/// <summary>
/// Shorter implementation of TimestampVerifier.IsValidAfterRevocation method for testing purposes.
/// </summary>
public static bool IsValidAfterRevocationFake(X509Crl crl, X509Certificate cert, DateTime timestampGenTime)
{
if (crl.IsRevoked(cert))
{
X509CrlEntry revokedEntry = crl.GetRevokedCertificate(cert.SerialNumber);
DateTime revocationDate = revokedEntry.RevocationDate;
/* All timestamps created after revocation date are invalid */
if (DateTime.Compare(timestampGenTime, revocationDate) > 0)
{
return(false);
}
DerEnumerated reasonCode = DerEnumerated.GetInstance(GetExtensionValue(revokedEntry, X509Extensions.ReasonCode));
/* If the revocation reason is not present, the timestamp is considered invalid */
if (reasonCode == null)
{
return(false);
}
int reason = reasonCode.Value.IntValue;
/* If the revocation reason is any other value, the timestamp is considered invalid */
if (!(reason == CrlReason.Unspecified ||
reason == CrlReason.AffiliationChanged ||
reason == CrlReason.Superseded ||
reason == CrlReason.CessationOfOperation))
{
return(false);
}
}
return(true);
}
private OcspResponse(Asn1Sequence seq)
{
responseStatus = new OcspResponseStatus(DerEnumerated.GetInstance(seq[0]));
if (seq.Count == 2)
{
responseBytes = ResponseBytes.GetInstance((Asn1TaggedObject)seq[1], explicitly: true);
}
}
private RevokedInfo(Asn1Sequence seq)
{
revocationTime = (DerGeneralizedTime)seq[0];
if (seq.Count > 1)
{
revocationReason = new CrlReason(DerEnumerated.GetInstance((Asn1TaggedObject)seq[1], isExplicit: true));
}
}
private OcspResponse(Asn1Sequence seq)
{
this.responseStatus = new OcspResponseStatus(DerEnumerated.GetInstance(seq[0]));
if (seq.Count == 2)
{
this.responseBytes = Org.BouncyCastle.Asn1.Ocsp.ResponseBytes.GetInstance((Asn1TaggedObject)seq[1], true);
}
}
public override string ToString()
{
//IL_0000: Unknown result type (might be due to invalid IL or missing references)
//IL_0006: Expected O, but got Unknown
StringBuilder val = new StringBuilder();
string newLine = Platform.NewLine;
val.Append(" userCertificate: ").Append((object)SerialNumber).Append(newLine);
val.Append(" revocationDate: ").Append((object)RevocationDate).Append(newLine);
val.Append(" certificateIssuer: ").Append((object)GetCertificateIssuer()).Append(newLine);
X509Extensions extensions = c.Extensions;
if (extensions != null)
{
global::System.Collections.IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
val.Append(" crlEntryExtensions:").Append(newLine);
do
{
DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.get_Current();
X509Extension extension = extensions.GetExtension(derObjectIdentifier);
if (extension.Value != null)
{
Asn1Object asn1Object = Asn1Object.FromByteArray(extension.Value.GetOctets());
val.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (derObjectIdentifier.Equals(X509Extensions.ReasonCode))
{
val.Append((object)new CrlReason(DerEnumerated.GetInstance(asn1Object)));
}
else if (derObjectIdentifier.Equals(X509Extensions.CertificateIssuer))
{
val.Append("Certificate issuer: ").Append((object)GeneralNames.GetInstance((Asn1Sequence)asn1Object));
}
else
{
val.Append(derObjectIdentifier.Id);
val.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object));
}
val.Append(newLine);
}
catch (global::System.Exception)
{
val.Append(derObjectIdentifier.Id);
val.Append(" value = ").Append("*****").Append(newLine);
}
}
else
{
val.Append(newLine);
}
}while (enumerator.MoveNext());
}
}
return(val.ToString());
}
public override string ToString()
{
StringBuilder builder = new StringBuilder();
string newLine = Platform.NewLine;
builder.Append(" userCertificate: ").Append(this.SerialNumber).Append(newLine);
