internal static void ProcessCertD1ii(int index, IList[] policyNodes, DerObjectIdentifier _poid, ISet _pq)
    {
        IList          list = policyNodes[index - 1];
        int            num  = 0;
        PkixPolicyNode pkixPolicyNode;

        while (true)
        {
            if (num < list.Count)
            {
                pkixPolicyNode = (PkixPolicyNode)list[num];
                if (ANY_POLICY.Equals(pkixPolicyNode.ValidPolicy))
                {
                    break;
                }
                num++;
                continue;
            }
            return;
        }
        ISet set = new HashSet();

        set.Add(_poid.Id);
        PkixPolicyNode pkixPolicyNode2 = new PkixPolicyNode(Platform.CreateArrayList(), index, set, pkixPolicyNode, _pq, _poid.Id, critical: false);

        pkixPolicyNode.AddChild(pkixPolicyNode2);
        policyNodes[index].Add(pkixPolicyNode2);
    }
    internal static PkixPolicyNode PrepareNextCertB2(int i, IList[] policyNodes, string id_p, PkixPolicyNode validPolicyTree)
    {
        int num = 0;

        foreach (PkixPolicyNode item in Platform.CreateArrayList(policyNodes[i]))
        {
            if (item.ValidPolicy.Equals(id_p))
            {
                PkixPolicyNode parent = item.Parent;
                parent.RemoveChild(item);
                policyNodes[i].RemoveAt(num);
                for (int num2 = i - 1; num2 >= 0; num2--)
                {
                    IList list = policyNodes[num2];
                    for (int j = 0; j < list.Count; j++)
                    {
                        PkixPolicyNode pkixPolicyNode2 = (PkixPolicyNode)list[j];
                        if (!pkixPolicyNode2.HasChildren)
                        {
                            validPolicyTree = RemovePolicyNode(validPolicyTree, policyNodes, pkixPolicyNode2);
                            if (validPolicyTree == null)
                            {
                                break;
                            }
                        }
                    }
                }
            }
            else
            {
                num++;
            }
        }
        return(validPolicyTree);
    }
Esempio n. 3
0
 public PkixCertPathBuilderResult(PkixCertPath certPath, TrustAnchor trustAnchor, PkixPolicyNode policyTree, AsymmetricKeyParameter subjectPublicKey)
     : base(trustAnchor, policyTree, subjectPublicKey)
 {
     if (certPath == null)
     {
         throw new ArgumentNullException("certPath");
     }
     this.certPath = certPath;
 }
 private static void RemovePolicyNodeRecurse(IList[] policyNodes, PkixPolicyNode _node)
 {
     policyNodes[_node.Depth].Remove(_node);
     if (_node.HasChildren)
     {
         foreach (PkixPolicyNode child in _node.Children)
         {
             RemovePolicyNodeRecurse(policyNodes, child);
         }
     }
 }
Esempio n. 5
0
    public virtual PkixPolicyNode Copy()
    {
        PkixPolicyNode pkixPolicyNode = new PkixPolicyNode(Platform.CreateArrayList(), mDepth, new HashSet(mExpectedPolicies), null, new HashSet(mPolicyQualifiers), mValidPolicy, mCritical);

        foreach (PkixPolicyNode mChild in mChildren)
        {
            PkixPolicyNode pkixPolicyNode3 = mChild.Copy();
            pkixPolicyNode3.Parent = pkixPolicyNode;
            pkixPolicyNode.AddChild(pkixPolicyNode3);
        }
        return(pkixPolicyNode);
    }
 public PkixCertPathValidatorResult(TrustAnchor trustAnchor, PkixPolicyNode policyTree, AsymmetricKeyParameter subjectPublicKey)
 {
     if (subjectPublicKey == null)
     {
         throw new NullReferenceException("subjectPublicKey must be non-null");
     }
     if (trustAnchor == null)
     {
         throw new NullReferenceException("trustAnchor must be non-null");
     }
     this.trustAnchor      = trustAnchor;
     this.policyTree       = policyTree;
     this.subjectPublicKey = subjectPublicKey;
 }
Esempio n. 7
0
 public PkixPolicyNode(IList children, int depth, ISet expectedPolicies, PkixPolicyNode parent, ISet policyQualifiers, string validPolicy, bool critical)
 {
     if (children == null)
     {
         mChildren = Platform.CreateArrayList();
     }
     else
     {
         mChildren = Platform.CreateArrayList(children);
     }
     mDepth            = depth;
     mExpectedPolicies = expectedPolicies;
     mParent           = parent;
     mPolicyQualifiers = policyQualifiers;
     mValidPolicy      = validPolicy;
     mCritical         = critical;
 }
    internal static bool ProcessCertD1i(int index, IList[] policyNodes, DerObjectIdentifier pOid, ISet pq)
    {
        IList list = policyNodes[index - 1];

