|
public VerifySignature ( |
||
| issuer | ||
| throwOnError | bool | |
| return | bool | |
/// <summary>
/// Adds a CRL to the store.
/// </summary>
public void AddCRL(X509CRL crl)
{
if (crl == null)
{
throw new ArgumentNullException("crl");
}
X509Certificate2 issuer = null;
X509Certificate2Collection certificates = null;
certificates = Enumerate().Result;
foreach (X509Certificate2 certificate in certificates)
{
if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer))
{
if (crl.VerifySignature(certificate, false))
{
issuer = certificate;
break;
}
}
}
if (issuer == null)
{
throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL.");
}
StringBuilder builder = new StringBuilder();
builder.Append(m_directory.FullName);
builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar);
builder.Append(GetFileName(issuer));
builder.Append(".crl");
FileInfo fileInfo = new FileInfo(builder.ToString());
if (!fileInfo.Directory.Exists)
{
fileInfo.Directory.Create();
}
File.WriteAllBytes(fileInfo.FullName, crl.RawData);
}
/// <summary>
/// Returns the CRLs for the issuer.
/// </summary>
public List <X509CRL> EnumerateCRLs(X509Certificate2 issuer)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
List <X509CRL> crls = new List <X509CRL>();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + "\\crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.UpdateTime <= DateTime.UtcNow &&
(crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crls.Add(crl);
}
}
}
return(crls);
}
/// <summary>
/// Checks if issuer has revoked the certificate.
/// </summary>
public virtual StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
bool crlExpired = true;
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = null;
try
{
crl = new X509CRL(file.FullName);
}
catch (Exception e)
{
Utils.Trace(e, "Could not parse CRL file.");
continue;
}
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.IsRevoked(certificate))
{
return(StatusCodes.BadCertificateRevoked);
}
if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crlExpired = false;
}
}
// certificate is fine.
if (!crlExpired)
{
return(StatusCodes.Good);
}
}
// can't find a valid CRL.
return(StatusCodes.BadCertificateRevocationUnknown);
}
/// <summary>
/// Adds a CRL to the store.
/// </summary>
public void AddCRL(X509CRL crl)
{
if (crl == null)
{
throw new ArgumentNullException("crl");
}
X509Certificate2 issuer = null;
X509Certificate2Collection certificates = null;
Task.Run( async () => certificates = await Enumerate()).Wait();
foreach (X509Certificate2 certificate in certificates)
{
if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer))
{
if (crl.VerifySignature(certificate, false))
{
issuer = certificate;
break;
}
}
}
if (issuer == null)
{
throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL.");
}
StringBuilder builder = new StringBuilder();
builder.Append(m_directory.FullName);
builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar);
builder.Append(GetFileName(issuer));
builder.Append(".crl");
FileInfo fileInfo = new FileInfo(builder.ToString());
if (!fileInfo.Directory.Exists)
{
fileInfo.Directory.Create();
}
File.WriteAllBytes(fileInfo.FullName, crl.RawData);
}
/// <summary>
/// Returns the CRLs for the issuer.
/// </summary>
public List<X509CRL> EnumerateCRLs(X509Certificate2 issuer)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
List<X509CRL> crls = new List<X509CRL>();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crls.Add(crl);
}
}
}
return crls;
}
/// <summary>
/// Checks if issuer has revoked the certificate.
/// </summary>
public StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
bool crlExpired = true;
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = null;
try
{
crl = new X509CRL(file.FullName);
}
catch (Exception e)
{
Utils.Trace(e, "Could not parse CRL file.");
continue;
}
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.IsRevoked(certificate))
{
return StatusCodes.BadCertificateRevoked;
}
if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crlExpired = false;
}
}
// certificate is fine.
if (!crlExpired)
{
return StatusCodes.Good;
}
}
// can't find a valid CRL.
return StatusCodes.BadCertificateRevocationUnknown;
}
