XiuXian
/
XiuXianProject


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
							#if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
#pragma warning disable
using System;
using System.Collections.Generic;

using BestHTTP.SecureProtocol.Org.BouncyCastle.Security.Certificates;
using BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Collections;
using BestHTTP.SecureProtocol.Org.BouncyCastle.X509;

namespace BestHTTP.SecureProtocol.Org.BouncyCastle.Pkix
{
	/**
	* Implements the PKIX CertPathBuilding algorithm for BouncyCastle.
	*
	* @see CertPathBuilderSpi
	*/
	public class PkixCertPathBuilder
	{
		/**
		 * Build and validate a CertPath using the given parameter.
		 *
		 * @param params PKIXBuilderParameters object containing all information to
		 *            build the CertPath
		 */
		public virtual PkixCertPathBuilderResult Build(PkixBuilderParameters pkixParams)
		{
			// search target certificates

			var certSelector = pkixParams.GetTargetConstraintsCert();

			var targets = new HashSet<X509Certificate>();
			try
			{
				CollectionUtilities.CollectMatches(targets, certSelector, pkixParams.GetStoresCert());
			}
			catch (Exception e)
			{
				throw new PkixCertPathBuilderException(
					"Error finding target certificate.", e);
			}

			if (targets.Count < 1)
				throw new PkixCertPathBuilderException("No certificate found matching targetConstraints.");

			PkixCertPathBuilderResult result = null;
			var certPathList = new List<X509Certificate>();

			// check all potential target certificates
			foreach (X509Certificate cert in targets)
			{
				result = Build(cert, pkixParams, certPathList);

				if (result != null)
					break;
			}

			if (result == null && certPathException != null)
				throw new PkixCertPathBuilderException(certPathException.Message, certPathException.InnerException);

			if (result == null && certPathException == null)
				throw new PkixCertPathBuilderException("Unable to find certificate chain.");

			return result;
		}

		private Exception certPathException;

		protected virtual PkixCertPathBuilderResult Build(
			X509Certificate			tbvCert,
			PkixBuilderParameters	pkixParams,
			IList<X509Certificate>	tbvPath)
		{
			// If tbvCert is already present in tbvPath, it indicates having run into a cycle in the PKI graph.
			if (tbvPath.Contains(tbvCert))
				return null;

			// step out, the certificate is not allowed to appear in a certification chain.
			if (pkixParams.GetExcludedCerts().Contains(tbvCert))
				return null;

			// test if certificate path exceeds maximum length
			if (pkixParams.MaxPathLength != -1)
			{
				if (tbvPath.Count - 1 > pkixParams.MaxPathLength)
					return null;
			}

			tbvPath.Add(tbvCert);

			PkixCertPathBuilderResult builderResult = null;
			PkixCertPathValidator validator = new PkixCertPathValidator();

			try
			{
				// check whether the issuer of <tbvCert> is a TrustAnchor
				if (PkixCertPathValidatorUtilities.IsIssuerTrustAnchor(tbvCert, pkixParams.GetTrustAnchors()))
				{
					// exception message from possibly later tried certification chains
					PkixCertPath certPath;
					try
					{
						certPath = new PkixCertPath(tbvPath);
					}
					catch (Exception e)
					{
						throw new Exception("Certification path could not be constructed from certificate list.", e);
					}

					PkixCertPathValidatorResult result;
					try
					{
						result = validator.Validate(certPath, pkixParams);
					}
					catch (Exception e)
					{
						throw new Exception(
							"Certification path could not be validated.", e);
					}

					return new PkixCertPathBuilderResult(certPath, result.TrustAnchor, result.PolicyTree,
						result.SubjectPublicKey);
				}
				else
				{
					// add additional X.509 stores from locations in certificate
					try
					{
						PkixCertPathValidatorUtilities.AddAdditionalStoresFromAltNames(tbvCert, pkixParams);
					}
					catch (CertificateParsingException e)
					{
						throw new Exception("No additiontal X.509 stores can be added from certificate locations.", e);
					}

					// try to get the issuer certificate from one of the stores
					ISet<X509Certificate> issuers;
					try
					{
						issuers = PkixCertPathValidatorUtilities.FindIssuerCerts(tbvCert, pkixParams);
					}
					catch (Exception e)
					{
						throw new Exception("Cannot find issuer certificate for certificate in certification path.", e);
					}

					if (issuers.Count < 1)
						throw new Exception("No issuer certificate for certificate in certification path found.");

					foreach (X509Certificate issuer in issuers)
					{
						builderResult = Build(issuer, pkixParams, tbvPath);

						if (builderResult != null)
							break;
					}
				}
			}
			catch (Exception e)
			{
				certPathException = e;
			}

			if (builderResult == null)
			{
				tbvPath.Remove(tbvCert);
			}

			return builderResult;
		}
	}
}
#pragma warning restore
#endif