Summary description for PkixPolicyNode.
Esempio n. 1
0
		/// Constructors
		public PkixPolicyNode(
			IList			children,
			int				depth,
			ISet			expectedPolicies,
			PkixPolicyNode	parent,
			ISet			policyQualifiers,
			string			validPolicy,
			bool			critical)
		{
            if (children == null)
            {
                this.mChildren = Platform.CreateArrayList();
            }
            else
            {
                this.mChildren = Platform.CreateArrayList(children);
            }

            this.mDepth = depth;
			this.mExpectedPolicies = expectedPolicies;
			this.mParent = parent;
			this.mPolicyQualifiers = policyQualifiers;
			this.mValidPolicy = validPolicy;
			this.mCritical = critical;
		}
Esempio n. 2
0
        public virtual string ToString(string indent)
        {
            //IL_0000: Unknown result type (might be due to invalid IL or missing references)
            //IL_0006: Expected O, but got Unknown
            StringBuilder val = new StringBuilder();

            val.Append(indent);
            val.Append(mValidPolicy);
            val.Append(" {");
            val.Append(Platform.NewLine);
            global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)mChildren).GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    PkixPolicyNode pkixPolicyNode = (PkixPolicyNode)enumerator.get_Current();
                    val.Append(pkixPolicyNode.ToString(indent + "    "));
                }
            }
            finally
            {
                global::System.IDisposable disposable = enumerator as global::System.IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
            val.Append(indent);
            val.Append("}");
            val.Append(Platform.NewLine);
            return(val.ToString());
        }
Esempio n. 3
0
        public virtual PkixPolicyNode Copy()
        {
            PkixPolicyNode pkixPolicyNode = new PkixPolicyNode(Platform.CreateArrayList(), mDepth, new HashSet(mExpectedPolicies), null, new HashSet(mPolicyQualifiers), mValidPolicy, mCritical);

            global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)mChildren).GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    PkixPolicyNode pkixPolicyNode2 = (PkixPolicyNode)enumerator.get_Current();
                    PkixPolicyNode pkixPolicyNode3 = pkixPolicyNode2.Copy();
                    pkixPolicyNode3.Parent = pkixPolicyNode;
                    pkixPolicyNode.AddChild(pkixPolicyNode3);
                }
                return(pkixPolicyNode);
            }
            finally
            {
                global::System.IDisposable disposable = enumerator as global::System.IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
        }
Esempio n. 4
0
        internal static PkixPolicyNode RemovePolicyNode(
            PkixPolicyNode validPolicyTree,
            IList[] policyNodes,
            PkixPolicyNode _node)
        {
            PkixPolicyNode _parent = (PkixPolicyNode)_node.Parent;

            if (validPolicyTree == null)
            {
                return(null);
            }

            if (_parent == null)
            {
                for (int j = 0; j < policyNodes.Length; j++)
                {
                    policyNodes[j] = Platform.CreateArrayList();
                }

                return(null);
            }
            else
            {
                _parent.RemoveChild(_node);
                RemovePolicyNodeRecurse(policyNodes, _node);

                return(validPolicyTree);
            }
        }
Esempio n. 5
0
        internal static void ProcessCertD1ii(
            int index,
            IList[]                         policyNodes,
            DerObjectIdentifier _poid,
            ISet _pq)
        {
            IList policyNodeVec = policyNodes[index - 1];

            for (int j = 0; j < policyNodeVec.Count; j++)
            {
                PkixPolicyNode _node = (PkixPolicyNode)policyNodeVec[j];

                if (ANY_POLICY.Equals(_node.ValidPolicy))
                {
                    ISet _childExpectedPolicies = new HashSet();
                    _childExpectedPolicies.Add(_poid.Id);

                    PkixPolicyNode _child = new PkixPolicyNode(Platform.CreateArrayList(),
                                                               index,
                                                               _childExpectedPolicies,
                                                               _node,
                                                               _pq,
                                                               _poid.Id,
                                                               false);
                    _node.AddChild(_child);
                    policyNodes[index].Add(_child);
                    return;
                }
            }
        }
Esempio n. 6
0
 private static void RemovePolicyNodeRecurse(global::System.Collections.IList[] policyNodes, PkixPolicyNode _node)
 {
     policyNodes[_node.Depth].Remove((object)_node);
     if (!_node.HasChildren)
     {
         return;
     }
     global::System.Collections.IEnumerator enumerator = _node.Children.GetEnumerator();
     try
     {
         while (enumerator.MoveNext())
         {
             PkixPolicyNode node = (PkixPolicyNode)enumerator.get_Current();
             RemovePolicyNodeRecurse(policyNodes, node);
         }
     }
     finally
     {
         global::System.IDisposable disposable = enumerator as global::System.IDisposable;
         if (disposable != null)
         {
             disposable.Dispose();
         }
     }
 }
Esempio n. 7
0
        /// Constructors
        public PkixPolicyNode(
            IList children,
            int depth,
            ISet expectedPolicies,
            PkixPolicyNode parent,
            ISet policyQualifiers,
            string validPolicy,
            bool critical)
        {
            if (children == null)
            {
                this.mChildren = Platform.CreateArrayList();
            }
            else
            {
                this.mChildren = Platform.CreateArrayList(children);
            }

            this.mDepth            = depth;
            this.mExpectedPolicies = expectedPolicies;
            this.mParent           = parent;
            this.mPolicyQualifiers = policyQualifiers;
            this.mValidPolicy      = validPolicy;
            this.mCritical         = critical;
        }
Esempio n. 8
0
        internal static PkixPolicyNode PrepareNextCertB2(int i, IList[] policyNodes, string id_p, PkixPolicyNode validPolicyTree)
        {
            int num = 0;

            foreach (PkixPolicyNode pkixPolicyNode in Platform.CreateArrayList(policyNodes[i]))
            {
                if (pkixPolicyNode.ValidPolicy.Equals(id_p))
                {
                    PkixPolicyNode parent = pkixPolicyNode.Parent;
                    parent.RemoveChild(pkixPolicyNode);
                    policyNodes[i].RemoveAt(num);
                    for (int j = i - 1; j >= 0; j--)
                    {
                        IList list = policyNodes[j];
                        for (int k = 0; k < list.Count; k++)
                        {
                            PkixPolicyNode pkixPolicyNode2 = (PkixPolicyNode)list[k];
                            if (!pkixPolicyNode2.HasChildren)
                            {
                                validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, policyNodes, pkixPolicyNode2);
                                if (validPolicyTree == null)
                                {
                                    break;
                                }
                            }
                        }
                    }
                }
                else
                {
                    num++;
                }
            }
            return(validPolicyTree);
        }
Esempio n. 9
0
        internal static bool ProcessCertD1i(
            int index,
            IList[]                         policyNodes,
            DerObjectIdentifier pOid,
            ISet pq)
        {
            IList policyNodeVec = policyNodes[index - 1];

            for (int j = 0; j < policyNodeVec.Count; j++)
            {
                PkixPolicyNode node             = (PkixPolicyNode)policyNodeVec[j];
                ISet           expectedPolicies = node.ExpectedPolicies;

                if (expectedPolicies.Contains(pOid.Id))
                {
                    ISet childExpectedPolicies = new HashSet();
                    childExpectedPolicies.Add(pOid.Id);

                    PkixPolicyNode child = new PkixPolicyNode(Platform.CreateArrayList(),
                                                              index,
                                                              childExpectedPolicies,
                                                              node,
                                                              pq,
                                                              pOid.Id,
                                                              false);
                    node.AddChild(child);
                    policyNodes[index].Add(child);

                    return(true);
                }
            }

            return(false);
        }
Esempio n. 10
0
 private static void RemovePolicyNodeRecurse(IList[] policyNodes, PkixPolicyNode _node)
 {
     policyNodes[_node.Depth].Remove(_node);
     if (_node.HasChildren)
     {
         foreach (PkixPolicyNode node in _node.Children)
         {
             PkixCertPathValidatorUtilities.RemovePolicyNodeRecurse(policyNodes, node);
         }
     }
 }
		public PkixCertPathBuilderResult(
			PkixCertPath			certPath,
			TrustAnchor				trustAnchor,
			PkixPolicyNode			policyTree,
			AsymmetricKeyParameter	subjectPublicKey)
			: base(trustAnchor, policyTree, subjectPublicKey)
		{			
			if (certPath == null)
				throw new ArgumentNullException("certPath");

			this.certPath = certPath;
		}
Esempio n. 12
0
        private static void RemovePolicyNodeRecurse(IList[] policyNodes, PkixPolicyNode _node)
        {
            policyNodes[_node.Depth].Remove(_node);

            if (_node.HasChildren)
            {
                foreach (PkixPolicyNode _child in _node.Children)
                {
                    RemovePolicyNodeRecurse(policyNodes, _child);
                }
            }
        }
Esempio n. 13
0
        public virtual PkixPolicyNode Copy()
        {
            PkixPolicyNode pkixPolicyNode = new PkixPolicyNode(Platform.CreateArrayList(), this.mDepth, new HashSet(this.mExpectedPolicies), null, new HashSet(this.mPolicyQualifiers), this.mValidPolicy, this.mCritical);

            foreach (PkixPolicyNode pkixPolicyNode2 in this.mChildren)
            {
                PkixPolicyNode pkixPolicyNode3 = pkixPolicyNode2.Copy();
                pkixPolicyNode3.Parent = pkixPolicyNode;
                pkixPolicyNode.AddChild(pkixPolicyNode3);
            }
            return(pkixPolicyNode);
        }
Esempio n. 14
0
 public PkixCertPathValidatorResult(TrustAnchor trustAnchor, PkixPolicyNode policyTree, AsymmetricKeyParameter subjectPublicKey)
 {
     if (subjectPublicKey == null)
     {
         throw new NullReferenceException("subjectPublicKey must be non-null");
     }
     if (trustAnchor == null)
     {
         throw new NullReferenceException("trustAnchor must be non-null");
     }
     this.trustAnchor      = trustAnchor;
     this.policyTree       = policyTree;
     this.subjectPublicKey = subjectPublicKey;
 }
Esempio n. 15
0
        public PkixCertPathBuilderResult(
            PkixCertPath certPath,
            TrustAnchor trustAnchor,
            PkixPolicyNode policyTree,
            AsymmetricKeyParameter subjectPublicKey)
            : base(trustAnchor, policyTree, subjectPublicKey)
        {
            if (certPath == null)
            {
                throw new ArgumentNullException("certPath");
            }

