本文整理汇总了C#中Org.BouncyCastle.Pkix.PkixCertPath类的典型用法代码示例。如果您正苦于以下问题:C# PkixCertPath类的具体用法?C# PkixCertPath怎么用?C# PkixCertPath使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
PkixCertPath类属于Org.BouncyCastle.Pkix命名空间,在下文中一共展示了PkixCertPath类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: Validate
public CertificateValidationResult Validate(Certificate certificate)
{
if (certificate == null)
throw new ArgumentNullException("certificate");
try
{
var x509Certs = new List<X509Certificate>();
x509Certs.AddRange(_chain.Select(c => c.BouncyX509Certificate));
x509Certs.Add(certificate.BouncyX509Certificate);
IX509Store x509CertStore = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(x509Certs));
var x509Certificates = x509Certs.Skip(1).ToList();
var certPath = new PkixCertPath(x509Certificates);
ISet trust = new HashSet { new TrustAnchor(x509Certs.First(), null) };
var certPathValidator = new PkixCertPathValidator();
var paramsPkix = new PkixParameters(trust);
paramsPkix.AddStore(x509CertStore);
paramsPkix.IsRevocationEnabled = false;
var pkixResult = certPathValidator.Validate(certPath, paramsPkix);
return new CertificateValidationResult(pkixResult);
}
catch (Exception e)
{
return new CertificateValidationResult(e);
}
}示例2: Validate
/**
* Validates an attribute certificate with the given certificate path.
*
* <p>
* <code>params</code> must be an instance of
* <code>ExtendedPkixParameters</code>.
* </p><p>
* The target constraints in the <code>params</code> must be an
* <code>X509AttrCertStoreSelector</code> with at least the attribute
* certificate criterion set. Obey that also target informations may be
* necessary to correctly validate this attribute certificate.
* </p><p>
* The attribute certificate issuer must be added to the trusted attribute
* issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}.
* </p>
* @param certPath The certificate path which belongs to the attribute
* certificate issuer public key certificate.
* @param params The PKIX parameters.
* @return A <code>PKIXCertPathValidatorResult</code> of the result of
* validating the <code>certPath</code>.
* @throws InvalidAlgorithmParameterException if <code>params</code> is
* inappropriate for this validator.
* @throws CertPathValidatorException if the verification fails.
*/
public virtual PkixCertPathValidatorResult Validate(
PkixCertPath certPath,
PkixParameters pkixParams)
{
IX509Selector certSelect = pkixParams.GetTargetConstraints();
if (!(certSelect is X509AttrCertStoreSelector))
{
throw new ArgumentException(
"TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName,
"pkixParams");
}
IX509AttributeCertificate attrCert = ((X509AttrCertStoreSelector) certSelect).AttributeCert;
PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attrCert, pkixParams);
PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
X509Certificate issuerCert = (X509Certificate)certPath.Certificates[0];
Rfc3281CertPathUtilities.ProcessAttrCert3(issuerCert, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert4(issuerCert, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert5(attrCert, pkixParams);
// 6 already done in X509AttrCertStoreSelector
Rfc3281CertPathUtilities.ProcessAttrCert7(attrCert, certPath, holderCertPath, pkixParams);
Rfc3281CertPathUtilities.AdditionalChecks(attrCert, pkixParams);
DateTime date;
try
{
date = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Could not get validity date from attribute certificate.", e);
}
Rfc3281CertPathUtilities.CheckCrls(attrCert, pkixParams, issuerCert, date, certPath.Certificates);
return result;
}示例3: PkixCertPathBuilderResult
public PkixCertPathBuilderResult(
PkixCertPath certPath,
TrustAnchor trustAnchor,
PkixPolicyNode policyTree,
AsymmetricKeyParameter subjectPublicKey)
: base(trustAnchor, policyTree, subjectPublicKey)
{
if (certPath == null)
throw new ArgumentNullException("certPath");
this.certPath = certPath;
}示例4: ProcessAttrCert7
internal static void ProcessAttrCert7(
IX509AttributeCertificate attrCert,
PkixCertPath certPath,
PkixCertPath holderCertPath,
PkixParameters pkixParams)
{
// TODO:
// AA Controls
// Attribute encryption
// Proxy
ISet critExtOids = attrCert.GetCriticalExtensionOids();
// 7.1
// process extensions
// target information checked in step 6 / X509AttributeCertStoreSelector
if (critExtOids.Contains(X509Extensions.TargetInformation.Id))
{
try
{
TargetInformation.GetInstance(PkixCertPathValidatorUtilities
.GetExtensionValue(attrCert, X509Extensions.TargetInformation));
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Target information extension could not be read.", e);
}
}
critExtOids.Remove(X509Extensions.TargetInformation.Id);
foreach (PkixAttrCertChecker checker in pkixParams.GetAttrCertCheckers())
{
checker.Check(attrCert, certPath, holderCertPath, critExtOids);
}
if (!critExtOids.IsEmpty)
{
throw new PkixCertPathValidatorException(
"Attribute certificate contains unsupported critical extensions: "
+ critExtOids);
}
}示例5: PkixCertPathValidatorException
/// <summary>
/// Creates a <code>PkixCertPathValidatorException</code> with the specified
/// detail message, cause, certification path, and index.
