Пример #1
0
        public override string ToString()
        {
            StringBuilder builder = new StringBuilder();
            string        newLine = Platform.NewLine;

            builder.Append("              Version: ").Append(this.Version).Append(newLine);
            builder.Append("             IssuerDN: ").Append(this.IssuerDN).Append(newLine);
            builder.Append("          This update: ").Append(this.ThisUpdate).Append(newLine);
            builder.Append("          Next update: ").Append(this.NextUpdate).Append(newLine);
            builder.Append("  Signature Algorithm: ").Append(this.SigAlgName).Append(newLine);
            byte[] signature = this.GetSignature();
            builder.Append("            Signature: ");
            builder.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine);
            for (int i = 20; i < signature.Length; i += 20)
            {
                int length = Math.Min(20, signature.Length - i);
                builder.Append("                       ");
                builder.Append(Hex.ToHexString(signature, i, length)).Append(newLine);
            }
            X509Extensions extensions = this.c.TbsCertList.Extensions;

            if (extensions != null)
            {
                IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
                if (enumerator.MoveNext())
                {
                    builder.Append("           Extensions: ").Append(newLine);
                }
                do
                {
                    DerObjectIdentifier current   = (DerObjectIdentifier)enumerator.Current;
                    X509Extension       extension = extensions.GetExtension(current);
                    if (extension.Value != null)
                    {
                        Asn1Object obj2 = X509ExtensionUtilities.FromExtensionValue(extension.Value);
                        builder.Append("                       critical(").Append(extension.IsCritical).Append(") ");
                        try
                        {
                            if (current.Equals(X509Extensions.CrlNumber))
                            {
                                builder.Append(new CrlNumber(DerInteger.GetInstance(obj2).PositiveValue)).Append(newLine);
                            }
                            else if (current.Equals(X509Extensions.DeltaCrlIndicator))
                            {
                                builder.Append("Base CRL: " + new CrlNumber(DerInteger.GetInstance(obj2).PositiveValue)).Append(newLine);
                            }
                            else if (current.Equals(X509Extensions.IssuingDistributionPoint))
                            {
                                builder.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
                            }
                            else if (current.Equals(X509Extensions.CrlDistributionPoints))
                            {
                                builder.Append(CrlDistPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
                            }
                            else if (current.Equals(X509Extensions.FreshestCrl))
                            {
                                builder.Append(CrlDistPoint.GetInstance((Asn1Sequence)obj2)).Append(newLine);
                            }
                            else
                            {
                                builder.Append(current.Id);
                                builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2)).Append(newLine);
                            }
                        }
                        catch (Exception)
                        {
                            builder.Append(current.Id);
                            builder.Append(" value = ").Append("*****").Append(newLine);
                        }
                    }
                    else
                    {
                        builder.Append(newLine);
                    }
                }while (enumerator.MoveNext());
            }
            ISet revokedCertificates = this.GetRevokedCertificates();

            if (revokedCertificates != null)
            {
                IEnumerator enumerator = revokedCertificates.GetEnumerator();
                try
                {
                    while (enumerator.MoveNext())
                    {
                        X509CrlEntry current = (X509CrlEntry)enumerator.Current;
                        builder.Append(current);
                        builder.Append(newLine);
                    }
                }
                finally
                {
                    if (enumerator is IDisposable disposable)
                    {
                        IDisposable disposable;
                        disposable.Dispose();
                    }
                }
            }
            return(builder.ToString());
        }
Пример #2
0
        /**
         * Returns a string representation of this CRL.
         *
         * @return a string representation of this CRL.
         */
        public override string ToString()
        {
            StringBuilder buf = new StringBuilder();
            string        nl  = Platform.NewLine;

            buf.Append("              Version: ").Append(this.Version).Append(nl);
            buf.Append("             IssuerDN: ").Append(this.IssuerDN).Append(nl);
            buf.Append("          This update: ").Append(this.ThisUpdate).Append(nl);
            buf.Append("          Next update: ").Append(this.NextUpdate).Append(nl);
            buf.Append("  Signature Algorithm: ").Append(this.SigAlgName).Append(nl);

            byte[] sig = this.GetSignature();

            buf.Append("            Signature: ");
            buf.Append(Hex.ToHexString(sig, 0, 20)).Append(nl);

            for (int i = 20; i < sig.Length; i += 20)
            {
                int count = System.Math.Min(20, sig.Length - i);
                buf.Append("                       ");
                buf.Append(Hex.ToHexString(sig, i, count)).Append(nl);
            }

