Exemplo n.º 1
0
        /// <summary>
        /// Shorter implementation of TimestampVerifier.IsValidAfterRevocation method for testing purposes.
        /// </summary>
        public static bool IsValidAfterRevocationFake(X509Crl crl, X509Certificate cert, DateTime timestampGenTime)
        {
            if (crl.IsRevoked(cert))
            {
                X509CrlEntry revokedEntry   = crl.GetRevokedCertificate(cert.SerialNumber);
                DateTime     revocationDate = revokedEntry.RevocationDate;

                /* All timestamps created after revocation date are invalid */
                if (DateTime.Compare(timestampGenTime, revocationDate) > 0)
                {
                    return(false);
                }

                DerEnumerated reasonCode = DerEnumerated.GetInstance(GetExtensionValue(revokedEntry, X509Extensions.ReasonCode));

                /* If the revocation reason is not present, the timestamp is considered invalid */
                if (reasonCode == null)
                {
                    return(false);
                }

                int reason = reasonCode.Value.IntValue;

                /* If the revocation reason is any other value, the timestamp is considered invalid */
                if (!(reason == CrlReason.Unspecified ||
                      reason == CrlReason.AffiliationChanged ||
                      reason == CrlReason.Superseded ||
                      reason == CrlReason.CessationOfOperation))
                {
                    return(false);
                }
            }
            return(true);
        }
Exemplo n.º 2
0
 private OcspResponse(Asn1Sequence seq)
 {
     responseStatus = new OcspResponseStatus(DerEnumerated.GetInstance(seq[0]));
     if (seq.Count == 2)
     {
         responseBytes = ResponseBytes.GetInstance((Asn1TaggedObject)seq[1], explicitly: true);
     }
 }
Exemplo n.º 3
0
 private RevokedInfo(Asn1Sequence seq)
 {
     revocationTime = (DerGeneralizedTime)seq[0];
     if (seq.Count > 1)
     {
         revocationReason = new CrlReason(DerEnumerated.GetInstance((Asn1TaggedObject)seq[1], isExplicit: true));
     }
 }
Exemplo n.º 4
0
 private OcspResponse(Asn1Sequence seq)
 {
     this.responseStatus = new OcspResponseStatus(DerEnumerated.GetInstance(seq[0]));
     if (seq.Count == 2)
     {
         this.responseBytes = Org.BouncyCastle.Asn1.Ocsp.ResponseBytes.GetInstance((Asn1TaggedObject)seq[1], true);
     }
 }
Exemplo n.º 5
0
        public override string ToString()
        {
            //IL_0000: Unknown result type (might be due to invalid IL or missing references)
            //IL_0006: Expected O, but got Unknown
            StringBuilder val     = new StringBuilder();
            string        newLine = Platform.NewLine;

            val.Append("        userCertificate: ").Append((object)SerialNumber).Append(newLine);
            val.Append("         revocationDate: ").Append((object)RevocationDate).Append(newLine);
            val.Append("      certificateIssuer: ").Append((object)GetCertificateIssuer()).Append(newLine);
            X509Extensions extensions = c.Extensions;

            if (extensions != null)
            {
                global::System.Collections.IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
                if (enumerator.MoveNext())
                {
                    val.Append("   crlEntryExtensions:").Append(newLine);
                    do
                    {
                        DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current();
                        X509Extension       extension           = extensions.GetExtension(derObjectIdentifier);
                        if (extension.Value != null)
                        {
                            Asn1Object asn1Object = Asn1Object.FromByteArray(extension.Value.GetOctets());
                            val.Append("                       critical(").Append(extension.IsCritical).Append(") ");
                            try
                            {
                                if (derObjectIdentifier.Equals(X509Extensions.ReasonCode))
                                {
                                    val.Append((object)new CrlReason(DerEnumerated.GetInstance(asn1Object)));
                                }
                                else if (derObjectIdentifier.Equals(X509Extensions.CertificateIssuer))
                                {
                                    val.Append("Certificate issuer: ").Append((object)GeneralNames.GetInstance((Asn1Sequence)asn1Object));
                                }
                                else
                                {
                                    val.Append(derObjectIdentifier.Id);
                                    val.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object));
                                }
                                val.Append(newLine);
                            }
                            catch (global::System.Exception)
                            {
                                val.Append(derObjectIdentifier.Id);
                                val.Append(" value = ").Append("*****").Append(newLine);
                            }
                        }
                        else
                        {
                            val.Append(newLine);
                        }
                    }while (enumerator.MoveNext());
                }
            }
            return(val.ToString());
        }
Exemplo n.º 6
0
        public override string ToString()
        {
            StringBuilder builder = new StringBuilder();
            string        newLine = Platform.NewLine;

