private ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DerGeneralizedTime thisUpdate,
DerGeneralizedTime nextUpdate,
X509Extensions extensions)
{
this.certId = certId;
if (certStatus == null)
{
this.certStatus = new CertStatus();
}
else if (certStatus is UnknownStatus)
{
this.certStatus = new CertStatus(2, DerNull.Instance);
}
else
{
RevokedStatus rs = (RevokedStatus)certStatus;
CrlReason revocationReason = rs.HasRevocationReason
? new CrlReason(rs.RevocationReason)
: null;
this.certStatus = new CertStatus(
new RevokedInfo(new DerGeneralizedTime(rs.RevocationTime), revocationReason));
}
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.extensions = extensions;
}
internal CertsNode(CaControl info, CertStatus certStatus)
{
caInfo = info;
status = certStatus;
this.ImageIndex = 3;
this.SelectedImageIndex = 3;
// Create the CaInfoContext instance for use by the ListView
CaInfoContext context = new CaInfoContext(info)
{
certStatus = status
};
// Create a ListView for the node.
MmcListViewDescription lvd = new MmcListViewDescription();
lvd.DisplayName = caInfo.CAName;
lvd.ViewType = typeof(CertListView);
lvd.Options = MmcListViewOptions.ExcludeScopeNodes | MmcListViewOptions.SingleSelect;
lvd.Tag = context;
this.ViewDescriptions.Add(lvd);
this.ViewDescriptions.DefaultIndex = 0;
Refresh();
}
/// <summary>
/// Construct a CA Database object by reading in all the data from the CA DB file
/// and convert to a display-friendly format
/// </summary>
/// <param name="dbLocation">Pathname of the CA DB file</param>
/// <param name="certStatus">Status of certificates to load</param>
public CaDB(string DbLocation, CertStatus CertStatus)
{
this.dbLocation = DbLocation;
this.certStatus = CertStatus;
createDB();
}
public SslStatus(bool isSecureConnection, CertStatus certStatus, SslVersion sslVersion, SslContentStatus contentStatus, X509Certificate2 certificate)
{
this.isSecureConnection = isSecureConnection;
this.certStatus = certStatus;
this.sslVersion = sslVersion;
this.contentStatus = contentStatus;
this.certificate = certificate;
}
public SingleResponse(CertID certID, CertStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions singleExtensions)
{
this.certID = certID;
this.certStatus = certStatus;
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.singleExtensions = singleExtensions;
}
public SslStatus(bool isSecureConnection, CertStatus certStatus, SslVersion sslVersion, SslContentStatus contentStatus, X509Certificate2 certificate)
{
IsSecureConnection = isSecureConnection;
CertStatus = certStatus;
SslVersion = sslVersion;
ContentStatus = contentStatus;
X509Certificate = certificate;
}
public virtual CertStatus[] ToCertStatusArray()
{
CertStatus[] array = new CertStatus[content.Count];
for (int i = 0; i != array.Length; i++)
{
array[i] = CertStatus.GetInstance(content[i]);
}
return(array);
}
internal static void GetCertStatus(DateTime validDate, X509Crl crl, object cert, CertStatus certStatus)
{
X509Crl x509Crl = null;
try
{
x509Crl = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Object.FromByteArray(crl.GetEncoded())));
}
catch (Exception innerException)
{
throw new Exception("Bouncy Castle X509Crl could not be created.", innerException);
}
X509CrlEntry revokedCertificate = x509Crl.GetRevokedCertificate(GetSerialNumber(cert));
if (revokedCertificate == null)
{
return;
}
X509Name issuerPrincipal = GetIssuerPrincipal(cert);
