This commit is contained in:
2026-06-15 18:18:16 +08:00
parent 97c9fba14e
commit 2b9f134e5f
4164 changed files with 386922 additions and 79 deletions

View File

@@ -0,0 +1,363 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections.Generic;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
{
/**
* This class is an <code>Selector</code> like implementation to select
* attribute certificates from a given set of criteria.
*
* @see org.bouncycastle.x509.X509AttributeCertificate
* @see org.bouncycastle.x509.X509Store
*/
public class X509AttrCertStoreSelector
: ISelector<X509V2AttributeCertificate>
{
// TODO: name constraints???
private X509V2AttributeCertificate attributeCert;
private DateTime? attributeCertificateValid;
private AttributeCertificateHolder holder;
private AttributeCertificateIssuer issuer;
private BigInteger serialNumber;
private ISet<GeneralName> targetNames = new HashSet<GeneralName>();
private ISet<GeneralName> targetGroups = new HashSet<GeneralName>();
public X509AttrCertStoreSelector()
{
}
private X509AttrCertStoreSelector(
X509AttrCertStoreSelector o)
{
this.attributeCert = o.attributeCert;
this.attributeCertificateValid = o.attributeCertificateValid;
this.holder = o.holder;
this.issuer = o.issuer;
this.serialNumber = o.serialNumber;
this.targetGroups = new HashSet<GeneralName>(o.targetGroups);
this.targetNames = new HashSet<GeneralName>(o.targetNames);
}
/// <summary>
/// Decides if the given attribute certificate should be selected.
/// </summary>
/// <param name="attrCert">The attribute certificate to be checked.</param>
/// <returns><code>true</code> if the object matches this selector.</returns>
public bool Match(X509V2AttributeCertificate attrCert)
{
if (attrCert == null)
return false;
if (this.attributeCert != null && !this.attributeCert.Equals(attrCert))
return false;
if (serialNumber != null && !attrCert.SerialNumber.Equals(serialNumber))
return false;
if (holder != null && !attrCert.Holder.Equals(holder))
return false;
if (issuer != null && !attrCert.Issuer.Equals(issuer))
return false;
if (attributeCertificateValid != null && !attrCert.IsValid(attributeCertificateValid.Value))
return false;
if (targetNames.Count > 0 || targetGroups.Count > 0)
{
Asn1OctetString targetInfoExt = attrCert.GetExtensionValue(
X509Extensions.TargetInformation);
if (targetInfoExt != null)
{
TargetInformation targetinfo;
try
{
targetinfo = TargetInformation.GetInstance(
X509ExtensionUtilities.FromExtensionValue(targetInfoExt));
}
catch (Exception)
{
return false;
}
Targets[] targetss = targetinfo.GetTargetsObjects();
if (targetNames.Count > 0)
{
bool found = false;
for (int i = 0; i < targetss.Length && !found; i++)
{
Target[] targets = targetss[i].GetTargets();
for (int j = 0; j < targets.Length; j++)
{
GeneralName targetName = targets[j].TargetName;
if (targetName != null && targetNames.Contains(targetName))
{
found = true;
break;
}
}
}
if (!found)
{
return false;
}
}
if (targetGroups.Count > 0)
{
bool found = false;
for (int i = 0; i < targetss.Length && !found; i++)
{
Target[] targets = targetss[i].GetTargets();
for (int j = 0; j < targets.Length; j++)
{
GeneralName targetGroup = targets[j].TargetGroup;
if (targetGroup != null && targetGroups.Contains(targetGroup))
{
found = true;
break;
}
}
}
if (!found)
{
return false;
}
}
}
}
return true;
}
public object Clone()
{
return new X509AttrCertStoreSelector(this);
}
/// <summary>The attribute certificate which must be matched.</summary>
/// <remarks>If <c>null</c> is given, any will do.</remarks>
public X509V2AttributeCertificate AttributeCert
{
get { return attributeCert; }
set { this.attributeCert = value; }
}
/// <summary>The criteria for validity</summary>
/// <remarks>If <c>null</c> is given any will do.</remarks>
public DateTime? AttributeCertificateValid
{
get { return attributeCertificateValid; }
set { this.attributeCertificateValid = value; }
}
/// <summary>The holder.</summary>
/// <remarks>If <c>null</c> is given any will do.</remarks>
public AttributeCertificateHolder Holder
{
get { return holder; }
set { this.holder = value; }
}
/// <summary>The issuer.</summary>
/// <remarks>If <c>null</c> is given any will do.</remarks>
public AttributeCertificateIssuer Issuer
{
get { return issuer; }
set { this.issuer = value; }
}
/// <summary>The serial number.</summary>
/// <remarks>If <c>null</c> is given any will do.</remarks>
public BigInteger SerialNumber
{
get { return serialNumber; }
set { this.serialNumber = value; }
}
/**
* Adds a target name criterion for the attribute certificate to the target
* information extension criteria. The <code>X509AttributeCertificate</code>
* must contain at least one of the specified target names.