            X509Extensions extensions = c.TbsCertList.Extensions;

            if (extensions != null)
            {
                IEnumerator e = extensions.ExtensionOids.GetEnumerator();

                if (e.MoveNext())
                {
                    buf.Append("           Extensions: ").Append(nl);
                }

                do
                {
                    DerObjectIdentifier oid = (DerObjectIdentifier)e.Current;
                    X509Extension       ext = extensions.GetExtension(oid);

                    if (ext.Value != null)
                    {
                        Asn1Object asn1Value = X509ExtensionUtilities.FromExtensionValue(ext.Value);

                        buf.Append("                       critical(").Append(ext.IsCritical).Append(") ");
                        try
                        {
                            if (oid.Equals(X509Extensions.CrlNumber))
                            {
                                buf.Append(new CrlNumber(DerInteger.GetInstance(asn1Value).PositiveValue)).Append(nl);
                            }
                            else if (oid.Equals(X509Extensions.DeltaCrlIndicator))
                            {
                                buf.Append(
                                    "Base CRL: "
                                    + new CrlNumber(DerInteger.GetInstance(
                                                        asn1Value).PositiveValue))
                                .Append(nl);
                            }
                            else if (oid.Equals(X509Extensions.IssuingDistributionPoint))
                            {
                                buf.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl);
                            }
                            else if (oid.Equals(X509Extensions.CrlDistributionPoints))
                            {
                                buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl);
                            }
                            else if (oid.Equals(X509Extensions.FreshestCrl))
                            {
                                buf.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Value)).Append(nl);
                            }
                            else
                            {
                                buf.Append(oid.Id);
                                buf.Append(" value = ").Append(
                                    Asn1Dump.DumpAsString(asn1Value))
                                .Append(nl);
                            }
                        }
                        catch (Exception)
                        {
                            buf.Append(oid.Id);
                            buf.Append(" value = ").Append("*****").Append(nl);
                        }
                    }
                    else
                    {
                        buf.Append(nl);
                    }
                }while (e.MoveNext());
            }

            ISet certSet = GetRevokedCertificates();

            if (certSet != null)
            {
                foreach (X509CrlEntry entry in certSet)
                {
                    buf.Append(entry);
                    buf.Append(nl);
                }
            }

            return(buf.ToString());
        }
Пример #3
0
        /**
         * Checks if an attribute certificate is revoked.
         *
         * @param attrCert Attribute certificate to check if it is revoked.
         * @param paramsPKIX PKIX parameters.
         * @param issuerCert The issuer certificate of the attribute certificate
         *            <code>attrCert</code>.
         * @param validDate The date when the certificate revocation status should
         *            be checked.
         * @param certPathCerts The certificates of the certification path to be
         *            checked.
         *
         * @throws CertPathValidatorException if the certificate is revoked or the
         *             status cannot be checked or some error occurs.
         */
        internal static void CheckCrls(
            IX509AttributeCertificate attrCert,
            PkixParameters paramsPKIX,
            X509Certificate issuerCert,
            DateTime validDate,
            IList certPathCerts)
        {
            if (paramsPKIX.IsRevocationEnabled)
            {
                // check if revocation is available
                if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
                {
                    CrlDistPoint crldp = null;
                    try
                    {
                        crldp = CrlDistPoint.GetInstance(
                            PkixCertPathValidatorUtilities.GetExtensionValue(
                                attrCert, X509Extensions.CrlDistributionPoints));
                    }
                    catch (Exception e)
                    {
                        throw new PkixCertPathValidatorException(
                                  "CRL distribution point extension could not be read.", e);
                    }
                    try
                    {
                        PkixCertPathValidatorUtilities
                        .AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX);
                    }
                    catch (Exception e)
                    {
                        throw new PkixCertPathValidatorException(
                                  "No additional CRL locations could be decoded from CRL distribution point extension.", e);
                    }
                    CertStatus  certStatus  = new CertStatus();
                    ReasonsMask reasonsMask = new ReasonsMask();