if (!issuerPrincipal.Equivalent(revokedCertificate.GetCertificateIssuer(), inOrder: true) && !issuerPrincipal.Equivalent(crl.IssuerDN, inOrder: true))
{
return;
}
DerEnumerated derEnumerated = null;
if (revokedCertificate.HasExtensions)
{
try
{
derEnumerated = DerEnumerated.GetInstance(GetExtensionValue(revokedCertificate, X509Extensions.ReasonCode));
}
catch (Exception innerException2)
{
throw new Exception("Reason code CRL entry extension could not be decoded.", innerException2);
}
}
if (validDate.Ticks >= revokedCertificate.RevocationDate.Ticks || derEnumerated == null || derEnumerated.Value.TestBit(0) || derEnumerated.Value.TestBit(1) || derEnumerated.Value.TestBit(2) || derEnumerated.Value.TestBit(8))
{
if (derEnumerated != null)
{
certStatus.Status = derEnumerated.Value.SignValue;
}
else
{
certStatus.Status = 0;
}
certStatus.RevocationDate = new DateTimeObject(revokedCertificate.RevocationDate);
}
}
public object GetCertStatus()
{
CertStatus certStatus = this.resp.CertStatus;
if (certStatus.TagNo == 0)
{
return(null);
}
if (certStatus.TagNo == 1)
{
return(new RevokedStatus(RevokedInfo.GetInstance(certStatus.Status)));
}
return(new UnknownStatus());
}
public Object getCertStatus()
{
CertStatus s = resp.getCertStatus();
if (s.getTagNo() == 0)
{
return(null); // good
}
else if (s.getTagNo() == 1)
{
return(new RevokedStatus(RevokedInfo.getInstance(s.getStatus())));
}
return(new UnknownStatus());
}
/// <summary>
/// Return a list of certs with a given status
/// </summary>
/// <param name="status">Status to search on</param>
/// <returns>List of certificates matching search term</returns>
public List <DataBase> GetCerts(CertStatus status)
{
switch (status)
{
case CertStatus.Current:
return(CurrentCerts);
case CertStatus.Revoked:
return(RevokedCerts);
case CertStatus.Expired:
return(ExpiredCerts);
}
return(null);
}
/**
* Return the status object for the response - null indicates good.
*
* @return the status object for the response, null if it is good.
*/
public object GetCertStatus()
{
CertStatus s = resp.CertStatus;
if (s.TagNo == 0)
{
return(null); // good
}
if (s.TagNo == 1)
{
return(new RevokedStatus(RevokedInfo.GetInstance(s.Status)));
}
return(new UnknownStatus());
}
public ResponseObject(CertificateID certId, CertificateStatus certStatus, DateTime thisUpdate, Object nextUpdate, X509Extensions extensions)
{
this.certId = certId;
if (certStatus == null)
{
this.certStatus = new CertStatus();
}
else if (certStatus is UnknownStatus)
{
this.certStatus = new CertStatus(2, new DERNull());
}
else
{
RevokedStatus rs = (RevokedStatus)certStatus;
if (rs.hasRevocationReason())
{
this.certStatus = new CertStatus(
new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()),
new CRLReason(rs.getRevocationReason()))
);
}
else
{
this.certStatus = new CertStatus(
new RevokedInfo(new DERGeneralizedTime(rs.getRevocationTime()), null));
}
}
this.thisUpdate = new DERGeneralizedTime(thisUpdate);
if (nextUpdate != null)
{
this.nextUpdate = new DERGeneralizedTime((DateTime)nextUpdate);
}
this.extensions = extensions;
}
public SingleResponse(Asn1Sequence seq)
{
certID = CertID.GetInstance(seq[0]);
certStatus = CertStatus.GetInstance(seq[1]);
thisUpdate = (DerGeneralizedTime)seq[2];
if (seq.Count > 4)
{
nextUpdate = DerGeneralizedTime.GetInstance((Asn1TaggedObject)seq[3], isExplicit: true);
singleExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[4], explicitly: true);
}
else if (seq.Count > 3)
{
Asn1TaggedObject asn1TaggedObject = (Asn1TaggedObject)seq[3];
