void Validate(ICertificateResolver resolver, string ip, int timeout)
{
Assert.True(resolver is DnsCertResolver);
DnsCertResolver dnsResolver = resolver as DnsCertResolver;
Assert.True(dnsResolver.Server.ToString() == ip);
Assert.True(dnsResolver.Timeout.TotalMilliseconds == timeout);
}
public TrustChainTests()
{
m_store = TestCertificates.ChainCertsStore.Clone();
m_resolver = m_store.CreateResolver();
m_validator = this.CreateValidator();
//
// Find the endcert and the root cert
// We'll trust the root cert, but the intermediaries are not trusted
//
m_endCerts = m_resolver.GetCertificates(new MailAddress("*****@*****.**"));
m_trustedAnchors = m_resolver.GetCertificatesForDomain("root.xyz");
}
/// <summary>
/// Initializes an instance with separate resolvers for incoming and outgoing messages.
/// </summary>
/// <param name="outgoingAnchors">The resolver to use for resolving trust anchors for outgoing messages</param>
/// <param name="incomingAnchors">The resolver to use for resolving trust anchors for incoming messages</param>
public TrustAnchorResolver(ICertificateResolver outgoingAnchors, ICertificateResolver incomingAnchors)
{
if (outgoingAnchors == null)
{
throw new ArgumentNullException("outgoingAnchors");
}
if (incomingAnchors == null)
{
throw new ArgumentNullException("incomingAnchors");
}
m_outgoingAnchors = outgoingAnchors;
m_incomingAnchors = incomingAnchors;
}
/// <summary>
/// Creates a <see cref="CertificateXmlEncryptor"/> given a certificate's thumbprint, an
/// <see cref="ICertificateResolver"/> that can be used to resolve the certificate, and
/// an <see cref="IServiceProvider"/>.
/// </summary>
/// <param name="thumbprint">The thumbprint (as a hex string) of the certificate with which to
/// encrypt the key material. The certificate must be locatable by <paramref name="certificateResolver"/>.</param>
/// <param name="certificateResolver">A resolver which can locate <see cref="X509Certificate2"/> objects.</param>
/// <param name="services">An optional <see cref="IServiceProvider"/> to provide ancillary services.</param>
public CertificateXmlEncryptor(string thumbprint, ICertificateResolver certificateResolver, IServiceProvider services)
: this(services)
{
if (thumbprint == null)
{
throw new ArgumentNullException(nameof(thumbprint));
}
if (certificateResolver == null)
{
throw new ArgumentNullException(nameof(certificateResolver));
}
_certFactory = CreateCertFactory(thumbprint, certificateResolver);
}
/// <summary>
/// Creates a agent from settings.
/// </summary>
/// <returns>The configured agent instance.</returns>
public DirectAgent CreateAgent()
{
this.Validate();
ICertificateResolver privateCerts = this.PrivateCerts.CreateResolver();
ICertificateResolver publicCerts = this.PublicCerts.CreateResolver();
ITrustAnchorResolver trustAnchors = this.Anchors.Resolver.CreateResolver();
ICertPolicyResolvers certPolicyResolvers = GetPolicyResolvers();
IPolicyFilter policyFilter = PolicyFilter.Default;
TrustModel trustModel = (this.Trust != null) ? this.Trust.CreateTrustModel(certPolicyResolvers.TrustResolver, policyFilter) : TrustModel.Default;
SMIMECryptographer cryptographer = this.Cryptographer.Create();
IDomainResolver domainResolver = this.CreateResolver();
DirectAgent agent = new DirectAgent(domainResolver, privateCerts, publicCerts, trustAnchors, trustModel, cryptographer, certPolicyResolvers, policyFilter);
agent.AllowNonWrappedIncoming = m_allowNonWrappedIncoming;
agent.WrapMessages = m_wrapOutgoing;
return(agent);
}
public void CreateResolverTest()
{
DnsCertResolverSettings settings = new DnsCertResolverSettings()
{
ServerIP = "1.2.3.4",
TimeoutMilliseconds = 7000
};
ICertificateResolver resolver = settings.CreateResolver();
Validate(resolver, settings.ServerIP, settings.TimeoutMilliseconds);
Assert.True(resolver is DnsCertResolver);