                    Exception lastException = null;
                    bool      validCrlFound = false;
                    // for each distribution point
                    if (crldp != null)
                    {
                        DistributionPoint[] dps = null;
                        try
                        {
                            dps = crldp.GetDistributionPoints();
                        }
                        catch (Exception e)
                        {
                            throw new PkixCertPathValidatorException(
                                      "Distribution points could not be read.", e);
                        }
                        try
                        {
                            for (int i = 0; i < dps.Length &&
                                 certStatus.Status == CertStatus.Unrevoked &&
                                 !reasonsMask.IsAllReasons; i++)
                            {
                                PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX
                                                                 .Clone();
                                CheckCrl(dps[i], attrCert, paramsPKIXClone,
                                         validDate, issuerCert, certStatus, reasonsMask,
                                         certPathCerts);
                                validCrlFound = true;
                            }
                        }
                        catch (Exception e)
                        {
                            lastException = new Exception(
                                "No valid CRL for distribution point found.", e);
                        }
                    }

                    /*
                     * If the revocation status has not been determined, repeat the
                     * process above with any available CRLs not specified in a
                     * distribution point but issued by the certificate issuer.
                     */

                    if (certStatus.Status == CertStatus.Unrevoked &&
                        !reasonsMask.IsAllReasons)
                    {
                        try
                        {
                            /*
                             * assume a DP with both the reasons and the cRLIssuer
                             * fields omitted and a distribution point name of the
                             * certificate issuer.
                             */
                            Asn1Object issuer = null;
                            try
                            {
                                issuer = new Asn1InputStream(
                                    attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
                            }
                            catch (Exception e)
                            {
                                throw new Exception(
                                          "Issuer from certificate for CRL could not be reencoded.",
                                          e);
                            }
                            DistributionPoint dp = new DistributionPoint(
                                new DistributionPointName(0, new GeneralNames(
                                                              new GeneralName(GeneralName.DirectoryName, issuer))), null, null);
                            PkixParameters paramsPKIXClone = (PkixParameters)paramsPKIX.Clone();
                            CheckCrl(dp, attrCert, paramsPKIXClone, validDate,
                                     issuerCert, certStatus, reasonsMask, certPathCerts);
                            validCrlFound = true;
                        }
                        catch (Exception e)
                        {
                            lastException = new Exception(
                                "No valid CRL for distribution point found.", e);
                        }
                    }

                    if (!validCrlFound)
                    {
                        throw new PkixCertPathValidatorException(
                                  "No valid CRL found.", lastException);
                    }
                    if (certStatus.Status != CertStatus.Unrevoked)
                    {
                        // TODO This format is forced by the NistCertPath tests
                        string formattedDate = certStatus.RevocationDate.Value.ToString(
                            "G", System.util.Util.GetStandartEnUSLocale());
                        string message = "Attribute certificate revocation after "
                                         + formattedDate;
                        message += ", reason: "
                                   + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
                        throw new PkixCertPathValidatorException(message);
                    }
                    if (!reasonsMask.IsAllReasons &&
                        certStatus.Status == CertStatus.Unrevoked)
                    {
                        certStatus.Status = CertStatus.Undetermined;
                    }
                    if (certStatus.Status == CertStatus.Undetermined)
                    {
                        throw new PkixCertPathValidatorException(
                                  "Attribute certificate status could not be determined.");
                    }
                }
                else
                {
                    if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null ||
                        attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
                    {
                        throw new PkixCertPathValidatorException(
                                  "No rev avail extension is set, but also an AC revocation pointer.");
                    }
                }
            }
        }
Пример #4
0
        public void CheckCertificate(
            int id,
            byte[]  cert)
        {
            Asn1Object seq  = Asn1Object.FromByteArray(cert);
            string     dump = Asn1Dump.DumpAsString(seq);

            X509CertificateStructure obj     = X509CertificateStructure.GetInstance(seq);
            TbsCertificateStructure  tbsCert = obj.TbsCertificate;

            if (!tbsCert.Subject.ToString().Equals(subjects[id - 1]))
            {
                Fail("failed subject test for certificate id " + id
                     + " got " + tbsCert.Subject.ToString());
            }

            if (tbsCert.Version >= 3)
            {
                X509Extensions ext = tbsCert.Extensions;
                if (ext != null)
                {
                    foreach (DerObjectIdentifier oid in ext.ExtensionOids)
                    {
                        X509Extension extVal = ext.GetExtension(oid);
                        Asn1Object    extObj = Asn1Object.FromByteArray(extVal.Value.GetOctets());

