public virtual X509CrlEntry GetRevokedCertificate(BigInteger serialNumber)
{
global::System.Collections.IEnumerable revokedCertificateEnumeration = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
global::System.Collections.IEnumerator enumerator = revokedCertificateEnumeration.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
CrlEntry crlEntry = (CrlEntry)enumerator.get_Current();
X509CrlEntry x509CrlEntry = new X509CrlEntry(crlEntry, isIndirect, previousCertificateIssuer);
if (serialNumber.Equals(crlEntry.UserCertificate.Value))
{
return(x509CrlEntry);
}
previousCertificateIssuer = x509CrlEntry.GetCertificateIssuer();
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
return(null);
}
private ISet LoadCrlEntries()
{
ISet set = new HashSet();
global::System.Collections.IEnumerable revokedCertificateEnumeration = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
global::System.Collections.IEnumerator enumerator = revokedCertificateEnumeration.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
CrlEntry crlEntry = (CrlEntry)enumerator.get_Current();
X509CrlEntry x509CrlEntry = new X509CrlEntry(crlEntry, isIndirect, previousCertificateIssuer);
set.Add(x509CrlEntry);
previousCertificateIssuer = x509CrlEntry.GetCertificateIssuer();
}
return(set);
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
public virtual X509CrlEntry GetRevokedCertificate(BigInteger serialNumber)
{
IEnumerable revokedCertificateEnumeration = this.c.GetRevokedCertificateEnumeration();
X509Name issuerDN = this.IssuerDN;
IEnumerator enumerator = revokedCertificateEnumeration.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
CrlEntry current = (CrlEntry)enumerator.Current;
X509CrlEntry entry2 = new X509CrlEntry(current, this.isIndirect, issuerDN);
if (serialNumber.Equals(current.UserCertificate.Value))
{
return(entry2);
}
issuerDN = entry2.GetCertificateIssuer();
}
}
finally
{
if (enumerator is IDisposable disposable)
{
IDisposable disposable;
disposable.Dispose();
}
}
return(null);
}
private ISet LoadCrlEntries()
{
ISet set = new HashSet();
IEnumerable revokedCertificateEnumeration = this.c.GetRevokedCertificateEnumeration();
X509Name issuerDN = this.IssuerDN;
IEnumerator enumerator = revokedCertificateEnumeration.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
CrlEntry current = (CrlEntry)enumerator.Current;
X509CrlEntry o = new X509CrlEntry(current, this.isIndirect, issuerDN);
set.Add(o);
issuerDN = o.GetCertificateIssuer();
}
}
finally
{
if (enumerator is IDisposable disposable)
{
IDisposable disposable;
disposable.Dispose();
}
}
return(set);
}
/// <summary>
/// Validates the cert with the provided crl responses.
/// </summary>
/// <param name="certificate">The cert to validate</param>
/// <param name="issuer">The issuer of the cert to validate</param>
/// <param name="validationTime">The time on which the cert was needed to validated</param>
/// <param name="certLists">The list of crls to use</param>
/// <returns>The crl response that was used, <c>null</c> if none used</returns>
/// <exception cref="RevocationException{T}">When the certificate was revoked on the provided time</exception>
/// <exception cref="RevocationUnknownException">When the certificate (or the crl) can't be validated</exception>
public static BCAX.CertificateList Verify(this X509Certificate2 certificate, X509Certificate2 issuer, DateTime validationTime, IList <BCAX.CertificateList> certLists)
{
DateTime minTime = validationTime - ClockSkewness;
DateTime maxTime = validationTime + ClockSkewness;
BCX.X509Certificate certificateBC = DotNetUtilities.FromX509Certificate(certificate);
BCX.X509Certificate issuerBC = DotNetUtilities.FromX509Certificate(issuer);
ValueWithRef <BCX.X509Crl, BCAX.CertificateList> crlWithOrg = certLists