        for (int i = 0; i < list.Count; i++)
        {
            PkixPolicyNode pkixPolicyNode   = (PkixPolicyNode)list[i];
            ISet           expectedPolicies = pkixPolicyNode.ExpectedPolicies;
            if (expectedPolicies.Contains(pOid.Id))
            {
                ISet set = new HashSet();
                set.Add(pOid.Id);
                PkixPolicyNode pkixPolicyNode2 = new PkixPolicyNode(Platform.CreateArrayList(), index, set, pkixPolicyNode, pq, pOid.Id, critical: false);
                pkixPolicyNode.AddChild(pkixPolicyNode2);
                policyNodes[index].Add(pkixPolicyNode2);
                return(true);
            }
        }
        return(false);
    }
    internal static PkixPolicyNode RemovePolicyNode(PkixPolicyNode validPolicyTree, IList[] policyNodes, PkixPolicyNode _node)
    {
        PkixPolicyNode parent = _node.Parent;

        if (validPolicyTree == null)
        {
            return(null);
        }
        if (parent == null)
        {
            for (int i = 0; i < policyNodes.Length; i++)
            {
                policyNodes[i] = Platform.CreateArrayList();
            }
            return(null);
        }
        parent.RemoveChild(_node);
        RemovePolicyNodeRecurse(policyNodes, _node);
        return(validPolicyTree);
    }
        public override void PerformTest()
        {
            X509CertificateParser certParser = new X509CertificateParser();
            X509CrlParser         crlParser  = new X509CrlParser();

            // initialise CertStore
            X509Certificate rootCert  = certParser.ReadCertificate(CertPathTest.rootCertBin);
            X509Certificate interCert = certParser.ReadCertificate(CertPathTest.interCertBin);
            X509Certificate finalCert = certParser.ReadCertificate(CertPathTest.finalCertBin);
            X509Crl         rootCrl   = crlParser.ReadCrl(CertPathTest.rootCrlBin);
            X509Crl         interCrl  = crlParser.ReadCrl(CertPathTest.interCrlBin);

            IList x509Certs = new ArrayList();

            x509Certs.Add(rootCert);
            x509Certs.Add(interCert);
            x509Certs.Add(finalCert);

            IList x509Crls = new ArrayList();

            x509Crls.Add(rootCrl);
            x509Crls.Add(interCrl);

//			CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
//			CertStore store = CertStore.GetInstance("Collection", ccsp);
//			X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(list);
            IX509Store x509CertStore = X509StoreFactory.Create(
                "Certificate/Collection",
                new X509CollectionStoreParameters(x509Certs));
            IX509Store x509CrlStore = X509StoreFactory.Create(
                "CRL/Collection",
                new X509CollectionStoreParameters(x509Crls));

            // NB: Month is 1-based in .NET
            //DateTime validDate = new DateTime(2008,9,4,14,49,10).ToUniversalTime();
            DateTime validDate = new DateTime(2008, 9, 4, 5, 49, 10);

            //validating path
            IList certchain = new ArrayList();

            certchain.Add(finalCert);
            certchain.Add(interCert);

//			CertPath cp = CertificateFactory.GetInstance("X.509").GenerateCertPath(certchain);
            PkixCertPath cp    = new PkixCertPath(certchain);
            ISet         trust = new HashSet();

            trust.Add(new TrustAnchor(rootCert, null));

