private long?GetCRLNumber(Org.BouncyCastle.X509.X509Crl crlEntry) { Asn1OctetString extValue = crlEntry.GetExtensionValue(Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber); if (extValue != null) { Asn1Object asn1Value = Org.BouncyCastle.X509.Extension.X509ExtensionUtilities.FromExtensionValue(extValue); return(DerInteger.GetInstance(asn1Value).PositiveValue.LongValue); } return(null); }
/// <summary> /// Read the Crl number from a X509Crl. /// </summary> private static Org.BouncyCastle.Math.BigInteger GetCrlNumber(Org.BouncyCastle.X509.X509Crl crl) { Org.BouncyCastle.Math.BigInteger crlNumber = Org.BouncyCastle.Math.BigInteger.One; try { Org.BouncyCastle.Asn1.Asn1Object asn1Object = GetExtensionValue(crl, Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber); if (asn1Object != null) { crlNumber = Org.BouncyCastle.Asn1.DerInteger.GetInstance(asn1Object).PositiveValue; } } finally { } return(crlNumber); }
/// <summary> /// Revoke the certificate. /// The CRL number is increased by one and the new CRL is returned. /// </summary> public static X509CRL RevokeCertificate( X509Certificate2 issuerCertificate, List <X509CRL> issuerCrls, X509Certificate2Collection revokedCertificates, DateTime thisUpdate, DateTime nextUpdate, X509SignatureGenerator generator, uint hashSize ) { var crlSerialNumber = Org.BouncyCastle.Math.BigInteger.Zero; Org.BouncyCastle.X509.X509Certificate bcCertCA = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.RawData); Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = new KeyVaultSignatureFactory(GetRSAHashAlgorithmName(hashSize), generator); var crlGen = new Org.BouncyCastle.X509.X509V2CrlGenerator(); crlGen.SetIssuerDN(bcCertCA.IssuerDN); if (thisUpdate == DateTime.MinValue) { thisUpdate = DateTime.UtcNow; } crlGen.SetThisUpdate(thisUpdate); if (nextUpdate <= thisUpdate) { nextUpdate = bcCertCA.NotAfter; } crlGen.SetNextUpdate(nextUpdate); // merge all existing revocation list if (issuerCrls != null) { var parser = new Org.BouncyCastle.X509.X509CrlParser(); foreach (X509CRL issuerCrl in issuerCrls) { Org.BouncyCastle.X509.X509Crl crl = parser.ReadCrl(issuerCrl.RawData); crlGen.AddCrl(crl); var crlVersion = GetCrlNumber(crl); if (crlVersion.IntValue > crlSerialNumber.IntValue) { crlSerialNumber = crlVersion; } } } if (revokedCertificates == null || revokedCertificates.Count == 0) { // add a dummy revoked cert crlGen.AddCrlEntry(Org.BouncyCastle.Math.BigInteger.One, thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified); } else { // add the revoked cert foreach (var revokedCertificate in revokedCertificates) { crlGen.AddCrlEntry(GetSerialNumber(revokedCertificate), thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.PrivilegeWithdrawn); } } crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier, false, new Org.BouncyCastle.X509.Extension.AuthorityKeyIdentifierStructure(bcCertCA)); // set new serial number crlSerialNumber = crlSerialNumber.Add(Org.BouncyCastle.Math.BigInteger.One); crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber, false, new Org.BouncyCastle.Asn1.X509.CrlNumber(crlSerialNumber)); // generate updated CRL Org.BouncyCastle.X509.X509Crl updatedCrl = crlGen.Generate(signatureFactory); return(new X509CRL(updatedCrl.GetEncoded())); }
void ValidateParameters(Common.ParametersValidation validationRequest, ref string logMessage, ref bool passed, XmlNode test) { foreach (Common.ValidationRule rule in validationRequest.ValidationRules) { string parameterPath = string.Format("RequestParameters/{0}", rule.ParameterPath); switch (rule.Type) { case ParameterType.String: CommonCompare.StringCompare(parameterPath, rule.ParameterName, (string)rule.Value, ref logMessage, ref passed, test); break; case ParameterType.Int: CommonCompare.IntCompare(parameterPath, rule.ParameterName, (int)rule.Value, ref logMessage, ref passed, test); break; case ParameterType.OptionalInt: int?value = (int?)rule.Value; if (CommonCompare.Exist2(parameterPath, rule.ParameterName, value.HasValue, ref logMessage, ref passed, test)) { CommonCompare.IntCompare(parameterPath, rule.ParameterName, value.Value, ref logMessage, ref passed, test); } break; case ParameterType.OptionalBool: if (rule.ValueSpecified) { CommonCompare.StringCompare(parameterPath, rule.ParameterName, ((bool)rule.Value).ToString(), ref logMessage, ref