Remove() публичный Метод

public Remove ( object o ) : void
o object
Результат void
		* Checks a distribution point for revocation information for the
		* certificate <code>cert</code>.
		* @param dp                 The distribution point to consider.
		* @param paramsPKIX         PKIX parameters.
		* @param cert               Certificate to check if it is revoked.
		* @param validDate          The date when the certificate revocation status should be
		*                           checked.
		* @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>.
		* @param defaultCRLSignKey  The public key of the issuer certificate
		*                           <code>defaultCRLSignCert</code>.
		* @param certStatus         The current certificate revocation status.
		* @param reasonMask         The reasons mask which is already checked.
		* @param certPathCerts      The certificates of the certification path.
		* @throws AnnotatedException if the certificate is revoked or the status cannot be checked
		*                            or some error occurs.
		private static void CheckCrl(
			DistributionPoint dp,
			PkixParameters paramsPKIX,
			X509Certificate cert,
			DateTime validDate,
			X509Certificate defaultCRLSignCert,
			AsymmetricKeyParameter defaultCRLSignKey,
			CertStatus certStatus,
			ReasonsMask reasonMask,
			IList certPathCerts)
			//throws AnnotatedException
			DateTime currentDate = DateTime.UtcNow;

			if (validDate.Ticks > currentDate.Ticks)
				throw new Exception("Validation time is in future.");

			// (a)
			 * We always get timely valid CRLs, so there is no step (a) (1).
			 * "locally cached" CRLs are assumed to be in getStore(), additional
			 * CRLs must be enabled in the ExtendedPKIXParameters and are in
			 * getAdditionalStore()

			ISet crls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, cert, currentDate, paramsPKIX);
			bool validCrlFound = false;
			Exception lastException = null;

			IEnumerator crl_iter = crls.GetEnumerator();

			while (crl_iter.MoveNext() && certStatus.Status == CertStatus.Unrevoked && !reasonMask.IsAllReasons)
					X509Crl crl = (X509Crl)crl_iter.Current;

					// (d)
					ReasonsMask interimReasonsMask = Rfc3280CertPathUtilities.ProcessCrlD(crl, dp);

					// (e)
					 * The reasons mask is updated at the end, so only valid CRLs
					 * can update it. If this CRL does not contain new reasons it
					 * must be ignored.
					if (!interimReasonsMask.HasNewReasons(reasonMask))

					// (f)
					ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(crl, cert, defaultCRLSignCert, defaultCRLSignKey,
						paramsPKIX, certPathCerts);
					// (g)
					AsymmetricKeyParameter key = Rfc3280CertPathUtilities.ProcessCrlG(crl, keys);

					X509Crl deltaCRL = null;

					if (paramsPKIX.IsUseDeltasEnabled)
						// get delta CRLs
						ISet deltaCRLs = PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl);
						// we only want one valid delta CRL
						// (h)
						deltaCRL = Rfc3280CertPathUtilities.ProcessCrlH(deltaCRLs, key);

					 * CRL must be be valid at the current time, not the validation
					 * time. If a certificate is revoked with reason keyCompromise,
					 * cACompromise, it can be used for forgery, also for the past.
					 * This reason may not be contained in older CRLs.

					 * in the chain model signatures stay valid also after the
					 * certificate has been expired, so they do not have to be in
					 * the CRL validity time

					if (paramsPKIX.ValidityModel != PkixParameters.ChainValidityModel)
						 * if a certificate has expired, but was revoked, it is not
						 * more in the CRL, so it would be regarded as valid if the
						 * first check is not done
						if (cert.NotAfter.Ticks < crl.ThisUpdate.Ticks)
							throw new Exception("No valid CRL for current time found.");

					Rfc3280CertPathUtilities.ProcessCrlB1(dp, cert, crl);

					// (b) (2)
					Rfc3280CertPathUtilities.ProcessCrlB2(dp, cert, crl);

					// (c)
					Rfc3280CertPathUtilities.ProcessCrlC(deltaCRL, crl, paramsPKIX);

					// (i)
					Rfc3280CertPathUtilities.ProcessCrlI(validDate, deltaCRL, cert, certStatus, paramsPKIX);

					// (j)
					Rfc3280CertPathUtilities.ProcessCrlJ(validDate, crl, cert, certStatus);

					// (k)
					if (certStatus.Status == CrlReason.RemoveFromCrl)
						certStatus.Status = CertStatus.Unrevoked;

