示例#1
0
        /**
         * Build and validate a CertPath using the given parameter.
         *
         * @param params PKIXBuilderParameters object containing all information to
         *            build the CertPath
         */
        public virtual PkixCertPathBuilderResult Build(
            PkixBuilderParameters pkixParams)
        {
            // search target certificates

            IX509Selector certSelect = pkixParams.GetTargetCertConstraints();

            if (!(certSelect is X509CertStoreSelector))
            {
                throw new PkixCertPathBuilderException(
                          "TargetConstraints must be an instance of "
                          + typeof(X509CertStoreSelector).FullName + " for "
                          + Platform.GetTypeName(this) + " class.");
            }

            ISet targets = new HashSet();

            try
            {
                targets.AddAll(PkixCertPathValidatorUtilities.FindCertificates((X509CertStoreSelector)certSelect, pkixParams.GetStores()));
                // TODO Should this include an entry for pkixParams.GetAdditionalStores() too?
            }
            catch (Exception e)
            {
                throw new PkixCertPathBuilderException(
                          "Error finding target certificate.", e);
            }

            if (targets.IsEmpty)
            {
                throw new PkixCertPathBuilderException("No certificate found matching targetContraints.");
            }

            PkixCertPathBuilderResult result = null;
            IList certPathList = Platform.CreateArrayList();

            // check all potential target certificates
            foreach (X509Certificate cert in targets)
            {
                result = Build(cert, pkixParams, certPathList);

                if (result != null)
                {
                    break;
                }
            }

            if (result == null && certPathException != null)
            {
                throw new PkixCertPathBuilderException(certPathException.Message, certPathException.InnerException);
            }

            if (result == null && certPathException == null)
            {
                throw new PkixCertPathBuilderException("Unable to find certificate chain.");
            }

            return(result);
        }
        /**
         * Build and validate a CertPath using the given parameter.
         *
         * @param params PKIXBuilderParameters object containing all information to
         *            build the CertPath
         */
        public virtual PkixCertPathBuilderResult Build(
            PkixBuilderParameters pkixParams)
        {
            // search target certificates

            IX509Selector certSelect = pkixParams.GetTargetConstraints();

            if (!(certSelect is X509AttrCertStoreSelector))
            {
                throw new PkixCertPathBuilderException(
                          "TargetConstraints must be an instance of "
                          + typeof(X509AttrCertStoreSelector).FullName
                          + " for "
                          + typeof(PkixAttrCertPathBuilder).FullName + " class.");
            }

            ICollection targets;

            try
            {
                targets = PkixCertPathValidatorUtilities.FindCertificates(
                    (X509AttrCertStoreSelector)certSelect, pkixParams.GetStores());
            }
            catch (Exception e)
            {
                throw new PkixCertPathBuilderException("Error finding target attribute certificate.", e);
            }

            if (targets.Count == 0)
            {
                throw new PkixCertPathBuilderException(
                          "No attribute certificate found matching targetContraints.");
            }

            PkixCertPathBuilderResult result = null;

            // check all potential target certificates
            foreach (IX509AttributeCertificate cert in targets)
            {
                X509CertStoreSelector selector   = new X509CertStoreSelector();
                X509Name[]            principals = cert.Issuer.GetPrincipals();
                ISet issuers = new HashSet();
                for (int i = 0; i < principals.Length; i++)
                {
                    try
                    {
                        selector.Subject = principals[i];

                        issuers.AddAll(PkixCertPathValidatorUtilities.FindCertificates(selector, pkixParams.GetStores()));
                    }
                    catch (Exception e)
                    {
                        throw new PkixCertPathBuilderException(
                                  "Public key certificate for attribute certificate cannot be searched.",
                                  e);
                    }
                }

                if (issuers.IsEmpty)
                {
                    throw new PkixCertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
                }

                IList certPathList = Platform.CreateArrayList();

                foreach (X509Certificate issuer in issuers)
                {
                    result = Build(cert, issuer, pkixParams, certPathList);

                    if (result != null)
                    {
                        break;
                    }
                }

                if (result != null)
                {
                    break;
                }
            }

            if (result == null && certPathException != null)
            {
                throw new PkixCertPathBuilderException(
                          "Possible certificate chain could not be validated.",
                          certPathException);
            }

            if (result == null && certPathException == null)
            {
                throw new PkixCertPathBuilderException(
                          "Unable to find certificate chain.");
            }

            return(result);
        }
        /**
         * Find the issuer certificates of a given certificate.
         *
         * @param cert
         *            The certificate for which an issuer should be found.
         * @param pkixParams
         * @return A <code>Collection</code> object containing the issuer
         *         <code>X509Certificate</code>s. Never <code>null</code>.
         *
         * @exception Exception
         *                if an error occurs.
         */
        internal static ICollection FindIssuerCerts(
            X509Certificate cert,
            PkixBuilderParameters pkixParams)
        {
            X509CertStoreSelector certSelect = new X509CertStoreSelector();
            ISet certs = new HashSet();

            try
            {
                certSelect.Subject = cert.IssuerDN;
            }
            catch (IOException ex)
            {
                throw new Exception(
                          "Subject criteria for certificate selector to find issuer certificate could not be set.", ex);
            }

            try
            {
                certs.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetStores()));
                certs.AddAll(PkixCertPathValidatorUtilities.FindCertificates(certSelect, pkixParams.GetAdditionalStores()));
            }
            catch (Exception e)
            {
                throw new Exception("Issuer certificate cannot be searched.", e);
            }

            return(certs);
        }