本文整理匯總了C#中Org.BouncyCastle.X509.X509Crl類的典型用法代碼示例。如果您正苦於以下問題:C# X509Crl類的具體用法?C# X509Crl怎麽用?C# X509Crl使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
X509Crl類屬於Org.BouncyCastle.X509命名空間,在下文中一共展示了X509Crl類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C#代碼示例。
示例1: Import
/// <summary>
/// Import the specified certificate revocation list.
/// </summary>
/// <param name="crl">The certificate revocation list.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="crl"/> is <c>null</c>.
/// </exception>
public override void Import(X509Crl crl)
{
if (crl == null)
throw new ArgumentNullException ("crl");
crls.Add (crl);
}
示例2: AddCrl
/**
* Add the CRLEntry objects contained in a previous CRL.
*
* @param other the X509Crl to source the other entries from.
*/
public void AddCrl(
X509Crl other)
{
if (other == null)
throw new ArgumentNullException("other");
ISet revocations = other.GetRevokedCertificates();
if (revocations != null)
{
foreach (X509CrlEntry entry in revocations)
{
try
{
tbsGen.AddCrlEntry(
Asn1Sequence.GetInstance(
Asn1Object.FromByteArray(entry.GetEncoded())));
}
catch (IOException e)
{
throw new CrlException("exception processing encoding of CRL", e);
}
}
}
}
示例3: X509CrlRecord
/// <summary>
/// Initializes a new instance of the <see cref="MimeKit.Cryptography.X509CrlRecord"/> class.
/// </summary>
/// <param name="crl">Crl.</param>
public X509CrlRecord(X509Crl crl)
{
if (crl == null)
throw new ArgumentNullException ("crl");
if (crl.NextUpdate != null)
NextUpdate = crl.NextUpdate.Value;
IssuerName = crl.IssuerDN.ToString ();
ThisUpdate = crl.ThisUpdate;
IsDelta = crl.IsDelta ();
Crl = crl;
}
示例4: Crl
public Crl(byte[] crlBytes)
{
_crl = new X509CrlParser().ReadCrl(crlBytes);
try
{
_crl.GetSignature();
}
catch (Exception)
{
throw new InvalidOperationException("Error parsing CRL");
}
}
示例5: GetIssuerX509Principal
/// <summary>Return the issuer of the given CRL as an X509Principal.</summary>
public static X509Name GetIssuerX509Principal(
X509Crl crl)
{
try
{
TbsCertificateList tbsCertList = TbsCertificateList.GetInstance(
Asn1Object.FromByteArray(crl.GetTbsCertList()));
return tbsCertList.Issuer;
}
catch (Exception e)
{
throw new CrlException("Could not extract issuer", e);
}
}
示例6: Match
/// <param name="crl"></param>
/// <returns></returns>
public virtual bool Match(X509Crl crl)
{
try
{
byte[] computedValue = DigestUtilities.CalculateDigest
(algorithm, crl.GetEncoded());
return Arrays.Equals(digestValue, computedValue);
}
catch (NoSuchAlgorithmException ex)
{
throw new RuntimeException("Maybe BouncyCastle provider is not installed ?", ex);
}
catch (CrlException ex)
{
throw new RuntimeException(ex);
}
}
示例7: IsSignatureValid
/**
* Checks if a CRL verifies against the issuer certificate or a trusted anchor.
* @param crl the CRL
* @param crlIssuer the trusted anchor
* @return true if the CRL can be trusted
*/
public bool IsSignatureValid(X509Crl crl, X509Certificate crlIssuer)
{
// check if the CRL was issued by the issuer
if (crlIssuer != null) {
try {
crl.Verify(crlIssuer.GetPublicKey());
return true;
} catch (GeneralSecurityException) {
LOGGER.Warn("CRL not issued by the same authority as the certificate that is being checked");
}
}
// check the CRL against trusted anchors
if (certificates == null)
return false;
try {
// loop over the certificate in the key store
foreach (X509Certificate anchor in certificates) {
try {
crl.Verify(anchor.GetPublicKey());
return true;
} catch (GeneralSecurityException) {}
}
}
catch (GeneralSecurityException) {
return false;
}
return false;
}
示例8: isDeltaCrl
private static bool isDeltaCrl(
X509Crl crl)
{
ISet critical = crl.GetCriticalExtensionOids();
return critical.Contains(X509Extensions.DeltaCrlIndicator.Id);
}
示例9: ProcessCrlF
/**
* Obtain and validate the certification path for the complete CRL issuer.
* If a key usage extension is present in the CRL issuer's certificate,
* verify that the cRLSign bit is set.
*
* @param crl CRL which contains revocation information for the certificate
* <code>cert</code>.
* @param cert The attribute certificate or certificate to check if it is
* revoked.
* @param defaultCRLSignCert The issuer certificate of the certificate <code>cert</code>.
* @param defaultCRLSignKey The public key of the issuer certificate
* <code>defaultCRLSignCert</code>.
* @param paramsPKIX paramsPKIX PKIX parameters.
* @param certPathCerts The certificates on the certification path.
