internal static void AddAdditionalStoresFromCrlDistributionPoint(CrlDistPoint crldp, PkixParameters pkixParams) { if (crldp == null) { return; } DistributionPoint[] array = null; try { array = crldp.GetDistributionPoints(); } catch (global::System.Exception ex) { throw new global::System.Exception("Distribution points could not be read.", ex); } for (int i = 0; i < array.Length; i++) { DistributionPointName distributionPointName = array[i].DistributionPointName; if (distributionPointName == null || distributionPointName.PointType != 0) { continue; } GeneralName[] names = GeneralNames.GetInstance(distributionPointName.Name).GetNames(); for (int j = 0; j < names.Length; j++) { if (names[j].TagNo == 6) { string @string = DerIA5String.GetInstance(names[j].Name).GetString(); AddAdditionalStoreFromLocation(@string, pkixParams); } } } }
static string ExtractFullCrlDistributionPoint(CrlDistPoint distributionPointsExtension) { var crlDistributionPointGeneralName = (DerIA5String)ExtractGeneralName(distributionPointsExtension, UniformResourceIdentifier); return(crlDistributionPointGeneralName != null?crlDistributionPointGeneralName.GetString() : null); }
public ValidationResponse ValidateCertificate(X509Certificate2 certificate) { Org.BouncyCastle.X509.X509Certificate certificateBC = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate); try { Asn1Object crlDpAsn1 = Asn1Object.FromByteArray(certificateBC.GetExtensionValue(new DerObjectIdentifier("2.5.29.31")).GetOctets()); CrlDistPoint crlDistributionPoint = CrlDistPoint.GetInstance(crlDpAsn1); foreach (DistributionPoint crlDp in crlDistributionPoint.GetDistributionPoints()) { GeneralNames gns = (GeneralNames)crlDp.DistributionPointName.Name; foreach (GeneralName gn in gns.GetNames()) { ValidationResponse validationResponse = ValidateCertificate(certificate, gn.Name.ToString()); if ((validationResponse.status == CertificateStatus.VALID) || (validationResponse.status == CertificateStatus.REVOKED)) { return(validationResponse); } } } } catch (NullReferenceException) { // No Crl distribution points in the certificate } return(new ValidationResponse(CertificateStatus.UNKNOWN)); }
// Certificate Revocation Lists /** * Gets the URL of the Certificate Revocation List for a Certificate * @param certificate the Certificate * @return the String where you can check if the certificate was revoked * @throws CertificateParsingException * @throws IOException */ public static String GetCRLURL(X509Certificate certificate) { try { Asn1Object obj = GetExtensionValue(certificate, X509Extensions.CrlDistributionPoints.Id); if (obj == null) { return(null); } CrlDistPoint dist = CrlDistPoint.GetInstance(obj); DistributionPoint[] dists = dist.GetDistributionPoints(); foreach (DistributionPoint p in dists) { DistributionPointName distributionPointName = p.DistributionPointName; if (DistributionPointName.FullName != distributionPointName.PointType) { continue; } GeneralNames generalNames = (GeneralNames)distributionPointName.Name; GeneralName[] names = generalNames.GetNames(); foreach (GeneralName name in names) { if (name.TagNo != GeneralName.UniformResourceIdentifier) { continue; } DerIA5String derStr = DerIA5String.GetInstance((Asn1TaggedObject)name.ToAsn1Object(), false); return(derStr.GetString()); } } } catch { } return(null); }
internal static void AddAdditionalStoresFromCrlDistributionPoint(CrlDistPoint crldp, PkixParameters pkixParams) { if (crldp != null) { DistributionPoint[] array = null; try { array = crldp.GetDistributionPoints(); } catch (Exception innerException) { throw new Exception("Distribution points could not be read.", innerException); } for (int i = 0; i < array.Length; i++) { DistributionPointName distributionPointName = array[i].DistributionPointName; if (distributionPointName != null && distributionPointName.PointType == 0) { GeneralName[] names = GeneralNames.GetInstance(distributionPointName.Name).GetNames(); for (int j = 0; j < names.Length; j++) { if (names[j].TagNo == 6) { string @string = DerIA5String.GetInstance(names[j].Name).GetString(); PkixCertPathValidatorUtilities.AddAdditionalStoreFromLocation(@string, pkixParams); } } } } } }
public static List <string> GetCrlDistributionPoints(X509Certificate certificate) { try { List <string> urls = new List <string>(); if (!certificate.GetNonCriticalExtensionOids().Contains(CrlExtension)) { return(urls); } var oid = new DerObjectIdentifier(CrlExtension); CrlDistPoint distPoint = CrlDistPoint.GetInstance(X509ExtensionUtilities.FromExtensionValue(certificate.GetExtensionValue(oid))); foreach (DistributionPoint dp in distPoint.GetDistributionPoints()) { GeneralNames gn = (GeneralNames)dp.DistributionPointName.Name; foreach (GeneralName name in gn.GetNames()) { if (name.TagNo == GeneralName.UniformResourceIdentifier) { urls.Add(((DerIA5String)name.Name).GetString()); } } } return(urls); } catch (Exception e) when(e is IOException || e is NullReferenceException) { throw new CertificateValidationException(e.Message, e); } }
/// <summary> /// Gets the CRL URLs from the CRL Distribution Points extension /// </summary> /// <param name="certificate"><seealso cref="Org.BouncyCastle.X509.X509Certificate"/></param> /// <returns>CRL URLs from the CRL Distribution Points extension</returns> public static List <Uri> GetCrlDistributionPoints(this Org.BouncyCastle.X509.X509Certificate certificate) { List <Uri> crlUrls = new List <Uri>(); if (certificate == null) { return(crlUrls); } var cdpExtention = certificate.GetExtensionValue(X509Extensions.CrlDistributionPoints); if (cdpExtention == null) { return(crlUrls); } byte[] crldpExt = cdpExtention.GetDerEncoded(); if (crldpExt == null) { return(crlUrls); } Asn1InputStream oAsnInStream = new Asn1InputStream(crldpExt); var derObjCrlDP = oAsnInStream.ReadObject(); DerOctetString dosCrlDP = (DerOctetString)derObjCrlDP; byte[] crldpExtOctets = dosCrlDP.GetOctets(); Asn1InputStream oAsnInStream2 = new Asn1InputStream(crldpExtOctets); var derObj2 = oAsnInStream2.ReadObject(); CrlDistPoint distPoint = CrlDistPoint.GetInstance(derObj2); foreach (DistributionPoint dp in distPoint.GetDistributionPoints()) { DistributionPointName dpn = dp.DistributionPointName; // Look for URIs in fullName if (dpn != null) { if (dpn.GetType() == typeof(Org.BouncyCastle.Asn1.X509.DistributionPointName)) { GeneralName[] genNames = GeneralNames.GetInstance(dpn.Name).GetNames(); // Look for an URI for (int j = 0; j < genNames.Length; j++) { if (genNames[j].TagNo == GeneralName.UniformResourceIdentifier) { Uri uri; String url = DerIA5String.GetInstance(genNames[j].Name).GetString(); if (Uri.TryCreate(url, UriKind.Absolute, out uri)) { crlUrls.Add(uri); } } } } } } return(crlUrls); }
static CrlDistPoint ExtractCrlDistributionPointsExtension(X509Certificate2 certificate) { var bouncyCastleCertificate = new X509CertificateParser().ReadCertificate(certificate.RawData); var extension = bouncyCastleCertificate.GetExtensionValue(new DerObjectIdentifier(ObjectIdentifiers.CrlDistributionPointsExtension)); var stream = new Asn1InputStream(extension.GetOctetStream()); return CrlDistPoint.GetInstance(stream.ReadObject()); }
/// <summary> /// Create CRLDistributionPoints extension from X509Extension /// </summary> /// <param name="Extension"></param> public crlDistPoint(X509Extension Extension) : base(Extension.IsCritical) { base.oid = X509Extensions.CrlDistributionPoints; base.name = "CrlDistributionPoints"; base.displayName = "CRL Distribution Points"; CrlDistPoint cdp = CrlDistPoint.GetInstance(Extension); // Call the DistributionPoints encode() method to read the DPList base.decode(cdp.GetDistributionPoints()); }
/// <summary> /// Initializes the CrlDistributionPoints with a <see cref="List{Uri}"/> of <see cref="Uri"/> /// </summary> /// <param name="uris"><see cref="List{T}"/> of <see cref="Uri"/></param> public CrlDistributionPoints(List <Uri> uris) { List <DistributionPoint> distributionPoints = new List <DistributionPoint>(); foreach (Uri uri in uris) { GeneralNames gnUri = new GeneralNames(new GeneralName(GeneralName.UniformResourceIdentifier, uri.ToString())); distributionPoints.Add(new DistributionPoint(new DistributionPointName(gnUri), null, null)); } this.X509CrlDistPoint = new CrlDistPoint(distributionPoints.ToArray()); }
