add all
This commit is contained in:
363
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509AttrCertStoreSelector.cs
vendored
Normal file
363
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509AttrCertStoreSelector.cs
vendored
Normal file
@@ -0,0 +1,363 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
|
||||
{
|
||||
/**
|
||||
* This class is an <code>Selector</code> like implementation to select
|
||||
* attribute certificates from a given set of criteria.
|
||||
*
|
||||
* @see org.bouncycastle.x509.X509AttributeCertificate
|
||||
* @see org.bouncycastle.x509.X509Store
|
||||
*/
|
||||
public class X509AttrCertStoreSelector
|
||||
: ISelector<X509V2AttributeCertificate>
|
||||
{
|
||||
// TODO: name constraints???
|
||||
|
||||
private X509V2AttributeCertificate attributeCert;
|
||||
private DateTime? attributeCertificateValid;
|
||||
private AttributeCertificateHolder holder;
|
||||
private AttributeCertificateIssuer issuer;
|
||||
private BigInteger serialNumber;
|
||||
private ISet<GeneralName> targetNames = new HashSet<GeneralName>();
|
||||
private ISet<GeneralName> targetGroups = new HashSet<GeneralName>();
|
||||
|
||||
public X509AttrCertStoreSelector()
|
||||
{
|
||||
}
|
||||
|
||||
private X509AttrCertStoreSelector(
|
||||
X509AttrCertStoreSelector o)
|
||||
{
|
||||
this.attributeCert = o.attributeCert;
|
||||
this.attributeCertificateValid = o.attributeCertificateValid;
|
||||
this.holder = o.holder;
|
||||
this.issuer = o.issuer;
|
||||
this.serialNumber = o.serialNumber;
|
||||
this.targetGroups = new HashSet<GeneralName>(o.targetGroups);
|
||||
this.targetNames = new HashSet<GeneralName>(o.targetNames);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Decides if the given attribute certificate should be selected.
|
||||
/// </summary>
|
||||
/// <param name="attrCert">The attribute certificate to be checked.</param>
|
||||
/// <returns><code>true</code> if the object matches this selector.</returns>
|
||||
public bool Match(X509V2AttributeCertificate attrCert)
|
||||
{
|
||||
if (attrCert == null)
|
||||
return false;
|
||||
|
||||
if (this.attributeCert != null && !this.attributeCert.Equals(attrCert))
|
||||
return false;
|
||||
|
||||
if (serialNumber != null && !attrCert.SerialNumber.Equals(serialNumber))
|
||||
return false;
|
||||
|
||||
if (holder != null && !attrCert.Holder.Equals(holder))
|
||||
return false;
|
||||
|
||||
if (issuer != null && !attrCert.Issuer.Equals(issuer))
|
||||
return false;
|
||||
|
||||
if (attributeCertificateValid != null && !attrCert.IsValid(attributeCertificateValid.Value))
|
||||
return false;
|
||||
|
||||
if (targetNames.Count > 0 || targetGroups.Count > 0)
|
||||
{
|
||||
Asn1OctetString targetInfoExt = attrCert.GetExtensionValue(
|
||||
X509Extensions.TargetInformation);
|
||||
|
||||
if (targetInfoExt != null)
|
||||
{
|
||||
TargetInformation targetinfo;
|
||||
try
|
||||
{
|
||||
targetinfo = TargetInformation.GetInstance(
|
||||
X509ExtensionUtilities.FromExtensionValue(targetInfoExt));
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
Targets[] targetss = targetinfo.GetTargetsObjects();
|
||||
|
||||
if (targetNames.Count > 0)
|
||||
{
|
||||
bool found = false;
|
||||
|
||||
for (int i = 0; i < targetss.Length && !found; i++)
|
||||
{
|
||||
Target[] targets = targetss[i].GetTargets();
|
||||
|
||||
for (int j = 0; j < targets.Length; j++)
|
||||
{
|
||||
GeneralName targetName = targets[j].TargetName;
|
||||
|
||||
if (targetName != null && targetNames.Contains(targetName))
|
||||
{
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!found)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (targetGroups.Count > 0)
|
||||
{
|
||||
bool found = false;
|
||||
|
||||
for (int i = 0; i < targetss.Length && !found; i++)
|
||||
{
|
||||
Target[] targets = targetss[i].GetTargets();
|
||||
|
||||
for (int j = 0; j < targets.Length; j++)
|
||||
{
|
||||
GeneralName targetGroup = targets[j].TargetGroup;
|
||||
|
||||
if (targetGroup != null && targetGroups.Contains(targetGroup))
|
||||
{
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!found)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public object Clone()
|
||||
{
|
||||
return new X509AttrCertStoreSelector(this);
|
||||
}
|
||||
|
||||
/// <summary>The attribute certificate which must be matched.</summary>
|
||||
/// <remarks>If <c>null</c> is given, any will do.</remarks>
|
||||
public X509V2AttributeCertificate AttributeCert
|
||||
{
|
||||