/// </summary>
/// <param name="message">the detail message (or <code>null</code> if none)</param>
/// <param name="cause">the cause (or <code>null</code> if none)</param>
/// <param name="certPath">the certification path that was in the process of being
/// validated when the error was encountered</param>
/// <param name="index">the index of the certificate in the certification path that</param> *
public PkixCertPathValidatorException(
string message,
Exception cause,
PkixCertPath certPath,
int index)
: base(message)
{
if (certPath == null && index != -1)
{
throw new ArgumentNullException(
"certPath = null and index != -1");
}
if (index < -1
|| (certPath != null && index >= certPath.Certificates.Count))
{
throw new IndexOutOfRangeException(
" index < -1 or out of bound of certPath.getCertificates()");
}
this.cause = cause;
this.certPath = certPath;
this.index = index;
}示例6: PrepareNextCertK
internal static void PrepareNextCertK(
PkixCertPath certPath,
int index)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
//
// (k)
//
BasicConstraints bc = null;
try
{
bc = BasicConstraints.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.BasicConstraints));
}
catch (Exception e)
{
throw new PkixCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath,
index);
}
if (bc != null)
{
if (!(bc.IsCA()))
throw new PkixCertPathValidatorException("Not a CA certificate");
}
else
{
throw new PkixCertPathValidatorException("Intermediate certificate lacks BasicConstraints");
}
}示例7: PrepareNextCertL
internal static int PrepareNextCertL(
PkixCertPath certPath,
int index,
int maxPathLength)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
//
// (l)
//
if (!PkixCertPathValidatorUtilities.IsSelfIssued(cert))
{
if (maxPathLength <= 0)
{
throw new PkixCertPathValidatorException("Max path length not greater than zero", null, certPath, index);
}
return maxPathLength - 1;
}
return maxPathLength;
}示例8: PrepareNextCertA
internal static void PrepareNextCertA(
PkixCertPath certPath,
int index)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
//
//
// (a) check the policy mappings
//
Asn1Sequence pm = null;
try
{
pm = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyMappings));
}
catch (Exception ex)
{
throw new PkixCertPathValidatorException(
"Policy mappings extension could not be decoded.", ex, certPath, index);
}
if (pm != null)
{
Asn1Sequence mappings = pm;
for (int j = 0; j < mappings.Count; j++)
{
DerObjectIdentifier issuerDomainPolicy = null;
DerObjectIdentifier subjectDomainPolicy = null;
try
{
Asn1Sequence mapping = DerSequence.GetInstance(mappings[j]);
issuerDomainPolicy = DerObjectIdentifier.GetInstance(mapping[0]);
subjectDomainPolicy = DerObjectIdentifier.GetInstance(mapping[1]);
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Policy mappings extension contents could not be decoded.", e, certPath, index);
}
if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(issuerDomainPolicy.Id))
throw new PkixCertPathValidatorException(
"IssuerDomainPolicy is anyPolicy", null, certPath, index);
if (Rfc3280CertPathUtilities.ANY_POLICY.Equals(subjectDomainPolicy.Id))
throw new PkixCertPathValidatorException(
"SubjectDomainPolicy is anyPolicy,", null, certPath, index);
}
}
}示例9: PerformTest
public override void PerformTest()
{
X509CertificateParser certParser = new X509CertificateParser();
X509CrlParser crlParser = new X509CrlParser();
// initialise CertStore
X509Certificate rootCert = certParser.ReadCertificate(CertPathTest.rootCertBin);
X509Certificate interCert = certParser.ReadCertificate(CertPathTest.interCertBin);
X509Certificate finalCert = certParser.ReadCertificate(CertPathTest.finalCertBin);
X509Crl rootCrl = crlParser.ReadCrl(CertPathTest.rootCrlBin);
X509Crl interCrl = crlParser.ReadCrl(CertPathTest.interCrlBin);