private static List <String> GetCrlDistribtionPoints(CrlDistPoint crldp) { List <String> certDpUrlLst = new List <string>(); DistributionPoint[] dpLst = crldp.GetDistributionPoints(); foreach (DistributionPoint p in dpLst) { GeneralName[] names = GeneralNames.GetInstance(p.DistributionPointName.Name).GetNames(); foreach (GeneralName n in names) { certDpUrlLst.Add(GeneralName.GetInstance(n).Name.ToString()); } } return(certDpUrlLst); }
private static List <String> GetCRLUrls(X509Certificate certificate) { var result = new List <string> (); var crlDPExtension = certificate.GetExtensionValue(X509Extensions.CrlDistributionPoints); if (crlDPExtension != null) { CrlDistPoint crlDistPoints = null; try { crlDistPoints = CrlDistPoint.GetInstance(X509ExtensionUtilities.FromExtensionValue(crlDPExtension)); } catch (IOException) { // TODO: Log } if (crlDistPoints != null) { var distPoints = crlDistPoints.GetDistributionPoints(); foreach (var distPoint in distPoints) { var dpName = distPoint.DistributionPointName; var generalNames = (GeneralNames)dpName.Name; if (generalNames != null) { var generalNameArray = generalNames.GetNames(); foreach (var generalName in generalNameArray) { if (generalName.TagNo == GeneralName.UniformResourceIdentifier) { var derString = (IAsn1String)generalName.Name; var uri = derString.GetString(); if (!string.IsNullOrEmpty(uri) && uri.StartsWith("http")) { result.Add(uri); break; } } } } } } } return(result); }
static Asn1Encodable ExtractGeneralName(CrlDistPoint distributionPointsExtension, int tagNumber) { foreach (var distributionPoint in distributionPointsExtension.GetDistributionPoints()) { DistributionPointName dpn = distributionPoint.DistributionPointName; if (dpn.PointType == DistributionPointName.FullName) { foreach (var generalName in GeneralNames.GetInstance(dpn.Name).GetNames()) { if (generalName.TagNo == tagNumber) { return generalName.Name; } } } } return null; }
protected void AddCrlDistributionPoint(X509V3CertificateGenerator certificateGenerator, string uri) { if (!String.IsNullOrWhiteSpace(uri)) { // Adição de Ponto de distribuição da crl. var crlDistributionPoint = new CrlDistPoint(new[] { new DistributionPoint( new DistributionPointName( new GeneralNames( new GeneralName( GeneralName.UniformResourceIdentifier, uri))), null, null) }); certificateGenerator.AddExtension( X509Extensions.CrlDistributionPoints.Id, false, crlDistributionPoint); } }
internal static void AddAdditionalStoresFromCrlDistributionPoint( CrlDistPoint crldp, PkixParameters pkixParams) { if (crldp != null) { DistributionPoint[] dps = null; try { dps = crldp.GetDistributionPoints(); } catch (Exception e) { throw new Exception( "Distribution points could not be read.", e); } for (int i = 0; i < dps.Length; i++) { DistributionPointName dpn = dps[i].DistributionPointName; // look for URIs in fullName if (dpn != null) { if (dpn.PointType == DistributionPointName.FullName) { GeneralName[] genNames = GeneralNames.GetInstance( dpn.Name).GetNames(); // look for an URI for (int j = 0; j < genNames.Length; j++) { if (genNames[j].TagNo == GeneralName.UniformResourceIdentifier) { string location = DerIA5String.GetInstance( genNames[j].Name).GetString(); PkixCertPathValidatorUtilities.AddAdditionalStoreFromLocation( location, pkixParams); } } } } } } }
private List <string> GetCrlDistPoints(BcX509Certificate x509Certificate) { Asn1OctetString crldpAsn1OctetString = x509Certificate.GetExtensionValue(X509Extensions.CrlDistributionPoints); if (crldpAsn1OctetString == null) { return(new List <string>()); } Asn1InputStream crldpAsn1InputStream = new Asn1InputStream(crldpAsn1OctetString.GetOctets()); Asn1Object crldpAsn1Object = crldpAsn1InputStream.ReadObject(); return(CrlDistPoint.GetInstance(crldpAsn1Object).GetDistributionPoints() .Select(_ => _.DistributionPointName) .Where(_ => _.PointType == DistributionPointName.FullName) .SelectMany(_ => GeneralNames.GetInstance(_.Name).GetNames()) .Where(_ => _.TagNo == GeneralName.UniformResourceIdentifier) .Select(_ => _.Name.ToString()) .ToList()); }
/// <inheritdoc /> public override void InjectReferenceValue(X509Certificate2 value) { Certificate = value; Asn1Object exValue = GetExtensionValue(value); if (exValue == null) { if (IsRequired()) { throw new PolicyRequiredException("Extention " + ExtentionIdentifier.Display + " is marked as required by is not present."); } var emptyList = new List <string>(); PolicyValue = new PolicyValue <IList <string> >(emptyList); return; } CrlDistPoint distPoints = CrlDistPoint.GetInstance(exValue); IList <String> retVal = new List <String>(); foreach (var distPoint in distPoints.GetDistributionPoints()) { if (distPoint.DistributionPointName != null && distPoint.DistributionPointName.PointType == DistributionPointName.FullName) { GeneralNames names = GeneralNames.GetInstance(distPoint.DistributionPointName.Name); foreach (var generalName in names.GetNames()) { retVal.Add(generalName.Name.ToString()); } } } if (!retVal.Any() && IsRequired()) { throw new PolicyRequiredException("Extention " + ExtentionIdentifier.Display + " is marked as required by is not present."); } PolicyValue = new PolicyValue <IList <string> >(retVal); }
// Certificate Revocation Lists /** * Gets the URL of the Certificate Revocation List for a Certificate * @param certificate the Certificate * @return the String where you can check if the certificate was revoked * @throws CertificateParsingException * @throws IOException */ public static String GetCRLURL(X509Certificate certificate) { try { Asn1Object obj = GetExtensionValue(certificate, X509Extensions.CrlDistributionPoints.Id); if (obj == null) { return(null); } CrlDistPoint dist = CrlDistPoint.GetInstance(obj); DistributionPoint[] dists = dist.GetDistributionPoints(); foreach (DistributionPoint p in dists) { DistributionPointName distributionPointName = p.DistributionPointName; if (DistributionPointName.FullName != distributionPointName.PointType) { continue; } GeneralNames generalNames = (GeneralNames)distributionPointName.Name; GeneralName[] names = generalNames.GetNames(); foreach (GeneralName name in names) { if (name.TagNo != GeneralName.UniformResourceIdentifier) { continue; } DerIA5String derStr = DerIA5String.GetInstance((Asn1TaggedObject)name.ToAsn1Object(), false); //return derStr.GetString(); //jbonilla - El URL del CRL para el BCE está en la tercera posición y solo se puede acceder desde HTTP. string urlCrl = derStr.GetString(); if (urlCrl.ToUpperInvariant().StartsWith("HTTP") && urlCrl.ToUpperInvariant().Contains("CRL")) { return(derStr.GetString()); } } } } catch { } return(null); }
/// <summary> /// Gets a list of URLs from the specified certificate. /// </summary> /// <param name="cert">The certificate to find the URLs in.</param> /// <returns>A list of CRL URLs in the certificate</returns> public List <Uri> getCrlURLs(X509Certificate2 cert) { List <Uri> urls = new List <Uri>(); foreach (System.Security.Cryptography.X509Certificates.X509Extension extension in cert.Extensions) { if (extension.Oid.Value == X509Extensions.CrlDistributionPoints.Id) { // Retrieves the raw ASN1 data of the CRL Dist Points X509 extension, and wraps it in a container class CrlDistPoint crldp = CrlDistPoint.GetInstance(Asn1Object.FromByteArray(extension.RawData)); DistributionPoint[] distPoints = crldp.GetDistributionPoints(); foreach (DistributionPoint dp in crldp.GetDistributionPoints()) { // Only use the "General name" data in the distribution point entry. GeneralNames gns = (GeneralNames)dp.DistributionPointName.Name; foreach (GeneralName name in gns.GetNames()) { // Only retrieve URLs if (name.TagNo == GeneralName.UniformResourceIdentifier) { DerStringBase s = (DerStringBase)name.Name; urls.Add(new Uri(s.GetString())); } } } // There is only one CRL list so faster to break. break; } } return(urls); }