get { return attributeCert; }
|
||||
set { this.attributeCert = value; }
|
||||
}
|
||||
|
||||
/// <summary>The criteria for validity</summary>
|
||||
/// <remarks>If <c>null</c> is given any will do.</remarks>
|
||||
public DateTime? AttributeCertificateValid
|
||||
{
|
||||
get { return attributeCertificateValid; }
|
||||
set { this.attributeCertificateValid = value; }
|
||||
}
|
||||
|
||||
/// <summary>The holder.</summary>
|
||||
/// <remarks>If <c>null</c> is given any will do.</remarks>
|
||||
public AttributeCertificateHolder Holder
|
||||
{
|
||||
get { return holder; }
|
||||
set { this.holder = value; }
|
||||
}
|
||||
|
||||
/// <summary>The issuer.</summary>
|
||||
/// <remarks>If <c>null</c> is given any will do.</remarks>
|
||||
public AttributeCertificateIssuer Issuer
|
||||
{
|
||||
get { return issuer; }
|
||||
set { this.issuer = value; }
|
||||
}
|
||||
|
||||
/// <summary>The serial number.</summary>
|
||||
/// <remarks>If <c>null</c> is given any will do.</remarks>
|
||||
public BigInteger SerialNumber
|
||||
{
|
||||
get { return serialNumber; }
|
||||
set { this.serialNumber = value; }
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a target name criterion for the attribute certificate to the target
|
||||
* information extension criteria. The <code>X509AttributeCertificate</code>
|
||||
* must contain at least one of the specified target names.
|
||||
* <p>
|
||||
* Each attribute certificate may contain a target information extension
|
||||
* limiting the servers where this attribute certificate can be used. If
|
||||
* this extension is not present, the attribute certificate is not targeted
|
||||
* and may be accepted by any server.
|
||||
* </p>
|
||||
*
|
||||
* @param name The name as a GeneralName (not <code>null</code>)
|
||||
*/
|
||||
public void AddTargetName(
|
||||
GeneralName name)
|
||||
{
|
||||
targetNames.Add(name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a target name criterion for the attribute certificate to the target
|
||||
* information extension criteria. The <code>X509AttributeCertificate</code>
|
||||
* must contain at least one of the specified target names.
|
||||
* <p>
|
||||
* Each attribute certificate may contain a target information extension
|
||||
* limiting the servers where this attribute certificate can be used. If
|
||||
* this extension is not present, the attribute certificate is not targeted
|
||||
* and may be accepted by any server.
|
||||
* </p>
|
||||
*
|
||||
* @param name a byte array containing the name in ASN.1 DER encoded form of a GeneralName
|
||||
* @throws IOException if a parsing error occurs.
|
||||
*/
|
||||
public void AddTargetName(byte[] name)
|
||||
{
|
||||
AddTargetName(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a collection with target names criteria. If <code>null</code> is
|
||||
* given any will do.
|
||||
* <p>
|
||||
* The collection consists of either GeneralName objects or byte[] arrays representing
|
||||
* DER encoded GeneralName structures.
|
||||
* </p>
|
||||
*
|
||||
* @param names A collection of target names.
|
||||
* @throws IOException if a parsing error occurs.
|
||||
* @see #AddTargetName(byte[])
|
||||
* @see #AddTargetName(GeneralName)
|
||||
*/
|
||||
public void SetTargetNames(IEnumerable<object> names)
|
||||
{
|
||||
targetNames = ExtractGeneralNames(names);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the target names. The collection consists of <code>List</code>s
|
||||
* made up of an <code>Integer</code> in the first entry and a DER encoded
|
||||
* byte array or a <code>String</code> in the second entry.
|
||||
* <p>The returned collection is immutable.</p>
|
||||
*
|
||||
* @return The collection of target names
|
||||
* @see #setTargetNames(Collection)
|
||||
*/
|
||||
public IEnumerable<GeneralName> GetTargetNames()
|
||||
{
|
||||
return CollectionUtilities.Proxy(targetNames);
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a target group criterion for the attribute certificate to the target
|
||||
* information extension criteria. The <code>X509AttributeCertificate</code>
|
||||
* must contain at least one of the specified target groups.
|
||||
* <p>
|
||||
* Each attribute certificate may contain a target information extension
|
||||
* limiting the servers where this attribute certificate can be used. If
|
||||
* this extension is not present, the attribute certificate is not targeted
|
||||
* and may be accepted by any server.
