Provides access to an X509 CRL object.
Inheritance: IDisposable
Beispiel #1
0
        /// <summary>
        /// Removes a CRL from the store.
        /// </summary>
        public bool DeleteCRL(X509CRL crl)
        {
            if (crl == null)
            {
                throw new ArgumentNullException("crl");
            }

            string filePath = m_directory.FullName;

            filePath += Path.DirectorySeparatorChar + "crl";

            DirectoryInfo dirInfo = new DirectoryInfo(filePath);

            if (dirInfo.Exists)
            {
                foreach (FileInfo fileInfo in dirInfo.GetFiles("*.crl"))
                {
                    if (fileInfo.Length == crl.RawData.Length)
                    {
                        byte[] bytes = File.ReadAllBytes(fileInfo.FullName);

                        if (Utils.IsEqual(bytes, crl.RawData))
                        {
                            fileInfo.Delete();
                            return(true);
                        }
                    }
                }
            }

            return(false);
        }
Beispiel #2
0
        /// <summary>
        /// Imports a new CRL for group id.
        /// </summary>
        public async Task ImportIssuerCACrl(string id, X509Certificate2 certificate, Opc.Ua.X509CRL crl, CancellationToken ct = default)
        {
            try
            {
                string           secretIdentifier = CrlSecretName(id, certificate.Thumbprint);
                SecretAttributes secretAttributes = new SecretAttributes()
                {
                    Enabled   = true,
                    NotBefore = crl.UpdateTime
                };

                // do not set tag for a CRL, the CA cert is already tagged.

                var result = await _keyVaultClient.SetSecretAsync(
                    _vaultBaseUrl,
                    secretIdentifier,
                    Convert.ToBase64String(crl.RawData),
                    null,
                    ContentTypeCrl,
                    secretAttributes,
                    ct)
                             .ConfigureAwait(false);
            }
            catch (Exception)
            {
                // TODO: add logging (is this a fatal error?)
            }
        }
Beispiel #3
0
        /// <summary>
        /// Gets the CRL file paths.
        /// </summary>
        /// <param name="thumbprint">The certificate thumbprint.</param>
        /// <returns></returns>
        public string[] GetCrlFilePaths(string thumbprint)
        {
            List <string> filePaths = new List <string>();

            Entry entry = Find(thumbprint);

            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            foreach (FileInfo file in info.GetFiles("*.crl"))
            {
                X509CRL crl = null;

                try
                {
                    crl = new X509CRL(file.FullName);
                }
                catch (Exception e)
                {
                    Utils.Trace(e, "Could not parse CRL file.");
                    continue;
                }

                if (!Utils.CompareDistinguishedName(crl.Issuer, entry.Certificate.Subject))
                {
                    continue;
                }

                filePaths.Add(file.FullName);
            }

            return(filePaths.ToArray());
        }
Beispiel #4
0
        /// <summary>
        /// Adds a CRL to the store.
        /// </summary>
        public void AddCRL(X509CRL crl)
        {
            if (crl == null)
            {
                throw new ArgumentNullException("crl");
            }

            X509Certificate2           issuer       = null;
            X509Certificate2Collection certificates = null;

            certificates = Enumerate().Result;
            foreach (X509Certificate2 certificate in certificates)
            {
                if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer))
                {
                    if (crl.VerifySignature(certificate, false))
                    {
                        issuer = certificate;
                        break;
                    }
                }
            }

            if (issuer == null)
            {
                throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL.");
            }

            StringBuilder builder = new StringBuilder();

            builder.Append(m_directory.FullName);

            builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar);
            builder.Append(GetFileName(issuer));
            builder.Append(".crl");

            FileInfo fileInfo = new FileInfo(builder.ToString());

            if (!fileInfo.Directory.Exists)
            {
                fileInfo.Directory.Create();
            }

            File.WriteAllBytes(fileInfo.FullName, crl.RawData);
        }
Beispiel #5
0
        /// <summary>
        /// Returns the CRLs in the store.
        /// </summary>
        public virtual List <X509CRL> EnumerateCRLs()
        {
            List <X509CRL> crls = new List <X509CRL>();