//			CertPathValidator cpv = CertPathValidator.GetInstance("PKIX");
            PkixCertPathValidator cpv   = new PkixCertPathValidator();
            PkixParameters        param = new PkixParameters(trust);

            param.AddStore(x509CertStore);
            param.AddStore(x509CrlStore);
            param.Date = new DateTimeObject(validDate);
            MyChecker checker = new MyChecker();

            param.AddCertPathChecker(checker);

            PkixCertPathValidatorResult result      = (PkixCertPathValidatorResult)cpv.Validate(cp, param);
            PkixPolicyNode         policyTree       = result.PolicyTree;
            AsymmetricKeyParameter subjectPublicKey = result.SubjectPublicKey;

            if (checker.GetCount() != 2)
            {
                Fail("checker not evaluated for each certificate");
            }

            if (!subjectPublicKey.Equals(finalCert.GetPublicKey()))
            {
                Fail("wrong public key returned");
            }

            IsTrue(result.TrustAnchor.TrustedCert.Equals(rootCert));

            // try a path with trust anchor included.
            certchain.Clear();
            certchain.Add(finalCert);
            certchain.Add(interCert);
            certchain.Add(rootCert);

            cp = new PkixCertPath(certchain);

            cpv   = new PkixCertPathValidator();
            param = new PkixParameters(trust);
            param.AddStore(x509CertStore);
            param.AddStore(x509CrlStore);
            param.Date = new DateTimeObject(validDate);
            checker    = new MyChecker();
            param.AddCertPathChecker(checker);

            result = (PkixCertPathValidatorResult)cpv.Validate(cp, param);

            IsTrue(result.TrustAnchor.TrustedCert.Equals(rootCert));

            //
            // invalid path containing a valid one test
            //
            try
            {
                // initialise CertStore
                rootCert  = certParser.ReadCertificate(AC_RAIZ_ICPBRASIL);
                interCert = certParser.ReadCertificate(AC_PR);
                finalCert = certParser.ReadCertificate(schefer);

                x509Certs = new ArrayList();
                x509Certs.Add(rootCert);
                x509Certs.Add(interCert);
                x509Certs.Add(finalCert);

//				ccsp = new CollectionCertStoreParameters(list);
//				store = CertStore.GetInstance("Collection", ccsp);
//				ccsp = new X509CollectionStoreParameters(list);
                x509CertStore = X509StoreFactory.Create(
                    "Certificate/Collection",
                    new X509CollectionStoreParameters(x509Certs));

                // NB: Month is 1-based in .NET
                //validDate = new DateTime(2004,3,21,2,21,10).ToUniversalTime();
                validDate = new DateTime(2004, 3, 20, 19, 21, 10);

                //validating path
                certchain = new ArrayList();
                certchain.Add(finalCert);
                certchain.Add(interCert);

//				cp = CertificateFactory.GetInstance("X.509").GenerateCertPath(certchain);
                cp    = new PkixCertPath(certchain);
                trust = new HashSet();
                trust.Add(new TrustAnchor(rootCert, null));

//				cpv = CertPathValidator.GetInstance("PKIX");
                cpv   = new PkixCertPathValidator();
                param = new PkixParameters(trust);
                param.AddStore(x509CertStore);
                param.IsRevocationEnabled = false;
                param.Date = new DateTimeObject(validDate);

                result           = (PkixCertPathValidatorResult)cpv.Validate(cp, param);
                policyTree       = result.PolicyTree;
                subjectPublicKey = result.SubjectPublicKey;

                Fail("Invalid path validated");
            }
            catch (Exception e)
            {
                if (e is PkixCertPathValidatorException &&
                    e.Message.StartsWith("Could not validate certificate signature."))
                {
                    return;
                }
                Fail("unexpected exception", e);
            }
        }
    public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters paramsPkix)
    {
        if (paramsPkix.GetTrustAnchors() == null)
        {
            throw new ArgumentException("trustAnchors is null, this is not allowed for certification path validation.", "parameters");
        }
        IList certificates = certPath.Certificates;
        int   count        = certificates.Count;

        if (certificates.Count == 0)
        {
            throw new PkixCertPathValidatorException("Certification path is empty.", null, certPath, 0);
        }
        ISet        initialPolicies = paramsPkix.GetInitialPolicies();
        TrustAnchor trustAnchor;

        try
        {
            trustAnchor = PkixCertPathValidatorUtilities.FindTrustAnchor((X509Certificate)certificates[certificates.Count - 1], paramsPkix.GetTrustAnchors());
        }
        catch (Exception ex)
        {
            throw new PkixCertPathValidatorException(ex.Message, ex, certPath, certificates.Count - 1);
        }
        if (trustAnchor == null)
        {
            throw new PkixCertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
        }
        int num = 0;

