Read X.509 Certificate Revocation List (CRL) by programming (I) Application bouncy castle crypto

Source: Internet
Author: User

After the certificate with the X.509 structure is revoked, the serial number will appear in the Certificate Revocation List (CRL). We can save it as one. CRL file, you can view the information of the revoked certificate,. net Framework does not provide classes that can access the attributes of CRL (x509crl is provided in Java). To implement such a function, we need to use. net Framework: Bouncy castle crypto or mono SDK.

First, we will introduce how to use bouncy castle crypto (version 1.4) to read X.509 certificates and revoke the list.

Bouncy castle Crypto is an open-source encryption/Decryption framework ,:

Http://www.bouncycastle.org/csharp/download/bccrypto-net-1.4-bin.zip

First, add the namespace where the X.509 Certificate is located:

Using Org. bouncycastle. X509;

 

Several related classes:

X509crlparserIt is used to construct a crl object and supports retrieving data from byte arrays and memory streams.

X509crlCRL object, including certificate revocation organization, Certificate Revocation List, timestamp, and other information.

X509crlentryThe certificate object revoked from the CRL object.

IsetIn org. bouncycastle. Utilities. Collections, all certificate objects read from x509crl are placed in hashset and returned as Iset interface type. hashset supports iterator.

The following is an example of reading CRL:

// Get OBJ
List < Int > Numbers =   New List < Int > ();

X509crlparser parser =   New X509crlparser ();
X509crl = Parser. readcrl (( Byte []) OBJ );
// Obtain all revocation certificates
Iset crlset = CRL. getrevokedcertificates ();
If (Crlset ! =   Null   && Crlset. Count >   0 )
{
Foreach ( Object O In Crlset)
{
X509crlentry crlentry = (X509crlentry) O;
Int Serialnumber = Crlentry. serialnumber. intvalue;
If ( ! Numbers. Contains (serialnumber ))
{
Numbers. Add (serialnumber );
}
}
}

 

X509crlentry. serialnumber. intvalue outputs the serial number of the hexadecimal certificate as int32.

In addition, we will mention the differences between the x509certificate class of BC crypto and the x509certificate2 class under. NET Framework:

When x509certificate2 outputs the certificate DN information, the attribute subjectname is to sort the personal information in ascending order (name-organization-city-province-country), while the BC crypto x509certificate uses the subjectdn attribute, sort personal information in ascending order. The city id is St ,. net is S. If you need to generate an organizational structure based on the certificate, pay special attention to this.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.