Add API for multiple CRL distribution points (#1504)

fixes #1475 Co-authored-by: symarchand <sylvain.marchand@capgemini.com>
OPCFoundation · Sep 13, 2021 · dad6bcd · dad6bcd
1 parent a4bf0ab
commit dad6bcd
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/Libraries/Opc.Ua.Security.Certificates/Extensions/X509Extensions.cs b/Libraries/Opc.Ua.Security.Certificates/Extensions/X509Extensions.cs
@@ -28,6 +28,7 @@
  * ======================================================================*/
 
 using System;
+using System.Collections.Generic;
 using System.Formats.Asn1;
 using System.Linq;
 using System.Numerics;
@@ -155,8 +156,17 @@ public static class X509Extensions
         /// </summary>
         /// <param name="distributionPoint">The CRL distribution point</param>
         public static X509Extension BuildX509CRLDistributionPoints(
-            string distributionPoint
-            )
+            string distributionPoint)
+        {
+            return BuildX509CRLDistributionPoints(new string[] { distributionPoint });
+        }
+
+        /// <summary>
+        /// Build the CRL Distribution Point extension with multiple distribution points.
+        /// </summary>
+        /// <param name="distributionPoints">The CRL distribution points</param>
+        public static X509Extension BuildX509CRLDistributionPoints(
+            IEnumerable<string> distributionPoints)
         {
             var context0 = new Asn1Tag(TagClass.ContextSpecific, 0, true);
             Asn1Tag distributionPointChoice = context0;
@@ -167,11 +177,14 @@ string distributionPoint
             writer.PushSequence();
             writer.PushSequence(distributionPointChoice);
             writer.PushSequence(fullNameChoice);
-            writer.WriteCharacterString(
-                UniversalTagNumber.IA5String,
-                distributionPoint,
-                generalNameUriChoice
-                );
+            foreach (string distributionPoint in distributionPoints)
+            {
+                writer.WriteCharacterString(
+                    UniversalTagNumber.IA5String,
+                    distributionPoint,
+                    generalNameUriChoice
+                    );
+            }
             writer.PopSequence(fullNameChoice);
             writer.PopSequence(distributionPointChoice);
             writer.PopSequence();

diff --git a/Tests/Opc.Ua.Security.Certificates.Tests/CertificateTestsForECDsa.cs b/Tests/Opc.Ua.Security.Certificates.Tests/CertificateTestsForECDsa.cs
@@ -191,7 +191,7 @@ ECCurveHashPair ecCurveHashPair
             var cert = CertificateBuilder.Create(Subject)
                 .SetCAConstraint()
                 .SetHashAlgorithm(ecCurveHashPair.HashAlgorithmName)
-                .AddExtension(X509Extensions.BuildX509CRLDistributionPoints("http://myca/mycert.crl"))
+                .AddExtension(X509Extensions.BuildX509CRLDistributionPoints(new string[] { "http://myca/mycert.crl", "http://myaltca/mycert.crl" }))
                 .SetECCurve(ecCurveHashPair.Curve)
                 .CreateForECDsa();
             Assert.NotNull(cert);