/** * Returns a string representation of this CRL. * * @return a string representation of this CRL. */ public override string ToString() { StringBuilder buf = new StringBuilder(); string nl = Platform.NewLine; buf.Append(" Version: ").Append(this.Version).Append(nl); buf.Append(" IssuerDN: ").Append(this.IssuerDN).Append(nl); buf.Append(" This update: ").Append(this.ThisUpdate).Append(nl); buf.Append(" Next update: ").Append(this.NextUpdate).Append(nl); buf.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(nl); byte[] sig = this.GetSignature(); buf.Append(" Signature: "); buf.Append(AsHexString(sig, 0, 20)).Append(nl); for (int i = 20; i < sig.Length; i += 20) { int count = System.Math.Min(20, sig.Length - i); buf.Append(" "); buf.Append(AsHexString(sig, i, count)).Append(nl); } X509Extensions extensions = c.TbsCertList.Extensions; if (extensions != null) { IEnumerator e = extensions.ExtensionOids.GetEnumerator(); if (e.MoveNext()) { buf.Append(" Extensions: ").Append(nl); } do { DerObjectIdentifier oid = (DerObjectIdentifier)e.Current; X509Extension ext = extensions.GetExtension(oid); if (ext.Value != null) { Asn1Object asn1Value = X509ExtensionUtilities.FromExtensionValue(ext.Value); buf.Append(" critical(").Append(ext.IsCritical).Append(") "); try { if (oid.Equals(X509Extensions.CrlNumber)) { buf.Append(new CrlNumber(DerInteger.GetInstance(asn1Value).PositiveValue)).Append(nl); } else if (oid.Equals(X509Extensions.DeltaCrlIndicator)) { buf.Append( "Base CRL: " + new CrlNumber(DerInteger.GetInstance( asn1Value).PositiveValue)) .Append(nl); } else if (oid.Equals(X509Extensions.IssuingDistributionPoint)) { buf.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl); } else if (oid.Equals(X509Extensions.CrlDistributionPoints)) { buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl); } else if (oid.Equals(X509Extensions.FreshestCrl)) { buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl); } else { buf.Append(oid.Id); buf.Append(" value = ").Append( Asn1Dump.DumpAsString(asn1Value)) .Append(nl); } } catch (Exception) { buf.Append(oid.Id); buf.Append(" value = ").Append("*****").Append(nl); } } else { buf.Append(nl); } }while (e.MoveNext()); } ISet certSet = GetRevokedCertificates(); if (certSet != null) { foreach (X509CrlEntry entry in certSet) { buf.Append(entry); buf.Append(nl); } } return(buf.ToString()); }
public override string ToString() { //IL_0000: Unknown result type (might be due to invalid IL or missing references) //IL_0006: Expected O, but got Unknown StringBuilder val = new StringBuilder(); string newLine = Platform.NewLine; val.Append(" Version: ").Append(Version).Append(newLine); val.Append(" IssuerDN: ").Append((object)IssuerDN).Append(newLine); val.Append(" This update: ").Append((object)ThisUpdate).Append(newLine); val.Append(" Next update: ").Append((object)NextUpdate).Append(newLine); val.Append(" Signature Algorithm: ").Append(SigAlgName).Append(newLine); byte[] signature = GetSignature(); val.Append(" Signature: "); val.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine); for (int i = 20; i < signature.Length; i += 20) { int length = Math.Min(20, signature.Length - i); val.Append(" "); val.Append(Hex.ToHexString(signature, i, length)).Append(newLine); } X509Extensions extensions = c.TbsCertList.Extensions; if (extensions != null) { global::System.Collections.IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator(); if (enumerator.MoveNext()) { val.Append(" Extensions: ").Append(newLine); } do { DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current(); X509Extension extension = extensions.GetExtension(derObjectIdentifier); if (extension.Value != null) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(extension.Value); val.Append(" critical(").Append(extension.IsCritical).Append(") "); try { if (derObjectIdentifier.Equals(X509Extensions.CrlNumber)) { val.Append((object)new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine); continue; } if (derObjectIdentifier.Equals(X509Extensions.DeltaCrlIndicator)) { val.Append(string.Concat((object)"Base CRL: ", (object)new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue))).Append(newLine); continue; } if (derObjectIdentifier.Equals(X509Extensions.IssuingDistributionPoint)) { val.Append((object)IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine); continue; } if (derObjectIdentifier.Equals(X509Extensions.CrlDistributionPoints)) { val.Append((object)CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine); continue; } if (derObjectIdentifier.Equals(X509Extensions.FreshestCrl)) { val.Append((object)CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine); continue; } val.Append(derObjectIdentifier.Id); val.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)).Append(newLine); } catch (global::System.Exception) { val.Append(derObjectIdentifier.Id); val.Append(" value = ").Append("*****").Append(newLine); } } else { val.Append(newLine); } }while (enumerator.MoveNext()); } ISet revokedCertificates = GetRevokedCertificates(); if (revokedCertificates != null) { { global::System.Collections.IEnumerator enumerator2 = ((global::System.Collections.IEnumerable)revokedCertificates).GetEnumerator(); try { while (enumerator2.MoveNext()) { X509CrlEntry x509CrlEntry = (X509CrlEntry)enumerator2.get_Current(); val.Append((object)x509CrlEntry); val.Append(newLine); } } finally { global::System.IDisposable disposable = enumerator2 as global::System.IDisposable; if (disposable != null) { disposable.Dispose(); } } } } return(val.ToString()); }
/// <summary>Gives back the CRL URI meta-data found within the given X509 certificate. /// </summary> /// <remarks>Gives back the CRL URI meta-data found within the given X509 certificate. /// </remarks> /// <param name="certificate">the X509 certificate.</param> /// <returns>the CRL URI, or <code>null</code> if the extension is not present.</returns> /// <exception cref="System.UriFormatException">System.UriFormatException</exception> public virtual string GetCrlUri(X509Certificate certificate) { //byte[] crlDistributionPointsValue = certificate.GetExtensionValue(X509Extensions. // CrlDistributionPoints); Asn1OctetString crlDistributionPointsValue = certificate.GetExtensionValue(X509Extensions. CrlDistributionPoints); if (null == crlDistributionPointsValue) { return(null); } Asn1Sequence seq; try { DerOctetString oct; //oct = (DEROctetString)(new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue // )).ReadObject()); oct = (DerOctetString)crlDistributionPointsValue; seq = (Asn1Sequence) new Asn1InputStream(oct.GetOctets()).ReadObject(); } catch (IOException e) { throw new RuntimeException("IO error: " + e.Message, e); } CrlDistPoint distPoint = CrlDistPoint.GetInstance(seq); DistributionPoint[] distributionPoints = distPoint.GetDistributionPoints(); foreach (DistributionPoint distributionPoint in distributionPoints) { DistributionPointName distributionPointName = distributionPoint.DistributionPointName; if (DistributionPointName.FullName != distributionPointName.PointType) { continue; } GeneralNames generalNames = (GeneralNames)distributionPointName.Name; GeneralName[] names = generalNames.GetNames(); foreach (GeneralName name in names) { if (name.TagNo != GeneralName.UniformResourceIdentifier) { LOG.Info("not a uniform resource identifier"); continue; } string str = null; if (name.ToAsn1Object() is DerTaggedObject) { DerTaggedObject taggedObject = (DerTaggedObject)name.ToAsn1Object(); DerIA5String derStr = DerIA5String.GetInstance(taggedObject.GetObject()); str = derStr.GetString(); } else { DerIA5String derStr = DerIA5String.GetInstance(name.ToAsn1Object()); str = derStr.GetString(); } if (str != null && (str.StartsWith("http://") || str.StartsWith("https://")) && str.ToUpperInvariant().Contains("CRL")) //jbonilla - El URL del CRL para el BCE está en la tercera posición y solo se puede acceder desde HTTP. { return(str); } else { LOG.Info("Supports only http:// and https:// protocol for CRL"); } } } //jbonilla #region BCE if (certificate.SubjectDN.ToString() .Contains("AC BANCO CENTRAL DEL ECUADOR")) { return(this.IntermediateAcUrl); } #endregion return(null); }
