public override string ToString()
{
StringBuilder builder = new StringBuilder();
string newLine = Platform.NewLine;
builder.Append(" Version: ").Append(this.Version).Append(newLine);
builder.Append(" IssuerDN: ").Append(this.IssuerDN).Append(newLine);
builder.Append(" This update: ").Append(this.ThisUpdate).Append(newLine);
builder.Append(" Next update: ").Append(this.NextUpdate).Append(newLine);
builder.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(newLine);
byte[] signature = this.GetSignature();
builder.Append(" Signature: ");
builder.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine);
for (int i = 20; i < signature.Length; i += 20)
{
int length = Math.Min(20, signature.Length - i);
builder.Append(" ");
builder.Append(Hex.ToHexString(signature, i, length)).Append(newLine);
}
X509Extensions extensions = this.c.TbsCertList.Extensions;
if (extensions != null)
{
IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
builder.Append(" Extensions: ").Append(newLine);
}
do
{
DerObjectIdentifier current = (DerObjectIdentifier)enumerator.Current;
X509Extension extension = extensions.GetExtension(current);
if (extension.Value != null)
{
Asn1Object obj2 = X509ExtensionUtilities.FromExtensionValue(extension.Value);
builder.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (current.Equals(X509Extensions.CrlNumber))
{
builder.Append(new CrlNumber(DerInteger.GetInstance(obj2).PositiveValue)).Append(newLine);
}
else if (current.Equals(X509Extensions.DeltaCrlIndicator))
{
builder.Append("Base CRL: " + new CrlNumber(DerInteger.GetInstance(obj2).PositiveValue)).Append(newLine);
}
else if (current.Equals(X509Extensions.IssuingDistributionPoint))
{
builder.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
}
else if (current.Equals(X509Extensions.CrlDistributionPoints))
{
builder.Append(CrlDistPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
}
else if (current.Equals(X509Extensions.FreshestCrl))
{
builder.Append(CrlDistPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
}
else
{
builder.Append(current.Id);
builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2)).Append(newLine);
}
}
catch (Exception)
{
builder.Append(current.Id);
builder.Append(" value = ").Append("*****").Append(newLine);
}
}
else
{
builder.Append(newLine);
}
}while (enumerator.MoveNext());
}
ISet revokedCertificates = this.GetRevokedCertificates();
if (revokedCertificates != null)
{
IEnumerator enumerator = revokedCertificates.GetEnumerator();
try
{
while (enumerator.MoveNext())
{
X509CrlEntry current = (X509CrlEntry)enumerator.Current;
builder.Append(current);
builder.Append(newLine);
}
}
finally
{
if (enumerator is IDisposable disposable)
{
IDisposable disposable;
disposable.Dispose();
}
}
}
return(builder.ToString());
}
/**
* Returns a string representation of this CRL.
*
* @return a string representation of this CRL.
*/
public override string ToString()
{
StringBuilder buf = new StringBuilder();
string nl = Platform.NewLine;
buf.Append(" Version: ").Append(this.Version).Append(nl);
buf.Append(" IssuerDN: ").Append(this.IssuerDN).Append(nl);
buf.Append(" This update: ").Append(this.ThisUpdate).Append(nl);
buf.Append(" Next update: ").Append(this.NextUpdate).Append(nl);
buf.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(nl);
byte[] sig = this.GetSignature();
buf.Append(" Signature: ");
buf.Append(Hex.ToHexString(sig, 0, 20)).Append(nl);
for (int i = 20; i < sig.Length; i += 20)
{
int count = System.Math.Min(20, sig.Length - i);
buf.Append(" ");
buf.Append(Hex.ToHexString(sig, i, count)).Append(nl);
}
X509Extensions extensions = c.TbsCertList.Extensions;
if (extensions != null)
{
IEnumerator e = extensions.ExtensionOids.GetEnumerator();
if (e.MoveNext())
{
buf.Append(" Extensions: ").Append(nl);
}
do
{
DerObjectIdentifier oid = (DerObjectIdentifier)e.Current;