					// update reasons mask

					ISet criticalExtensions = crl.GetCriticalExtensionOids();

					if (criticalExtensions != null)
						criticalExtensions = new HashSet(criticalExtensions);

						if (!criticalExtensions.IsEmpty)
							throw new Exception("CRL contains unsupported critical extensions.");

					if (deltaCRL != null)
						criticalExtensions = deltaCRL.GetCriticalExtensionOids();
						if (criticalExtensions != null)
							criticalExtensions = new HashSet(criticalExtensions);

							if (!criticalExtensions.IsEmpty)
								throw new Exception("Delta CRL contains unsupported critical extension.");

					validCrlFound = true;
				catch (Exception e)
					lastException = e;
			if (!validCrlFound)
				throw lastException;
        public virtual PkixCertPathValidatorResult Validate(
			PkixCertPath	certPath,
			PkixParameters	paramsPkix)
            if (paramsPkix.GetTrustAnchors() == null)
                throw new ArgumentException(
                    @"trustAnchors is null, this is not allowed for certification path validation.",

            // 6.1.1 - inputs

            // (a)
            IList certs = certPath.Certificates;
            int n = certs.Count;

            if (certs.Count == 0)
                throw new PkixCertPathValidatorException("Certification path is empty.", null, certPath, 0);

            // (b)
            // DateTime validDate = PkixCertPathValidatorUtilities.GetValidDate(paramsPkix);

            // (c)
            ISet userInitialPolicySet = paramsPkix.GetInitialPolicies();

            // (d)
            TrustAnchor trust;
                trust = PkixCertPathValidatorUtilities.FindTrustAnchor(
                    (X509Certificate)certs[certs.Count - 1],
            catch (Exception e)
                throw new PkixCertPathValidatorException(e.Message, e, certPath, certs.Count - 1);

            if (trust == null)
                throw new PkixCertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);

            // (e), (f), (g) are part of the paramsPkix object.
            IEnumerator certIter;
            int index = 0;
            int i;
            // Certificate for each interation of the validation loop
            // Signature information for each iteration of the validation loop
            // 6.1.2 - setup

            // (a)
            IList[] policyNodes = new IList[n + 1];
            for (int j = 0; j < policyNodes.Length; j++)
                policyNodes[j] = Platform.CreateArrayList();

            ISet policySet = new HashSet();


            PkixPolicyNode validPolicyTree = new PkixPolicyNode(Platform.CreateArrayList(), 0, policySet, null, new HashSet(),
                    Rfc3280CertPathUtilities.ANY_POLICY, false);


            // (b) and (c)
            PkixNameConstraintValidator nameConstraintValidator = new PkixNameConstraintValidator();

            // (d)
            int explicitPolicy;
            ISet acceptablePolicies = new HashSet();

            if (paramsPkix.IsExplicitPolicyRequired)
                explicitPolicy = 0;
                explicitPolicy = n + 1;

            // (e)
            int inhibitAnyPolicy;

            if (paramsPkix.IsAnyPolicyInhibited)
                inhibitAnyPolicy = 0;
                inhibitAnyPolicy = n + 1;

            // (f)
            int policyMapping;

            if (paramsPkix.IsPolicyMappingInhibited)
                policyMapping = 0;
                policyMapping = n + 1;

            // (g), (h), (i), (j)
            IAsymmetricKeyParameter workingPublicKey;
            X509Name workingIssuerName;

            X509Certificate sign = trust.TrustedCert;
                if (sign != null)
                    workingIssuerName = sign.SubjectDN;
                    workingPublicKey = sign.GetPublicKey();
                    workingIssuerName = new X509Name(trust.CAName);
                    workingPublicKey = trust.CAPublicKey;
            catch (ArgumentException ex)
                throw new PkixCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath,

            AlgorithmIdentifier workingAlgId = null;
                workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
            catch (PkixCertPathValidatorException e)
                throw new PkixCertPathValidatorException(
                        "Algorithm identifier of public key of trust anchor could not be read.", e, certPath, -1);

            //			DerObjectIdentifier workingPublicKeyAlgorithm = workingAlgId.ObjectID;
            //			Asn1Encodable workingPublicKeyParameters = workingAlgId.Parameters;

            // (k)
            int maxPathLength = n;

            // 6.1.3

            X509CertStoreSelector certConstraints = paramsPkix.GetTargetCertConstraints();
            if (certConstraints != null && !certConstraints.Match((X509Certificate)certs[0]))
                throw new PkixCertPathValidatorException(
                    "Target certificate in certification path does not match targetConstraints.", null, certPath, 0);

            // initialize CertPathChecker's
            IList pathCheckers = paramsPkix.GetCertPathCheckers();
            certIter = pathCheckers.GetEnumerator();

            while (certIter.MoveNext())

            X509Certificate cert = null;

            for (index = certs.Count - 1; index >= 0; index--)
                // try
                // {
                // i as defined in the algorithm description
                i = n - index;

                // set certificate to be checked in this round
                // sign and workingPublicKey and workingIssuerName are set
                // at the end of the for loop and initialized the
                // first time from the TrustAnchor
                cert = (X509Certificate)certs[index];

