/// <summary>
/// Create a new voting procedure.
/// </summary>
/// <param name="logger">Logs messages to file.</param>
/// <param name="DataAccess.DbConnection">Connection to the database.</param>
/// <param name="parameters">Voting parameters.</param>
/// <param name="rootCertificate">Certificate storage.</param>
public VotingServerEntity(
VotingRpcServer server,
Signed<VotingParameters> signedParameters,
ICertificateStorage certificateStorage,
ServerCertificate serverCertificate)
: this(server, signedParameters, certificateStorage, serverCertificate, VotingStatus.New)
{
this.lastProcessTime = DateTime.Now;
}
public CertificateUpdater(ILoggerFactory loggerFactory, ICertificateStorage pemKeyStorage, IOptions <CertificateUpdaterConfiguration> certificateUpdaterOptions, IOptions <LetsEncryptConfiguration> letsEncryptOptions, IOptions <DuckDnsConfiguration> duckDnsOptions)
{
Logger = loggerFactory.CreateLogger <CertificateUpdater>();
CertificateStorage = pemKeyStorage;
CertificateUpdaterConfig = certificateUpdaterOptions.Value;
LetsEncryptConfiguration = letsEncryptOptions.Value;
Client = new LetsDuckClient(loggerFactory, letsEncryptOptions.Value, duckDnsOptions.Value, CertificateStorage.Key);
DateTime now = DateTime.Now;
DateTime midnight = now.Date.AddDays(1);
TimeSpan timeUntilMidnight = midnight - now;
Timer = new Timer(Callback, null, (int)timeUntilMidnight.TotalMilliseconds, 24 * 60 * 60 * 1000);
Logger.LogInformation($"{nameof(CertificateUpdater)} running");
CheckUpdateCertificate();
}
/// <summary>
/// Create a new voting procedure.
/// </summary>
/// <param name="logger">Logs messages to file.</param>
/// <param name="DataAccess.DbConnection">Connection to the database.</param>
/// <param name="parameters">Voting parameters.</param>
/// <param name="rootCertificate">Certificate storage.</param>
/// <param name="status">Voting status.</param>
public VotingServerEntity(
VotingRpcServer server,
Signed<VotingParameters> signedParameters,
ICertificateStorage certificateStorage,
ServerCertificate serverCertificate,
VotingStatus status)
{
if (server == null)
throw new ArgumentNullException("server");
if (signedParameters == null)
throw new ArgumentNullException("signedParameters");
if (serverCertificate == null)
throw new ArgumentNullException("serverCertificate");
Server = server;
this.lastProcessTime = DateTime.Now;
this.certificateStorage = certificateStorage;
this.serverCertificate = serverCertificate;
this.signedParameters = signedParameters;
this.parameters = this.signedParameters.Value;
this.status = status;
}
/// <summary>
/// Adds only CA certificates and revocation lists from a storage.
/// </summary>
/// <remarks>
/// Does NOT add root certificates.
/// </remarks>
/// <param name="certificateStorage">Certificate storage to add.</param>
public void AddOnlyCA(ICertificateStorage certificateStorage)
{
certificateStorage.Certificates
.Where(certificate => certificate is CACertificate)
.Foreach(certificate => Add(certificate));
certificateStorage.SignedRevocationLists
.Foreach(reveocationList => AddRevocationList(reveocationList));
}
/// <summary>
/// Adds all certificates and revocation lists from a storage.
/// </summary>
/// <remarks>
/// Does NOT add root certificates.
/// </remarks>
/// <param name="certificateStorage">Certificate storage to add.</param>
public void Add(ICertificateStorage certificateStorage)
{
certificateStorage.SignedRevocationLists
.Foreach(reveocationList => AddRevocationList(reveocationList));
certificateStorage.Certificates
.Foreach(certificate => Add(certificate));
}
/// <summary>
/// Valid signatures affixed to the certificate.
/// </summary>
/// <param name="certificateStorage">Certificate storage to verify against.</param>
/// <param name="date">Date to verify with.</param>
/// <returns>List of signatures.</returns>
public IEnumerable<Signature> ValidSignatures(ICertificateStorage certificateStorage, DateTime date)
{
foreach (var signature in Signatures)
{
if (signature.Verify(GetSignatureContent(), certificateStorage, date) == CertificateValidationResult.Valid)
{
yield return signature;
}
}
}
/// <summary>
/// Verifies a signature made with this certificate.
/// </summary>
/// <remarks>
/// Also check the validity of the certificate.
/// </remarks>
/// <param name="data">Data which was signed.</param>
/// <param name="signature">Signature data.</param>
/// <param name="date">Date at which the signature must be valid.</param>
/// <returns>Is the signature valid?</returns>
public bool Verify(byte[] data, byte[] signature, ICertificateStorage certificateStorage, DateTime date)
{
if (data == null)
throw new ArgumentNullException("data");
if (signature == null)
throw new ArgumentNullException("signature");
var rsaProvider = GetRsaProvider(false);
return rsaProvider.VerifyData(data, "SHA256", signature) &&
Validate(certificateStorage, date) == CertificateValidationResult.Valid;
}
/// <summary>
/// Is the certificate valid?