* <p>
* Each attribute certificate may contain a target information extension
* limiting the servers where this attribute certificate can be used. If
* this extension is not present, the attribute certificate is not targeted
* and may be accepted by any server.
* </p>
*
* @param name The name as a GeneralName (not <code>null</code>)
*/
public void AddTargetName(
GeneralName name)
{
targetNames.Add(name);
}
/**
* Adds a target name criterion for the attribute certificate to the target
* information extension criteria. The <code>X509AttributeCertificate</code>
* must contain at least one of the specified target names.
* <p>
* Each attribute certificate may contain a target information extension
* limiting the servers where this attribute certificate can be used. If
* this extension is not present, the attribute certificate is not targeted
* and may be accepted by any server.
* </p>
*
* @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
* @throws IOException if a parsing error occurs.
*/
public void AddTargetName(byte[] name)
{
AddTargetName(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
}
/**
* Adds a collection with target names criteria. If <code>null</code> is
* given any will do.
* <p>
* The collection consists of either GeneralName objects or byte[] arrays representing
* DER encoded GeneralName structures.
* </p>
*
* @param names A collection of target names.
* @throws IOException if a parsing error occurs.
* @see #AddTargetName(byte[])
* @see #AddTargetName(GeneralName)
*/
public void SetTargetNames(IEnumerable<object> names)
{
targetNames = ExtractGeneralNames(names);
}
/**
* Gets the target names. The collection consists of <code>List</code>s
* made up of an <code>Integer</code> in the first entry and a DER encoded
* byte array or a <code>String</code> in the second entry.
* <p>The returned collection is immutable.</p>
*
* @return The collection of target names
* @see #setTargetNames(Collection)
*/
public IEnumerable<GeneralName> GetTargetNames()
{
return CollectionUtilities.Proxy(targetNames);
}
/**
* Adds a target group criterion for the attribute certificate to the target
* information extension criteria. The <code>X509AttributeCertificate</code>
* must contain at least one of the specified target groups.
* <p>
* Each attribute certificate may contain a target information extension
* limiting the servers where this attribute certificate can be used. If
* this extension is not present, the attribute certificate is not targeted
* and may be accepted by any server.
* </p>
*
* @param group The group as GeneralName form (not <code>null</code>)
*/
public void AddTargetGroup(GeneralName group)
{
targetGroups.Add(group);
}
/**
* Adds a target group criterion for the attribute certificate to the target
* information extension criteria. The <code>X509AttributeCertificate</code>
* must contain at least one of the specified target groups.
* <p>
* Each attribute certificate may contain a target information extension
* limiting the servers where this attribute certificate can be used. If
* this extension is not present, the attribute certificate is not targeted
* and may be accepted by any server.
* </p>
*
* @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
* @throws IOException if a parsing error occurs.