if (asn1TaggedObject.TagNo == 0)
{
nextUpdate = DerGeneralizedTime.GetInstance(asn1TaggedObject, isExplicit: true);
}
else
{
singleExtensions = X509Extensions.GetInstance(asn1TaggedObject, explicitly: true);
}
}
}
private static void CheckCrl(DistributionPoint dp, IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, DateTime validDate, X509Certificate issuerCert, CertStatus certStatus, ReasonsMask reasonMask, IList certPathCerts)
{
if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
{
DateTime utcNow = DateTime.UtcNow;
if (validDate.CompareTo((object)utcNow) > 0)
{
throw new Exception("Validation time is in future.");
}
ISet completeCrls = PkixCertPathValidatorUtilities.GetCompleteCrls(dp, attrCert, utcNow, paramsPKIX);
bool flag = false;
Exception ex = null;
IEnumerator enumerator = completeCrls.GetEnumerator();
while (enumerator.MoveNext() && certStatus.Status == 11 && !reasonMask.IsAllReasons)
{
try
{
X509Crl x509Crl = (X509Crl)enumerator.Current;
ReasonsMask reasonsMask = Rfc3280CertPathUtilities.ProcessCrlD(x509Crl, dp);
if (reasonsMask.HasNewReasons(reasonMask))
{
ISet keys = Rfc3280CertPathUtilities.ProcessCrlF(x509Crl, attrCert, null, null, paramsPKIX, certPathCerts);
AsymmetricKeyParameter key = Rfc3280CertPathUtilities.ProcessCrlG(x509Crl, keys);
X509Crl x509Crl2 = null;
if (paramsPKIX.IsUseDeltasEnabled)
{
ISet deltaCrls = PkixCertPathValidatorUtilities.GetDeltaCrls(utcNow, paramsPKIX, x509Crl);
x509Crl2 = Rfc3280CertPathUtilities.ProcessCrlH(deltaCrls, key);
}
if (paramsPKIX.ValidityModel != 1 && attrCert.NotAfter.CompareTo((object)x509Crl.ThisUpdate) < 0)
{
throw new Exception("No valid CRL for current time found.");
}
Rfc3280CertPathUtilities.ProcessCrlB1(dp, attrCert, x509Crl);
Rfc3280CertPathUtilities.ProcessCrlB2(dp, attrCert, x509Crl);
Rfc3280CertPathUtilities.ProcessCrlC(x509Crl2, x509Crl, paramsPKIX);
Rfc3280CertPathUtilities.ProcessCrlI(validDate, x509Crl2, attrCert, certStatus, paramsPKIX);
Rfc3280CertPathUtilities.ProcessCrlJ(validDate, x509Crl, attrCert, certStatus);
if (certStatus.Status == 8)
{
certStatus.Status = 11;
}
reasonMask.AddReasons(reasonsMask);
flag = true;
}
}
catch (Exception ex2)
{
ex = ex2;
}
}
if (!flag)
{
throw ex;
}
}
}
public static SignatureDetails ValidateXMLSignature(string SignedXML)
{
if (SignedXML == null) throw new ArgumentNullException("SignedXML");
//Make sure the SAPI Library is loaded
SAPIInit();
SignatureDetails SigDetails = new SignatureDetails();
SigFieldSettings SigFieldSettings = new SigFieldSettingsClass();
SigFieldInfo SignatureFieldInfo = new SigFieldInfoClass();
SAPICrypt SAPI = new SAPICryptClass();
SigFieldHandle hField = null;
int rc;
SESHandle hSession = new SESHandleClass();
if ((rc = SAPI.HandleAcquire(out hSession)) != 0)
{
throw new Exception(string.Format(
"Memory allocation error (#{0})", rc.ToString("X")));
}
SAPIContext ctxValidateSignature = new SAPIContextClass();
int num = 0;
if ((rc = SAPI.SignatureFieldEnumInit(hSession, ctxValidateSignature, SAPI_ENUM_FILE_TYPE.SAPI_ENUM_FILE_XML, SignedXML, 0, ref num)) != 0)
{
SAPI.HandleRelease(hSession);
throw new Exception(string.Format(
"An error occured while initializing the signature validation process (#{0})", rc.ToString("X")));
}
if (num < 1) throw new Exception("The XML file is not signed!");
if (num > 1) throw new Exception("SAPI only supports a single signature per XML file!");
if ((rc = SAPI.SignatureFieldEnumCont(hSession, ctxValidateSignature, out hField)) != 0)
