blob: 3451b8ac0be2af3fde16c2e1d6ec1406b1dd4f0b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
using System;
using System.Collections.Generic;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.X509;
using Org.BouncyCastle.X509.Store;
namespace Org.BouncyCastle.Pkix
{
public class PkixCrlUtilities
{
// TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate
public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix)
{
// get complete CRL(s)
try
{
return FindCrls(crlSelector, paramsPkix.GetStoresCrl());
}
catch (Exception e)
{
throw new Exception("Exception obtaining complete CRLs.", e);
}
}
// TODO bc-fips-csharp implements this for ISelector<X509Crl>, using optional ICheckingCertificate
public virtual ISet<X509Crl> FindCrls(X509CrlStoreSelector crlSelector, PkixParameters paramsPkix,
DateTime currentDate)
{
var initialSet = FindCrls(crlSelector, paramsPkix);
var finalSet = new HashSet<X509Crl>();
DateTime validityDate = currentDate;
if (paramsPkix.Date != null)
{
validityDate = paramsPkix.Date.Value;
}
X509Certificate cert = crlSelector.CertificateChecking;
// based on RFC 5280 6.3.3
foreach (X509Crl crl in initialSet)
{
DateTime? nextUpdate = crl.NextUpdate;
if (null == nextUpdate || nextUpdate.Value.CompareTo(validityDate) > 0)
{
if (null == cert || crl.ThisUpdate.CompareTo(cert.NotAfter) < 0)
{
finalSet.Add(crl);
}
}
}
return finalSet;
}
/// <summary>
/// crl checking
/// Return a Collection of all CRLs found in the X509Store's that are
/// matching the crlSelect criteriums.
/// </summary>
/// <param name="crlSelector">a {@link X509CRLStoreSelector} object that will be used
/// to select the CRLs</param>
/// <param name="crlStores">a List containing only {@link org.bouncycastle.x509.X509Store
/// X509Store} objects. These are used to search for CRLs</param>
/// <returns>a Collection of all found {@link X509CRL X509CRL} objects. May be
/// empty but never <code>null</code>.
/// </returns>
private HashSet<X509Crl> FindCrls(ISelector<X509Crl> crlSelector, IEnumerable<IStore<X509Crl>> crlStores)
{
var crls = new HashSet<X509Crl>();
Exception lastException = null;
bool foundValidStore = false;
foreach (var crlStore in crlStores)
{
try
{
crls.UnionWith(crlStore.EnumerateMatches(crlSelector));
foundValidStore = true;
}
catch (Exception e)
{
lastException = new Exception("Exception searching in X.509 CRL store.", e);
}
}
if (!foundValidStore && lastException != null)
throw lastException;
return crls;
}
}
}
|