init commit
This commit is contained in:
@@ -0,0 +1,159 @@
|
||||
using System;
|
||||
using System.Collections;
|
||||
using Org.BouncyCastle.Asn1.X509;
|
||||
using Org.BouncyCastle.Security.Certificates;
|
||||
using Org.BouncyCastle.Utilities;
|
||||
using Org.BouncyCastle.Utilities.Collections;
|
||||
using Org.BouncyCastle.X509;
|
||||
using Org.BouncyCastle.X509.Store;
|
||||
|
||||
namespace Org.BouncyCastle.Pkix;
|
||||
|
||||
public class PkixAttrCertPathBuilder
|
||||
{
|
||||
private Exception certPathException;
|
||||
|
||||
public virtual PkixCertPathBuilderResult Build(PkixBuilderParameters pkixParams)
|
||||
{
|
||||
IX509Selector targetConstraints = pkixParams.GetTargetConstraints();
|
||||
if (!(targetConstraints is X509AttrCertStoreSelector))
|
||||
{
|
||||
throw new PkixCertPathBuilderException("TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName + " for " + typeof(PkixAttrCertPathBuilder).FullName + " class.");
|
||||
}
|
||||
ICollection collection;
|
||||
try
|
||||
{
|
||||
collection = PkixCertPathValidatorUtilities.FindCertificates((X509AttrCertStoreSelector)targetConstraints, pkixParams.GetStores());
|
||||
}
|
||||
catch (Exception exception)
|
||||
{
|
||||
throw new PkixCertPathBuilderException("Error finding target attribute certificate.", exception);
|
||||
}
|
||||
if (collection.Count == 0)
|
||||
{
|
||||
throw new PkixCertPathBuilderException("No attribute certificate found matching targetContraints.");
|
||||
}
|
||||
PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
|
||||
foreach (IX509AttributeCertificate item in collection)
|
||||
{
|
||||
X509CertStoreSelector x509CertStoreSelector = new X509CertStoreSelector();
|
||||
X509Name[] principals = item.Issuer.GetPrincipals();
|
||||
ISet set = new HashSet();
|
||||
for (int i = 0; i < principals.Length; i++)
|
||||
{
|
||||
try
|
||||
{
|
||||
x509CertStoreSelector.Subject = principals[i];
|
||||
set.AddAll(PkixCertPathValidatorUtilities.FindCertificates(x509CertStoreSelector, pkixParams.GetStores()));
|
||||
}
|
||||
catch (Exception exception2)
|
||||
{
|
||||
throw new PkixCertPathBuilderException("Public key certificate for attribute certificate cannot be searched.", exception2);
|
||||
}
|
||||
}
|
||||
if (set.IsEmpty)
|
||||
{
|
||||
throw new PkixCertPathBuilderException("Public key certificate for attribute certificate cannot be found.");
|
||||
}
|
||||
IList tbvPath = Platform.CreateArrayList();
|
||||
foreach (X509Certificate item2 in set)
|
||||
{
|
||||
pkixCertPathBuilderResult = Build(item, item2, pkixParams, tbvPath);
|
||||
if (pkixCertPathBuilderResult != null)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (pkixCertPathBuilderResult != null)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (pkixCertPathBuilderResult == null && certPathException != null)
|
||||
{
|
||||
throw new PkixCertPathBuilderException("Possible certificate chain could not be validated.", certPathException);
|
||||
}
|
||||
if (pkixCertPathBuilderResult == null && certPathException == null)
|
||||
{
|
||||
throw new PkixCertPathBuilderException("Unable to find certificate chain.");
|
||||
}
|
||||
return pkixCertPathBuilderResult;
|
||||
}
|
||||
|
||||
private PkixCertPathBuilderResult Build(IX509AttributeCertificate attrCert, X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath)
|
||||
{
|
||||
if (tbvPath.Contains(tbvCert))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
if (pkixParams.GetExcludedCerts().Contains(tbvCert))
|
||||
{
|
||||
return null;
|
||||
}
|
||||
if (pkixParams.MaxPathLength != -1 && tbvPath.Count - 1 > pkixParams.MaxPathLength)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
tbvPath.Add(tbvCert);
|
||||
PkixCertPathBuilderResult pkixCertPathBuilderResult = null;
|
||||
PkixAttrCertPathValidator pkixAttrCertPathValidator = new PkixAttrCertPathValidator();
|
||||
try
|
||||
{
|
||||
if (PkixCertPathValidatorUtilities.IsIssuerTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()))
|
||||
{
|
||||
PkixCertPath certPath = new PkixCertPath(tbvPath);
|
||||
PkixCertPathValidatorResult pkixCertPathValidatorResult;
|
||||
try
|
||||
{
|
||||
pkixCertPathValidatorResult = pkixAttrCertPathValidator.Validate(certPath, pkixParams);
|
||||
}
|
||||
catch (Exception innerException)
|
||||
{
|
||||
throw new Exception("Certification path could not be validated.", innerException);
|
||||
}
|
||||
return new PkixCertPathBuilderResult(certPath, pkixCertPathValidatorResult.TrustAnchor, pkixCertPathValidatorResult.PolicyTree, pkixCertPathValidatorResult.SubjectPublicKey);
|
||||
}
|
||||
try
|
||||
{
|
||||
PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
|
||||
}
|
||||
catch (CertificateParsingException innerException2)
|
||||
{
|
||||
throw new Exception("No additional X.509 stores can be added from certificate locations.", innerException2);
|
||||
}
|
||||
ISet set = new HashSet();
|
||||
try
|
||||
{
|
||||
set.AddAll(PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams));
|
||||
}
|
||||
catch (Exception innerException3)
|
||||
{
|
||||
throw new Exception("Cannot find issuer certificate for certificate in certification path.", innerException3);
|
||||
}
|
||||
if (set.IsEmpty)
|
||||
{
|
||||
throw new Exception("No issuer certificate for certificate in certification path found.");
|
||||
}
|
||||
foreach (X509Certificate item in set)
|
||||
{
|
||||
if (!PkixCertPathValidatorUtilities.IsSelfIssued(item))
|
||||
{
|
||||
pkixCertPathBuilderResult = Build(attrCert, item, pkixParams, tbvPath);
|
||||
if (pkixCertPathBuilderResult != null)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception innerException4)
|
||||
{
|
||||
certPathException = new Exception("No valid certification path could be build.", innerException4);
|
||||
}
|
||||
if (pkixCertPathBuilderResult == null)
|
||||
{
|
||||
tbvPath.Remove(tbvCert);
|
||||
}
|
||||
return pkixCertPathBuilderResult;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user