private string GetAccessLocation(X509Certificate certificate, DerObjectIdentifier
accessMethod)
{
Asn1OctetString authInfoAccessExtensionValue = certificate.GetExtensionValue(X509Extensions
.AuthorityInfoAccess);
if (null == authInfoAccessExtensionValue)
{
return(null);
}
AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.GetInstance(authInfoAccessExtensionValue.GetOctets());
AccessDescription[] accessDescriptions = authorityInformationAccess.GetAccessDescriptions();
foreach (AccessDescription accessDescription in accessDescriptions)
{
logger.Info("access method: " + accessDescription.AccessMethod);
bool correctAccessMethod = accessDescription.AccessMethod.Equals(accessMethod);
if (!correctAccessMethod)
{
continue;
}
GeneralName gn = accessDescription.AccessLocation;
if (gn.TagNo != GeneralName.UniformResourceIdentifier)
{
logger.Info("not a uniform resource identifier");
continue;
}
DerIA5String str = (DerIA5String)((DerTaggedObject)gn.ToAsn1Object()).GetObject();
string accessLocation = str.GetString();
logger.Info("access location: " + accessLocation);
return(accessLocation);
}
return(null);
}
// Certificate Revocation Lists
/**
* Gets the URL of the Certificate Revocation List for a Certificate
* @param certificate the Certificate
* @return the String where you can check if the certificate was revoked
* @throws CertificateParsingException
* @throws IOException
*/
public static String GetCRLURL(X509Certificate certificate)
{
try {
Asn1Object obj = GetExtensionValue(certificate, X509Extensions.CrlDistributionPoints.Id);
if (obj == null)
{
return(null);
}
CrlDistPoint dist = CrlDistPoint.GetInstance(obj);
DistributionPoint[] dists = dist.GetDistributionPoints();
foreach (DistributionPoint p in dists)
{
DistributionPointName distributionPointName = p.DistributionPointName;
if (DistributionPointName.FullName != distributionPointName.PointType)
{
continue;
}
GeneralNames generalNames = (GeneralNames)distributionPointName.Name;
GeneralName[] names = generalNames.GetNames();
foreach (GeneralName name in names)
{
if (name.TagNo != GeneralName.UniformResourceIdentifier)
{
continue;
}
DerIA5String derStr = DerIA5String.GetInstance((Asn1TaggedObject)name.ToAsn1Object(), false);
return(derStr.GetString());
}
}
} catch {
}
return(null);
}
// Certificate Revocation Lists
/**
* Gets the URL of the Certificate Revocation List for a Certificate
* @param certificate the Certificate
* @return the String where you can check if the certificate was revoked
* @throws CertificateParsingException
* @throws IOException
*/
public static String GetCRLURL(X509Certificate certificate)
{
try {
Asn1Object obj = GetExtensionValue(certificate, X509Extensions.CrlDistributionPoints.Id);
if (obj == null)
{
return(null);
}
CrlDistPoint dist = CrlDistPoint.GetInstance(obj);
DistributionPoint[] dists = dist.GetDistributionPoints();
foreach (DistributionPoint p in dists)
{
DistributionPointName distributionPointName = p.DistributionPointName;
if (DistributionPointName.FullName != distributionPointName.PointType)
{
continue;
}
GeneralNames generalNames = (GeneralNames)distributionPointName.Name;
GeneralName[] names = generalNames.GetNames();
foreach (GeneralName name in names)
{
if (name.TagNo != GeneralName.UniformResourceIdentifier)
{
continue;
}
DerIA5String derStr = DerIA5String.GetInstance((Asn1TaggedObject)name.ToAsn1Object(), false);
//return derStr.GetString();
//jbonilla - El URL del CRL para el BCE está en la tercera posición y solo se puede acceder desde HTTP.