X509Extension ext = extensions.GetExtension(oid);
if (ext.Value != null)
{
Asn1Object asn1Value = X509ExtensionUtilities.FromExtensionValue(ext.Value);
buf.Append(" critical(").Append(ext.IsCritical).Append(") ");
try
{
if (oid.Equals(X509Extensions.CrlNumber))
{
buf.Append(new CrlNumber(DerInteger.GetInstance(asn1Value).PositiveValue)).Append(nl);
}
else if (oid.Equals(X509Extensions.DeltaCrlIndicator))
{
buf.Append(
"Base CRL: "
+ new CrlNumber(DerInteger.GetInstance(
asn1Value).PositiveValue))
.Append(nl);
}
else if (oid.Equals(X509Extensions.IssuingDistributionPoint))
{
buf.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl);
}
else if (oid.Equals(X509Extensions.CrlDistributionPoints))
{
buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl);
}
else if (oid.Equals(X509Extensions.FreshestCrl))
{
buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl);
}
else
{
buf.Append(oid.Id);
buf.Append(" value = ").Append(
Asn1Dump.DumpAsString(asn1Value))
.Append(nl);
}
}
catch (Exception)
{
buf.Append(oid.Id);
buf.Append(" value = ").Append("*****").Append(nl);
}
}
else
{
buf.Append(nl);
}
}while (e.MoveNext());
}
ISet certSet = GetRevokedCertificates();
if (certSet != null)
{
foreach (X509CrlEntry entry in certSet)
{
buf.Append(entry);
buf.Append(nl);
}
}
return(buf.ToString());
}
/**
* Checks if an attribute certificate is revoked.
*
* @param attrCert Attribute certificate to check if it is revoked.
* @param paramsPKIX PKIX parameters.
* @param issuerCert The issuer certificate of the attribute certificate
* <code>attrCert</code>.
* @param validDate The date when the certificate revocation status should
* be checked.
* @param certPathCerts The certificates of the certification path to be
* checked.
*
* @throws CertPathValidatorException if the certificate is revoked or the
* status cannot be checked or some error occurs.
*/
internal static void CheckCrls(
IX509AttributeCertificate attrCert,
PkixParameters paramsPKIX,
X509Certificate issuerCert,
DateTime validDate,
IList certPathCerts)
{
if (paramsPKIX.IsRevocationEnabled)
{
// check if revocation is available
if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
{
CrlDistPoint crldp = null;
try
{
crldp = CrlDistPoint.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(
attrCert, X509Extensions.CrlDistributionPoints));
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"CRL distribution point extension could not be read.", e);
}
try
{
PkixCertPathValidatorUtilities
.AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX);
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"No additional CRL locations could be decoded from CRL distribution point extension.", e);
}
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
Exception lastException = null;
bool validCrlFound = false;
// for each distribution point
if (crldp != null)
{
DistributionPoint[] dps = null;
try
{
dps = crldp.GetDistributionPoints();
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Distribution points could not be read.", e);
}
try
{
for (int i = 0; i < dps.Length &&
certStatus.Status == CertStatus.Unrevoked &&
!reasonsMask.IsAllReasons; i++)
{
PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX
.Clone();
CheckCrl(dps[i], attrCert, paramsPKIXClone,
validDate, issuerCert, certStatus, reasonsMask,
certPathCerts);
validCrlFound = true;
}
}
catch (Exception e)
{
lastException = new Exception(
"No valid CRL for distribution point found.", e);
}
}
/*
* If the revocation status has not been determined, repeat the
* process above with any available CRLs not specified in a
* distribution point but issued by the certificate issuer.
*/
if (certStatus.Status == CertStatus.Unrevoked &&
!reasonsMask.IsAllReasons)
{
try
{
/*
* assume a DP with both the reasons and the cRLIssuer
* fields omitted and a distribution point name of the
* certificate issuer.