builder.Append(" revocationDate: ").Append(this.RevocationDate).Append(newLine);
builder.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(newLine);
X509Extensions extensions = this.c.Extensions;
if (extensions != null)
{
IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
builder.Append(" crlEntryExtensions:").Append(newLine);
do
{
DerObjectIdentifier current = (DerObjectIdentifier)enumerator.Current;
X509Extension extension = extensions.GetExtension(current);
if (extension.Value != null)
{
Asn1Object obj2 = Asn1Object.FromByteArray(extension.Value.GetOctets());
builder.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (current.Equals(X509Extensions.ReasonCode))
{
builder.Append(new CrlReason(DerEnumerated.GetInstance(obj2)));
}
else if (current.Equals(X509Extensions.CertificateIssuer))
{
builder.Append("Certificate issuer: ").Append(GeneralNames.GetInstance((Asn1Sequence)obj2));
}
else
{
builder.Append(current.Id);
builder.Append(" value = ").Append(Asn1Dump.DumpAsString((Asn1Encodable)obj2));
}
builder.Append(newLine);
}
catch (Exception)
{
builder.Append(current.Id);
builder.Append(" value = ").Append("*****").Append(newLine);
}
}
else
{
builder.Append(newLine);
}
}while (enumerator.MoveNext());
}
}
return(builder.ToString());
}
/// <summary>
/// Determines whether timestamp, signed by given certificate, can be considered valid, even after said certificate has been revoked.
/// It follows rules discribed in RFC3161 section 4.1.
/// </summary>
/// <param name="certificate">The certificate.</param>
/// <param name="timestampGenTime">The timestamp time.</param>
/// <returns>
/// <c>true</c> if [is valid after revocation] [the specified certificate]; otherwise, <c>false</c>.
/// </returns>
private static bool IsValidAfterRevocation(X509Certificate2 certificate, DateTime timestampGenTime)
{
try
{
/* Get CRL url from certificate */
Org.BouncyCastle.X509.X509Certificate cert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certificate);
X509Extension revocationExtension = (from X509Extension extension in certificate.Extensions where extension.Oid.Value.Equals("2.5.29.31") select extension).Single();
Regex rx = new Regex("http://.*?\\.crl");
foreach (Match match in rx.Matches(new AsnEncodedData(revocationExtension.Oid, revocationExtension.RawData).Format(false)))
{
string crlUrl = match.Value;
WebClient client = new WebClient();
X509CrlParser crlParser = new X509CrlParser();
X509Crl crl = crlParser.ReadCrl(client.DownloadData(crlUrl));
if (crl.IsRevoked(cert))
{
X509CrlEntry revokedEntry = crl.GetRevokedCertificate(cert.SerialNumber);
DateTime revocationDate = revokedEntry.RevocationDate;
/* All timestamps created after revocation date are invalid */
if (DateTime.Compare(timestampGenTime, revocationDate) > 0)
{
return(false);
}
DerEnumerated reasonCode = DerEnumerated.GetInstance(GetExtensionValue(revokedEntry, Org.BouncyCastle.Asn1.X509.X509Extensions.ReasonCode));
/* If the revocation reason is not present, the timestamp is considered invalid */
if (reasonCode == null)
{
return(false);
}
int reason = reasonCode.Value.IntValue;
/* If the revocation reason is any other value, the timestamp is considered invalid */
if (!(reason == Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified ||
reason == Org.BouncyCastle.Asn1.X509.CrlReason.AffiliationChanged ||
reason == Org.BouncyCastle.Asn1.X509.CrlReason.Superseded ||
reason == Org.BouncyCastle.Asn1.X509.CrlReason.CessationOfOperation))
{
return(false);
}
}
}
}
catch
{
return(false);
}
return(true);
}
/// <summary>
/// Lookup and validate certificate against CDP URL inside the certificate.
