static bool CheckCertificate(IOcesCertificate certificate) { var environment = RootCertificates.GetEnvironment(certificate.IssuingCa); string serverUrl = certificate.OcspUrl; var reqAndId = RequestGenerator.CreateOcspRequest(certificate); OcspResp resp = Requester.Send(reqAndId.Request, serverUrl); return(ResponseParser.CertificateIsValid(reqAndId.Id, resp, certificate)); }
static bool CheckCertificate(IOcesCertificate certificate) { var environment = RootCertificates.GetEnvironment(certificate.IssuingCa); string serverUrl = certificate.OcspUrl; var reqAndId = RequestGenerator.CreateOcspRequest(certificate); OcspResp resp = Requester.Send(reqAndId.Request, serverUrl); return ResponseParser.CertificateIsValid(reqAndId.Id, resp, certificate); }
static bool IsCertificateRevoked(IOcesCertificate certificate) { if (Environments.TrustedEnvironments.Contains(OcesEnvironment.OcesIDanidEnvDevelopment)) { /* OCSP checking is not supported in this environment - since this is a test environment, we assume * the certificate is *not* revoked */ Logger.Info("OCSP checking is not supported in this environment. Assuming certificate is not revoked"); return(false); } return(!OcspClient.IsValid(certificate)); }
static bool IsCertificateRevoked(IOcesCertificate certificate) { if (Environments.TrustedEnvironments.Contains(OcesEnvironment.OcesIDanidEnvDevelopment)) { /* OCSP checking is not supported in this environment - since this is a test environment, we assume the certificate is *not* revoked */ Logger.Info("OCSP checking is not supported in this environment. Assuming certificate is not revoked"); return false; } return !OcspClient.IsValid(certificate); }
public static bool IsValid(IOcesCertificate certificate) { OcspCall ocspCall = CheckCertificate; var result = ocspCall.BeginInvoke(certificate, null, null); bool timelyReply = result.AsyncWaitHandle.WaitOne(TimeoutMilliseconds, false); if (timelyReply) { return ocspCall.EndInvoke(result); } throw new TimeoutException("OCSP responder timed out"); }
/// <summary> /// Returns <code>true</code> if the given certificate is revoked and false otherwise /// </summary> /// <param name="certificate">certificate certificate to check for revocation</param> /// <returns><code>true</code> if the given certificate is revoked and false otherwise /// including if this CRL has expired.</returns> /// <throws>InvalidOperationException if this CRL is not valid or is not signed by the certificate's issuing CA.</throws> public bool IsRevoked(IOcesCertificate certificate) { try { VerifyCrl(certificate.IssuingCa.Certificate); } catch (SignatureException e) { throw new InvalidSignatureException("CRL Issued by" + _crl.IssuerDN + " does not have valid signature by certificate's issuer certificate " + certificate.IssuingCa.Certificate.SubjectName.Name, e); } return(IsRevoked(certificate.ExportCertificate())); }
public static bool IsValid(IOcesCertificate certificate) { OcspCall ocspCall = CheckCertificate; var result = ocspCall.BeginInvoke(certificate, null, null); bool timelyReply = result.AsyncWaitHandle.WaitOne(TimeoutMilliseconds, false); if (timelyReply) { return(ocspCall.EndInvoke(result)); } throw new TimeoutException("OCSP responder timed out"); }
/// <summary> /// The partitioned CRL to check for revocation is retrieved using LDAP. /// </summary> public bool IsRevoked(IOcesCertificate certificate) { string ldapPath = certificate.PartitionedCrlDistributionPoint; OcesEnvironment environment = RootCertificates.GetEnvironment(certificate.IssuingCa); Crl crl = _crlDownloader.Download(environment, ldapPath); if (!crl.IsPartial()) { throw new InvalidCrlException("Crl was downloaded successfully, but is not a partial CRL:" + ldapPath); } if (!crl.IsCorrectPartialCrl(ldapPath)) { throw new InvalidCrlException("Crl was downloaded successfully, but is not the correct partitioned crl:" + ldapPath); } return crl.IsRevoked(certificate) || IsRevoked(certificate.IssuingCa); }