string urlCrl = derStr.GetString();
if (urlCrl.ToUpperInvariant().StartsWith("HTTP") && urlCrl.ToUpperInvariant().Contains("CRL"))
{
return(derStr.GetString());
}
}
}
} catch {
}
return(null);
}
private string GetAccessLocation(X509Certificate certificate, DerObjectIdentifier
accessMethod)
{
try
{
//byte[] authInfoAccessExtensionValue = certificate.GetExtensionValue(X509Extensions
// .AuthorityInfoAccess);
Asn1OctetString authInfoAccessExtensionValue = certificate.GetExtensionValue(X509Extensions
.AuthorityInfoAccess);
if (null == authInfoAccessExtensionValue)
{
return(null);
}
AuthorityInformationAccess authorityInformationAccess;
//DerOctetString oct = (DerOctetString)(new Asn1InputStream(new MemoryStream
// (authInfoAccessExtensionValue)).ReadObject());
DerOctetString oct = (DerOctetString)authInfoAccessExtensionValue;
//authorityInformationAccess = new AuthorityInformationAccess((Asn1Sequence)new Asn1InputStream
// (oct.GetOctets()).ReadObject());
authorityInformationAccess = AuthorityInformationAccess.GetInstance(oct);
AccessDescription[] accessDescriptions = authorityInformationAccess.GetAccessDescriptions
();
foreach (AccessDescription accessDescription in accessDescriptions)
{
LOG.Info("access method: " + accessDescription.AccessMethod);
bool correctAccessMethod = accessDescription.AccessMethod.Equals(accessMethod
);
if (!correctAccessMethod)
{
continue;
}
GeneralName gn = accessDescription.AccessLocation;
if (gn.TagNo != GeneralName.UniformResourceIdentifier)
{
LOG.Info("not a uniform resource identifier");
continue;
}
DerIA5String str = (DerIA5String)((DerTaggedObject)gn.ToAsn1Object()).GetObject();
string accessLocation = str.GetString();
LOG.Info("access location: " + accessLocation);
return(accessLocation);
}
return(null);
}
catch (IOException e)
{
throw new RuntimeException("IO error: " + e.Message, e);
}
}
/// <summary>Gives back the CRL URI meta-data found within the given X509 certificate.
/// </summary>
/// <remarks>Gives back the CRL URI meta-data found within the given X509 certificate.
/// </remarks>
/// <param name="certificate">the X509 certificate.</param>
/// <returns>the CRL URI, or <code>null</code> if the extension is not present.</returns>
/// <exception cref="System.UriFormatException">System.UriFormatException</exception>
public virtual string GetCrlUri(X509Certificate certificate)
{
//byte[] crlDistributionPointsValue = certificate.GetExtensionValue(X509Extensions.
// CrlDistributionPoints);
Asn1OctetString crlDistributionPointsValue = certificate.GetExtensionValue(X509Extensions.
CrlDistributionPoints);
if (null == crlDistributionPointsValue)
{
return(null);
}
Asn1Sequence seq;
try
{
DerOctetString oct;
//oct = (DEROctetString)(new ASN1InputStream(new ByteArrayInputStream(crlDistributionPointsValue
// )).ReadObject());
oct = (DerOctetString)crlDistributionPointsValue;
seq = (Asn1Sequence) new Asn1InputStream(oct.GetOctets()).ReadObject();
}
catch (IOException e)
{
throw new RuntimeException("IO error: " + e.Message, e);
}
CrlDistPoint distPoint = CrlDistPoint.GetInstance(seq);
DistributionPoint[] distributionPoints = distPoint.GetDistributionPoints();
foreach (DistributionPoint distributionPoint in distributionPoints)
{
DistributionPointName distributionPointName = distributionPoint.DistributionPointName;
if (DistributionPointName.FullName != distributionPointName.PointType)
{
continue;
}
GeneralNames generalNames = (GeneralNames)distributionPointName.Name;
GeneralName[] names = generalNames.GetNames();
foreach (GeneralName name in names)
{
if (name.TagNo != GeneralName.UniformResourceIdentifier)
{
LOG.Info("not a uniform resource identifier");
continue;
}
string str = null;
if (name.ToAsn1Object() is DerTaggedObject)
{
DerTaggedObject taggedObject = (DerTaggedObject)name.ToAsn1Object();
DerIA5String derStr = DerIA5String.GetInstance(taggedObject.GetObject());
str = derStr.GetString();
}
else
{
DerIA5String derStr = DerIA5String.GetInstance(name.ToAsn1Object());
str = derStr.GetString();
}
if (str != null && (str.StartsWith("http://") || str.StartsWith("https://")) &&
str.ToUpperInvariant().Contains("CRL")) //jbonilla - El URL del CRL para el BCE está en la tercera posición y solo se puede acceder desde HTTP.
{
return(str);
}
else
{
LOG.Info("Supports only http:// and https:// protocol for CRL");
}
}
}
//jbonilla
#region BCE
if (certificate.SubjectDN.ToString()
.Contains("AC BANCO CENTRAL DEL ECUADOR"))
{
return(this.IntermediateAcUrl);
}
#endregion
return(null);
}
public NetscapeRevocationUrl(DerIA5String str)
: base(str.GetString())
{
}
public VerisignCzagExtension(DerIA5String str)
: base(str.GetString())
{
}
public VerisignCzagExtension(DerIA5String str)
: base(str.GetString())
{
}
public NetscapeRevocationUrl(DerIA5String str)
: base(str.GetString())
{
}