/// </summary>
/// <param name="cert"></param>
/// <returns></returns>
public CertStatus ValidateCertificateAgainstCRL(System.Security.Cryptography.X509Certificates.X509Certificate2 cert)
{
var urls = ParseCDPUrls(cert);
if (urls == null || urls.Count == 0 || urls.Count > 1)
{
return(CertStatus.Unknown(CertStatus.NoCrl));
}
var crl = LoadCrl(urls[0]);
if (crl.NextUpdate.Value < DateTime.UtcNow)
{
return(CertStatus.Unknown(CertStatus.BadCrl));
}
var serialNumber = new BigInteger(cert.SerialNumber, 16);
var entry = crl.GetRevokedCertificate(serialNumber);
if (entry == null)
{
return(CertStatus.Good);
}
DerEnumerated reasonCode = null;
try
{
reasonCode = DerEnumerated.GetInstance(entry.GetExtensionValue(X509Extensions.ReasonCode));
}
catch
{
return(CertStatus.Unknown(CertStatus.BadRevocationReason));
}
int?revocationReason = null;
if (reasonCode != null)
{
revocationReason = reasonCode.Value.SignValue;
}
else
{
revocationReason = CrlReason.Unspecified;
}
DateTime revocationDate = entry.RevocationDate;
return(CertStatus.Revoked(revocationDate.ToString("o"), revocationReason));
}
internal static void GetCertStatus(global::System.DateTime validDate, X509Crl crl, object cert, CertStatus certStatus)
{
X509Crl x509Crl = null;
try
{
x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded())));
}
catch (global::System.Exception ex)
{
throw new global::System.Exception("Bouncy Castle X509Crl could not be created.", ex);
}
X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(GetSerialNumber(cert));
if (revokedCertificate == null)
{
return;
}
X509Name issuerPrincipal = GetIssuerPrincipal(cert);
if (!issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), inOrder: true) && !issuerPrincipal.Equivalent(crl.IssuerDN, inOrder: true))
{
return;
}
DerEnumerated derEnumerated = null;
if (revokedCertificate.HasExtensions)
{
try
{
derEnumerated = DerEnumerated.GetInstance(GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode));
}
catch (global::System.Exception ex2)
{
throw new global::System.Exception("Reason code CRL entry extension could not be decoded.", ex2);
}
}
if (validDate.get_Ticks() >= revokedCertificate.RevocationDate.get_Ticks() || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8))
{
if (derEnumerated != null)
{
certStatus.Status = derEnumerated.Value.SignValue;
}
else
{
certStatus.Status = 0;
}
certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate);
}
}
internal static void GetCertStatus(DateTime validDate, X509Crl crl, object cert, CertStatus certStatus)
{
X509Crl x509Crl = null;
try
{
x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded())));
}
catch (Exception innerException)
{
throw new Exception("Bouncy Castle X509Crl could not be created.", innerException);
}
X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(PkixCertPathValidatorUtilities.GetSerialNumber(cert));
if (revokedCertificate == null)
{
return;
}
X509Name issuerPrincipal = PkixCertPathValidatorUtilities.GetIssuerPrincipal(cert);
if (issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), true) || issuerPrincipal.Equivalent(crl.IssuerDN, true))
{
DerEnumerated derEnumerated = null;
if (revokedCertificate.HasExtensions)
{
try
{
derEnumerated = DerEnumerated.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode));
}
catch (Exception innerException2)
{
throw new Exception("Reason code CRL entry extension could not be decoded.", innerException2);
}
}
if (validDate.Ticks >= revokedCertificate.RevocationDate.Ticks || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8))