* @return A <code>Set</code> with all keys of possible CRL issuer
* certificates.
* @throws AnnotatedException if the CRL is not valid or the status cannot be checked or
* some error occurs.
*/
internal static ISet ProcessCrlF(
X509Crl crl,
object cert,
X509Certificate defaultCRLSignCert,
AsymmetricKeyParameter defaultCRLSignKey,
PkixParameters paramsPKIX,
IList certPathCerts)
{
// (f)
// get issuer from CRL
X509CertStoreSelector selector = new X509CertStoreSelector();
try
{
selector.Subject = crl.IssuerDN;
}
catch (IOException e)
{
throw new Exception(
"Subject criteria for certificate selector to find issuer certificate for CRL could not be set.", e);
}
// get CRL signing certs
IList coll = Platform.CreateArrayList();
try
{
CollectionUtilities.AddRange(coll, PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetStores()));
CollectionUtilities.AddRange(coll, PkixCertPathValidatorUtilities.FindCertificates(selector, paramsPKIX.GetAdditionalStores()));
}
catch (Exception e)
{
throw new Exception("Issuer certificate for CRL cannot be searched.", e);
}
coll.Add(defaultCRLSignCert);
IEnumerator cert_it = coll.GetEnumerator();
IList validCerts = Platform.CreateArrayList();
IList validKeys = Platform.CreateArrayList();
while (cert_it.MoveNext())
{
X509Certificate signingCert = (X509Certificate)cert_it.Current;
/*
* CA of the certificate, for which this CRL is checked, has also
* signed CRL, so skip the path validation, because is already done
*/
if (signingCert.Equals(defaultCRLSignCert))
{
validCerts.Add(signingCert);
validKeys.Add(defaultCRLSignKey);
continue;
}
try
{
// CertPathBuilder builder = CertPathBuilder.GetInstance("PKIX");
PkixCertPathBuilder builder = new PkixCertPathBuilder();
selector = new X509CertStoreSelector();
selector.Certificate = signingCert;
PkixParameters temp = (PkixParameters)paramsPKIX.Clone();
temp.SetTargetCertConstraints(selector);
PkixBuilderParameters parameters = (PkixBuilderParameters)
PkixBuilderParameters.GetInstance(temp);
/*
* if signingCert is placed not higher on the cert path a
* dependency loop results. CRL for cert is checked, but
* signingCert is needed for checking the CRL which is dependent
* on checking cert because it is higher in the cert path and so
* signing signingCert transitively. so, revocation is disabled,
* forgery attacks of the CRL are detected in this outer loop
* for all other it must be enabled to prevent forgery attacks
*/
if (certPathCerts.Contains(signingCert))
{
parameters.IsRevocationEnabled = false;
//.........這裏部分代碼省略.........
示例10: ProcessCrlB2
/**
* If the complete CRL includes an issuing distribution point (IDP) CRL
* extension check the following:
* <p>
* (i) If the distribution point name is present in the IDP CRL extension
* and the distribution field is present in the DP, then verify that one of
* the names in the IDP matches one of the names in the DP. If the
* distribution point name is present in the IDP CRL extension and the
* distribution field is omitted from the DP, then verify that one of the
* names in the IDP matches one of the names in the cRLIssuer field of the
* DP.
* </p>
* <p>
* (ii) If the onlyContainsUserCerts boolean is asserted in the IDP CRL
* extension, verify that the certificate does not include the basic
* constraints extension with the cA boolean asserted.
* </p>
* <p>
* (iii) If the onlyContainsCACerts boolean is asserted in the IDP CRL
* extension, verify that the certificate includes the basic constraints
* extension with the cA boolean asserted.
* </p>
* <p>
* (iv) Verify that the onlyContainsAttributeCerts boolean is not asserted.
* </p>
*
* @param dp The distribution point.
* @param cert The certificate.
* @param crl The CRL.
* @throws AnnotatedException if one of the conditions is not met or an error occurs.
*/
internal static void ProcessCrlB2(
DistributionPoint dp,
object cert,
X509Crl crl)
{
IssuingDistributionPoint idp = null;
try
{
idp = IssuingDistributionPoint.GetInstance(PkixCertPathValidatorUtilities.GetExtensionValue(crl, X509Extensions.IssuingDistributionPoint));
}
catch (Exception e)
{
throw new Exception("0 Issuing distribution point extension could not be decoded.", e);
}
// (b) (2) (i)
// distribution point name is present
if (idp != null)
{
if (idp.DistributionPoint != null)
{
// make list of names
DistributionPointName dpName = IssuingDistributionPoint.GetInstance(idp).DistributionPoint;
IList names = Platform.CreateArrayList();
if (dpName.PointType == DistributionPointName.FullName)
{
GeneralName[] genNames = GeneralNames.GetInstance(dpName.Name).GetNames();
for (int j = 0; j < genNames.Length; j++)
{
names.Add(genNames[j]);
}
}
if (dpName.PointType == DistributionPointName.NameRelativeToCrlIssuer)
{
Asn1EncodableVector vec = new Asn1EncodableVector();
try
{
IEnumerator e = Asn1Sequence.GetInstance(
Asn1Sequence.FromByteArray(crl.IssuerDN.GetEncoded())).GetEnumerator();
while (e.MoveNext())
{
vec.Add((Asn1Encodable)e.Current);
}
}
catch (IOException e)
{
throw new Exception("Could not read CRL issuer.", e);
}
vec.Add(dpName.Name);
names.Add(new GeneralName(X509Name.GetInstance(new DerSequence(vec))));
}
bool matches = false;
// verify that one of the names in the IDP matches one
// of the names in the DP.