settings.BackupServerIP = "3.4.5.6";
resolver = settings.CreateResolver();
Assert.True(resolver is CertificateResolverCollection);
CertificateResolverCollection resolvers = resolver as CertificateResolverCollection;
Assert.True(resolvers.Count == 2);
Validate(resolvers[0], settings.ServerIP, settings.TimeoutMilliseconds);
Validate(resolvers[1], settings.BackupServerIP, settings.TimeoutMilliseconds);
}
private Func <X509Certificate2> CreateCertFactory(string thumbprint, ICertificateResolver resolver)
{
return(() =>
{
try
{
var cert = resolver.ResolveCertificate(thumbprint);
if (cert == null)
{
throw Error.CertificateXmlEncryptor_CertificateNotFound(thumbprint);
}
return cert;
}
catch (Exception ex)
{
if (_logger.IsErrorLevelEnabled())
{
_logger.LogErrorF(ex, $"An exception occurred while trying to resolve certificate with thumbprint '{thumbprint}'.");
}
throw;
}
});
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
/// <param name="trustModel">
/// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model.
/// </param>
/// <param name="cryptographer">
/// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model.
/// </param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer)
{
m_managedDomains = new AgentDomains(domainResolver);
if (privateCerts == null)
{
throw new ArgumentNullException("privateCerts");
}
if (publicCerts == null)
{
throw new ArgumentNullException("publicCerts");
}
if (anchors == null)
{
throw new ArgumentNullException("anchors");
}
if (trustModel == null)
{
throw new ArgumentNullException("trustModel");
}
if (cryptographer == null)
{
throw new ArgumentNullException("cryptographer");
}
m_privateCertResolver = privateCerts;
m_publicCertResolver = publicCerts;
m_cryptographer = cryptographer;
m_trustAnchors = anchors;
m_trustModel = trustModel;
if (!m_trustModel.CertChainValidator.HasCertificateResolver)
{
m_trustModel.CertChainValidator.IssuerResolver = m_publicCertResolver;
}
m_minTrustRequirement = TrustEnforcementStatus.Success;
}
public void Test515(string subject)
{
AgentSettings settings = AgentSettings.Load(TestXml);
DirectAgent agent = settings.CreateAgent();
ICertificateResolver pluginResolver = agent.PublicCertResolver;
Assert.NotNull(pluginResolver);
var dnsCertResolver = LocateChild <DnsCertResolverProxy>(pluginResolver);
var diagnosticsForDnsCertResolver = new FakeDiagnostics(typeof(DnsCertResolver));
dnsCertResolver.Error += diagnosticsForDnsCertResolver.OnResolverError;
var ldapCertResolver = LocateChild <LdapCertResolverProxy>(pluginResolver);
var diagnosticsForLdapCertResolver = new FakeDiagnostics(typeof(LdapCertResolver));
ldapCertResolver.Error += diagnosticsForLdapCertResolver.OnResolverError;
var email = new MailAddress(subject);
X509Certificate2Collection certs = pluginResolver.GetCertificates(email);
Assert.NotNull(certs);
Assert.True(certs.Count == 1);
Assert.Equal(2, diagnosticsForDnsCertResolver.ActualErrorMessages.Count);
Assert.Equal("Chain Element has problem [email protected];NotTimeValid", diagnosticsForDnsCertResolver.ActualErrorMessages[0]);
Assert.Equal("Chain Element has problem direct2.direct-test.com;NotTimeValid", diagnosticsForDnsCertResolver.ActualErrorMessages[1]);
Assert.Equal(1, diagnosticsForLdapCertResolver.ActualErrorMessages.Count);
Assert.Equal("Chain Element has problem [email protected];NotTimeValid", diagnosticsForLdapCertResolver.ActualErrorMessages[0]);
Assert.Equal("direct2.direct-test.com", certs[0].ExtractEmailNameOrName());
AssertCert(certs[0], true);
}
public virtual async Task <ICertificate> ResolveAsync(ICertificateResolver certificateResolver)
{
return(await(certificateResolver ?? throw new ArgumentNullException(nameof(certificateResolver))).ResolveAsync(this).ConfigureAwait(false));
}
/// <summary>
/// Initializes an instance with a resolver for all messages.