        IList[] array = new IList[count + 1];
        for (int i = 0; i < array.Length; i++)
        {
            array[i] = Platform.CreateArrayList();
        }
        ISet set = new HashSet();

        set.Add(Rfc3280CertPathUtilities.ANY_POLICY);
        PkixPolicyNode pkixPolicyNode = new PkixPolicyNode(Platform.CreateArrayList(), 0, set, null, new HashSet(), Rfc3280CertPathUtilities.ANY_POLICY, critical: false);

        array[0].Add(pkixPolicyNode);
        PkixNameConstraintValidator nameConstraintValidator = new PkixNameConstraintValidator();
        ISet                   acceptablePolicies           = new HashSet();
        int                    explicitPolicy   = (!paramsPkix.IsExplicitPolicyRequired) ? (count + 1) : 0;
        int                    inhibitAnyPolicy = (!paramsPkix.IsAnyPolicyInhibited) ? (count + 1) : 0;
        int                    policyMapping    = (!paramsPkix.IsPolicyMappingInhibited) ? (count + 1) : 0;
        X509Certificate        x509Certificate  = trustAnchor.TrustedCert;
        X509Name               workingIssuerName;
        AsymmetricKeyParameter asymmetricKeyParameter;

        try
        {
            if (x509Certificate != null)
            {
                workingIssuerName      = x509Certificate.SubjectDN;
                asymmetricKeyParameter = x509Certificate.GetPublicKey();
            }
            else
            {
                workingIssuerName      = new X509Name(trustAnchor.CAName);
                asymmetricKeyParameter = trustAnchor.CAPublicKey;
            }
        }
        catch (ArgumentException cause)
        {
            throw new PkixCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", cause, certPath, -1);
        }
        try
        {
            PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(asymmetricKeyParameter);
        }
        catch (PkixCertPathValidatorException cause2)
        {
            throw new PkixCertPathValidatorException("Algorithm identifier of public key of trust anchor could not be read.", cause2, certPath, -1);
        }
        int maxPathLength = count;
        X509CertStoreSelector targetCertConstraints = paramsPkix.GetTargetCertConstraints();

        if (targetCertConstraints != null && !targetCertConstraints.Match((X509Certificate)certificates[0]))
        {
            throw new PkixCertPathValidatorException("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
        }
        IList       certPathCheckers = paramsPkix.GetCertPathCheckers();
        IEnumerator enumerator       = certPathCheckers.GetEnumerator();

        while (enumerator.MoveNext())
        {
            ((PkixCertPathChecker)enumerator.Current).Init(forward: false);
        }
        X509Certificate x509Certificate2 = null;

