bool FilterCertificateByPolicy(MailAddress address, X509Certificate2 cert, IPolicyResolver resolver, bool incoming) { if (cert == null || resolver == null) { return(true); } IList <IPolicyExpression> exressions = (incoming) ? resolver.GetIncomingPolicy(address) : resolver.GetOutgoingPolicy(address); try { var policyFilter = PolicyFilter.Default; foreach (var expression in exressions) { if (!policyFilter.IsCompliant(cert, expression)) { return(false); } } } catch (PolicyRequiredException) // certificate { return(false); } catch (PolicyProcessException processException) { throw new AgentException(AgentError.InvalidPolicy, processException); } return(true); }
/// <summary> /// Get the cert policy resolvers as a <see cref="ICertPolicyResolvers"/> structured container.. /// </summary> /// <returns></returns> public ICertPolicyResolvers GetPolicyResolvers() { IList <KeyValuePair <string, IPolicyResolver> > policyResolvers = new List <KeyValuePair <string, IPolicyResolver> >(); if (CertPolicies != null) { PolicyResolverSettings policyResolverSettings = this.CertPolicies.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.TrustPolicyName); if (policyResolverSettings != null) { IPolicyResolver trustPolicyResolver = policyResolverSettings.CreateResolver(); policyResolvers.Add(new KeyValuePair <string, IPolicyResolver>(CertPolicyResolvers.TrustPolicyName, trustPolicyResolver)); } policyResolverSettings = this.CertPolicies.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.PrivatePolicyName); if (policyResolverSettings != null) { IPolicyResolver privatePolicyResolver = policyResolverSettings.CreateResolver(); policyResolvers.Add(new KeyValuePair <string, IPolicyResolver>(CertPolicyResolvers.PrivatePolicyName, privatePolicyResolver)); } policyResolverSettings = this.CertPolicies.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.PublicPolicyName); if (policyResolverSettings != null) { IPolicyResolver publicPolicyResolver = policyResolverSettings.CreateResolver(); policyResolvers.Add(new KeyValuePair <string, IPolicyResolver>(CertPolicyResolvers.PublicPolicyName, publicPolicyResolver)); } } CertPolicyResolvers certPolicyResolvers = new CertPolicyResolvers(policyResolvers); return(certPolicyResolvers); }
/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter) { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach (X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return(trustModel); }
/// <summary> /// Constructs an instance specifying a certificate chain validator. /// </summary> /// <param name="validator">The <see cref="TrustChainValidator"/> to use in validating certificate chains</param> /// <param name="policyResolver">The <see cref="IPolicyResolver"/> to use in resolving policies.</param> public TrustModel(TrustChainValidator validator, IPolicyResolver policyResolver) { if (validator == null) { throw new ArgumentNullException("validator"); } m_certChainValidator = validator; m_trustPolicyResolver = policyResolver; }
/// <summary> /// Constructs an instance specifying a certificate chain validator. /// </summary> /// <param name="validator">The <see cref="TrustChainValidator"/> to use in validating certificate chains</param> /// <param name="policyResolver">The <see cref="IPolicyResolver"/> to use in resolving policies.</param> /// <param name="policyFilter">The <see cref="IPolicyFilter"/> to use in validating certificate against policies</param> public TrustModel(TrustChainValidator validator, IPolicyResolver policyResolver, IPolicyFilter policyFilter) { if (validator == null) { throw new ArgumentNullException("validator"); } m_certChainValidator = validator; m_trustPolicyResolver = policyResolver; m_policyFilter = policyFilter; }
public TrustPolicyResolver(TrustPolicyServiceResolverSettings settings) { ClientSettings settings1 = settings.ClientSettings; var incomingCacheSettings = new CacheSettings(settings.CacheSettings) {Name = "BundleCache.incoming"}; var outgoingCacheSettings = new CacheSettings(settings.CacheSettings) {Name = "BundleCache.outgoing"}; m_incomingResolver = new PolicyResolver(new CertPolicyIndex(settings1, true, CertPolicyUse.TRUST), incomingCacheSettings); m_outgoingResolver = new PolicyResolver(new CertPolicyIndex(settings1, false, CertPolicyUse.TRUST), outgoingCacheSettings); }
