Beispiel #1
0
 /// <summary>
 /// Enumerates the CAs which the eapConfig in question defines
 /// </summary>
 private static IEnumerable <X509Certificate2> EnumerateCAs(EapConfig eapConfig)
 {
     _ = eapConfig ?? throw new ArgumentNullException(paramName: nameof(eapConfig));
     return(eapConfig.AuthenticationMethods
            .Where(EduroamNetwork.IsAuthMethodSupported)
            .SelectMany(authMethod => authMethod.CertificateAuthoritiesAsX509Certificate2())
            .Where(CertificateStore.CertificateIsRootCA)
            .GroupBy(cert => cert.Thumbprint, (key, certs) => certs.FirstOrDefault()));             // distinct, alternative is to use DistinctBy in MoreLINQ
 }
Beispiel #2
0
        /// <summary>
        /// Checks the EAP config to see if there is any issues
        /// TODO: test this
        /// TODO: use this in ui
        /// </summary>
        /// <returns>A tuple on the form: (bool isCritical, string description)</returns>
        public static IEnumerable <ValueTuple <bool, string> > LookForWarningsInEapConfig(EapConfig eapConfig)
        {
            _ = eapConfig ?? throw new ArgumentNullException(paramName: nameof(eapConfig));

            if (!EduroamNetwork.IsEapConfigSupported(eapConfig))
            {
                yield return(true, "This configuration is not supported");

                yield break;
            }

            if (!eapConfig.AuthenticationMethods
                .Where(EduroamNetwork.IsAuthMethodSupported)
                .All(authMethod => authMethod.ServerCertificateAuthorities.Any()))
            {
                yield return(true, "This configuration is missing Certificate Authorities");
            }

            var CAs = EnumerateCAs(eapConfig).ToList();

            DateTime now            = DateTime.Now;
            bool     has_expired_ca = CAs
                                      .Any(caCert => caCert.NotAfter < now);

            bool has_a_yet_to_expire_ca = CAs
                                          .Any(caCert => now < caCert.NotAfter);

            bool has_valid_ca = CAs
                                .Where(caCert => now < caCert.NotAfter)
                                .Any(caCert => caCert.NotBefore < now);

            if (has_expired_ca)
            {
                yield return(has_valid_ca
                                        ? (false,
                                           "One of the provided Certificate Authorities from this institution has expired.\r\n" +
                                           "There might be some issues connecting to eduroam.")
                                        : (true,
                                           "The provided Certificate Authorities from this institution have all expired!\r\n" +
                                           "Please contact the institution to have the issue fixed!"));
            }
            else if (!has_valid_ca && has_a_yet_to_expire_ca)
            {
                DateTime earliest = CAs
                                    .Where(caCert => now < caCert.NotAfter)
                                    .Max(caCert => caCert.NotBefore);

                yield return(false,
                             "The Certificate Authorities in this configuration has yet to become valid.\r\n" +
                             "This configuration will become valid in " + (earliest - now).TotalMinutes + " minutes.");
            }
            else if (!has_valid_ca)
            {
                yield return(false,
                             "The Certificate Authorities in this configuration are not valid.");
            }

            CAs.ForEach(cert => cert.Dispose());
        }
Beispiel #3
0
 /// <summary>
 /// Enumerates the CAs which the eapConfig in question defines, wrapped a install helper class
 /// </summary>
 public static IEnumerable <CertificateInstaller> EnumerateCAInstallers(EapConfig eapConfig)
 {
     _ = eapConfig ?? throw new ArgumentNullException(paramName: nameof(eapConfig));
     return(EnumerateCAs(eapConfig)
            .Select(cert => new CertificateInstaller(cert, rootCaStoreName, rootCaStoreLocation)));
 }