            builder.Append("        userCertificate: ").Append(this.SerialNumber).Append(newLine);
            builder.Append("         revocationDate: ").Append(this.RevocationDate).Append(newLine);
            builder.Append("      certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(newLine);
            X509Extensions extensions = this.c.Extensions;

            if (extensions != null)
            {
                IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
                if (enumerator.MoveNext())
                {
                    builder.Append("   crlEntryExtensions:").Append(newLine);
                    do
                    {
                        DerObjectIdentifier current   = (DerObjectIdentifier)enumerator.Current;
                        X509Extension       extension = extensions.GetExtension(current);
                        if (extension.Value != null)
                        {
                            Asn1Object obj2 = Asn1Object.FromByteArray(extension.Value.GetOctets());
                            builder.Append("                       critical(").Append(extension.IsCritical).Append(") ");
                            try
                            {
                                if (current.Equals(X509Extensions.ReasonCode))
                                {
                                    builder.Append(new CrlReason(DerEnumerated.GetInstance(obj2)));
                                }
                                else if (current.Equals(X509Extensions.CertificateIssuer))
                                {
                                    builder.Append("Certificate issuer: ").Append(GeneralNames.GetInstance((Asn1Sequence)obj2));
                                }
                                else
                                {
                                    builder.Append(current.Id);
                                    builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2));
                                }
                                builder.Append(newLine);
                            }
                            catch (Exception)
                            {
                                builder.Append(current.Id);
                                builder.Append(" value = ").Append("*****").Append(newLine);
                            }
                        }
                        else
                        {
                            builder.Append(newLine);
                        }
                    }while (enumerator.MoveNext());
                }
            }
            return(builder.ToString());
        }
        /// <summary>
        /// Determines whether timestamp, signed by given certificate, can be considered valid, even after said certificate has been revoked.
        /// It follows rules discribed in RFC3161 section 4.1.
        /// </summary>
        /// <param name="certificate">The certificate.</param>
        /// <param name="timestampGenTime">The timestamp time.</param>
        /// <returns>
        ///   <c>true</c> if [is valid after revocation] [the specified certificate]; otherwise, <c>false</c>.
        /// </returns>
        private static bool IsValidAfterRevocation(X509Certificate2 certificate, DateTime timestampGenTime)
        {
            try
            {
                /* Get CRL url from certificate */
                Org.BouncyCastle.X509.X509Certificate cert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate);
                X509Extension revocationExtension          = (from X509Extension extension in certificate.Extensions where extension.Oid.Value.Equals("2.5.29.31") select extension).Single();
                Regex         rx = new Regex("http://.*?\\.crl");
                foreach (Match match in rx.Matches(new AsnEncodedData(revocationExtension.Oid, revocationExtension.RawData).Format(false)))
                {
                    string    crlUrl = match.Value;
                    WebClient client = new WebClient();

                    X509CrlParser crlParser = new X509CrlParser();
                    X509Crl       crl       = crlParser.ReadCrl(client.DownloadData(crlUrl));

                    if (crl.IsRevoked(cert))
                    {
                        X509CrlEntry revokedEntry   = crl.GetRevokedCertificate(cert.SerialNumber);
                        DateTime     revocationDate = revokedEntry.RevocationDate;

                        /* All timestamps created after revocation date are invalid */
                        if (DateTime.Compare(timestampGenTime, revocationDate) > 0)
                        {
                            return(false);
                        }

                        DerEnumerated reasonCode = DerEnumerated.GetInstance(GetExtensionValue(revokedEntry, Org.BouncyCastle.Asn1.X509.X509Extensions.ReasonCode));

                        /* If the revocation reason is not present, the timestamp is considered invalid */
                        if (reasonCode == null)
                        {
                            return(false);
                        }

                        int reason = reasonCode.Value.IntValue;

