blob: 06a7caa2a962aa92889d1a05073ef4cb9503ea65 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
using System;
using System.Collections;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.Utilities.Date;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.X509.Store;
namespace Org.BouncyCastle.Pkix
{
public class PkixCrlUtilities
{
public virtual ISet FindCrls(X509CrlStoreSelector crlselect, PkixParameters paramsPkix, DateTime currentDate)
{
ISet initialSet = new HashSet();
// get complete CRL(s)
try
{
initialSet.AddAll(FindCrls(crlselect, paramsPkix.GetAdditionalStores()));
initialSet.AddAll(FindCrls(crlselect, paramsPkix.GetStores()));
}
catch (Exception e)
{
throw new Exception("Exception obtaining complete CRLs.", e);
}
ISet finalSet = new HashSet();
DateTime validityDate = currentDate;
if (paramsPkix.Date != null)
{
validityDate = paramsPkix.Date.Value;
}
// based on RFC 5280 6.3.3
foreach (X509Crl crl in initialSet)
{
DateTimeObject nextUpdate = crl.NextUpdate;
if (null == nextUpdate || nextUpdate.Value.CompareTo(validityDate) > 0)
{
X509Certificate cert = crlselect.CertificateChecking;
if (null == cert || crl.ThisUpdate.CompareTo(cert.NotAfter) < 0)
{
finalSet.Add(crl);
}
}
}
return finalSet;
}
public virtual ISet FindCrls(X509CrlStoreSelector crlselect, PkixParameters paramsPkix)
{
ISet completeSet = new HashSet();
// get complete CRL(s)
try
{
completeSet.AddAll(FindCrls(crlselect, paramsPkix.GetStores()));
}
catch (Exception e)
{
throw new Exception("Exception obtaining complete CRLs.", e);
}
return completeSet;
}
/// <summary>
/// crl checking
/// Return a Collection of all CRLs found in the X509Store's that are
/// matching the crlSelect criteriums.
/// </summary>
/// <param name="crlSelect">a {@link X509CRLStoreSelector} object that will be used
/// to select the CRLs</param>
/// <param name="crlStores">a List containing only {@link org.bouncycastle.x509.X509Store
/// X509Store} objects. These are used to search for CRLs</param>
/// <returns>a Collection of all found {@link X509CRL X509CRL} objects. May be
/// empty but never <code>null</code>.
/// </returns>
private ICollection FindCrls(X509CrlStoreSelector crlSelect, IList crlStores)
{
ISet crls = new HashSet();
Exception lastException = null;
bool foundValidStore = false;
foreach (IX509Store store in crlStores)
{
try
{
crls.AddAll(store.GetMatches(crlSelect));
foundValidStore = true;
}
catch (X509StoreException e)
{
lastException = new Exception("Exception searching in X.509 CRL store.", e);
}
}
if (!foundValidStore && lastException != null)
throw lastException;
return crls;
}
}
}
|