            this.certPath = certPath;
        }
Esempio n. 16
0
        internal static PkixPolicyNode PrepareNextCertB2(int i, global::System.Collections.IList[] policyNodes, string id_p, PkixPolicyNode validPolicyTree)
        {
            int num = 0;

            global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)Platform.CreateArrayList((global::System.Collections.ICollection)policyNodes[i])).GetEnumerator();
            try
            {
                while (enumerator.MoveNext())
                {
                    PkixPolicyNode pkixPolicyNode = (PkixPolicyNode)enumerator.get_Current();
                    if (pkixPolicyNode.ValidPolicy.Equals(id_p))
                    {
                        PkixPolicyNode parent = pkixPolicyNode.Parent;
                        parent.RemoveChild(pkixPolicyNode);
                        policyNodes[i].RemoveAt(num);
                        for (int num2 = i - 1; num2 >= 0; num2--)
                        {
                            global::System.Collections.IList list = policyNodes[num2];
                            for (int j = 0; j < ((global::System.Collections.ICollection)list).get_Count(); j++)
                            {
                                PkixPolicyNode pkixPolicyNode2 = (PkixPolicyNode)list.get_Item(j);
                                if (!pkixPolicyNode2.HasChildren)
                                {
                                    validPolicyTree = RemovePolicyNode(validPolicyTree, policyNodes, pkixPolicyNode2);
                                    if (validPolicyTree == null)
                                    {
                                        break;
                                    }
                                }
                            }
                        }
                    }
                    else
                    {
                        num++;
                    }
                }
                return(validPolicyTree);
            }
            finally
            {
                global::System.IDisposable disposable = enumerator as global::System.IDisposable;
                if (disposable != null)
                {
                    disposable.Dispose();
                }
            }
        }
 public PkixCertPathValidatorResult(TrustAnchor trustAnchor, PkixPolicyNode policyTree, AsymmetricKeyParameter subjectPublicKey)
 {
     //IL_000e: Unknown result type (might be due to invalid IL or missing references)
     //IL_001c: Unknown result type (might be due to invalid IL or missing references)
     if (subjectPublicKey == null)
     {
         throw new NullReferenceException("subjectPublicKey must be non-null");
     }
     if (trustAnchor == null)
     {
         throw new NullReferenceException("trustAnchor must be non-null");
     }
     this.trustAnchor      = trustAnchor;
     this.policyTree       = policyTree;
     this.subjectPublicKey = subjectPublicKey;
 }
Esempio n. 18
0
 public PkixPolicyNode(global::System.Collections.IList children, int depth, ISet expectedPolicies, PkixPolicyNode parent, ISet policyQualifiers, string validPolicy, bool critical)
 {
     if (children == null)
     {
         mChildren = Platform.CreateArrayList();
     }
     else
     {
         mChildren = Platform.CreateArrayList((global::System.Collections.ICollection)children);
     }
     mDepth            = depth;
     mExpectedPolicies = expectedPolicies;
     mParent           = parent;
     mPolicyQualifiers = policyQualifiers;
     mValidPolicy      = validPolicy;
     mCritical         = critical;
 }
Esempio n. 19
0
 internal static void ProcessCertD1ii(int index, global::System.Collections.IList[] policyNodes, DerObjectIdentifier _poid, ISet _pq)
 {
     global::System.Collections.IList list = policyNodes[index - 1];
     for (int i = 0; i < ((global::System.Collections.ICollection)list).get_Count(); i++)
     {
         PkixPolicyNode pkixPolicyNode = (PkixPolicyNode)list.get_Item(i);
         if (ANY_POLICY.Equals(pkixPolicyNode.ValidPolicy))
         {
             ISet set = new HashSet();
             set.Add(_poid.Id);
             PkixPolicyNode pkixPolicyNode2 = new PkixPolicyNode(Platform.CreateArrayList(), index, set, pkixPolicyNode, _pq, _poid.Id, critical: false);
             pkixPolicyNode.AddChild(pkixPolicyNode2);
             policyNodes[index].Add((object)pkixPolicyNode2);
             break;
         }
     }
 }
Esempio n. 20
0
        internal static void ProcessCertD1ii(int index, IList[] policyNodes, DerObjectIdentifier _poid, ISet _pq)
        {
            IList list = policyNodes[index - 1];

            for (int i = 0; i < list.Count; i++)
            {
                PkixPolicyNode pkixPolicyNode = (PkixPolicyNode)list[i];
                if (PkixCertPathValidatorUtilities.ANY_POLICY.Equals(pkixPolicyNode.ValidPolicy))
                {
                    ISet set = new HashSet();
                    set.Add(_poid.Id);
                    PkixPolicyNode pkixPolicyNode2 = new PkixPolicyNode(Platform.CreateArrayList(), index, set, pkixPolicyNode, _pq, _poid.Id, false);
                    pkixPolicyNode.AddChild(pkixPolicyNode2);
                    policyNodes[index].Add(pkixPolicyNode2);
                    return;
                }
            }
        }
        public PkixCertPathValidatorResult(
			TrustAnchor				trustAnchor,
			PkixPolicyNode			policyTree,
			IAsymmetricKeyParameter	subjectPublicKey)
        {
            if (subjectPublicKey == null)
            {
                throw new NullReferenceException("subjectPublicKey must be non-null");
            }
            if (trustAnchor == null)
            {
                throw new NullReferenceException("trustAnchor must be non-null");
            }

            this.trustAnchor = trustAnchor;
            this.policyTree = policyTree;
            this.subjectPublicKey = subjectPublicKey;
        }
Esempio n. 22
0
        internal static PkixPolicyNode PrepareNextCertB2(
            int i,
            IList[]                 policyNodes,
            string id_p,
            PkixPolicyNode validPolicyTree)
        {
            int pos = 0;

            // Copy to avoid RemoveAt calls interfering with enumeration
            foreach (PkixPolicyNode node in Platform.CreateArrayList(policyNodes[i]))
            {
                if (node.ValidPolicy.Equals(id_p))
                {
                    PkixPolicyNode p_node = (PkixPolicyNode)node.Parent;
                    p_node.RemoveChild(node);

                    // Removal of element at current iterator position not supported in C#
                    //nodes_i.remove();
                    policyNodes[i].RemoveAt(pos);

                    for (int k = (i - 1); k >= 0; k--)
                    {
                        IList nodes = policyNodes[k];
                        for (int l = 0; l < nodes.Count; l++)
                        {
                            PkixPolicyNode node2 = (PkixPolicyNode)nodes[l];
                            if (!node2.HasChildren)
                            {
                                validPolicyTree = RemovePolicyNode(validPolicyTree, policyNodes, node2);
                                if (validPolicyTree == null)
                                {
                                    break;
                                }
                            }
                        }
                    }
                }
                else
                {
                    ++pos;
                }
            }
            return(validPolicyTree);
        }
Esempio n. 23
0
 internal static bool ProcessCertD1i(int index, global::System.Collections.IList[] policyNodes, DerObjectIdentifier pOid, ISet pq)
 {
     global::System.Collections.IList list = policyNodes[index - 1];
     for (int i = 0; i < ((global::System.Collections.ICollection)list).get_Count(); i++)
     {
         PkixPolicyNode pkixPolicyNode   = (PkixPolicyNode)list.get_Item(i);
         ISet           expectedPolicies = pkixPolicyNode.ExpectedPolicies;
         if (expectedPolicies.Contains(pOid.Id))
         {
             ISet set = new HashSet();
             set.Add(pOid.Id);
             PkixPolicyNode pkixPolicyNode2 = new PkixPolicyNode(Platform.CreateArrayList(), index, set, pkixPolicyNode, pq, pOid.Id, critical: false);
             pkixPolicyNode.AddChild(pkixPolicyNode2);
             policyNodes[index].Add((object)pkixPolicyNode2);
             return(true);
         }
     }
     return(false);
 }
Esempio n. 24
0
        internal static PkixPolicyNode RemovePolicyNode(PkixPolicyNode validPolicyTree, global::System.Collections.IList[] policyNodes, PkixPolicyNode _node)
        {
            PkixPolicyNode parent = _node.Parent;

            if (validPolicyTree == null)
            {
                return(null);
            }
            if (parent == null)
            {
                for (int i = 0; i < policyNodes.Length; i++)
                {
                    policyNodes[i] = Platform.CreateArrayList();
                }
                return(null);
            }
            parent.RemoveChild(_node);
            RemovePolicyNodeRecurse(policyNodes, _node);
            return(validPolicyTree);
        }
Esempio n. 25
0
        internal static PkixPolicyNode RemovePolicyNode(PkixPolicyNode validPolicyTree, IList[] policyNodes, PkixPolicyNode _node)
        {
            PkixPolicyNode parent = _node.Parent;

            if (validPolicyTree == null)
            {
                return(null);
            }
            if (parent == null)
            {
                for (int i = 0; i < policyNodes.Length; i++)
                {
                    policyNodes[i] = Platform.CreateArrayList();
                }
                return(null);
            }
            parent.RemoveChild(_node);
            PkixCertPathValidatorUtilities.RemovePolicyNodeRecurse(policyNodes, _node);
            return(validPolicyTree);
        }
Esempio n. 26
0
        public virtual PkixPolicyNode Copy()
        {
            PkixPolicyNode node = new PkixPolicyNode(
                Platform.CreateArrayList(),
                mDepth,
                new HashSet(mExpectedPolicies),
                null,
                new HashSet(mPolicyQualifiers),
                mValidPolicy,
                mCritical);