                        /* If the revocation reason is any other value, the timestamp is considered invalid */
                        if (!(reason == Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified ||
                              reason == Org.BouncyCastle.Asn1.X509.CrlReason.AffiliationChanged ||
                              reason == Org.BouncyCastle.Asn1.X509.CrlReason.Superseded ||
                              reason == Org.BouncyCastle.Asn1.X509.CrlReason.CessationOfOperation))
                        {
                            return(false);
                        }
                    }
                }
            }
            catch
            {
                return(false);
            }
            return(true);
        }
Exemplo n.º 8
0
        /// <summary>
        /// Lookup and validate certificate against CDP URL inside the certificate.
        /// </summary>
        /// <param name="cert"></param>
        /// <returns></returns>
        public CertStatus ValidateCertificateAgainstCRL(System.Security.Cryptography.X509Certificates.X509Certificate2 cert)
        {
            var urls = ParseCDPUrls(cert);

            if (urls == null || urls.Count == 0 || urls.Count > 1)
            {
                return(CertStatus.Unknown(CertStatus.NoCrl));
            }

            var crl = LoadCrl(urls[0]);

            if (crl.NextUpdate.Value < DateTime.UtcNow)
            {
                return(CertStatus.Unknown(CertStatus.BadCrl));
            }

            var serialNumber = new BigInteger(cert.SerialNumber, 16);

            var entry = crl.GetRevokedCertificate(serialNumber);

            if (entry == null)
            {
                return(CertStatus.Good);
            }

            DerEnumerated reasonCode = null;

            try
            {
                reasonCode = DerEnumerated.GetInstance(entry.GetExtensionValue(X509Extensions.ReasonCode));
            }
            catch
            {
                return(CertStatus.Unknown(CertStatus.BadRevocationReason));
            }

            int?revocationReason = null;

            if (reasonCode != null)
            {
                revocationReason = reasonCode.Value.SignValue;
            }
            else
            {
                revocationReason = CrlReason.Unspecified;
            }
            DateTime revocationDate = entry.RevocationDate;

            return(CertStatus.Revoked(revocationDate.ToString("o"), revocationReason));
        }
Exemplo n.º 9
0
        internal static void GetCertStatus(global::System.DateTime validDate, X509Crl crl, object cert, CertStatus certStatus)
        {
            X509Crl x509Crl = null;

            try
            {
                x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded())));
            }
            catch (global::System.Exception ex)
            {
                throw new global::System.Exception("Bouncy Castle X509Crl could not be created.", ex);
            }
            X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(GetSerialNumber(cert));

            if (revokedCertificate == null)
            {
                return;
            }
            X509Name issuerPrincipal = GetIssuerPrincipal(cert);

            if (!issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), inOrder: true) && !issuerPrincipal.Equivalent(crl.IssuerDN, inOrder: true))
            {
                return;
            }
            DerEnumerated derEnumerated = null;

            if (revokedCertificate.HasExtensions)
            {
                try
                {
                    derEnumerated = DerEnumerated.GetInstance(GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode));
                }
                catch (global::System.Exception ex2)
                {
                    throw new global::System.Exception("Reason code CRL entry extension could not be decoded.", ex2);
                }
            }
            if (validDate.get_Ticks() >= revokedCertificate.RevocationDate.get_Ticks() || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8))
            {
                if (derEnumerated != null)
                {
                    certStatus.Status = derEnumerated.Value.SignValue;
                }
                else
                {
                    certStatus.Status = 0;
                }
                certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate);
            }
        }
Exemplo n.º 10
0
        internal static void GetCertStatus(DateTime validDate, X509Crl crl, object cert, CertStatus certStatus)
        {
            X509Crl x509Crl = null;

            try
            {
                x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded())));
            }
            catch (Exception innerException)
            {
                throw new Exception("Bouncy Castle X509Crl could not be created.", innerException);
            }
            X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(PkixCertPathValidatorUtilities.GetSerialNumber(cert));

            if (revokedCertificate == null)
            {
                return;
            }
            X509Name issuerPrincipal = PkixCertPathValidatorUtilities.GetIssuerPrincipal(cert);

            if (issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), true) || issuerPrincipal.Equivalent(crl.IssuerDN, true))
            {
                DerEnumerated derEnumerated = null;
                if (revokedCertificate.HasExtensions)
                {
                    try
                    {
                        derEnumerated = DerEnumerated.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode));
                    }
                    catch (Exception innerException2)
                    {
                        throw new Exception("Reason code CRL entry extension could not be decoded.", innerException2);
                    }
                }
                if (validDate.Ticks >= revokedCertificate.RevocationDate.Ticks || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8))
                {
                    if (derEnumerated != null)
                    {
                        certStatus.Status = derEnumerated.Value.SignValue;
                    }
                    else
                    {
                        certStatus.Status = 0;
                    }
                    certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate);
                }
            }
        }
Exemplo n.º 11
0
        private ObjectDigestInfo(Asn1Sequence seq)
        {
            if (seq.Count > 4 || seq.Count < 3)
            {
                throw new ArgumentException("Bad sequence size: " + seq.Count);
            }
            this.digestedObjectType = DerEnumerated.GetInstance(seq[0]);
            int num = 0;

