Summary description for PkixCertPathValidatorResult.
Пример #1
0
        public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters pkixParams)
        {
            //IL_002d: Unknown result type (might be due to invalid IL or missing references)
            IX509Selector targetConstraints = pkixParams.GetTargetConstraints();

            if (!(targetConstraints is X509AttrCertStoreSelector))
            {
                throw new ArgumentException("TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).get_FullName(), "pkixParams");
            }
            IX509AttributeCertificate attributeCert     = ((X509AttrCertStoreSelector)targetConstraints).AttributeCert;
            PkixCertPath holderCertPath                 = Rfc3281CertPathUtilities.ProcessAttrCert1(attributeCert, pkixParams);
            PkixCertPathValidatorResult result          = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
            X509Certificate             x509Certificate = (X509Certificate)certPath.Certificates.get_Item(0);

            Rfc3281CertPathUtilities.ProcessAttrCert3(x509Certificate, pkixParams);
            Rfc3281CertPathUtilities.ProcessAttrCert4(x509Certificate, pkixParams);
            Rfc3281CertPathUtilities.ProcessAttrCert5(attributeCert, pkixParams);
            Rfc3281CertPathUtilities.ProcessAttrCert7(attributeCert, certPath, holderCertPath, pkixParams);
            Rfc3281CertPathUtilities.AdditionalChecks(attributeCert, pkixParams);
            global::System.DateTime validCertDateFromValidityModel;
            try
            {
                validCertDateFromValidityModel = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
            }
            catch (global::System.Exception cause)
            {
                throw new PkixCertPathValidatorException("Could not get validity date from attribute certificate.", cause);
            }
            Rfc3281CertPathUtilities.CheckCrls(attributeCert, pkixParams, x509Certificate, validCertDateFromValidityModel, certPath.Certificates);
            return(result);
        }
Пример #2
0
        /**
         * Validates an attribute certificate with the given certificate path.
         *
         * <p>
         * <code>params</code> must be an instance of
         * <code>ExtendedPkixParameters</code>.
         * </p><p>
         * The target constraints in the <code>params</code> must be an
         * <code>X509AttrCertStoreSelector</code> with at least the attribute
         * certificate criterion set. Obey that also target informations may be
         * necessary to correctly validate this attribute certificate.
         * </p><p>
         * The attribute certificate issuer must be added to the trusted attribute
         * issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}.
         * </p>
         * @param certPath The certificate path which belongs to the attribute
         *            certificate issuer public key certificate.
         * @param params The PKIX parameters.
         * @return A <code>PKIXCertPathValidatorResult</code> of the result of
         *         validating the <code>certPath</code>.
         * @throws InvalidAlgorithmParameterException if <code>params</code> is
         *             inappropriate for this validator.
         * @throws CertPathValidatorException if the verification fails.
         */
        public virtual PkixCertPathValidatorResult Validate(
            PkixCertPath certPath,
            PkixParameters pkixParams)
        {
            IX509Selector certSelect = pkixParams.GetTargetConstraints();

            if (!(certSelect is X509AttrCertStoreSelector))
            {
                throw new ArgumentException(
                          "TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName,
                          "pkixParams");
            }
            IX509AttributeCertificate attrCert = ((X509AttrCertStoreSelector)certSelect).AttributeCert;

            PkixCertPath holderCertPath            = Rfc3281CertPathUtilities.ProcessAttrCert1(attrCert, pkixParams);
            PkixCertPathValidatorResult result     = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
            X509Certificate             issuerCert = (X509Certificate)certPath.Certificates[0];

            Rfc3281CertPathUtilities.ProcessAttrCert3(issuerCert, pkixParams);
            Rfc3281CertPathUtilities.ProcessAttrCert4(issuerCert, pkixParams);
            Rfc3281CertPathUtilities.ProcessAttrCert5(attrCert, pkixParams);
            // 6 already done in X509AttrCertStoreSelector
            Rfc3281CertPathUtilities.ProcessAttrCert7(attrCert, certPath, holderCertPath, pkixParams);
            Rfc3281CertPathUtilities.AdditionalChecks(attrCert, pkixParams);
            DateTime date;

            try
            {
                date = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
            }
            catch (Exception e)
            {
                throw new PkixCertPathValidatorException(
                          "Could not get validity date from attribute certificate.", e);
            }
            Rfc3281CertPathUtilities.CheckCrls(attrCert, pkixParams, issuerCert, date, certPath.Certificates);
            return(result);
        }
Пример #3
0
        protected virtual PkixCertPathBuilderResult Build(
            X509Certificate tbvCert,
            PkixBuilderParameters pkixParams,
            IList tbvPath)
        {
            // If tbvCert is readily present in tbvPath, it indicates having run
            // into a cycle in the PKI graph.
            if (tbvPath.Contains(tbvCert))
            {
                return(null);
            }