if (dp.DistributionPointName != null)
{
dpName = dp.DistributionPointName;
GeneralName[] genNames = null;
if (dpName.PointType == DistributionPointName.FullName)
{
genNames = GeneralNames.GetInstance(dpName.Name).GetNames();
}
if (dpName.PointType == DistributionPointName.NameRelativeToCrlIssuer)
{
if (dp.CrlIssuer != null)
{
genNames = dp.CrlIssuer.GetNames();
}
else
//.........這裏部分代碼省略.........
示例11: ProcessCrlJ
internal static void ProcessCrlJ(
DateTime validDate,
X509Crl completecrl,
object cert,
CertStatus certStatus)
{
if (certStatus.Status == CertStatus.Unrevoked)
{
PkixCertPathValidatorUtilities.GetCertStatus(validDate, completecrl, cert, certStatus);
}
}
示例12: ProcessCrlA1ii
internal static ISet[] ProcessCrlA1ii(
DateTime currentDate,
PkixParameters paramsPKIX,
X509Certificate cert,
X509Crl crl)
{
ISet deltaSet = new HashSet();
X509CrlStoreSelector crlselect = new X509CrlStoreSelector();
crlselect.CertificateChecking = cert;
try
{
IList issuer = Platform.CreateArrayList();
issuer.Add(crl.IssuerDN);
crlselect.Issuers = issuer;
}
catch (IOException e)
{
throw new Exception("Cannot extract issuer from CRL." + e, e);
}
crlselect.CompleteCrlEnabled = true;
ISet completeSet = CrlUtilities.FindCrls(crlselect, paramsPKIX, currentDate);
if (paramsPKIX.IsUseDeltasEnabled)
{
// get delta CRL(s)
try
{
deltaSet.AddAll(PkixCertPathValidatorUtilities.GetDeltaCrls(currentDate, paramsPKIX, crl));
}
catch (Exception e)
{
throw new Exception("Exception obtaining delta CRLs.", e);
}
}
return new ISet[]{ completeSet, deltaSet };
}
示例13: GetSelectCommand
/// <summary>
/// Gets the database command to select the record for the specified CRL.
/// </summary>
/// <remarks>
/// Gets the database command to select the record for the specified CRL.
/// </remarks>
/// <returns>The database command.</returns>
/// <param name="crl">The X.509 CRL.</param>
/// <param name="fields">The fields to return.</param>
protected override DbCommand GetSelectCommand (X509Crl crl, X509CrlRecordFields fields)
{
var query = "SELECT " + string.Join (", ", GetColumnNames (fields)) + " FROM CRLS ";
var issuerName = crl.IssuerDN.ToString ();
var command = connection.CreateCommand ();
command.CommandText = query + "WHERE DELTA = @DELTA AND ISSUERNAME = @ISSUERNAME AND THISUPDATE = @THISUPDATE LIMIT 1";
command.AddParameterWithValue ("@DELTA", crl.IsDelta ());
command.AddParameterWithValue ("@ISSUERNAME", issuerName);
command.AddParameterWithValue ("@THISUPDATE", crl.ThisUpdate);
command.CommandType = CommandType.Text;
return command;
}
示例14: Import
/// <summary>
/// Import the specified certificate revocation list.
/// </summary>
/// <param name="crl">The certificate revocation list.</param>
/// <exception cref="System.ArgumentNullException">
/// <paramref name="crl"/> is <c>null</c>.
/// </exception>
public override void Import(X509Crl crl)
{
if (crl == null)
throw new ArgumentNullException ("crl");
// FIXME: implement this
}
示例15: Verify
/**
* Verifies a certificate against a single CRL.
* @param crl the Certificate Revocation List
* @param signCert a certificate that needs to be verified
* @param issuerCert its issuer
* @param signDate the sign date
* @return true if the verification succeeded
* @throws GeneralSecurityException
*/
public bool Verify(X509Crl crl, X509Certificate signCert, X509Certificate issuerCert, DateTime signDate)
{
if (crl == null || signDate == DateTime.MaxValue)
return false;
// We only check CRLs valid on the signing date for which the issuer matches
if (crl.IssuerDN.Equals(signCert.IssuerDN)
&& signDate.CompareTo(crl.ThisUpdate) > 0 && signDate.CompareTo(crl.NextUpdate.Value) < 0) {
// the signing certificate may not be revoked
if (IsSignatureValid(crl, issuerCert) && crl.IsRevoked(signCert)) {
throw new VerificationException(signCert, String.Format("{0} The certificate has been revoked.", signCert));
}
return true;
}
return false;
}