/// <summary>
/// Checks the status of the certificate against an OCSP server.
/// Updates the internal state with the result.
/// </summary>
/// <param name="revocationLookupClient">The OCSP client to use for the request</param>
/// <returns>Returns the check status</returns>
public RevocationResponse CheckRevocationStatus(IRevocationLookup revocationLookupClient)
{
RevocationResponse response = new RevocationResponse();
try
{
response = revocationLookupClient.CheckCertificate(x509Certificate);
if (response.Exception == null)
{
if (response.IsValid)
{
response.RevocationCheckStatus = RevocationCheckStatus.AllChecksPassed;
}
else
{
response.RevocationCheckStatus = RevocationCheckStatus.CertificateRevoked;
}
}
else
{
response.RevocationCheckStatus = RevocationCheckStatus.UnknownIssue;
}
}
catch (Exception e)
{
response.Exception = e;
response.RevocationCheckStatus = RevocationCheckStatus.UnknownIssue;
}
return(response);
}
private void Revocation(X509Certificate2 certificate)
{
// Create the OCSP client
RevocationLookupFactory revocationLookupFactory = new RevocationLookupFactory();
IRevocationLookup revocationClient = revocationLookupFactory.CreateRevocationLookupClient();
// Check the validity status of the certificate using OCSP
RevocationResponse revocationResponse = revocationClient.CheckCertificate(certificate);
// Print out info
Console.Write(" 3. Certificate status returned by RevocationLookup.\n Is valid: ");
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine(revocationResponse.IsValid.ToString());
Console.ForegroundColor = ConsoleColor.White;
// Make sure the cert was valid
if (!revocationResponse.IsValid)
{
throw new Exception("The certificate returned by RevocationLookup was not valid");
}
}
/// <summary>
/// Check if the certificate is revoked against ocsp server
/// </summary>
/// <param name="certificate">the certificate to check</param>
/// <returns>RevocationResponse object to store the result</returns>
/// <exception cref="CheckCertificateOcspUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception>
/// <exception cref="CertificateRevokedTimeoutException">This exception is thrown, if the call to Ocsp server takes longer time than the allowed timeout</exception>
/// <exception cref="CheckCertificateRevokedUnexpectedException">Thrown if an unexpected error occured</exception>
private RevocationResponse CheckCertificateRevocation(X509Certificate2 certificate)
{
RevocationResponse validityCheck = null;
try {
// Checks the certificate
validityCheck = _lookup.CheckCertificate(certificate);
} catch (ArgumentNullException) {
throw;
} catch (CryptographicUnexpectedOperationException) {
throw;
} catch (CryptographicException) {
throw;
} catch (ArithmeticException) {
throw;
} catch (CheckCertificateOcspUnexpectedException) {
throw;
} catch (CertificateRevokedTimeoutException) {
throw;
} catch (Exception e) {
throw new CheckCertificateRevokedUnexpectedException(e);
}
return(validityCheck);
}
private void TextCertificate()
{
string subject = string.Empty;
/* Production configuration */
// specifie the subject to test
// Production certificates valid
// subject = "CN = NemHandel test service (funktionscertifikat) + SERIALNUMBER = CVR:26769388-FID:1200406941690, O = IT- og Telestyrelsen // CVR:26769388, C = DK";
//subject = "SERIALNUMBER=CVR:30808460-FID:1320135775022 + CN=TEST FOCES1 (funktionscertifikat), O=DANID A/S // CVR:30808460, C=DK";
// Production certificates not valid
/* Test configuration */
//
// Test certificates valid
// subject = "CN = Testendpoint (funktionscertifikat) + SERIALNUMBER = CVR:26769388-FID:1208430425605, O = IT- og Telestyrelsen // CVR:26769388, C = DK";
//subject = "CN = Testendpoint (funktionscertifikat) + SERIALNUMBER = CVR:26769388-FID:1208430425605, O = IT- og Telestyrelsen // CVR:26769388, C = DK";
// Test certificates not valid
//subject = "CN = TU GENEREL FOCES gyldig (funktionscertifikat) + SERIALNUMBER = CVR:30808460-FID:94731315, O = Danid A/S // CVR:30808460, C = DK";
// subject = "CN=Navision (funktionscertifikat) + OID.2.5.4.5=CVR:23267519-FID:1257424251148, O=TIETGENSKOLEN // CVR:23267519, C=DK";
//subject = "CN = TEST FOCES1 (funktionscertifikat) + SERIALNUMBER = CVR:30808460-FID:1320135775022, O = DANID A/S // CVR:30808460, C = DK";
// not valid any more
//subject = "CN=TU GENEREL FOCES gyldig (funktionscertifikat) + SERIALNUMBER = CVR:30808460-FID:94731315, O = Danid A/S // CVR:30808460, C = DK";
// subject = "CN=TU GENEREL FOCES gyldig (funktionscertifikat) + SERIALNUMBER=CVR:30808460-FID:94731315, O=Danid A/S // CVR:30808460, C=DK";
// subject = "CN=FOCES1 (funktionscertifikat) + SERIALNUMBER=CVR:30808460-FID:1255692730737, O=DANID A/S // CVR:30808460, C=DK";
// subject = "CN=TU GENEREL MOCES gyldig + SERIALNUMBER=CVR:30808460-RID:45490598, O=Danid A/S // CVR:30808460, C=DK";
subject = "CN = mySupply NemHandel - Foces2 (funktionscertifikat) + SERIALNUMBER = CVR:32433030-FID:27705483, O = mySupply NemHandel // CVR:32433030, C = DK";
//subject = "SERIALNUMBER=CVR:34051178-FID:56940413 + CN=NemLog-in ADFS Test (funktionscertifikat), O=Digitaliseringsstyrelsen // CVR:34051178, C=DK";
// Now - retrive the certificate in LDAP, if the certificate is pressen...
CertificateSubject certificateSubject = new CertificateSubject(subject);
LdapLookupFactory ldapClientFactory = new LdapLookupFactory();
ICertificateLookup ldapClient = ldapClientFactory.CreateLdapLookupClient();
// Lookup the certificate using LDAP
X509Certificate2 certificate = ldapClient.GetCertificate(certificateSubject);
if (certificate != null)
{
Console.Write("Certificate whith subject ");
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Write(subject);
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" found in LDAP.");
// Validate that the certificate is valid in OCSP
RevocationLookupFactory revocationLookupFactory = new RevocationLookupFactory();
IRevocationLookup revocationClient = revocationLookupFactory.CreateRevocationLookupClient();
// Check the validity status of the certificate using OCSP
RevocationResponse revocationResponse = revocationClient.CheckCertificate(certificate);
if (revocationResponse.IsValid)
{
Console.ForegroundColor = ConsoleColor.Green;
Console.Write("Certificate valid in OCSP/CRL");
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.Write("Certificate not valid in OCSP/CRL");
}
}
else
{
Console.Write("Certificate whith subject ");
Console.ForegroundColor = ConsoleColor.Red;
Console.Write(subject);
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" NOT found in LDAP.");
}
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine();
Console.WriteLine("Press any key to exit.");
Console.ReadLine();
}