{
SAPI.ContextRelease(ctxValidateSignature);
SAPI.HandleRelease(hSession);
throw new Exception(string.Format(
"Failed to retrieve signature (#{0})", rc.ToString("X")));
}
if ((rc = SAPI.SignatureFieldInfoGet(hSession, hField, SigFieldSettings, SignatureFieldInfo)) != 0)
{
SAPI.ContextRelease(ctxValidateSignature);
SAPI.HandleRelease(hSession);
throw new Exception(string.Format(
"Failed to parse signature details (#{0})", rc.ToString("X")));
}
CertStatus not_used = new CertStatus();
SigDetails.isValid = SAPI.SignatureFieldVerify(hSession, hField, not_used, 0) == 0;
SigDetails.SignerCertificate = new X509Certificate2(
(byte[])(((SAPIByteArray)SignatureFieldInfo.Certificate).ToArray()));
SigDetails.SignerName = SignatureFieldInfo.SignerName;
//Convert FILE_TIME to ticks
ulong filetime = SignatureFieldInfo.SignatureTime.HighDateTime;
filetime <<= 32;
filetime += SignatureFieldInfo.SignatureTime.LowDateTime;
SigDetails.SignatureTimeTicks = DateTime.FromFileTimeUtc((long)filetime).Ticks;
//Cleanup memory
SAPI.ContextRelease(ctxValidateSignature);
SAPI.HandleRelease(hSession);
return SigDetails;
}
public CertificateStatus(DefaultDigestAlgorithmIdentifierFinder digestAlgFinder, CertStatus certStatus)
{
this.digestAlgFinder = digestAlgFinder;
this.certStatus = certStatus;
}
public static SignatureDetails ValidateXMLSignature(string SignedXML)
{
if (SignedXML == null)
{
throw new ArgumentNullException("SignedXML");
}
//Make sure the SAPI Library is loaded
SAPIInit();
SignatureDetails SigDetails = new SignatureDetails();
SigFieldSettings SigFieldSettings = new SigFieldSettingsClass();
SigFieldInfo SignatureFieldInfo = new SigFieldInfoClass();
SAPICrypt SAPI = new SAPICryptClass();
SigFieldHandle hField = null;
int rc;
SESHandle hSession = new SESHandleClass();
if ((rc = SAPI.HandleAcquire(out hSession)) != 0)
{
throw new Exception(string.Format(
"Memory allocation error (#{0})", rc.ToString("X")));
}
SAPIContext ctxValidateSignature = new SAPIContextClass();
int num = 0;
if ((rc = SAPI.SignatureFieldEnumInit(hSession, ctxValidateSignature, SAPI_ENUM_FILE_TYPE.SAPI_ENUM_FILE_XML, SignedXML, 0, ref num)) != 0)
{
SAPI.HandleRelease(hSession);
throw new Exception(string.Format(
"An error occured while initializing the signature validation process (#{0})", rc.ToString("X")));
}
if (num < 1)
{
throw new Exception("The XML file is not signed!");
}
if (num > 1)
{
throw new Exception("SAPI only supports a single signature per XML file!");
}
if ((rc = SAPI.SignatureFieldEnumCont(hSession, ctxValidateSignature, out hField)) != 0)
{
SAPI.ContextRelease(ctxValidateSignature);
SAPI.HandleRelease(hSession);
throw new Exception(string.Format(
"Failed to retrieve signature (#{0})", rc.ToString("X")));
}
if ((rc = SAPI.SignatureFieldInfoGet(hSession, hField, SigFieldSettings, SignatureFieldInfo)) != 0)
{
SAPI.ContextRelease(ctxValidateSignature);
SAPI.HandleRelease(hSession);
throw new Exception(string.Format(
"Failed to parse signature details (#{0})", rc.ToString("X")));
}
CertStatus not_used = new CertStatus();
SigDetails.isValid = SAPI.SignatureFieldVerify(hSession, hField, not_used, 0) == 0;
SigDetails.SignerCertificate = new X509Certificate2(
(byte[])(((SAPIByteArray)SignatureFieldInfo.Certificate).ToArray()));
SigDetails.SignerName = SignatureFieldInfo.SignerName;
//Convert FILE_TIME to ticks
ulong filetime = SignatureFieldInfo.SignatureTime.HighDateTime;
filetime <<= 32;