            foreach (PkixPolicyNode child in mChildren)
            {
                PkixPolicyNode copy = child.Copy();
                copy.Parent = node;
                node.AddChild(copy);
            }

            return(node);
        }
Esempio n. 27
0
        internal static bool ProcessCertD1i(int index, IList[] policyNodes, DerObjectIdentifier pOid, ISet pq)
        {
            IList list = policyNodes[index - 1];

            for (int i = 0; i < list.Count; i++)
            {
                PkixPolicyNode pkixPolicyNode   = (PkixPolicyNode)list[i];
                ISet           expectedPolicies = pkixPolicyNode.ExpectedPolicies;
                if (expectedPolicies.Contains(pOid.Id))
                {
                    ISet set = new HashSet();
                    set.Add(pOid.Id);
                    PkixPolicyNode pkixPolicyNode2 = new PkixPolicyNode(Platform.CreateArrayList(), index, set, pkixPolicyNode, pq, pOid.Id, false);
                    pkixPolicyNode.AddChild(pkixPolicyNode2);
                    policyNodes[index].Add(pkixPolicyNode2);
                    return(true);
                }
            }
            return(false);
        }
Esempio n. 28
0
        /// Constructors
        public PkixPolicyNode(
			IList			children,
			int				depth,
			ISet			expectedPolicies,
			PkixPolicyNode	parent,
			ISet			policyQualifiers,
			string			validPolicy,
			bool			critical)
        {
            ArrayList newChildren = new ArrayList();
            if (children != null)
            {
                newChildren.AddRange(children);
            }

            this.mChildren = newChildren;
            this.mDepth = depth;
            this.mExpectedPolicies = expectedPolicies;
            this.mParent = parent;
            this.mPolicyQualifiers = policyQualifiers;
            this.mValidPolicy = validPolicy;
            this.mCritical = critical;
        }
Esempio n. 29
0
        /// Constructors
        public PkixPolicyNode(
            IList children,
            int depth,
            ISet expectedPolicies,
            PkixPolicyNode parent,
            ISet policyQualifiers,
            string validPolicy,
            bool critical)
        {
            ArrayList newChildren = new ArrayList();

            if (children != null)
            {
                newChildren.AddRange(children);
            }

            this.mChildren         = newChildren;
            this.mDepth            = depth;
            this.mExpectedPolicies = expectedPolicies;
            this.mParent           = parent;
            this.mPolicyQualifiers = policyQualifiers;
            this.mValidPolicy      = validPolicy;
            this.mCritical         = critical;
        }
		internal static PkixPolicyNode PrepareCertB(
			PkixCertPath	certPath,
			int				index,
			IList[]			policyNodes,
			PkixPolicyNode	validPolicyTree,
			int				policyMapping)
			//throws CertPathValidatorException
		{
			IList certs = certPath.Certificates;
			X509Certificate cert = (X509Certificate)certs[index];
			int n = certs.Count;
			// i as defined in the algorithm description
			int i = n - index;
			// (b)
			//
			Asn1Sequence pm = null;
			try
			{
				pm = (Asn1Sequence)Asn1Sequence.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyMappings));
			}
			catch (Exception ex)
			{
				throw new PkixCertPathValidatorException(
					"Policy mappings extension could not be decoded.", ex, certPath, index);
			}
			PkixPolicyNode _validPolicyTree = validPolicyTree;
			if (pm != null)
			{
				Asn1Sequence mappings = (Asn1Sequence)pm;
				IDictionary m_idp = Platform.CreateHashtable();
				ISet s_idp = new HashSet();

				for (int j = 0; j < mappings.Count; j++)
				{
					Asn1Sequence mapping = (Asn1Sequence) mappings[j];
					string id_p = ((DerObjectIdentifier) mapping[0]).Id;
					string sd_p = ((DerObjectIdentifier) mapping[1]).Id;
					ISet tmp;

					if (!m_idp.Contains(id_p))
					{
						tmp = new HashSet();
						tmp.Add(sd_p);
						m_idp[id_p] = tmp;
						s_idp.Add(id_p);
					}
					else
					{
						tmp = (ISet)m_idp[id_p];
						tmp.Add(sd_p);
					}
				}

				IEnumerator it_idp = s_idp.GetEnumerator();
				while (it_idp.MoveNext())
				{
					string id_p = (string)it_idp.Current;

					//
					// (1)
					//
					if (policyMapping > 0)
					{
						bool idp_found = false;
						IEnumerator nodes_i = policyNodes[i].GetEnumerator();

						while (nodes_i.MoveNext())
						{
							PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
							if (node.ValidPolicy.Equals(id_p))
							{
								idp_found = true;
								node.ExpectedPolicies = (ISet)m_idp[id_p];
								break;
							}
						}

						if (!idp_found)
						{
							nodes_i = policyNodes[i].GetEnumerator();
							while (nodes_i.MoveNext())
							{
								PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
								if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(node.ValidPolicy))
								{
									ISet pq = null;
									Asn1Sequence policies = null;
									try
									{
										policies = (Asn1Sequence)PkixCertPathValidatorUtilities.GetExtensionValue(cert,
											X509Extensions.CertificatePolicies);
									}
									catch (Exception e)
									{
										throw new PkixCertPathValidatorException(
											"Certificate policies extension could not be decoded.", e, certPath, index);
									}

									foreach (Asn1Encodable ae in policies)
									{
										PolicyInformation pinfo = null;
										try
										{
											pinfo = PolicyInformation.GetInstance(ae.ToAsn1Object());
										}
										catch (Exception ex)
										{
											throw new PkixCertPathValidatorException(
												"Policy information could not be decoded.", ex, certPath, index);
										}
										if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id))
										{
											try
											{
												pq = PkixCertPathValidatorUtilities
													.GetQualifierSet(pinfo.PolicyQualifiers);
											}
											catch (PkixCertPathValidatorException ex)
											{
												throw new PkixCertPathValidatorException(
													"Policy qualifier info set could not be decoded.", ex, certPath,
													index);
											}
											break;
										}
									}
									bool ci = false;
									ISet critExtOids = cert.GetCriticalExtensionOids();
									if (critExtOids != null)
									{
										ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
									}

									PkixPolicyNode p_node = (PkixPolicyNode)node.Parent;
									if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(p_node.ValidPolicy))
									{
										PkixPolicyNode c_node = new PkixPolicyNode(Platform.CreateArrayList(), i,
											(ISet)m_idp[id_p], p_node, pq, id_p, ci);
										p_node.AddChild(c_node);
										policyNodes[i].Add(c_node);
									}
									break;
								}
							}
						}

						//
						// (2)
						//
					}
					else if (policyMapping <= 0)
					{
                        foreach (PkixPolicyNode node in Platform.CreateArrayList(policyNodes[i]))
                        {
							if (node.ValidPolicy.Equals(id_p))
							{
								node.Parent.RemoveChild(node);

                                for (int k = i - 1; k >= 0; k--)
								{
                                    foreach (PkixPolicyNode node2 in Platform.CreateArrayList(policyNodes[k]))
									{
										if (!node2.HasChildren)
										{
											_validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(
												_validPolicyTree, policyNodes, node2);

                                            if (_validPolicyTree == null)
												break;
										}
									}
								}
							}
						}
					}
				}
			}
			return _validPolicyTree;
		}
Esempio n. 31
0
        public virtual PkixPolicyNode Copy()
        {
            PkixPolicyNode node = new PkixPolicyNode(
                new ArrayList(),
                mDepth,
                new HashSet(mExpectedPolicies),
                null,
                new HashSet(mPolicyQualifiers),
                mValidPolicy,
                mCritical);

            foreach (PkixPolicyNode child in mChildren)
            {
                PkixPolicyNode copy = child.Copy();
                copy.Parent = node;
                node.AddChild(copy);
            }

            return node;
        }
Esempio n. 32
0
 public virtual void AddChild(
     PkixPolicyNode child)
 {
     child.Parent = this;
     mChildren.Add(child);
 }
Esempio n. 33
0
 public virtual void RemoveChild(
     PkixPolicyNode child)
 {
     mChildren.Remove(child);
 }
Esempio n. 34
0
        public virtual void RemoveChild(
			PkixPolicyNode child)
        {
            mChildren.Remove(child);
        }
Esempio n. 35
0
        public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters paramsPkix)
        {
            if (paramsPkix.GetTrustAnchors() == null)
            {
                throw new ArgumentException("trustAnchors is null, this is not allowed for certification path validation.", "parameters");
            }
            IList certificates = certPath.Certificates;
            int   count        = certificates.Count;

            if (certificates.Count == 0)
            {
                throw new PkixCertPathValidatorException("Certification path is empty.", null, certPath, 0);
            }
            ISet        initialPolicies = paramsPkix.GetInitialPolicies();
            TrustAnchor trustAnchor;

            try
            {
                trustAnchor = PkixCertPathValidatorUtilities.FindTrustAnchor((X509Certificate)certificates[certificates.Count - 1], paramsPkix.GetTrustAnchors());
            }
            catch (Exception ex)
            {
                throw new PkixCertPathValidatorException(ex.Message, ex, certPath, certificates.Count - 1);
            }
            if (trustAnchor == null)
            {
                throw new PkixCertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
            }
            int i = 0;

