/// <summary> /// Revokes a given list of certificates. /// Note: Certificates are revoked in pairs, so if only an encryption certificate is specified its corrosponding signing certificate will also be revoked /// </summary> /// <param name="keyTypeToRevoke"></param> /// <param name="serialNumbers"></param> /// <param name="reason"></param> /// <returns></returns> public WrappedResponse <RevokeCertificateOutType> RevokeCertificates(KeyGeneratorTypeType keyTypeToRevoke, string[] serialNumbers, CRLReasonType?reason = null) { EnsureSigningStrategyIsSet(); var req = new RevokeCertificateInType() { RequestHeader = CreateHeader(), RevokeCertificateRequest = new RevokeCertificateRequest() { KeyGeneratorType = keyTypeToRevoke, CRLReasonSpecified = reason != null, Items = serialNumbers } }; req.RevokeCertificateRequest.RequestId = req.RequestHeader.RequestId; req.RevokeCertificateRequest.CustomerId = req.RequestHeader.CustomerId; req.RevokeCertificateRequest.CustomerId = req.RequestHeader.CustomerId; req.RevokeCertificateRequest.Environment = req.RequestHeader.Environment; req.RevokeCertificateRequest.EnvironmentSpecified = req.RequestHeader.EnvironmentSpecified; try { var res = _proxy.RevokeCertificate(req); return(new WrappedResponse <RevokeCertificateOutType>(res)); } catch (PKIFactoryFaultException ex) { return(new WrappedResponse <RevokeCertificateOutType>(ex.Details)); } }
/// <summary> /// Retrives a list of all certificates which the bank will accept on behalf of the client. /// This also includes both expired and revoked certificates. /// </summary> /// <param name="generatorType">Generation source we want to get certificates for</param> /// <returns></returns> public WrappedResponse <GetOwnCertificateListOutType> GetClientCertificateList(KeyGeneratorTypeType generatorType) { EnsureSigningStrategyIsSet(); var req = new GetOwnCertificateListInType() { RequestHeader = CreateHeader(), GetOwnCertificateListRequest = new GetOwnCertificateListRequest() { KeyGeneratorType = generatorType } }; req.GetOwnCertificateListRequest.RequestId = req.RequestHeader.RequestId; req.GetOwnCertificateListRequest.CustomerId = req.RequestHeader.CustomerId; req.GetOwnCertificateListRequest.Timestamp = req.RequestHeader.Timestamp; try { var res = _proxy.GetOwnCertificateList(req); return(new WrappedResponse <GetOwnCertificateListOutType>(res)); } catch (PKIFactoryFaultException ex) { return(new WrappedResponse <GetOwnCertificateListOutType>(ex.Details)); } }
/// <summary> /// Queries the bank to determine the status of the given certificate serial numbers /// </summary> /// <param name="serialNumbers">Serial numbers in decimal notation</param> /// <param name="generatorType">Only match certificates with this key generation type</param> /// <returns></returns> public WrappedResponse <CertificateStatusOutType> CertificateStatus(string[] serialNumbers, KeyGeneratorTypeType generatorType) { EnsureSigningStrategyIsSet(); var req = new CertificateStatusInType() { RequestHeader = CreateHeader(), CertificateStatusRequest = new CertificateStatusRequest() { CertificateSerialNo = serialNumbers, KeyGeneratorType = generatorType } }; req.CertificateStatusRequest.RequestId = req.RequestHeader.RequestId; req.CertificateStatusRequest.CustomerId = req.RequestHeader.CustomerId; req.CertificateStatusRequest.CustomerId = req.RequestHeader.CustomerId; try { var res = _proxy.CertificateStatus(req); return(new WrappedResponse <CertificateStatusOutType>(res)); } catch (PKIFactoryFaultException ex) { return(new WrappedResponse <CertificateStatusOutType>(ex.Details)); } }
/// <summary> /// Requests renewal of previously signed certificates /// </summary> /// <param name="signingCert">Signing certificate to be renewed</param> /// <param name="cryptoCert">Encryption certificate to be renewed</param> /// <param name="generatorType">Source of the certificates</param> /// <returns></returns> public WrappedResponse <RenewCertificateOutType> RenewCertificate(X509Certificate2 signingCert, X509Certificate2 cryptoCert, KeyGeneratorTypeType generatorType) { EnsureSigningStrategyIsSet(); if (_bankEncryptionCertificate == null) { throw new InvalidOperationException("Cannot request renewal of client certificates. The bank encryption certificate must be set."); } // Create certificate signing requests for the certificates var csrSign = CreateCSR(signingCert); var csrCrypt = CreateCSR(cryptoCert); RenewCertificateInType req = new RenewCertificateInType() { RequestHeader = CreateHeader(), RenewCertificateRequest = new RenewCertificateRequest() { CustomerId = _customerId, KeyGeneratorType = generatorType, EncryptionCertPKCS10 = csrCrypt.GetDerEncoded(), SigningCertPKCS10 = csrSign.GetDerEncoded() } }; // Duplicate header values req.RenewCertificateRequest.RequestId = req.RequestHeader.RequestId; req.RenewCertificateRequest.Timestamp = req.RequestHeader.Timestamp; req.RenewCertificateRequest.CustomerId = req.RequestHeader.CustomerId; req.RenewCertificateRequest.Environment = req.RequestHeader.Environment; req.RenewCertificateRequest.EnvironmentSpecified = req.RequestHeader.EnvironmentSpecified; try { var res = _proxy.RenewCertificate(req); return(new WrappedResponse <RenewCertificateOutType>(res)); } catch (PKIFactoryFaultException ex) { return(new WrappedResponse <RenewCertificateOutType>(ex.Details)); } }