*/
public void AddTargetGroup(byte[] name)
{
AddTargetGroup(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
}
/**
* Adds a collection with target groups criteria. If <code>null</code> is
* given any will do.
* <p>
* The collection consists of <code>GeneralName</code> objects or <code>byte[]</code>
* representing DER encoded GeneralNames.
* </p>
*
* @param names A collection of target groups.
* @throws IOException if a parsing error occurs.
* @see #AddTargetGroup(byte[])
* @see #AddTargetGroup(GeneralName)
*/
public void SetTargetGroups(IEnumerable<object> names)
{
targetGroups = ExtractGeneralNames(names);
}
/**
* Gets the target groups. The collection consists of <code>List</code>s
* made up of an <code>Integer</code> in the first entry and a DER encoded
* byte array or a <code>String</code> in the second entry.
* <p>The returned collection is immutable.</p>
*
* @return The collection of target groups.
* @see #setTargetGroups(Collection)
*/
public IEnumerable<GeneralName> GetTargetGroups()
{
return CollectionUtilities.Proxy(targetGroups);
}
private ISet<GeneralName> ExtractGeneralNames(IEnumerable<object> names)
{
var result = new HashSet<GeneralName>();
if (names != null)
{
foreach (object o in names)
{
if (o is GeneralName gn)
{
result.Add(gn);
}
else if (o is byte[] bs)
{
result.Add(GeneralName.GetInstance(Asn1Object.FromByteArray(bs)));
}
else
{
throw new InvalidOperationException();
}
}
}
return result;
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 7bdee3bc8eda2544bb064655edb86039
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,92 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
{
/// <remarks>
/// This class is an <code>IX509Selector</code> implementation to select
/// certificate pairs, which are e.g. used for cross certificates. The set of
/// criteria is given from two <code>X509CertStoreSelector</code> objects,
/// each of which, if present, must match the respective component of a pair.
/// </remarks>
public class X509CertPairStoreSelector
: ISelector<X509CertificatePair>
{
private static X509CertStoreSelector CloneSelector(
X509CertStoreSelector s)
{
return s == null ? null : (X509CertStoreSelector) s.Clone();
}
private X509CertificatePair certPair;
private X509CertStoreSelector forwardSelector;
private X509CertStoreSelector reverseSelector;
public X509CertPairStoreSelector()
{
}
private X509CertPairStoreSelector(
X509CertPairStoreSelector o)
{
this.certPair = o.CertPair;
this.forwardSelector = o.ForwardSelector;
this.reverseSelector = o.ReverseSelector;
}
/// <summary>The certificate pair which is used for testing on equality.</summary>
public X509CertificatePair CertPair
{
get { return certPair; }
set { this.certPair = value; }
}
/// <summary>The certificate selector for the forward part.</summary>
public X509CertStoreSelector ForwardSelector
{
get { return CloneSelector(forwardSelector); }
set { this.forwardSelector = CloneSelector(value); }
}
/// <summary>The certificate selector for the reverse part.</summary>
public X509CertStoreSelector ReverseSelector
{
get { return CloneSelector(reverseSelector); }
set { this.reverseSelector = CloneSelector(value); }
}
/// <summary>
/// Decides if the given certificate pair should be selected. If
/// <c>obj</c> is not a <code>X509CertificatePair</code>, this method
/// returns <code>false</code>.
/// </summary>
/// <param name="pair">The <code>X509CertificatePair</code> to be tested.</param>
/// <returns><code>true</code> if the object matches this selector.</returns>
public bool Match(X509CertificatePair pair)
{
if (pair == null)
return false;
if (certPair != null && !certPair.Equals(pair))
return false;
if (forwardSelector != null && !forwardSelector.Match(pair.Forward))
return false;
if (reverseSelector != null && !reverseSelector.Match(pair.Reverse))
return false;
return true;
}
public object Clone()
{
return new X509CertPairStoreSelector(this);
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 28bb652f85dbfbb4ca2c7937b52a7cc3
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,333 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections.Generic;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
{
public class X509CertStoreSelector
: ISelector<X509Certificate>
{
// TODO Missing criteria?
