本文整理汇总了C#中IX509Store.GetMatches方法的典型用法代码示例。如果您正苦于以下问题:C# IX509Store.GetMatches方法的具体用法?C# IX509Store.GetMatches怎么用?C# IX509Store.GetMatches使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类IX509Store的用法示例。
在下文中一共展示了IX509Store.GetMatches方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: GetCertificatesFromStore
public static IList GetCertificatesFromStore(
IX509Store certStore)
{
try
{
IList certs = new ArrayList();
if (certStore != null)
{
foreach (X509Certificate c in certStore.GetMatches(null))
{
certs.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(c.GetEncoded())));
}
}
return certs;
}
catch (CertificateEncodingException e)
{
throw new CmsException("error encoding certs", e);
}
catch (Exception e)
{
throw new CmsException("error processing certs", e);
}
}示例2: GetCertificate
private static X509Certificate GetCertificate(SignerInformation signer, IX509Store cmsCertificates)
{
X509Certificate cert = null;
// Create a selector with the information necessary to
// find the signer certificate
X509CertStoreSelector sel = new X509CertStoreSelector();
sel.Issuer = signer.SignerID.Issuer;
sel.SerialNumber = signer.SignerID.SerialNumber;
// Try find a match
IList certificatesFound = new ArrayList( cmsCertificates.GetMatches(sel) );
if (certificatesFound.Count > 0) // Match found
{
// Load certificate from CMS
Console.WriteLine("Loading signer's certificate from CMS...");
cert = (X509Certificate)certificatesFound[0];
}
else
{
// Load certificate from file
Console.WriteLine("Loading signer's certificate from file...");
ReadCertificate("..\\..\\example.cer");
}
return cert;
}示例3: AddAttributeCertificates
/**
* Add the attribute certificates contained in the passed in store to the
* generator.
*
* @param store a store of Version 2 attribute certificates
* @throws CmsException if an error occurse processing the store.
*/
public void AddAttributeCertificates(
IX509Store store)
{
try
{
foreach (IX509AttributeCertificate attrCert in store.GetMatches(null))
{
_certs.Add(new DerTaggedObject(false, 2,
AttributeCertificate.GetInstance(Asn1Object.FromByteArray(attrCert.GetEncoded()))));
}
}
catch (Exception e)
{
throw new CmsException("error processing attribute certs", e);
}
}示例4: GetCertificate
X509Certificate GetCertificate(IX509Store store, SignerID signer)
{
var matches = store.GetMatches (signer);
foreach (X509Certificate certificate in matches) {
return certificate;
}
return GetCertificate (signer);
}示例5: BuildCertPath
PkixCertPath BuildCertPath(HashSet anchors, IX509Store certificates, IX509Store crls, X509Certificate certificate, DateTime? signingTime)
{
var intermediate = new X509CertificateStore ();
foreach (X509Certificate cert in certificates.GetMatches (null))
intermediate.Add (cert);
var selector = new X509CertStoreSelector ();
selector.Certificate = certificate;
var parameters = new PkixBuilderParameters (anchors, selector);
parameters.AddStore (GetIntermediateCertificates ());
parameters.AddStore (intermediate);
var localCrls = GetCertificateRevocationLists ();
parameters.AddStore (localCrls);
parameters.AddStore (crls);
// Note: we disable revocation unless we actually have non-empty revocation lists
parameters.IsRevocationEnabled = localCrls.GetMatches (null).Count > 0;
parameters.ValidityModel = PkixParameters.ChainValidityModel;
if (signingTime.HasValue)
parameters.Date = new DateTimeObject (signingTime.Value);
var result = new PkixCertPathBuilder ().Build (parameters);
return result.CertPath;
}示例6: GetCrlsFromStore
public static IList GetCrlsFromStore(
IX509Store crlStore)
{
try
{
IList crls = Platform.CreateArrayList();
if (crlStore != null)
{
foreach (X509Crl c in crlStore.GetMatches(null))
{
crls.Add(