/** * Checks if an attribute certificate is revoked. * * @param attrCert Attribute certificate to check if it is revoked. * @param paramsPKIX PKIX parameters. * @param issuerCert The issuer certificate of the attribute certificate * <code>attrCert</code>. * @param validDate The date when the certificate revocation status should * be checked. * @param certPathCerts The certificates of the certification path to be * checked. * * @throws CertPathValidatorException if the certificate is revoked or the * status cannot be checked or some error occurs. */ internal static void CheckCrls( IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts) { if (!paramsPKIX.IsRevocationEnabled) { return; } // check if revocation is available if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) != null) { if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null) { throw new PkixCertPathValidatorException( "No rev avail extension is set, but also an AC revocation pointer."); } return; } CrlDistPoint crldp = null; try { crldp = CrlDistPoint.GetInstance( PkixCertPathValidatorUtilities.GetExtensionValue( attrCert, X509Extensions.CrlDistributionPoints)); } catch (Exception e) { throw new PkixCertPathValidatorException( "CRL distribution point extension could not be read.", e); } try { PkixCertPathValidatorUtilities .AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX); } catch (Exception e) { throw new PkixCertPathValidatorException( "No additional CRL locations could be decoded from CRL distribution point extension.", e); } CertStatus certStatus = new CertStatus(); ReasonsMask reasonsMask = new ReasonsMask(); Exception lastException = null; bool validCrlFound = false; // for each distribution point if (crldp != null) { DistributionPoint[] dps = null; try { dps = crldp.GetDistributionPoints(); } catch (Exception e) { throw new PkixCertPathValidatorException( "Distribution points could not be read.", e); } try { for (int i = 0; i < dps.Length && certStatus.Status == CertStatus.Unrevoked && !reasonsMask.IsAllReasons; i++) { PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX .Clone(); CheckCrl(dps[i], attrCert, paramsPKIXClone, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); validCrlFound = true; } } catch (Exception e) { lastException = new Exception( "No valid CRL for distribution point found.", e); } } /* * If the revocation status has not been determined, repeat the * process above with any available CRLs not specified in a * distribution point but issued by the certificate issuer. */ if (certStatus.Status == CertStatus.Unrevoked && !reasonsMask.IsAllReasons) { try { /* * assume a DP with both the reasons and the cRLIssuer * fields omitted and a distribution point name of the * certificate issuer. */ X509Name issuer; try { issuer = X509Name.GetInstance(attrCert.Issuer.GetPrincipals()[0].GetEncoded()); } catch (Exception e) { throw new Exception( "Issuer from certificate for CRL could not be reencoded.", e); } DistributionPoint dp = new DistributionPoint( new DistributionPointName(0, new GeneralNames( new GeneralName(GeneralName.DirectoryName, issuer))), null, null); PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX.Clone(); CheckCrl(dp, attrCert, paramsPKIXClone, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); validCrlFound = true; } catch (Exception e) { lastException = new Exception( "No valid CRL for distribution point found.", e); } } if (!validCrlFound) { throw new PkixCertPathValidatorException( "No valid CRL found.", lastException); } if (certStatus.Status != CertStatus.Unrevoked) { // This format is enforced by the NistCertPath tests string formattedDate = certStatus.RevocationDate.Value.ToString( "ddd MMM dd HH:mm:ss K yyyy"); string message = "Attribute certificate revocation after " + formattedDate; message += ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status]; throw new PkixCertPathValidatorException(message); } if (!reasonsMask.IsAllReasons && certStatus.Status == CertStatus.Unrevoked) { certStatus.Status = CertStatus.Undetermined; } if (certStatus.Status == CertStatus.Undetermined) { throw new PkixCertPathValidatorException( "Attribute certificate status could not be determined."); } }
// Only the ctor should be calling with isAuthority = true // if isAuthority, value for isMachineCert doesn't matter private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMachineCert, X509Certificate signingCertificate, CertificateCreationSettings certificateCreationSettings) { if (certificateCreationSettings == null) { if (isAuthority) { certificateCreationSettings = new CertificateCreationSettings(); } else { throw new Exception("Parameter certificateCreationSettings cannot be null when isAuthority is false"); } } // Set to default cert creation settings if not set if (certificateCreationSettings.ValidityNotBefore == default(DateTime)) { certificateCreationSettings.ValidityNotBefore = _defaultValidityNotBefore; } if (certificateCreationSettings.ValidityNotAfter == default(DateTime)) { certificateCreationSettings.ValidityNotAfter = _defaultValidityNotAfter; } if (!isAuthority ^ (signingCertificate != null)) { throw new ArgumentException("Either isAuthority == true or signingCertificate is not null"); } string subject = certificateCreationSettings.Subject; // If certificateCreationSettings.SubjectAlternativeNames == null, then we should add exactly one SubjectAlternativeName == Subject // so that the default certificate generated is compatible with mainline scenarios // However, if certificateCreationSettings.SubjectAlternativeNames == string[0], then allow this as this is a legit scenario we want to test out if (certificateCreationSettings.SubjectAlternativeNames == null) { certificateCreationSettings.SubjectAlternativeNames = new string[1] { subject }; } string[] subjectAlternativeNames = certificateCreationSettings.SubjectAlternativeNames; if (!isAuthority && string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("Certificate Subject must not be an empty string or only whitespace", "creationSettings.Subject"); } EnsureInitialized(); s_certGenerator.Reset(); s_certGenerator.SetSignatureAlgorithm(_signatureAlthorithm); // Tag on the generation time to prevent caching of the cert CRL in Linux X509Name authorityX509Name = CreateX509Name(string.Format("{0} {1}", _authorityCanonicalName, DateTime.Now.ToString("s"))); var serialNum = new BigInteger(64 /*sizeInBits*/, _random).Abs(); var keyPair = isAuthority ? _authorityKeyPair : _keyPairGenerator.GenerateKeyPair(); if (isAuthority) { s_certGenerator.SetIssuerDN(authorityX509Name); s_certGenerator.SetSubjectDN(authorityX509Name); var authorityKeyIdentifier = new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(_authorityKeyPair.Public), new GeneralNames(new GeneralName(authorityX509Name)), serialNum); s_certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, authorityKeyIdentifier); s_certGenerator.AddExtension(X509Extensions.KeyUsage, false, new KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyAgreement | X509KeyUsage.KeyCertSign | X509KeyUsage.KeyEncipherment | X509KeyUsage.CrlSign)); } else { X509Name subjectName = CreateX509Name(subject); s_certGenerator.