private byte[] authorityKeyIdentifier;
private int basicConstraints = -1;
private X509Certificate certificate;
private DateTime? certificateValid;
private ISet<DerObjectIdentifier> extendedKeyUsage;
private bool ignoreX509NameOrdering;
private X509Name issuer;
private bool[] keyUsage;
private ISet<DerObjectIdentifier> policy;
private DateTime? privateKeyValid;
private BigInteger serialNumber;
private X509Name subject;
private byte[] subjectKeyIdentifier;
private SubjectPublicKeyInfo subjectPublicKey;
private DerObjectIdentifier subjectPublicKeyAlgID;
public X509CertStoreSelector()
{
}
public X509CertStoreSelector(
X509CertStoreSelector o)
{
this.authorityKeyIdentifier = o.AuthorityKeyIdentifier;
this.basicConstraints = o.BasicConstraints;
this.certificate = o.Certificate;
this.certificateValid = o.CertificateValid;
this.extendedKeyUsage = o.ExtendedKeyUsage;
this.ignoreX509NameOrdering = o.IgnoreX509NameOrdering;
this.issuer = o.Issuer;
this.keyUsage = o.KeyUsage;
this.policy = o.Policy;
this.privateKeyValid = o.PrivateKeyValid;
this.serialNumber = o.SerialNumber;
this.subject = o.Subject;
this.subjectKeyIdentifier = o.SubjectKeyIdentifier;
this.subjectPublicKey = o.SubjectPublicKey;
this.subjectPublicKeyAlgID = o.SubjectPublicKeyAlgID;
}
public virtual object Clone()
{
return new X509CertStoreSelector(this);
}
public byte[] AuthorityKeyIdentifier
{
get { return Arrays.Clone(authorityKeyIdentifier); }
set { authorityKeyIdentifier = Arrays.Clone(value); }
}
public int BasicConstraints
{
get { return basicConstraints; }
set
{
if (value < -2)
throw new ArgumentException("value can't be less than -2", "value");
basicConstraints = value;
}
}
public X509Certificate Certificate
{
get { return certificate; }
set { this.certificate = value; }
}
public DateTime? CertificateValid
{
get { return certificateValid; }
set { certificateValid = value; }
}
public ISet<DerObjectIdentifier> ExtendedKeyUsage
{
get { return CopySet(extendedKeyUsage); }
set { extendedKeyUsage = CopySet(value); }
}
public bool IgnoreX509NameOrdering
{
get { return ignoreX509NameOrdering; }
set { this.ignoreX509NameOrdering = value; }
}
public X509Name Issuer
{
get { return issuer; }
set { issuer = value; }
}
public bool[] KeyUsage
{
get { return CopyBoolArray(keyUsage); }
set { keyUsage = CopyBoolArray(value); }
}
/// <summary>
/// An <code>ISet</code> of <code>DerObjectIdentifier</code> objects.