|
||||
* </p>
|
||||
*
|
||||
* @param group The group as GeneralName form (not <code>null</code>)
|
||||
*/
|
||||
public void AddTargetGroup(GeneralName group)
|
||||
{
|
||||
targetGroups.Add(group);
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a target group criterion for the attribute certificate to the target
|
||||
* information extension criteria. The <code>X509AttributeCertificate</code>
|
||||
* must contain at least one of the specified target groups.
|
||||
* <p>
|
||||
* Each attribute certificate may contain a target information extension
|
||||
* limiting the servers where this attribute certificate can be used. If
|
||||
* this extension is not present, the attribute certificate is not targeted
|
||||
* and may be accepted by any server.
|
||||
* </p>
|
||||
*
|
||||
* @param name a byte array containing the group in ASN.1 DER encoded form of a GeneralName
|
||||
* @throws IOException if a parsing error occurs.
|
||||
*/
|
||||
public void AddTargetGroup(byte[] name)
|
||||
{
|
||||
AddTargetGroup(GeneralName.GetInstance(Asn1Object.FromByteArray(name)));
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a collection with target groups criteria. If <code>null</code> is
|
||||
* given any will do.
|
||||
* <p>
|
||||
* The collection consists of <code>GeneralName</code> objects or <code>byte[]</code>
|
||||
* representing DER encoded GeneralNames.
|
||||
* </p>
|
||||
*
|
||||
* @param names A collection of target groups.
|
||||
* @throws IOException if a parsing error occurs.
|
||||
* @see #AddTargetGroup(byte[])
|
||||
* @see #AddTargetGroup(GeneralName)
|
||||
*/
|
||||
public void SetTargetGroups(IEnumerable<object> names)
|
||||
{
|
||||
targetGroups = ExtractGeneralNames(names);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the target groups. The collection consists of <code>List</code>s
|
||||
* made up of an <code>Integer</code> in the first entry and a DER encoded
|
||||
* byte array or a <code>String</code> in the second entry.
|
||||
* <p>The returned collection is immutable.</p>
|
||||
*
|
||||
* @return The collection of target groups.
|
||||
* @see #setTargetGroups(Collection)
|
||||
*/
|
||||
public IEnumerable<GeneralName> GetTargetGroups()
|
||||
{
|
||||
return CollectionUtilities.Proxy(targetGroups);
|
||||
}
|
||||
|
||||
private ISet<GeneralName> ExtractGeneralNames(IEnumerable<object> names)
|
||||
{
|
||||
var result = new HashSet<GeneralName>();
|
||||
|
||||
if (names != null)
|
||||
{
|
||||
foreach (object o in names)
|
||||
{
|
||||
if (o is GeneralName gn)
|
||||
{
|
||||
result.Add(gn);
|
||||
}
|
||||
else if (o is byte[] bs)
|
||||
{
|
||||
result.Add(GeneralName.GetInstance(Asn1Object.FromByteArray(bs)));
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new InvalidOperationException();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 7bdee3bc8eda2544bb064655edb86039
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
@@ -0,0 +1,92 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
|
||||
{
|
||||
/// <remarks>
|
||||
/// This class is an <code>IX509Selector</code> implementation to select
|
||||
/// certificate pairs, which are e.g. used for cross certificates. The set of
|
||||
/// criteria is given from two <code>X509CertStoreSelector</code> objects,
|
||||
/// each of which, if present, must match the respective component of a pair.
|
||||
/// </remarks>
|
||||
public class X509CertPairStoreSelector
|
||||
: ISelector<X509CertificatePair>
|
||||
{
|
||||
private static X509CertStoreSelector CloneSelector(
|
||||
X509CertStoreSelector s)
|
||||
{
|
||||
return s == null ? null : (X509CertStoreSelector) s.Clone();
|
||||
}
|
||||
|
||||
private X509CertificatePair certPair;
|
||||
private X509CertStoreSelector forwardSelector;
|
||||
private X509CertStoreSelector reverseSelector;
|
||||
|
||||
public X509CertPairStoreSelector()
|
||||
{
|
||||
}
|
||||
|
||||
private X509CertPairStoreSelector(
|
||||
X509CertPairStoreSelector o)
|
||||
{
|
||||
this.certPair = o.CertPair;
|
||||
this.forwardSelector = o.ForwardSelector;
|
||||
this.reverseSelector = o.ReverseSelector;
|
||||
}
|
||||
|
||||
/// <summary>The certificate pair which is used for testing on equality.</summary>
|
||||
public X509CertificatePair CertPair
|
||||
{
|
||||
get { return certPair; }
|
||||
set { this.certPair = value; }
|
||||
}
|
||||
|
||||
/// <summary>The certificate selector for the forward part.</summary>
|
||||
public X509CertStoreSelector ForwardSelector
|
||||
{
|
||||
get { return CloneSelector(forwardSelector); }
|
||||
set { this.forwardSelector = CloneSelector(value); }
|
||||
}
|
||||
|
||||
/// <summary>The certificate selector for the reverse part.</summary>
|
||||
public X509CertStoreSelector ReverseSelector
|
||||
{
|
||||
get { return CloneSelector(reverseSelector); }
|
||||
set { this.reverseSelector = CloneSelector(value); }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Decides if the given certificate pair should be selected. If
|
||||
/// <c>obj</c> is not a <code>X509CertificatePair</code>, this method
|
||||
/// returns <code>false</code>.