            IList[] array = new IList[count + 1];
            for (int j = 0; j < array.Length; j++)
            {
                array[j] = Platform.CreateArrayList();
            }
            ISet set = new HashSet();

            set.Add(Rfc3280CertPathUtilities.ANY_POLICY);
            PkixPolicyNode pkixPolicyNode = new PkixPolicyNode(Platform.CreateArrayList(), 0, set, null, new HashSet(), Rfc3280CertPathUtilities.ANY_POLICY, false);

            array[0].Add(pkixPolicyNode);
            PkixNameConstraintValidator nameConstraintValidator = new PkixNameConstraintValidator();
            ISet acceptablePolicies = new HashSet();
            int  num;

            if (paramsPkix.IsExplicitPolicyRequired)
            {
                num = 0;
            }
            else
            {
                num = count + 1;
            }
            int inhibitAnyPolicy;

            if (paramsPkix.IsAnyPolicyInhibited)
            {
                inhibitAnyPolicy = 0;
            }
            else
            {
                inhibitAnyPolicy = count + 1;
            }
            int policyMapping;

            if (paramsPkix.IsPolicyMappingInhibited)
            {
                policyMapping = 0;
            }
            else
            {
                policyMapping = count + 1;
            }
            X509Certificate        x509Certificate = trustAnchor.TrustedCert;
            X509Name               workingIssuerName;
            AsymmetricKeyParameter asymmetricKeyParameter;

            try
            {
                if (x509Certificate != null)
                {
                    workingIssuerName      = x509Certificate.SubjectDN;
                    asymmetricKeyParameter = x509Certificate.GetPublicKey();
                }
                else
                {
                    workingIssuerName      = new X509Name(trustAnchor.CAName);
                    asymmetricKeyParameter = trustAnchor.CAPublicKey;
                }
            }
            catch (ArgumentException cause)
            {
                throw new PkixCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", cause, certPath, -1);
            }
            try
            {
                PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(asymmetricKeyParameter);
            }
            catch (PkixCertPathValidatorException cause2)
            {
                throw new PkixCertPathValidatorException("Algorithm identifier of public key of trust anchor could not be read.", cause2, certPath, -1);
            }
            int maxPathLength = count;
            X509CertStoreSelector targetCertConstraints = paramsPkix.GetTargetCertConstraints();

            if (targetCertConstraints != null && !targetCertConstraints.Match((X509Certificate)certificates[0]))
            {
                throw new PkixCertPathValidatorException("Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
            }
            IList       certPathCheckers = paramsPkix.GetCertPathCheckers();
            IEnumerator enumerator       = certPathCheckers.GetEnumerator();

            while (enumerator.MoveNext())
            {
                ((PkixCertPathChecker)enumerator.Current).Init(false);
            }
            X509Certificate x509Certificate2 = null;

            for (i = certificates.Count - 1; i >= 0; i--)
            {
                int num2 = count - i;
                x509Certificate2 = (X509Certificate)certificates[i];
                Rfc3280CertPathUtilities.ProcessCertA(certPath, paramsPkix, i, asymmetricKeyParameter, workingIssuerName, x509Certificate);
                Rfc3280CertPathUtilities.ProcessCertBC(certPath, i, nameConstraintValidator);
                pkixPolicyNode = Rfc3280CertPathUtilities.ProcessCertD(certPath, i, acceptablePolicies, pkixPolicyNode, array, inhibitAnyPolicy);
                pkixPolicyNode = Rfc3280CertPathUtilities.ProcessCertE(certPath, i, pkixPolicyNode);
                Rfc3280CertPathUtilities.ProcessCertF(certPath, i, pkixPolicyNode, num);
                if (num2 != count)
                {
                    if (x509Certificate2 != null && x509Certificate2.Version == 1)
                    {
                        throw new PkixCertPathValidatorException("Version 1 certificates can't be used as CA ones.", null, certPath, i);
                    }
                    Rfc3280CertPathUtilities.PrepareNextCertA(certPath, i);
                    pkixPolicyNode = Rfc3280CertPathUtilities.PrepareCertB(certPath, i, array, pkixPolicyNode, policyMapping);
                    Rfc3280CertPathUtilities.PrepareNextCertG(certPath, i, nameConstraintValidator);
                    num              = Rfc3280CertPathUtilities.PrepareNextCertH1(certPath, i, num);
                    policyMapping    = Rfc3280CertPathUtilities.PrepareNextCertH2(certPath, i, policyMapping);
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertH3(certPath, i, inhibitAnyPolicy);
                    num              = Rfc3280CertPathUtilities.PrepareNextCertI1(certPath, i, num);
                    policyMapping    = Rfc3280CertPathUtilities.PrepareNextCertI2(certPath, i, policyMapping);
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertJ(certPath, i, inhibitAnyPolicy);
                    Rfc3280CertPathUtilities.PrepareNextCertK(certPath, i);
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertL(certPath, i, maxPathLength);
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertM(certPath, i, maxPathLength);
                    Rfc3280CertPathUtilities.PrepareNextCertN(certPath, i);
                    ISet set2 = x509Certificate2.GetCriticalExtensionOids();
                    if (set2 != null)
                    {
                        set2 = new HashSet(set2);
                        set2.Remove(X509Extensions.KeyUsage.Id);
                        set2.Remove(X509Extensions.CertificatePolicies.Id);
                        set2.Remove(X509Extensions.PolicyMappings.Id);
                        set2.Remove(X509Extensions.InhibitAnyPolicy.Id);
                        set2.Remove(X509Extensions.IssuingDistributionPoint.Id);
                        set2.Remove(X509Extensions.DeltaCrlIndicator.Id);
                        set2.Remove(X509Extensions.PolicyConstraints.Id);
                        set2.Remove(X509Extensions.BasicConstraints.Id);
                        set2.Remove(X509Extensions.SubjectAlternativeName.Id);
                        set2.Remove(X509Extensions.NameConstraints.Id);
                    }
                    else
                    {
                        set2 = new HashSet();
                    }
                    Rfc3280CertPathUtilities.PrepareNextCertO(certPath, i, set2, certPathCheckers);
                    x509Certificate   = x509Certificate2;
                    workingIssuerName = x509Certificate.SubjectDN;
                    try
                    {
                        asymmetricKeyParameter = PkixCertPathValidatorUtilities.GetNextWorkingKey(certPath.Certificates, i);
                    }
                    catch (PkixCertPathValidatorException cause3)
                    {
                        throw new PkixCertPathValidatorException("Next working key could not be retrieved.", cause3, certPath, i);
                    }
                    PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(asymmetricKeyParameter);
                }
            }
            num = Rfc3280CertPathUtilities.WrapupCertA(num, x509Certificate2);
            num = Rfc3280CertPathUtilities.WrapupCertB(certPath, i + 1, num);
            ISet set3 = x509Certificate2.GetCriticalExtensionOids();

            if (set3 != null)
            {
                set3 = new HashSet(set3);
                set3.Remove(X509Extensions.KeyUsage.Id);
                set3.Remove(X509Extensions.CertificatePolicies.Id);
                set3.Remove(X509Extensions.PolicyMappings.Id);
                set3.Remove(X509Extensions.InhibitAnyPolicy.Id);
                set3.Remove(X509Extensions.IssuingDistributionPoint.Id);
                set3.Remove(X509Extensions.DeltaCrlIndicator.Id);
                set3.Remove(X509Extensions.PolicyConstraints.Id);
                set3.Remove(X509Extensions.BasicConstraints.Id);
                set3.Remove(X509Extensions.SubjectAlternativeName.Id);
                set3.Remove(X509Extensions.NameConstraints.Id);
                set3.Remove(X509Extensions.CrlDistributionPoints.Id);
            }
            else
            {
                set3 = new HashSet();
            }
            Rfc3280CertPathUtilities.WrapupCertF(certPath, i + 1, certPathCheckers, set3);
            PkixPolicyNode pkixPolicyNode2 = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, initialPolicies, i + 1, array, pkixPolicyNode, acceptablePolicies);

            if (num > 0 || pkixPolicyNode2 != null)
            {
                return(new PkixCertPathValidatorResult(trustAnchor, pkixPolicyNode2, x509Certificate2.GetPublicKey()));
            }
            throw new PkixCertPathValidatorException("Path processing failed on policy.", null, certPath, i);
        }
		internal static PkixPolicyNode PrepareNextCertB2(
			int				i,
			IList[]			policyNodes,
			string			id_p,
			PkixPolicyNode	validPolicyTree)
		{
			int pos = 0;

			// Copy to avoid RemoveAt calls interfering with enumeration
            foreach (PkixPolicyNode node in Platform.CreateArrayList(policyNodes[i]))
			{
				if (node.ValidPolicy.Equals(id_p))
				{
					PkixPolicyNode p_node = (PkixPolicyNode)node.Parent;
					p_node.RemoveChild(node);

					// Removal of element at current iterator position not supported in C#
					//nodes_i.remove();
					policyNodes[i].RemoveAt(pos);

					for (int k = (i - 1); k >= 0; k--)
					{
						IList nodes = policyNodes[k];
						for (int l = 0; l < nodes.Count; l++)
						{
							PkixPolicyNode node2 = (PkixPolicyNode)nodes[l];
							if (!node2.HasChildren)
							{
								validPolicyTree = RemovePolicyNode(validPolicyTree, policyNodes, node2);
								if (validPolicyTree == null)
									break;
							}
						}
					}
				}
				else
				{
					++pos;
				}
			}
			return validPolicyTree;
		}
		internal static PkixPolicyNode RemovePolicyNode(
			PkixPolicyNode validPolicyTree,
			IList[] policyNodes,
			PkixPolicyNode _node)
		{
			PkixPolicyNode _parent = (PkixPolicyNode)_node.Parent;

			if (validPolicyTree == null)
			{
				return null;
			}

			if (_parent == null)
			{
				for (int j = 0; j < policyNodes.Length; j++)
				{
                    policyNodes[j] = Platform.CreateArrayList();
				}

				return null;
			}
			else
			{
				_parent.RemoveChild(_node);
				RemovePolicyNodeRecurse(policyNodes, _node);

				return validPolicyTree;
			}
		}
		private static void RemovePolicyNodeRecurse(IList[] policyNodes, PkixPolicyNode _node)
		{
			policyNodes[_node.Depth].Remove(_node);

			if (_node.HasChildren)
			{
				foreach (PkixPolicyNode _child in _node.Children)
				{
					RemovePolicyNodeRecurse(policyNodes, _child);
				}
			}
		}
		internal static bool ProcessCertD1i(
			int					index,
			IList[]				policyNodes,
			DerObjectIdentifier	pOid,
			ISet				pq)
		{
			IList policyNodeVec = policyNodes[index - 1];

			for (int j = 0; j < policyNodeVec.Count; j++)
			{
				PkixPolicyNode node = (PkixPolicyNode)policyNodeVec[j];
				ISet expectedPolicies = node.ExpectedPolicies;

				if (expectedPolicies.Contains(pOid.Id))
				{
					ISet childExpectedPolicies = new HashSet();
					childExpectedPolicies.Add(pOid.Id);

