/// <summary>
/// Añade una lista de revocación de certificados
/// </summary>
/// <param name="stream"></param>
public void AddCRL(Stream stream)
{
Org.BouncyCastle.X509.X509CrlParser parser = new Org.BouncyCastle.X509.X509CrlParser();
var x509crl = parser.ReadCrl(stream);
_crls.Add(x509crl);
}
/// <summary>
/// Añade una lista de revocación de certificados
/// </summary>
/// <param name="stream"></param>
public void AddCRL(Stream stream)
{
Org.BouncyCastle.X509.X509CrlParser parser = new Org.BouncyCastle.X509.X509CrlParser();
var x509crl = parser.ReadCrl(stream);
_crls.Add(x509crl);
}
/// <summary>
/// Revoke the certificate.
/// The CRL number is increased by one and the new CRL is returned.
/// </summary>
public static X509CRL RevokeCertificate(
X509Certificate2 issuerCertificate,
List <X509CRL> issuerCrls,
X509Certificate2Collection revokedCertificates,
DateTime thisUpdate,
DateTime nextUpdate,
X509SignatureGenerator generator,
uint hashSize
)
{
var crlSerialNumber = Org.BouncyCastle.Math.BigInteger.Zero;
Org.BouncyCastle.X509.X509Certificate bcCertCA =
new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.RawData);
Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory =
new KeyVaultSignatureFactory(GetRSAHashAlgorithmName(hashSize), generator);
var crlGen = new Org.BouncyCastle.X509.X509V2CrlGenerator();
crlGen.SetIssuerDN(bcCertCA.IssuerDN);
if (thisUpdate == DateTime.MinValue)
{
thisUpdate = DateTime.UtcNow;
}
crlGen.SetThisUpdate(thisUpdate);
if (nextUpdate <= thisUpdate)
{
nextUpdate = bcCertCA.NotAfter;
}
crlGen.SetNextUpdate(nextUpdate);
// merge all existing revocation list
if (issuerCrls != null)
{
var parser = new Org.BouncyCastle.X509.X509CrlParser();
foreach (X509CRL issuerCrl in issuerCrls)
{
Org.BouncyCastle.X509.X509Crl crl = parser.ReadCrl(issuerCrl.RawData);
crlGen.AddCrl(crl);
var crlVersion = GetCrlNumber(crl);
if (crlVersion.IntValue > crlSerialNumber.IntValue)
{
crlSerialNumber = crlVersion;
}
}
}
if (revokedCertificates == null || revokedCertificates.Count == 0)
{
// add a dummy revoked cert
crlGen.AddCrlEntry(Org.BouncyCastle.Math.BigInteger.One, thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified);
}
else
{
// add the revoked cert
foreach (var revokedCertificate in revokedCertificates)
{
crlGen.AddCrlEntry(GetSerialNumber(revokedCertificate), thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.PrivilegeWithdrawn);
}
}
crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier,
false,
new Org.BouncyCastle.X509.Extension.AuthorityKeyIdentifierStructure(bcCertCA));
// set new serial number
crlSerialNumber = crlSerialNumber.Add(Org.BouncyCastle.Math.BigInteger.One);
crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber,
false,
new Org.BouncyCastle.Asn1.X509.CrlNumber(crlSerialNumber));
// generate updated CRL
Org.BouncyCastle.X509.X509Crl updatedCrl = crlGen.Generate(signatureFactory);
return(new X509CRL(updatedCrl.GetEncoded()));
}