|
||||
/// </summary>
|
||||
/// <param name="pair">The <code>X509CertificatePair</code> to be tested.</param>
|
||||
/// <returns><code>true</code> if the object matches this selector.</returns>
|
||||
public bool Match(X509CertificatePair pair)
|
||||
{
|
||||
if (pair == null)
|
||||
return false;
|
||||
|
||||
if (certPair != null && !certPair.Equals(pair))
|
||||
return false;
|
||||
|
||||
if (forwardSelector != null && !forwardSelector.Match(pair.Forward))
|
||||
return false;
|
||||
|
||||
if (reverseSelector != null && !reverseSelector.Match(pair.Reverse))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public object Clone()
|
||||
{
|
||||
return new X509CertPairStoreSelector(this);
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 28bb652f85dbfbb4ca2c7937b52a7cc3
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
333
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509CertStoreSelector.cs
vendored
Normal file
333
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509CertStoreSelector.cs
vendored
Normal file
@@ -0,0 +1,333 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
|
||||
{
|
||||
public class X509CertStoreSelector
|
||||
: ISelector<X509Certificate>
|
||||
{
|
||||
// TODO Missing criteria?
|
||||
|
||||
private byte[] authorityKeyIdentifier;
|
||||
private int basicConstraints = -1;
|
||||
private X509Certificate certificate;
|
||||
private DateTime? certificateValid;
|
||||
private ISet<DerObjectIdentifier> extendedKeyUsage;
|
||||
private bool ignoreX509NameOrdering;
|
||||
private X509Name issuer;
|
||||
private bool[] keyUsage;
|
||||
private ISet<DerObjectIdentifier> policy;
|
||||
private DateTime? privateKeyValid;
|
||||
private BigInteger serialNumber;
|
||||
private X509Name subject;
|
||||
private byte[] subjectKeyIdentifier;
|
||||
private SubjectPublicKeyInfo subjectPublicKey;
|
||||
private DerObjectIdentifier subjectPublicKeyAlgID;
|
||||
|
||||
public X509CertStoreSelector()
|
||||
{
|
||||
}
|
||||
|
||||
public X509CertStoreSelector(
|
||||
X509CertStoreSelector o)
|
||||
{
|
||||
this.authorityKeyIdentifier = o.AuthorityKeyIdentifier;
|
||||
this.basicConstraints = o.BasicConstraints;
|
||||
this.certificate = o.Certificate;
|
||||
this.certificateValid = o.CertificateValid;
|
||||
this.extendedKeyUsage = o.ExtendedKeyUsage;
|
||||
this.ignoreX509NameOrdering = o.IgnoreX509NameOrdering;
|
||||
this.issuer = o.Issuer;
|
||||
this.keyUsage = o.KeyUsage;
|
||||
this.policy = o.Policy;
|
||||
this.privateKeyValid = o.PrivateKeyValid;
|
||||
this.serialNumber = o.SerialNumber;
|
||||
this.subject = o.Subject;
|
||||
this.subjectKeyIdentifier = o.SubjectKeyIdentifier;
|
||||
this.subjectPublicKey = o.SubjectPublicKey;
|
||||
this.subjectPublicKeyAlgID = o.SubjectPublicKeyAlgID;
|
||||
}
|
||||
|
||||
public virtual object Clone()
|
||||
{
|
||||
return new X509CertStoreSelector(this);
|
||||
}
|
||||
|
||||
public byte[] AuthorityKeyIdentifier
|
||||
{
|
||||
get { return Arrays.Clone(authorityKeyIdentifier); }
|
||||
set { authorityKeyIdentifier = Arrays.Clone(value); }
|
||||
}
|
||||
|
||||
public int BasicConstraints
|
||||
{
|
||||
get { return basicConstraints; }
|
||||
set
|
||||
{
|
||||
if (value < -2)
|
||||
throw new ArgumentException("value can't be less than -2", "value");
|
||||
|
||||
basicConstraints = value;
|
||||
}
|
||||
}
|
||||
|
||||
public X509Certificate Certificate
|
||||
{
|
||||
get { return certificate; }
|
||||
set { this.certificate = value; }
|
||||
}
|
||||
|
||||
public DateTime? CertificateValid
|
||||
{
|
||||
get { return certificateValid; }
|
||||
set { certificateValid = value; }
|
||||
}
|
||||
|
||||
public ISet<DerObjectIdentifier> ExtendedKeyUsage
|
||||
{
|
||||
get { return CopySet(extendedKeyUsage); }
|
||||
set { extendedKeyUsage = CopySet(value); }
|
||||
}
|
||||
|
||||
public bool IgnoreX509NameOrdering
|
||||
{
|
||||
get { return ignoreX509NameOrdering; }
|
||||
set { this.ignoreX509NameOrdering = value; }
|
||||
}
|
||||
|
||||
public X509Name Issuer
|
||||
{
|
||||
get { return issuer; }
|
||||
set { issuer = value; }
|
||||
}
|
||||
|
||||
public bool[] KeyUsage
|
||||
{
|
||||
get { return CopyBoolArray(keyUsage); }
|
||||
set { keyUsage = CopyBoolArray(value); }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// An <code>ISet</code> of <code>DerObjectIdentifier</code> objects.