                        if (oid.Equals(X509Extensions.SubjectKeyIdentifier))
                        {
                            SubjectKeyIdentifier.GetInstance(extObj);
                        }
                        else if (oid.Equals(X509Extensions.KeyUsage))
                        {
                            KeyUsage.GetInstance(extObj);
                        }
                        else if (oid.Equals(X509Extensions.ExtendedKeyUsage))
                        {
                            ExtendedKeyUsage ku = ExtendedKeyUsage.GetInstance(extObj);

                            Asn1Sequence sq = (Asn1Sequence)ku.ToAsn1Object();
                            for (int i = 0; i != sq.Count; i++)
                            {
                                KeyPurposeID.GetInstance(sq[i]);
                            }
                        }
                        else if (oid.Equals(X509Extensions.SubjectAlternativeName))
                        {
                            GeneralNames gn = GeneralNames.GetInstance(extObj);

                            Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object();
                            for (int i = 0; i != sq.Count; i++)
                            {
                                GeneralName.GetInstance(sq[i]);
                            }
                        }
                        else if (oid.Equals(X509Extensions.IssuerAlternativeName))
                        {
                            GeneralNames gn = GeneralNames.GetInstance(extObj);

                            Asn1Sequence sq = (Asn1Sequence)gn.ToAsn1Object();
                            for (int i = 0; i != sq.Count; i++)
                            {
                                GeneralName.GetInstance(sq[i]);
                            }
                        }
                        else if (oid.Equals(X509Extensions.CrlDistributionPoints))
                        {
                            CrlDistPoint p = CrlDistPoint.GetInstance(extObj);

                            DistributionPoint[] points = p.GetDistributionPoints();
                            for (int i = 0; i != points.Length; i++)
                            {
                                // do nothing
                            }
                        }
                        else if (oid.Equals(X509Extensions.CertificatePolicies))
                        {
                            Asn1Sequence cp = (Asn1Sequence)extObj;

                            for (int i = 0; i != cp.Count; i++)
                            {
                                PolicyInformation.GetInstance(cp[i]);
                            }
                        }
                        else if (oid.Equals(X509Extensions.AuthorityKeyIdentifier))
                        {
                            AuthorityKeyIdentifier.GetInstance(extObj);
                        }
                        else if (oid.Equals(X509Extensions.BasicConstraints))
                        {
                            BasicConstraints.GetInstance(extObj);
                        }
                        else
                        {
                            //Console.WriteLine(oid.Id);
                        }
                    }
                }
            }
        }
Пример #5
0
        public override string ToString()
        {
            StringBuilder stringBuilder = new StringBuilder();
            string        newLine       = Platform.NewLine;

            stringBuilder.Append("              Version: ").Append(this.Version).Append(newLine);
            stringBuilder.Append("             IssuerDN: ").Append(this.IssuerDN).Append(newLine);
            stringBuilder.Append("          This update: ").Append(this.ThisUpdate).Append(newLine);
            stringBuilder.Append("          Next update: ").Append(this.NextUpdate).Append(newLine);
            stringBuilder.Append("  Signature Algorithm: ").Append(this.SigAlgName).Append(newLine);
            byte[] signature = this.GetSignature();
            stringBuilder.Append("            Signature: ");
            stringBuilder.Append(Hex.ToHexString(signature, 0, 20)).Append(newLine);
            for (int i = 20; i < signature.Length; i += 20)
            {
                int length = Math.Min(20, signature.Length - i);
                stringBuilder.Append("                       ");
                stringBuilder.Append(Hex.ToHexString(signature, i, length)).Append(newLine);
            }
            X509Extensions extensions = this.c.TbsCertList.Extensions;