            if (seq.Count == 4)
            {
                this.otherObjectTypeID = DerObjectIdentifier.GetInstance(seq[1]);
                num++;
            }
            this.digestAlgorithm = AlgorithmIdentifier.GetInstance(seq[1 + num]);
            this.objectDigest    = DerBitString.GetInstance(seq[2 + num]);
        }
Exemplo n.º 12
0
        private ObjectDigestInfo(Asn1Sequence seq)
        {
            //IL_002d: Unknown result type (might be due to invalid IL or missing references)
            if (seq.Count > 4 || seq.Count < 3)
            {
                throw new ArgumentException(string.Concat((object)"Bad sequence size: ", (object)seq.Count));
            }
            digestedObjectType = DerEnumerated.GetInstance(seq[0]);
            int num = 0;

            if (seq.Count == 4)
            {
                otherObjectTypeID = DerObjectIdentifier.GetInstance(seq[1]);
                num++;
            }
            digestAlgorithm = AlgorithmIdentifier.GetInstance(seq[1 + num]);
            objectDigest    = DerBitString.GetInstance(seq[2 + num]);
        }
        internal static void GetCertStatus(
            DateTime validDate,
            X509Crl crl,
            Object cert,
            CertStatus certStatus)
        {
            X509Crl bcCRL = null;

            try
            {
                bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded())));
            }
            catch (Exception exception)
            {
                throw new Exception("Bouncy Castle X509Crl could not be created.", exception);
            }

            X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert));

            if (crl_entry == null)
            {
                return;
            }

            X509Name issuer = GetIssuerPrincipal(cert);

            if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) ||
                issuer.Equivalent(crl.IssuerDN, true))
            {
                DerEnumerated reasonCode = null;
                if (crl_entry.HasExtensions)
                {
                    try
                    {
                        reasonCode = DerEnumerated.GetInstance(
                            GetExtensionValue(crl_entry, X509Extensions.ReasonCode));
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Reason code CRL entry extension could not be decoded.",
                                  e);
                    }
                }

                // for reason keyCompromise, caCompromise, aACompromise or
                // unspecified
                if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) ||
                    reasonCode == null ||
                    reasonCode.Value.TestBit(0) ||
                    reasonCode.Value.TestBit(1) ||
                    reasonCode.Value.TestBit(2) ||
                    reasonCode.Value.TestBit(8))
                {
                    if (reasonCode != null)                     // (i) or (j) (1)
                    {
                        certStatus.Status = reasonCode.Value.SignValue;
                    }
                    else                     // (i) or (j) (2)
                    {
                        certStatus.Status = CrlReason.Unspecified;
                    }
                    certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate);
                }
            }
        }
Exemplo n.º 14
0
        public override string ToString()
        {
            StringBuilder buf = new StringBuilder();
            string        nl  = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.NewLine;

            buf.Append("        userCertificate: ").Append(this.SerialNumber).Append(nl);
            buf.Append("         revocationDate: ").Append(this.RevocationDate).Append(nl);
            buf.Append("      certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(nl);

            X509Extensions extensions = c.Extensions;

            if (extensions != null)
            {
                IEnumerator e = extensions.ExtensionOids.GetEnumerator();
                if (e.MoveNext())
                {
                    buf.Append("   crlEntryExtensions:").Append(nl);

                    do
                    {
                        DerObjectIdentifier oid = (DerObjectIdentifier)e.Current;
                        X509Extension       ext = extensions.GetExtension(oid);

                        if (ext.Value != null)
                        {
                            Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets());

