/// <summary>
/// Initializes a new instance of the <see cref="X509IssuingDistributionPointsExtension"/> class using an
/// distribution point and partitioned CRL configuration.
/// </summary>
/// <param name="distributionPoint">Specifies an instance of <see cref="X509DistributionPoint"/> that contains CRL location.</param>
/// <param name="indirect">Specifies whether the CRL is indirect CRL.</param>
/// <param name="reasons">Specifies whether the CRL is partitioned by a subset of revocation reasons.</param>
/// <param name="scope">Specifies the scope for CRL.</param>
/// <exception cref="ArgumentNullException"><strong>distributionPoint</strong> parameter is NULL.</exception>
public X509IssuingDistributionPointsExtension(
X509DistributionPoint distributionPoint,
Boolean indirect = false,
X509RevocationReasonFlag reasons = X509RevocationReasonFlag.None,
IssuingDistributionPointScope scope = IssuingDistributionPointScope.None)
{
if (distributionPoint == null)
{
throw new ArgumentNullException(nameof(distributionPoint));
}
encode(distributionPoint, indirect, reasons, scope);
}
void decode()
{
var asn = new Asn1Reader(RawData);
if (asn.PayloadLength == 0)
{
return;
}
asn.MoveNext();
do
{
switch (asn.Tag)
{
case 0xa0:
DistributionPoint = new X509DistributionPoint(Asn1Utils.Encode(asn.GetTagRawData(), 48));
break;
case 0xa1:
OnlyUserCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa2:
OnlyCaCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa3:
var val = new Asn1BitString(asn.GetPayload());
if (val.Value.Length > 1)
{
Reasons = (X509RevocationReasonFlag)BitConverter.ToUInt16(val.Value, 0);
}
else if (val.Value.Length == 1)
{
Reasons = (X509RevocationReasonFlag)val.Value[0];
}
break;
case 0xa4:
IndirectCRL = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
case 0xa5:
OnlyAttributeCerts = Asn1Utils.DecodeBoolean(asn.GetPayload());
break;
}
} while (asn.MoveNextSibling());
}
void encode(X509DistributionPoint distributionPoint, Boolean indirect, X509RevocationReasonFlag reasons, IssuingDistributionPointScope scope)
{
Oid = _oid;
Critical = true;
var builder = Asn1Builder.Create();
if (distributionPoint != null)
{
DistributionPoint = distributionPoint;
builder.AddExplicit(0, distributionPoint.RawData, true);
}
if (scope == IssuingDistributionPointScope.OnlyUserCerts)
{
OnlyUserCerts = true;
builder.AddImplicit(1, new Asn1Boolean(true).RawData, false);
}
else if (scope == IssuingDistributionPointScope.OnlyCaCerts)
{
OnlyCaCerts = true;
builder.AddImplicit(2, new Asn1Boolean(true).RawData, false);
}
if (reasons != X509RevocationReasonFlag.None)
{
Reasons = reasons;
// do encoding trick since encoding matches the Key Usage extension encoding
builder.AddExplicit(3, x => x.AddDerData(new X509KeyUsageExtension((X509KeyUsageFlags)reasons, false).RawData));
}
if (indirect)
{
IndirectCRL = true;
builder.AddImplicit(4, new Asn1Boolean(true).RawData, false);
}
if (scope == IssuingDistributionPointScope.OnlyAttributeCerts)
{
OnlyAttributeCerts = true;
builder.AddImplicit(5, new Asn1Boolean(true).RawData, false);
}
RawData = builder.GetEncoded();
}