{
if (derEnumerated != null)
{
certStatus.Status = derEnumerated.Value.SignValue;
}
else
{
certStatus.Status = 0;
}
certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate);
}
}
}
private ObjectDigestInfo(Asn1Sequence seq)
{
if (seq.Count > 4 || seq.Count < 3)
{
throw new ArgumentException("Bad sequence size: " + seq.Count);
}
this.digestedObjectType = DerEnumerated.GetInstance(seq[0]);
int num = 0;
if (seq.Count == 4)
{
this.otherObjectTypeID = DerObjectIdentifier.GetInstance(seq[1]);
num++;
}
this.digestAlgorithm = AlgorithmIdentifier.GetInstance(seq[1 + num]);
this.objectDigest = DerBitString.GetInstance(seq[2 + num]);
}
private ObjectDigestInfo(Asn1Sequence seq)
{
//IL_002d: Unknown result type (might be due to invalid IL or missing references)
if (seq.Count > 4 || seq.Count < 3)
{
throw new ArgumentException(string.Concat((object)"Bad sequence size: ", (object)seq.Count));
}
digestedObjectType = DerEnumerated.GetInstance(seq[0]);
int num = 0;
if (seq.Count == 4)
{
otherObjectTypeID = DerObjectIdentifier.GetInstance(seq[1]);
num++;
}
digestAlgorithm = AlgorithmIdentifier.GetInstance(seq[1 + num]);
objectDigest = DerBitString.GetInstance(seq[2 + num]);
}
internal static void GetCertStatus(
DateTime validDate,
X509Crl crl,
Object cert,
CertStatus certStatus)
{
X509Crl bcCRL = null;
try
{
bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded())));
}
catch (Exception exception)
{
throw new Exception("Bouncy Castle X509Crl could not be created.", exception);
}
X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert));
if (crl_entry == null)
{
return;
}
X509Name issuer = GetIssuerPrincipal(cert);
if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) ||
issuer.Equivalent(crl.IssuerDN, true))
{
DerEnumerated reasonCode = null;
if (crl_entry.HasExtensions)
{
try
{
reasonCode = DerEnumerated.GetInstance(
GetExtensionValue(crl_entry, X509Extensions.ReasonCode));
}
catch (Exception e)
{
throw new Exception(
"Reason code CRL entry extension could not be decoded.",
e);
}
}
// for reason keyCompromise, caCompromise, aACompromise or
// unspecified
if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) ||
reasonCode == null ||
reasonCode.Value.TestBit(0) ||
reasonCode.Value.TestBit(1) ||
reasonCode.Value.TestBit(2) ||
reasonCode.Value.TestBit(8))
{
if (reasonCode != null) // (i) or (j) (1)
{
certStatus.Status = reasonCode.Value.SignValue;
}
else // (i) or (j) (2)
{
certStatus.Status = CrlReason.Unspecified;
}
certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate);
}
}
}
public override string ToString()
{
StringBuilder buf = new StringBuilder();
string nl = BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.NewLine;
buf.Append(" userCertificate: ").Append(this.SerialNumber).Append(nl);
buf.Append(" revocationDate: ").Append(this.RevocationDate).Append(nl);
buf.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(nl);
X509Extensions extensions = c.Extensions;
if (extensions != null)
{
IEnumerator e = extensions.ExtensionOids.GetEnumerator();
if (e.MoveNext())
{
buf.Append(" crlEntryExtensions:").Append(nl);
do
{
DerObjectIdentifier oid = (DerObjectIdentifier)e.Current;
X509Extension ext = extensions.GetExtension(oid);
if (ext.Value != null)
{
Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets());
buf.Append(" critical(")
.Append(ext.IsCritical)
.Append(") ");
try
{
if (oid.Equals(X509Extensions.ReasonCode))
{
buf.Append(new CrlReason(DerEnumerated.GetInstance(obj)));
}
else if (oid.Equals(X509Extensions.CertificateIssuer))
{