                    PkixPolicyNode child = new PkixPolicyNode(Platform.CreateArrayList(),
						index,
						childExpectedPolicies,
						node,
						pq,
						pOid.Id,
						false);
					node.AddChild(child);
					policyNodes[index].Add(child);

					return true;
				}
			}

			return false;
		}
		internal static void ProcessCertD1ii(
			int					index,
			IList[]				policyNodes,
			DerObjectIdentifier _poid,
			ISet				_pq)
		{
			IList policyNodeVec = policyNodes[index - 1];

			for (int j = 0; j < policyNodeVec.Count; j++)
			{
				PkixPolicyNode _node = (PkixPolicyNode)policyNodeVec[j];

				if (ANY_POLICY.Equals(_node.ValidPolicy))
				{
					ISet _childExpectedPolicies = new HashSet();
					_childExpectedPolicies.Add(_poid.Id);

                    PkixPolicyNode _child = new PkixPolicyNode(Platform.CreateArrayList(),
						index,
						_childExpectedPolicies,
						_node,
						_pq,
						_poid.Id,
						false);
					_node.AddChild(_child);
					policyNodes[index].Add(_child);
					return;
				}
			}
		}
Esempio n. 41
0
        public virtual void AddChild(
			PkixPolicyNode child)
        {
            child.Parent = this;
            mChildren.Add(child);
        }
		internal static PkixPolicyNode ProcessCertE(
			PkixCertPath	certPath,
			int				index,
			PkixPolicyNode	validPolicyTree)
		{
			IList certs = certPath.Certificates;
			X509Certificate cert = (X509Certificate)certs[index];

			//
			// (e)
			//
			Asn1Sequence certPolicies = null;
			try
			{
				certPolicies = DerSequence.GetInstance(
					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
			}
			catch (Exception e)
			{
				throw new PkixCertPathValidatorException("Could not read certificate policies extension from certificate.",
					e, certPath, index);
			}
			if (certPolicies == null)
			{
				validPolicyTree = null;
			}
			return validPolicyTree;
		}
        public virtual PkixCertPathValidatorResult Validate(
            PkixCertPath certPath,
            PkixParameters paramsPkix)
        {
            if (paramsPkix.GetTrustAnchors() == null)
            {
                throw new ArgumentException(
                          "trustAnchors is null, this is not allowed for certification path validation.",
                          "parameters");
            }

            //
            // 6.1.1 - inputs
            //

            //
            // (a)
            //
            IList certs = certPath.Certificates;
            int   n     = certs.Count;

            if (certs.Count == 0)
            {
                throw new PkixCertPathValidatorException("Certification path is empty.", null, certPath, 0);
            }

            //
            // (b)
            //
            // DateTime validDate = PkixCertPathValidatorUtilities.GetValidDate(paramsPkix);

            //
            // (c)
            //
            ISet userInitialPolicySet = paramsPkix.GetInitialPolicies();

            //
            // (d)
            //
            TrustAnchor trust;

            try
            {
                trust = PkixCertPathValidatorUtilities.FindTrustAnchor(
                    (X509Certificate)certs[certs.Count - 1],
                    paramsPkix.GetTrustAnchors());
            }
            catch (Exception e)
            {
                throw new PkixCertPathValidatorException(e.Message, e, certPath, certs.Count - 1);
            }

            if (trust == null)
            {
                throw new PkixCertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
            }

            //
            // (e), (f), (g) are part of the paramsPkix object.
            //
            IEnumerator certIter;
            int         index = 0;
            int         i;

            // Certificate for each interation of the validation loop
            // Signature information for each iteration of the validation loop
            //
            // 6.1.2 - setup
            //

            //
            // (a)
            //
            IList[] policyNodes = new IList[n + 1];
            for (int j = 0; j < policyNodes.Length; j++)
            {
                policyNodes[j] = Platform.CreateArrayList();
            }

            ISet policySet = new HashSet();

            policySet.Add(Rfc3280CertPathUtilities.ANY_POLICY);

            PkixPolicyNode validPolicyTree = new PkixPolicyNode(Platform.CreateArrayList(), 0, policySet, null, new HashSet(),
                                                                Rfc3280CertPathUtilities.ANY_POLICY, false);

            policyNodes[0].Add(validPolicyTree);

            //
            // (b) and (c)
            //
            PkixNameConstraintValidator nameConstraintValidator = new PkixNameConstraintValidator();

            // (d)
            //
            int  explicitPolicy;
            ISet acceptablePolicies = new HashSet();

            if (paramsPkix.IsExplicitPolicyRequired)
            {
                explicitPolicy = 0;
            }
            else
            {
                explicitPolicy = n + 1;
            }

            //
            // (e)
            //
            int inhibitAnyPolicy;

            if (paramsPkix.IsAnyPolicyInhibited)
            {
                inhibitAnyPolicy = 0;
            }
            else
            {
                inhibitAnyPolicy = n + 1;
            }

            //
            // (f)
            //
            int policyMapping;

            if (paramsPkix.IsPolicyMappingInhibited)
            {
                policyMapping = 0;
            }
            else
            {
                policyMapping = n + 1;
            }

            //
            // (g), (h), (i), (j)
            //
            AsymmetricKeyParameter workingPublicKey;
            X509Name workingIssuerName;

            X509Certificate sign = trust.TrustedCert;

            try
            {
                if (sign != null)
                {
                    workingIssuerName = sign.SubjectDN;
                    workingPublicKey  = sign.GetPublicKey();
                }
                else
                {
                    workingIssuerName = new X509Name(trust.CAName);
                    workingPublicKey  = trust.CAPublicKey;
                }
            }
            catch (ArgumentException ex)
            {
                throw new PkixCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath,
                                                         -1);
            }

            //AlgorithmIdentifier workingAlgId = null;
            try
            {
                /*workingAlgId = */ PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
            }
            catch (PkixCertPathValidatorException e)
            {
                throw new PkixCertPathValidatorException(
                          "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
            }

//			DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.ObjectID;
//			Asn1Encodable workingPublicKeyParameters = workingAlgId.Parameters;

            //
            // (k)
            //
            int maxPathLength = n;

            //
            // 6.1.3
            //

            X509CertStoreSelector certConstraints = paramsPkix.GetTargetCertConstraints();

            if (certConstraints != null && !certConstraints.Match((X509Certificate)certs[0]))
            {
                throw new PkixCertPathValidatorException(
                          "Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
            }

            //
            // initialize CertPathChecker's
            //
            IList pathCheckers = paramsPkix.GetCertPathCheckers();

            certIter = pathCheckers.GetEnumerator();

            while (certIter.MoveNext())
            {
                ((PkixCertPathChecker)certIter.Current).Init(false);
            }

            X509Certificate cert = null;

            for (index = certs.Count - 1; index >= 0; index--)
            {
                // try
                // {
                //
                // i as defined in the algorithm description
                //
                i = n - index;

                //
                // set certificate to be checked in this round
                // sign and workingPublicKey and workingIssuerName are set
                // at the end of the for loop and initialized the
                // first time from the TrustAnchor
                //
                cert = (X509Certificate)certs[index];

                //
                // 6.1.3
                //

                Rfc3280CertPathUtilities.ProcessCertA(certPath, paramsPkix, index, workingPublicKey,
                                                      workingIssuerName, sign);

                Rfc3280CertPathUtilities.ProcessCertBC(certPath, index, nameConstraintValidator);

                validPolicyTree = Rfc3280CertPathUtilities.ProcessCertD(certPath, index,
                                                                        acceptablePolicies, validPolicyTree, policyNodes, inhibitAnyPolicy);

                validPolicyTree = Rfc3280CertPathUtilities.ProcessCertE(certPath, index, validPolicyTree);

                Rfc3280CertPathUtilities.ProcessCertF(certPath, index, validPolicyTree, explicitPolicy);

                //
                // 6.1.4
                //

                if (i != n)
                {
                    if (cert != null && cert.Version == 1)
                    {
                        throw new PkixCertPathValidatorException(
                                  "Version 1 certificates can't be used as CA ones.", null, certPath, index);
                    }

                    Rfc3280CertPathUtilities.PrepareNextCertA(certPath, index);

                    validPolicyTree = Rfc3280CertPathUtilities.PrepareCertB(certPath, index, policyNodes,
                                                                            validPolicyTree, policyMapping);

                    Rfc3280CertPathUtilities.PrepareNextCertG(certPath, index, nameConstraintValidator);

                    // (h)
                    explicitPolicy   = Rfc3280CertPathUtilities.PrepareNextCertH1(certPath, index, explicitPolicy);
                    policyMapping    = Rfc3280CertPathUtilities.PrepareNextCertH2(certPath, index, policyMapping);
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertH3(certPath, index, inhibitAnyPolicy);

                    //
                    // (i)
                    //
                    explicitPolicy = Rfc3280CertPathUtilities.PrepareNextCertI1(certPath, index, explicitPolicy);
                    policyMapping  = Rfc3280CertPathUtilities.PrepareNextCertI2(certPath, index, policyMapping);

                    // (j)
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertJ(certPath, index, inhibitAnyPolicy);

                    // (k)
                    Rfc3280CertPathUtilities.PrepareNextCertK(certPath, index);

                    // (l)
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertL(certPath, index, maxPathLength);

                    // (m)
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertM(certPath, index, maxPathLength);

                    // (n)
                    Rfc3280CertPathUtilities.PrepareNextCertN(certPath, index);

                    ISet criticalExtensions1 = cert.GetCriticalExtensionOids();

                    if (criticalExtensions1 != null)
                    {
                        criticalExtensions1 = new HashSet(criticalExtensions1);