|
||||
/// </summary>
|
||||
public ISet<DerObjectIdentifier> Policy
|
||||
{
|
||||
get { return CopySet(policy); }
|
||||
set { policy = CopySet(value); }
|
||||
}
|
||||
|
||||
public DateTime? PrivateKeyValid
|
||||
{
|
||||
get { return privateKeyValid; }
|
||||
set { privateKeyValid = value; }
|
||||
}
|
||||
|
||||
public BigInteger SerialNumber
|
||||
{
|
||||
get { return serialNumber; }
|
||||
set { serialNumber = value; }
|
||||
}
|
||||
|
||||
public X509Name Subject
|
||||
{
|
||||
get { return subject; }
|
||||
set { subject = value; }
|
||||
}
|
||||
|
||||
public byte[] SubjectKeyIdentifier
|
||||
{
|
||||
get { return Arrays.Clone(subjectKeyIdentifier); }
|
||||
set { subjectKeyIdentifier = Arrays.Clone(value); }
|
||||
}
|
||||
|
||||
public SubjectPublicKeyInfo SubjectPublicKey
|
||||
{
|
||||
get { return subjectPublicKey; }
|
||||
set { subjectPublicKey = value; }
|
||||
}
|
||||
|
||||
public DerObjectIdentifier SubjectPublicKeyAlgID
|
||||
{
|
||||
get { return subjectPublicKeyAlgID; }
|
||||
set { subjectPublicKeyAlgID = value; }
|
||||
}
|
||||
|
||||
public virtual bool Match(X509Certificate c)
|
||||
{
|
||||
if (c == null)
|
||||
return false;
|
||||
|
||||
if (!MatchExtension(authorityKeyIdentifier, c, X509Extensions.AuthorityKeyIdentifier))
|
||||
return false;
|
||||
|
||||
if (basicConstraints != -1)
|
||||
{
|
||||
int bc = c.GetBasicConstraints();
|
||||
|
||||
if (basicConstraints == -2)
|
||||
{
|
||||
if (bc != -1)
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (bc < basicConstraints)
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (certificate != null && !certificate.Equals(c))
|
||||
return false;
|
||||
|
||||
if (certificateValid != null && !c.IsValid(certificateValid.Value))
|
||||
return false;
|
||||
|
||||
if (extendedKeyUsage != null)
|
||||
{
|
||||
var eku = c.GetExtendedKeyUsage();
|
||||
|
||||
// Note: if no extended key usage set, all key purposes are implicitly allowed
|
||||
|
||||
if (eku != null)
|
||||
{
|
||||
foreach (DerObjectIdentifier oid in extendedKeyUsage)
|
||||
{
|
||||
if (!eku.Contains(oid))
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (issuer != null && !issuer.Equivalent(c.IssuerDN, !ignoreX509NameOrdering))
|
||||
return false;
|
||||
|
||||
if (keyUsage != null)
|
||||
{
|
||||
bool[] ku = c.GetKeyUsage();
|
||||
|
||||
// Note: if no key usage set, all key purposes are implicitly allowed
|
||||
|
||||
if (ku != null)
|
||||
{
|
||||
for (int i = 0; i < 9; ++i)
|
||||
{
|
||||
if (keyUsage[i] && !ku[i])
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (policy != null)
|
||||
{
|
||||
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CertificatePolicies);
|
||||
if (extVal == null)
|
||||
return false;
|
||||
|
||||
Asn1Sequence certPolicies = Asn1Sequence.GetInstance(
|
||||
X509ExtensionUtilities.FromExtensionValue(extVal));
|
||||
|
||||
if (policy.Count < 1 && certPolicies.Count < 1)
|
||||
return false;
|
||||
|
||||
bool found = false;
|
||||
foreach (PolicyInformation pi in certPolicies)
|
||||
{
|
||||
if (policy.Contains(pi.PolicyIdentifier))
|
||||
{
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!found)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (privateKeyValid != null)
|
||||
{
|
||||
