Boolean Equals(X509CRL2 other)
{
return(Version == other.Version &&
Type == other.Type &&
IssuerName.Equals(other.IssuerName) &&
ThisUpdate.Equals(other.ThisUpdate) &&
CRLNumber.Equals(other.CRLNumber));
}
/// <inheritdoc />
public override Int32 GetHashCode()
{
unchecked {
Int32 hashCode = Version;
hashCode = (hashCode * 397) ^ (Int32)Type;
hashCode = (hashCode * 397) ^ IssuerName.GetHashCode();
hashCode = (hashCode * 397) ^ ThisUpdate.GetHashCode();
hashCode = (hashCode * 397) ^ CRLNumber.GetHashCode();
return(hashCode);
}
}
List <Byte> buildTbs(Byte[] signatureAlgorithm, X509Certificate2 issuer)
{
if (String.IsNullOrEmpty(issuer.Issuer))
{
throw new ArgumentException("Subject name is empty.");
}
// coerce hashing algorithm
if (HashingAlgorithm == null)
{
HashingAlgorithm = new Oid(AlgorithmOids.SHA256);
}
// coerce version
if (_extensions.Count > 0)
{
Version = 2;
}
// coerce validity
if (NextUpdate == null || NextUpdate.Value <= ThisUpdate)
{
NextUpdate = ThisUpdate.AddDays(7);
}
var rawBytes = new List <Byte>();
// algorithm
rawBytes.AddRange(signatureAlgorithm);
// issuer
rawBytes.AddRange(issuer.SubjectName.RawData);
// thisUpdate
rawBytes.AddRange(Asn1Utils.EncodeDateTime(ThisUpdate));
// nextUpdate. Not null at this point, because we do not support CRL generation with infinity validity.
rawBytes.AddRange(Asn1Utils.EncodeDateTime(NextUpdate.Value));
// revokedCerts
if (RevokedCertificates.Count > 0)
{
rawBytes.AddRange(RevokedCertificates.Encode());
RevokedCertificates.Close();
}
// extensions
if (Version == 2)
{
// insert version at the beginning.
rawBytes.InsertRange(0, new Asn1Integer(Version - 1).RawData);
generateExtensions(issuer);
rawBytes.AddRange(Asn1Utils.Encode(Extensions.Encode(), 160));
}
// generate tbs
return(new List <Byte>(Asn1Utils.Encode(rawBytes.ToArray(), 48)));
}
/// <summary>
/// Create a new CertificateRevocationListBuilder.
/// </summary>
/// <param name="issuer">Certificate authority used to issue the CRL.</param>
/// <param name="crlNumber">Unique CRL number.</param>
public CertificateRevocationListBuilder(X509Certificate2 issuer, ulong crlNumber)
: base(issuer)
{
// Base class does the validation when issuer is not null.
if (issuer == null)
{
throw new ArgumentNullException(nameof(issuer));
}
// Bouncy Castle cannot construct BigInteger from a number.
CrlNumber = new BigInteger(crlNumber.ToString(CultureInfo.InvariantCulture));
// Per RFC 5280 the date should be in UTC.
ThisUpdate = DateTime.UtcNow;
// Per DirectTrust Community X.509 Certificate Policy
// a new CRL must be generated at least every 30 days.
NextUpdate = ThisUpdate.AddDays(30);
// List of revoked certificates.
RevokedCertificates = new List <Tuple <BigInteger, DateTime> >();
}
Byte[] encodeCTL()
{
var builder = new Asn1Builder()
.AddDerData(new X509EnhancedKeyUsageExtension(SubjectUsages, false).RawData);
var rawData = new List <Byte>(new X509EnhancedKeyUsageExtension(SubjectUsages, false).RawData);
if (!String.IsNullOrEmpty(ListIdentifier))
{
builder.AddOctetString(Encoding.Unicode.GetBytes(ListIdentifier + "\0"));
}
if (SequenceNumber != null)
{
builder.AddInteger(SequenceNumber.Value);
}
builder.AddDerData(Asn1Utils.EncodeDateTime(ThisUpdate.ToUniversalTime()));
if (NextUpdate != null)
{
builder.AddDerData(Asn1Utils.EncodeDateTime(NextUpdate.Value.ToUniversalTime()));
}
return(builder.AddDerData(new AlgorithmIdentifier(HashAlgorithm, new Byte[0]).RawData)
.AddDerData(Entries.Encode())
.GetRawData());
}
private void Update()
{
ThisUpdate.NPInvoke();
}