                // 6.1.3

                Rfc3280CertPathUtilities.ProcessCertA(certPath, paramsPkix, index, workingPublicKey,
                    workingIssuerName, sign);

                Rfc3280CertPathUtilities.ProcessCertBC(certPath, index, nameConstraintValidator);

                validPolicyTree = Rfc3280CertPathUtilities.ProcessCertD(certPath, index,
                    acceptablePolicies, validPolicyTree, policyNodes, inhibitAnyPolicy);

                validPolicyTree = Rfc3280CertPathUtilities.ProcessCertE(certPath, index, validPolicyTree);

                Rfc3280CertPathUtilities.ProcessCertF(certPath, index, validPolicyTree, explicitPolicy);

                // 6.1.4

                if (i != n)
                    if (cert != null && cert.Version == 1)
                        throw new PkixCertPathValidatorException(
                            "Version 1 certificates can't be used as CA ones.", null, certPath, index);

                    Rfc3280CertPathUtilities.PrepareNextCertA(certPath, index);

                    validPolicyTree = Rfc3280CertPathUtilities.PrepareCertB(certPath, index, policyNodes,
                        validPolicyTree, policyMapping);

                    Rfc3280CertPathUtilities.PrepareNextCertG(certPath, index, nameConstraintValidator);

                    // (h)
                    explicitPolicy = Rfc3280CertPathUtilities.PrepareNextCertH1(certPath, index, explicitPolicy);
                    policyMapping = Rfc3280CertPathUtilities.PrepareNextCertH2(certPath, index, policyMapping);
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertH3(certPath, index, inhibitAnyPolicy);

                    // (i)
                    explicitPolicy = Rfc3280CertPathUtilities.PrepareNextCertI1(certPath, index, explicitPolicy);
                    policyMapping = Rfc3280CertPathUtilities.PrepareNextCertI2(certPath, index, policyMapping);

                    // (j)
                    inhibitAnyPolicy = Rfc3280CertPathUtilities.PrepareNextCertJ(certPath, index, inhibitAnyPolicy);

                    // (k)
                    Rfc3280CertPathUtilities.PrepareNextCertK(certPath, index);

                    // (l)
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertL(certPath, index, maxPathLength);

                    // (m)
                    maxPathLength = Rfc3280CertPathUtilities.PrepareNextCertM(certPath, index, maxPathLength);

                    // (n)
                    Rfc3280CertPathUtilities.PrepareNextCertN(certPath, index);

                    ISet criticalExtensions1 = cert.GetCriticalExtensionOids();

                    if (criticalExtensions1 != null)
                        criticalExtensions1 = new HashSet(criticalExtensions1);

                        // these extensions are handled by the algorithm
                        criticalExtensions1 = new HashSet();

                    // (o)
                    Rfc3280CertPathUtilities.PrepareNextCertO(certPath, index, criticalExtensions1, pathCheckers);

                    // set signing certificate for next round
                    sign = cert;

                    // (c)
                    workingIssuerName = sign.SubjectDN;

                    // (d)
                        workingPublicKey = PkixCertPathValidatorUtilities.GetNextWorkingKey(certPath.Certificates, index);
                    catch (PkixCertPathValidatorException e)
                        throw new PkixCertPathValidatorException("Next working key could not be retrieved.", e, certPath, index);

                    workingAlgId = PkixCertPathValidatorUtilities.GetAlgorithmIdentifier(workingPublicKey);
                    // (f)
            //                    workingPublicKeyAlgorithm = workingAlgId.ObjectID;
                    // (e)
            //                    workingPublicKeyParameters = workingAlgId.Parameters;

            // 6.1.5 Wrap-up procedure

            explicitPolicy = Rfc3280CertPathUtilities.WrapupCertA(explicitPolicy, cert);

            explicitPolicy = Rfc3280CertPathUtilities.WrapupCertB(certPath, index + 1, explicitPolicy);

            // (c) (d) and (e) are already done

            // (f)
            ISet criticalExtensions = cert.GetCriticalExtensionOids();

            if (criticalExtensions != null)
                criticalExtensions = new HashSet(criticalExtensions);

                // Requires .Id
                // these extensions are handled by the algorithm
                criticalExtensions = new HashSet();

            Rfc3280CertPathUtilities.WrapupCertF(certPath, index + 1, pathCheckers, criticalExtensions);

            PkixPolicyNode intersection = Rfc3280CertPathUtilities.WrapupCertG(certPath, paramsPkix, userInitialPolicySet,
                    index + 1, policyNodes, validPolicyTree, acceptablePolicies);

            if ((explicitPolicy > 0) || (intersection != null))
                return new PkixCertPathValidatorResult(trust, intersection, cert.GetPublicKey());

            throw new PkixCertPathValidatorException("Path processing failed on policy.", null, certPath, index);