/// <summary> /// Incepts the request and punes the input. /// </summary> /// <param name="message"></param> public override void InterceptRequest(InterceptorMessage message) { try { XmlDocument body = message.GetBody(); CompiledXslt styleSheet = LoadStyleSheet(body); XmlDocument transformedBody = _xsltUtility.TransformXml(body, styleSheet); message.SetBody(transformedBody); if (_configuration.PropagateOriginalMessage) { OriginalBody orgBody = new OriginalBody(body); message.AddProperty(ServerXsltTransformationBindingExtensionElement.ORIGINALBODYPROPERTYNAME, orgBody); } } catch (Exception ex) { throw new XsltTransformFailedException(ex); } }
private void InterceptedMessageResponse(InterceptorMessage message, Headers headers) { lock (signatureLock) { SequenceHeader sequenceHeader = headers.SequenceHeader; string relatesTo = headers.RelatesTo.ToString(); // Try to get the unfinished signature validation proof. If none exists return. UnfinishedSignatureValidationProof unfinishedSignatureValidationProof = null; if (this.unfinishedSignaturesValidationProofStore.TryGetValueFromMessageId(relatesTo, out unfinishedSignatureValidationProof)) { // validation proof retrived //System.Diagnostics.Debug.WriteLine("InterceptedMessageResponse relatesTo " + relatesTo); SignatureValidationProof signatureValidationProof = unfinishedSignatureValidationProof.SignatureValidationProof; string signatureValidationProofKey = ClientSignatureValidationProofBindingExtensionElement.SignatureValidationProofKey; message.AddProperty(signatureValidationProofKey, signatureValidationProof); } } }
/* /// <summary> * /// Overrides the method to validate the binding element order. * /// </summary> * /// <typeparam name="TChannel"></typeparam> * /// <param name="context"></param> * /// <returns></returns> * public override IChannelListener<TChannel> BuildChannelListener<TChannel>(BindingContext context) * { * BindingElementCollection bindingElements = context.Binding.Elements; * this.stackCheck.Check(bindingElements); * return base.BuildChannelListener<TChannel>(context); * }*/ /// <summary> /// Intercept requests and creates the proof of validation interception before /// attaching it to the message. /// </summary> /// <param name="interceptorMessage"></param> public override void InterceptRequest(InterceptorMessage interceptorMessage) { this.logger.Trace("Security validate the foces certificate."); try { Headers headers = new Headers(interceptorMessage); if (interceptorMessage.IsFault) { // do nothing } else if (headers.IsCreateSequence) { // do nothing } else if (headers.SequenceHeader == null) { // do nothing } else if (headers.SequenceHeader.IsLastMessage) { // do nothing } else { // Get the certificate from the message X509Certificate2 certificate; try { certificate = interceptorMessage.Certificate; } catch { throw new FailedToGetCertificateSubjectException(interceptorMessage); } // now we must revocate check the certificate OcesX509Certificate ocesCertificate = new OcesX509Certificate(certificate); RevocationResponse response = ocesCertificate.CheckRevocationStatus(revocationLookup); if (response.Exception != null) { string msg; try { msg = response.Exception.Message; } catch (Exception ex) { this.logger.Debug("Error finding the correct error message.", ex); msg = "unknown"; } this.logger.Warn(string.Format("The certificate '{0}' revocation check failed. Reason is: ", ocesCertificate.Certificate.SubjectName.Name, msg)); // some error checking the certificate // make sure the error is of the correct type, and throw it // note - if the original exception was not a communikation exception, it is wraped in a communikation exception if (response.Exception is CertificateRevokedTimeoutException) { throw new CertificateRevokedValidationFailedException(response.Exception); } else if (response.Exception is CertificateRevokedException) { throw response.Exception; } else if (response.Exception is CertificateRevokedValidationFailedException) { throw response.Exception; } else if (response.Exception is CheckCertificateOcspUnexpectedException) { throw new CertificateRevokedValidationFailedException(response.Exception); } else if (response.Exception is CheckCertificateRevokedUnexpectedException) { throw new CertificateRevokedValidationFailedException(response.Exception); } else { throw new CertificateRevokedValidationFailedException(response.Exception); } } else { // no exception - all good so far switch (response.RevocationCheckStatus) { case RevocationCheckStatus.AllChecksPassed: { // all good this.logger.Debug(string.Format("Certificate '{0}' has parsed the revocation validate.", certificate.SubjectName.Name)); SignatureValidationProof signatureValidationProof = new SignatureValidationProof(certificate.Subject); interceptorMessage.AddProperty(ServerSignatureValidationProofBindingExtensionElement.SignatureValidationProofKey, signatureValidationProof); break; } case RevocationCheckStatus.CertificateRevoked: { this.logger.Warn(string.Format("The certificate '{0}' is revoked.", ocesCertificate.Certificate.SubjectName.Name)); throw new CertificateRevokedException(); //break; } default: { this.logger.Warn(string.Format("The certificate '{0}' failed in revocation check - reason unknown", ocesCertificate.Certificate.SubjectName.Name)); throw new CertificateRevokedValidationFailedException("The certificate failed in revocation check - reason unknown."); //break; } } } } } catch (FailedToGetCertificateSubjectException) { // exception is of the correct type - rethrowing it throw; } /* catch (CertificateRevokedTimeoutException e) * { * // exception is of the correct type - rethrowing it * throw new CertificateRevokedValidationFailedException(e); * }*/ catch (CertificateRevokedException) { // exception is of the correct type - rethrowing it throw; } catch (CertificateRevokedValidationFailedException) { // exception is of the correct type - rethrowing it throw; } /* catch (CheckCertificateOcspUnexpectedException) * { * // exception is of the correct type - rethrowing it * throw; * }*/ /* catch (CheckCertificateRevokedUnexpectedException) * { * // exception is of the correct type - rethrowing it * throw; * }*/ catch (Exception ex) { this.logger.Debug("Security validate the foces certificate", ex); throw new CertificateRevokedValidationFailedException(ex); } this.logger.Trace("Security validate the foces certificate - Finish."); }