IList x509Certs = new ArrayList();
x509Certs.Add(rootCert);
x509Certs.Add(interCert);
x509Certs.Add(finalCert);
IList x509Crls = new ArrayList();
x509Crls.Add(rootCrl);
x509Crls.Add(interCrl);
// CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
// CertStore store = CertStore.GetInstance("Collection", ccsp);
// X509CollectionStoreParameters ccsp = new X509CollectionStoreParameters(list);
IX509Store x509CertStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(x509Certs));
IX509Store x509CrlStore = X509StoreFactory.Create(
"CRL/Collection",
new X509CollectionStoreParameters(x509Crls));
// NB: Month is 1-based in .NET
//DateTime validDate = new DateTime(2008,9,4,14,49,10).ToUniversalTime();
DateTime validDate = new DateTime(2008, 9, 4, 5, 49, 10);
//validating path
IList certchain = new ArrayList();
certchain.Add(finalCert);
certchain.Add(interCert);
// CertPath cp = CertificateFactory.GetInstance("X.509").GenerateCertPath(certchain);
PkixCertPath cp = new PkixCertPath(certchain);
ISet trust = new HashSet();
trust.Add(new TrustAnchor(rootCert, null));
// CertPathValidator cpv = CertPathValidator.GetInstance("PKIX");
PkixCertPathValidator cpv = new PkixCertPathValidator();
PkixParameters param = new PkixParameters(trust);
param.AddStore(x509CertStore);
param.AddStore(x509CrlStore);
param.Date = new DateTimeObject(validDate);
MyChecker checker = new MyChecker();
param.AddCertPathChecker(checker);
PkixCertPathValidatorResult result = (PkixCertPathValidatorResult) cpv.Validate(cp, param);
PkixPolicyNode policyTree = result.PolicyTree;
AsymmetricKeyParameter subjectPublicKey = result.SubjectPublicKey;
if (checker.GetCount() != 2)
{
Fail("checker not evaluated for each certificate");
}
if (!subjectPublicKey.Equals(finalCert.GetPublicKey()))
{
Fail("wrong public key returned");
}
//
// invalid path containing a valid one test
//
try
{
// initialise CertStore
rootCert = certParser.ReadCertificate(AC_RAIZ_ICPBRASIL);
interCert = certParser.ReadCertificate(AC_PR);
finalCert = certParser.ReadCertificate(schefer);
x509Certs = new ArrayList();
x509Certs.Add(rootCert);
x509Certs.Add(interCert);
x509Certs.Add(finalCert);
// ccsp = new CollectionCertStoreParameters(list);
// store = CertStore.GetInstance("Collection", ccsp);
// ccsp = new X509CollectionStoreParameters(list);
x509CertStore = X509StoreFactory.Create(
"Certificate/Collection",
new X509CollectionStoreParameters(x509Certs));
// NB: Month is 1-based in .NET
validDate = new DateTime(2004,3,21,2,21,10).ToUniversalTime();
//validating path
certchain = new ArrayList();
certchain.Add(finalCert);
certchain.Add(interCert);
// cp = CertificateFactory.GetInstance("X.509").GenerateCertPath(certchain);
cp = new PkixCertPath(certchain);
trust = new HashSet();
trust.Add(new TrustAnchor(rootCert, null));
//.........这里部分代码省略.........
示例10: WrapupCertF
internal static void WrapupCertF(
PkixCertPath certPath,
int index,
IList pathCheckers,
ISet criticalExtensions)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
IEnumerator tmpIter = pathCheckers.GetEnumerator();
while (tmpIter.MoveNext())
{
try
{
((PkixCertPathChecker)tmpIter.Current).Check(cert, criticalExtensions);
}
catch (PkixCertPathValidatorException e)
{
throw new PkixCertPathValidatorException("Additional certificate path checker failed.", e, certPath,
index);
}
}
if (!criticalExtensions.IsEmpty)
{
throw new PkixCertPathValidatorException("Certificate has unsupported critical extension",
null, certPath, index);
}
}示例11: ProcessCertBC
internal static void ProcessCertBC(
PkixCertPath certPath,
int index,
PkixNameConstraintValidator nameConstraintValidator)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
int n = certs.Count;
// i as defined in the algorithm description
int i = n - index;
//
// (b), (c) permitted and excluded subtree checking.