buf.Append("Certificate issuer: ").Append(
GeneralNames.GetInstance((Asn1Sequence)obj));
}
else
{
buf.Append(oid.Id);
buf.Append(" value = ").Append(Asn1Dump.DumpAsString(obj));
}
buf.Append(nl);
}
catch (Exception)
{
buf.Append(oid.Id);
buf.Append(" value = ").Append("*****").Append(nl);
}
}
else
{
buf.Append(nl);
}
}while (e.MoveNext());
}
}
return(buf.ToString());
}
internal static void GetCertStatus(
DateTime validDate,
X509Crl crl,
Object cert,
CertStatus certStatus)
{
X509Crl bcCRL = null;
try
{
bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded())));
}
catch (Exception exception)
{
throw new Exception("Bouncy Castle X509Crl could not be created.", exception);
}
X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert));
if (crl_entry == null)
{
return;
}
X509Name issuer = GetIssuerPrincipal(cert);
if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) &&
!issuer.Equivalent(crl.IssuerDN, true))
{
return;
}
int reasonCodeValue = CrlReason.Unspecified;
if (crl_entry.HasExtensions)
{
try
{
Asn1Object extValue = GetExtensionValue(crl_entry, X509Extensions.ReasonCode);
DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue);
if (null != reasonCode)
{
reasonCodeValue = reasonCode.IntValueExact;
}
}
catch (Exception e)
{
throw new Exception("Reason code CRL entry extension could not be decoded.", e);
}
}
DateTime revocationDate = crl_entry.RevocationDate;
if (validDate.Ticks < revocationDate.Ticks)
{
switch (reasonCodeValue)
{
case CrlReason.Unspecified:
case CrlReason.KeyCompromise:
case CrlReason.CACompromise:
case CrlReason.AACompromise:
break;
default:
return;
}
}
// (i) or (j)
certStatus.Status = reasonCodeValue;
certStatus.RevocationDate = new DateTimeObject(revocationDate);
}
public override string ToString()
{
StringBuilder stringBuilder = new StringBuilder();
string newLine = Platform.NewLine;
stringBuilder.Append(" userCertificate: ").Append(this.SerialNumber).Append(newLine);
stringBuilder.Append(" revocationDate: ").Append(this.RevocationDate).Append(newLine);
stringBuilder.Append(" certificateIssuer: ").Append(this.GetCertificateIssuer()).Append(newLine);
X509Extensions extensions = this.c.Extensions;
if (extensions != null)
{
IEnumerator enumerator = extensions.ExtensionOids.GetEnumerator();
if (enumerator.MoveNext())
{
stringBuilder.Append(" crlEntryExtensions:").Append(newLine);
while (true)
{
DerObjectIdentifier derObjectIdentifier = (DerObjectIdentifier)enumerator.Current;
X509Extension extension = extensions.GetExtension(derObjectIdentifier);
if (extension.Value != null)
{
Asn1Object asn1Object = Asn1Object.FromByteArray(extension.Value.GetOctets());
stringBuilder.Append(" critical(").Append(extension.IsCritical).Append(") ");
try
{
if (derObjectIdentifier.Equals(X509Extensions.ReasonCode))
{
stringBuilder.Append(new CrlReason(DerEnumerated.GetInstance(asn1Object)));
}
else if (derObjectIdentifier.Equals(X509Extensions.CertificateIssuer))
{
stringBuilder.Append("Certificate issuer: ").Append(GeneralNames.GetInstance((Asn1Sequence)asn1Object));
}
else
{
stringBuilder.Append(derObjectIdentifier.Id);
stringBuilder.Append(" value = ").Append(Asn1Dump.DumpAsString(asn1Object));
}
stringBuilder.Append(newLine);
goto IL_1B0;
}
catch (Exception)
{
stringBuilder.Append(derObjectIdentifier.Id);
stringBuilder.Append(" value = ").Append("*****").Append(newLine);
goto IL_1B0;
}
goto IL_1A8;
}
goto IL_1A8;
IL_1B0:
if (!enumerator.MoveNext())
{
break;
}
continue;
IL_1A8:
stringBuilder.Append(newLine);
goto IL_1B0;
}
}
}
return(stringBuilder.ToString());
}