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            if (info.Exists)
            {
                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = new X509CRL(file.FullName);
                    crls.Add(crl);
                }
            }

            return(crls);
        }
        /// <inheritdoc/>
        public Task <X509CRLCollection> EnumerateCRLs()
        {
            var crls = new X509CRLCollection();

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            if (info.Exists)
            {
                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = new X509CRL(file.FullName);
                    crls.Add(crl);
                }
            }

            return(Task.FromResult(crls));
        }
Beispiel #7
0
        /// <summary>
        /// Returns the CRLs for the issuer.
        /// </summary>
        public List <X509CRL> EnumerateCRLs(X509Certificate2 issuer)
        {
            if (issuer == null)
            {
                throw new ArgumentNullException("issuer");
            }

            List <X509CRL> crls = new List <X509CRL>();

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + "\\crl");

            if (info.Exists)
            {
                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = new X509CRL(file.FullName);

                    if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
                    {
                        continue;
                    }

                    if (!crl.VerifySignature(issuer, false))
                    {
                        continue;
                    }

                    if (crl.UpdateTime <= DateTime.UtcNow &&
                        (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
                    {
                        crls.Add(crl);
                    }
                }
            }

            return(crls);
        }
        /// <summary>
        /// Returns the CRLs for the issuer.
        /// </summary>
        public List<X509CRL> EnumerateCRLs(X509Certificate2 issuer)
        {
            if (issuer == null)
            {
                throw new ArgumentNullException("issuer");
            }

            List<X509CRL> crls = new List<X509CRL>();

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            if (info.Exists)
            {
                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = new X509CRL(file.FullName);

                    if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
                    {
                        continue;
                    }

                    if (!crl.VerifySignature(issuer, false))
                    {
                        continue;
                    }

                    if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
                    {
                        crls.Add(crl);
                    }
                }
            }

            return crls;
        }
Beispiel #9
0
        /// <summary>
        /// Checks if issuer has revoked the certificate.
        /// </summary>
        public virtual StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate)
        {
            if (issuer == null)
            {
                throw new ArgumentNullException("issuer");
            }

            if (certificate == null)
            {
                throw new ArgumentNullException("certificate");
            }

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            if (info.Exists)
            {
                bool crlExpired = true;

                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = null;

                    try
                    {
                        crl = new X509CRL(file.FullName);
                    }
                    catch (Exception e)
                    {
                        Utils.Trace(e, "Could not parse CRL file.");
                        continue;
                    }

                    if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
                    {
                        continue;
                    }

                    if (!crl.VerifySignature(issuer, false))
                    {
                        continue;
                    }

                    if (crl.IsRevoked(certificate))
                    {
                        return(StatusCodes.BadCertificateRevoked);
                    }

                    if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
                    {
                        crlExpired = false;
                    }
                }

                // certificate is fine.
                if (!crlExpired)
                {
                    return(StatusCodes.Good);
                }
            }

            // can't find a valid CRL.
            return(StatusCodes.BadCertificateRevocationUnknown);
        }
 /// <summary>
 /// Removes a CRL from the store.
 /// </summary>
 public bool DeleteCRL(X509CRL crl)
 {
     throw new ServiceResultException(StatusCodes.BadNotSupported);
 }
 /// <summary>
 /// Adds a CRL to the store.
 /// </summary>
 public void AddCRL(X509CRL crl)
 {
     throw new ServiceResultException(StatusCodes.BadNotSupported);
 }
 /// <summary>
 /// Removes a CRL from the store.
 /// </summary>
 public bool DeleteCRL(X509CRL crl)
 {
     throw new ServiceResultException(StatusCodes.BadNotSupported);
 }
 /// <summary>
 /// Adds a CRL to the store.
 /// </summary>
 public void AddCRL(X509CRL crl)
 {
     throw new ServiceResultException(StatusCodes.BadNotSupported);
 }
        /// <summary>
        /// Removes a CRL from the store.
        /// </summary>
        public bool DeleteCRL(X509CRL crl)
        {
            if (crl == null)
            {
                throw new ArgumentNullException("crl");
            }

            string filePath = m_directory.FullName;
            filePath += Path.DirectorySeparatorChar + "crl";