/// <summary> /// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and /// trust and cryptography models. /// </summary> /// <param name="domainResolver"> /// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent. /// </param> /// <param name="privateCerts"> /// An <see cref="ICertificateResolver"/> instance providing private certificates /// for senders of outgoing messages and receivers of incoming messages. /// </param> /// <param name="publicCerts"> /// An <see cref="ICertificateResolver"/> instance providing public certificates /// for receivers of outgoing messages and senders of incoming messages. /// </param> /// <param name="anchors"> /// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors. /// </param> /// <param name="trustModel"> /// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model. /// </param> /// <param name="cryptographer"> /// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model. /// </param> /// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param> public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors, TrustModel trustModel, ISmimeCryptographer cryptographer, ICertPolicyResolvers certPolicyResolvers) { m_managedDomains = new AgentDomains(domainResolver); if (privateCerts == null) { throw new ArgumentNullException("privateCerts"); } if (publicCerts == null) { throw new ArgumentNullException("publicCerts"); } if (anchors == null) { throw new ArgumentNullException("anchors"); } if (trustModel == null) { throw new ArgumentNullException("trustModel"); } if (cryptographer == null) { throw new ArgumentNullException("cryptographer"); } m_privateCertResolver = privateCerts; m_publicCertResolver = publicCerts; m_cryptographer = cryptographer; m_trustAnchors = anchors; m_trustModel = trustModel; if (!m_trustModel.CertChainValidator.HasCertificateResolver) { m_trustModel.CertChainValidator.IssuerResolver = m_publicCertResolver; } m_minTrustRequirement = TrustEnforcementStatus.Success; m_privatePolicyResolver = certPolicyResolvers.PrivateResolver; m_publicPolicyResolver = certPolicyResolvers.PublicResolver; }
public PublicPolicyResolver(PublicPolicyServiceResolverSettings settings) { PublicPolicyServiceResolverSettings settings1 = settings; CacheSettings incomingCacheSettings = new CacheSettings(settings1.CacheSettings) { Name = "publicPolicy.incoming" }; CacheSettings outgoingCacheSettings = new CacheSettings(settings1.CacheSettings) { Name = "publicPolicy.outgoing" }; m_incomingResolver = new PolicyResolver(new CertPolicyIndex(settings1.ClientSettings, true, CertPolicyUse.PUBLIC_RESOLVER), incomingCacheSettings); m_outgoingResolver = new PolicyResolver(new CertPolicyIndex(settings1.ClientSettings, false, CertPolicyUse.PUBLIC_RESOLVER), outgoingCacheSettings); }
public PrivatePolicyResolver(PrivatePolicyServiceResolverSettings settings) { PrivatePolicyServiceResolverSettings settings1 = settings; CacheSettings incomingCacheSettings = new CacheSettings(settings1.CacheSettings) { Name = "privatePolicy.incoming" }; CacheSettings outgoingCacheSettings = new CacheSettings(settings1.CacheSettings) { Name = "privatePolicy.outgoing" }; m_incomingResolver = new PolicyResolver(new CertPolicyIndex(settings1.ClientSettings, true, CertPolicyUse.PRIVATE_RESOLVER), incomingCacheSettings); m_outgoingResolver = new PolicyResolver(new CertPolicyIndex(settings1.ClientSettings, false, CertPolicyUse.PRIVATE_RESOLVER), outgoingCacheSettings); }
public TrustPolicyResolver(TrustPolicyServiceResolverSettings settings) { ClientSettings settings1 = settings.ClientSettings; var incomingCacheSettings = new CacheSettings(settings.CacheSettings) { Name = "BundleCache.incoming" }; var outgoingCacheSettings = new CacheSettings(settings.CacheSettings) { Name = "BundleCache.outgoing" }; m_incomingResolver = new PolicyResolver(new CertPolicyIndex(settings1, true, CertPolicyUse.TRUST), incomingCacheSettings); m_outgoingResolver = new PolicyResolver(new CertPolicyIndex(settings1, false, CertPolicyUse.TRUST), outgoingCacheSettings); }
void Verify(PolicySettings settings) { Assert.NotNull(settings.Resolvers); Assert.Equal(3, settings.Resolvers.Count()); IPolicyResolver trustResolver = settings.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.TrustPolicyName).CreateResolver(); IPolicyResolver privateResolver = settings.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.PrivatePolicyName).CreateResolver(); IPolicyResolver publicResolver = settings.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.PublicPolicyName).CreateResolver(); Assert.NotNull(trustResolver); Assert.NotNull(privateResolver); Assert.NotNull(publicResolver); TrustPolicyServiceResolverSettings trustSettings = settings.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.TrustPolicyName) as TrustPolicyServiceResolverSettings; Assert.True(trustSettings.CacheSettings.Cache); Assert.True(trustSettings.CacheSettings.NegativeCache); Assert.Equal(60, trustSettings.CacheSettings.CacheTTLSeconds); PrivatePolicyServiceResolverSettings privateSettings = settings.