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.PrivateKeyUsagePeriod);
|
||||
if (extVal == null)
|
||||
return false;
|
||||
|
||||
PrivateKeyUsagePeriod pkup = PrivateKeyUsagePeriod.GetInstance(
|
||||
X509ExtensionUtilities.FromExtensionValue(extVal));
|
||||
|
||||
DateTime dt = privateKeyValid.Value;
|
||||
DateTime notAfter = pkup.NotAfter.ToDateTime();
|
||||
DateTime notBefore = pkup.NotBefore.ToDateTime();
|
||||
|
||||
if (dt.CompareTo(notAfter) > 0 || dt.CompareTo(notBefore) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (serialNumber != null && !serialNumber.Equals(c.SerialNumber))
|
||||
return false;
|
||||
|
||||
if (subject != null && !subject.Equivalent(c.SubjectDN, !ignoreX509NameOrdering))
|
||||
return false;
|
||||
|
||||
if (!MatchExtension(subjectKeyIdentifier, c, X509Extensions.SubjectKeyIdentifier))
|
||||
return false;
|
||||
|
||||
if (subjectPublicKey != null && !subjectPublicKey.Equals(GetSubjectPublicKey(c)))
|
||||
return false;
|
||||
|
||||
if (subjectPublicKeyAlgID != null
|
||||
&& !subjectPublicKeyAlgID.Equals(GetSubjectPublicKey(c).AlgorithmID))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
internal static bool IssuersMatch(
|
||||
X509Name a,
|
||||
X509Name b)
|
||||
{
|
||||
return a == null ? b == null : a.Equivalent(b, true);
|
||||
}
|
||||
|
||||
private static bool[] CopyBoolArray(
|
||||
bool[] b)
|
||||
{
|
||||
return b == null ? null : (bool[]) b.Clone();
|
||||
}
|
||||
|
||||
private static ISet<T> CopySet<T>(ISet<T> s)
|
||||
{
|
||||
return s == null ? null : new HashSet<T>(s);
|
||||
}
|
||||
|
||||
private static SubjectPublicKeyInfo GetSubjectPublicKey(
|
||||
X509Certificate c)
|
||||
{
|
||||
return SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(c.GetPublicKey());
|
||||
}
|
||||
|
||||
private static bool MatchExtension(
|
||||
byte[] b,
|
||||
X509Certificate c,
|
||||
DerObjectIdentifier oid)
|
||||
{
|
||||
if (b == null)
|
||||
return true;
|
||||
|
||||
Asn1OctetString extVal = c.GetExtensionValue(oid);
|
||||
|
||||
if (extVal == null)
|
||||
return false;
|
||||
|
||||
return Arrays.AreEqual(b, extVal.GetOctets());
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: bb199e290ee009e4c85f09252efca980
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
@@ -0,0 +1,3 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: d855ab7d925ca4e4fada7aa848fcc7ff
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
@@ -0,0 +1,3 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 815aaa87c2529e545adc0740ed315620
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
283
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509CrlStoreSelector.cs
vendored
Normal file
283
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509CrlStoreSelector.cs
vendored
Normal file
@@ -0,0 +1,283 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
#pragma warning disable
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Asn1.X509;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Math;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
|
||||
using Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Extension;
|
||||
|
||||
namespace Best.HTTP.SecureProtocol.Org.BouncyCastle.X509.Store
|
||||
{
|
||||
public class X509CrlStoreSelector
|
||||
: ISelector<X509Crl>
|
||||
{
|
||||
// TODO Missing criteria?
