CRL RevokeCertificate(
X509Certificate2 issuerCertificate,
List <X509CRL> issuerCrls,
X509Certificate2Collection revokedCertificates,
DateTime thisUpdate,
DateTime nextUpdate,
X509SignatureGenerator generator,
uint hashSize
)
{
var crlSerialNumber = Org.BouncyCastle.Math.BigInteger.Zero;
Org.BouncyCastle.X509.X509Certificate bcCertCA =
new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.RawData);
Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory =
new KeyVaultSignatureFactory(GetRSAHashAlgorithmName(hashSize), generator);
var crlGen = new Org.BouncyCastle.X509.X509V2CrlGenerator();
crlGen.SetIssuerDN(bcCertCA.IssuerDN);
if (thisUpdate == DateTime.MinValue)
{
thisUpdate = DateTime.UtcNow;
}
crlGen.SetThisUpdate(thisUpdate);
if (nextUpdate <= thisUpdate)
{
nextUpdate = bcCertCA.NotAfter;
}
crlGen.SetNextUpdate(nextUpdate);
// merge all existing revocation list
if (issuerCrls != null)
{
var parser = new Org.BouncyCastle.X509.X509CrlParser();
foreach (X509CRL issuerCrl in issuerCrls)
{
Org.BouncyCastle.X509.X509Crl crl = parser.ReadCrl(issuerCrl.RawData);
crlGen.AddCrl(crl);
var crlVersion = GetCrlNumber(crl);
if (crlVersion.IntValue > crlSerialNumber.IntValue)
{
crlSerialNumber = crlVersion;
}
}
}
if (revokedCertificates == null || revokedCertificates.Count == 0)
{
// add a dummy revoked cert
crlGen.AddCrlEntry(Org.BouncyCastle.Math.BigInteger.One, thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified);
}
else
{
// add the revoked cert
foreach (var revokedCertificate in revokedCertificates)
{
crlGen.AddCrlEntry(GetSerialNumber(revokedCertificate), thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.PrivilegeWithdrawn);
}
}
crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier,
false,
new Org.BouncyCastle.X509.Extension.AuthorityKeyIdentifierStructure(bcCertCA));
// set new serial number
crlSerialNumber = crlSerialNumber.Add(Org.BouncyCastle.Math.BigInteger.One);
crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber,
false,
new Org.BouncyCastle.Asn1.X509.CrlNumber(crlSerialNumber));
// generate updated CRL
Org.BouncyCastle.X509.X509Crl updatedCrl = crlGen.Generate(signatureFactory);
return(new X509CRL(updatedCrl.GetEncoded()));
}
void ValidateParameters(Common.ParametersValidation validationRequest, ref string logMessage, ref bool passed, XmlNode test)
{
foreach (Common.ValidationRule rule in validationRequest.ValidationRules)
{
string parameterPath = string.Format("RequestParameters/{0}", rule.ParameterPath);
switch (rule.Type)
{
case ParameterType.String:
CommonCompare.StringCompare(parameterPath, rule.ParameterName, (string)rule.Value,
ref logMessage, ref passed, test);
break;
case ParameterType.Int:
CommonCompare.IntCompare(parameterPath, rule.ParameterName, (int)rule.Value,
ref logMessage, ref passed, test);
break;
case ParameterType.OptionalInt:
int?value = (int?)rule.Value;
if (CommonCompare.Exist2(parameterPath, rule.ParameterName, value.HasValue, ref logMessage, ref passed, test))
{
CommonCompare.IntCompare(parameterPath, rule.ParameterName, value.Value, ref logMessage, ref passed, test);
}
break;
case ParameterType.OptionalBool:
if (rule.ValueSpecified)
{
CommonCompare.StringCompare(parameterPath, rule.ParameterName, ((bool)rule.Value).ToString(),
ref logMessage, ref passed, test);
}
else
{
CommonCompare.Exist2(parameterPath, rule.ParameterName, rule.ValueSpecified,
ref logMessage, ref passed, test);
}
break;
case ParameterType.OptionalString:
{
string stringValue = (string)rule.Value;
if (CommonCompare.Exist2(parameterPath, rule.ParameterName, stringValue != null, ref logMessage, ref passed, test))
{
CommonCompare.StringCompare(parameterPath, rule.ParameterName, (string)rule.Value,
ref logMessage, ref passed, test);
}
}
break;
case ParameterType.OptionalElement:
{