.Select((c) => new ValueWithRef <BCX.X509Crl, BCAX.CertificateList>(new BCX.X509Crl(c), c)) //convert, keep orginal
.Where((c) => c.Value.IssuerDN.Equals(certificateBC.IssuerDN))
.Where((c) => c.Value.ThisUpdate >= minTime || (c.Value.NextUpdate != null && c.Value.NextUpdate.Value >= minTime))
.OrderByDescending((c) => c.Value.ThisUpdate)
.FirstOrDefault();
if (crlWithOrg == null)
{
return(null);
}
BCX.X509Crl crl = crlWithOrg.Value;
BCAX.CertificateList certList = crlWithOrg.Reference;
//check the signature (no need the check the issuer here)
try
{
crl.Verify(issuerBC.GetPublicKey());
}
catch (Exception e)
{
throw new RevocationUnknownException("The CRL has an invalid signature", e);
}
//check the signer (only the part relevant for CRL)
if (!issuerBC.GetKeyUsage()[6])
{
throw new RevocationUnknownException("The CRL was signed with a certificate that isn't allowed to sign CRLs");
}
//check if the certificate is revoked
BCX.X509CrlEntry crlEntry = crl.GetRevokedCertificate(certificateBC.SerialNumber);
if (crlEntry != null)
{
trace.TraceEvent(TraceEventType.Verbose, 0, "CRL indicates that {0} is revoked on {1}", certificate.Subject, crlEntry.RevocationDate);
if (maxTime >= crlEntry.RevocationDate)
{
throw new RevocationException <BCAX.CertificateList>(certList, "The certificate was revoked on " + crlEntry.RevocationDate.ToString("o"));
}
}
return(certList);
}
private ISet LoadCrlEntries()
{
ISet set = new HashSet();
IEnumerable revokedCertificateEnumeration = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry item in revokedCertificateEnumeration)
{
X509CrlEntry x509CrlEntry = new X509CrlEntry(item, isIndirect, previousCertificateIssuer);
set.Add(x509CrlEntry);
previousCertificateIssuer = x509CrlEntry.GetCertificateIssuer();
}
return(set);
}
private ISet LoadCrlEntries()
{
ISet entrySet = new HashSet();
IEnumerable certs = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry entry in certs)
{
X509CrlEntry crlEntry = new X509CrlEntry(entry, isIndirect, previousCertificateIssuer);
entrySet.Add(crlEntry);
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return(entrySet);
}
public virtual X509CrlEntry GetRevokedCertificate(BigInteger serialNumber)
{
IEnumerable revokedCertificateEnumeration = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry item in revokedCertificateEnumeration)
{
X509CrlEntry x509CrlEntry = new X509CrlEntry(item, isIndirect, previousCertificateIssuer);
if (serialNumber.Equals(item.UserCertificate.Value))
{
return(x509CrlEntry);
}
previousCertificateIssuer = x509CrlEntry.GetCertificateIssuer();
}
return(null);
}
public virtual ISet GetRevokedCertificates()
{
CrlEntry[] certs = c.GetRevokedCertificates();
if (certs != null)
{
ISet s = new HashSet();
X509Name previousCertificateIssuer = IssuerDN;
for (int i = 0; i < certs.Length; i++)
{
X509CrlEntry crlEntry = new X509CrlEntry(
certs[i], isIndirect, previousCertificateIssuer);
s.Add(crlEntry);
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return(s);
}
return(null);
}
public virtual X509CrlEntry GetRevokedCertificate(
BigInteger serialNumber)
{
IEnumerable certs = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry entry in certs)
{
X509CrlEntry crlEntry = new X509CrlEntry(entry, isIndirect, previousCertificateIssuer);
if (serialNumber.Equals(entry.UserCertificate.Value))
{
return(crlEntry);
}
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return(null);
}
public void AddCrl(X509Crl other)
{
//IL_0008: Unknown result type (might be due to invalid IL or missing references)
//IL_004b: Expected O, but got Unknown
if (other == null)
{
throw new ArgumentNullException("other");
}
ISet revokedCertificates = other.GetRevokedCertificates();
if (revokedCertificates == null)
{
return;
}