                        // these extensions are handled by the algorithm
                        criticalExtensions1.Remove(X509Extensions.KeyUsage.Id);
                        criticalExtensions1.Remove(X509Extensions.CertificatePolicies.Id);
                        criticalExtensions1.Remove(X509Extensions.PolicyMappings.Id);
                        criticalExtensions1.Remove(X509Extensions.InhibitAnyPolicy.Id);
                        criticalExtensions1.Remove(X509Extensions.IssuingDistributionPoint.Id);
                        criticalExtensions1.Remove(X509Extensions.DeltaCrlIndicator.Id);
                        criticalExtensions1.Remove(X509Extensions.PolicyConstraints.Id);
                        criticalExtensions1.Remove(X509Extensions.BasicConstraints.Id);
                        criticalExtensions1.Remove(X509Extensions.SubjectAlternativeName.Id);
                        criticalExtensions1.Remove(X509Extensions.NameConstraints.Id);
                    }
                    else
                    {
                        criticalExtensions1 = new HashSet();
                    }

                    // (o)
                    Rfc3280CertPathUtilities.PrepareNextCertO(certPath, index, criticalExtensions1, pathCheckers);

                    // set signing certificate for next round
                    sign = cert;

                    // (c)
                    workingIssuerName = sign.SubjectDN;

                    // (d)
                    try
                    {
                        workingPublicKey = PkixCertPathValidatorUtilities.GetNextWorkingKey(certPath.Certificates, index);
                    }
                    catch (PkixCertPathValidatorException e)
                    {
                        throw new PkixCertPathValidatorException("Next working key could not be retrieved.", e, certPath, index);
                    }

                    /*workingAlgId = */ PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
                    // (f)
//                    workingPublicKeyAlgorithm = workingAlgId.ObjectID;
                    // (e)
//                    workingPublicKeyParameters = workingAlgId.Parameters;
                }
            }

            //
            // 6.1.5 Wrap-up procedure
            //

            explicitPolicy = Rfc3280CertPathUtilities.WrapupCertA(explicitPolicy, cert);

            explicitPolicy = Rfc3280CertPathUtilities.WrapupCertB(certPath, index + 1, explicitPolicy);

            //
            // (c) (d) and (e) are already done
            //

            //
            // (f)
            //
            ISet criticalExtensions = cert.GetCriticalExtensionOids();

            if (criticalExtensions != null)
            {
                criticalExtensions = new HashSet(criticalExtensions);

                // Requires .Id
                // these extensions are handled by the algorithm
                criticalExtensions.Remove(X509Extensions.KeyUsage.Id);
                criticalExtensions.Remove(X509Extensions.CertificatePolicies.Id);
                criticalExtensions.Remove(X509Extensions.PolicyMappings.Id);
                criticalExtensions.Remove(X509Extensions.InhibitAnyPolicy.Id);
                criticalExtensions.Remove(X509Extensions.IssuingDistributionPoint.Id);
                criticalExtensions.Remove(X509Extensions.DeltaCrlIndicator.Id);
                criticalExtensions.Remove(X509Extensions.PolicyConstraints.Id);
                criticalExtensions.Remove(X509Extensions.BasicConstraints.Id);
                criticalExtensions.Remove(X509Extensions.SubjectAlternativeName.Id);
                criticalExtensions.Remove(X509Extensions.NameConstraints.Id);
                criticalExtensions.Remove(X509Extensions.CrlDistributionPoints.Id);
            }
            else
            {
                criticalExtensions = new HashSet();
            }

            Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions);

            PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, userInitialPolicySet,
                                                                               index + 1, policyNodes, validPolicyTree, acceptablePolicies);

            if ((explicitPolicy > 0) || (intersection != null))
            {
                return(new PkixCertPathValidatorResult(trust, intersection, cert.GetPublicKey()));
            }

            throw new PkixCertPathValidatorException("Path processing failed on policy.", null, certPath, index);
        }
		internal static void ProcessCertF(
			PkixCertPath	certPath,
			int				index,
			PkixPolicyNode	validPolicyTree,
			int				explicitPolicy)
		{
			//
			// (f)
			//
			if (explicitPolicy <= 0 && validPolicyTree == null)
			{
				throw new PkixCertPathValidatorException(
					"No valid policy tree found when one expected.", null, certPath, index);
			}
		}
		internal static void PrepareNextCertB1(
			int i,
			IList[] policyNodes,
			string id_p,
			IDictionary m_idp,
			X509Certificate cert)
		{
			bool idp_found = false;
			IEnumerator nodes_i = policyNodes[i].GetEnumerator();
			while (nodes_i.MoveNext())
			{
				PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
				if (node.ValidPolicy.Equals(id_p))
				{
					idp_found = true;
					node.ExpectedPolicies = (ISet)m_idp[id_p];
					break;
				}
			}

			if (!idp_found)
			{
				nodes_i = policyNodes[i].GetEnumerator();
				while (nodes_i.MoveNext())
				{
					PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
					if (ANY_POLICY.Equals(node.ValidPolicy))
					{
						ISet pq = null;
						Asn1Sequence policies = null;
						try
						{
							policies = DerSequence.GetInstance(GetExtensionValue(cert, X509Extensions.CertificatePolicies));
						}
						catch (Exception e)
						{
							throw new Exception("Certificate policies cannot be decoded.", e);
						}

						IEnumerator enm = policies.GetEnumerator();
						while (enm.MoveNext())
						{
							PolicyInformation pinfo = null;

							try
							{
								pinfo = PolicyInformation.GetInstance(enm.Current);
							}
							catch (Exception ex)
							{
								throw new Exception("Policy information cannot be decoded.", ex);
							}

							if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id))
							{
								try
								{
									pq = GetQualifierSet(pinfo.PolicyQualifiers);
								}
								catch (PkixCertPathValidatorException ex)
								{
									throw new PkixCertPathValidatorException(
										"Policy qualifier info set could not be built.", ex);
								}
								break;
							}
						}
						bool ci = false;
						ISet critExtOids = cert.GetCriticalExtensionOids();
						if (critExtOids != null)
						{
							ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
						}

						PkixPolicyNode p_node = (PkixPolicyNode)node.Parent;
						if (ANY_POLICY.Equals(p_node.ValidPolicy))
						{
							PkixPolicyNode c_node = new PkixPolicyNode(
                                Platform.CreateArrayList(), i,
								(ISet)m_idp[id_p],
								p_node, pq, id_p, ci);
							p_node.AddChild(c_node);
							policyNodes[i].Add(c_node);
						}
						break;
					}
				}
			}
		}
		internal static PkixPolicyNode WrapupCertG(
			PkixCertPath	certPath,
			PkixParameters	paramsPKIX,
			ISet			userInitialPolicySet,
			int				index,
			IList[]			policyNodes,
			PkixPolicyNode	validPolicyTree,
			ISet			acceptablePolicies)
		{
			int n = certPath.Certificates.Count;

			//
			// (g)
			//
			PkixPolicyNode intersection;

			//
			// (g) (i)
			//
			if (validPolicyTree == null)
			{
				if (paramsPKIX.IsExplicitPolicyRequired)
				{
					throw new PkixCertPathValidatorException(
						"Explicit policy requested but none available.", null, certPath, index);
				}
				intersection = null;
			}
			else if (PkixCertPathValidatorUtilities.IsAnyPolicy(userInitialPolicySet)) // (g)
				// (ii)
			{
				if (paramsPKIX.IsExplicitPolicyRequired)
				{
					if (acceptablePolicies.IsEmpty)
					{
						throw new PkixCertPathValidatorException(
							"Explicit policy requested but none available.", null, certPath, index);
					}
					else
					{
						ISet _validPolicyNodeSet = new HashSet();

						for (int j = 0; j < policyNodes.Length; j++)
						{
							IList _nodeDepth = policyNodes[j];

							for (int k = 0; k < _nodeDepth.Count; k++)
							{
								PkixPolicyNode _node = (PkixPolicyNode)_nodeDepth[k];

								if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(_node.ValidPolicy))
								{
									foreach (object o in _node.Children)
									{
										_validPolicyNodeSet.Add(o);
									}
								}
							}
						}

						foreach (PkixPolicyNode _node in _validPolicyNodeSet)
						{
							string _validPolicy = _node.ValidPolicy;

							if (!acceptablePolicies.Contains(_validPolicy))
							{
								// TODO?
								// validPolicyTree =
								// removePolicyNode(validPolicyTree, policyNodes,
								// _node);
							}
						}
						if (validPolicyTree != null)
						{
							for (int j = (n - 1); j >= 0; j--)
							{
								IList nodes = policyNodes[j];

								for (int k = 0; k < nodes.Count; k++)
								{
									PkixPolicyNode node = (PkixPolicyNode)nodes[k];
									if (!node.HasChildren)
									{
										validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree,
											policyNodes, node);
									}
								}
							}
						}
					}
				}

				intersection = validPolicyTree;
			}
			else
			{
				//
				// (g) (iii)
				//
				// This implementation is not exactly same as the one described in
				// RFC3280.
				// However, as far as the validation result is concerned, both
				// produce
				// adequate result. The only difference is whether AnyPolicy is
				// remain
				// in the policy tree or not.
				//
				// (g) (iii) 1
				//
				ISet _validPolicyNodeSet = new HashSet();

				for (int j = 0; j < policyNodes.Length; j++)
				{
					IList _nodeDepth = policyNodes[j];

					for (int k = 0; k < _nodeDepth.Count; k++)
					{
						PkixPolicyNode _node = (PkixPolicyNode)_nodeDepth[k];

						if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(_node.ValidPolicy))
						{
							foreach (PkixPolicyNode _c_node in _node.Children)
							{
								if (!Rfc3280CertPathUtilities.ANY_POLICY.Equals(_c_node.ValidPolicy))
								{
									_validPolicyNodeSet.Add(_c_node);
								}
							}
						}
					}
				}

				//
				// (g) (iii) 2
				//
				IEnumerator _vpnsIter = _validPolicyNodeSet.GetEnumerator();
				while (_vpnsIter.MoveNext())
				{
					PkixPolicyNode _node = (PkixPolicyNode)_vpnsIter.Current;
					string _validPolicy = _node.ValidPolicy;

					if (!userInitialPolicySet.Contains(_validPolicy))
					{
						validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, policyNodes, _node);
					}
				}