CertificateList.GetInstance(
Asn1Object.FromByteArray(c.GetEncoded())));
}
}
return crls;
}
catch (CrlException e)
{
throw new CmsException("error encoding crls", e);
}
catch (Exception e)
{
throw new CmsException("error processing crls", e);
}
}示例7: Verify
private static CertificateSecurityInformation Verify(Org.BouncyCastle.X509.X509Certificate cert, DateTime date, IX509Store certs, IList<CertificateList> crls, IList<BasicOcspResponse> ocsps, bool checkRevocation, bool checkTime)
{
CertificateSecurityInformation result = new CertificateSecurityInformation();
AsymmetricKeyParameter key = cert.GetPublicKey();
//check key type
if (!(key is RsaKeyParameters))
{
result.securityViolations.Add(CertSecurityViolation.NotValidKeyType);
trace.TraceEvent(TraceEventType.Warning, 0, "The key should be RSA but was {0}", key.GetType());
}
//check key size
if (!VerifyKeySize(key, EteeActiveConfig.Unseal.MinimumSignatureKeySize))
{
result.securityViolations.Add(CertSecurityViolation.NotValidKeySize);
trace.TraceEvent(TraceEventType.Warning, 0, "The key was smaller then {0}", EteeActiveConfig.Unseal.MinimumSignatureKeySize);
}
X509Certificate2Collection extraStore = new X509Certificate2Collection();
foreach (Org.BouncyCastle.X509.X509Certificate obj in certs.GetMatches(null))
{
extraStore.Add(new X509Certificate2(obj.GetEncoded()));
}
Chain chain;
if (checkRevocation)
chain = new X509Certificate2(cert.GetEncoded()).BuildChain(date, extraStore, ref crls, ref ocsps, checkTime ? DateTime.UtcNow : date);
else
chain = new X509Certificate2(cert.GetEncoded()).BuildBasicChain(date, extraStore);
CertificateSecurityInformation dest = null;
foreach (ChainElement ce in chain.ChainElements)
{
if (dest == null) {
dest = result;
}
else
{
dest.IssuerInfo = new CertificateSecurityInformation();
dest = dest.IssuerInfo;
}
dest.Certificate = ce.Certificate;
foreach (X509ChainStatus status in ce.ChainElementStatus.Where(x => x.Status != X509ChainStatusFlags.NoError))
{
dest.securityViolations.Add((CertSecurityViolation)Enum.Parse(typeof(CertSecurityViolation), Enum.GetName(typeof(X509ChainStatusFlags), status.Status)));
}
}
if (chain.ChainStatus.Count(x => x.Status == X509ChainStatusFlags.PartialChain) > 0)
{
result.securityViolations.Add(CertSecurityViolation.IssuerTrustUnknown);
}
trace.TraceEvent(TraceEventType.Verbose, 0, "Verified certificate {0} for date {1}", cert.SubjectDN.ToString(), date);
return result;
}示例8: Verify
private SignatureSecurityInformation Verify(SignerInformationStore signerInfos, IX509Store certs, SignatureSecurityInformation outer)
{
trace.TraceEvent(TraceEventType.Information, 0, "Verifying the {0} signature information", outer != null ? "outer" : "inner");
SignatureSecurityInformation result = new SignatureSecurityInformation();
//Check if signed (only allow single signatures)
SignerInformation signerInfo = null;
IEnumerator iterator = signerInfos.GetSigners().GetEnumerator();
if (!iterator.MoveNext()) {
result.securityViolations.Add(SecurityViolation.NotSigned);
trace.TraceEvent(TraceEventType.Warning, 0, "Although it is a correct CMS file it isn't signed");
return result;
}
signerInfo = (SignerInformation)iterator.Current;
trace.TraceEvent(TraceEventType.Verbose, 0, "Found signature, with signer ID = issuer {0} and serial number {1}", signerInfo.SignerID.Issuer, signerInfo.SignerID.SerialNumber);
if (iterator.MoveNext())
{
trace.TraceEvent(TraceEventType.Error, 0, "Found more then one signature, this isn't supported (yet)");
throw new InvalidMessageException("An eHealth compliant message can have only one signer");
}
//check if signer used correct digest algorithm
int i = 0;
bool found = false;
StringBuilder algos = new StringBuilder();