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)revokedCertificates).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
X509CrlEntry x509CrlEntry = (X509CrlEntry)enumerator.get_Current();
try
{
tbsGen.AddCrlEntry(Asn1Sequence.GetInstance(Asn1Object.FromByteArray(x509CrlEntry.GetEncoded())));
}
catch (IOException val)
{
IOException e = val;
throw new CrlException("exception processing encoding of CRL", (global::System.Exception)(object) e);
}
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
public virtual X509CrlEntry GetRevokedCertificate(
BigInteger serialNumber)
{
CrlEntry[] certs = c.GetRevokedCertificates();
if (certs != null)
{
X509Name previousCertificateIssuer = IssuerDN;
for (int i = 0; i < certs.Length; i++)
{
X509CrlEntry crlEntry = new X509CrlEntry(
certs[i], isIndirect, previousCertificateIssuer);
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
if (crlEntry.SerialNumber.Equals(serialNumber))
{
return(crlEntry);
}
}
}
return(null);
}
public override bool Equals(object other)
{
if (this == other)
{
return(true);
}
X509CrlEntry that = other as X509CrlEntry;
if (null == that)
{
return(false);
}
if (this.hashValueSet && that.hashValueSet)
{
if (this.hashValue != that.hashValue)
{
return(false);
}
}
return(this.c.Equals(that.c));
}
public virtual X509CrlEntry GetRevokedCertificate(
BigInteger serialNumber)
{
CrlEntry[] certs = c.GetRevokedCertificates();
if (certs != null)
{
X509Name previousCertificateIssuer = IssuerDN;
for (int i = 0; i < certs.Length; i++)
{
X509CrlEntry crlEntry = new X509CrlEntry(
certs[i], isIndirect, previousCertificateIssuer);
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
if (crlEntry.SerialNumber.Equals(serialNumber))
{
return crlEntry;
}
}
}
return null;
}
public virtual X509CrlEntry GetRevokedCertificate(
BigInteger serialNumber)
{
IEnumerable certs = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry entry in certs)
{
X509CrlEntry crlEntry = new X509CrlEntry(entry, isIndirect, previousCertificateIssuer);
if (serialNumber.Equals(entry.UserCertificate.Value))
{
return crlEntry;
}
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return null;
}
private ISet LoadCrlEntries()
{
ISet entrySet = new HashSet();
IEnumerable certs = c.GetRevokedCertificateEnumeration();
X509Name previousCertificateIssuer = IssuerDN;
foreach (CrlEntry entry in certs)
{
X509CrlEntry crlEntry = new X509CrlEntry(entry, isIndirect, previousCertificateIssuer);
entrySet.Add(crlEntry);
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return entrySet;
}
public virtual ISet GetRevokedCertificates()
{
CrlEntry[] certs = c.GetRevokedCertificates();
if (certs != null)
{
ISet s = new HashSet();
X509Name previousCertificateIssuer = IssuerDN;
for (int i = 0; i < certs.Length; i++)
{
X509CrlEntry crlEntry = new X509CrlEntry(
certs[i], isIndirect, previousCertificateIssuer);
s.Add(crlEntry);
previousCertificateIssuer = crlEntry.GetCertificateIssuer();
}
return s;
}
return null;
}
public override string ToString()
{
//IL_0000: Unknown result type (might be due to invalid IL or missing references)
//IL_0006: Expected O, but got Unknown
StringBuilder val = new StringBuilder();
string newLine = Platform.NewLine;
val.Append(" Version: ").Append(Version).Append(newLine);
val.Append(" IssuerDN: ").Append((object)IssuerDN).Append(newLine);
val.Append(" This update: ").Append((object)ThisUpdate).Append(newLine);
val.Append(" Next update: ").Append((object)NextUpdate).Append(newLine);
val.Append(" Signature Algorithm: ").Append(SigAlgName).Append(newLine);
byte[] signature = GetSignature();
val.Append(" Signature: ");
val.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine);
for (int i = 20; i < signature.Length; i += 20)
{
int length = Math.Min(20, signature.Length - i);
val.Append(" ");
val.Append(Hex.ToHexString(signature, i, length)).Append(newLine);