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(signingCertificate)); s_certGenerator.SetSubjectDN(subjectName); s_certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(_authorityKeyPair.Public)); s_certGenerator.AddExtension(X509Extensions.KeyUsage, false, new KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyAgreement | X509KeyUsage.KeyEncipherment)); } s_certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public)); s_certGenerator.SetSerialNumber(serialNum); s_certGenerator.SetNotBefore(certificateCreationSettings.ValidityNotBefore); s_certGenerator.SetNotAfter(certificateCreationSettings.ValidityNotAfter); s_certGenerator.SetPublicKey(keyPair.Public); s_certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isAuthority)); s_certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth)); if (!isAuthority) { if (isMachineCert) { List <Asn1Encodable> subjectAlternativeNamesAsAsn1EncodableList = new List <Asn1Encodable>(); // All endpoints should also be in the Subject Alt Names for (int i = 0; i < subjectAlternativeNames.Length; i++) { if (!string.IsNullOrWhiteSpace(subjectAlternativeNames[i])) { // Machine certs can have additional DNS names subjectAlternativeNamesAsAsn1EncodableList.Add(new GeneralName(GeneralName.DnsName, subjectAlternativeNames[i])); } } s_certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new DerSequence(subjectAlternativeNamesAsAsn1EncodableList.ToArray())); } else { if (subjectAlternativeNames.Length > 1) { var subjectAlternativeNamesAsAsn1EncodableList = new Asn1EncodableVector(); // Only add a SAN for the user if there are any for (int i = 1; i < subjectAlternativeNames.Length; i++) { if (!string.IsNullOrWhiteSpace(subjectAlternativeNames[i])) { Asn1EncodableVector otherNames = new Asn1EncodableVector(); otherNames.Add(new DerObjectIdentifier(_upnObjectId)); otherNames.Add(new DerTaggedObject(true, 0, new DerUtf8String(subjectAlternativeNames[i]))); Asn1Object genName = new DerTaggedObject(false, 0, new DerSequence(otherNames)); subjectAlternativeNamesAsAsn1EncodableList.Add(genName); } } s_certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new DerSequence(subjectAlternativeNamesAsAsn1EncodableList)); } } } if (isAuthority || certificateCreationSettings.IncludeCrlDistributionPoint) { var crlDistributionPoints = new DistributionPoint[1] { new DistributionPoint( new DistributionPointName( new GeneralNames( new GeneralName( GeneralName.UniformResourceIdentifier, string.Format("{0}", _crlUri, serialNum.ToString(radix: 16))))), null, null) }; var revocationListExtension = new CrlDistPoint(crlDistributionPoints); s_certGenerator.AddExtension(X509Extensions.CrlDistributionPoints, false, revocationListExtension); } X509Certificate cert = s_certGenerator.Generate(_authorityKeyPair.Private, _random); switch (certificateCreationSettings.ValidityType) { case CertificateValidityType.Revoked: RevokeCertificateBySerialNumber(serialNum.ToString(radix: 16)); break; case CertificateValidityType.Expired: break; default: EnsureCertificateIsValid(cert); break; } // For now, given that we don't know what format to return it in, preserve the formats so we have // the flexibility to do what we need to X509CertificateContainer container = new X509CertificateContainer(); X509CertificateEntry[] chain = new X509CertificateEntry[1]; chain[0] = new X509CertificateEntry(cert); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); store.SetKeyEntry( certificateCreationSettings.FriendlyName != null ? certificateCreationSettings.FriendlyName : string.Empty, new AsymmetricKeyEntry(keyPair.Private), chain); using (MemoryStream stream = new MemoryStream()) { store.Save(stream, _password.ToCharArray(), _random); container.Pfx = stream.ToArray(); } X509Certificate2 outputCert; if (isAuthority) { // don't hand out the private key for the cert when it's the authority outputCert = new X509Certificate2(cert.GetEncoded()); } else { // Otherwise, allow encode with the private key. note that X509Certificate2.RawData will not provide the private key // you will have to re-export this cert if needed outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); } container.Subject = subject; container.InternalCertificate = cert; container.Certificate = outputCert; container.Thumbprint = outputCert.Thumbprint; Trace.WriteLine("[CertificateGenerator] generated a certificate:"); Trace.WriteLine(string.Format(" {0} = {1}", "isAuthority", isAuthority)); if (!isAuthority) { Trace.WriteLine(string.Format(" {0} = {1}", "Signed by", signingCertificate.SubjectDN)); Trace.WriteLine(string.Format(" {0} = {1}", "Subject (CN) ", subject)); Trace.WriteLine(string.Format(" {0} = {1}", "Subject Alt names ", string.Join(", ", subjectAlternativeNames))); Trace.WriteLine(string.Format(" {0} = {1}", "Friendly Name ", certificateCreationSettings.FriendlyName)); } Trace.WriteLine(string.Format(" {0} = {1}", "HasPrivateKey:", outputCert.HasPrivateKey)); Trace.WriteLine(string.Format(" {0} = {1}", "Thumbprint", outputCert.Thumbprint)); Trace.WriteLine(string.Format(" {0} = {1}", "CertificateValidityType", certificateCreationSettings.ValidityType)); return(container); }
// Only the ctor should be calling with isAuthority = true // if isAuthority, value for isMachineCert doesn't matter private X509CertificateContainer CreateCertificate(bool isAuthority, bool isMachineCert, X509Certificate signingCertificate, params string[] subjects) { if (!isAuthority ^ (signingCertificate != null)) { throw new ArgumentException("Either isAuthority == true or signingCertificate is not null"); } if (!isAuthority && (subjects == null || subjects.Length == 0)) { throw new ArgumentException("If not creating an authority, must specify at least one Subject", "subjects"); } if (!isAuthority && string.IsNullOrWhiteSpace(subjects[0])) { throw new ArgumentException("Certificate Subject must not be an empty string or only whitespace", "subjects"); } EnsureInitialized(); _certGenerator.Reset(); _certGenerator.SetSignatureAlgorithm(_signatureAlthorithm); X509Name authorityX509Name = CreateX509Name(_authorityCanonicalName); var keyPair = isAuthority ? _authorityKeyPair : _keyPairGenerator.GenerateKeyPair(); if (isAuthority) { _certGenerator.SetIssuerDN(authorityX509Name); _certGenerator.SetSubjectDN(authorityX509Name); var authorityKeyIdentifier = new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(_authorityKeyPair.Public), new GeneralNames(new GeneralName(authorityX509Name)), new BigInteger(7, _random).Abs()); _certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, authorityKeyIdentifier); _certGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyAgreement | X509KeyUsage.KeyCertSign | X509KeyUsage.KeyEncipherment | X509KeyUsage.CrlSign)); } else { X509Name subjectName = CreateX509Name(subjects[0]); _certGenerator.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(signingCertificate)); _certGenerator.SetSubjectDN(subjectName); _certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, true, new AuthorityKeyIdentifierStructure(_authorityKeyPair.Public)); _certGenerator.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(X509KeyUsage.DigitalSignature | X509KeyUsage.KeyAgreement | X509KeyUsage.KeyEncipherment)); } _certGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public)); _certGenerator.SetSerialNumber(new BigInteger(64 /*sizeInBits*/, _random).Abs()); _certGenerator.SetNotBefore(_validityNotBefore); _certGenerator.SetNotAfter(_validityNotAfter); _certGenerator.SetPublicKey(keyPair.Public); _certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(isAuthority)); _certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.IdKPClientAuth)); if (!isAuthority) { if (isMachineCert) { List <Asn1Encodable> subjectAlternativeNames = new List <Asn1Encodable>(); // All endpoints should also be in the Subject Alt Names for (int i = 0; i < subjects.Length; i++) { if (!string.IsNullOrWhiteSpace(subjects[i])) { // Machine certs can have additional DNS names subjectAlternativeNames.Add(new GeneralName(GeneralName.DnsName, subjects[i])); } } _certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new DerSequence(subjectAlternativeNames.ToArray())); } else { if (subjects.Length > 1) { var subjectAlternativeNames = new Asn1EncodableVector(); // Only add a SAN for the user if there are any for (int i = 1; i < subjects.Length; i++) { if (!string.IsNullOrWhiteSpace(subjects[i])) { Asn1EncodableVector otherNames = new Asn1EncodableVector(); otherNames.Add(new DerObjectIdentifier(_upnObjectId)); otherNames.Add(new DerTaggedObject(true, 0, new DerUtf8String(subjects[i]))); Asn1Object genName = new DerTaggedObject(false, 0, new DerSequence(otherNames)); subjectAlternativeNames.Add(genName); } } _certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, true, new DerSequence(subjectAlternativeNames)); } } } var crlDistributionPoints = new DistributionPoint[1] { new DistributionPoint(new DistributionPointName( new GeneralNames(new GeneralName(GeneralName.UniformResourceIdentifier, _crlUri))), null, new GeneralNames(new GeneralName(authorityX509Name))) }; var revocationListExtension = new CrlDistPoint(crlDistributionPoints); _certGenerator.AddExtension(X509Extensions.CrlDistributionPoints, false, revocationListExtension); X509Certificate cert = _certGenerator.Generate(_authorityKeyPair.Private, _random); EnsureCertificateValidity(cert); // For