YDL
/
HK_LongZhiMeng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
上海虹口龙之梦项目
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
0 Tags
418 MiB
Tree: 72884d91e3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '72884d91e3'
${ noResults }
HK_LongZhiMeng/Assets/Plugins/Best HTTP/Source/SecureProtocol/pkix/PkixAttrCertPathValidator.cs

81 lines
3.2 KiB
Raw Normal View History Unescape

初始化
1 year ago
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using BestHTTP.SecureProtocol.Org.BouncyCastle.X509;
using BestHTTP.SecureProtocol.Org.BouncyCastle.X509.Store;
namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Pkix
{
/**
* CertPathValidatorSpi implementation for X.509 Attribute Certificates la RFC 3281.
*
* @see org.bouncycastle.x509.ExtendedPkixParameters
*/
public class PkixAttrCertPathValidator
// extends CertPathValidatorSpi
{
/**
* Validates an attribute certificate with the given certificate path.
*
* <p>
* <code>params</code> must be an instance of
* <code>ExtendedPkixParameters</code>.
* </p><p>
* The target constraints in the <code>params</code> must be an
* <code>X509AttrCertStoreSelector</code> with at least the attribute
* certificate criterion set. Obey that also target informations may be
* necessary to correctly validate this attribute certificate.
* </p><p>
* The attribute certificate issuer must be added to the trusted attribute
* issuers with {@link ExtendedPkixParameters#setTrustedACIssuers(Set)}.
* </p>
* @param certPath The certificate path which belongs to the attribute
* certificate issuer public key certificate.
* @param params The PKIX parameters.
* @return A <code>PKIXCertPathValidatorResult</code> of the result of
* validating the <code>certPath</code>.
* @throws InvalidAlgorithmParameterException if <code>params</code> is
* inappropriate for this validator.
* @throws CertPathValidatorException if the verification fails.
*/
public virtual PkixCertPathValidatorResult Validate(
PkixCertPath certPath,
PkixParameters pkixParams)
{
IX509Selector certSelect = pkixParams.GetTargetConstraints();
if (!(certSelect is X509AttrCertStoreSelector))
{
throw new ArgumentException(
"TargetConstraints must be an instance of " + typeof(X509AttrCertStoreSelector).FullName,
"pkixParams");
}
IX509AttributeCertificate attrCert = ((X509AttrCertStoreSelector) certSelect).AttributeCert;
PkixCertPath holderCertPath = Rfc3281CertPathUtilities.ProcessAttrCert1(attrCert, pkixParams);
PkixCertPathValidatorResult result = Rfc3281CertPathUtilities.ProcessAttrCert2(certPath, pkixParams);
X509Certificate issuerCert = (X509Certificate)certPath.Certificates[0];
Rfc3281CertPathUtilities.ProcessAttrCert3(issuerCert, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert4(issuerCert, pkixParams);
Rfc3281CertPathUtilities.ProcessAttrCert5(attrCert, pkixParams);
// 6 already done in X509AttrCertStoreSelector
Rfc3281CertPathUtilities.ProcessAttrCert7(attrCert, certPath, holderCertPath, pkixParams);
Rfc3281CertPathUtilities.AdditionalChecks(attrCert, pkixParams);
DateTime date;
try
{
date = PkixCertPathValidatorUtilities.GetValidCertDateFromValidityModel(pkixParams, null, -1);
}
catch (Exception e)
{
throw new PkixCertPathValidatorException(
"Could not get validity date from attribute certificate.", e);
}
Rfc3281CertPathUtilities.CheckCrls(attrCert, pkixParams, issuerCert, date, certPath.Certificates);
return result;
}
}
}
#pragma warning restore
#endif