/// </summary>
public ISet<DerObjectIdentifier> Policy
{
get { return CopySet(policy); }
set { policy = CopySet(value); }
}
public DateTime? PrivateKeyValid
{
get { return privateKeyValid; }
set { privateKeyValid = value; }
}
public BigInteger SerialNumber
{
get { return serialNumber; }
set { serialNumber = value; }
}
public X509Name Subject
{
get { return subject; }
set { subject = value; }
}
public byte[] SubjectKeyIdentifier
{
get { return Arrays.Clone(subjectKeyIdentifier); }
set { subjectKeyIdentifier = Arrays.Clone(value); }
}
public SubjectPublicKeyInfo SubjectPublicKey
{
get { return subjectPublicKey; }
set { subjectPublicKey = value; }
}
public DerObjectIdentifier SubjectPublicKeyAlgID
{
get { return subjectPublicKeyAlgID; }
set { subjectPublicKeyAlgID = value; }
}
public virtual bool Match(X509Certificate c)
{
if (c == null)
return false;
if (!MatchExtension(authorityKeyIdentifier, c, X509Extensions.AuthorityKeyIdentifier))
return false;
if (basicConstraints != -1)
{
int bc = c.GetBasicConstraints();
if (basicConstraints == -2)
{
if (bc != -1)
return false;
}
else
{
if (bc < basicConstraints)
return false;
}
}
if (certificate != null && !certificate.Equals(c))
return false;
if (certificateValid != null && !c.IsValid(certificateValid.Value))
return false;
if (extendedKeyUsage != null)
{
var eku = c.GetExtendedKeyUsage();
// Note: if no extended key usage set, all key purposes are implicitly allowed
if (eku != null)
{
foreach (DerObjectIdentifier oid in extendedKeyUsage)
{
if (!eku.Contains(oid))
return false;
}
}
}
if (issuer != null && !issuer.Equivalent(c.IssuerDN, !ignoreX509NameOrdering))
return false;
if (keyUsage != null)
{
bool[] ku = c.GetKeyUsage();
// Note: if no key usage set, all key purposes are implicitly allowed
if (ku != null)
{
for (int i = 0; i < 9; ++i)
{
if (keyUsage[i] && !ku[i])
return false;
}
}
}
if (policy != null)
{
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CertificatePolicies);
if (extVal == null)
return false;
Asn1Sequence certPolicies = Asn1Sequence.GetInstance(
X509ExtensionUtilities.FromExtensionValue(extVal));
if (policy.Count < 1 && certPolicies.Count < 1)
return false;
bool found = false;
foreach (PolicyInformation pi in certPolicies)
{
if (policy.Contains(pi.PolicyIdentifier))
{
found = true;
break;
}
}
if (!found)
return false;
}
if (privateKeyValid != null)
{
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.PrivateKeyUsagePeriod);
if (extVal == null)
return false;
PrivateKeyUsagePeriod pkup = PrivateKeyUsagePeriod.GetInstance(
X509ExtensionUtilities.FromExtensionValue(extVal));
DateTime dt = privateKeyValid.Value;
DateTime notAfter = pkup.NotAfter.ToDateTime();
DateTime notBefore = pkup.NotBefore.ToDateTime();
if (dt.CompareTo(notAfter) > 0 || dt.CompareTo(notBefore) < 0)
return false;
}
if (serialNumber != null && !serialNumber.Equals(c.SerialNumber))
return false;
if (subject != null && !subject.Equivalent(c.SubjectDN, !ignoreX509NameOrdering))
return false;
if (!MatchExtension(subjectKeyIdentifier, c, X509Extensions.SubjectKeyIdentifier))
return false;
if (subjectPublicKey != null && !subjectPublicKey.Equals(GetSubjectPublicKey(c)))
return false;
if (subjectPublicKeyAlgID != null
&& !subjectPublicKeyAlgID.Equals(GetSubjectPublicKey(c).AlgorithmID))
return false;
return true;
}
internal static bool IssuersMatch(
X509Name a,
X509Name b)
{
return a == null ? b == null : a.Equivalent(b, true);
}
private static bool[] CopyBoolArray(
bool[] b)
{
return b == null ? null : (bool[]) b.Clone();
}
private static ISet<T> CopySet<T>(ISet<T> s)
{
return s == null ? null : new HashSet<T>(s);
}
private static SubjectPublicKeyInfo GetSubjectPublicKey(
X509Certificate c)
{
return SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(c.GetPublicKey());
}
private static bool MatchExtension(
byte[] b,
X509Certificate c,
DerObjectIdentifier oid)
{
if (b == null)
return true;
Asn1OctetString extVal = c.GetExtensionValue(oid);
if (extVal == null)
return false;
return Arrays.AreEqual(b, extVal.GetOctets());
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: bb199e290ee009e4c85f09252efca980
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,3 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: d855ab7d925ca4e4fada7aa848fcc7ff
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,3 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 815aaa87c2529e545adc0740ed315620
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,283 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections.Generic;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
{
public class X509CrlStoreSelector
: ISelector<X509Crl>
{
// TODO Missing criteria?
