/// <summary>
/// Add a revoked certificate.
/// </summary>
public CrlBuilder AddRevokedCertificate(RevokedCertificate revokedCertificate)
{
if (revokedCertificate == null)
{
throw new ArgumentNullException(nameof(revokedCertificate));
}
m_revokedCertificates.Add(revokedCertificate);
return(this);
}
/// <summary>
/// Decode the Tbs of the CRL.
/// </summary>
/// <param name="tbs">The raw TbsCertList of the CRL.</param>
internal void DecodeCrl(byte[] tbs)
{
try
{
AsnReader crlReader = new AsnReader(tbs, AsnEncodingRules.DER);
var tag = Asn1Tag.Sequence;
var seqReader = crlReader.ReadSequence(tag);
crlReader.ThrowIfNotEmpty();
if (seqReader != null)
{
// Version is OPTIONAL
uint version = 0;
var intTag = new Asn1Tag(UniversalTagNumber.Integer);
var peekTag = seqReader.PeekTag();
if (peekTag == intTag)
{
if (seqReader.TryReadUInt32(out version))
{
if (version != 1)
{
throw new AsnContentException($"The CRL contains an incorrect version {version}");
}
}
}
// Signature Algorithm Identifier
var sigReader = seqReader.ReadSequence();
var oid = sigReader.ReadObjectIdentifier();
m_hashAlgorithmName = Oids.GetHashAlgorithmName(oid);
if (sigReader.HasData)
{
sigReader.ReadNull();
}
sigReader.ThrowIfNotEmpty();
// Issuer
m_issuerName = new X500DistinguishedName(seqReader.ReadEncodedValue().ToArray());
// thisUpdate
m_thisUpdate = seqReader.ReadUtcTime().UtcDateTime;
// nextUpdate is OPTIONAL
var utcTag = new Asn1Tag(UniversalTagNumber.UtcTime);
peekTag = seqReader.PeekTag();
if (peekTag == utcTag)
{
m_nextUpdate = seqReader.ReadUtcTime().UtcDateTime;
}
var seqTag = new Asn1Tag(UniversalTagNumber.Sequence, true);
peekTag = seqReader.PeekTag();
if (peekTag == seqTag)
{
// revoked certificates
var revReader = seqReader.ReadSequence(tag);
var revokedCertificates = new List <RevokedCertificate>();
while (revReader.HasData)
{
var crlEntry = revReader.ReadSequence();
var serial = crlEntry.ReadInteger();
var revokedCertificate = new RevokedCertificate(serial.ToByteArray());
revokedCertificate.RevocationDate = crlEntry.ReadUtcTime().UtcDateTime;
if (version == 1 &&
crlEntry.HasData)
{
// CRL entry extensions
var crlEntryExtensions = crlEntry.ReadSequence();
while (crlEntryExtensions.HasData)
{
var extension = crlEntryExtensions.ReadExtension();
revokedCertificate.CrlEntryExtensions.Add(extension);
}
crlEntryExtensions.ThrowIfNotEmpty();
}
crlEntry.ThrowIfNotEmpty();
revokedCertificates.Add(revokedCertificate);
}
revReader.ThrowIfNotEmpty();
m_revokedCertificates = revokedCertificates;
}
// CRL extensions OPTIONAL
if (version == 1 &&
seqReader.HasData)
{
var extTag = new Asn1Tag(TagClass.ContextSpecific, 0);
var optReader = seqReader.ReadSequence(extTag);
var crlExtensionList = new X509ExtensionCollection();
var crlExtensions = optReader.ReadSequence();
while (crlExtensions.HasData)
{
var extension = crlExtensions.ReadExtension();
crlExtensionList.Add(extension);
}
m_crlExtensions = crlExtensionList;
}
seqReader.ThrowIfNotEmpty();
m_decoded = true;
return;
}
throw new CryptographicException("The CRL contains ivalid data.");
}
catch (AsnContentException ace)
{
throw new CryptographicException("Failed to decode the CRL.", ace);
}
}