/// </summary>
/// <param name="certificateStorage">Storage of certificates.</param>
/// <param name="date">Date on which it must be valid.</param>
/// <returns>Is certificate valid.</returns>
public CertificateValidationResult Validate(ICertificateStorage certificateStorage, DateTime date)
{
if (SelfSignatureValid)
{
if (certificateStorage.IsRootCertificate(this))
{
return CertificateValidationResult.Valid;
}
else
{
CertificateValidationResult result = CertificateValidationResult.NoSignature;
foreach (Signature signature in this.signatures)
{
result = signature.Verify(GetSignatureContent(), certificateStorage, date);
if (result == CertificateValidationResult.Valid)
{
return certificateStorage.IsRevoked(signature.SignerId, Id, date);
}
}
return result;
}
}
else
{
return CertificateValidationResult.SelfsignatureInvalid;
}
}
/// <summary>
/// Valid signatures affixed to the certificate.
/// </summary>
/// <param name="certificateStorage">Certificate storage to verify against.</param>
/// <returns>List of signatures.</returns>
public IEnumerable<Signature> ValidSignatures(ICertificateStorage certificateStorage)
{
return ValidSignatures(certificateStorage, DateTime.Now);
}
/// <summary>
/// Determines until when the certificate will stay valid, provided it isn't revoked until then.
/// The date may lay in the past if the certificate is not valid now.
/// </summary>
/// <param name="certificateStorage">Storage of certificates.</param>
/// <param name="date">Date on which signers certificates must be valid.</param>
/// <returns>Date the certificate will expire after.</returns>
public DateTime ExpectedValidUntil(ICertificateStorage certificateStorage, DateTime date)
{
if (SelfSignatureValid)
{
if (certificateStorage.IsRootCertificate(this))
{
return DateTime.MaxValue;
}
else if (this.signatures.Count < 1)
{
return DateTime.MinValue;
}
else
{
return this.signatures.Max(signature => signature.ExpectedValidUntil(GetSignatureContent(), certificateStorage, date));
}
}
else
{
return DateTime.MinValue;
}
}
/// <summary>
/// Is the certificate valid?
/// </summary>
/// <param name="certificateStorage">Storage of certificates.</param>
/// <returns>Is certificate valid.</returns>
public CertificateValidationResult Validate(ICertificateStorage certificateStorage)
{
return Validate(certificateStorage, DateTime.Now);
}
/// <summary>
/// Are all signatures valid?
/// </summary>
/// <param name="certificateStorage">Storage of certificates.</param>
public bool AllSignaturesValid(ICertificateStorage certificateStorage)
{
foreach (var signature in this.signatures)
{
switch (signature.Verify(GetSignatureContent(), certificateStorage, signature.ValidFrom))
{
case CertificateValidationResult.Valid:
case CertificateValidationResult.Outdated:
case CertificateValidationResult.NotYetValid:
break;
default:
return false;
}
}
return true;
}
public CertificateRepository(ICertificateStorage certificateStorage)
{
this._certificateStorage = certificateStorage;
}
/// <summary>
/// Verifies a signature.
/// </summary>
/// <remarks>
/// Also check the validity of the signer's certificate.
/// </remarks>
/// <param name="objectData">Data to check against.</param>
/// <param name="certificateStorage">Storage of certificates.</param>
/// <param name="date">Date at which the signature must be valid.</param>
/// <returns>Is the signature valid.</returns>
public CertificateValidationResult Verify(byte[] objectData, ICertificateStorage certificateStorage, DateTime date)
{
if (ValidFrom.Date <= date.Date)
{
if (ValidUntil.Date >= date.Date)
{
if (certificateStorage.Has(SignerId))
{
Certificate signer = certificateStorage.Get(SignerId);
if (signer.VerifySimple(AssmblySigningData(objectData), Data))
{
if (signer.Validate(certificateStorage, date) == CertificateValidationResult.Valid)
{
return CertificateValidationResult.Valid;
}
else
{
return CertificateValidationResult.SignerInvalid;
}
}
else
{
return CertificateValidationResult.SignatureDataInvalid;
}
}
else
{
return CertificateValidationResult.UnknownSigner;
}
}
else
{
return CertificateValidationResult.Outdated;
}
}
else
{
return CertificateValidationResult.NotYetValid;
}
}
/// <summary>
/// Determines until when the signature will be valid if ever.
/// The date may lay in the past if it is not valid any more.
/// </summary>
/// <param name="objectData">Data to check against.</param>
/// <param name="certificateStorage">Storage of certificates.</param>
/// <param name="date">Date at which the signers certificate must be valid.</param>
/// <returns>Date after which the signature expires.</returns>
public DateTime ExpectedValidUntil(byte[] objectData, ICertificateStorage certificateStorage, DateTime date)
{
if (certificateStorage.Has(SignerId))
{
Certificate signer = certificateStorage.Get(SignerId);
if (signer.VerifySimple(AssmblySigningData(objectData), Data))
{
if (signer.Validate(certificateStorage, date) == CertificateValidationResult.Valid)
{
return ValidUntil;
}
else
{
return DateTime.MinValue;
}
}
else
{
return DateTime.MinValue;
}
}
else
{
return DateTime.MinValue;
}
}
/// <summary>
/// Determines until when the signature will become valid.
/// </summary>
/// <param name="certificateStorage">Storage of certificates.</param>
/// <param name="date">Date at which the signers certificate must be valid.</param>
/// <returns>Date after which the signature expires.</returns>
public DateTime ExpectedValidFrom(byte[] objectData, ICertificateStorage certificateStorage)
{
if (certificateStorage.Has(SignerId))
{
Certificate signer = certificateStorage.Get(SignerId);
if (signer.VerifySimple(AssmblySigningData(objectData), Data))
{
return ValidFrom;
}
else
{
return DateTime.MaxValue;
}
}
else
{
return DateTime.MaxValue;
}
}
