diff --git a/crypto/src/pkix/Rfc3280CertPathUtilities.cs b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
index c703194a4..d6594f4ad 100644
--- a/crypto/src/pkix/Rfc3280CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3280CertPathUtilities.cs
@@ -245,12 +245,11 @@ namespace Org.BouncyCastle.Pkix
if (!(PkixCertPathValidatorUtilities.IsSelfIssued(cert) && (i < n)))
{
X509Name principal = cert.SubjectDN;
- Asn1InputStream aIn = new Asn1InputStream(principal.GetEncoded());
Asn1Sequence dns;
try
{
- dns = DerSequence.GetInstance(aIn.ReadObject());
+ dns = Asn1Sequence.GetInstance(principal.GetEncoded());
}
catch (Exception e)
{
@@ -357,7 +356,7 @@ namespace Org.BouncyCastle.Pkix
DerObjectIdentifier subjectDomainPolicy = null;
try
{
- Asn1Sequence mapping = DerSequence.GetInstance(mappings[j]);
+ Asn1Sequence mapping = Asn1Sequence.GetInstance(mappings[j]);
issuerDomainPolicy = DerObjectIdentifier.GetInstance(mapping[0]);
subjectDomainPolicy = DerObjectIdentifier.GetInstance(mapping[1]);
@@ -400,7 +399,7 @@ namespace Org.BouncyCastle.Pkix
Asn1Sequence certPolicies = null;
try
{
- certPolicies = DerSequence.GetInstance(
+ certPolicies = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
}
catch (Exception e)
@@ -1167,10 +1166,10 @@ namespace Org.BouncyCastle.Pkix
* omitted and a distribution point name of the certificate
* issuer.
*/
- Asn1Object issuer = null;
+ X509Name issuer;
try
{
- issuer = new Asn1InputStream(cert.IssuerDN.GetEncoded()).ReadObject();
+ issuer = X509Name.GetInstance(cert.IssuerDN.GetEncoded());
}
catch (Exception e)
{
@@ -1598,7 +1597,7 @@ namespace Org.BouncyCastle.Pkix
Asn1Sequence pc = null;
try
{
- pc = DerSequence.GetInstance(
+ pc = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints));
}
catch (Exception e)
@@ -1653,7 +1652,7 @@ namespace Org.BouncyCastle.Pkix
Asn1Sequence pc = null;
try
{
- pc = DerSequence.GetInstance(
+ pc = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints));
}
catch (Exception e)
@@ -1708,7 +1707,7 @@ namespace Org.BouncyCastle.Pkix
NameConstraints nc = null;
try
{
- Asn1Sequence ncSeq = DerSequence.GetInstance(
+ Asn1Sequence ncSeq = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.NameConstraints));
if (ncSeq != null)
{
@@ -2042,7 +2041,7 @@ namespace Org.BouncyCastle.Pkix
Asn1Sequence pc = null;
try
{
- pc = DerSequence.GetInstance(
+ pc = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.PolicyConstraints));
}
catch (Exception e)
@@ -2415,7 +2414,7 @@ namespace Org.BouncyCastle.Pkix
Asn1Sequence certPolicies = null;
try
{
- certPolicies = DerSequence.GetInstance(
+ certPolicies = Asn1Sequence.GetInstance(
PkixCertPathValidatorUtilities.GetExtensionValue(cert, X509Extensions.CertificatePolicies));
}
catch (Exception e)
diff --git a/crypto/src/pkix/Rfc3281CertPathUtilities.cs b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
index 101ef5e11..66025f0fc 100644
--- a/crypto/src/pkix/Rfc3281CertPathUtilities.cs
+++ b/crypto/src/pkix/Rfc3281CertPathUtilities.cs
@@ -79,153 +79,154 @@ namespace Org.BouncyCastle.Pkix
DateTime validDate,
IList certPathCerts)
{
- if (paramsPKIX.IsRevocationEnabled)
+ if (!paramsPKIX.IsRevocationEnabled)
+ {
+ return;
+ }
+
+ // check if revocation is available
+ if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) != null)
+ {
+ if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null
+ || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
+ {
+ throw new PkixCertPathValidatorException(
+ "No rev avail extension is set, but also an AC revocation pointer.");
+ }
+
+ return;
+ }
+
+ CrlDistPoint crldp = null;
+ try
+ {
+ crldp = CrlDistPoint.GetInstance(
+ PkixCertPathValidatorUtilities.GetExtensionValue(
+ attrCert, X509Extensions.CrlDistributionPoints));