            DirectoryInfo dirInfo = new DirectoryInfo(filePath);

            if (dirInfo.Exists)
            {
                foreach (FileInfo fileInfo in dirInfo.GetFiles("*.crl"))
                {
                    if (fileInfo.Length == crl.RawData.Length)
                    {
                        byte[] bytes = File.ReadAllBytes(fileInfo.FullName);

                        if (Utils.IsEqual(bytes, crl.RawData))
                        {
                            fileInfo.Delete();
                            return true;
                        }
                    }
                }
            }

            return false;
        }
        /// <summary>
        /// Adds a CRL to the store.
        /// </summary>
        public void AddCRL(X509CRL crl)
        {
            if (crl == null)
            {
                throw new ArgumentNullException("crl");
            }

            X509Certificate2 issuer = null;
            X509Certificate2Collection certificates = null;
            Task.Run( async () => certificates = await Enumerate()).Wait();
            foreach (X509Certificate2 certificate in certificates)
            {
                if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer))
                {
                    if (crl.VerifySignature(certificate, false))
                    {
                        issuer = certificate;
                        break;
                    }
                }
            }

            if (issuer == null)
            {
                throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL.");
            }

            StringBuilder builder = new StringBuilder();
            builder.Append(m_directory.FullName);
            
            builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar);
            builder.Append(GetFileName(issuer));
            builder.Append(".crl");

            FileInfo fileInfo = new FileInfo(builder.ToString());

            if (!fileInfo.Directory.Exists)
            {
                fileInfo.Directory.Create();
            }

            File.WriteAllBytes(fileInfo.FullName, crl.RawData);
        }
        /// <summary>
        /// Returns the CRLs in the store.
        /// </summary>
        public List<X509CRL> EnumerateCRLs()
        {
            List<X509CRL> crls = new List<X509CRL>();

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            if (info.Exists)
            {
                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = new X509CRL(file.FullName);
                    crls.Add(crl);
                }
            }

            return crls;
        }
        /// <summary>
        /// Checks if issuer has revoked the certificate.
        /// </summary>
        public StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate)
        {
            if (issuer == null)
            {
                throw new ArgumentNullException("issuer");
            }

            if (certificate == null)
            {
                throw new ArgumentNullException("certificate");
            }

            // check for CRL.
            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            if (info.Exists)
            {
                bool crlExpired = true;

                foreach (FileInfo file in info.GetFiles("*.crl"))
                {
                    X509CRL crl = null;

                    try
                    {
                        crl = new X509CRL(file.FullName);
                    }
                    catch (Exception e)
                    {
                        Utils.Trace(e, "Could not parse CRL file.");
                        continue;
                    }

                    if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
                    {
                        continue;
                    }

                    if (!crl.VerifySignature(issuer, false))
                    {
                        continue;
                    }

                    if (crl.IsRevoked(certificate))
                    {
                        return StatusCodes.BadCertificateRevoked;
                    }

                    if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
                    {
                        crlExpired = false;
                    }
                }

                // certificate is fine.
                if (!crlExpired)
                {
                    return StatusCodes.Good;
                }
            }

            // can't find a valid CRL.
            return StatusCodes.BadCertificateRevocationUnknown;
        }
        /// <summary>
        /// Gets the CRL file paths.
        /// </summary>
        /// <param name="thumbprint">The certificate thumbprint.</param>
        /// <returns></returns>
        public string[] GetCrlFilePaths(string thumbprint)
        {
            List<string> filePaths = new List<string>();

            Entry entry = Find(thumbprint);

            DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");

            foreach (FileInfo file in info.GetFiles("*.crl"))
            {
                X509CRL crl = null;

                try
                {
                    crl = new X509CRL(file.FullName);
                }
                catch (Exception e)
                {
                    Utils.Trace(e, "Could not parse CRL file.");
                    continue;
                }

                if (!Utils.CompareDistinguishedName(crl.Issuer, entry.Certificate.Subject))
                {
                    continue;
                }

                filePaths.Add(file.FullName);
            }

            return filePaths.ToArray();
        }