/// <summary>
/// Decodes the specified Certificate Revocation List (CRL) and produces
/// a <see cref="CertificateRevocationListBuilder" /> with all of the revocation
/// entries from the decoded CRL.
/// </summary>
/// <param name="currentCrl">
/// The PEM-encoded CRL to decode.
/// </param>
/// <param name="currentCrlNumber">
/// When this method returns, contains the CRL sequence number from the decoded CRL.
/// This parameter is treated as uninitialized.
/// </param>
/// <returns>
/// A new builder that has the same revocation entries as the decoded CRL.
/// </returns>
/// <remarks>
/// This loads the first well-formed PEM found with an <c>X509 CRL</c> label.
/// </remarks>
/// <exception cref="CryptographicException">
/// <para>
/// <paramref name="currentCrl" /> did not contain a well-formed PEM payload with
/// an <c>X509 CRL</c> label.
/// </para>
/// <para>- or -</para>
/// <para>
/// <paramref name="currentCrl" /> could not be decoded.
/// </para>
/// </exception>
public static CertificateRevocationListBuilder LoadPem(ReadOnlySpan <char> currentCrl, out BigInteger currentCrlNumber)
{
foreach ((ReadOnlySpan <char> contents, PemFields fields) in new PemEnumerator(currentCrl))
{
if (contents[fields.Label].SequenceEqual(PemLabels.X509CertificateRevocationList))
{
byte[] rented = ArrayPool <byte> .Shared.Rent(fields.DecodedDataLength);
if (!Convert.TryFromBase64Chars(contents[fields.Base64Data], rented, out int bytesWritten))
{
Debug.Fail("Base64Decode failed, but PemEncoding said it was legal");
throw new UnreachableException();
}
CertificateRevocationListBuilder ret = Load(
rented.AsSpan(0, bytesWritten),
out currentCrlNumber,
out int bytesConsumed);
Debug.Assert(bytesConsumed == bytesWritten);
ArrayPool <byte> .Shared.Return(rented);
return(ret);
}
}
throw new CryptographicException(SR.Cryptography_NoPemOfLabel, PemLabels.X509CertificateRevocationList);
}
/// <summary>
/// Decodes the specified Certificate Revocation List (CRL) and produces
/// a <see cref="CertificateRevocationListBuilder" /> with all of the revocation
/// entries from the decoded CRL.
/// </summary>
/// <param name="currentCrl">
/// The DER-encoded CRL to decode.
/// </param>
/// <param name="currentCrlNumber">
/// When this method returns, contains the CRL sequence number from the decoded CRL.
/// This parameter is treated as uninitialized.
/// </param>
/// <returns>
/// A new builder that has the same revocation entries as the decoded CRL.
/// </returns>
/// <exception cref="ArgumentNullException">
/// <paramref name="currentCrl" /> is <see langword="null" />.
/// </exception>
/// <exception cref="CryptographicException">
/// <para>
/// <paramref name="currentCrl" /> could not be decoded.
/// </para>
/// <para>- or -</para>
/// <para>
/// <paramref name="currentCrl" /> decoded successfully, but decoding did not
/// need all of the bytes provided in the array.
/// </para>
/// </exception>
public static CertificateRevocationListBuilder Load(byte[] currentCrl, out BigInteger currentCrlNumber)
{
ArgumentNullException.ThrowIfNull(currentCrl);
CertificateRevocationListBuilder ret = Load(
new ReadOnlySpan <byte>(currentCrl),
out BigInteger crlNumber,
out int bytesConsumed);
if (bytesConsumed != currentCrl.Length)
{
throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
}
currentCrlNumber = crlNumber;
return(ret);
}
