/// <summary> /// Shorter implementation of TimestampVerifier.IsValidAfterRevocation method for testing purposes. /// </summary> public static bool IsValidAfterRevocationFake(X509Crl crl, X509Certificate cert, DateTime timestampGenTime) { if (crl.IsRevoked(cert)) { X509CrlEntry revokedEntry = crl.GetRevokedCertificate(cert.SerialNumber); DateTime revocationDate = revokedEntry.RevocationDate; /* All timestamps created after revocation date are invalid */ if (DateTime.Compare(timestampGenTime, revocationDate) > 0) { return(false); } DerEnumerated reasonCode = DerEnumerated.GetInstance(GetExtensionValue(revokedEntry, X509Extensions.ReasonCode)); /* If the revocation reason is not present, the timestamp is considered invalid */ if (reasonCode == null) { return(false); } int reason = reasonCode.Value.IntValue; /* If the revocation reason is any other value, the timestamp is considered invalid */ if (!(reason == CrlReason.Unspecified || reason == CrlReason.AffiliationChanged || reason == CrlReason.Superseded || reason == CrlReason.CessationOfOperation)) { return(false); } } return(true); }
private OcspResponse(Asn1Sequence seq) { responseStatus = new OcspResponseStatus(DerEnumerated.GetInstance(seq[0])); if (seq.Count == 2) { responseBytes = ResponseBytes.GetInstance((Asn1TaggedObject)seq[1], explicitly: true); } }
private RevokedInfo(Asn1Sequence seq) { revocationTime = (DerGeneralizedTime)seq[0]; if (seq.Count > 1) { revocationReason = new CrlReason(DerEnumerated.GetInstance((Asn1TaggedObject)seq[1], isExplicit: true)); } }
private OcspResponse(Asn1Sequence seq) { this.responseStatus = new OcspResponseStatus(DerEnumerated.GetInstance(seq[0])); if (seq.Count == 2) { this.responseBytes = Org.BouncyCastle.Asn1.Ocsp.ResponseBytes.GetInstance((Asn1TaggedObject)seq[1], true); } }
public override string ToString() { //IL_0000: Unknown result type (might be due to invalid IL or missing references) //IL_0006: Expected O, but got Unknown StringBuilder val = new StringBuilder(); string newLine = Platform.NewLine; val.Append(" userCertificate: ").Append((object)SerialNumber).Append(newLine); val.Append(" revocationDate: ").Append((object)RevocationDate).Append(newLine); val.Append(" certificateIssuer: ").Append((object)GetCertificateIssuer()).Append(newLine); X509Extensions extensions = c.Extensions; if (extensions != null) { global::System.Collections.IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator(); if (enumerator.MoveNext()) { val.Append(" crlEntryExtensions:").Append(newLine); do { DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current(); X509Extension extension = extensions.GetExtension(derObjectIdentifier); if (extension.Value != null) { Asn1Object asn1Object = Asn1Object.FromByteArray(extension.Value.GetOctets()); val.Append(" critical(").Append(extension.IsCritical).Append(") "); try { if (derObjectIdentifier.Equals(X509Extensions.ReasonCode)) { val.Append((object)new CrlReason(DerEnumerated.GetInstance(asn1Object))); } else if (derObjectIdentifier.Equals(X509Extensions.CertificateIssuer)) { val.Append("Certificate issuer: ").Append((object)GeneralNames.GetInstance((Asn1Sequence)asn1Object)); } else { val.Append(derObjectIdentifier.Id); val.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)); } val.Append(newLine); } catch (global::System.Exception) { val.Append(derObjectIdentifier.Id); val.Append(" value = ").Append("*****").Append(newLine); } } else { val.Append(newLine); } }while (enumerator.MoveNext()); } } return(val.ToString()); }
public override string ToString() { StringBuilder builder = new StringBuilder(); string newLine = Platform.NewLine; builder.Append(" userCertificate: ").Append(this.SerialNumber).Append(newLine); builder.Append(" revocationDate: ").Append(this.RevocationDate).Append(newLine); builder.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(newLine); X509Extensions extensions = this.c.Extensions; if (extensions != null) { IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator(); if (enumerator.MoveNext()) { builder.Append(" crlEntryExtensions:").Append(newLine); do { DerObjectIdentifier current = (DerObjectIdentifier)enumerator.Current; X509Extension extension = extensions.GetExtension(current); if (extension.Value != null) { Asn1Object obj2 = Asn1Object.FromByteArray(extension.Value.GetOctets()); builder.Append(" critical(").Append(extension.IsCritical).Append(") "); try { if (current.Equals(X509Extensions.ReasonCode)) { builder.Append(new CrlReason(DerEnumerated.GetInstance(obj2))); } else if (current.Equals(X509Extensions.CertificateIssuer)) { builder.Append("Certificate issuer: ").Append(GeneralNames.GetInstance((Asn1Sequence)obj2)); } else { builder.Append(current.Id); builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2)); } builder.Append(newLine); } catch (Exception) { builder.Append(current.Id); builder.Append(" value = ").Append("*****").Append(newLine); } } else { builder.Append(newLine); } }while (enumerator.MoveNext()); } } return(builder.ToString()); }
