/*
* Validation
*/
private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
/*
* Validation
*/
private void validate(List <Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
bool returnRevocationData, DateTime validationDate, List <OcspResp> ocspResponses, List <X509Crl> crls,
RevocationValuesType revocationValues, TimeStampToken timeStampToken,
EncapsulatedPKIDataType[] attributeCertificates)
{
// setup the client
setupClient();
// validate
ValidateRequestType validateRequest = new ValidateRequestType();
QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
KeyInfoType keyInfo = new KeyInfoType();
X509DataType x509Data = new X509DataType();
x509Data.Items = new object[certificateChain.Count];
x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
int idx = 0;
foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
{
x509Data.Items[idx] = certificate.GetEncoded();
x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
idx++;
}
keyInfo.Items = new object[] { x509Data };
keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
queryKeyBinding.KeyInfo = keyInfo;
validateRequest.QueryKeyBinding = queryKeyBinding;
/*
* Set optional trust domain
*/
if (null != trustDomain)
{
UseKeyWithType useKeyWith = new UseKeyWithType();
useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
useKeyWith.Identifier = trustDomain;
queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
}
/*
* Add timestamp token for TSA validation
*/
if (null != timeStampToken)
{
addTimeStampToken(validateRequest, timeStampToken);
}
/*
* Add attribute certificates
*/
if (null != attributeCertificates)
{
addAttributeCertificates(validateRequest, attributeCertificates);
}
/*
* Set if used revocation data should be returned or not
*/
if (returnRevocationData)
{
validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
}
/*
* Historical validation, add the revocation data to the request
*/
if (!validationDate.Equals(DateTime.MinValue))
{
TimeInstantType timeInstant = new TimeInstantType();
timeInstant.Time = validationDate;
queryKeyBinding.TimeInstant = timeInstant;
addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
}
/*
* Validate
*/
ValidateResultType validateResult = client.Validate(validateRequest);
/*
* Check result
*/
checkResponse(validateResult);
/*
* Set the optionally requested revocation data
*/
if (returnRevocationData)
{
foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
{
if (messageExtension is RevocationDataMessageExtensionType)
{
this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
}
}
if (null == this.revocationValues)
{
throw new RevocationDataNotFoundException();
}
}
/*
* Store reason URIs
*/
foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
{
if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
{
return;
}
foreach (string reason in keyBinding.Status.InvalidReason)
{
this.invalidReasonURIs.AddLast(reason);
}
throw new ValidationFailedException(this.invalidReasonURIs);
}
}