/// </summary>
/// <param name="anchors">The resolver providing the anchor certificates.</param>
public TrustAnchorResolver(ICertificateResolver anchors)
: this(anchors, anchors)
{
}
public static ExtendedAuthenticationBuilder AddAuthentication(this IServiceCollection services, ICertificateResolver certificateResolver, IConfiguration configuration, IInstanceFactory instanceFactory, Action <AuthenticationOptions> postConfigureOptions)
{
return(services.AddAuthentication(certificateResolver, configuration, ConfigurationKeys.AuthenticationPath, instanceFactory, postConfigureOptions));
}
public void OnResolverError(ICertificateResolver resolver, Exception error)
{
Assert.Equal(m_resolverType.Name, resolver.GetType().Name);
_actualErrorMessages.Add(error.Message);
//Logger.Error("RESOLVER ERROR {0}, {1}", resolver.GetType().Name, error.Message);
}
internal void OnResolverError(ICertificateResolver resolver, Exception error)
{
Logger.Error("RESOLVER ERROR {0}, {1}", resolver.GetType().Name, error.Message);
}
public PostConfigureCertificateValidatorOptions(ICertificateResolver certificateResolver)
{
this.CertificateResolver = certificateResolver ?? throw new ArgumentNullException(nameof(certificateResolver));
}
public CertificateResolverTests()
{
m_resolver = TestCertificates.PublicCertsStore.CreateResolver();
}
internal void OnResolverError(ICertificateResolver resolver, Exception error)
{
Logger.Error("RESOLVER ERROR {0}, {1}", resolver.GetType().Name, error.Message);
}
public CertificateResolverTests()
{
m_resolver = TestCertificates.PublicCertsStore.CreateResolver();
}
void TryResolveCerts(ICertificateResolver resolver, MailAddress address, List<Exception> thrownErrors)
{
try
{
resolver.GetCertificates(address);
}
catch (Exception ex)
{
thrownErrors.Add(ex);
}
try
{
resolver.GetCertificatesForDomain(address.Host);
}
catch (Exception ex)
{
thrownErrors.Add(ex);
}
}
void resolver_Error(ICertificateResolver arg1, Exception arg2)
{
Console.WriteLine(arg2.Message);
}
public static IDataProtectionBuilder AddDataProtection(this IServiceCollection services, ICertificateResolver certificateResolver, IConfiguration configuration, string configurationKey, IHostEnvironment hostEnvironment, IInstanceFactory instanceFactory)
{
return(services.AddDataProtection(certificateResolver, configuration, configurationKey, hostEnvironment, instanceFactory, _ => { }));
}
private Func<X509Certificate2> CreateCertFactory(string thumbprint, ICertificateResolver resolver)
{
return () =>
{
try
{
var cert = resolver.ResolveCertificate(thumbprint);
if (cert == null)
{
throw Error.CertificateXmlEncryptor_CertificateNotFound(thumbprint);
}
return cert;
}
catch (Exception ex)
{
_logger?.ExceptionWhileTryingToResolveCertificateWithThumbprint(thumbprint, ex);
throw;
}
};
}
public X509CertificateCheck(ISystemClock clock, ICertificateResolver certificateResolver)
{
_clock = clock;
_certificateResolver = certificateResolver;
}
public static IDataProtectionBuilder AddDataProtection(this IServiceCollection services, ICertificateResolver certificateResolver, IConfiguration configuration, string configurationKey, IHostEnvironment hostEnvironment, IInstanceFactory instanceFactory, Action <DataProtectionOptions> postConfigureOptions)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
if (postConfigureOptions == null)
{
throw new ArgumentNullException(nameof(postConfigureOptions));
}
var dataProtectionBuilder = new DataProtectionBuilder(certificateResolver, configuration, hostEnvironment, instanceFactory, services)
{
ConfigurationKey = configurationKey
};
dataProtectionBuilder.Configure();
services.PostConfigure(postConfigureOptions);
return(dataProtectionBuilder);
}
/// <summary>
/// Creates a <see cref="CertificateXmlEncryptor"/> given a certificate's thumbprint and an
/// <see cref="ICertificateResolver"/> that can be used to resolve the certificate.
