/// <summary> /// Create a new voting procedure. /// </summary> /// <param name="logger">Logs messages to file.</param> /// <param name="DataAccess.DbConnection">Connection to the database.</param> /// <param name="parameters">Voting parameters.</param> /// <param name="rootCertificate">Certificate storage.</param> public VotingServerEntity( VotingRpcServer server, Signed<VotingParameters> signedParameters, ICertificateStorage certificateStorage, ServerCertificate serverCertificate) : this(server, signedParameters, certificateStorage, serverCertificate, VotingStatus.New) { this.lastProcessTime = DateTime.Now; }
public CertificateUpdater(ILoggerFactory loggerFactory, ICertificateStorage pemKeyStorage, IOptions <CertificateUpdaterConfiguration> certificateUpdaterOptions, IOptions <LetsEncryptConfiguration> letsEncryptOptions, IOptions <DuckDnsConfiguration> duckDnsOptions) { Logger = loggerFactory.CreateLogger <CertificateUpdater>(); CertificateStorage = pemKeyStorage; CertificateUpdaterConfig = certificateUpdaterOptions.Value; LetsEncryptConfiguration = letsEncryptOptions.Value; Client = new LetsDuckClient(loggerFactory, letsEncryptOptions.Value, duckDnsOptions.Value, CertificateStorage.Key); DateTime now = DateTime.Now; DateTime midnight = now.Date.AddDays(1); TimeSpan timeUntilMidnight = midnight - now; Timer = new Timer(Callback, null, (int)timeUntilMidnight.TotalMilliseconds, 24 * 60 * 60 * 1000); Logger.LogInformation($"{nameof(CertificateUpdater)} running"); CheckUpdateCertificate(); }
/// <summary> /// Create a new voting procedure. /// </summary> /// <param name="logger">Logs messages to file.</param> /// <param name="DataAccess.DbConnection">Connection to the database.</param> /// <param name="parameters">Voting parameters.</param> /// <param name="rootCertificate">Certificate storage.</param> /// <param name="status">Voting status.</param> public VotingServerEntity( VotingRpcServer server, Signed<VotingParameters> signedParameters, ICertificateStorage certificateStorage, ServerCertificate serverCertificate, VotingStatus status) { if (server == null) throw new ArgumentNullException("server"); if (signedParameters == null) throw new ArgumentNullException("signedParameters"); if (serverCertificate == null) throw new ArgumentNullException("serverCertificate"); Server = server; this.lastProcessTime = DateTime.Now; this.certificateStorage = certificateStorage; this.serverCertificate = serverCertificate; this.signedParameters = signedParameters; this.parameters = this.signedParameters.Value; this.status = status; }
/// <summary> /// Adds only CA certificates and revocation lists from a storage. /// </summary> /// <remarks> /// Does NOT add root certificates. /// </remarks> /// <param name="certificateStorage">Certificate storage to add.</param> public void AddOnlyCA(ICertificateStorage certificateStorage) { certificateStorage.Certificates .Where(certificate => certificate is CACertificate) .Foreach(certificate => Add(certificate)); certificateStorage.SignedRevocationLists .Foreach(reveocationList => AddRevocationList(reveocationList)); }
/// <summary> /// Adds all certificates and revocation lists from a storage. /// </summary> /// <remarks> /// Does NOT add root certificates. /// </remarks> /// <param name="certificateStorage">Certificate storage to add.</param> public void Add(ICertificateStorage certificateStorage) { certificateStorage.SignedRevocationLists .Foreach(reveocationList => AddRevocationList(reveocationList)); certificateStorage.Certificates .Foreach(certificate => Add(certificate)); }
/// <summary> /// Valid signatures affixed to the certificate. /// </summary> /// <param name="certificateStorage">Certificate storage to verify against.</param> /// <param name="date">Date to verify with.</param> /// <returns>List of signatures.</returns> public IEnumerable<Signature> ValidSignatures(ICertificateStorage certificateStorage, DateTime date) { foreach (var signature in Signatures) { if (signature.Verify(GetSignatureContent(), certificateStorage, date) == CertificateValidationResult.Valid) { yield return signature; } } }
/// <summary> /// Verifies a signature made with this certificate. /// </summary> /// <remarks> /// Also check the validity of the certificate. /// </remarks> /// <param name="data">Data which was signed.</param> /// <param name="signature">Signature data.</param> /// <param name="date">Date at which the signature must be valid.</param> /// <returns>Is the signature valid?</returns> public bool Verify(byte[] data, byte[] signature, ICertificateStorage certificateStorage, DateTime date) { if (data == null) throw new ArgumentNullException("data"); if (signature == null) throw new ArgumentNullException("signature"); var rsaProvider = GetRsaProvider(false); return rsaProvider.VerifyData(data, "SHA256", signature) && Validate(certificateStorage, date) == CertificateValidationResult.Valid; }
