/// <summary> /// Constructs an instance specifying a certificate chain validator. /// </summary> /// <param name="validator">The <see cref="TrustChainValidator"/> to use in validating certificate chains</param> /// <param name="policyResolver">The <see cref="IPolicyResolver"/> to use in resolving policies.</param> /// <param name="policyFilter">The <see cref="IPolicyFilter"/> to use in validating certificate against policies</param> public TrustModel(TrustChainValidator validator, IPolicyResolver policyResolver, IPolicyFilter policyFilter) { if (validator == null) { throw new ArgumentNullException("validator"); } m_certChainValidator = validator; m_trustPolicyResolver = policyResolver; m_policyFilter = policyFilter; }
/// <summary> /// Constructs an instance specifying a certificate chain validator. /// </summary> /// <param name="validator">The <see cref="TrustChainValidator"/> to use in validating certificate chains</param> /// <param name="policyResolver">The <see cref="IPolicyResolver"/> to use in resolving policies.</param> /// <param name="policyFilter">The <see cref="IPolicyFilter"/> to use in validating certificate against policies</param> public TrustModel(TrustChainValidator validator, IPolicyResolver policyResolver, IPolicyFilter policyFilter) { if (validator == null) { throw new ArgumentNullException("validator"); } m_certChainValidator = validator; m_trustPolicyResolver = policyResolver; m_policyFilter = policyFilter; }
/// <summary> /// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and /// trust and cryptography models. /// </summary> /// <param name="domainResolver"> /// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent. /// </param> /// <param name="privateCerts"> /// An <see cref="ICertificateResolver"/> instance providing private certificates /// for senders of outgoing messages and receivers of incoming messages. /// </param> /// <param name="publicCerts"> /// An <see cref="ICertificateResolver"/> instance providing public certificates /// for receivers of outgoing messages and senders of incoming messages. /// </param> /// <param name="anchors"> /// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors. /// </param> /// <param name="trustModel"> /// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model. /// </param> /// <param name="cryptographer"> /// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model. /// </param> /// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts , ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer, ICertPolicyResolvers certPolicyResolvers, IPolicyFilter policyFilter) { m_managedDomains = new AgentDomains(domainResolver); if (privateCerts == null) { throw new ArgumentNullException("privateCerts"); } if (publicCerts == null) { throw new ArgumentNullException("publicCerts"); } if (anchors == null) { throw new ArgumentNullException("anchors"); } if (trustModel == null) { throw new ArgumentNullException("trustModel"); } if (cryptographer == null) { throw new ArgumentNullException("cryptographer"); } m_privateCertResolver = privateCerts; m_publicCertResolver = publicCerts; m_cryptographer = cryptographer; m_trustAnchors = anchors; m_trustModel = trustModel; if (!m_trustModel.CertChainValidator.HasCertificateResolver) { m_trustModel.CertChainValidator.IssuerResolver = m_publicCertResolver; } m_minTrustRequirement = TrustEnforcementStatus.Success; m_privatePolicyResolver = certPolicyResolvers.PrivateResolver; m_publicPolicyResolver = certPolicyResolvers.PublicResolver; m_policyFilter = policyFilter; }
/// <summary> /// Creates a agent from settings. /// </summary> /// <returns>The configured agent instance.</returns> public DirectAgent CreateAgent() { this.Validate(); ICertificateResolver privateCerts = this.PrivateCerts.CreateResolver(); ICertificateResolver publicCerts = this.PublicCerts.CreateResolver(); ITrustAnchorResolver trustAnchors = this.Anchors.Resolver.CreateResolver(); ICertPolicyResolvers certPolicyResolvers = GetPolicyResolvers(); IPolicyFilter policyFilter = PolicyFilter.Default; TrustModel trustModel = (this.Trust != null) ? this.Trust.CreateTrustModel(certPolicyResolvers.TrustResolver, policyFilter) : TrustModel.Default; SMIMECryptographer cryptographer = this.Cryptographer.Create(); IDomainResolver domainResolver = this.CreateResolver(); DirectAgent agent = new DirectAgent(domainResolver, privateCerts, publicCerts, trustAnchors, trustModel, cryptographer, certPolicyResolvers, policyFilter); agent.AllowNonWrappedIncoming = m_allowNonWrappedIncoming; agent.WrapMessages = m_wrapOutgoing; return(agent); }