/// <summary> /// Determines whether timestamp, signed by given certificate, can be considered valid, even after said certificate has been revoked. /// It follows rules discribed in RFC3161 section 4.1. /// </summary> /// <param name="certificate">The certificate.</param> /// <param name="timestampGenTime">The timestamp time.</param> /// <returns> /// <c>true</c> if [is valid after revocation] [the specified certificate]; otherwise, <c>false</c>. /// </returns> private static bool IsValidAfterRevocation(X509Certificate2 certificate, DateTime timestampGenTime) { try { /* Get CRL url from certificate */ Org.BouncyCastle.X509.X509Certificate cert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate); X509Extension revocationExtension = (from X509Extension extension in certificate.Extensions where extension.Oid.Value.Equals("2.5.29.31") select extension).Single(); Regex rx = new Regex("http://.*?\\.crl"); foreach (Match match in rx.Matches(new AsnEncodedData(revocationExtension.Oid, revocationExtension.RawData).Format(false))) { string crlUrl = match.Value; WebClient client = new WebClient(); X509CrlParser crlParser = new X509CrlParser(); X509Crl crl = crlParser.ReadCrl(client.DownloadData(crlUrl)); if (crl.IsRevoked(cert)) { X509CrlEntry revokedEntry = crl.GetRevokedCertificate(cert.SerialNumber); DateTime revocationDate = revokedEntry.RevocationDate; /* All timestamps created after revocation date are invalid */ if (DateTime.Compare(timestampGenTime, revocationDate) > 0) { return(false); } DerEnumerated reasonCode = DerEnumerated.GetInstance(GetExtensionValue(revokedEntry, Org.BouncyCastle.Asn1.X509.X509Extensions.ReasonCode)); /* If the revocation reason is not present, the timestamp is considered invalid */ if (reasonCode == null) { return(false); } int reason = reasonCode.Value.IntValue; /* If the revocation reason is any other value, the timestamp is considered invalid */ if (!(reason == Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified || reason == Org.BouncyCastle.Asn1.X509.CrlReason.AffiliationChanged || reason == Org.BouncyCastle.Asn1.X509.CrlReason.Superseded || reason == Org.BouncyCastle.Asn1.X509.CrlReason.CessationOfOperation)) { return(false); } } } } catch { return(false); } return(true); }
/// <summary> /// Lookup and validate certificate against CDP URL inside the certificate. /// </summary> /// <param name="cert"></param> /// <returns></returns> public CertStatus ValidateCertificateAgainstCRL(System.Security.Cryptography.X509Certificates.X509Certificate2 cert) { var urls = ParseCDPUrls(cert); if (urls == null || urls.Count == 0 || urls.Count > 1) { return(CertStatus.Unknown(CertStatus.NoCrl)); } var crl = LoadCrl(urls[0]); if (crl.NextUpdate.Value < DateTime.UtcNow) { return(CertStatus.Unknown(CertStatus.BadCrl)); } var serialNumber = new BigInteger(cert.SerialNumber, 16); var entry = crl.GetRevokedCertificate(serialNumber); if (entry == null) { return(CertStatus.Good); } DerEnumerated reasonCode = null; try { reasonCode = DerEnumerated.GetInstance(entry.GetExtensionValue(X509Extensions.ReasonCode)); } catch { return(CertStatus.Unknown(CertStatus.BadRevocationReason)); } int?revocationReason = null; if (reasonCode != null) { revocationReason = reasonCode.Value.SignValue; } else { revocationReason = CrlReason.Unspecified; } DateTime revocationDate = entry.RevocationDate; return(CertStatus.Revoked(revocationDate.ToString("o"), revocationReason)); }