filetime += SignatureFieldInfo.SignatureTime.LowDateTime;
SigDetails.SignatureTimeTicks = DateTime.FromFileTimeUtc((long)filetime).Ticks;
//Cleanup memory
SAPI.ContextRelease(ctxValidateSignature);
SAPI.HandleRelease(hSession);
return(SigDetails);
}
internal static void CheckCrls(IX509AttributeCertificate attrCert, PkixParameters paramsPKIX, X509Certificate issuerCert, DateTime validDate, IList certPathCerts)
{
if (!paramsPKIX.IsRevocationEnabled)
{
return;
}
if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
{
CrlDistPoint crlDistPoint = null;
try
{
crlDistPoint = CrlDistPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(attrCert, X509Extensions.CrlDistributionPoints));
}
catch (Exception cause)
{
throw new PkixCertPathValidatorException("CRL distribution point extension could not be read.", cause);
}
try
{
PkixCertPathValidatorUtilities.AddAdditionalStoresFromCrlDistributionPoint(crlDistPoint, paramsPKIX);
}
catch (Exception cause2)
{
throw new PkixCertPathValidatorException("No additional CRL locations could be decoded from CRL distribution point extension.", cause2);
}
CertStatus certStatus = new CertStatus();
ReasonsMask reasonsMask = new ReasonsMask();
Exception cause3 = null;
bool flag = false;
if (crlDistPoint != null)
{
DistributionPoint[] array = null;
try
{
array = crlDistPoint.GetDistributionPoints();
}
catch (Exception cause4)
{
throw new PkixCertPathValidatorException("Distribution points could not be read.", cause4);
}
try
{
for (int i = 0; i < array.Length; i++)
{
if (certStatus.Status != 11)
{
break;
}
if (reasonsMask.IsAllReasons)
{
break;
}
PkixParameters paramsPKIX2 = (PkixParameters)paramsPKIX.Clone();
CheckCrl(array[i], attrCert, paramsPKIX2, validDate, issuerCert, certStatus, reasonsMask, certPathCerts);
flag = true;
}
}
catch (Exception innerException)
{
cause3 = new Exception("No valid CRL for distribution point found.", innerException);
}
}
if (certStatus.Status == 11 && !reasonsMask.IsAllReasons)
{
try
{
Asn1Object asn1Object = null;
try
{
asn1Object = new Asn1InputStream(attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
}
catch (Exception innerException2)
{
throw new Exception("Issuer from certificate for CRL could not be reencoded.", innerException2);
}
DistributionPoint dp = new DistributionPoint(new DistributionPointName(0, new GeneralNames(new GeneralName(4, asn1Object))), null, null);
PkixParameters paramsPKIX3 = (PkixParameters)paramsPKIX.Clone();
CheckCrl(dp, attrCert, paramsPKIX3, validDate, issuerCert, certStatus, reasonsMask, certPathCerts);
flag = true;
}
catch (Exception innerException3)
{
cause3 = new Exception("No valid CRL for distribution point found.", innerException3);
}
}
if (!flag)
{
throw new PkixCertPathValidatorException("No valid CRL found.", cause3);
}
if (certStatus.Status != 11)
{
string str = certStatus.RevocationDate.Value.ToString("ddd MMM dd HH:mm:ss K yyyy");
string str2 = "Attribute certificate revocation after " + str;
str2 = str2 + ", reason: " + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
throw new PkixCertPathValidatorException(str2);
}
if (!reasonsMask.IsAllReasons && certStatus.Status == 11)
{
certStatus.Status = 12;
}
if (certStatus.Status == 12)
{
throw new PkixCertPathValidatorException("Attribute certificate status could not be determined.");
}
}
else if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
{
throw new PkixCertPathValidatorException("No rev avail extension is set, but also an AC revocation pointer.");
}
}