        for (num = certificates.Count - 1; num >= 0; num--)
        {
            int num2 = count - num;
            x509Certificate2 = (X509Certificate)certificates[num];
            Rfc3280CertPathUtilities.ProcessCertA(certPath, paramsPkix, num, asymmetricKeyParameter, workingIssuerName, x509Certificate);
            Rfc3280CertPathUtilities.ProcessCertBC(certPath, num, nameConstraintValidator);
            pkixPolicyNode = Rfc3280CertPathUtilities.ProcessCertD(certPath, num, acceptablePolicies, pkixPolicyNode, array, inhibitAnyPolicy);
            pkixPolicyNode = Rfc3280CertPathUtilities.ProcessCertE(certPath, num, pkixPolicyNode);
            Rfc3280CertPathUtilities.ProcessCertF(certPath, num, pkixPolicyNode, explicitPolicy);
            if (num2 != count)
            {
                if (x509Certificate2 != null && x509Certificate2.Version == 1)
                {
                    throw new PkixCertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, num);
                }
                Rfc3280CertPathUtilities.PrepareNextCertA(certPath, num);
                pkixPolicyNode = Rfc3280CertPathUtilities.PrepareCertB(certPath, num, array, pkixPolicyNode, policyMapping);
                Rfc3280CertPathUtilities.PrepareNextCertG(certPath, num, nameConstraintValidator);
                explicitPolicy   = Rfc3280CertPathUtilities.PrepareNextCertH1(certPath, num, explicitPolicy);
                policyMapping    = Rfc3280CertPathUtilities.PrepareNextCertH2(certPath, num, policyMapping);
                inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertH3(certPath, num, inhibitAnyPolicy);
                explicitPolicy   = Rfc3280CertPathUtilities.PrepareNextCertI1(certPath, num, explicitPolicy);
                policyMapping    = Rfc3280CertPathUtilities.PrepareNextCertI2(certPath, num, policyMapping);
                inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertJ(certPath, num, inhibitAnyPolicy);
                Rfc3280CertPathUtilities.PrepareNextCertK(certPath, num);
                maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertL(certPath, num, maxPathLength);
                maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertM(certPath, num, maxPathLength);
                Rfc3280CertPathUtilities.PrepareNextCertN(certPath, num);
                ISet criticalExtensionOids = x509Certificate2.GetCriticalExtensionOids();
                if (criticalExtensionOids != null)
                {
                    criticalExtensionOids = new HashSet(criticalExtensionOids);
                    criticalExtensionOids.Remove(X509Extensions.KeyUsage.Id);
                    criticalExtensionOids.Remove(X509Extensions.CertificatePolicies.Id);
                    criticalExtensionOids.Remove(X509Extensions.PolicyMappings.Id);
                    criticalExtensionOids.Remove(X509Extensions.InhibitAnyPolicy.Id);
                    criticalExtensionOids.Remove(X509Extensions.IssuingDistributionPoint.Id);
                    criticalExtensionOids.Remove(X509Extensions.DeltaCrlIndicator.Id);
                    criticalExtensionOids.Remove(X509Extensions.PolicyConstraints.Id);
                    criticalExtensionOids.Remove(X509Extensions.BasicConstraints.Id);
                    criticalExtensionOids.Remove(X509Extensions.SubjectAlternativeName.Id);
                    criticalExtensionOids.Remove(X509Extensions.NameConstraints.Id);
                }
                else
                {
                    criticalExtensionOids = new HashSet();
                }
                Rfc3280CertPathUtilities.PrepareNextCertO(certPath, num, criticalExtensionOids, certPathCheckers);
                x509Certificate   = x509Certificate2;
                workingIssuerName = x509Certificate.SubjectDN;
                try
                {
                    asymmetricKeyParameter = PkixCertPathValidatorUtilities.GetNextWorkingKey(certPath.Certificates, num);
                }
                catch (PkixCertPathValidatorException cause3)
                {
                    throw new PkixCertPathValidatorException("Next working key could not be retrieved.", cause3, certPath, num);
                }
                PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(asymmetricKeyParameter);
            }
        }
        explicitPolicy = Rfc3280CertPathUtilities.WrapupCertA(explicitPolicy, x509Certificate2);
        explicitPolicy = Rfc3280CertPathUtilities.WrapupCertB(certPath, num + 1, explicitPolicy);
        ISet criticalExtensionOids2 = x509Certificate2.GetCriticalExtensionOids();

        if (criticalExtensionOids2 != null)
        {
            criticalExtensionOids2 = new HashSet(criticalExtensionOids2);
            criticalExtensionOids2.Remove(X509Extensions.KeyUsage.Id);
            criticalExtensionOids2.Remove(X509Extensions.CertificatePolicies.Id);
            criticalExtensionOids2.Remove(X509Extensions.PolicyMappings.Id);
            criticalExtensionOids2.Remove(X509Extensions.InhibitAnyPolicy.Id);
            criticalExtensionOids2.Remove(X509Extensions.IssuingDistributionPoint.Id);
            criticalExtensionOids2.Remove(X509Extensions.DeltaCrlIndicator.Id);
            criticalExtensionOids2.Remove(X509Extensions.PolicyConstraints.Id);
            criticalExtensionOids2.Remove(X509Extensions.BasicConstraints.Id);
            criticalExtensionOids2.Remove(X509Extensions.SubjectAlternativeName.Id);
            criticalExtensionOids2.Remove(X509Extensions.NameConstraints.Id);
            criticalExtensionOids2.Remove(X509Extensions.CrlDistributionPoints.Id);
        }
        else
        {
            criticalExtensionOids2 = new HashSet();
        }
        Rfc3280CertPathUtilities.WrapupCertF(certPath, num + 1, certPathCheckers, criticalExtensionOids2);
        PkixPolicyNode pkixPolicyNode2 = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, initialPolicies, num + 1, array, pkixPolicyNode, acceptablePolicies);