now, given that we don't know what format to return it in, preserve the formats so we have // the flexibility to do what we need to X509CertificateContainer container = new X509CertificateContainer(); X509CertificateEntry[] chain = new X509CertificateEntry[1]; chain[0] = new X509CertificateEntry(cert); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); store.SetKeyEntry("", new AsymmetricKeyEntry(keyPair.Private), chain); using (MemoryStream stream = new MemoryStream()) { store.Save(stream, _password.ToCharArray(), _random); container.Pfx = stream.ToArray(); } X509Certificate2 outputCert; if (isAuthority) { // don't hand out the private key for the cert when it's the authority outputCert = new X509Certificate2(cert.GetEncoded()); } else { // Otherwise, allow encode with the private key. note that X509Certificate2.RawData will not provide the private key // you will have to re-export this cert if needed outputCert = new X509Certificate2(container.Pfx, _password, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); } container.Subject = subjects[0]; container.InternalCertificate = cert; container.Certificate = outputCert; container.Thumbprint = outputCert.Thumbprint; Trace.WriteLine("[CertificateGenerator] generated a certificate:"); Trace.WriteLine(string.Format(" {0} = {1}", "isAuthority", isAuthority)); if (!isAuthority) { Trace.WriteLine(string.Format(" {0} = {1}", "Signed by", signingCertificate.SubjectDN)); Trace.WriteLine(string.Format(" {0} = {1}", "Subject (CN) ", subjects[0])); Trace.WriteLine(string.Format(" {0} = {1}", "Alt names ", string.Join(", ", subjects))); } Trace.WriteLine(string.Format(" {0} = {1}", "HasPrivateKey:", outputCert.HasPrivateKey)); Trace.WriteLine(string.Format(" {0} = {1}", "Thumbprint", outputCert.Thumbprint)); return(container); }
public override string ToString() { StringBuilder stringBuilder = new StringBuilder(); string newLine = Platform.NewLine; stringBuilder.Append(" Version: ").Append(Version).Append(newLine); stringBuilder.Append(" IssuerDN: ").Append(IssuerDN).Append(newLine); stringBuilder.Append(" This update: ").Append(ThisUpdate).Append(newLine); stringBuilder.Append(" Next update: ").Append(NextUpdate).Append(newLine); stringBuilder.Append(" Signature Algorithm: ").Append(SigAlgName).Append(newLine); byte[] signature = GetSignature(); stringBuilder.Append(" Signature: "); stringBuilder.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine); for (int i = 20; i < signature.Length; i += 20) { int length = Math.Min(20, signature.Length - i); stringBuilder.Append(" "); stringBuilder.Append(Hex.ToHexString(signature, i, length)).Append(newLine); } X509Extensions extensions = c.TbsCertList.Extensions; if (extensions != null) { IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator(); if (enumerator.MoveNext()) { stringBuilder.Append(" Extensions: ").Append(newLine); } do { DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.Current; X509Extension extension = extensions.GetExtension(derObjectIdentifier); if (extension.Value != null) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(extension.Value); stringBuilder.Append(" critical(").Append(extension.IsCritical).Append(") "); try { if (derObjectIdentifier.Equals(X509Extensions.CrlNumber)) { stringBuilder.Append(new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine); } else if (derObjectIdentifier.Equals(X509Extensions.DeltaCrlIndicator)) { stringBuilder.Append("Base CRL: " + new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine); } else if (derObjectIdentifier.Equals(X509Extensions.IssuingDistributionPoint)) { stringBuilder.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine); } else if (derObjectIdentifier.Equals(X509Extensions.CrlDistributionPoints)) { stringBuilder.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine); } else if (derObjectIdentifier.Equals(X509Extensions.FreshestCrl)) { stringBuilder.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine); } else { stringBuilder.Append(derObjectIdentifier.Id); stringBuilder.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)).Append(newLine); } } catch (Exception) { stringBuilder.Append(derObjectIdentifier.Id); stringBuilder.Append(" value = ").Append("*****").Append(newLine); } } else { stringBuilder.Append(newLine); } }while (enumerator.MoveNext()); } ISet revokedCertificates = GetRevokedCertificates(); if (revokedCertificates != null) { foreach (X509CrlEntry item in revokedCertificates) { stringBuilder.Append(item); stringBuilder.Append(newLine); } } return(stringBuilder.ToString()); }
static void Main(string[] args) { foreach (string s in args) { if (s.StartsWith("-out:")) { outputfile = s.Replace("-out:", ""); } if (s.StartsWith("-in:")) { certfile = s.Replace("-in:", ""); } } if (outputfile != "stdout") { str = new StreamWriter(outputfile, false); } System.Security.Cryptography.X509Certificates.X509Certificate2 cer = new System.Security.Cryptography.X509Certificates.X509Certificate2(File.ReadAllBytes(certfile)); Al.Security.X509.X509Certificate CERT = Al.Security.Security.DotNetUtilities.FromX509Certificate(cer); Print("Certificate"); Print(" Data"); Print(" Version : " + cer.Version.ToString()); Print(" Valid : " + cer.Verify().ToString()); Print(" Serial Number:"); Print(" " + cer.SerialNumber); Print(" Signature Algorithm : "); Print(" " + cer.SignatureAlgorithm.FriendlyName); Print(" Issuer : " + cer.Issuer); Print(" Validity : "); Print(" Not Before : " + GetRFC822Date(cer.NotBefore)); Print(" Not After : " + GetRFC822Date(cer.NotAfter)); Print(" Subject : " + cer.Subject); Print(" Subject Public Key Info:"); Print(" Public Key Exchange Algorithm: " + cer.PublicKey.Key.KeyExchangeAlgorithm); Print(" Public Key: " + cer.PublicKey.Key.KeySize.ToString() + " bit"); Print(" Modulus:"); Print(cer.GetPublicKey(), " "); if (CERT.GetPublicKey() is Al.Security.Crypto.Parameters.RsaKeyParameters) { RsaKeyParameters rsa = (RsaKeyParameters)CERT.GetPublicKey(); Print(" Exponent:" + rsa.Exponent); } else if (CERT.GetPublicKey() is Al.Security.Crypto.Parameters.DsaKeyParameters) { DsaKeyParameters dsa = (DsaKeyParameters)CERT.GetPublicKey(); Print(" DSA Parameters:"); Print(" G:"); Print(" " + dsa.Parameters.G.ToString()); Print(" P:"); Print(" " + dsa.Parameters.P.ToString()); Print(" Q:"); Print(" " + dsa.Parameters.Q.ToString()); } // Extensions Print(" X509 Extensions"); string extab = " "; bool critical = true; foreach (string oid in CERT.GetCriticalExtensionOids()) { Print(" "); X509Extension ext = new X509Extension(true, CERT.GetExtensionValue(oid)); if (oid == X509Extensions.BasicConstraints.Id) { BasicConstraints bc = BasicConstraints.GetInstance(ext); Print(extab + "Basic Constraints Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " CA:" + bc.IsCA().ToString()); if (bc.PathLenConstraint != null) { Print(extab + " Path Length:" + bc.PathLenConstraint.ToString()); } else { Print(extab + " Path Length:Null"); } } else if (oid == X509Extensions.KeyUsage.Id) { KeyUsage keyu = KeyUsage.GetInstance(ext); Print(extab + "Key Usage Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Key Usages:" + keyu.ToString()); } else if (oid == X509Extensions.ExtendedKeyUsage.Id) { ExtendedKeyUsage keyu = ExtendedKeyUsage.GetInstance(ext); Print(extab + "Extended Key Usage Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Extended Key Usages:"); foreach (DerObjectIdentifier id in keyu.GetAllUsages()) { Print(extab + " " + id.Id); } } else if (oid == X509Extensions.SubjectKeyIdentifier.Id) { SubjectKeyIdentifier keyu = SubjectKeyIdentifier.GetInstance(ext); Print(extab + "Subject Key Identifier Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Key Identifier:"); Print(keyu.GetKeyIdentifier(), extab + " "); } else if (oid == X509Extensions.AuthorityKeyIdentifier.Id) { AuthorityKeyIdentifier keyu = AuthorityKeyIdentifier.GetInstance(ext); Print(extab + "Authority Key Identifier Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Key Identifier:"); Print(keyu.GetKeyIdentifier(), extab + " "); } else if (oid == X509Extensions.SubjectAlternativeName.Id) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value); GeneralNames keyu = GeneralNames.GetInstance(asn1Object); Print(extab + "Subject Alternative Name Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " General Names:"); foreach (GeneralName gen in keyu.