+ }
+ catch (Exception e)
+ {
+ throw new PkixCertPathValidatorException(
+ "CRL distribution point extension could not be read.", e);
+ }
+ try
+ {
+ PkixCertPathValidatorUtilities
+ .AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX);
+ }
+ catch (Exception e)
{
- // check if revocation is available
- if (attrCert.GetExtensionValue(X509Extensions.NoRevAvail) == null)
+ throw new PkixCertPathValidatorException(
+ "No additional CRL locations could be decoded from CRL distribution point extension.", e);
+ }
+
+ CertStatus certStatus = new CertStatus();
+ ReasonsMask reasonsMask = new ReasonsMask();
+
+ Exception lastException = null;
+ bool validCrlFound = false;
+ // for each distribution point
+ if (crldp != null)
+ {
+ DistributionPoint[] dps = null;
+ try
{
- CrlDistPoint crldp = null;
- try
- {
- crldp = CrlDistPoint.GetInstance(
- PkixCertPathValidatorUtilities.GetExtensionValue(
- attrCert, X509Extensions.CrlDistributionPoints));
- }
- catch (Exception e)
- {
- throw new PkixCertPathValidatorException(
- "CRL distribution point extension could not be read.", e);
- }
- try
+ dps = crldp.GetDistributionPoints();
+ }
+ catch (Exception e)
+ {
+ throw new PkixCertPathValidatorException(
+ "Distribution points could not be read.", e);
+ }
+ try
+ {
+ for (int i = 0; i < dps.Length
+ && certStatus.Status == CertStatus.Unrevoked
+ && !reasonsMask.IsAllReasons; i++)
{
- PkixCertPathValidatorUtilities
- .AddAdditionalStoresFromCrlDistributionPoint(crldp, paramsPKIX);
+ PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX
+ .Clone();
+ CheckCrl(dps[i], attrCert, paramsPKIXClone,
+ validDate, issuerCert, certStatus, reasonsMask,
+ certPathCerts);
+ validCrlFound = true;
}
- catch (Exception e)
- {
- throw new PkixCertPathValidatorException(
- "No additional CRL locations could be decoded from CRL distribution point extension.", e);
- }
- CertStatus certStatus = new CertStatus();
- ReasonsMask reasonsMask = new ReasonsMask();
+ }
+ catch (Exception e)
+ {
+ lastException = new Exception(
+ "No valid CRL for distribution point found.", e);
+ }
+ }
- Exception lastException = null;
- bool validCrlFound = false;
- // for each distribution point
- if (crldp != null)
- {
- DistributionPoint[] dps = null;
- try
- {
- dps = crldp.GetDistributionPoints();
- }
- catch (Exception e)
- {
- throw new PkixCertPathValidatorException(
- "Distribution points could not be read.", e);
- }
- try
- {
- for (int i = 0; i < dps.Length
- && certStatus.Status == CertStatus.Unrevoked
- && !reasonsMask.IsAllReasons; i++)
- {
- PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX
- .Clone();
- CheckCrl(dps[i], attrCert, paramsPKIXClone,
- validDate, issuerCert, certStatus, reasonsMask,
- certPathCerts);
- validCrlFound = true;
- }
- }
- catch (Exception e)
- {
- lastException = new Exception(
- "No valid CRL for distribution point found.", e);
- }
- }
+ /*
+ * If the revocation status has not been determined, repeat the
+ * process above with any available CRLs not specified in a
+ * distribution point but issued by the certificate issuer.
+ */
+ if (certStatus.Status == CertStatus.Unrevoked
+ && !reasonsMask.IsAllReasons)
+ {
+ try
+ {
/*
- * If the revocation status has not been determined, repeat the
- * process above with any available CRLs not specified in a
- * distribution point but issued by the certificate issuer.
+ * assume a DP with both the reasons and the cRLIssuer
+ * fields omitted and a distribution point name of the
+ * certificate issuer.
*/
-
- if (certStatus.Status == CertStatus.Unrevoked
- && !reasonsMask.IsAllReasons)
- {
- try
- {
- /*
- * assume a DP with both the reasons and the cRLIssuer
- * fields omitted and a distribution point name of the
- * certificate issuer.
