public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters pkixParams)
{
IX509Selector targetConstraints = pkixParams.GetTargetConstraints();
if (!(targetConstraints is X509AttrCertStoreSelector))
{
throw new ArgumentException("TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName, "pkixParams");
}
IX509AttributeCertificate attributeCert = ((X509AttrCertStoreSelector)targetConstraints).AttributeCert;
PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attributeCert, pkixParams);
PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
X509Certificate x509Certificate = (X509Certificate)certPath.Certificates[0];
Rfc3281CertPathUtilities.ProcessAttrCert3(x509Certificate, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert4(x509Certificate, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert5(attributeCert, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert7(attributeCert, certPath, holderCertPath, pkixParams);
Rfc3281CertPathUtilities.AdditionalChecks(attributeCert, pkixParams);
DateTime validCertDateFromValidityModel;
try
{
validCertDateFromValidityModel = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
}
catch (Exception cause)
{
throw new PkixCertPathValidatorException("Could not get validity date from attribute certificate.", cause);
}
Rfc3281CertPathUtilities.CheckCrls(attributeCert, pkixParams, x509Certificate, validCertDateFromValidityModel, certPath.Certificates);
return(result);
}
public void TestAllCertificatesAnyPolicyTest11()
{
string[] certList = new string[] { "anyPolicyCACert", "AllCertificatesanyPolicyTest11EE" };
string[] crlList = new string[] { TRUST_ANCHOR_ROOT_CRL, "anyPolicyCACRL" };
PkixCertPathValidatorResult result = DoTest(TRUST_ANCHOR_ROOT_CERTIFICATE, certList, crlList);
result = DoTest(TRUST_ANCHOR_ROOT_CERTIFICATE, certList, crlList, nistTestPolicy1);
}
public void TestUserNoticeQualifierTest16()
{
string[] certList = new string[] { GOOD_CA_CERT, "UserNoticeQualifierTest16EE" };
string[] crlList = new string[] { TRUST_ANCHOR_ROOT_CRL, GOOD_CA_CRL };
PkixCertPathValidatorResult result = DoTest(TRUST_ANCHOR_ROOT_CERTIFICATE, certList, crlList);
result = DoTest(TRUST_ANCHOR_ROOT_CERTIFICATE, certList, crlList, nistTestPolicy1);
DoExceptionTest(TRUST_ANCHOR_ROOT_CERTIFICATE, certList, crlList, nistTestPolicy2,
-1,
"Path processing failed on policy.");
}
public override void PerformTest()
{
X509CertificateParser certParser = new X509CertificateParser();
X509CrlParser crlParser = new X509CrlParser();
// initialise CertStore
X509Certificate rootCert = certParser.ReadCertificate(CertPathTest.rootCertBin);
X509Certificate interCert = certParser.ReadCertificate(CertPathTest.interCertBin);
X509Certificate finalCert = certParser.ReadCertificate(CertPathTest.finalCertBin);
X509Crl rootCrl = crlParser.ReadCrl(CertPathTest.rootCrlBin);
X509Crl interCrl = crlParser.ReadCrl(CertPathTest.interCrlBin);
IList x509Certs = new ArrayList();
x509Certs.Add(rootCert);
x509Certs.Add(interCert);
x509Certs.Add(finalCert);
IList x509Crls = new ArrayList();
x509Crls.Add(rootCrl);
x509Crls.Add(interCrl);
// CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
// CertStore store = CertStore.GetInstance("Collection", ccsp);
// X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(list);
IX509Store x509CertStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(x509Certs));
IX509Store x509CrlStore = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(x509Crls));
// NB: Month is 1-based in .NET
//DateTime validDate = new DateTime(2008,9,4,14,49,10).ToUniversalTime();
DateTime validDate = new DateTime(2008, 9, 4, 5, 49, 10);
//validating path
IList certchain = new ArrayList();
certchain.Add(finalCert);
certchain.Add(interCert);
// CertPath cp = CertificateFactory.GetInstance("X.509").GenerateCertPath(certchain);
PkixCertPath cp = new PkixCertPath(certchain);
ISet trust = new HashSet();
trust.Add(new TrustAnchor(rootCert, null));
// CertPathValidator cpv = CertPathValidator.GetInstance("PKIX");
PkixCertPathValidator cpv = new PkixCertPathValidator();
PkixParameters param = new PkixParameters(trust);
param.AddStore(x509CertStore);
param.AddStore(x509CrlStore);
param.Date = new DateTimeObject(validDate);
MyChecker checker = new MyChecker();
param.AddCertPathChecker(checker);
PkixCertPathValidatorResult result = (PkixCertPathValidatorResult)cpv.Validate(cp, param);
PkixPolicyNode policyTree = result.PolicyTree;
AsymmetricKeyParameter subjectPublicKey = result.SubjectPublicKey;
if (checker.GetCount() != 2)
{
Fail("checker not evaluated for each certificate");
}
if (!subjectPublicKey.Equals(finalCert.GetPublicKey()))
{
Fail("wrong public key returned");
}
IsTrue(result.TrustAnchor.TrustedCert.Equals(rootCert));
// try a path with trust anchor included.