while (!found && i < EteeActiveConfig.Unseal.SignatureAlgorithms.Count)
{
Oid algoDigest = EteeActiveConfig.Unseal.SignatureAlgorithms[i].DigestAlgorithm;
Oid algoEnc = EteeActiveConfig.Unseal.SignatureAlgorithms[i++].EncryptionAlgorithm;
algos.Append(algoDigest.Value + " (" + algoDigest.FriendlyName + ") + " + algoEnc.Value + " (" + algoEnc.FriendlyName + "), ");
found = (algoDigest.Value == signerInfo.DigestAlgOid) && (algoEnc.Value == signerInfo.EncryptionAlgOid);
}
if (!found)
{
result.securityViolations.Add(SecurityViolation.NotAllowedSignatureDigestAlgorithm);
trace.TraceEvent(TraceEventType.Warning, 0, "The signature digest + encryption algorithm {0} + {1} isn't allowed, only {2} are",
signerInfo.DigestAlgOid, signerInfo.EncryptionAlgOid, algos);
}
trace.TraceEvent(TraceEventType.Verbose, 0, "Verified the signature digest and encryption algorithm");
//Find the singing certificate and relevant info
Org.BouncyCastle.X509.X509Certificate signerCert = null;
if (certs.GetMatches(null).Count > 0)
{
//We got certificates, so lets find the signer
IEnumerator signerCerts = certs.GetMatches(signerInfo.SignerID).GetEnumerator();
if (!signerCerts.MoveNext())
{
//found no certificate
result.securityViolations.Add(SecurityViolation.NotFoundSigner);
trace.TraceEvent(TraceEventType.Warning, 0, "Could not find the signer certificate");
return result;
}
//Getting the first certificate
signerCert = (Org.BouncyCastle.X509.X509Certificate)signerCerts.Current;
trace.TraceEvent(TraceEventType.Verbose, 0, "Found the signer certificate: {0}", signerCert.SubjectDN.ToString());
//Check if the outer certificate matches the inner certificate
if (outer != null)
{
Org.BouncyCastle.X509.X509Certificate authCert = DotNetUtilities.FromX509Certificate(outer.Subject.Certificate);
trace.TraceEvent(TraceEventType.Verbose, 0, "Comparing The signer certificate {0} ({1}) with the authentication certificate {2} ({3})",
signerCert.SubjectDN, signerCert.IssuerDN, authCert.SubjectDN, authCert.IssuerDN);
//_safe_ check if the serial numbers of the subject name are equal and they have the same issuer
if (!authCert.SubjectDN.GetOidList().Contains(X509Name.SerialNumber)
|| !signerCert.SubjectDN.GetOidList().Contains(X509Name.SerialNumber)
|| authCert.SubjectDN.GetValueList(X509Name.SerialNumber).Count != 1
|| signerCert.SubjectDN.GetValueList(X509Name.SerialNumber).Count != 1
|| !authCert.SubjectDN.GetValueList(X509Name.SerialNumber)[0].Equals(signerCert.SubjectDN.GetValueList(X509Name.SerialNumber)[0])
|| !authCert.IssuerDN.Equals(signerCert.IssuerDN))
{
result.securityViolations.Add(SecurityViolation.SubjectDoesNotMachEnvelopingSubject);
trace.TraceEvent(TraceEventType.Warning, 0, "The signer certificate {0} ({1}) does not match the authentication certificate {2} ({3})",
signerCert.SubjectDN, signerCert.IssuerDN, authCert.SubjectDN, authCert.IssuerDN);
}
}
if (signerCerts.MoveNext())
{
//found several certificates...
trace.TraceEvent(TraceEventType.Error, 0, "Several certificates correspond to the signer");
throw new NotSupportedException("More then one certificate found that corresponds to the sender information in the message, this isn't supported by the library");
}
}
else
{
if (outer == null)
{
trace.TraceEvent(TraceEventType.Error, 0, "The outer signature does not contain any certificates");
throw new InvalidMessageException("The outer signature is missing certifcates");
}
//The subject is the same as the outer
result.Subject = outer.Subject;
signerCert = DotNetUtilities.FromX509Certificate(result.Subject.Certificate);
trace.TraceEvent(TraceEventType.Verbose, 0, "An already validated certificates was provided: {0}", signerCert.SubjectDN.ToString());
//.........这里部分代码省略.........