internal static void GetCertStatus(global::System.DateTime validDate, X509Crl crl, object cert, CertStatus certStatus) { X509Crl x509Crl = null; try { x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded()))); } catch (global::System.Exception ex) { throw new global::System.Exception("Bouncy Castle X509Crl could not be created.", ex); } X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(GetSerialNumber(cert)); if (revokedCertificate == null) { return; } X509Name issuerPrincipal = GetIssuerPrincipal(cert); if (!issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), inOrder: true) && !issuerPrincipal.Equivalent(crl.IssuerDN, inOrder: true)) { return; } DerEnumerated derEnumerated = null; if (revokedCertificate.HasExtensions) { try { derEnumerated = DerEnumerated.GetInstance(GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode)); } catch (global::System.Exception ex2) { throw new global::System.Exception("Reason code CRL entry extension could not be decoded.", ex2); } } if (validDate.get_Ticks() >= revokedCertificate.RevocationDate.get_Ticks() || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8)) { if (derEnumerated != null) { certStatus.Status = derEnumerated.Value.SignValue; } else { certStatus.Status = 0; } certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate); } }
internal static void GetCertStatus(DateTime validDate, X509Crl crl, object cert, CertStatus certStatus) { X509Crl x509Crl = null; try { x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded()))); } catch (Exception innerException) { throw new Exception("Bouncy Castle X509Crl could not be created.", innerException); } X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(PkixCertPathValidatorUtilities.GetSerialNumber(cert)); if (revokedCertificate == null) { return; } X509Name issuerPrincipal = PkixCertPathValidatorUtilities.GetIssuerPrincipal(cert); if (issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), true) || issuerPrincipal.Equivalent(crl.IssuerDN, true)) { DerEnumerated derEnumerated = null; if (revokedCertificate.HasExtensions) { try { derEnumerated = DerEnumerated.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode)); } catch (Exception innerException2) { throw new Exception("Reason code CRL entry extension could not be decoded.", innerException2); } } if (validDate.Ticks >= revokedCertificate.RevocationDate.Ticks || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8)) { if (derEnumerated != null) { certStatus.Status = derEnumerated.Value.SignValue; } else { certStatus.Status = 0; } certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate); } } }
private ObjectDigestInfo(Asn1Sequence seq) { if (seq.Count > 4 || seq.Count < 3) { throw new ArgumentException("Bad sequence size: " + seq.Count); } this.digestedObjectType = DerEnumerated.GetInstance(seq[0]); int num = 0; if (seq.Count == 4) { this.otherObjectTypeID = DerObjectIdentifier.GetInstance(seq[1]); num++; } this.digestAlgorithm = AlgorithmIdentifier.GetInstance(seq[1 + num]); this.objectDigest = DerBitString.GetInstance(seq[2 + num]); }
private ObjectDigestInfo(Asn1Sequence seq) { //IL_002d: Unknown result type (might be due to invalid IL or missing references) if (seq.Count > 4 || seq.Count < 3) { throw new ArgumentException(string.Concat((object)"Bad sequence size: ", (object)seq.Count)); } digestedObjectType = DerEnumerated.GetInstance(seq[0]); int num = 0; if (seq.Count == 4) { otherObjectTypeID = DerObjectIdentifier.GetInstance(seq[1]); num++; } digestAlgorithm = AlgorithmIdentifier.GetInstance(seq[1 + num]); objectDigest = DerBitString.GetInstance(seq[2 + num]); }
internal static void GetCertStatus( DateTime validDate, X509Crl crl, Object cert, CertStatus certStatus) { X509Crl bcCRL = null; try { bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded()))); } catch (Exception exception) { throw new Exception("Bouncy Castle X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); if (crl_entry == null) { return; } X509Name issuer = GetIssuerPrincipal(cert); if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) || issuer.Equivalent(crl.IssuerDN, true)) { DerEnumerated reasonCode = null; if (crl_entry.HasExtensions) { try { reasonCode = DerEnumerated.GetInstance( GetExtensionValue(crl_entry, X509Extensions.ReasonCode)); } catch (Exception e) { throw new Exception( "Reason code CRL entry extension could not be decoded.", e); } } // for reason keyCompromise, caCompromise, aACompromise or // unspecified if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) || reasonCode == null || reasonCode.Value.TestBit(0) || reasonCode.Value.TestBit(1) || reasonCode.Value.TestBit(2) || reasonCode.Value.TestBit(8)) { if (reasonCode != null) // (i) or (j) (1) { certStatus.Status = reasonCode.Value.SignValue; } else // (i) or (j) (2) { certStatus.Status = CrlReason.Unspecified; } certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate); } } }