*/
Asn1Object issuer = null;
try
{
issuer = new Asn1InputStream(
attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
}
catch (Exception e)
{
throw new Exception(
"Issuer from certificate for CRL could not be reencoded.",
e);
}
DistributionPoint dp = new DistributionPoint(
new DistributionPointName(0, new GeneralNames(
new GeneralName(GeneralName.DirectoryName, issuer))), null, null);
PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX.Clone();
CheckCrl(dp, attrCert, paramsPKIXClone, validDate,
issuerCert, certStatus, reasonsMask, certPathCerts);
validCrlFound = true;
}
catch (Exception e)
{
lastException = new Exception(
"No valid CRL for distribution point found.", e);
}
}
if (!validCrlFound)
{
throw new PkixCertPathValidatorException(
"No valid CRL found.", lastException);
}
if (certStatus.Status != CertStatus.Unrevoked)
{
// TODO This format is forced by the NistCertPath tests
string formattedDate = certStatus.RevocationDate.Value.ToString(
"G", System.util.Util.GetStandartEnUSLocale());
string message = "Attribute certificate revocation after "
+ formattedDate;
message += ", reason: "
+ Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
throw new PkixCertPathValidatorException(message);
}
if (!reasonsMask.IsAllReasons &&
certStatus.Status == CertStatus.Unrevoked)
{
certStatus.Status = CertStatus.Undetermined;
}
if (certStatus.Status == CertStatus.Undetermined)
{
throw new PkixCertPathValidatorException(
"Attribute certificate status could not be determined.");
}
}
else
{
if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null ||
attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
{
throw new PkixCertPathValidatorException(
"No rev avail extension is set, but also an AC revocation pointer.");
}
}
}
}
public void CheckCertificate(
int id,
byte[] cert)
{
Asn1Object seq = Asn1Object.FromByteArray(cert);
string dump = Asn1Dump.DumpAsString(seq);
X509CertificateStructure obj = X509CertificateStructure.GetInstance(seq);
TbsCertificateStructure tbsCert = obj.TbsCertificate;
if (!tbsCert.Subject.ToString().Equals(subjects[id - 1]))
{
Fail("failed subject test for certificate id " + id
+ " got " + tbsCert.Subject.ToString());
}
if (tbsCert.Version >= 3)
{
X509Extensions ext = tbsCert.Extensions;
if (ext != null)
{
foreach (DerObjectIdentifier oid in ext.ExtensionOids)
{
X509Extension extVal = ext.GetExtension(oid);
Asn1Object extObj = Asn1Object.FromByteArray(extVal.Value.GetOctets());
if (oid.Equals(X509Extensions.SubjectKeyIdentifier))
{
SubjectKeyIdentifier.GetInstance(extObj);
}
else if (oid.Equals(X509Extensions.KeyUsage))
{
KeyUsage.GetInstance(extObj);
}
else if (oid.Equals(X509Extensions.ExtendedKeyUsage))
{
ExtendedKeyUsage ku = ExtendedKeyUsage.GetInstance(extObj);
Asn1Sequence sq = (Asn1Sequence)ku.ToAsn1Object();
for (int i = 0; i != sq.Count; i++)
{
KeyPurposeID.GetInstance(sq[i]);
}
}
else if (oid.Equals(X509Extensions.SubjectAlternativeName))
{
GeneralNames gn = GeneralNames.GetInstance(extObj);
Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object();
for (int i = 0; i != sq.Count; i++)
{
GeneralName.GetInstance(sq[i]);
}
}
else if (oid.Equals(X509Extensions.IssuerAlternativeName))
{
GeneralNames gn = GeneralNames.GetInstance(extObj);
Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object();
for (int i = 0; i != sq.Count; i++)
{
GeneralName.GetInstance(sq[i]);
}
}
else if (oid.Equals(X509Extensions.CrlDistributionPoints))
{
CrlDistPoint p = CrlDistPoint.GetInstance(extObj);
DistributionPoint[] points = p.GetDistributionPoints();
for (int i = 0; i != points.Length; i++)
{
// do nothing
}
}
else if (oid.Equals(X509Extensions.CertificatePolicies))
{
Asn1Sequence cp = (Asn1Sequence)extObj;
for (int i = 0; i != cp.Count; i++)
{
PolicyInformation.GetInstance(cp[i]);
}
}
else if (oid.Equals(X509Extensions.AuthorityKeyIdentifier))
{
AuthorityKeyIdentifier.GetInstance(extObj);
}
else if (oid.Equals(X509Extensions.BasicConstraints))
{
BasicConstraints.GetInstance(extObj);
}
else
{
//Console.WriteLine(oid.Id);
}
}
}
}
}
public override string ToString()
{
StringBuilder stringBuilder = new StringBuilder();
string newLine = Platform.NewLine;
stringBuilder.Append(" Version: ").Append(this.Version).Append(newLine);
stringBuilder.Append(" IssuerDN: ").Append(this.IssuerDN).Append(newLine);
stringBuilder.Append(" This update: ").Append(this.ThisUpdate).Append(newLine);
stringBuilder.Append(" Next update: ").Append(this.NextUpdate).Append(newLine);