//
if (!(PkixCertPathValidatorUtilities.IsSelfIssued(cert) && (i < n)))
{
X509Name principal = cert.SubjectDN;
Asn1InputStream aIn = new Asn1InputStream(principal.GetEncoded());
Asn1Sequence dns;
try
{
dns = DerSequence.GetInstance(aIn.ReadObject());
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Exception extracting subject name when checking subtrees.", e, certPath, index);
}
try
{
nameConstraintValidator.CheckPermittedDN(dns);
nameConstraintValidator.CheckExcludedDN(dns);
}
catch (PkixNameConstraintValidatorException e)
{
throw new PkixCertPathValidatorException(
"Subtree check for certificate subject failed.", e, certPath, index);
}
GeneralNames altName = null;
try
{
altName = GeneralNames.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.SubjectAlternativeName));
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Subject alternative name extension could not be decoded.", e, certPath, index);
}
IList emails = X509Name.GetInstance(dns).GetValueList(X509Name.EmailAddress);
foreach (string email in emails)
{
GeneralName emailAsGeneralName = new GeneralName(GeneralName.Rfc822Name, email);
try
{
nameConstraintValidator.checkPermitted(emailAsGeneralName);
nameConstraintValidator.checkExcluded(emailAsGeneralName);
}
catch (PkixNameConstraintValidatorException ex)
{
throw new PkixCertPathValidatorException(
"Subtree check for certificate subject alternative email failed.", ex, certPath, index);
}
}
if (altName != null)
{
GeneralName[] genNames = null;
try
{
genNames = altName.GetNames();
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Subject alternative name contents could not be decoded.", e, certPath, index);
}
foreach (GeneralName genName in genNames)
{
try
{
nameConstraintValidator.checkPermitted(genName);
nameConstraintValidator.checkExcluded(genName);
}
catch (PkixNameConstraintValidatorException e)
{
throw new PkixCertPathValidatorException(
"Subtree check for certificate subject alternative name failed.", e, certPath, index);
}
}
}
}
}示例12: PrepareNextCertO
internal static void PrepareNextCertO(
PkixCertPath certPath,
int index,
ISet criticalExtensions,
IList pathCheckers)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
//
// (o)
//
IEnumerator tmpIter = pathCheckers.GetEnumerator();
while (tmpIter.MoveNext())
{
try
{
((PkixCertPathChecker)tmpIter.Current).Check(cert, criticalExtensions);
}
catch (PkixCertPathValidatorException e)
{
throw new PkixCertPathValidatorException(e.Message, e.InnerException, certPath, index);
}
}
if (!criticalExtensions.IsEmpty)
{
throw new PkixCertPathValidatorException("Certificate has unsupported critical extension.", null, certPath,
index);
}
}示例13: PrepareNextCertH3
internal static int PrepareNextCertH3(
PkixCertPath certPath,
int index,
int inhibitAnyPolicy)
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
//
// (h)
//
if (!PkixCertPathValidatorUtilities.IsSelfIssued(cert))
{
//
// (3)
//
if (inhibitAnyPolicy != 0)
return inhibitAnyPolicy - 1;
}
return inhibitAnyPolicy;
}示例14: PrepareNextCertM
internal static int PrepareNextCertM(
PkixCertPath certPath,
int index,
int maxPathLength)
//throws CertPathValidatorException
{
IList certs = certPath.Certificates;
X509Certificate cert = (X509Certificate)certs[index];
//
// (m)
//
BasicConstraints bc = null;
try
{
bc = BasicConstraints.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.BasicConstraints));
}
catch (Exception e)
{
throw new PkixCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath,
index);
}
if (bc != null)
{
BigInteger _pathLengthConstraint = bc.PathLenConstraint;
if (_pathLengthConstraint != null)
{
int _plc = _pathLengthConstraint.IntValue;
if (_plc < maxPathLength)
{
return _plc;
}
}
}
return maxPathLength;
}示例15: ProcessAttrCert2
internal static PkixCertPathValidatorResult ProcessAttrCert2(
PkixCertPath certPath,
PkixParameters pkixParams)
{
PkixCertPathValidator validator = new PkixCertPathValidator();
try
{
return validator.Validate(certPath, pkixParams);
}
catch (PkixCertPathValidatorException e)
{
throw new PkixCertPathValidatorException(
"Certification path for issuer certificate of attribute certificate could not be validated.",
e);
}
}