}
X509Extensions extensions = c.TbsCertList.Extensions;
if (extensions != null)
{
global::System.Collections.IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
val.Append(" Extensions: ").Append(newLine);
}
do
{
DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current();
X509Extension extension = extensions.GetExtension(derObjectIdentifier);
if (extension.Value != null)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(extension.Value);
val.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (derObjectIdentifier.Equals(X509Extensions.CrlNumber))
{
val.Append((object)new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine);
continue;
}
if (derObjectIdentifier.Equals(X509Extensions.DeltaCrlIndicator))
{
val.Append(string.Concat((object)"Base CRL: ", (object)new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue))).Append(newLine);
continue;
}
if (derObjectIdentifier.Equals(X509Extensions.IssuingDistributionPoint))
{
val.Append((object)IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
continue;
}
if (derObjectIdentifier.Equals(X509Extensions.CrlDistributionPoints))
{
val.Append((object)CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
continue;
}
if (derObjectIdentifier.Equals(X509Extensions.FreshestCrl))
{
val.Append((object)CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
continue;
}
val.Append(derObjectIdentifier.Id);
val.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)).Append(newLine);
}
catch (global::System.Exception)
{
val.Append(derObjectIdentifier.Id);
val.Append(" value = ").Append("*****").Append(newLine);
}
}
else
{
val.Append(newLine);
}
}while (enumerator.MoveNext());
}
ISet revokedCertificates = GetRevokedCertificates();
if (revokedCertificates != null)
{
{
global::System.Collections.IEnumerator enumerator2 = ((global::System.Collections.IEnumerable)revokedCertificates).GetEnumerator();
try
{
while (enumerator2.MoveNext())
{
X509CrlEntry x509CrlEntry = (X509CrlEntry)enumerator2.get_Current();
val.Append((object)x509CrlEntry);
val.Append(newLine);
}
}
finally
{
global::System.IDisposable disposable = enumerator2 as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
}
}
return(val.ToString());
}
/// <summary>
/// Downloads a new CRL from the URL stored in the class.
/// </summary>
private void upgradeData()
{
try
{
this.logger.Debug(string.Format("Downloading CRL from: '{0}'.", url.ToString()));
WebRequest request = WebRequest.Create(url);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
// Only download .crl file if it is present on the server.
if (response.StatusCode == HttpStatusCode.OK)
{
// Everything went well.
using (Stream stream = response.GetResponseStream())
{
if (stream == null)
{
this.logger.Warn(string.Format("The downloaded CRL stream from {0} is null.", url.ToString()));
}
// Downloads the .crl file into an X509CRL object.
this.logger.Debug(string.Format("Parsing the CRL data ({1}) retrieved from: '{0}'.", url.ToString(), response.ContentLength));
this.logger.Trace("Start 'crlParser.ReadCrl(stream)'");
this.data = this.crlParser.ReadCrl(stream);
this.logger.Trace("Finish with 'crlParser.ReadCrl(stream)'");
if (this.logger.IsDebugEnabled)
{
ISet revokedCertificates = this.data.GetRevokedCertificates();
if (revokedCertificates == null)
{
this.logger.Debug(string.Format("There exist {1} revoked certificates in the CRL from '{0}'.", url.ToString(), 0));
}
else
{
StringBuilder sb = new StringBuilder();
sb.AppendLine(string.Format("There exist {1} revoked certificates in the CRL from '{0}'.", url.ToString(), revokedCertificates.Count));
foreach (object obj in revokedCertificates)
{
sb.AppendLine(string.Format(" {0}", obj.ToString()));
}
#if DEBUG
// Default this is not enabled. Can be manual enabled in debug mode.