/// <summary> /// The partitioned CRL to check for revocation is retrieved using LDAP. /// </summary> public bool IsRevoked(IOcesCertificate certificate) { string ldapPath = certificate.PartitionedCrlDistributionPoint; OcesEnvironment environment = RootCertificates.GetEnvironment(certificate.IssuingCa); Crl crl = _crlDownloader.Download(environment, ldapPath); if (!crl.IsPartial()) { throw new InvalidCrlException("Crl was downloaded successfully, but is not a partial CRL:" + ldapPath); } if (!crl.IsCorrectPartialCrl(ldapPath)) { throw new InvalidCrlException("Crl was downloaded successfully, but is not the correct partitioned crl:" + ldapPath); } return(crl.IsRevoked(certificate) || IsRevoked(certificate.IssuingCa)); }
public bool IsRevoked(IOcesCertificate certificate) { return(IsIssuingCaRevoked(certificate) || IsCertificateRevoked(certificate)); }
/// <summary> /// Downloads the full CRL for the given certificate. /// </summary> /// <param name="certificate">certificate to download full CRL for</param> /// <returns>full CRL for given certificate</returns> public Crl DownloadCrl(IOcesCertificate certificate) { string crlDistributionPoint = certificate.CrlDistributionPoint; return(DownloadCrl(crlDistributionPoint)); }
public bool IsRevoked(IOcesCertificate certificate) { Crl crl = DownloadCrl(certificate); return(crl.IsRevoked(certificate) || IsRevoked(certificate.IssuingCa)); }
public static OcspReqAndId CreateOcspRequest(IOcesCertificate certificate) { return(CreateOcspRequest(certificate.IssuingCa.Certificate, SerialNumberConverter.FromCertificate(certificate))); }
public static OcspReqAndId CreateOcspRequest(IOcesCertificate certificate) { return CreateOcspRequest(certificate.IssuingCa.Certificate, SerialNumberConverter.FromCertificate(certificate)); }
public bool IsRevoked(IOcesCertificate certificate) { Crl crl = DownloadCrl(certificate); return crl.IsRevoked(certificate) || IsRevoked(certificate.IssuingCa); }
static bool IsIssuingCaRevoked(IOcesCertificate certificate) { return(FullCrlRevocationChecker.Instance.IsRevoked(certificate.IssuingCa)); }
public static bool CertificateIsValid(CertID id, OcspResp ocspResp, IOcesCertificate certificate) { return(CertificateIsValid(id, ocspResp, SerialNumberConverter.FromCertificate(certificate), certificate.IssuingCa)); }
static bool IsIssuingCaRevoked(IOcesCertificate certificate) { return FullCrlRevocationChecker.Instance.IsRevoked(certificate.IssuingCa); }
/// <summary> /// Downloads the full CRL for the given certificate. /// </summary> /// <param name="certificate">certificate to download full CRL for</param> /// <returns>full CRL for given certificate</returns> public Crl DownloadCrl(IOcesCertificate certificate) { string crlDistributionPoint = certificate.CrlDistributionPoint; return DownloadCrl(crlDistributionPoint); }
public static bool CertificateIsValid(CertID id, OcspResp ocspResp, IOcesCertificate certificate) { return CertificateIsValid(id, ocspResp, SerialNumberConverter.FromCertificate(certificate), certificate.IssuingCa); }
public static string FromCertificate(IOcesCertificate certificate) { return Convert.ToUInt32(certificate.SerialNumber, 16).ToString(); }
public static string FromCertificate(IOcesCertificate certificate) { return(Convert.ToUInt32(certificate.SerialNumber, 16).ToString()); }
/// <summary> /// Returns <code>true</code> if the given certificate is revoked and false otherwise /// </summary> /// <param name="certificate">certificate certificate to check for revocation</param> /// <returns><code>true</code> if the given certificate is revoked and false otherwise /// including if this CRL has expired.</returns> /// <throws>InvalidOperationException if this CRL is not valid or is not signed by the certificate's issuing CA.</throws> public bool IsRevoked(IOcesCertificate certificate) { try { VerifyCrl(certificate.IssuingCa.Certificate); } catch (SignatureException e) { throw new InvalidSignatureException("CRL Issued by" + _crl.IssuerDN + " does not have valid signature by certificate's issuer certificate " + certificate.IssuingCa.Certificate.SubjectName.Name, e); } return IsRevoked(certificate.ExportCertificate()); }
public bool IsRevoked(IOcesCertificate certificate) { return IsIssuingCaRevoked(certificate) || IsCertificateRevoked(certificate); }