internal ReasonsMask Intersect(ReasonsMask mask) { ReasonsMask reasonsMask = new ReasonsMask(); reasonsMask.AddReasons(new ReasonsMask(_reasons & mask.Reasons.IntValue)); return(reasonsMask); }
private static void CheckCrl(DistributionPoint dp, IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, DateTime validDate, X509Certificate issuerCert, CertStatus certStatus, ReasonsMask reasonMask, IList certPathCerts) { if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null) { DateTime utcNow = DateTime.UtcNow; if (validDate.CompareTo((object)utcNow) > 0) { throw new Exception("Validation time is in future."); } ISet completeCrls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, attrCert, utcNow, paramsPKIX); bool flag = false; Exception ex = null; IEnumerator enumerator = completeCrls.GetEnumerator(); while (enumerator.MoveNext() && certStatus.Status == 11 && !reasonMask.IsAllReasons) { try { X509Crl x509Crl = (X509Crl)enumerator.Current; ReasonsMask reasonsMask = Rfc3280CertPathUtilities.ProcessCrlD(x509Crl, dp); if (reasonsMask.HasNewReasons(reasonMask)) { ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(x509Crl, attrCert, null, null, paramsPKIX, certPathCerts); AsymmetricKeyParameter key = Rfc3280CertPathUtilities.ProcessCrlG(x509Crl, keys); X509Crl x509Crl2 = null; if (paramsPKIX.IsUseDeltasEnabled) { ISet deltaCrls = PkixCertPathValidatorUtilities.GetDeltaCrls(utcNow, paramsPKIX, x509Crl); x509Crl2 = Rfc3280CertPathUtilities.ProcessCrlH(deltaCrls, key); } if (paramsPKIX.ValidityModel != 1 && attrCert.NotAfter.CompareTo((object)x509Crl.ThisUpdate) < 0) { throw new Exception("No valid CRL for current time found."); } Rfc3280CertPathUtilities.ProcessCrlB1(dp, attrCert, x509Crl); Rfc3280CertPathUtilities.ProcessCrlB2(dp, attrCert, x509Crl); Rfc3280CertPathUtilities.ProcessCrlC(x509Crl2, x509Crl, paramsPKIX); Rfc3280CertPathUtilities.ProcessCrlI(validDate, x509Crl2, attrCert, certStatus, paramsPKIX); Rfc3280CertPathUtilities.ProcessCrlJ(validDate, x509Crl, attrCert, certStatus); if (certStatus.Status == 8) { certStatus.Status = 11; } reasonMask.AddReasons(reasonsMask); flag = true; } } catch (Exception ex2) { ex = ex2; } } if (!flag) { throw ex; } } }
internal bool HasNewReasons(ReasonsMask mask) { return((_reasons | (mask.Reasons.IntValue ^ _reasons)) != 0); }
internal void AddReasons(ReasonsMask mask) { _reasons |= mask.Reasons.IntValue; }
internal static void CheckCrls(IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts) { if (!paramsPKIX.IsRevocationEnabled) { return; } if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null) { CrlDistPoint crlDistPoint = null; try { crlDistPoint = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(attrCert, X509Extensions.CrlDistributionPoints)); } catch (Exception cause) { throw new PkixCertPathValidatorException("CRL distribution point extension could not be read.", cause); } try { PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(crlDistPoint, paramsPKIX); } catch (Exception cause2) { throw new PkixCertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", cause2); } CertStatus certStatus = new CertStatus(); ReasonsMask reasonsMask = new ReasonsMask(); Exception cause3 = null; bool flag = false; if (crlDistPoint != null) { DistributionPoint[] array = null; try { array = crlDistPoint.GetDistributionPoints(); } catch (Exception cause4) { throw new PkixCertPathValidatorException("Distribution points could not be read.", cause4); } try { for (int i = 0; i < array.Length; i++) { if (certStatus.Status != 11) { break; } if (reasonsMask.IsAllReasons) { break; } PkixParameters paramsPKIX2 = (PkixParameters)paramsPKIX.Clone(); CheckCrl(array[i], attrCert, paramsPKIX2, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); flag = true; } } catch (Exception innerException) { cause3 = new Exception("No valid CRL for distribution point found.", innerException); } } if (certStatus.Status == 11 && !reasonsMask.IsAllReasons) { try { Asn1Object asn1Object = null; try { asn1Object = new Asn1InputStream(attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject(); } catch (Exception innerException2) { throw new Exception("Issuer from certificate for CRL could not be reencoded.", innerException2); } DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(4, asn1Object))), null, null); PkixParameters paramsPKIX3 = (PkixParameters)paramsPKIX.Clone(); CheckCrl(dp, attrCert, paramsPKIX3, validDate, issuerCert, certStatus, reasonsMask, certPathCerts); flag = true; } catch (Exception innerException3) { cause3 = new Exception("No valid CRL for distribution point found.", innerException3); } } if (!flag) { throw new PkixCertPathValidatorException("No valid CRL found.", cause3); } if (certStatus.Status != 11) { string str = certStatus.RevocationDate.Value.ToString("ddd MMM dd HH:mm:ss K yyyy"); string str2 = "Attribute certificate revocation after " + str; str2 = str2 + ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status]; throw new PkixCertPathValidatorException(str2); } if (!reasonsMask.IsAllReasons && certStatus.Status == 11) { certStatus.Status = 12; } if (certStatus.Status == 12) { throw new PkixCertPathValidatorException("Attribute certificate status could not be determined."); } } else if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null) { throw new PkixCertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer."); } }