private X509Certificate certificateChecking;
private DateTime? dateAndTime;
private IList<X509Name> issuers;
private BigInteger maxCrlNumber;
private BigInteger minCrlNumber;
private X509V2AttributeCertificate attrCertChecking;
private bool completeCrlEnabled;
private bool deltaCrlIndicatorEnabled;
private byte[] issuingDistributionPoint;
private bool issuingDistributionPointEnabled;
private BigInteger maxBaseCrlNumber;
public X509CrlStoreSelector()
{
}
public X509CrlStoreSelector(
X509CrlStoreSelector o)
{
this.certificateChecking = o.CertificateChecking;
this.dateAndTime = o.DateAndTime;
this.issuers = o.Issuers;
this.maxCrlNumber = o.MaxCrlNumber;
this.minCrlNumber = o.MinCrlNumber;
this.deltaCrlIndicatorEnabled = o.DeltaCrlIndicatorEnabled;
this.completeCrlEnabled = o.CompleteCrlEnabled;
this.maxBaseCrlNumber = o.MaxBaseCrlNumber;
this.attrCertChecking = o.AttrCertChecking;
this.issuingDistributionPointEnabled = o.IssuingDistributionPointEnabled;
this.issuingDistributionPoint = o.IssuingDistributionPoint;
}
public virtual object Clone()
{
return new X509CrlStoreSelector(this);
}
public X509Certificate CertificateChecking
{
get { return certificateChecking; }
set { certificateChecking = value; }
}
public DateTime? DateAndTime
{
get { return dateAndTime; }
set { dateAndTime = value; }
}
/// <summary>
/// An <code>ICollection</code> of <code>X509Name</code> objects
/// </summary>
public IList<X509Name> Issuers
{
get { return new List<X509Name>(issuers); }
set { issuers = new List<X509Name>(value); }
}
public BigInteger MaxCrlNumber
{
get { return maxCrlNumber; }
set { maxCrlNumber = value; }
}
public BigInteger MinCrlNumber
{
get { return minCrlNumber; }
set { minCrlNumber = value; }
}
/**
* The attribute certificate being checked. This is not a criterion.
* Rather, it is optional information that may help a {@link X509Store} find
* CRLs that would be relevant when checking revocation for the specified
* attribute certificate. If <code>null</code> is specified, then no such
* optional information is provided.
*
* @param attrCert the <code>IX509AttributeCertificate</code> being checked (or
* <code>null</code>)
* @see #getAttrCertificateChecking()
*/
public X509V2AttributeCertificate AttrCertChecking
{
get { return attrCertChecking; }
set { this.attrCertChecking = value; }
}
/**
* If <code>true</code> only complete CRLs are returned. Defaults to
* <code>false</code>.
*
* @return <code>true</code> if only complete CRLs are returned.
*/
public bool CompleteCrlEnabled
{
get { return completeCrlEnabled; }
set { this.completeCrlEnabled = value; }
}
/**
* Returns if this selector must match CRLs with the delta CRL indicator
* extension set. Defaults to <code>false</code>.
*
* @return Returns <code>true</code> if only CRLs with the delta CRL
* indicator extension are selected.
*/
public bool DeltaCrlIndicatorEnabled
{
get { return deltaCrlIndicatorEnabled; }
set { this.deltaCrlIndicatorEnabled = value; }
}
/**
* The issuing distribution point.
