/// <summary>
/// Add the specified timestamp token to the validate request.
/// </summary>
/// <param name="validateRequest"></param>
/// <param name="timeStampToken"></param>
private void addTimeStampToken(ValidateRequestType validateRequest, TimeStampToken timeStampToken)
{
TSAMessageExtensionType tsaMessageExtension = new TSAMessageExtensionType();
EncapsulatedPKIDataType timeStampTokenValue = new EncapsulatedPKIDataType();
timeStampTokenValue.Value = timeStampToken.GetEncoded();
tsaMessageExtension.EncapsulatedTimeStamp = timeStampTokenValue;
validateRequest.MessageExtension = new MessageExtensionAbstractType[] { tsaMessageExtension };
}
/// <summary>
/// Add revocation data either from list of OCSP response objects or list of X509 CRL objects
/// or from specified RevocationValuesType.
/// </summary>
/// <param name="validateRequest"></param>
/// <param name="ocspResponses"></param>
/// <param name="crls"></param>
/// <param name="revocationData"></param>
private void addRevocationData(ValidateRequestType validateRequest, List <OcspResp> ocspResponses,
List <X509Crl> crls, RevocationValuesType revocationData)
{
RevocationDataMessageExtensionType revocationDataMessageExtension =
new RevocationDataMessageExtensionType();
if (null != revocationData)
{
revocationDataMessageExtension.RevocationValues = revocationData;
}
else
{
RevocationValuesType revocationValues = new RevocationValuesType();
// OCSP
EncapsulatedPKIDataType[] ocspValues = new EncapsulatedPKIDataType[ocspResponses.Count];
int idx = 0;
foreach (OcspResp ocspResponse in ocspResponses)
{
EncapsulatedPKIDataType ocspValue = new EncapsulatedPKIDataType();
ocspValue.Value = ocspResponse.GetEncoded();
ocspValues[idx++] = ocspValue;
}
revocationValues.OCSPValues = ocspValues;
// CRL
EncapsulatedPKIDataType[] crlValues = new EncapsulatedPKIDataType[crls.Count];
idx = 0;
foreach (X509Crl crl in crls)
{
EncapsulatedPKIDataType crlValue = new EncapsulatedPKIDataType();
crlValue.Value = crl.GetEncoded();
crlValues[idx++] = crlValue;
}
revocationValues.CRLValues = crlValues;
revocationDataMessageExtension.RevocationValues = revocationValues;
}
validateRequest.MessageExtension =
new MessageExtensionAbstractType[] { revocationDataMessageExtension };
}
/// <summary>
/// Add revocation data either from list of OCSP response objects or list of X509 CRL objects
/// or from specified RevocationValuesType.
/// </summary>
/// <param name="validateRequest"></param>
/// <param name="ocspResponses"></param>
/// <param name="crls"></param>
/// <param name="revocationData"></param>
private void addRevocationData(ValidateRequestType validateRequest, List<OcspResp> ocspResponses,
List<X509Crl> crls, RevocationValuesType revocationData)
{
RevocationDataMessageExtensionType revocationDataMessageExtension =
new RevocationDataMessageExtensionType();
if (null != revocationData)
{
revocationDataMessageExtension.RevocationValues = revocationData;
}
else
{
RevocationValuesType revocationValues = new RevocationValuesType();
// OCSP
EncapsulatedPKIDataType[] ocspValues = new EncapsulatedPKIDataType[ocspResponses.Count];
int idx = 0;
foreach (OcspResp ocspResponse in ocspResponses)
{
EncapsulatedPKIDataType ocspValue = new EncapsulatedPKIDataType();
ocspValue.Value = ocspResponse.GetEncoded();
ocspValues[idx++] = ocspValue;
}
revocationValues.OCSPValues = ocspValues;
// CRL
EncapsulatedPKIDataType[] crlValues = new EncapsulatedPKIDataType[crls.Count];
idx = 0;
foreach (X509Crl crl in crls)
{
EncapsulatedPKIDataType crlValue = new EncapsulatedPKIDataType();
crlValue.Value = crl.GetEncoded();
crlValues[idx++] = crlValue;
}
revocationValues.CRLValues = crlValues;
revocationDataMessageExtension.RevocationValues = revocationValues;
}
validateRequest.MessageExtension =
new MessageExtensionAbstractType[] { revocationDataMessageExtension };
}
/// <summary>
/// Add the specified timestamp token to the validate request.
/// </summary>
/// <param name="validateRequest"></param>
/// <param name="timeStampToken"></param>
private void addTimeStampToken(ValidateRequestType validateRequest, TimeStampToken timeStampToken)
{
TSAMessageExtensionType tsaMessageExtension = new TSAMessageExtensionType();
EncapsulatedPKIDataType timeStampTokenValue = new EncapsulatedPKIDataType();
timeStampTokenValue.Value = timeStampToken.GetEncoded();
tsaMessageExtension.EncapsulatedTimeStamp = timeStampTokenValue;
validateRequest.MessageExtension = new MessageExtensionAbstractType[] { tsaMessageExtension };
}
/// <summary>
/// Add the specified list of encoded attribute certificates to the validate request.
/// </summary>
/// <param name="validateRequest"></param>
/// <param name="attributeCertificates"></param>
private void addAttributeCertificates(ValidateRequestType validateRequest, EncapsulatedPKIDataType[] attributeCertificates)
{
AttributeCertificateMessageExtensionType attributeCertificateMessageExtension =
new AttributeCertificateMessageExtensionType();
attributeCertificateMessageExtension.CertifiedRoles = attributeCertificates;
validateRequest.MessageExtension = new MessageExtensionAbstractType[] { attributeCertificateMessageExtension };
}
/*
* Validation
*/
private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
public void validate(string trustDomain, List<Org.BouncyCastle.X509.X509Certificate> certificateChain,
EncapsulatedPKIDataType[] attributeCertificates)
{
validate(certificateChain, trustDomain, false, DateTime.MinValue, null, null, null, null, attributeCertificates);
}