/// </summary>
/// <param name="thumbprint">The thumbprint (as a hex string) of the certificate with which to
/// encrypt the key material. The certificate must be locatable by <paramref name="certificateResolver"/>.</param>
/// <param name="certificateResolver">A resolver which can locate <see cref="X509Certificate2"/> objects.</param>
public CertificateXmlEncryptor(string thumbprint, ICertificateResolver certificateResolver)
: this(thumbprint, certificateResolver, services : null)
{
}
/// <summary>
/// Creates a <see cref="CertificateXmlEncryptor"/> given a certificate's thumbprint and an
/// <see cref="ICertificateResolver"/> that can be used to resolve the certificate.
/// </summary>
/// <param name="thumbprint">The thumbprint (as a hex string) of the certificate with which to
/// encrypt the key material. The certificate must be locatable by <paramref name="certificateResolver"/>.</param>
/// <param name="certificateResolver">A resolver which can locate <see cref="X509Certificate2"/> objects.</param>
public CertificateXmlEncryptor(string thumbprint, ICertificateResolver certificateResolver)
: this(thumbprint, certificateResolver, services: null)
{
}
void SubscribeToResolverEvents(ICertificateResolver resolver)
{
CertificateResolverCollection resolvers = resolver as CertificateResolverCollection;
if (resolvers != null)
{
resolvers.Error += m_diagnostics.OnResolverError;
foreach (var resover in resolvers)
{
resover.Error += m_diagnostics.OnResolverError;
}
}
}
/// <summary>
/// Plugin Resolver factory method.
/// Set injected settings and load actual resolver.
/// </summary>
/// <param name="pluginDef"></param>
public void Init(PluginDefinition pluginDef)
{
var settings = pluginDef.DeserializeSettings<DnsCertResolverSettings>();
m_innerResolver = settings.CreateResolver();
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// and defaulting to the standard trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
/// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param>
/// <param name="polciyFilter"></param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors
, ICertPolicyResolvers certPolicyResolvers, IPolicyFilter polciyFilter)
: this(domainResolver, privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default, certPolicyResolvers, polciyFilter)
{
}
/// <summary>
/// Initializes an instance with a resolver for all messages.
/// </summary>
/// <param name="anchors">The resolver providing the anchor certificates.</param>
public TrustAnchorResolver(ICertificateResolver anchors)
: this(anchors, anchors)
{
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
/// <param name="trustModel">
/// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model.
/// </param>
/// <param name="cryptographer">
/// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model.