bool dump = false;
if (dump)
{
StringBuilder sb2 = new StringBuilder();
foreach (object obj in revokedCertificates)
{
if (obj is Org.BouncyCastle.X509.X509CrlEntry)
{
Org.BouncyCastle.X509.X509CrlEntry entry = obj as Org.BouncyCastle.X509.X509CrlEntry;
sb2.AppendLine(entry.RevocationDate + ";" + entry.SerialNumber);
}
else
{
}
}
File.WriteAllText("d:/crl_dump.txt", sb2.ToString());
}
#endif
this.logger.Debug(sb.ToString());
}
}
DateTime f = data.NextUpdate.Value;
}
}
else
{
string urlString = string.Empty;
if (url != null)
{
urlString = url.ToString();
}
this.logger.Error(string.Format("Error downloading CRL from url '{0}'. Reason was {1}.", urlString, response.StatusDescription));
throw new CheckCertificateRevokedUnexpectedException(new Exception("CRL could not be downloaded: " + response.StatusDescription));
}
}
catch (CheckCertificateRevokedUnexpectedException)
{
// This has already been logged.
// Re-throw original exception
throw;
}
catch (IOException e)
{
// Could not download new crl
string urlString = string.Empty;
if (url != null)
{
urlString = url.ToString();
}
this.logger.Error(string.Format("Error downloading/parsing the CRL from url: '{0}'.", urlString), e);
throw new CheckCertificateRevokedUnexpectedException(e);
}
catch (Exception e)
{
// Could not download new crl
string urlString = string.Empty;
if (url != null)
{
urlString = url.ToString();
}
this.logger.Error(string.Format("Error downolading/parsing the CRL from url: '{0}'.", urlString), e);
// Re-throw original exception
throw;
}
return;
}
public override string ToString()
{
StringBuilder builder = new StringBuilder();
string newLine = Platform.NewLine;
builder.Append(" Version: ").Append(this.Version).Append(newLine);
builder.Append(" IssuerDN: ").Append(this.IssuerDN).Append(newLine);
builder.Append(" This update: ").Append(this.ThisUpdate).Append(newLine);
builder.Append(" Next update: ").Append(this.NextUpdate).Append(newLine);
builder.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(newLine);
byte[] signature = this.GetSignature();
builder.Append(" Signature: ");
builder.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine);
for (int i = 20; i < signature.Length; i += 20)
{
int length = Math.Min(20, signature.Length - i);
builder.Append(" ");
builder.Append(Hex.ToHexString(signature, i, length)).Append(newLine);
}
X509Extensions extensions = this.c.TbsCertList.Extensions;
if (extensions != null)
{
IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
builder.Append(" Extensions: ").Append(newLine);
}
do
{
DerObjectIdentifier current = (DerObjectIdentifier)enumerator.Current;
X509Extension extension = extensions.GetExtension(current);
if (extension.Value != null)
{
Asn1Object obj2 = X509ExtensionUtilities.FromExtensionValue(extension.Value);
builder.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (current.Equals(X509Extensions.CrlNumber))
{
builder.Append(new CrlNumber(DerInteger.GetInstance(obj2).PositiveValue)).Append(newLine);
}
else if (current.Equals(X509Extensions.DeltaCrlIndicator))
{
builder.Append("Base CRL: " + new CrlNumber(DerInteger.GetInstance(obj2).PositiveValue)).Append(newLine);
}
else if (current.Equals(X509Extensions.IssuingDistributionPoint))
{
builder.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
}
else if (current.Equals(X509Extensions.CrlDistributionPoints))
{
builder.Append(CrlDistPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
}
else if (current.Equals(X509Extensions.FreshestCrl))
{
builder.Append(CrlDistPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
}
else
{
builder.Append(current.Id);
builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2)).Append(newLine);
}
}
catch (Exception)
{
builder.Append(current.Id);
builder.Append(" value = ").Append("*****").Append(newLine);
}
}
else
{
builder.Append(newLine);
}
}while (enumerator.MoveNext());
}
ISet revokedCertificates = this.GetRevokedCertificates();
if (revokedCertificates != null)
{
IEnumerator enumerator = revokedCertificates.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
X509CrlEntry current = (X509CrlEntry)enumerator.Current;
builder.Append(current);
builder.Append(newLine);
}
}
finally
{
if (enumerator is IDisposable disposable)
{
IDisposable disposable;
disposable.Dispose();
}
}
}
return(builder.ToString());
}
