38 lines
1.8 KiB
C#
38 lines
1.8 KiB
C#
using System;
|
|
using Org.BouncyCastle.X509;
|
|
using Org.BouncyCastle.X509.Store;
|
|
|
|
namespace Org.BouncyCastle.Pkix;
|
|
|
|
public class PkixAttrCertPathValidator
|
|
{
|
|
public virtual PkixCertPathValidatorResult Validate(PkixCertPath certPath, PkixParameters pkixParams)
|
|
{
|
|
IX509Selector targetConstraints = pkixParams.GetTargetConstraints();
|
|
if (!(targetConstraints is X509AttrCertStoreSelector))
|
|
{
|
|
throw new ArgumentException("TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName, "pkixParams");
|
|
}
|
|
IX509AttributeCertificate attributeCert = ((X509AttrCertStoreSelector)targetConstraints).AttributeCert;
|
|
PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attributeCert, pkixParams);
|
|
PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
|
|
X509Certificate x509Certificate = (X509Certificate)certPath.Certificates[0];
|
|
Rfc3281CertPathUtilities.ProcessAttrCert3(x509Certificate, pkixParams);
|
|
Rfc3281CertPathUtilities.ProcessAttrCert4(x509Certificate, pkixParams);
|
|
Rfc3281CertPathUtilities.ProcessAttrCert5(attributeCert, pkixParams);
|
|
Rfc3281CertPathUtilities.ProcessAttrCert7(attributeCert, certPath, holderCertPath, pkixParams);
|
|
Rfc3281CertPathUtilities.AdditionalChecks(attributeCert, pkixParams);
|
|
DateTime validCertDateFromValidityModel;
|
|
try
|
|
{
|
|
validCertDateFromValidityModel = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
|
|
}
|
|
catch (Exception cause)
|
|
{
|
|
throw new PkixCertPathValidatorException("Could not get validity date from attribute certificate.", cause);
|
|
}
|
|
Rfc3281CertPathUtilities.CheckCrls(attributeCert, pkixParams, x509Certificate, validCertDateFromValidityModel, certPath.Certificates);
|
|
return result;
|
|
}
|
|
}
|