            // step out, the certificate is not allowed to appear in a certification
            // chain.
            if (pkixParams.GetExcludedCerts().Contains(tbvCert))
            {
                return(null);
            }

            // test if certificate path exceeds maximum length
            if (pkixParams.MaxPathLength != -1)
            {
                if (tbvPath.Count - 1 > pkixParams.MaxPathLength)
                {
                    return(null);
                }
            }

            tbvPath.Add(tbvCert);

            X509CertificateParser     certParser    = new X509CertificateParser();
            PkixCertPathBuilderResult builderResult = null;
            PkixCertPathValidator     validator     = new PkixCertPathValidator();

            try
            {
                // check whether the issuer of <tbvCert> is a TrustAnchor
                if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
                {
                    // exception message from possibly later tried certification
                    // chains
                    PkixCertPath certPath = null;
                    try
                    {
                        certPath = new PkixCertPath(tbvPath);
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Certification path could not be constructed from certificate list.",
                                  e);
                    }

                    PkixCertPathValidatorResult result = null;
                    try
                    {
                        result = (PkixCertPathValidatorResult)validator.Validate(
                            certPath, pkixParams);
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Certification path could not be validated.", e);
                    }

                    return(new PkixCertPathBuilderResult(certPath, result.TrustAnchor,
                                                         result.PolicyTree, result.SubjectPublicKey));
                }
                else
                {
                    // add additional X.509 stores from locations in certificate
                    try
                    {
                        PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(
                            tbvCert, pkixParams);
                    }
                    catch (CertificateParsingException e)
                    {
                        throw new Exception(
                                  "No additiontal X.509 stores can be added from certificate locations.",
                                  e);
                    }

                    // try to get the issuer certificate from one of the stores
                    HashSet issuers = new HashSet();
                    try
                    {
                        issuers.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
                    }
                    catch (Exception e)
                    {
                        throw new Exception(
                                  "Cannot find issuer certificate for certificate in certification path.",
                                  e);
                    }

                    if (issuers.IsEmpty)
                    {
                        throw new Exception("No issuer certificate for certificate in certification path found.");
                    }

                    foreach (X509Certificate issuer in issuers)
                    {
                        builderResult = Build(issuer, pkixParams, tbvPath);

                        if (builderResult != null)
                        {
                            break;
                        }
                    }
                }
            }
            catch (Exception e)
            {
                certPathException = e;
            }

            if (builderResult == null)
            {
                tbvPath.Remove(tbvCert);
            }

            return(builderResult);
        }
 internal CertificateValidationResult(PkixCertPathValidatorResult result)
 {
     _result = result;
     Success = true;
 }
Пример #5
0
        protected virtual PkixCertPathBuilderResult Build(X509Certificate tbvCert, PkixBuilderParameters pkixParams, global::System.Collections.IList tbvPath)
        {
            if (tbvPath.Contains((object)tbvCert))
            {
                return(null);
            }
            if (pkixParams.GetExcludedCerts().Contains(tbvCert))
            {
                return(null);
            }
            if (pkixParams.MaxPathLength != -1 && ((global::System.Collections.ICollection)tbvPath).get_Count() - 1 > pkixParams.MaxPathLength)
            {
                return(null);
            }
            tbvPath.Add((object)tbvCert);
            PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
            PkixCertPathValidator     pkixCertPathValidator     = new PkixCertPathValidator();