                            buf.Append("                       critical(")
                            .Append(ext.IsCritical)
                            .Append(") ");
                            try
                            {
                                if (oid.Equals(X509Extensions.ReasonCode))
                                {
                                    buf.Append(new CrlReason(DerEnumerated.GetInstance(obj)));
                                }
                                else if (oid.Equals(X509Extensions.CertificateIssuer))
                                {
                                    buf.Append("Certificate issuer: ").Append(
                                        GeneralNames.GetInstance((Asn1Sequence)obj));
                                }
                                else
                                {
                                    buf.Append(oid.Id);
                                    buf.Append(" value = ").Append(Asn1Dump.DumpAsString(obj));
                                }
                                buf.Append(nl);
                            }
                            catch (Exception)
                            {
                                buf.Append(oid.Id);
                                buf.Append(" value = ").Append("*****").Append(nl);
                            }
                        }
                        else
                        {
                            buf.Append(nl);
                        }
                    }while (e.MoveNext());
                }
            }

            return(buf.ToString());
        }
        internal static void GetCertStatus(
            DateTime validDate,
            X509Crl crl,
            Object cert,
            CertStatus certStatus)
        {
            X509Crl bcCRL = null;

            try
            {
                bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded())));
            }
            catch (Exception exception)
            {
                throw new Exception("Bouncy Castle X509Crl could not be created.", exception);
            }

            X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert));

            if (crl_entry == null)
            {
                return;
            }

            X509Name issuer = GetIssuerPrincipal(cert);

            if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) &&
                !issuer.Equivalent(crl.IssuerDN, true))
            {
                return;
            }

            int reasonCodeValue = CrlReason.Unspecified;

            if (crl_entry.HasExtensions)
            {
                try
                {
                    Asn1Object    extValue   = GetExtensionValue(crl_entry, X509Extensions.ReasonCode);
                    DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue);
                    if (null != reasonCode)
                    {
                        reasonCodeValue = reasonCode.IntValueExact;
                    }
                }
                catch (Exception e)
                {
                    throw new Exception("Reason code CRL entry extension could not be decoded.", e);
                }
            }

            DateTime revocationDate = crl_entry.RevocationDate;

            if (validDate.Ticks < revocationDate.Ticks)
            {
                switch (reasonCodeValue)
                {
                case CrlReason.Unspecified:
                case CrlReason.KeyCompromise:
                case CrlReason.CACompromise:
                case CrlReason.AACompromise:
                    break;

                default:
                    return;
                }
            }

            // (i) or (j)
            certStatus.Status         = reasonCodeValue;
            certStatus.RevocationDate = new DateTimeObject(revocationDate);
        }
Exemplo n.º 16
0
        public override string ToString()
        {
            StringBuilder stringBuilder = new StringBuilder();
            string        newLine       = Platform.NewLine;

            stringBuilder.Append("        userCertificate: ").Append(this.SerialNumber).Append(newLine);
            stringBuilder.Append("         revocationDate: ").Append(this.RevocationDate).Append(newLine);
            stringBuilder.Append("      certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(newLine);
            X509Extensions extensions = this.c.Extensions;

            if (extensions != null)
            {
                IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
                if (enumerator.MoveNext())
                {
                    stringBuilder.Append("   crlEntryExtensions:").Append(newLine);
                    while (true)
                    {
                        DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.Current;
                        X509Extension       extension           = extensions.GetExtension(derObjectIdentifier);
                        if (extension.Value != null)
                        {
                            Asn1Object asn1Object = Asn1Object.FromByteArray(extension.Value.GetOctets());
                            stringBuilder.Append("                       critical(").Append(extension.IsCritical).Append(") ");
                            try
                            {
                                if (derObjectIdentifier.Equals(X509Extensions.ReasonCode))
                                {
                                    stringBuilder.Append(new CrlReason(DerEnumerated.GetInstance(asn1Object)));
                                }
                                else if (derObjectIdentifier.Equals(X509Extensions.CertificateIssuer))
                                {
                                    stringBuilder.Append("Certificate issuer: ").Append(GeneralNames.GetInstance((Asn1Sequence)asn1Object));
                                }
                                else
                                {
                                    stringBuilder.Append(derObjectIdentifier.Id);
                                    stringBuilder.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object));
                                }
                                stringBuilder.Append(newLine);
                                goto IL_1B0;
                            }
                            catch (Exception)
                            {
                                stringBuilder.Append(derObjectIdentifier.Id);
                                stringBuilder.Append(" value = ").Append("*****").Append(newLine);
                                goto IL_1B0;
                            }
                            goto IL_1A8;
                        }
                        goto IL_1A8;
IL_1B0:
                        if (!enumerator.MoveNext())
                        {
                            break;
                        }
                        continue;
IL_1A8:
                        stringBuilder.Append(newLine);
                        goto IL_1B0;
                    }
                }
            }
            return(stringBuilder.ToString());
        }