stringBuilder.Append(" Signature Algorithm: ").Append(this.SigAlgName).Append(newLine);
byte[] signature = this.GetSignature();
stringBuilder.Append(" Signature: ");
stringBuilder.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine);
for (int i = 20; i < signature.Length; i += 20)
{
int length = Math.Min(20, signature.Length - i);
stringBuilder.Append(" ");
stringBuilder.Append(Hex.ToHexString(signature, i, length)).Append(newLine);
}
X509Extensions extensions = this.c.TbsCertList.Extensions;
if (extensions != null)
{
IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
stringBuilder.Append(" Extensions: ").Append(newLine);
}
while (true)
{
DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.Current;
X509Extension extension = extensions.GetExtension(derObjectIdentifier);
if (extension.Value != null)
{
Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(extension.Value);
stringBuilder.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (derObjectIdentifier.Equals(X509Extensions.CrlNumber))
{
stringBuilder.Append(new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine);
}
else if (derObjectIdentifier.Equals(X509Extensions.DeltaCrlIndicator))
{
stringBuilder.Append("Base CRL: " + new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine);
}
else if (derObjectIdentifier.Equals(X509Extensions.IssuingDistributionPoint))
{
stringBuilder.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
}
else if (derObjectIdentifier.Equals(X509Extensions.CrlDistributionPoints))
{
stringBuilder.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
}
else if (derObjectIdentifier.Equals(X509Extensions.FreshestCrl))
{
stringBuilder.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
}
else
{
stringBuilder.Append(derObjectIdentifier.Id);
stringBuilder.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)).Append(newLine);
}
goto IL_2EC;
}
catch (Exception)
{
stringBuilder.Append(derObjectIdentifier.Id);
stringBuilder.Append(" value = ").Append("*****").Append(newLine);
goto IL_2EC;
}
goto IL_2E4;
}
goto IL_2E4;
IL_2EC:
if (!enumerator.MoveNext())
{
break;
}
continue;
IL_2E4:
stringBuilder.Append(newLine);
goto IL_2EC;
}
}
ISet revokedCertificates = this.GetRevokedCertificates();
if (revokedCertificates != null)
{
foreach (X509CrlEntry value in revokedCertificates)
{
stringBuilder.Append(value);
stringBuilder.Append(newLine);
}
}
return(stringBuilder.ToString());
}
/// <summary>
/// Gives back the CRL URI meta-data found within the given X509 certificate.
/// </summary>
/// <returns>
/// the CRL URI, or <code>null</code> if the extension is not present.
/// </returns>
public virtual string GetCrlUri(X509Certificate certificate)
{
Asn1OctetString crlDistributionPointsValue = certificate.GetExtensionValue(X509Extensions.CrlDistributionPoints);
if (null == crlDistributionPointsValue)
{
return(null);
}
Asn1Sequence seq;
try
{
DerOctetString oct;
//oct = (DEROctetString)(new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue
// )).ReadObject());
oct = (DerOctetString)crlDistributionPointsValue;
seq = (Asn1Sequence) new Asn1InputStream(oct.GetOctets()).ReadObject();
}
catch (IOException e)
{
throw new Exception("IO error: " + e.Message, e);
}
CrlDistPoint distPoint = CrlDistPoint.GetInstance(seq);
DistributionPoint[] distributionPoints = distPoint.GetDistributionPoints();
foreach (DistributionPoint distributionPoint in distributionPoints)
{
DistributionPointName distributionPointName = distributionPoint.DistributionPointName;
if (DistributionPointName.FullName != distributionPointName.PointType)
{
continue;
}
GeneralNames generalNames = (GeneralNames)distributionPointName.Name;
GeneralName[] names = generalNames.GetNames();
foreach (GeneralName name in names)
{
if (name.TagNo != GeneralName.UniformResourceIdentifier)
{
logger.Info("not a uniform resource identifier");
continue;
}
string str = null;
if (name.ToAsn1Object() is DerTaggedObject)
{
DerTaggedObject taggedObject = (DerTaggedObject)name.ToAsn1Object();
DerIA5String derStr = DerIA5String.GetInstance(taggedObject.GetObject());
str = derStr.GetString();
}
else
{
DerIA5String derStr = DerIA5String.GetInstance(name.ToAsn1Object());
str = derStr.GetString();
}
if (str != null && (str.StartsWith("http://") || str.StartsWith("https://")) &&
str.ToUpperInvariant().Contains("CRL")) //jbonilla - El URL del CRL para el BCE está en la tercera posición y solo se puede acceder desde HTTP.