public override string ToString() { StringBuilder buf = new StringBuilder(); string nl = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.NewLine; buf.Append(" userCertificate: ").Append(this.SerialNumber).Append(nl); buf.Append(" revocationDate: ").Append(this.RevocationDate).Append(nl); buf.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(nl); X509Extensions extensions = c.Extensions; if (extensions != null) { IEnumerator e = extensions.ExtensionOids.GetEnumerator(); if (e.MoveNext()) { buf.Append(" crlEntryExtensions:").Append(nl); do { DerObjectIdentifier oid = (DerObjectIdentifier)e.Current; X509Extension ext = extensions.GetExtension(oid); if (ext.Value != null) { Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets()); buf.Append(" critical(") .Append(ext.IsCritical) .Append(") "); try { if (oid.Equals(X509Extensions.ReasonCode)) { buf.Append(new CrlReason(DerEnumerated.GetInstance(obj))); } else if (oid.Equals(X509Extensions.CertificateIssuer)) { buf.Append("Certificate issuer: ").Append( GeneralNames.GetInstance((Asn1Sequence)obj)); } else { buf.Append(oid.Id); buf.Append(" value = ").Append(Asn1Dump.DumpAsString(obj)); } buf.Append(nl); } catch (Exception) { buf.Append(oid.Id); buf.Append(" value = ").Append("*****").Append(nl); } } else { buf.Append(nl); } }while (e.MoveNext()); } } return(buf.ToString()); }
internal static void GetCertStatus( DateTime validDate, X509Crl crl, Object cert, CertStatus certStatus) { X509Crl bcCRL = null; try { bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded()))); } catch (Exception exception) { throw new Exception("Bouncy Castle X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); if (crl_entry == null) { return; } X509Name issuer = GetIssuerPrincipal(cert); if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) && !issuer.Equivalent(crl.IssuerDN, true)) { return; } int reasonCodeValue = CrlReason.Unspecified; if (crl_entry.HasExtensions) { try { Asn1Object extValue = GetExtensionValue(crl_entry, X509Extensions.ReasonCode); DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue); if (null != reasonCode) { reasonCodeValue = reasonCode.IntValueExact; } } catch (Exception e) { throw new Exception("Reason code CRL entry extension could not be decoded.", e); } } DateTime revocationDate = crl_entry.RevocationDate; if (validDate.Ticks < revocationDate.Ticks) { switch (reasonCodeValue) { case CrlReason.Unspecified: case CrlReason.KeyCompromise: case CrlReason.CACompromise: case CrlReason.AACompromise: break; default: return; } } // (i) or (j) certStatus.Status = reasonCodeValue; certStatus.RevocationDate = new DateTimeObject(revocationDate); }
public override string ToString() { StringBuilder stringBuilder = new StringBuilder(); string newLine = Platform.NewLine; stringBuilder.Append(" userCertificate: ").Append(this.SerialNumber).Append(newLine); stringBuilder.Append(" revocationDate: ").Append(this.RevocationDate).Append(newLine); stringBuilder.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(newLine); X509Extensions extensions = this.c.Extensions; if (extensions != null) { IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator(); if (enumerator.MoveNext()) { stringBuilder.Append(" crlEntryExtensions:").Append(newLine); while (true) { DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.Current; X509Extension extension = extensions.GetExtension(derObjectIdentifier); if (extension.Value != null) { Asn1Object asn1Object = Asn1Object.FromByteArray(extension.Value.GetOctets()); stringBuilder.Append(" critical(").Append(extension.IsCritical).Append(") "); try { if (derObjectIdentifier.Equals(X509Extensions.ReasonCode)) { stringBuilder.Append(new CrlReason(DerEnumerated.GetInstance(asn1Object))); } else if (derObjectIdentifier.Equals(X509Extensions.CertificateIssuer)) { stringBuilder.Append("Certificate issuer: ").Append(GeneralNames.GetInstance((Asn1Sequence)asn1Object)); } else { stringBuilder.Append(derObjectIdentifier.Id); stringBuilder.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)); } stringBuilder.Append(newLine); goto IL_1B0; } catch (Exception) { stringBuilder.Append(derObjectIdentifier.Id); stringBuilder.Append(" value = ").Append("*****").Append(newLine); goto IL_1B0; } goto IL_1A8; } goto IL_1A8; IL_1B0: if (!enumerator.MoveNext()) { break; } continue; IL_1A8: stringBuilder.Append(newLine); goto IL_1B0; } } } return(stringBuilder.ToString()); }