/// <summary> /// Adds a CRL to the store. /// </summary> public void AddCRL(X509CRL crl) { if (crl == null) { throw new ArgumentNullException("crl"); } X509Certificate2 issuer = null; X509Certificate2Collection certificates = null; certificates = Enumerate().Result; foreach (X509Certificate2 certificate in certificates) { if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer)) { if (crl.VerifySignature(certificate, false)) { issuer = certificate; break; } } } if (issuer == null) { throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL."); } StringBuilder builder = new StringBuilder(); builder.Append(m_directory.FullName); builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar); builder.Append(GetFileName(issuer)); builder.Append(".crl"); FileInfo fileInfo = new FileInfo(builder.ToString()); if (!fileInfo.Directory.Exists) { fileInfo.Directory.Create(); } File.WriteAllBytes(fileInfo.FullName, crl.RawData); }
/// <summary> /// Returns the CRLs for the issuer. /// </summary> public List <X509CRL> EnumerateCRLs(X509Certificate2 issuer) { if (issuer == null) { throw new ArgumentNullException("issuer"); } List <X509CRL> crls = new List <X509CRL>(); // check for CRL. DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + "\\crl"); if (info.Exists) { foreach (FileInfo file in info.GetFiles("*.crl")) { X509CRL crl = new X509CRL(file.FullName); if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject)) { continue; } if (!crl.VerifySignature(issuer, false)) { continue; } if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow)) { crls.Add(crl); } } } return(crls); }
/// <summary> /// Checks if issuer has revoked the certificate. /// </summary> public virtual StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate) { if (issuer == null) { throw new ArgumentNullException("issuer"); } if (certificate == null) { throw new ArgumentNullException("certificate"); } // check for CRL. DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl"); if (info.Exists) { bool crlExpired = true; foreach (FileInfo file in info.GetFiles("*.crl")) { X509CRL crl = null; try { crl = new X509CRL(file.FullName); } catch (Exception e) { Utils.Trace(e, "Could not parse CRL file."); continue; } if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject)) { continue; } if (!crl.VerifySignature(issuer, false)) { continue; } if (crl.IsRevoked(certificate)) { return(StatusCodes.BadCertificateRevoked); } if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow)) { crlExpired = false; } } // certificate is fine. if (!crlExpired) { return(StatusCodes.Good); } } // can't find a valid CRL. return(StatusCodes.BadCertificateRevocationUnknown); }
/// <summary> /// Adds a CRL to the store. /// </summary> public void AddCRL(X509CRL crl) { if (crl == null) { throw new ArgumentNullException("crl"); } X509Certificate2 issuer = null; X509Certificate2Collection certificates = null; Task.Run( async () => certificates = await Enumerate()).Wait(); foreach (X509Certificate2 certificate in certificates) { if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer)) { if (crl.VerifySignature(certificate, false)) { issuer = certificate; break; } } } if (issuer == null) { throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL."); } StringBuilder builder = new StringBuilder(); builder.Append(m_directory.FullName); builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar); builder.Append(GetFileName(issuer)); builder.Append(".crl"); FileInfo fileInfo = new FileInfo(builder.ToString()); if (!fileInfo.Directory.Exists) { fileInfo.Directory.Create(); } File.WriteAllBytes(fileInfo.FullName, crl.RawData); }
/// <summary> /// Returns the CRLs for the issuer. /// </summary> public List<X509CRL> EnumerateCRLs(X509Certificate2 issuer) { if (issuer == null) { throw new ArgumentNullException("issuer"); } List<X509CRL> crls = new List<X509CRL>(); // check for CRL. DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl"); if (info.Exists) { foreach (FileInfo file in info.GetFiles("*.crl")) { X509CRL crl = new X509CRL(file.FullName); if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject)) { continue; } if (!crl.VerifySignature(issuer, false)) { continue; } if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow)) { crls.Add(crl); } } } return crls; }
/// <summary> /// Checks if issuer has revoked the certificate. /// </summary> public StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate) { if (issuer == null) { throw new ArgumentNullException("issuer"); } if (certificate == null) { throw new ArgumentNullException("certificate"); } // check for CRL. DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl"); if (info.Exists) { bool crlExpired = true; foreach (FileInfo file in info.GetFiles("*.crl")) { X509CRL crl = null; try { crl = new X509CRL(file.FullName); } catch (Exception e) { Utils.Trace(e, "Could not parse CRL file."); continue; } if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject)) { continue; } if (!crl.VerifySignature(issuer, false)) { continue; } if (crl.IsRevoked(certificate)) { return StatusCodes.BadCertificateRevoked; } if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow)) { crlExpired = false; } } // certificate is fine. if (!crlExpired) { return StatusCodes.Good; } } // can't find a valid CRL. return StatusCodes.BadCertificateRevocationUnknown; }