|
||||
|
||||
private X509Certificate certificateChecking;
|
||||
private DateTime? dateAndTime;
|
||||
private IList<X509Name> issuers;
|
||||
private BigInteger maxCrlNumber;
|
||||
private BigInteger minCrlNumber;
|
||||
|
||||
private X509V2AttributeCertificate attrCertChecking;
|
||||
private bool completeCrlEnabled;
|
||||
private bool deltaCrlIndicatorEnabled;
|
||||
private byte[] issuingDistributionPoint;
|
||||
private bool issuingDistributionPointEnabled;
|
||||
private BigInteger maxBaseCrlNumber;
|
||||
|
||||
public X509CrlStoreSelector()
|
||||
{
|
||||
}
|
||||
|
||||
public X509CrlStoreSelector(
|
||||
X509CrlStoreSelector o)
|
||||
{
|
||||
this.certificateChecking = o.CertificateChecking;
|
||||
this.dateAndTime = o.DateAndTime;
|
||||
this.issuers = o.Issuers;
|
||||
this.maxCrlNumber = o.MaxCrlNumber;
|
||||
this.minCrlNumber = o.MinCrlNumber;
|
||||
|
||||
this.deltaCrlIndicatorEnabled = o.DeltaCrlIndicatorEnabled;
|
||||
this.completeCrlEnabled = o.CompleteCrlEnabled;
|
||||
this.maxBaseCrlNumber = o.MaxBaseCrlNumber;
|
||||
this.attrCertChecking = o.AttrCertChecking;
|
||||
this.issuingDistributionPointEnabled = o.IssuingDistributionPointEnabled;
|
||||
this.issuingDistributionPoint = o.IssuingDistributionPoint;
|
||||
}
|
||||
|
||||
public virtual object Clone()
|
||||
{
|
||||
return new X509CrlStoreSelector(this);
|
||||
}
|
||||
|
||||
public X509Certificate CertificateChecking
|
||||
{
|
||||
get { return certificateChecking; }
|
||||
set { certificateChecking = value; }
|
||||
}
|
||||
|
||||
public DateTime? DateAndTime
|
||||
{
|
||||
get { return dateAndTime; }
|
||||
set { dateAndTime = value; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// An <code>ICollection</code> of <code>X509Name</code> objects
|
||||
/// </summary>
|
||||
public IList<X509Name> Issuers
|
||||
{
|
||||
get { return new List<X509Name>(issuers); }
|
||||
set { issuers = new List<X509Name>(value); }
|
||||
}
|
||||
|
||||
public BigInteger MaxCrlNumber
|
||||
{
|
||||
get { return maxCrlNumber; }
|
||||
set { maxCrlNumber = value; }
|
||||
}
|
||||
|
||||
public BigInteger MinCrlNumber
|
||||
{
|
||||
get { return minCrlNumber; }
|
||||
set { minCrlNumber = value; }
|
||||
}
|
||||
|
||||
/**
|
||||
* The attribute certificate being checked. This is not a criterion.
|
||||
* Rather, it is optional information that may help a {@link X509Store} find
|
||||
* CRLs that would be relevant when checking revocation for the specified
|
||||
* attribute certificate. If <code>null</code> is specified, then no such
|
||||
* optional information is provided.
|
||||
*
|
||||
* @param attrCert the <code>IX509AttributeCertificate</code> being checked (or
|
||||
* <code>null</code>)
|
||||
* @see #getAttrCertificateChecking()
|
||||
*/
|
||||
public X509V2AttributeCertificate AttrCertChecking
|
||||
{
|
||||
get { return attrCertChecking; }
|
||||
set { this.attrCertChecking = value; }
|
||||
}
|
||||
|
||||
/**
|
||||
* If <code>true</code> only complete CRLs are returned. Defaults to
|
||||
* <code>false</code>.
|
||||
*
|
||||
* @return <code>true</code> if only complete CRLs are returned.
|
||||
*/
|
||||
public bool CompleteCrlEnabled
|
||||
{
|
||||
get { return completeCrlEnabled; }
|
||||
set { this.completeCrlEnabled = value; }
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns if this selector must match CRLs with the delta CRL indicator
|
||||
* extension set. Defaults to <code>false</code>.
|
||||
*
|
||||
* @return Returns <code>true</code> if only CRLs with the delta CRL
|
||||
* indicator extension are selected.
|
||||
*/
|
||||
public bool DeltaCrlIndicatorEnabled
|
||||
{
|
||||
get { return deltaCrlIndicatorEnabled; }
|
||||
set { this.deltaCrlIndicatorEnabled = value; }
|
||||
}
|
||||
|
||||
/**
|
||||
* The issuing distribution point.
|
||||
* <p>
|
||||
* The issuing distribution point extension is a CRL extension which
|
||||
* identifies the scope and the distribution point of a CRL. The scope
|
||||
* contains among others information about revocation reasons contained in
|
||||
* the CRL. Delta CRLs and complete CRLs must have matching issuing
|
||||
* distribution points.</p>
|
||||
* <p>
|
||||
* The byte array is cloned to protect against subsequent modifications.</p>
|
||||
* <p>
|
||||
* You must also enable or disable this criteria with
|
||||
* {@link #setIssuingDistributionPointEnabled(bool)}.</p>
|
||||
*
|
||||
* @param issuingDistributionPoint The issuing distribution point to set.
|
||||
* This is the DER encoded OCTET STRING extension value.
|
||||
* @see #getIssuingDistributionPoint()
|
||||
*/
|
||||
public byte[] IssuingDistributionPoint
|
||||
{
|
||||
get { return Arrays.Clone(issuingDistributionPoint); }
|
||||
set { this.issuingDistributionPoint = Arrays.Clone(value); }
|
||||
}
|
||||
|
||||
/**
|
||||
* Whether the issuing distribution point criteria should be applied.