/// </param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer)
: this(domainResolver, privateCerts, publicCerts, anchors, trustModel, cryptographer, CertPolicyResolvers.Default, null)
{
}
public static ExtendedAuthenticationBuilder AddAuthentication(this IServiceCollection services, ICertificateResolver certificateResolver, IConfiguration configuration, string configurationKey, IInstanceFactory instanceFactory)
{
return(services.AddAuthentication(certificateResolver, configuration, configurationKey, instanceFactory, _ => { }));
}
public SiteManager(IPathResolver pathResolver, ISettingsResolver settingsResolver, ICertificateResolver certificateResolver)
: this(pathResolver, traceFailedRequests : false, logPath : null, settingsResolver : settingsResolver, certificateResolver : certificateResolver)
{
}
public static ExtendedAuthenticationBuilder AddAuthentication(this IServiceCollection services, ICertificateResolver certificateResolver, IConfiguration configuration, string configurationKey, IInstanceFactory instanceFactory, Action <AuthenticationOptions> postConfigureOptions)
{
if (services == null)
{
throw new ArgumentNullException(nameof(services));
}
if (certificateResolver == null)
{
throw new ArgumentNullException(nameof(certificateResolver));
}
if (configuration == null)
{
throw new ArgumentNullException(nameof(configuration));
}
if (configurationKey == null)
{
throw new ArgumentNullException(nameof(configurationKey));
}
if (instanceFactory == null)
{
throw new ArgumentNullException(nameof(instanceFactory));
}
if (postConfigureOptions == null)
{
throw new ArgumentNullException(nameof(postConfigureOptions));
}
services.AddAuthentication(options => { configuration.GetSection(configurationKey)?.Bind(options); });
var authenticationBuilder = new ExtendedAuthenticationBuilder(services)
{
CertificateResolver = certificateResolver,
Configuration = configuration,
ConfigurationKey = configurationKey,
InstanceFactory = instanceFactory,
}.Configure();
services.PostConfigure(postConfigureOptions);
return(authenticationBuilder);
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// and defaulting to the standard trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
/// <param name="certPolicyResolvers">Certificate <see cref="ICertPolicyResolvers">policy container</see></param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors
, ICertPolicyResolvers certPolicyResolvers, IPolicyFilter polciyFilter)
: this(domainResolver, privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default, certPolicyResolvers, polciyFilter)
{
}
private Func<X509Certificate2> CreateCertFactory(string thumbprint, ICertificateResolver resolver)
{
return () =>
{
try
{
var cert = resolver.ResolveCertificate(thumbprint);
if (cert == null)
{
throw Error.CertificateXmlEncryptor_CertificateNotFound(thumbprint);
}
return cert;
}
catch (Exception ex)
{
if (_logger.IsErrorLevelEnabled())
{
_logger.LogErrorF(ex, $"An exception occurred while trying to resolve certificate with thumbprint '{thumbprint}'.");
}
throw;
}
};
}
public BadCertResolver(ICertificateResolver a, ICertificateResolver b, bool includeGood)
{
m_a = a;
m_b = b;
m_includeGood = includeGood;
}
/// <summary>
/// Used by Resolvers to fire events
/// </summary>
/// <param name="handler">Event handler to fire, if any subscribers</param>
/// <param name="resolver">resolver for which this is an event handler</param>
/// <param name="ex">exception to notify</param>
public static void NotifyEvent(this Action <ICertificateResolver, Exception> handler, ICertificateResolver resolver, Exception ex)
{
if (handler != null)
{
try
{
handler(resolver, ex);
}
catch
{
}
}
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// and defaulting to the standard trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors)
: this(domainResolver, privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default, new NoopCertificateFilter())
{
}
/// <summary>
/// Used by Resolvers to fire events
/// </summary>
/// <param name="handler">Event handler to fire, if any subscribers</param>
/// <param name="resolver">resolver for which this is an event handler</param>
/// <param name="ex">exception to notify</param>
public static void NotifyEvent(this Action<ICertificateResolver, Exception> handler, ICertificateResolver resolver, Exception ex)
{
if (handler != null)
{
try
{
handler(resolver, ex);
}
catch
{
}
}
}
public static IDataProtectionBuilder AddDataProtection(this IServiceCollection services, ICertificateResolver certificateResolver, IConfiguration configuration, IHostEnvironment hostEnvironment, IInstanceFactory instanceFactory, Action <DataProtectionOptions> postConfigureOptions)
{
return(services.AddDataProtection(certificateResolver, configuration, ConfigurationKeys.DataProtectionPath, hostEnvironment, instanceFactory, postConfigureOptions));
}
public SiteManager(IPathResolver pathResolver, bool traceFailedRequests, string logPath, ISettingsResolver settingsResolver, ICertificateResolver certificateResolver)
{
_logPath = logPath;
_pathResolver = pathResolver;
_traceFailedRequests = traceFailedRequests;
_settingsResolver = settingsResolver;
_certificateResolver = certificateResolver;
}
void resolver_Error(ICertificateResolver arg1, Exception arg2)
{
Console.WriteLine(arg2.Message);
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
/// <param name="trustModel">
/// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model.