certchain.Clear();
certchain.Add(finalCert);
certchain.Add(interCert);
certchain.Add(rootCert);
cp = new PkixCertPath(certchain);
cpv = new PkixCertPathValidator();
param = new PkixParameters(trust);
param.AddStore(x509CertStore);
param.AddStore(x509CrlStore);
param.Date = new DateTimeObject(validDate);
checker = new MyChecker();
param.AddCertPathChecker(checker);
result = (PkixCertPathValidatorResult)cpv.Validate(cp, param);
IsTrue(result.TrustAnchor.TrustedCert.Equals(rootCert));
//
// invalid path containing a valid one test
//
try
{
// initialise CertStore
rootCert = certParser.ReadCertificate(AC_RAIZ_ICPBRASIL);
interCert = certParser.ReadCertificate(AC_PR);
finalCert = certParser.ReadCertificate(schefer);
x509Certs = new ArrayList();
x509Certs.Add(rootCert);
x509Certs.Add(interCert);
x509Certs.Add(finalCert);
// ccsp = new CollectionCertStoreParameters(list);
// store = CertStore.GetInstance("Collection", ccsp);
// ccsp = new X509CollectionStoreParameters(list);
x509CertStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(x509Certs));
// NB: Month is 1-based in .NET
//validDate = new DateTime(2004,3,21,2,21,10).ToUniversalTime();
validDate = new DateTime(2004, 3, 20, 19, 21, 10);
//validating path
certchain = new ArrayList();
certchain.Add(finalCert);
certchain.Add(interCert);
// cp = CertificateFactory.GetInstance("X.509").GenerateCertPath(certchain);
cp = new PkixCertPath(certchain);
trust = new HashSet();
trust.Add(new TrustAnchor(rootCert, null));
// cpv = CertPathValidator.GetInstance("PKIX");
cpv = new PkixCertPathValidator();
param = new PkixParameters(trust);
param.AddStore(x509CertStore);
param.IsRevocationEnabled = false;
param.Date = new DateTimeObject(validDate);
result = (PkixCertPathValidatorResult)cpv.Validate(cp, param);
policyTree = result.PolicyTree;
subjectPublicKey = result.SubjectPublicKey;
Fail("Invalid path validated");
}
catch (Exception e)
{
if (e is PkixCertPathValidatorException &&
e.Message.StartsWith("Could not validate certificate signature."))
{
return;
}
Fail("unexpected exception", e);
}
}
protected virtual PkixCertPathBuilderResult Build(X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath)
{
if (tbvPath.Contains(tbvCert))
{
return(null);
}
if (pkixParams.GetExcludedCerts().Contains(tbvCert))
{
return(null);
}
if (pkixParams.MaxPathLength != -1 && tbvPath.Count - 1 > pkixParams.MaxPathLength)
{
return(null);
}
tbvPath.Add(tbvCert);
PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
PkixCertPathValidator pkixCertPathValidator = new PkixCertPathValidator();
try
{
if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
{
PkixCertPath pkixCertPath = null;
try
{
pkixCertPath = new PkixCertPath(tbvPath);
}
catch (Exception innerException)
{
throw new Exception("Certification path could not be constructed from certificate list.", innerException);
}
PkixCertPathValidatorResult pkixCertPathValidatorResult = null;
try
{
pkixCertPathValidatorResult = pkixCertPathValidator.Validate(pkixCertPath, pkixParams);
}
catch (Exception innerException2)
{
throw new Exception("Certification path could not be validated.", innerException2);
}
return(new PkixCertPathBuilderResult(pkixCertPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey));
}
try
{
PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
}
catch (CertificateParsingException innerException3)
{
throw new Exception("No additiontal X.509 stores can be added from certificate locations.", innerException3);
}
HashSet hashSet = new HashSet();
try
{
hashSet.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
}
catch (Exception innerException4)
{
throw new Exception("Cannot find issuer certificate for certificate in certification path.", innerException4);
}
if (hashSet.IsEmpty)
{
throw new Exception("No issuer certificate for certificate in certification path found.");
}
foreach (X509Certificate item in hashSet)
{
pkixCertPathBuilderResult = Build(item, pkixParams, tbvPath);
if (pkixCertPathBuilderResult != null)
{
break;
}
}
}
catch (Exception ex)
{
Exception ex2 = certPathException = ex;
}
if (pkixCertPathBuilderResult == null)
{
tbvPath.Remove(tbvCert);
}
return(pkixCertPathBuilderResult);
}