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + " " + gen.Name); } } else if (oid == X509Extensions.IssuerAlternativeName.Id) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value); GeneralNames keyu = GeneralNames.GetInstance(asn1Object); Print(extab + "Issuer Alternative Name Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " General Names:"); foreach (GeneralName gen in keyu.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + " " + gen.Name); } } else if (oid == X509Extensions.AuthorityInfoAccess.Id) { AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext); Print(extab + "Authority Information Access Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Access Descriptions:"); foreach (AccessDescription acc in keyu.GetAccessDescriptions()) { Print(extab + " Method:" + acc.AccessMethod.Id); GeneralName gen = acc.AccessLocation; string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " Access Location:" + tagname + "=" + gen.Name); } } else if (oid == X509Extensions.SubjectInfoAccess.Id) { AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext); Print(extab + "Subject Information Access Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Access Descriptions:"); foreach (AccessDescription acc in keyu.GetAccessDescriptions()) { Print(extab + " Method:" + acc.AccessMethod.Id); GeneralName gen = acc.AccessLocation; string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " Access Location:" + tagname + "=" + gen.Name); } } else if (oid == X509Extensions.CrlDistributionPoints.Id) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value); CrlDistPoint keyu = CrlDistPoint.GetInstance(asn1Object); Print(extab + "Crl Distribution Points Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Distribution Points:"); foreach (DistributionPoint acc in keyu.GetDistributionPoints()) { if (acc.Reasons != null) { Print(extab + " Reasons:" + acc.Reasons.GetString()); } else { Print(extab + " Reasons:Null"); } if (acc.CrlIssuer != null) { Print(extab + " Crl Issuer:"); foreach (GeneralName gen in acc.CrlIssuer.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + ": " + gen.Name); } } else { Print(extab + " Crl Issuer:Null"); } Print(extab + " Distribution Point Name:"); if (acc.DistributionPointName.PointType == DistributionPointName.FullName) { GeneralNames sgen = GeneralNames.GetInstance(acc.DistributionPointName.Name); foreach (GeneralName gen in sgen.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + " " + gen.Name); } } else { Print(extab + " Not Supported by OCT"); } } } } critical = false; foreach (string oid in CERT.GetNonCriticalExtensionOids()) { Print(" "); X509Extension ext = new X509Extension(true, CERT.GetExtensionValue(oid)); if (oid == X509Extensions.BasicConstraints.Id) { BasicConstraints bc = BasicConstraints.GetInstance(ext); Print(extab + "Basic Constraints Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " CA:" + bc.IsCA().ToString()); if (bc.PathLenConstraint != null) { Print(extab + " Path Length:" + bc.PathLenConstraint.ToString()); } else { Print(extab + " Path Length:Null"); } } else if (oid == X509Extensions.KeyUsage.Id) { KeyUsage keyu = KeyUsage.GetInstance(ext); Print(extab + "Key Usage Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Key Usages:" + keyu.ToString()); } else if (oid == X509Extensions.ExtendedKeyUsage.Id) { ExtendedKeyUsage keyu = ExtendedKeyUsage.GetInstance(ext); Print(extab + "Extended Key Usage Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Extended Key Usages:"); foreach (DerObjectIdentifier id in keyu.GetAllUsages()) { Print(extab + " " + id.Id); } } else if (oid == X509Extensions.SubjectKeyIdentifier.Id) { SubjectKeyIdentifier keyu = SubjectKeyIdentifier.GetInstance(ext); Print(extab + "Subject Key Identifier Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Key Identifier:"); Print(keyu.GetKeyIdentifier(), extab + " "); } else if (oid == X509Extensions.AuthorityKeyIdentifier.Id) { AuthorityKeyIdentifier keyu = AuthorityKeyIdentifier.GetInstance(ext); Print(extab + "Authority Key Identifier Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Key Identifier:"); Print(keyu.GetKeyIdentifier(), extab + " "); } else if (oid == X509Extensions.SubjectAlternativeName.Id) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value); GeneralNames keyu = GeneralNames.GetInstance(asn1Object); Print(extab + "Subject Alternative Name Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " General Names:"); foreach (GeneralName gen in keyu.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + " " + gen.Name); } } else if (oid == X509Extensions.IssuerAlternativeName.Id) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value); GeneralNames keyu = GeneralNames.GetInstance(asn1Object); Print(extab + "Issuer Alternative Name Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " General Names:"); foreach (GeneralName gen in keyu.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + " " + gen.Name); } } else if (oid == X509Extensions.AuthorityInfoAccess.Id) { AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext); Print(extab + "Authority Information Access Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Access Descriptions:"); foreach (AccessDescription acc in keyu.GetAccessDescriptions()) { Print(extab + " Method:" + acc.AccessMethod.Id); GeneralName gen = acc.AccessLocation; string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " Access Location:" + tagname + "=" + gen.Name); } } else if (oid == X509Extensions.SubjectInfoAccess.Id) { AuthorityInformationAccess keyu = AuthorityInformationAccess.GetInstance(ext); Print(extab + "Subject Information Access Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Access Descriptions:"); foreach (AccessDescription acc in keyu.GetAccessDescriptions()) { Print(extab + " Method:" + acc.AccessMethod.Id); GeneralName gen = acc.AccessLocation; string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " Access Location:" + tagname + "=" + gen.Name); } } else if (oid == X509Extensions.CrlDistributionPoints.Id) { Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(ext.Value); CrlDistPoint keyu = CrlDistPoint.GetInstance(asn1Object); Print(extab + "Crl Distribution Points Extension"); Print(extab + " Critical:" + critical.ToString()); Print(extab + " Distribution Points:"); foreach (DistributionPoint acc in keyu.GetDistributionPoints()) { if (acc.Reasons != null) { Print(extab + " Reasons:" + acc.Reasons.GetString()); } else { Print(extab + " Reasons:Null"); } if (acc.CrlIssuer != null) { Print(extab + " Crl Issuer:"); foreach (GeneralName gen in acc.CrlIssuer.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + ": " + gen.Name); } } else { Print(extab + " Crl Issuer:Null"); } Print(extab + " Distribution Point Name:"); if (acc.DistributionPointName.PointType == DistributionPointName.FullName) { GeneralNames sgen = GeneralNames.GetInstance(acc.DistributionPointName.Name); foreach (GeneralName gen in sgen.GetNames()) { string tagname = "Dns Name:"; if (gen.TagNo == GeneralName.EdiPartyName) { tagname = "Edi Party Name:"; } else if (gen.TagNo == GeneralName.IPAddress) { tagname = "IP Address:"; } else if (gen.TagNo == GeneralName.OtherName) { tagname = "Other Name:"; } else if (gen.TagNo == GeneralName.RegisteredID) { tagname = "Registered ID:"; } else if (gen.TagNo == GeneralName.Rfc822Name) { tagname = "Rfc822 Name:"; } else if (gen.TagNo == GeneralName.UniformResourceIdentifier) { tagname = "URI:"; } else if (gen.TagNo == GeneralName.X400Address) { tagname = "X400 Address:"; } else if (gen.TagNo == GeneralName.DirectoryName) { tagname = "Directory Name:"; } Print(extab + " " + tagname + " " + gen.Name); } } else { Print(extab + " Not Supported by OCT"); } } } } // Signature Print(" Signature Algorithm: " + cer.SignatureAlgorithm.FriendlyName + " " + (CERT.GetSignature().Length * 8) + " bit"); Print(CERT.GetSignature(), " "); Print(" SHA1 Fingerprint : "); Print(Sha1(CERT.GetEncoded()), " "); Print(" SHA224 Fingerprint : "); Print(Sha224(CERT.GetEncoded()), " "); Print(" SHA256 Fingerprint : "); Print(Sha256(CERT.GetEncoded()), " "); Print(" SHA384 Fingerprint : "); Print(Sha384(CERT.GetEncoded()), " "); Print(" SHA512 Fingerprint : "); Print(Sha512(CERT.GetEncoded()), " "); Print(" MD5 Fingerprint : "); Print(MD5(CERT.GetEncoded()), " "); Print("Issuer Base64:" + Convert.ToBase64String(CERT.IssuerDN.GetDerEncoded())); Print("Subject Base64:" + Convert.ToBase64String(CERT.SubjectDN.GetDerEncoded())); Print("Serial Base64:" + Convert.ToBase64String(CERT.SerialNumber.ToByteArray())); if (outputfile == "stdout") { Console.Read(); } else { str.Close(); } }
