示例#1
0
        /// <summary>
        /// Añade una lista de revocación de certificados
        /// </summary>
        /// <param name="stream"></param>
        public void AddCRL(Stream stream)
        {
            Org.BouncyCastle.X509.X509CrlParser parser = new Org.BouncyCastle.X509.X509CrlParser();
            var x509crl = parser.ReadCrl(stream);

            _crls.Add(x509crl);
        }
示例#2
0
        /// <summary>
        /// Añade una lista de revocación de certificados
        /// </summary>
        /// <param name="stream"></param>
        public void AddCRL(Stream stream)
        {
            Org.BouncyCastle.X509.X509CrlParser parser = new Org.BouncyCastle.X509.X509CrlParser();
            var x509crl = parser.ReadCrl(stream);

            _crls.Add(x509crl);
        }
示例#3
0
        /// <summary>
        /// Revoke the certificate.
        /// The CRL number is increased by one and the new CRL is returned.
        /// </summary>
        public static X509CRL RevokeCertificate(
            X509Certificate2 issuerCertificate,
            List <X509CRL> issuerCrls,
            X509Certificate2Collection revokedCertificates,
            DateTime thisUpdate,
            DateTime nextUpdate,
            X509SignatureGenerator generator,
            uint hashSize
            )
        {
            var crlSerialNumber = Org.BouncyCastle.Math.BigInteger.Zero;

            Org.BouncyCastle.X509.X509Certificate bcCertCA =
                new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(issuerCertificate.RawData);
            Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory =
                new KeyVaultSignatureFactory(GetRSAHashAlgorithmName(hashSize), generator);

            var crlGen = new Org.BouncyCastle.X509.X509V2CrlGenerator();

            crlGen.SetIssuerDN(bcCertCA.IssuerDN);

            if (thisUpdate == DateTime.MinValue)
            {
                thisUpdate = DateTime.UtcNow;
            }
            crlGen.SetThisUpdate(thisUpdate);

            if (nextUpdate <= thisUpdate)
            {
                nextUpdate = bcCertCA.NotAfter;
            }
            crlGen.SetNextUpdate(nextUpdate);
            // merge all existing revocation list
            if (issuerCrls != null)
            {
                var parser = new Org.BouncyCastle.X509.X509CrlParser();
                foreach (X509CRL issuerCrl in issuerCrls)
                {
                    Org.BouncyCastle.X509.X509Crl crl = parser.ReadCrl(issuerCrl.RawData);
                    crlGen.AddCrl(crl);
                    var crlVersion = GetCrlNumber(crl);
                    if (crlVersion.IntValue > crlSerialNumber.IntValue)
                    {
                        crlSerialNumber = crlVersion;
                    }
                }
            }

            if (revokedCertificates == null || revokedCertificates.Count == 0)
            {
                // add a dummy revoked cert
                crlGen.AddCrlEntry(Org.BouncyCastle.Math.BigInteger.One, thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.Unspecified);
            }
            else
            {
                // add the revoked cert
                foreach (var revokedCertificate in revokedCertificates)
                {
                    crlGen.AddCrlEntry(GetSerialNumber(revokedCertificate), thisUpdate, Org.BouncyCastle.Asn1.X509.CrlReason.PrivilegeWithdrawn);
                }
            }

            crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier,
                                false,
                                new Org.BouncyCastle.X509.Extension.AuthorityKeyIdentifierStructure(bcCertCA));

            // set new serial number
            crlSerialNumber = crlSerialNumber.Add(Org.BouncyCastle.Math.BigInteger.One);
            crlGen.AddExtension(Org.BouncyCastle.Asn1.X509.X509Extensions.CrlNumber,
                                false,
                                new Org.BouncyCastle.Asn1.X509.CrlNumber(crlSerialNumber));

            // generate updated CRL
            Org.BouncyCastle.X509.X509Crl updatedCrl = crlGen.Generate(signatureFactory);

            return(new X509CRL(updatedCrl.GetEncoded()));
        }