				//
				// (g) (iii) 4
				//
				if (validPolicyTree != null)
				{
					for (int j = (n - 1); j >= 0; j--)
					{
						IList nodes = policyNodes[j];

						for (int k = 0; k < nodes.Count; k++)
						{
							PkixPolicyNode node = (PkixPolicyNode)nodes[k];
							if (!node.HasChildren)
							{
								validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(validPolicyTree, policyNodes,
									node);
							}
						}
					}
				}

				intersection = validPolicyTree;
			}
			return intersection;
		}
Esempio n. 47
0
        internal static void PrepareNextCertB1(
            int i,
            IList[] policyNodes,
            string id_p,
            IDictionary m_idp,
            X509Certificate cert)
        {
            bool        idp_found = false;
            IEnumerator nodes_i   = policyNodes[i].GetEnumerator();

            while (nodes_i.MoveNext())
            {
                PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
                if (node.ValidPolicy.Equals(id_p))
                {
                    idp_found             = true;
                    node.ExpectedPolicies = (ISet)m_idp[id_p];
                    break;
                }
            }

            if (!idp_found)
            {
                nodes_i = policyNodes[i].GetEnumerator();
                while (nodes_i.MoveNext())
                {
                    PkixPolicyNode node = (PkixPolicyNode)nodes_i.Current;
                    if (ANY_POLICY.Equals(node.ValidPolicy))
                    {
                        ISet         pq       = null;
                        Asn1Sequence policies = null;
                        try
                        {
                            policies = DerSequence.GetInstance(GetExtensionValue(cert, X509Extensions.CertificatePolicies));
                        }
                        catch (Exception e)
                        {
                            throw new Exception("Certificate policies cannot be decoded.", e);
                        }

                        IEnumerator enm = policies.GetEnumerator();
                        while (enm.MoveNext())
                        {
                            PolicyInformation pinfo = null;

                            try
                            {
                                pinfo = PolicyInformation.GetInstance(enm.Current);
                            }
                            catch (Exception ex)
                            {
                                throw new Exception("Policy information cannot be decoded.", ex);
                            }

                            if (ANY_POLICY.Equals(pinfo.PolicyIdentifier.Id))
                            {
                                try
                                {
                                    pq = GetQualifierSet(pinfo.PolicyQualifiers);
                                }
                                catch (PkixCertPathValidatorException ex)
                                {
                                    throw new PkixCertPathValidatorException(
                                              "Policy qualifier info set could not be built.", ex);
                                }
                                break;
                            }
                        }
                        bool ci          = false;
                        ISet critExtOids = cert.GetCriticalExtensionOids();
                        if (critExtOids != null)
                        {
                            ci = critExtOids.Contains(X509Extensions.CertificatePolicies.Id);
                        }

                        PkixPolicyNode p_node = (PkixPolicyNode)node.Parent;
                        if (ANY_POLICY.Equals(p_node.ValidPolicy))
                        {
                            PkixPolicyNode c_node = new PkixPolicyNode(
                                Platform.CreateArrayList(), i,
                                (ISet)m_idp[id_p],
                                p_node, pq, id_p, ci);
                            p_node.AddChild(c_node);
                            policyNodes[i].Add(c_node);
                        }
                        break;
                    }
                }
            }
        }
		internal static PkixPolicyNode ProcessCertD(
			PkixCertPath	certPath,
			int				index,
			ISet			acceptablePolicies,
			PkixPolicyNode	validPolicyTree,
			IList[]			policyNodes,
			int				inhibitAnyPolicy)
			//throws CertPathValidatorException
		{
			IList certs = certPath.Certificates;
			X509Certificate cert = (X509Certificate)certs[index];
			int n = certs.Count;
			// i as defined in the algorithm description
			int i = n - index;
			//
			// (d) policy Information checking against initial policy and
			// policy mapping
			//
			Asn1Sequence certPolicies = null;
			try
			{
				certPolicies = DerSequence.GetInstance(
					PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
			}
			catch (Exception e)
			{
				throw new PkixCertPathValidatorException(
					"Could not read certificate policies extension from certificate.", e, certPath, index);
			}
			if (certPolicies != null && validPolicyTree != null)
			{
				//
				// (d) (1)
				//
				ISet pols = new HashSet();

				foreach (Asn1Encodable ae in certPolicies)
				{
					PolicyInformation pInfo = PolicyInformation.GetInstance(ae.ToAsn1Object());
					DerObjectIdentifier pOid = pInfo.PolicyIdentifier;

					pols.Add(pOid.Id);

					if (!Rfc3280CertPathUtilities.ANY_POLICY.Equals(pOid.Id))
					{
						ISet pq = null;
						try
						{
							pq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers);
						}
						catch (PkixCertPathValidatorException ex)
						{
							throw new PkixCertPathValidatorException(
								"Policy qualifier info set could not be build.", ex, certPath, index);
						}

						bool match = PkixCertPathValidatorUtilities.ProcessCertD1i(i, policyNodes, pOid, pq);

						if (!match)
						{
							PkixCertPathValidatorUtilities.ProcessCertD1ii(i, policyNodes, pOid, pq);
						}
					}
				}

				if (acceptablePolicies.IsEmpty || acceptablePolicies.Contains(Rfc3280CertPathUtilities.ANY_POLICY))
				{
					acceptablePolicies.Clear();
					acceptablePolicies.AddAll(pols);
				}
				else
				{
					ISet t1 = new HashSet();

					foreach (object o in acceptablePolicies)
					{
						if (pols.Contains(o))
						{
							t1.Add(o);
						}
					}
					acceptablePolicies.Clear();
					acceptablePolicies.AddAll(t1);
				}

				//
				// (d) (2)
				//
				if ((inhibitAnyPolicy > 0) || ((i < n) && PkixCertPathValidatorUtilities.IsSelfIssued(cert)))
				{
					foreach (Asn1Encodable ae in certPolicies)
					{
						PolicyInformation pInfo = PolicyInformation.GetInstance(ae.ToAsn1Object());
						if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(pInfo.PolicyIdentifier.Id))
						{
							ISet _apq = PkixCertPathValidatorUtilities.GetQualifierSet(pInfo.PolicyQualifiers);
							IList _nodes = policyNodes[i - 1];

							for (int k = 0; k < _nodes.Count; k++)
							{
								PkixPolicyNode _node = (PkixPolicyNode)_nodes[k];

								IEnumerator  _policySetIter = _node.ExpectedPolicies.GetEnumerator();
								while (_policySetIter.MoveNext())
								{
									object _tmp = _policySetIter.Current;

									string _policy;
									if (_tmp is string)
									{
										_policy = (string)_tmp;
									}
									else if (_tmp is DerObjectIdentifier)
									{
										_policy = ((DerObjectIdentifier)_tmp).Id;
									}
									else
									{
										continue;
									}

									bool _found = false;

									foreach (PkixPolicyNode _child in _node.Children)
									{
										if (_policy.Equals(_child.ValidPolicy))
										{
											_found = true;
										}
									}

									if (!_found)
									{
										ISet _newChildExpectedPolicies = new HashSet();
										_newChildExpectedPolicies.Add(_policy);

										PkixPolicyNode _newChild = new PkixPolicyNode(Platform.CreateArrayList(), i,
											_newChildExpectedPolicies, _node, _apq, _policy, false);
										_node.AddChild(_newChild);
										policyNodes[i].Add(_newChild);
									}
								}
							}
							break;
						}
					}
				}

				PkixPolicyNode _validPolicyTree = validPolicyTree;
				//
				// (d) (3)
				//
				for (int j = (i - 1); j >= 0; j--)
				{
					IList nodes = policyNodes[j];

					for (int k = 0; k < nodes.Count; k++)
					{
						PkixPolicyNode node = (PkixPolicyNode)nodes[k];
						if (!node.HasChildren)
						{
							_validPolicyTree = PkixCertPathValidatorUtilities.RemovePolicyNode(_validPolicyTree, policyNodes,
								node);
							if (_validPolicyTree == null)
							{
								break;
							}
						}
					}
				}

				//
				// d (4)
				//
				ISet criticalExtensionOids = cert.GetCriticalExtensionOids();

				if (criticalExtensionOids != null)
				{
					bool critical = criticalExtensionOids.Contains(X509Extensions.CertificatePolicies.Id);

					IList nodes = policyNodes[i];
					for (int j = 0; j < nodes.Count; j++)
					{
						PkixPolicyNode node = (PkixPolicyNode)nodes[j];
						node.IsCritical = critical;
					}
				}
				return _validPolicyTree;
			}
			return null;
		}
        public virtual PkixCertPathValidatorResult Validate(
			PkixCertPath	certPath,
			PkixParameters	paramsPkix)
        {
            if (paramsPkix.GetTrustAnchors() == null)
            {
                throw new ArgumentException(
                    @"trustAnchors is null, this is not allowed for certification path validation.",
                    "parameters");
            }

            //
            // 6.1.1 - inputs
            //

            //
            // (a)
            //
            IList certs = certPath.Certificates;
            int n = certs.Count;

            if (certs.Count == 0)
                throw new PkixCertPathValidatorException("Certification path is empty.", null, certPath, 0);

            //
            // (b)
            //
            // DateTime validDate = PkixCertPathValidatorUtilities.GetValidDate(paramsPkix);

            //
            // (c)
            //
            ISet userInitialPolicySet = paramsPkix.GetInitialPolicies();

            //
            // (d)
            //
            TrustAnchor trust;
            try
            {
                trust = PkixCertPathValidatorUtilities.FindTrustAnchor(
                    (X509Certificate)certs[certs.Count - 1],
                    paramsPkix.GetTrustAnchors());
            }
            catch (Exception e)
            {
                throw new PkixCertPathValidatorException(e.Message, e, certPath, certs.Count - 1);
            }

            if (trust == null)
                throw new PkixCertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);