            if (extensions != null)
            {
                IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
                if (enumerator.MoveNext())
                {
                    stringBuilder.Append("           Extensions: ").Append(newLine);
                }
                while (true)
                {
                    DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.Current;
                    X509Extension       extension           = extensions.GetExtension(derObjectIdentifier);
                    if (extension.Value != null)
                    {
                        Asn1Object asn1Object = X509ExtensionUtilities.FromExtensionValue(extension.Value);
                        stringBuilder.Append("                       critical(").Append(extension.IsCritical).Append(") ");
                        try
                        {
                            if (derObjectIdentifier.Equals(X509Extensions.CrlNumber))
                            {
                                stringBuilder.Append(new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine);
                            }
                            else if (derObjectIdentifier.Equals(X509Extensions.DeltaCrlIndicator))
                            {
                                stringBuilder.Append("Base CRL: " + new CrlNumber(DerInteger.GetInstance(asn1Object).PositiveValue)).Append(newLine);
                            }
                            else if (derObjectIdentifier.Equals(X509Extensions.IssuingDistributionPoint))
                            {
                                stringBuilder.Append(IssuingDistributionPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
                            }
                            else if (derObjectIdentifier.Equals(X509Extensions.CrlDistributionPoints))
                            {
                                stringBuilder.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
                            }
                            else if (derObjectIdentifier.Equals(X509Extensions.FreshestCrl))
                            {
                                stringBuilder.Append(CrlDistPoint.GetInstance((Asn1Sequence)asn1Object)).Append(newLine);
                            }
                            else
                            {
                                stringBuilder.Append(derObjectIdentifier.Id);
                                stringBuilder.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object)).Append(newLine);
                            }
                            goto IL_2EC;
                        }
                        catch (Exception)
                        {
                            stringBuilder.Append(derObjectIdentifier.Id);
                            stringBuilder.Append(" value = ").Append("*****").Append(newLine);
                            goto IL_2EC;
                        }
                        goto IL_2E4;
                    }
                    goto IL_2E4;
IL_2EC:
                    if (!enumerator.MoveNext())
                    {
                        break;
                    }
                    continue;
IL_2E4:
                    stringBuilder.Append(newLine);
                    goto IL_2EC;
                }
            }
            ISet revokedCertificates = this.GetRevokedCertificates();

            if (revokedCertificates != null)
            {
                foreach (X509CrlEntry value in revokedCertificates)
                {
                    stringBuilder.Append(value);
                    stringBuilder.Append(newLine);
                }
            }
            return(stringBuilder.ToString());
        }
Пример #6
0
        /// <summary>
        /// Gives back the CRL URI meta-data found within the given X509 certificate.
        /// </summary>
        /// <returns>
        /// the CRL URI, or <code>null</code> if the extension is not present.
        /// </returns>
        public virtual string GetCrlUri(X509Certificate certificate)
        {
            Asn1OctetString crlDistributionPointsValue = certificate.GetExtensionValue(X509Extensions.CrlDistributionPoints);

            if (null == crlDistributionPointsValue)
            {
                return(null);
            }
            Asn1Sequence seq;

            try
            {
                DerOctetString oct;
                //oct = (DEROctetString)(new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue
                //    )).ReadObject());
                oct = (DerOctetString)crlDistributionPointsValue;
                seq = (Asn1Sequence) new Asn1InputStream(oct.GetOctets()).ReadObject();
            }
            catch (IOException e)
            {
                throw new Exception("IO error: " + e.Message, e);
            }
            CrlDistPoint distPoint = CrlDistPoint.GetInstance(seq);

            DistributionPoint[] distributionPoints = distPoint.GetDistributionPoints();
            foreach (DistributionPoint distributionPoint in distributionPoints)
            {
                DistributionPointName distributionPointName = distributionPoint.DistributionPointName;
                if (DistributionPointName.FullName != distributionPointName.PointType)
                {
                    continue;
                }
                GeneralNames  generalNames = (GeneralNames)distributionPointName.Name;
                GeneralName[] names        = generalNames.GetNames();
                foreach (GeneralName name in names)
                {
                    if (name.TagNo != GeneralName.UniformResourceIdentifier)
                    {
                        logger.Info("not a uniform resource identifier");
                        continue;
                    }
                    string str = null;
                    if (name.ToAsn1Object() is DerTaggedObject)
                    {
                        DerTaggedObject taggedObject = (DerTaggedObject)name.ToAsn1Object();
                        DerIA5String    derStr       = DerIA5String.GetInstance(taggedObject.GetObject());
                        str = derStr.GetString();
                    }
                    else
                    {
                        DerIA5String derStr = DerIA5String.GetInstance(name.ToAsn1Object());
                        str = derStr.GetString();
                    }
                    if (str != null && (str.StartsWith("http://") || str.StartsWith("https://")) &&
                        str.ToUpperInvariant().Contains("CRL"))    //jbonilla - El URL del CRL para el BCE está en la tercera posición y solo se puede acceder desde HTTP.
                    {
                        return(str);
                    }
                    else
                    {
                        logger.Info("Supports only http:// and https:// protocol for CRL");
                    }
                }
            }

