/// <summary> /// Add a revoked certificate. /// </summary> public CrlBuilder AddRevokedCertificate(RevokedCertificate revokedCertificate) { if (revokedCertificate == null) { throw new ArgumentNullException(nameof(revokedCertificate)); } m_revokedCertificates.Add(revokedCertificate); return(this); }
/// <summary> /// Decode the Tbs of the CRL. /// </summary> /// <param name="tbs">The raw TbsCertList of the CRL.</param> internal void DecodeCrl(byte[] tbs) { try { AsnReader crlReader = new AsnReader(tbs, AsnEncodingRules.DER); var tag = Asn1Tag.Sequence; var seqReader = crlReader.ReadSequence(tag); crlReader.ThrowIfNotEmpty(); if (seqReader != null) { // Version is OPTIONAL uint version = 0; var intTag = new Asn1Tag(UniversalTagNumber.Integer); var peekTag = seqReader.PeekTag(); if (peekTag == intTag) { if (seqReader.TryReadUInt32(out version)) { if (version != 1) { throw new AsnContentException($"The CRL contains an incorrect version {version}"); } } } // Signature Algorithm Identifier var sigReader = seqReader.ReadSequence(); var oid = sigReader.ReadObjectIdentifier(); m_hashAlgorithmName = Oids.GetHashAlgorithmName(oid); if (sigReader.HasData) { sigReader.ReadNull(); } sigReader.ThrowIfNotEmpty(); // Issuer m_issuerName = new X500DistinguishedName(seqReader.ReadEncodedValue().ToArray()); // thisUpdate m_thisUpdate = seqReader.ReadUtcTime().UtcDateTime; // nextUpdate is OPTIONAL var utcTag = new Asn1Tag(UniversalTagNumber.UtcTime); peekTag = seqReader.PeekTag(); if (peekTag == utcTag) { m_nextUpdate = seqReader.ReadUtcTime().UtcDateTime; } var seqTag = new Asn1Tag(UniversalTagNumber.Sequence, true); peekTag = seqReader.PeekTag(); if (peekTag == seqTag) { // revoked certificates var revReader = seqReader.ReadSequence(tag); var revokedCertificates = new List <RevokedCertificate>(); while (revReader.HasData) { var crlEntry = revReader.ReadSequence(); var serial = crlEntry.ReadInteger(); var revokedCertificate = new RevokedCertificate(serial.ToByteArray()); revokedCertificate.RevocationDate = crlEntry.ReadUtcTime().UtcDateTime; if (version == 1 && crlEntry.HasData) { // CRL entry extensions var crlEntryExtensions = crlEntry.ReadSequence(); while (crlEntryExtensions.HasData) { var extension = crlEntryExtensions.ReadExtension(); revokedCertificate.CrlEntryExtensions.Add(extension); } crlEntryExtensions.ThrowIfNotEmpty(); } crlEntry.ThrowIfNotEmpty(); revokedCertificates.Add(revokedCertificate); } revReader.ThrowIfNotEmpty(); m_revokedCertificates = revokedCertificates; } // CRL extensions OPTIONAL if (version == 1 && seqReader.HasData) { var extTag = new Asn1Tag(TagClass.ContextSpecific, 0); var optReader = seqReader.ReadSequence(extTag); var crlExtensionList = new X509ExtensionCollection(); var crlExtensions = optReader.ReadSequence(); while (crlExtensions.HasData) { var extension = crlExtensions.ReadExtension(); crlExtensionList.Add(extension); } m_crlExtensions = crlExtensionList; } seqReader.ThrowIfNotEmpty(); m_decoded = true; return; } throw new CryptographicException("The CRL contains ivalid data."); } catch (AsnContentException ace) { throw new CryptographicException("Failed to decode the CRL.", ace); } }