CommonCompare.Exist2(parameterPath, rule.ParameterName, rule.Value != null, ref logMessage, ref passed, test);
}
break;
case ParameterType.OptionalElementBoolFlag:
{
CommonCompare.Exist2(parameterPath, rule.ParameterName, (bool)rule.Value, ref logMessage, ref passed, test);
}
break;
case ParameterType.StringArray:
{
CommonCompare.StringArrayCompare(parameterPath, rule.ParameterName, (string[])rule.Value,
ref logMessage, ref passed, test);
}
break;
case ParameterType.Log:
{
if (rule.Value.GetType().ToString() == "System.Byte[]")
{
logMessage = logMessage + rule.ParameterName + " = [Check it manually!]";
}
else
{
logMessage = logMessage + rule.ParameterName + " = " + rule.Value.ToString();
}
}
break;
case ParameterType.OptionalQName:
{
XmlQualifiedName QNameValue = (XmlQualifiedName)rule.Value;
if (CommonCompare.Exist2(parameterPath, rule.ParameterName, QNameValue != null, ref logMessage, ref passed, test))
{
CommonCompare.StringCompare(parameterPath + "/Namespace", rule.ParameterName + "/Namespace", QNameValue.Namespace,
ref logMessage, ref passed, test);
CommonCompare.StringCompare(parameterPath + "/Name", rule.ParameterName + "/Name", QNameValue.Name,
ref logMessage, ref passed, test);
}
}
break;
case ParameterType.X509Cert:
{
Org.BouncyCastle.X509.X509Certificate cert = (new Org.BouncyCastle.X509.X509CertificateParser()).ReadCertificate((byte[])rule.Value);
logMessage = logMessage + "\r\n";
logMessage = logMessage + rule.ParameterName + ": " + "\r\n" + cert.ToString();
logMessage = logMessage + "\r\n";
//TextWriter textWriter = new StringWriter();
//Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(textWriter);
//pemWriter.WriteObject(cert.CertificateStructure.SubjectPublicKeyInfo.PublicKeyData);
//pemWriter.Writer.Flush();
//string privateKey = textWriter.ToString();
logMessage = logMessage + rule.ParameterName + "(PubK): " + "\r\n" + cert.CertificateStructure.SubjectPublicKeyInfo.PublicKeyData.ToString();
logMessage = logMessage + "\r\n";
logMessage = logMessage + rule.ParameterName + "(SignatureAlgorithm): " + "\r\n" + cert.CertificateStructure.SignatureAlgorithm.ObjectID.ToString();
logMessage = logMessage + "\r\n";
}
break;
case ParameterType.PKCS10:
{
Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest pkcs10 = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest((byte[])rule.Value);
logMessage = logMessage + "\r\n";
logMessage = logMessage + rule.ParameterName + ": " + "\r\n" + pkcs10.ToString();
logMessage = logMessage + "\r\n";
}
break;
case ParameterType.PKCS12WithoutPassphrase:
{
Org.BouncyCastle.Pkcs.Pkcs12Store pkcs12Store = new Org.BouncyCastle.Pkcs.Pkcs12Store();
pkcs12Store.Load(new MemoryStream((byte[])rule.Value), ("").ToArray());
logMessage = logMessage + rule.ParameterName + ": " + "\r\n";
foreach (string alias in pkcs12Store.Aliases)
{
logMessage = logMessage + "\r\n";
logMessage = logMessage + "Alias = " + alias + "\r\n";
logMessage = logMessage + "Certificate = " + pkcs12Store.GetCertificate(alias).Certificate.ToString();
}
logMessage = logMessage + "\r\n";
}
break;
case ParameterType.CRL:
{
Org.BouncyCastle.X509.X509Crl crl = (new Org.BouncyCastle.X509.X509CrlParser()).ReadCrl((byte[])rule.Value);
logMessage = logMessage + "\r\n";
logMessage = logMessage + rule.ParameterName + ": " + "\r\n" + crl.ToString();
logMessage = logMessage + "\r\n";
}
break;
case ParameterType.Float:
{
CommonCompare.FloatCompare(parameterPath, rule.ParameterName, (float)rule.Value,
ref logMessage, ref passed, test);
}
break;
case ParameterType.OptionalFloat:
float?fvalue = (float?)rule.Value;
if (CommonCompare.Exist2(parameterPath, rule.ParameterName, fvalue.HasValue, ref logMessage, ref passed, test))
{
CommonCompare.FloatCompare(parameterPath, rule.ParameterName, (float)rule.Value,
ref logMessage, ref passed, test);
}
break;
}
}
}