/// <summary> /// Resolve incoming public policies base on recipient /// Any negative policy will retturn an uncompliant result. /// No policies will result in compliance. /// </summary> /// <param name="recipient">Incoming messages are sent to the recipent</param> /// <param name="cert">Signing cert</param> /// <param name="policyFilter">The <see cref="IPolicyFilter"/> to use in validating certificate against policies</param> public bool IsCertPolicyCompliant(MailAddress recipient, X509Certificate2 cert, IPolicyFilter policyFilter = null) { bool isCompliant = true; // apply the policy if it exists if (m_trustPolicyResolver != null) { IList <IPolicyExpression> expressions = m_trustPolicyResolver.GetIncomingPolicy(recipient); foreach (var expression in expressions) { try { // check for compliance if (policyFilter.IsCompliant(cert, expression)) { continue; } isCompliant = false; break; } catch (PolicyRequiredException) { isCompliant = false; break; } catch (PolicyProcessException ppe) { throw new AgentException(AgentError.InvalidPolicy, ppe); } } } return(isCompliant); }
/// <summary> /// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and /// and defaulting to the standard trust and cryptography models. /// </summary> /// <param name="domainResolver"> /// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent. /// </param> /// <param name="privateCerts"> /// An <see cref="ICertificateResolver"/> instance providing private certificates /// for senders of outgoing messages and receivers of incoming messages. /// </param> /// <param name="publicCerts"> /// An <see cref="ICertificateResolver"/> instance providing public certificates /// for receivers of outgoing messages and senders of incoming messages. /// </param> /// <param name="anchors"> /// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors. /// </param> /// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param> public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors , ICertPolicyResolvers certPolicyResolvers, IPolicyFilter polciyFilter) : this(domainResolver, privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default, certPolicyResolvers, polciyFilter) { }
/// <summary> /// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and /// trust and cryptography models. /// </summary> /// <param name="domainResolver"> /// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent. /// </param> /// <param name="privateCerts"> /// An <see cref="ICertificateResolver"/> instance providing private certificates /// for senders of outgoing messages and receivers of incoming messages. /// </param> /// <param name="publicCerts"> /// An <see cref="ICertificateResolver"/> instance providing public certificates /// for receivers of outgoing messages and senders of incoming messages. /// </param> /// <param name="anchors"> /// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors. /// </param> /// <param name="trustModel"> /// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model. /// </param> /// <param name="cryptographer"> /// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model. /// </param> /// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts , ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer, ICertPolicyResolvers certPolicyResolvers, IPolicyFilter policyFilter) { m_managedDomains = new AgentDomains(domainResolver); if (privateCerts == null) { throw new ArgumentNullException("privateCerts"); } if (publicCerts == null) { throw new ArgumentNullException("publicCerts"); } if (anchors == null) { throw new ArgumentNullException("anchors"); } if (trustModel == null) { throw new ArgumentNullException("trustModel"); } if (cryptographer == null) { throw new ArgumentNullException("cryptographer"); } m_privateCertResolver = privateCerts; m_publicCertResolver = publicCerts; m_cryptographer = cryptographer; m_trustAnchors = anchors; m_trustModel = trustModel; if (!m_trustModel.CertChainValidator.HasCertificateResolver) { m_trustModel.CertChainValidator.IssuerResolver = m_publicCertResolver; } m_minTrustRequirement = TrustEnforcementStatus.Success; m_privatePolicyResolver = certPolicyResolvers.PrivateResolver; m_publicPolicyResolver = certPolicyResolvers.PublicResolver; m_policyFilter = policyFilter; }
/// <summary> /// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and /// and defaulting to the standard trust and cryptography models. /// </summary> /// <param name="domainResolver"> /// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent. /// </param> /// <param name="privateCerts"> /// An <see cref="ICertificateResolver"/> instance providing private certificates /// for senders of outgoing messages and receivers of incoming messages. /// </param> /// <param name="publicCerts"> /// An <see cref="ICertificateResolver"/> instance providing public certificates /// for receivers of outgoing messages and senders of incoming messages. /// </param> /// <param name="anchors"> /// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors. /// </param> /// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param> /// <param name="polciyFilter"></param> public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors , ICertPolicyResolvers certPolicyResolvers, IPolicyFilter polciyFilter) : this(domainResolver, privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default, certPolicyResolvers, polciyFilter) { }
/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter) { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach(X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return trustModel; }