Org.BouncyCastle.X509.X509Certificate.GetExtendedKeyUsage C# (CSharp) Method

X509Certificate Class Documentation Usage Examples Of Org.BouncyCastle.X509.X509Certificate::GetExtendedKeyUsage Show file Open project: nonorganic/dssnet

GetExtendedKeyUsage() public method

public GetExtendedKeyUsage ( ) : IList
return IList 
        public virtual IList GetExtendedKeyUsage()
        {
            Asn1OctetString str = this.GetExtensionValue(new DerObjectIdentifier("2.5.29.37"));

            if (str == null)
                return null;

            try
            {
                Asn1Sequence seq = Asn1Sequence.GetInstance(
                    X509ExtensionUtilities.FromExtensionValue(str));

                IList list = Platform.CreateArrayList();

                foreach (DerObjectIdentifier oid in seq)
                {
                    list.Add(oid.Id);
                }

                return list;
            }
            catch (Exception e)
            {
                throw new CertificateParsingException("error processing extended key usage extension", e);
            }
        }

Usage Example

Example #1
0
        private static X509Certificate2 CheckSigner(this TimeStampToken tst, Timestamp value)
        {
            BC.X509Certificate signerBc = tst.GetSigner();
            if (signerBc == null)
            {
                trace.TraceEvent(TraceEventType.Warning, 0, "The signer of the time-stamp {0} isn't found", tst.TimeStampInfo.SerialNumber);
                X509CertificateHelper.AddErrorStatus(value.TimestampStatus, null, X509ChainStatusFlags.NotSignatureValid, "Signer not found");
                return(null);
            }

            //check the signature
            try
            {
                tst.Validate(signerBc);
            }
            catch (Exception e)
            {
                trace.TraceEvent(TraceEventType.Warning, 0, "The signature from {1} of the time-stamp {0} is invalid: {2}", tst.TimeStampInfo.SerialNumber, signerBc.SubjectDN, e.Message);
                X509CertificateHelper.AddErrorStatus(value.TimestampStatus, null, X509ChainStatusFlags.NotSignatureValid, "Time-stamp not signed by indicated certificate: " + e.Message);
            }

            //check if the certificate may be used for time-stamping
            IList signerExtKeyUsage = signerBc.GetExtendedKeyUsage();

            if (!signerExtKeyUsage.Contains("1.3.6.1.5.5.7.3.8"))
            {
                trace.TraceEvent(TraceEventType.Warning, 0, "The signer {1} of the time-stamp {0} isn't allowed to sign timestamps", tst.TimeStampInfo.SerialNumber, signerBc.SubjectDN);
                X509CertificateHelper.AddErrorStatus(value.TimestampStatus, null, X509ChainStatusFlags.NotSignatureValid, "The certificate may not be used for timestamps");
            }

            return(new X509Certificate2(signerBc.GetEncoded()));
        }
All Usage Examples Of Org.BouncyCastle.X509.X509Certificate::GetExtendedKeyUsage
X509Certificate
CheckSignature
CheckValidity
Equals
GetAlternativeNames
GetBasicConstraints
GetEncoded
GetExtendedKeyUsage
GetHashCode
GetIssuerAlternativeNames
GetKeyUsage
GetPublicKey
GetSigAlgParams
GetSignature
GetSubjectAlternativeNames
GetTbsCertificate
GetX509Extensions
IsAlgIDEqual
IsValid
ToString
Verify
X509Certificate