Use this in preference to trying to recreate a principal from a string, not all DNs are what they should be, so it's best to leave them encoded where they can be.
public bool Match( // Certificate cert) X509Certificate x509Cert) { // if (!(cert is X509Certificate)) // { // return false; // } // // X509Certificate x509Cert = (X509Certificate)cert; try { if (holder.BaseCertificateID != null) { return(holder.BaseCertificateID.Serial.Value.Equals(x509Cert.SerialNumber) && MatchesDN(PrincipalUtilities.GetIssuerX509Principal(x509Cert), holder.BaseCertificateID.Issuer)); } if (holder.EntityName != null) { if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName)) { return(true); } } } catch (CertificateEncodingException) { return(false); } // objectDigestInfo not supported return(false); }
public bool Match(X509Certificate x509Cert) { try { if (this.holder.BaseCertificateID != null) { bool result = this.holder.BaseCertificateID.Serial.Value.Equals(x509Cert.SerialNumber) && this.MatchesDN(PrincipalUtilities.GetIssuerX509Principal(x509Cert), this.holder.BaseCertificateID.Issuer); return(result); } if (this.holder.EntityName != null && this.MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), this.holder.EntityName)) { bool result = true; return(result); } if (this.holder.ObjectDigestInfo != null) { IDigest digest = null; try { digest = DigestUtilities.GetDigest(this.DigestAlgorithm); } catch (Exception) { bool result = false; return(result); } switch (this.DigestedObjectType) { case 0: { byte[] encoded = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(x509Cert.GetPublicKey()).GetEncoded(); digest.BlockUpdate(encoded, 0, encoded.Length); break; } case 1: { byte[] encoded2 = x509Cert.GetEncoded(); digest.BlockUpdate(encoded2, 0, encoded2.Length); break; } } if (!Arrays.AreEqual(DigestUtilities.DoFinal(digest), this.GetObjectDigest())) { bool result = false; return(result); } } } catch (CertificateEncodingException) { bool result = false; return(result); } return(false); }
public AttributeCertificateHolder(X509Certificate cert) { X509Name issuerX509Principal; try { issuerX509Principal = PrincipalUtilities.GetIssuerX509Principal(cert); } catch (Exception ex) { throw new CertificateParsingException(ex.Message); } this.holder = new Holder(new IssuerSerial(this.GenerateGeneralNames(issuerX509Principal), new DerInteger(cert.SerialNumber))); }
public AttributeCertificateHolder( X509Certificate cert) { X509Name name; try { name = PrincipalUtilities.GetIssuerX509Principal(cert); } catch (Exception e) { throw new CertificateParsingException(e.Message); } holder = new Holder(new IssuerSerial(GenerateGeneralNames(name), new DerInteger(cert.SerialNumber))); }
public bool Match( // Certificate cert) X509Certificate x509Cert) { // if (!(cert is X509Certificate)) // { // return false; // } // // X509Certificate x509Cert = (X509Certificate)cert; try { if (holder.BaseCertificateID != null) { return(holder.BaseCertificateID.Serial.Value.Equals(x509Cert.SerialNumber) && MatchesDN(PrincipalUtilities.GetIssuerX509Principal(x509Cert), holder.BaseCertificateID.Issuer)); } if (holder.EntityName != null) { if (MatchesDN(PrincipalUtilities.GetSubjectX509Principal(x509Cert), holder.EntityName)) { return(true); } } if (holder.ObjectDigestInfo != null) { IDigest md = null; try { md = DigestUtilities.GetDigest(DigestAlgorithm); } catch (Exception) { return(false); } switch (DigestedObjectType) { case ObjectDigestInfo.PublicKey: { // TODO: DSA Dss-parms //byte[] b = x509Cert.GetPublicKey().getEncoded(); // TODO Is this the right way to encode? byte[] b = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo( x509Cert.GetPublicKey()).GetEncoded(); md.BlockUpdate(b, 0, b.Length); break; } case ObjectDigestInfo.PublicKeyCert: { byte[] b = x509Cert.GetEncoded(); md.BlockUpdate(b, 0, b.Length); break; } // TODO Default handler? } // TODO Shouldn't this be the other way around? if (!Arrays.AreEqual(DigestUtilities.DoFinal(md), GetObjectDigest())) { return(false); } } } catch (CertificateEncodingException) { return(false); } return(false); }