{
return(str);
}
else
{
logger.Info("Supports only http:// and https:// protocol for CRL");
}
}
}
//jbonilla
#region BCE
if (certificate.SubjectDN.ToString()
.Contains("AC BANCO CENTRAL DEL ECUADOR"))
{
return(IntermediateAcUrl);
}
#endregion
return(null);
}
internal static void CheckCrls(IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts)
{
if (!paramsPKIX.IsRevocationEnabled)
{
return;
}
if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
{
CrlDistPoint crlDistPoint = null;
try
{
crlDistPoint = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(attrCert, X509Extensions.CrlDistributionPoints));
}
catch (Exception cause)
{
throw new PkixCertPathValidatorException("CRL distribution point extension could not be read.", cause);
}
try
{
PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(crlDistPoint, paramsPKIX);
}
catch (Exception cause2)
{
throw new PkixCertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", cause2);
}
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
Exception cause3 = null;
bool flag = false;
if (crlDistPoint != null)
{
DistributionPoint[] array = null;
try
{
array = crlDistPoint.GetDistributionPoints();
}
catch (Exception cause4)
{
throw new PkixCertPathValidatorException("Distribution points could not be read.", cause4);
}
try
{
for (int i = 0; i < array.Length; i++)
{
if (certStatus.Status != 11)
{
break;
}
if (reasonsMask.IsAllReasons)
{
break;
}
PkixParameters paramsPKIX2 = (PkixParameters)paramsPKIX.Clone();
CheckCrl(array[i], attrCert, paramsPKIX2, validDate, issuerCert, certStatus, reasonsMask, certPathCerts);
flag = true;
}
}
catch (Exception innerException)
{
cause3 = new Exception("No valid CRL for distribution point found.", innerException);
}
}
if (certStatus.Status == 11 && !reasonsMask.IsAllReasons)
{
try
{
Asn1Object asn1Object = null;
try
{
asn1Object = new Asn1InputStream(attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
}
catch (Exception innerException2)
{
throw new Exception("Issuer from certificate for CRL could not be reencoded.", innerException2);
}
DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(4, asn1Object))), null, null);
PkixParameters paramsPKIX3 = (PkixParameters)paramsPKIX.Clone();
CheckCrl(dp, attrCert, paramsPKIX3, validDate, issuerCert, certStatus, reasonsMask, certPathCerts);
flag = true;
}
catch (Exception innerException3)
{
cause3 = new Exception("No valid CRL for distribution point found.", innerException3);
}
}
if (!flag)
{
throw new PkixCertPathValidatorException("No valid CRL found.", cause3);
}
if (certStatus.Status != 11)
{
string str = certStatus.RevocationDate.Value.ToString("ddd MMM dd HH:mm:ss K yyyy");
string str2 = "Attribute certificate revocation after " + str;
str2 = str2 + ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
throw new PkixCertPathValidatorException(str2);
}
if (!reasonsMask.IsAllReasons && certStatus.Status == 11)
{
certStatus.Status = 12;
}
if (certStatus.Status == 12)
{
throw new PkixCertPathValidatorException("Attribute certificate status could not be determined.");
}
}
else if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
{
throw new PkixCertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
}
}