        if (explicitPolicy > 0 || pkixPolicyNode2 != null)
        {
            return(new PkixCertPathValidatorResult(trustAnchor, pkixPolicyNode2, x509Certificate2.GetPublicKey()));
        }
        throw new PkixCertPathValidatorException("Path processing failed on policy.", null, certPath, num);
    }
Esempio n. 12
0
 public virtual void RemoveChild(PkixPolicyNode child)
 {
     mChildren.Remove(child);
 }
Esempio n. 13
0
 public virtual void AddChild(PkixPolicyNode child)
 {
     child.Parent = this;
     mChildren.Add(child);
 }
    internal static void PrepareNextCertB1(int i, IList[] policyNodes, string id_p, IDictionary m_idp, X509Certificate cert)
    {
        bool        flag       = false;
        IEnumerator enumerator = policyNodes[i].GetEnumerator();

        while (enumerator.MoveNext())
        {
            PkixPolicyNode pkixPolicyNode = (PkixPolicyNode)enumerator.Current;
            if (pkixPolicyNode.ValidPolicy.Equals(id_p))
            {
                flag = true;
                pkixPolicyNode.ExpectedPolicies = (ISet)m_idp[id_p];
                break;
            }
        }
        if (flag)
        {
            return;
        }
        enumerator = policyNodes[i].GetEnumerator();
        PkixPolicyNode pkixPolicyNode2;

        do
        {
            if (enumerator.MoveNext())
            {
                pkixPolicyNode2 = (PkixPolicyNode)enumerator.Current;
                continue;
            }
            return;
        }while (!ANY_POLICY.Equals(pkixPolicyNode2.ValidPolicy));
        ISet         policyQualifiers = null;
        Asn1Sequence asn1Sequence     = null;

        try
        {
            asn1Sequence = Asn1Sequence.GetInstance(GetExtensionValue(cert, X509Extensions.CertificatePolicies));
        }
        catch (Exception innerException)
        {
            throw new Exception("Certificate policies cannot be decoded.", innerException);
        }
        IEnumerator enumerator2 = asn1Sequence.GetEnumerator();

        while (enumerator2.MoveNext())
        {
            PolicyInformation policyInformation = null;
            try
            {
                policyInformation = PolicyInformation.GetInstance(enumerator2.Current);
            }
            catch (Exception innerException2)
            {
                throw new Exception("Policy information cannot be decoded.", innerException2);
            }
            if (ANY_POLICY.Equals(policyInformation.PolicyIdentifier.Id))
            {
                try
                {
                    policyQualifiers = GetQualifierSet(policyInformation.PolicyQualifiers);
                }
                catch (PkixCertPathValidatorException cause)
                {
                    throw new PkixCertPathValidatorException("Policy qualifier info set could not be built.", cause);
                }
                break;
            }
        }
        bool critical = false;
        ISet criticalExtensionOids = cert.GetCriticalExtensionOids();

        if (criticalExtensionOids != null)
        {
            critical = criticalExtensionOids.Contains(X509Extensions.CertificatePolicies.Id);
        }
        PkixPolicyNode parent = pkixPolicyNode2.Parent;

        if (ANY_POLICY.Equals(parent.ValidPolicy))
        {
            PkixPolicyNode pkixPolicyNode3 = new PkixPolicyNode(Platform.CreateArrayList(), i, (ISet)m_idp[id_p], parent, policyQualifiers, id_p, critical);
            parent.AddChild(pkixPolicyNode3);
            policyNodes[i].Add(pkixPolicyNode3);
        }
    }