            try
            {
                if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
                {
                    PkixCertPath pkixCertPath = null;
                    try
                    {
                        pkixCertPath = new PkixCertPath((global::System.Collections.ICollection)tbvPath);
                    }
                    catch (global::System.Exception ex)
                    {
                        throw new global::System.Exception("Certification path could not be constructed from certificate list.", ex);
                    }
                    PkixCertPathValidatorResult pkixCertPathValidatorResult = null;
                    try
                    {
                        pkixCertPathValidatorResult = pkixCertPathValidator.Validate(pkixCertPath, pkixParams);
                    }
                    catch (global::System.Exception ex2)
                    {
                        throw new global::System.Exception("Certification path could not be validated.", ex2);
                    }
                    return(new PkixCertPathBuilderResult(pkixCertPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey));
                }
                try
                {
                    PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
                }
                catch (CertificateParsingException ex3)
                {
                    throw new global::System.Exception("No additiontal X.509 stores can be added from certificate locations.", (global::System.Exception)ex3);
                }
                HashSet hashSet = new HashSet();
                try
                {
                    hashSet.AddAll((global::System.Collections.IEnumerable)PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
                }
                catch (global::System.Exception ex4)
                {
                    throw new global::System.Exception("Cannot find issuer certificate for certificate in certification path.", ex4);
                }
                if (hashSet.IsEmpty)
                {
                    throw new global::System.Exception("No issuer certificate for certificate in certification path found.");
                }
                global::System.Collections.IEnumerator enumerator = hashSet.GetEnumerator();
                try
                {
                    while (enumerator.MoveNext())
                    {
                        X509Certificate tbvCert2 = (X509Certificate)enumerator.get_Current();
                        pkixCertPathBuilderResult = Build(tbvCert2, pkixParams, tbvPath);
                        if (pkixCertPathBuilderResult != null)
                        {
                            break;
                        }
                    }
                }
                finally
                {
                    global::System.IDisposable disposable = enumerator as global::System.IDisposable;
                    if (disposable != null)
                    {
                        disposable.Dispose();
                    }
                }
            }
            catch (global::System.Exception ex5)
            {
                global::System.Exception ex6 = (certPathException = ex5);
            }
            if (pkixCertPathBuilderResult == null)
            {
                tbvPath.Remove((object)tbvCert);
            }
            return(pkixCertPathBuilderResult);
        }
        protected virtual PkixCertPathBuilderResult Build(X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath)
        {
            if (tbvPath.Contains(tbvCert))
            {
                return(null);
            }
            if (pkixParams.GetExcludedCerts().Contains(tbvCert))
            {
                return(null);
            }
            if (pkixParams.MaxPathLength != -1 && tbvPath.Count - 1 > pkixParams.MaxPathLength)
            {
                return(null);
            }
            tbvPath.Add(tbvCert);
            PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
            PkixCertPathValidator     pkixCertPathValidator     = new PkixCertPathValidator();

            try
            {
                if (PkixCertPathValidatorUtilities.FindTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()) != null)
                {
                    PkixCertPath certPath = null;
                    try
                    {
                        certPath = new PkixCertPath(tbvPath);
                    }
                    catch (Exception innerException)
                    {
                        throw new Exception("Certification path could not be constructed from certificate list.", innerException);
                    }
                    PkixCertPathValidatorResult pkixCertPathValidatorResult = null;
                    try
                    {
                        pkixCertPathValidatorResult = pkixCertPathValidator.Validate(certPath, pkixParams);
                    }
                    catch (Exception innerException2)
                    {
                        throw new Exception("Certification path could not be validated.", innerException2);
                    }
                    return(new PkixCertPathBuilderResult(certPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey));
                }
                try
                {
                    PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
                }
                catch (CertificateParsingException innerException3)
                {
                    throw new Exception("No additiontal X.509 stores can be added from certificate locations.", innerException3);
                }
                HashSet hashSet = new HashSet();
                try
                {
                    hashSet.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
                }
                catch (Exception innerException4)
                {
                    throw new Exception("Cannot find issuer certificate for certificate in certification path.", innerException4);
                }
                if (hashSet.IsEmpty)
                {
                    throw new Exception("No issuer certificate for certificate in certification path found.");
                }
                foreach (X509Certificate tbvCert2 in hashSet)
                {
                    pkixCertPathBuilderResult = this.Build(tbvCert2, pkixParams, tbvPath);
                    if (pkixCertPathBuilderResult != null)
                    {
                        break;
                    }
                }
            }
            catch (Exception ex)
            {
                this.certPathException = ex;
            }
            if (pkixCertPathBuilderResult == null)
            {
                tbvPath.Remove(tbvCert);
            }
            return(pkixCertPathBuilderResult);
        }