public void CheckCertificate( int id, byte[] cert) { Asn1Object seq = Asn1Object.FromByteArray(cert); string dump = Asn1Dump.DumpAsString(seq); X509CertificateStructure obj = X509CertificateStructure.GetInstance(seq); TbsCertificateStructure tbsCert = obj.TbsCertificate; if (!tbsCert.Subject.ToString().Equals(subjects[id - 1])) { Fail("failed subject test for certificate id " + id + " got " + tbsCert.Subject.ToString()); } if (tbsCert.Version >= 3) { X509Extensions ext = tbsCert.Extensions; if (ext != null) { foreach (DerObjectIdentifier oid in ext.ExtensionOids) { X509Extension extVal = ext.GetExtension(oid); Asn1Object extObj = Asn1Object.FromByteArray(extVal.Value.GetOctets()); if (oid.Equals(X509Extensions.SubjectKeyIdentifier)) { SubjectKeyIdentifier.GetInstance(extObj); } else if (oid.Equals(X509Extensions.KeyUsage)) { KeyUsage.GetInstance(extObj); } else if (oid.Equals(X509Extensions.ExtendedKeyUsage)) { ExtendedKeyUsage ku = ExtendedKeyUsage.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)ku.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { KeyPurposeID.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.SubjectAlternativeName)) { GeneralNames gn = GeneralNames.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { GeneralName.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.IssuerAlternativeName)) { GeneralNames gn = GeneralNames.GetInstance(extObj); Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object(); for (int i = 0; i != sq.Count; i++) { GeneralName.GetInstance(sq[i]); } } else if (oid.Equals(X509Extensions.CrlDistributionPoints)) { CrlDistPoint p = CrlDistPoint.GetInstance(extObj); DistributionPoint[] points = p.GetDistributionPoints(); for (int i = 0; i != points.Length; i++) { // do nothing } } else if (oid.Equals(X509Extensions.CertificatePolicies)) { Asn1Sequence cp = (Asn1Sequence)extObj; for (int i = 0; i != cp.Count; i++) { PolicyInformation.GetInstance(cp[i]); } } else if (oid.Equals(X509Extensions.AuthorityKeyIdentifier)) { AuthorityKeyIdentifier.GetInstance(extObj); } else if (oid.Equals(X509Extensions.BasicConstraints)) { BasicConstraints.GetInstance(extObj); } else { //Console.WriteLine(oid.Id); } } } } }
EsitoVerifica controllaCrlCert(X509Certificate cert, string cachePath, bool force = false) { //usiamo l'ev solo per i dati di revoca EsitoVerifica ev = new EsitoVerifica(); string CN = cert.SubjectDN.GetValues(X509Name.CN).Cast <string>().FirstOrDefault(); string SN = cert.SubjectDN.GetValues(X509Name.SerialNumber).Cast <string>().FirstOrDefault(); X509Extensions ex = X509Extensions.GetInstance(cert.CertificateStructure.TbsCertificate.Extensions); X509Extension e = ex.GetExtension(X509Extensions.CrlDistributionPoints); if (e == null) { string msg = "CRL distribution points NOT PRESENT in certificate structure"; logger.Debug(msg); ev.status = EsitoVerificaStatus.ErroreGenerico; ev.errorCode = "1411";//nonposso scaricare la CRL ev.message = msg; return(ev); } var crldp = CrlDistPoint.GetInstance(e.GetParsedValue()); List <String> certDpUrlLst = GetCrlDistribtionPoints(crldp); ev.status = EsitoVerificaStatus.Valid; ev.SubjectCN = CN; ev.SubjectDN = SN; int downloadsTrials = 0; List <String> errorLst = new List <string>(); foreach (string url in certDpUrlLst) { try { Uri tryUri = new Uri(url); } catch { logger.ErrorFormat("Unable to download/process CRL URL : {0}", url); continue; } try { X509Crl rootCrl = retreiveCrlUrl(url, cachePath, force); downloadsTrials++; if (rootCrl.IsRevoked(cert)) { X509CrlEntry entry = rootCrl.GetRevokedCertificate(cert.CertificateStructure.SerialNumber.Value); ev.dataRevocaCertificato = entry.RevocationDate; logger.DebugFormat("Certificate {0} : {1} with serial {2} is Revoked on {3}", CN, SN, BitConverter.ToString(entry.SerialNumber.ToByteArray()), ev.dataRevocaCertificato); ev.content = entry.SerialNumber.ToByteArray(); ev.errorCode = "1408"; ev.status = EsitoVerificaStatus.Revoked; break; } } catch (Exception exc) { logger.ErrorFormat("Unable to download/process CRL message {0} stack {1} on Download Trial {2}", exc.Message, exc.StackTrace, downloadsTrials); errorLst.Add(exc.Message); } } string ErrorMessage = string.Empty; if ((errorLst.Count > 0) && downloadsTrials == 0) { foreach (string s in errorLst) { ErrorMessage += s + " | "; } } if (!string.IsNullOrEmpty(ErrorMessage)) { ev.status = EsitoVerificaStatus.ErroreGenerico; ev.errorCode = "1411";//nonposso scaricare la CRL ev.message = "Unable to download/process CRL message:" + ErrorMessage; } return(ev); }
internal static void CheckCrls(IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts) { if (paramsPKIX.IsRevocationEnabled) { if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null) { CrlDistPoint crlDistPoint = null; try { crlDistPoint = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(attrCert, X509Extensions.CrlDistributionPoints)); } catch (Exception cause) { throw new PkixCertPathValidatorException("CRL distribution point extension could not be read.", cause); } try { PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(crlDistPoint, paramsPKIX); } catch (Exception cause2) { throw new PkixCertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", cause2); } CertStatus certStatus = new CertStatus(); ReasonsMask reasonsMask = new ReasonsMask(); Exception cause3 = null; bool flag = false; if (crlDistPoint != null) { DistributionPoint[] array = null; try { array = crlDistPoint.GetDistributionPoints(); } catch (Exception cause4) { throw new PkixCertPathValidatorException("Distribution points could not be read.", cause4); } try { int num = 0; while (num < array.Length && certStatus.Status == 11 && !reasonsMask.IsAllReasons) { PkixParameters paramsPKIX2 = (PkixParameters)paramsPKIX.Clone(); Rfc3281CertPathUtilities.CheckCrl(array[num], attrCert, paramsPKIX2, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); flag = true; num++; } } catch (Exception innerException) { cause3 = new Exception("No valid CRL for distribution point found.", innerException); } } if (certStatus.Status == 11 && !reasonsMask.IsAllReasons) { try { Asn1Object name = null; try { name = new Asn1InputStream(attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject(); } catch (Exception innerException2) { throw new Exception("Issuer from certificate for CRL could not be reencoded.", innerException2); } DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(4, name))), null, null); PkixParameters paramsPKIX3 = (PkixParameters)paramsPKIX.Clone(); Rfc3281CertPathUtilities.CheckCrl(dp, attrCert, paramsPKIX3, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); flag = true; } catch (Exception innerException3) { cause3 = new Exception("No valid CRL for distribution point found.", innerException3); } } if (!flag) { throw new PkixCertPathValidatorException("No valid CRL found.", cause3); } if (certStatus.Status != 11) { string str = certStatus.RevocationDate.Value.ToString("ddd MMM dd HH:mm:ss K yyyy"); string text = "Attribute certificate revocation after " + str; text = text + ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status]; throw new PkixCertPathValidatorException(text); } if (!reasonsMask.IsAllReasons && certStatus.Status == 11) { certStatus.Status = 12; } if (certStatus.Status == 12) { throw new PkixCertPathValidatorException("Attribute certificate status could not be determined."); } } else if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null) { throw new PkixCertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer."); } } }