passed, test); } else { CommonCompare.Exist2(parameterPath, rule.ParameterName, rule.ValueSpecified, ref logMessage, ref passed, test); } break; case ParameterType.OptionalString: { string stringValue = (string)rule.Value; if (CommonCompare.Exist2(parameterPath, rule.ParameterName, stringValue != null, ref logMessage, ref passed, test)) { CommonCompare.StringCompare(parameterPath, rule.ParameterName, (string)rule.Value, ref logMessage, ref passed, test); } } break; case ParameterType.OptionalElement: { CommonCompare.Exist2(parameterPath, rule.ParameterName, rule.Value != null, ref logMessage, ref passed, test); } break; case ParameterType.OptionalElementBoolFlag: { CommonCompare.Exist2(parameterPath, rule.ParameterName, (bool)rule.Value, ref logMessage, ref passed, test); } break; case ParameterType.StringArray: { CommonCompare.StringArrayCompare(parameterPath, rule.ParameterName, (string[])rule.Value, ref logMessage, ref passed, test); } break; case ParameterType.Log: { if (rule.Value.GetType().ToString() == "System.Byte[]") { logMessage = logMessage + rule.ParameterName + " = [Check it manually!]"; } else { logMessage = logMessage + rule.ParameterName + " = " + rule.Value.ToString(); } } break; case ParameterType.OptionalQName: { XmlQualifiedName QNameValue = (XmlQualifiedName)rule.Value; if (CommonCompare.Exist2(parameterPath, rule.ParameterName, QNameValue != null, ref logMessage, ref passed, test)) { CommonCompare.StringCompare(parameterPath + "/Namespace", rule.ParameterName + "/Namespace", QNameValue.Namespace, ref logMessage, ref passed, test); CommonCompare.StringCompare(parameterPath + "/Name", rule.ParameterName + "/Name", QNameValue.Name, ref logMessage, ref passed, test); } } break; case ParameterType.X509Cert: { Org.BouncyCastle.X509.X509Certificate cert = (new Org.BouncyCastle.X509.X509CertificateParser()).ReadCertificate((byte[])rule.Value); logMessage = logMessage + "\r\n"; logMessage = logMessage + rule.ParameterName + ": " + "\r\n" + cert.ToString(); logMessage = logMessage + "\r\n"; //TextWriter textWriter = new StringWriter(); //Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(textWriter); //pemWriter.WriteObject(cert.CertificateStructure.SubjectPublicKeyInfo.PublicKeyData); //pemWriter.Writer.Flush(); //string privateKey = textWriter.ToString(); logMessage = logMessage + rule.ParameterName + "(PubK): " + "\r\n" + cert.CertificateStructure.SubjectPublicKeyInfo.PublicKeyData.ToString(); logMessage = logMessage + "\r\n"; logMessage = logMessage + rule.ParameterName + "(SignatureAlgorithm): " + "\r\n" + cert.CertificateStructure.SignatureAlgorithm.ObjectID.ToString(); logMessage = logMessage + "\r\n"; } break; case ParameterType.PKCS10: { Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest pkcs10 = new Org.BouncyCastle.Pkcs.Pkcs10CertificationRequest((byte[])rule.Value); logMessage = logMessage + "\r\n"; logMessage = logMessage + rule.ParameterName + ": " + "\r\n" + pkcs10.ToString(); logMessage = logMessage + "\r\n"; } break; case ParameterType.PKCS12WithoutPassphrase: { Org.BouncyCastle.Pkcs.Pkcs12Store pkcs12Store = new Org.BouncyCastle.Pkcs.Pkcs12Store(); pkcs12Store.Load(new MemoryStream((byte[])rule.Value), ("").ToArray()); logMessage = logMessage + rule.ParameterName + ": " + "\r\n"; foreach (string alias in pkcs12Store.Aliases) { logMessage = logMessage + "\r\n"; logMessage = logMessage + "Alias = " + alias + "\r\n"; logMessage = logMessage + "Certificate = " + pkcs12Store.GetCertificate(alias).Certificate.ToString(); } logMessage = logMessage + "\r\n"; } break; case ParameterType.CRL: { Org.BouncyCastle.X509.X509Crl crl = (new Org.BouncyCastle.X509.X509CrlParser()).ReadCrl((byte[])rule.Value); logMessage = logMessage + "\r\n"; logMessage = logMessage + rule.ParameterName + ": " + "\r\n" + crl.ToString(); logMessage = logMessage + "\r\n"; } break; case ParameterType.Float: { CommonCompare.FloatCompare(parameterPath, rule.ParameterName, (float)rule.Value, ref logMessage, ref passed, test); } break; case ParameterType.OptionalFloat: float?fvalue = (float?)rule.Value; if (CommonCompare.Exist2(parameterPath, rule.ParameterName, fvalue.HasValue, ref logMessage, ref passed, test)) { CommonCompare.FloatCompare(parameterPath, rule.ParameterName, (float)rule.Value, ref logMessage, ref passed, test); } break; } } }