private EvaluationError GetErrorFromRevocationResult(RevocationResult result, X509Certificate certificate) { if (result.Revoked.GetValueOrDefault(false)) { string revocationReasons = string.Join(Environment.NewLine, result.RevocationInfos .Select(_ => $"Revocation Date: {(_.RevocationTime.HasValue ? _.RevocationTime.Value.ToString("dd/MM/yyyy HH:mm") : "unknown")}, Revocation Reason: {_.RevocationReason ?? "unknown"}")); return(new EvaluationError(EvaluationErrorType.Error, string.Format(CertificateEvaluatorErrors.NonRootCertificatesShouldNotAppearOnRevocationListsRevoked, certificate.CommonName, Environment.NewLine, revocationReasons))); } return(null); }
public async Task <List <EvaluationError> > Evaluate(HostCertificates hostCertificates) { _log.LogInformation("Running rule {RuleNumber}:{Rule} for host {Host}", SequenceNo, nameof(NonRootCertificatesShouldNotAppearOnRevocationLists), hostCertificates.Host); for (int i = hostCertificates.Certificates.Count - 1; i > 0; i--) { RevocationResult ocspResult = await _ocspValidator.CheckOcspRevocation(hostCertificates.Host, hostCertificates.Certificates[i - 1], hostCertificates.Certificates[i]); if (ocspResult.Revoked.HasValue) { EvaluationError error = GetErrorFromRevocationResult(ocspResult, hostCertificates.Certificates[i - 1]); if (error != null) { return(new List <EvaluationError> { error }); } } else { RevocationResult crlResult = await _crlValidator.CheckCrlRevocation(hostCertificates.Host, hostCertificates.Certificates[i - 1]); if (crlResult.Revoked.HasValue) { EvaluationError error = GetErrorFromRevocationResult(crlResult, hostCertificates.Certificates[i - 1]); if (error != null) { return(new List <EvaluationError> { error }); } } else { string errorMessage = $"OCSP Error: {ocspResult.ErrorMessage}{Environment.NewLine}CRL Error: {crlResult.ErrorMessage}"; return(new List <EvaluationError> { new EvaluationError(EvaluationErrorType.Inconclusive, string.Format(CertificateEvaluatorErrors.NonRootCertificatesShouldNotAppearOnRevocationListsError, hostCertificates.Certificates[i - 1].CommonName, Environment.NewLine, errorMessage)) }); } } } return(new List <EvaluationError>()); }