/// <summary>
/// Constructor.
/// </summary>
/// <param name="validateValue">The validation value.</param>
/// <param name="x509CertificateLevel">The validation level</param>
public ServiceX509CertificateValidationSelector(Object validateValue,
Nequeo.Security.X509CertificateLevel x509CertificateLevel)
{
// Get the validate value.
if (validateValue == null)
{
throw new ArgumentNullException("validateValue");
}
_validateValue = validateValue;
_x509CertificateLevel = x509CertificateLevel;
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="validateValue">The validation value to match.</param>
/// <param name="validationLevel">The validation enum to match with.</param>
public ServiceX509CertificateValidator(object validateValue,
Nequeo.Security.X509CertificateLevel validationLevel)
{
// Get the validate value.
if (validateValue == null)
{
throw new ArgumentNullException("Validate value has no reference.",
new Exception("A validate value was not supplied."));
}
// Assign the validation level
// and the validate value.
_validationLevel = validationLevel;
_validateValue = validateValue;
}
/// <summary>
/// Validate the certificate.
/// </summary>
/// <param name="certificate">The current service certificate.</param>
/// <param name="validateValue">The validation value to match.</param>
/// <param name="validationLevel">The validation enum to match with.</param>
private void ValidateCertificate(X509Certificate2 certificate, object validateValue,
Nequeo.Security.X509CertificateLevel validationLevel)
{
switch (validationLevel)
{
case Nequeo.Security.X509CertificateLevel.None:
// No validation is done all certificates are passed.
break;
case Nequeo.Security.X509CertificateLevel.IssuerName:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.IssuerName.Name)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.Issuer:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.Issuer)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.SubjectName:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.SubjectName.Name)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.Subject:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.Subject)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.Thumbprint:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.Thumbprint)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.FriendlyName:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.FriendlyName)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.NotAfter:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((DateTime)validateValue != certificate.NotAfter)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.NotBefore:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((DateTime)validateValue != certificate.NotBefore)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
case Nequeo.Security.X509CertificateLevel.SerialNumber:
// Only a valid certificate is passed.
// Check that the certificate issuer matches the configured issuer.
if ((string)validateValue != certificate.SerialNumber)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer.");
}
break;
}
}