|
||||
* Defaults to <code>false</code>.
|
||||
* <p>
|
||||
* You may also set the issuing distribution point criteria if not a missing
|
||||
* issuing distribution point should be assumed.</p>
|
||||
*
|
||||
* @return Returns if the issuing distribution point check is enabled.
|
||||
*/
|
||||
public bool IssuingDistributionPointEnabled
|
||||
{
|
||||
get { return issuingDistributionPointEnabled; }
|
||||
set { this.issuingDistributionPointEnabled = value; }
|
||||
}
|
||||
|
||||
/**
|
||||
* The maximum base CRL number. Defaults to <code>null</code>.
|
||||
*
|
||||
* @return Returns the maximum base CRL number.
|
||||
* @see #setMaxBaseCRLNumber(BigInteger)
|
||||
*/
|
||||
public BigInteger MaxBaseCrlNumber
|
||||
{
|
||||
get { return maxBaseCrlNumber; }
|
||||
set { this.maxBaseCrlNumber = value; }
|
||||
}
|
||||
|
||||
public virtual bool Match(X509Crl c)
|
||||
{
|
||||
if (c == null)
|
||||
return false;
|
||||
|
||||
if (dateAndTime != null)
|
||||
{
|
||||
DateTime dt = dateAndTime.Value;
|
||||
DateTime tu = c.ThisUpdate;
|
||||
DateTime? nu = c.NextUpdate;
|
||||
|
||||
if (dt.CompareTo(tu) < 0 || nu == null || dt.CompareTo(nu.Value) >= 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (issuers != null)
|
||||
{
|
||||
X509Name i = c.IssuerDN;
|
||||
|
||||
bool found = false;
|
||||
|
||||
foreach (X509Name issuer in issuers)
|
||||
{
|
||||
if (issuer.Equivalent(i, true))
|
||||
{
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!found)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (maxCrlNumber != null || minCrlNumber != null)
|
||||
{
|
||||
Asn1OctetString extVal = c.GetExtensionValue(X509Extensions.CrlNumber);
|
||||
if (extVal == null)
|
||||
return false;
|
||||
|
||||
BigInteger cn = CrlNumber.GetInstance(
|
||||
X509ExtensionUtilities.FromExtensionValue(extVal)).PositiveValue;
|
||||
|
||||
if (maxCrlNumber != null && cn.CompareTo(maxCrlNumber) > 0)
|
||||
return false;
|
||||
|
||||
if (minCrlNumber != null && cn.CompareTo(minCrlNumber) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
DerInteger dci = null;
|
||||
try
|
||||
{
|
||||
Asn1OctetString bytes = c.GetExtensionValue(X509Extensions.DeltaCrlIndicator);
|
||||
if (bytes != null)
|
||||
{
|
||||
dci = DerInteger.GetInstance(X509ExtensionUtilities.FromExtensionValue(bytes));
|
||||
}
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
if (dci == null)
|
||||
{
|
||||
if (DeltaCrlIndicatorEnabled)
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (CompleteCrlEnabled)
|
||||
return false;
|
||||
|
||||
if (maxBaseCrlNumber != null && dci.PositiveValue.CompareTo(maxBaseCrlNumber) > 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (issuingDistributionPointEnabled)
|
||||
{
|
||||
Asn1OctetString idp = c.GetExtensionValue(X509Extensions.IssuingDistributionPoint);
|
||||
if (issuingDistributionPoint == null)
|
||||
{
|
||||
if (idp != null)
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!Arrays.AreEqual(idp.GetOctets(), issuingDistributionPoint))
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
#pragma warning restore
|
||||
#endif
|
||||
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 896c55245b6bb834a87f80b975172b06
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
3
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509StoreFactory.cs
vendored
Normal file
3
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509StoreFactory.cs
vendored
Normal file
@@ -0,0 +1,3 @@
|
||||
#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
|
||||
|
||||
#endif
|
||||
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509StoreFactory.cs.meta
vendored
Normal file
11
Packages/com.tivadar.best.http/Runtime/3rdParty/BouncyCastle/x509/store/X509StoreFactory.cs.meta
vendored
Normal file
@@ -0,0 +1,11 @@
|
||||
fileFormatVersion: 2
|
||||
guid: 515ca18011fd8064db71c583a7e23c3e
|
||||
MonoImporter:
|
||||
externalObjects: {}
|
||||
serializedVersion: 2
|
||||
defaultReferences: []
|
||||
executionOrder: 0
|
||||
icon: {instanceID: 0}
|
||||
userData:
|
||||
assetBundleName:
|
||||
assetBundleVariant:
|
||||
Reference in New Issue
Block a user