- */
- Asn1Object issuer = null;
- try
- {
- issuer = new Asn1InputStream(
- attrCert.Issuer.GetPrincipals()[0].GetEncoded()).ReadObject();
- }
- catch (Exception e)
- {
- throw new Exception(
- "Issuer from certificate for CRL could not be reencoded.",
- e);
- }
- DistributionPoint dp = new DistributionPoint(
- new DistributionPointName(0, new GeneralNames(
- new GeneralName(GeneralName.DirectoryName, issuer))), null, null);
- PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX.Clone();
- CheckCrl(dp, attrCert, paramsPKIXClone, validDate,
- issuerCert, certStatus, reasonsMask, certPathCerts);
- validCrlFound = true;
- }
- catch (Exception e)
- {
- lastException = new Exception(
- "No valid CRL for distribution point found.", e);
- }
- }
-
- if (!validCrlFound)
- {
- throw new PkixCertPathValidatorException(
- "No valid CRL found.", lastException);
- }
- if (certStatus.Status != CertStatus.Unrevoked)
- {
- // This format is enforced by the NistCertPath tests
- string formattedDate = certStatus.RevocationDate.Value.ToString(
- "ddd MMM dd HH:mm:ss K yyyy");
- string message = "Attribute certificate revocation after "
- + formattedDate;
- message += ", reason: "
- + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
- throw new PkixCertPathValidatorException(message);
- }
- if (!reasonsMask.IsAllReasons
- && certStatus.Status == CertStatus.Unrevoked)
+ X509Name issuer;
+ try
+ {
+ issuer = X509Name.GetInstance(attrCert.Issuer.GetPrincipals()[0].GetEncoded());
+ }
+ catch (Exception e)
{
- certStatus.Status = CertStatus.Undetermined;
- }
- if (certStatus.Status == CertStatus.Undetermined)
- {
- throw new PkixCertPathValidatorException(
- "Attribute certificate status could not be determined.");
+ throw new Exception(
+ "Issuer from certificate for CRL could not be reencoded.",
+ e);
}
-
+ DistributionPoint dp = new DistributionPoint(
+ new DistributionPointName(0, new GeneralNames(
+ new GeneralName(GeneralName.DirectoryName, issuer))), null, null);
+ PkixParameters paramsPKIXClone = (PkixParameters) paramsPKIX.Clone();
+ CheckCrl(dp, attrCert, paramsPKIXClone, validDate,
+ issuerCert, certStatus, reasonsMask, certPathCerts);
+ validCrlFound = true;
}
- else
+ catch (Exception e)
{
- if (attrCert.GetExtensionValue(X509Extensions.CrlDistributionPoints) != null
- || attrCert.GetExtensionValue(X509Extensions.AuthorityInfoAccess) != null)
- {
- throw new PkixCertPathValidatorException(
- "No rev avail extension is set, but also an AC revocation pointer.");
- }
+ lastException = new Exception(
+ "No valid CRL for distribution point found.", e);
}
}
+
+ if (!validCrlFound)
+ {
+ throw new PkixCertPathValidatorException(
+ "No valid CRL found.", lastException);
+ }
+ if (certStatus.Status != CertStatus.Unrevoked)
+ {
+ // This format is enforced by the NistCertPath tests
+ string formattedDate = certStatus.RevocationDate.Value.ToString(
+ "ddd MMM dd HH:mm:ss K yyyy");
+ string message = "Attribute certificate revocation after "
+ + formattedDate;
+ message += ", reason: "
+ + Rfc3280CertPathUtilities.CrlReasons[certStatus.Status];
+ throw new PkixCertPathValidatorException(message);
+ }
+ if (!reasonsMask.IsAllReasons
+ && certStatus.Status == CertStatus.Unrevoked)
+ {
+ certStatus.Status = CertStatus.Undetermined;
+ }
+ if (certStatus.Status == CertStatus.Undetermined)
+ {
+ throw new PkixCertPathValidatorException(
+ "Attribute certificate status could not be determined.");
+ }
}
internal static void AdditionalChecks(
diff --git a/crypto/src/x509/X509Certificate.cs b/crypto/src/x509/X509Certificate.cs
index fd156e487..d8d97ec5e 100644
--- a/crypto/src/x509/X509Certificate.cs
+++ b/crypto/src/x509/X509Certificate.cs
@@ -515,9 +515,9 @@ namespace Org.BouncyCastle.X509
if (ext.Value != null)
{
- byte[] octs = ext.Value.GetOctets();
- Asn1Object obj = Asn1Object.FromByteArray(octs);
- buf.Append(" critical(").Append(ext.IsCritical).Append(") ");
+ Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(ext.Value);
+
+ buf.Append(" critical(").Append(ext.IsCritical).Append(") ");
try
{
if (oid.Equals(X509Extensions.BasicConstraints))
diff --git a/crypto/src/x509/X509CrlEntry.cs b/crypto/src/x509/X509CrlEntry.cs
index 9e3608c18..9660a7099 100644
--- a/crypto/src/x509/X509CrlEntry.cs
+++ b/crypto/src/x509/X509CrlEntry.cs
@@ -188,7 +188,7 @@ namespace Org.BouncyCastle.X509
if (ext.Value != null)
{
- Asn1Object obj = Asn1Object.FromByteArray(ext.Value.GetOctets());
+ Asn1Object obj = X509ExtensionUtilities.FromExtensionValue(ext.Value);
buf.Append(" critical(")
.Append(ext.IsCritical)
|