* <p>
* The issuing distribution point extension is a CRL extension which
* identifies the scope and the distribution point of a CRL. The scope
* contains among others information about revocation reasons contained in
* the CRL. Delta CRLs and complete CRLs must have matching issuing
* distribution points.</p>
* <p>
* The byte array is cloned to protect against subsequent modifications.</p>
* <p>
* You must also enable or disable this criteria with
* {@link #setIssuingDistributionPointEnabled(bool)}.</p>
*
* @param issuingDistributionPoint The issuing distribution point to set.
* This is the DER encoded OCTET STRING extension value.
* @see #getIssuingDistributionPoint()
*/
public byte[] IssuingDistributionPoint
{
get { return Arrays.Clone(issuingDistributionPoint); }
set { this.issuingDistributionPoint = Arrays.Clone(value); }
}
/**
* Whether the issuing distribution point criteria should be applied.
* Defaults to <code>false</code>.
* <p>
* You may also set the issuing distribution point criteria if not a missing
* issuing distribution point should be assumed.</p>
*
* @return Returns if the issuing distribution point check is enabled.
*/
public bool IssuingDistributionPointEnabled
{
get { return issuingDistributionPointEnabled; }
set { this.issuingDistributionPointEnabled = value; }
}
/**
* The maximum base CRL number. Defaults to <code>null</code>.
*
* @return Returns the maximum base CRL number.
* @see #setMaxBaseCRLNumber(BigInteger)
*/
public BigInteger MaxBaseCrlNumber
{
get { return maxBaseCrlNumber; }
set { this.maxBaseCrlNumber = value; }
}
public virtual bool Match(X509Crl c)
{
if (c == null)
return false;
if (dateAndTime != null)
{
DateTime dt = dateAndTime.Value;
DateTime tu = c.ThisUpdate;
DateTime? nu = c.NextUpdate;
if (dt.CompareTo(tu) < 0 || nu == null || dt.CompareTo(nu.Value) >= 0)
return false;
}
if (issuers != null)
{
X509Name i = c.IssuerDN;
bool found = false;
foreach (X509Name issuer in issuers)
{
if (issuer.Equivalent(i, true))
{
found = true;
break;
}
}
if (!found)
return false;
}
if (maxCrlNumber != null || minCrlNumber != null)
{
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CrlNumber);
if (extVal == null)
return false;
BigInteger cn = CrlNumber.GetInstance(
X509ExtensionUtilities.FromExtensionValue(extVal)).PositiveValue;
if (maxCrlNumber != null && cn.CompareTo(maxCrlNumber) > 0)
return false;
if (minCrlNumber != null && cn.CompareTo(minCrlNumber) < 0)
return false;
}
DerInteger dci = null;
try
{
Asn1OctetString bytes = c.GetExtensionValue(X509Extensions.DeltaCrlIndicator);
if (bytes != null)
{
dci = DerInteger.GetInstance(X509ExtensionUtilities.FromExtensionValue(bytes));
}
}
catch (Exception)
{
return false;
}
if (dci == null)
{
if (DeltaCrlIndicatorEnabled)
return false;
}
else
{
if (CompleteCrlEnabled)
return false;
if (maxBaseCrlNumber != null && dci.PositiveValue.CompareTo(maxBaseCrlNumber) > 0)
return false;
}
if (issuingDistributionPointEnabled)
{
Asn1OctetString idp = c.GetExtensionValue(X509Extensions.IssuingDistributionPoint);
if (issuingDistributionPoint == null)
{
if (idp != null)
return false;
}
else
{
if (!Arrays.AreEqual(idp.GetOctets(), issuingDistributionPoint))
return false;
}
}
return true;
}
}
}
#pragma warning restore
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 896c55245b6bb834a87f80b975172b06
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant:

View File

@@ -0,0 +1,3 @@
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#endif

View File

@@ -0,0 +1,11 @@
fileFormatVersion: 2
guid: 515ca18011fd8064db71c583a7e23c3e
MonoImporter:
externalObjects: {}
serializedVersion: 2
defaultReferences: []
executionOrder: 0
icon: {instanceID: 0}
userData:
assetBundleName:
assetBundleVariant: