예제 #1
0
        public virtual ISet FindCrls(X509CrlStoreSelector crlselect, PkixParameters paramsPkix)
        {
            ISet completeSet = new HashSet();

            // get complete CRL(s)
            try
            {
                completeSet.AddAll(FindCrls(crlselect, paramsPkix.GetStores()));
            }
            catch (Exception e)
            {
                throw new Exception("Exception obtaining complete CRLs.", e);
            }

            return(completeSet);
        }
예제 #2
0
        public virtual ISet FindCrls(X509CrlStoreSelector crlselect, PkixParameters paramsPkix, DateTime currentDate)
        {
            ISet initialSet = new HashSet();

            // get complete CRL(s)
            try
            {
                initialSet.AddAll(FindCrls(crlselect, paramsPkix.GetAdditionalStores()));
                initialSet.AddAll(FindCrls(crlselect, paramsPkix.GetStores()));
            }
            catch (Exception e)
            {
                throw new Exception("Exception obtaining complete CRLs.", e);
            }

            ISet     finalSet     = new HashSet();
            DateTime validityDate = currentDate;

            if (paramsPkix.Date != null)
            {
                validityDate = paramsPkix.Date.Value;
            }

            // based on RFC 5280 6.3.3
            foreach (X509Crl crl in initialSet)
            {
                if (crl.NextUpdate.Value.CompareTo(validityDate) > 0)
                {
                    X509Certificate cert = crlselect.CertificateChecking;

                    if (cert != null)
                    {
                        if (crl.ThisUpdate.CompareTo(cert.NotAfter) < 0)
                        {
                            finalSet.Add(crl);
                        }
                    }
                    else
                    {
                        finalSet.Add(crl);
                    }
                }
            }

            return(finalSet);
        }
        /**
         * Searches for a holder public key certificate and verifies its
         * certification path.
         *
         * @param attrCert the attribute certificate.
         * @param pkixParams The PKIX parameters.
         * @return The certificate path of the holder certificate.
         * @throws Exception if
         *             <ul>
         *             <li>no public key certificate can be found although holder
         *             information is given by an entity name or a base certificate
         *             ID</li>
         *             <li>support classes cannot be created</li>
         *             <li>no certification path for the public key certificate can
         *             be built</li>
         *             </ul>
         */
        internal static PkixCertPath ProcessAttrCert1(
            IX509AttributeCertificate attrCert,
            PkixParameters pkixParams)
        {
            PkixCertPathBuilderResult result = null;
            // find holder PKCs
            ISet holderPKCs = new HashSet();

            if (attrCert.Holder.GetIssuer() != null)
            {
                X509CertStoreSelector selector = new X509CertStoreSelector();
                selector.SerialNumber = attrCert.Holder.SerialNumber;
                X509Name[] principals = attrCert.Holder.GetIssuer();
                for (int i = 0; i < principals.Length; i++)
                {
                    try
                    {
//						if (principals[i] is X500Principal)
                        {
                            selector.Issuer = principals[i];
                        }
                        holderPKCs.AddAll(PkixCertPathValidatorUtilities
                                          .FindCertificates(selector, pkixParams.GetStores()));
                    }
                    catch (Exception e)
                    {
                        throw new PkixCertPathValidatorException(
                                  "Public key certificate for attribute certificate cannot be searched.",
                                  e);
                    }
                }
                if (holderPKCs.IsEmpty)
                {
                    throw new PkixCertPathValidatorException(
                              "Public key certificate specified in base certificate ID for attribute certificate cannot be found.");
                }
            }
            if (attrCert.Holder.GetEntityNames() != null)
            {
                X509CertStoreSelector selector   = new X509CertStoreSelector();
                X509Name[]            principals = attrCert.Holder.GetEntityNames();
                for (int i = 0; i < principals.Length; i++)
                {
                    try
                    {
//						if (principals[i] is X500Principal)
                        {
                            selector.Issuer = principals[i];
                        }
                        holderPKCs.AddAll(PkixCertPathValidatorUtilities
                                          .FindCertificates(selector, pkixParams.GetStores()));
                    }
                    catch (Exception e)
                    {
                        throw new PkixCertPathValidatorException(
                                  "Public key certificate for attribute certificate cannot be searched.",
                                  e);
                    }
                }
                if (holderPKCs.IsEmpty)
                {
                    throw new PkixCertPathValidatorException(
                              "Public key certificate specified in entity name for attribute certificate cannot be found.");
                }
            }

            // verify cert paths for PKCs
            PkixBuilderParameters parameters = (PkixBuilderParameters)
                                               PkixBuilderParameters.GetInstance(pkixParams);

            PkixCertPathValidatorException lastException = null;

            foreach (X509Certificate cert in holderPKCs)
            {
                X509CertStoreSelector selector = new X509CertStoreSelector();
                selector.Certificate = cert;
                parameters.SetTargetConstraints(selector);

                PkixCertPathBuilder builder = new PkixCertPathBuilder();

                try
                {
                    result = builder.Build(PkixBuilderParameters.GetInstance(parameters));
                }
                catch (PkixCertPathBuilderException e)
                {
                    lastException = new PkixCertPathValidatorException(
                        "Certification path for public key certificate of attribute certificate could not be build.",
                        e);
                }
            }
            if (lastException != null)
            {
                throw lastException;
            }
            return(result.CertPath);
        }