            //jbonilla
            #region BCE
            if (certificate.SubjectDN.ToString()
                .Contains("AC BANCO CENTRAL DEL ECUADOR"))
            {
                return(IntermediateAcUrl);
            }
            #endregion

            return(null);
        }
 internal static void CheckCrls(IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts)
 {
     if (!paramsPKIX.IsRevocationEnabled)
     {
         return;
     }
     if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
     {
         CrlDistPoint crlDistPoint = null;
         try
         {
             crlDistPoint = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(attrCert, X509Extensions.CrlDistributionPoints));
         }
         catch (Exception cause)
         {
             throw new PkixCertPathValidatorException("CRL distribution point extension could not be read.", cause);
         }
         try
         {
             PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(crlDistPoint, paramsPKIX);
         }
         catch (Exception cause2)
         {
             throw new PkixCertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", cause2);
         }
         CertStatus  certStatus  = new CertStatus();
         ReasonsMask reasonsMask = new ReasonsMask();
         Exception   cause3      = null;
         bool        flag        = false;
         if (crlDistPoint != null)
         {
             DistributionPoint[] array = null;
             try
             {
                 array = crlDistPoint.GetDistributionPoints();
             }
             catch (Exception cause4)
             {
                 throw new PkixCertPathValidatorException("Distribution points could not be read.", cause4);
             }
             try
             {
                 for (int i = 0; i < array.Length; i++)
                 {
                     if (certStatus.Status != 11)
                     {
                         break;
                     }
                     if (reasonsMask.IsAllReasons)
                     {
                         break;
                     }
                     PkixParameters paramsPKIX2 = (PkixParameters)paramsPKIX.Clone();
                     CheckCrl(array[i], attrCert, paramsPKIX2, validDate, issuerCert, certStatus, reasonsMask, certPathCerts);
                     flag = true;
                 }
             }
             catch (Exception innerException)
             {
                 cause3 = new Exception("No valid CRL for distribution point found.", innerException);
             }
         }
         if (certStatus.Status == 11 && !reasonsMask.IsAllReasons)
         {
             try
             {
                 Asn1Object asn1Object = null;
                 try
                 {
                     asn1Object = new Asn1InputStream(attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
                 }
                 catch (Exception innerException2)
                 {
                     throw new Exception("Issuer from certificate for CRL could not be reencoded.", innerException2);
                 }
                 DistributionPoint dp          = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(4, asn1Object))), null, null);
                 PkixParameters    paramsPKIX3 = (PkixParameters)paramsPKIX.Clone();
                 CheckCrl(dp, attrCert, paramsPKIX3, validDate, issuerCert, certStatus, reasonsMask, certPathCerts);
                 flag = true;
             }
             catch (Exception innerException3)
             {
                 cause3 = new Exception("No valid CRL for distribution point found.", innerException3);
             }
         }
         if (!flag)
         {
             throw new PkixCertPathValidatorException("No valid CRL found.", cause3);
         }
         if (certStatus.Status != 11)
         {
             string str  = certStatus.RevocationDate.Value.ToString("ddd MMM dd HH:mm:ss K yyyy");
             string str2 = "Attribute certificate revocation after " + str;
             str2 = str2 + ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
             throw new PkixCertPathValidatorException(str2);
         }
         if (!reasonsMask.IsAllReasons && certStatus.Status == 11)
         {
             certStatus.Status = 12;
         }
         if (certStatus.Status == 12)
         {
             throw new PkixCertPathValidatorException("Attribute certificate status could not be determined.");
         }
     }
     else if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
     {
         throw new PkixCertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
     }
 }