            //
            // (e), (f), (g) are part of the paramsPkix object.
            //
            IEnumerator certIter;
            int index = 0;
            int i;
            // Certificate for each interation of the validation loop
            // Signature information for each iteration of the validation loop
            //
            // 6.1.2 - setup
            //

            //
            // (a)
            //
            IList[] policyNodes = new IList[n + 1];
            for (int j = 0; j < policyNodes.Length; j++)
            {
                policyNodes[j] = Platform.CreateArrayList();
            }

            ISet policySet = new HashSet();

            policySet.Add(Rfc3280CertPathUtilities.ANY_POLICY);

            PkixPolicyNode validPolicyTree = new PkixPolicyNode(Platform.CreateArrayList(), 0, policySet, null, new HashSet(),
                    Rfc3280CertPathUtilities.ANY_POLICY, false);

            policyNodes[0].Add(validPolicyTree);

            //
            // (b) and (c)
            //
            PkixNameConstraintValidator nameConstraintValidator = new PkixNameConstraintValidator();

            // (d)
            //
            int explicitPolicy;
            ISet acceptablePolicies = new HashSet();

            if (paramsPkix.IsExplicitPolicyRequired)
            {
                explicitPolicy = 0;
            }
            else
            {
                explicitPolicy = n + 1;
            }

            //
            // (e)
            //
            int inhibitAnyPolicy;

            if (paramsPkix.IsAnyPolicyInhibited)
            {
                inhibitAnyPolicy = 0;
            }
            else
            {
                inhibitAnyPolicy = n + 1;
            }

            //
            // (f)
            //
            int policyMapping;

            if (paramsPkix.IsPolicyMappingInhibited)
            {
                policyMapping = 0;
            }
            else
            {
                policyMapping = n + 1;
            }

            //
            // (g), (h), (i), (j)
            //
            IAsymmetricKeyParameter workingPublicKey;
            X509Name workingIssuerName;

            X509Certificate sign = trust.TrustedCert;
            try
            {
                if (sign != null)
                {
                    workingIssuerName = sign.SubjectDN;
                    workingPublicKey = sign.GetPublicKey();
                }
                else
                {
                    workingIssuerName = new X509Name(trust.CAName);
                    workingPublicKey = trust.CAPublicKey;
                }
            }
            catch (ArgumentException ex)
            {
                throw new PkixCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath,
                        -1);
            }

            AlgorithmIdentifier workingAlgId = null;
            try
            {
                workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
            }
            catch (PkixCertPathValidatorException e)
            {
                throw new PkixCertPathValidatorException(
                        "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);
            }

            //			DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.ObjectID;
            //			Asn1Encodable workingPublicKeyParameters = workingAlgId.Parameters;

            //
            // (k)
            //
            int maxPathLength = n;

            //
            // 6.1.3
            //

            X509CertStoreSelector certConstraints = paramsPkix.GetTargetCertConstraints();
            if (certConstraints != null && !certConstraints.Match((X509Certificate)certs[0]))
            {
                throw new PkixCertPathValidatorException(
                    "Target certificate in certification path does not match targetConstraints.", null, certPath, 0);
            }

            //
            // initialize CertPathChecker's
            //
            IList pathCheckers = paramsPkix.GetCertPathCheckers();
            certIter = pathCheckers.GetEnumerator();

            while (certIter.MoveNext())
            {
                ((PkixCertPathChecker)certIter.Current).Init(false);
            }

            X509Certificate cert = null;

            for (index = certs.Count - 1; index >= 0; index--)
            {
                // try
                // {
                //
                // i as defined in the algorithm description
                //
                i = n - index;

                //
                // set certificate to be checked in this round
                // sign and workingPublicKey and workingIssuerName are set
                // at the end of the for loop and initialized the
                // first time from the TrustAnchor
                //
                cert = (X509Certificate)certs[index];

                //
                // 6.1.3
                //

                Rfc3280CertPathUtilities.ProcessCertA(certPath, paramsPkix, index, workingPublicKey,
                    workingIssuerName, sign);

                Rfc3280CertPathUtilities.ProcessCertBC(certPath, index, nameConstraintValidator);

                validPolicyTree = Rfc3280CertPathUtilities.ProcessCertD(certPath, index,
                    acceptablePolicies, validPolicyTree, policyNodes, inhibitAnyPolicy);

                validPolicyTree = Rfc3280CertPathUtilities.ProcessCertE(certPath, index, validPolicyTree);

                Rfc3280CertPathUtilities.ProcessCertF(certPath, index, validPolicyTree, explicitPolicy);

                //
                // 6.1.4
                //

                if (i != n)
                {
                    if (cert != null && cert.Version == 1)
                    {
                        throw new PkixCertPathValidatorException(
                            "Version 1 certificates can't be used as CA ones.", null, certPath, index);
                    }

                    Rfc3280CertPathUtilities.PrepareNextCertA(certPath, index);

                    validPolicyTree = Rfc3280CertPathUtilities.PrepareCertB(certPath, index, policyNodes,
                        validPolicyTree, policyMapping);

                    Rfc3280CertPathUtilities.PrepareNextCertG(certPath, index, nameConstraintValidator);

                    // (h)
                    explicitPolicy = Rfc3280CertPathUtilities.PrepareNextCertH1(certPath, index, explicitPolicy);
                    policyMapping = Rfc3280CertPathUtilities.PrepareNextCertH2(certPath, index, policyMapping);
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertH3(certPath, index, inhibitAnyPolicy);

                    //
                    // (i)
                    //
                    explicitPolicy = Rfc3280CertPathUtilities.PrepareNextCertI1(certPath, index, explicitPolicy);
                    policyMapping = Rfc3280CertPathUtilities.PrepareNextCertI2(certPath, index, policyMapping);

                    // (j)
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertJ(certPath, index, inhibitAnyPolicy);

                    // (k)
                    Rfc3280CertPathUtilities.PrepareNextCertK(certPath, index);

                    // (l)
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertL(certPath, index, maxPathLength);

                    // (m)
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertM(certPath, index, maxPathLength);

                    // (n)
                    Rfc3280CertPathUtilities.PrepareNextCertN(certPath, index);

                    ISet criticalExtensions1 = cert.GetCriticalExtensionOids();

                    if (criticalExtensions1 != null)
                    {
                        criticalExtensions1 = new HashSet(criticalExtensions1);

                        // these extensions are handled by the algorithm
                        criticalExtensions1.Remove(X509Extensions.KeyUsage.Id);
                        criticalExtensions1.Remove(X509Extensions.CertificatePolicies.Id);
                        criticalExtensions1.Remove(X509Extensions.PolicyMappings.Id);
                        criticalExtensions1.Remove(X509Extensions.InhibitAnyPolicy.Id);
                        criticalExtensions1.Remove(X509Extensions.IssuingDistributionPoint.Id);
                        criticalExtensions1.Remove(X509Extensions.DeltaCrlIndicator.Id);
                        criticalExtensions1.Remove(X509Extensions.PolicyConstraints.Id);
                        criticalExtensions1.Remove(X509Extensions.BasicConstraints.Id);
                        criticalExtensions1.Remove(X509Extensions.SubjectAlternativeName.Id);
                        criticalExtensions1.Remove(X509Extensions.NameConstraints.Id);
                    }
                    else
                    {
                        criticalExtensions1 = new HashSet();
                    }

                    // (o)
                    Rfc3280CertPathUtilities.PrepareNextCertO(certPath, index, criticalExtensions1, pathCheckers);

                    // set signing certificate for next round
                    sign = cert;

                    // (c)
                    workingIssuerName = sign.SubjectDN;

                    // (d)
                    try
                    {
                        workingPublicKey = PkixCertPathValidatorUtilities.GetNextWorkingKey(certPath.Certificates, index);
                    }
                    catch (PkixCertPathValidatorException e)
                    {
                        throw new PkixCertPathValidatorException("Next working key could not be retrieved.", e, certPath, index);
                    }

                    workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
                    // (f)
            //                    workingPublicKeyAlgorithm = workingAlgId.ObjectID;
                    // (e)
            //                    workingPublicKeyParameters = workingAlgId.Parameters;
                }
            }

            //
            // 6.1.5 Wrap-up procedure
            //

            explicitPolicy = Rfc3280CertPathUtilities.WrapupCertA(explicitPolicy, cert);

            explicitPolicy = Rfc3280CertPathUtilities.WrapupCertB(certPath, index + 1, explicitPolicy);

            //
            // (c) (d) and (e) are already done
            //

            //
            // (f)
            //
            ISet criticalExtensions = cert.GetCriticalExtensionOids();

            if (criticalExtensions != null)
            {
                criticalExtensions = new HashSet(criticalExtensions);

                // Requires .Id
                // these extensions are handled by the algorithm
                criticalExtensions.Remove(X509Extensions.KeyUsage.Id);
                criticalExtensions.Remove(X509Extensions.CertificatePolicies.Id);
                criticalExtensions.Remove(X509Extensions.PolicyMappings.Id);
                criticalExtensions.Remove(X509Extensions.InhibitAnyPolicy.Id);
                criticalExtensions.Remove(X509Extensions.IssuingDistributionPoint.Id);
                criticalExtensions.Remove(X509Extensions.DeltaCrlIndicator.Id);
                criticalExtensions.Remove(X509Extensions.PolicyConstraints.Id);
                criticalExtensions.Remove(X509Extensions.BasicConstraints.Id);
                criticalExtensions.Remove(X509Extensions.SubjectAlternativeName.Id);
                criticalExtensions.Remove(X509Extensions.NameConstraints.Id);
                criticalExtensions.Remove(X509Extensions.CrlDistributionPoints.Id);
            }
            else
            {
                criticalExtensions = new HashSet();
            }

            Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions);

            PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, userInitialPolicySet,
                    index + 1, policyNodes, validPolicyTree, acceptablePolicies);

            if ((explicitPolicy > 0) || (intersection != null))
            {
                return new PkixCertPathValidatorResult(trust, intersection, cert.GetPublicKey());
            }

            throw new PkixCertPathValidatorException("Path processing failed on policy.", null, certPath, index);
        }