/// </param>
/// <param name="cryptographer">
/// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model.
/// </param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer)
: this(domainResolver, privateCerts, publicCerts, anchors, trustModel, cryptographer, CertPolicyResolvers.Default, null)
{
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// and defaulting to the standard trust and cryptography models.
/// </summary>
/// <param name="domain">
/// The local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
public DirectAgent(string domain, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors)
: this(new StaticDomainResolver(domain), privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default)
{
}
public void Init(PluginDefinition pluginDef)
{
MachineCertResolverSettings settings = pluginDef.DeserializeSettings <MachineCertResolverSettings>();
m_innerResolver = settings.CreateResolver();
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// and defaulting to the standard trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors)
: this(domainResolver, privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default)
{
}
public DirectAgent(string domain, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors, ICertificateFilter certificateFilter)
: this(new StaticDomainResolver(domain), privateCerts, publicCerts, anchors, TrustModel.Default, SMIMECryptographer.Default, certificateFilter)
{
}
/// <summary>
/// Creates a DirectAgent instance, specifying private, external and trust anchor certificate stores, and
/// trust and cryptography models.
/// </summary>
/// <param name="domainResolver">
/// An <see cref="IDomainResolver"/> instance providing array of local domain name managed by this agent.
/// </param>
/// <param name="privateCerts">
/// An <see cref="ICertificateResolver"/> instance providing private certificates
/// for senders of outgoing messages and receivers of incoming messages.
/// </param>
/// <param name="publicCerts">
/// An <see cref="ICertificateResolver"/> instance providing public certificates
/// for receivers of outgoing messages and senders of incoming messages.
/// </param>
/// <param name="anchors">
/// An <see cref="ITrustAnchorResolver"/> instance providing trust anchors.
/// </param>
/// <param name="trustModel">
/// An instance or subclass of <see cref="SMIMECryptographer"/> providing a custom trust model.
/// </param>
/// <param name="cryptographer">
/// An instance or subclass of <see cref="Health.Direct.Agent"/> providing a custom cryptography model.
/// </param>
public DirectAgent(IDomainResolver domainResolver, ICertificateResolver privateCerts, ICertificateResolver publicCerts, ITrustAnchorResolver anchors, TrustModel trustModel, SMIMECryptographer cryptographer)
{
m_managedDomains = new AgentDomains(domainResolver);
if (privateCerts == null)
{
throw new ArgumentNullException("privateCerts");
}
if (publicCerts == null)
{
throw new ArgumentNullException("publicCerts");
}
if (anchors == null)
{
throw new ArgumentNullException("anchors");
}
if (trustModel == null)
{
throw new ArgumentNullException("trustModel");
}
if (cryptographer == null)
{
throw new ArgumentNullException("cryptographer");
}
m_privateCertResolver = privateCerts;
m_publicCertResolver = publicCerts;
m_cryptographer = cryptographer;
m_trustAnchors = anchors;
m_trustModel = trustModel;
if (!m_trustModel.CertChainValidator.HasCertificateResolver)
{
m_trustModel.CertChainValidator.IssuerResolver = m_publicCertResolver;
}
m_minTrustRequirement = TrustEnforcementStatus.Success;
}
