/// <summary>
/// Prints an SRV RR
/// </summary>
/// <param name="srv">the RR to print</param>
public void Print(SRVRecord srv)
{
this.Print("Priority", srv.Priority);
this.Print("Weight", srv.Weight);
this.Print("Port", srv.Port);
this.Print("Target", srv.Target);
}
/// <summary>
/// Factory for DnsResourceRecord objects
/// </summary>
/// <param name="recordType"></param>
/// <returns></returns>
public static DnsResourceRecord CreateRecordObject(DnsStandard.RecordType recordType)
{
DnsResourceRecord record;
switch (recordType)
{
default:
record = new RawRecord();
break;
case DnsStandard.RecordType.ANAME:
record = new AddressRecord();
break;
case DnsStandard.RecordType.NS:
record = new NSRecord();
break;
case DnsStandard.RecordType.CNAME:
record = new CNameRecord();
break;
case DnsStandard.RecordType.SOA:
record = new SOARecord();
break;
case DnsStandard.RecordType.TXT:
record = new TextRecord();
break;
case DnsStandard.RecordType.MX:
record = new MXRecord();
break;
case DnsStandard.RecordType.PTR:
record = new PtrRecord();
break;
case DnsStandard.RecordType.CERT:
record = new CertRecord();
break;
case DnsStandard.RecordType.SRV:
record = new SRVRecord();
break;
}
return(record);
}
/// <summary>
/// Factory for DnsResourceRecord objects
/// </summary>
/// <param name="recordType"></param>
/// <returns></returns>
public static DnsResourceRecord CreateRecordObject(DnsStandard.RecordType recordType)
{
DnsResourceRecord record;
switch (recordType)
{
default:
record = new RawRecord();
break;
case DnsStandard.RecordType.ANAME:
record = new AddressRecord();
break;
case DnsStandard.RecordType.NS:
record = new NSRecord();
break;
case DnsStandard.RecordType.CNAME:
record = new CNameRecord();
break;
case DnsStandard.RecordType.SOA:
record = new SOARecord();
break;
case DnsStandard.RecordType.TXT:
record = new TextRecord();
break;
case DnsStandard.RecordType.MX:
record = new MXRecord();
break;
case DnsStandard.RecordType.PTR:
record = new PtrRecord();
break;
case DnsStandard.RecordType.CERT:
record = new CertRecord();
break;
case DnsStandard.RecordType.SRV:
record = new SRVRecord();
break;
}
return record;
}
/// <summary>
/// Creates a connection to an LDAP server based on the DNS SRV resolution of the lookup name.
/// </summary>
/// <param name="srvRecord">Resolver <see cref="SRVRecord"/></param>
/// <returns>An <see cref="LdapConnection"/> to the server that will be searched for certificates.</returns>
protected LdapConnection GetLdapConnection(SRVRecord srvRecord)
{
LdapConnection retVal;
var ldapIdentifier = new LdapDirectoryIdentifier(srvRecord.Target, srvRecord.Port);
try
{
retVal = new LdapConnection(ldapIdentifier);
retVal.AuthType = AuthType.Anonymous; // use anonymous bind
retVal.SessionOptions.ProtocolVersion = LdapProtoVersion;
if (Timeout.Ticks > 0)
{
retVal.Timeout = Timeout;
}
retVal.Bind();
}
catch (Exception ex)
{
// didn't connenct.... go onto the next record
this.Error.NotifyEvent(this, new LdapCertResolverException(LDAPError.BindFailure, srvRecord.ToString(), ex));
retVal = null;
}
return retVal;
}
/// <summary>
/// Resolves X509 certificates for a specific subject. May either be an address or a domain name.