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.PrivatePolicyName) as PrivatePolicyServiceResolverSettings; Assert.True(privateSettings.CacheSettings.Cache); Assert.True(privateSettings.CacheSettings.NegativeCache); Assert.Equal(60, privateSettings.CacheSettings.CacheTTLSeconds); PublicPolicyServiceResolverSettings publicSettings = settings.Resolvers.FirstOrDefault(r => r.Name == CertPolicyResolvers.PublicPolicyName) as PublicPolicyServiceResolverSettings; Assert.True(publicSettings.CacheSettings.Cache); Assert.True(publicSettings.CacheSettings.NegativeCache); Assert.Equal(60, publicSettings.CacheSettings.CacheTTLSeconds); }
/// <summary> /// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and /// trust and cryptography models. /// </summary> /// <param name="domainResolver"> /// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent. /// </param> /// <param name="privateCerts"> /// An <see cref="ICertificateResolver"/> instance providing private certificates /// for senders of outgoing messages and receivers of incoming messages. /// </param> /// <param name="publicCerts"> /// An <see cref="ICertificateResolver"/> instance providing public certificates /// for receivers of outgoing messages and senders of incoming messages. /// </param> /// <param name="anchors"> /// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors. /// </param> /// <param name="trustModel"> /// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model. /// </param> /// <param name="cryptographer"> /// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model. /// </param> /// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts , ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer, ICertPolicyResolvers certPolicyResolvers, IPolicyFilter policyFilter) { m_managedDomains = new AgentDomains(domainResolver); if (privateCerts == null) { throw new ArgumentNullException("privateCerts"); } if (publicCerts == null) { throw new ArgumentNullException("publicCerts"); } if (anchors == null) { throw new ArgumentNullException("anchors"); } if (trustModel == null) { throw new ArgumentNullException("trustModel"); } if (cryptographer == null) { throw new ArgumentNullException("cryptographer"); } m_privateCertResolver = privateCerts; m_publicCertResolver = publicCerts; m_cryptographer = cryptographer; m_trustAnchors = anchors; m_trustModel = trustModel; if (!m_trustModel.CertChainValidator.HasCertificateResolver) { m_trustModel.CertChainValidator.IssuerResolver = m_publicCertResolver; } m_minTrustRequirement = TrustEnforcementStatus.Success; m_privatePolicyResolver = certPolicyResolvers.PrivateResolver; m_publicPolicyResolver = certPolicyResolvers.PublicResolver; m_policyFilter = policyFilter; }
bool FilterCertificateByPolicy(MailAddress address, X509Certificate2 cert, IPolicyResolver resolver, bool incoming) { if (cert == null || resolver == null || m_policyFilter == null) { return true; } IList<IPolicyExpression> exressions = (incoming) ? resolver.GetIncomingPolicy(address) : resolver.GetOutgoingPolicy(address); try { foreach (var expression in exressions) { if (! m_policyFilter.IsCompliant(cert, expression)) { return false; } } } catch (PolicyRequiredException) // certificate { return false; } catch (PolicyProcessException processException) { throw new AgentException(AgentError.InvalidPolicy, processException); } return true; }
/// <summary> /// Create a Trust Model from the given settings /// </summary> /// <param name="trustPolicyResolver"><see cref="IPolicyResolver"/> injected for trust policy resolution.</param> /// <param name="policyFilter"><see cref="IPolicyFilter"/></param> /// <returns>TrustModel</returns> public TrustModel CreateTrustModel(IPolicyResolver trustPolicyResolver, IPolicyFilter policyFilter) { TrustChainValidator validator = new TrustChainValidator(); validator.RevocationCheckMode = this.RevocationCheckMode; validator.RevocationCheckGranularity = this.RevocationCheckGranularity; if (this.MaxIssuerChainLength > 0) { validator.MaxIssuerChainLength = this.MaxIssuerChainLength; } if (this.TimeoutMilliseconds > 0) { validator.ValidationPolicy.UrlRetrievalTimeout = TimeSpan.FromMilliseconds(this.TimeoutMilliseconds); } TrustModel trustModel = new TrustModel(validator, trustPolicyResolver, policyFilter); if (this.ProblemFlags != null) { X509ChainStatusFlags flags = X509ChainStatusFlags.NoError; foreach(X509ChainStatusFlags flag in this.ProblemFlags) { flags = (flags | flag); } trustModel.CertChainValidator.ProblemFlags = flags; } return trustModel; }