/// <summary> /// Is the certificate valid? /// </summary> /// <param name="certificateStorage">Storage of certificates.</param> /// <param name="date">Date on which it must be valid.</param> /// <returns>Is certificate valid.</returns> public CertificateValidationResult Validate(ICertificateStorage certificateStorage, DateTime date) { if (SelfSignatureValid) { if (certificateStorage.IsRootCertificate(this)) { return CertificateValidationResult.Valid; } else { CertificateValidationResult result = CertificateValidationResult.NoSignature; foreach (Signature signature in this.signatures) { result = signature.Verify(GetSignatureContent(), certificateStorage, date); if (result == CertificateValidationResult.Valid) { return certificateStorage.IsRevoked(signature.SignerId, Id, date); } } return result; } } else { return CertificateValidationResult.SelfsignatureInvalid; } }
/// <summary> /// Valid signatures affixed to the certificate. /// </summary> /// <param name="certificateStorage">Certificate storage to verify against.</param> /// <returns>List of signatures.</returns> public IEnumerable<Signature> ValidSignatures(ICertificateStorage certificateStorage) { return ValidSignatures(certificateStorage, DateTime.Now); }
/// <summary> /// Determines until when the certificate will stay valid, provided it isn't revoked until then. /// The date may lay in the past if the certificate is not valid now. /// </summary> /// <param name="certificateStorage">Storage of certificates.</param> /// <param name="date">Date on which signers certificates must be valid.</param> /// <returns>Date the certificate will expire after.</returns> public DateTime ExpectedValidUntil(ICertificateStorage certificateStorage, DateTime date) { if (SelfSignatureValid) { if (certificateStorage.IsRootCertificate(this)) { return DateTime.MaxValue; } else if (this.signatures.Count < 1) { return DateTime.MinValue; } else { return this.signatures.Max(signature => signature.ExpectedValidUntil(GetSignatureContent(), certificateStorage, date)); } } else { return DateTime.MinValue; } }
/// <summary> /// Is the certificate valid? /// </summary> /// <param name="certificateStorage">Storage of certificates.</param> /// <returns>Is certificate valid.</returns> public CertificateValidationResult Validate(ICertificateStorage certificateStorage) { return Validate(certificateStorage, DateTime.Now); }
/// <summary> /// Are all signatures valid? /// </summary> /// <param name="certificateStorage">Storage of certificates.</param> public bool AllSignaturesValid(ICertificateStorage certificateStorage) { foreach (var signature in this.signatures) { switch (signature.Verify(GetSignatureContent(), certificateStorage, signature.ValidFrom)) { case CertificateValidationResult.Valid: case CertificateValidationResult.Outdated: case CertificateValidationResult.NotYetValid: break; default: return false; } } return true; }
public CertificateRepository(ICertificateStorage certificateStorage) { this._certificateStorage = certificateStorage; }
/// <summary> /// Verifies a signature. /// </summary> /// <remarks> /// Also check the validity of the signer's certificate. /// </remarks> /// <param name="objectData">Data to check against.</param> /// <param name="certificateStorage">Storage of certificates.</param> /// <param name="date">Date at which the signature must be valid.</param> /// <returns>Is the signature valid.</returns> public CertificateValidationResult Verify(byte[] objectData, ICertificateStorage certificateStorage, DateTime date) { if (ValidFrom.Date <= date.Date) { if (ValidUntil.Date >= date.Date) { if (certificateStorage.Has(SignerId)) { Certificate signer = certificateStorage.Get(SignerId); if (signer.VerifySimple(AssmblySigningData(objectData), Data)) { if (signer.Validate(certificateStorage, date) == CertificateValidationResult.Valid) { return CertificateValidationResult.Valid; } else { return CertificateValidationResult.SignerInvalid; } } else { return CertificateValidationResult.SignatureDataInvalid; } } else { return CertificateValidationResult.UnknownSigner; } } else { return CertificateValidationResult.Outdated; } } else { return CertificateValidationResult.NotYetValid; } }
/// <summary> /// Determines until when the signature will be valid if ever. /// The date may lay in the past if it is not valid any more. /// </summary> /// <param name="objectData">Data to check against.</param> /// <param name="certificateStorage">Storage of certificates.</param> /// <param name="date">Date at which the signers certificate must be valid.</param> /// <returns>Date after which the signature expires.</returns> public DateTime ExpectedValidUntil(byte[] objectData, ICertificateStorage certificateStorage, DateTime date) { if (certificateStorage.Has(SignerId)) { Certificate signer = certificateStorage.Get(SignerId); if (signer.VerifySimple(AssmblySigningData(objectData), Data)) { if (signer.Validate(certificateStorage, date) == CertificateValidationResult.Valid) { return ValidUntil; } else { return DateTime.MinValue; } } else { return DateTime.MinValue; } } else { return DateTime.MinValue; } }
/// <summary> /// Determines until when the signature will become valid. /// </summary> /// <param name="certificateStorage">Storage of certificates.</param> /// <param name="date">Date at which the signers certificate must be valid.</param> /// <returns>Date after which the signature expires.</returns> public DateTime ExpectedValidFrom(byte[] objectData, ICertificateStorage certificateStorage) { if (certificateStorage.Has(SignerId)) { Certificate signer = certificateStorage.Get(SignerId); if (signer.VerifySimple(AssmblySigningData(objectData), Data)) { return ValidFrom; } else { return DateTime.MaxValue; } } else { return DateTime.MaxValue; } }