/// </summary>
/// <param name="srvRecord">Resolve <see cref="SRVRecord"/> to resolve. </param>
/// /// <param name="subjectName">The <see cref="String"/> subject to resolve. </param>
/// <returns>An <see cref="X509Certificate2Collection"/> of X509 certifiates for the address,
/// or <c>null</c> if no certificates are found.</returns>
X509Certificate2Collection GetCertificatesBySubect(SRVRecord srvRecord, string subjectName)
{
var retVal = new X509Certificate2Collection();
// get the LDAP connection from the SRV records
using (var connection = GetLdapConnection(srvRecord))
{
if (connection != null)
{
// gate the base naming contexts
var distNames = GetBaseNamingContext(connection);
foreach (var dn in distNames)
{
// search each base context
var request = Search.MimeCertRequest(dn, subjectName);
try
{
SetCerts(connection, request, retVal);
}
catch (LdapCertResolverException ldapEx)
{
this.Error.NotifyEvent(this, new LdapCertResolverException(ldapEx.Error, subjectName + srvRecord, ldapEx.InnerException));
}
catch (Exception ex)
{
this.Error.NotifyEvent(this, ex);
}
}
}
}
return retVal;
}
private void SetCerts(SearchResultEntry entry, X509Certificate2Collection retVal, SRVRecord srvRecord, string subjectName)
{
if (entry.Attributes.Values == null || entry.Attributes.Count <= 0)
{
StringBuilder sb = new StringBuilder();
sb.Append(subjectName).Append(" SRV:").Append(srvRecord).Append(" LDAP:").Append(entry.DistinguishedName);
Error.NotifyEvent(this, new LdapCertResolverException(LDAPError.NoUserCertificateAttribute, sb.ToString()));
return;
}
foreach (DirectoryAttribute entryAttr in entry.Attributes.Values)
{
if (entryAttr.Count > 0)
{
// search could possibly return more than one entry and each entry may contain
// more that one certificates
foreach (object t in entryAttr)
{
try
{
var cert = new X509Certificate2((byte[])t);
retVal.Add(cert);
}
catch (Exception ex)
{
Error.NotifyEvent(this, ex);
}
}
}
}
}
private void SetCerts(LdapConnection connection, SearchRequest request, X509Certificate2Collection retVal, SRVRecord srvRecord, string subjectName)
{
// send the LDAP request using the mail attribute as the search filter and return the userCertificate attribute
var response = (SearchResponse)connection.SendRequest(request);
if (response != null && response.Entries.Count > 0)
{
foreach (SearchResultEntry entry in response.Entries)
{
SetCerts(entry, retVal, srvRecord, subjectName);
}
}
}
private void SetCerts(SRVRecord srvRecord, LdapConnection connection, List<string> distNames, string subject, X509Certificate2Collection retVal)
{
foreach (var dn in distNames)
{
// search each base context
try
{
var request = Search.MimeCertRequest(dn, subject);
SetCerts(connection, request, retVal, srvRecord, subject);
}
catch (Exception ex)
{
Error.NotifyEvent(this, ex);
}
}
}
/// <summary>
/// Resolves X509 certificates for a specific subject. By domain name.
/// </summary>
/// <param name="connection">Active LDAP connection</param>
/// <param name="srvRecord">Resolve <see cref="SRVRecord"/> to resolve. </param>
/// /// <param name="domain">The <see cref="String"/> domain to resolve. </param>
/// <returns>An <see cref="X509Certificate2Collection"/> of X509 certifiates for the address,
/// or <c>null</c> if no certificates are found.</returns>
X509Certificate2Collection GetCertificatesByDomain(LdapConnection connection, SRVRecord srvRecord, string domain)
{
var retVal = new X509Certificate2Collection();
// gate the base naming contexts
var distNames = GetBaseNamingContext(connection);
SetCerts(srvRecord, connection, distNames, domain, retVal);
return retVal;
}
/// <summary>
/// Resolves X509 certificates for a specific subject. Will search address and then domain.
/// </summary>
/// <param name="connection">Active LDAP connection</param>
/// <param name="srvRecord">Resolve <see cref="SRVRecord"/> to resolve. </param>
/// /// <param name="address">The <see cref="String"/> address to resolve. </param>
/// <returns>An <see cref="X509Certificate2Collection"/> of X509 certifiates for the address,
/// or <c>null</c> if no certificates are found.</returns>
X509Certificate2Collection GetCertificatesBySubect(LdapConnection connection, SRVRecord srvRecord, MailAddress address)
{
var retVal = new X509Certificate2Collection();
// gate the base naming contexts
var distNames = GetBaseNamingContext(connection);
SetCerts(srvRecord, connection, distNames, address.Address, retVal);
if(retVal.Count == 0)
{
SetCerts(srvRecord, connection, distNames, address.Host, retVal);
}
return retVal;
}
