/// <summary>
/// Revokes a given list of certificates.
/// Note: Certificates are revoked in pairs, so if only an encryption certificate is specified its corrosponding signing certificate will also be revoked
/// </summary>
/// <param name="keyTypeToRevoke"></param>
/// <param name="serialNumbers"></param>
/// <param name="reason"></param>
/// <returns></returns>
public WrappedResponse <RevokeCertificateOutType> RevokeCertificates(KeyGeneratorTypeType keyTypeToRevoke, string[] serialNumbers, CRLReasonType?reason = null)
{
EnsureSigningStrategyIsSet();
var req = new RevokeCertificateInType()
{
RequestHeader = CreateHeader(),
RevokeCertificateRequest = new RevokeCertificateRequest()
{
KeyGeneratorType = keyTypeToRevoke,
CRLReasonSpecified = reason != null,
Items = serialNumbers
}
};
req.RevokeCertificateRequest.RequestId = req.RequestHeader.RequestId;
req.RevokeCertificateRequest.CustomerId = req.RequestHeader.CustomerId;
req.RevokeCertificateRequest.CustomerId = req.RequestHeader.CustomerId;
req.RevokeCertificateRequest.Environment = req.RequestHeader.Environment;
req.RevokeCertificateRequest.EnvironmentSpecified = req.RequestHeader.EnvironmentSpecified;
try
{
var res = _proxy.RevokeCertificate(req);
return(new WrappedResponse <RevokeCertificateOutType>(res));
}
catch (PKIFactoryFaultException ex)
{
return(new WrappedResponse <RevokeCertificateOutType>(ex.Details));
}
}
/// <summary>
/// Retrives a list of all certificates which the bank will accept on behalf of the client.
/// This also includes both expired and revoked certificates.
/// </summary>
/// <param name="generatorType">Generation source we want to get certificates for</param>
/// <returns></returns>
public WrappedResponse <GetOwnCertificateListOutType> GetClientCertificateList(KeyGeneratorTypeType generatorType)
{
EnsureSigningStrategyIsSet();
var req = new GetOwnCertificateListInType()
{
RequestHeader = CreateHeader(),
GetOwnCertificateListRequest = new GetOwnCertificateListRequest()
{
KeyGeneratorType = generatorType
}
};
req.GetOwnCertificateListRequest.RequestId = req.RequestHeader.RequestId;
req.GetOwnCertificateListRequest.CustomerId = req.RequestHeader.CustomerId;
req.GetOwnCertificateListRequest.Timestamp = req.RequestHeader.Timestamp;
try
{
var res = _proxy.GetOwnCertificateList(req);
return(new WrappedResponse <GetOwnCertificateListOutType>(res));
}
catch (PKIFactoryFaultException ex)
{
return(new WrappedResponse <GetOwnCertificateListOutType>(ex.Details));
}
}
/// <summary>
/// Queries the bank to determine the status of the given certificate serial numbers
/// </summary>
/// <param name="serialNumbers">Serial numbers in decimal notation</param>
/// <param name="generatorType">Only match certificates with this key generation type</param>
/// <returns></returns>
public WrappedResponse <CertificateStatusOutType> CertificateStatus(string[] serialNumbers, KeyGeneratorTypeType generatorType)
{
EnsureSigningStrategyIsSet();
var req = new CertificateStatusInType()
{
RequestHeader = CreateHeader(),
CertificateStatusRequest = new CertificateStatusRequest()
{
CertificateSerialNo = serialNumbers,
KeyGeneratorType = generatorType
}
};
req.CertificateStatusRequest.RequestId = req.RequestHeader.RequestId;
req.CertificateStatusRequest.CustomerId = req.RequestHeader.CustomerId;
req.CertificateStatusRequest.CustomerId = req.RequestHeader.CustomerId;
try
{
var res = _proxy.CertificateStatus(req);
return(new WrappedResponse <CertificateStatusOutType>(res));
}
catch (PKIFactoryFaultException ex)
{
return(new WrappedResponse <CertificateStatusOutType>(ex.Details));
}
}
/// <summary>
/// Requests renewal of previously signed certificates
/// </summary>
/// <param name="signingCert">Signing certificate to be renewed</param>
/// <param name="cryptoCert">Encryption certificate to be renewed</param>
/// <param name="generatorType">Source of the certificates</param>
/// <returns></returns>
public WrappedResponse <RenewCertificateOutType> RenewCertificate(X509Certificate2 signingCert, X509Certificate2 cryptoCert, KeyGeneratorTypeType generatorType)
{
EnsureSigningStrategyIsSet();
if (_bankEncryptionCertificate == null)
{
throw new InvalidOperationException("Cannot request renewal of client certificates. The bank encryption certificate must be set.");
}
// Create certificate signing requests for the certificates
var csrSign = CreateCSR(signingCert);
var csrCrypt = CreateCSR(cryptoCert);
RenewCertificateInType req = new RenewCertificateInType()
{
RequestHeader = CreateHeader(),
RenewCertificateRequest = new RenewCertificateRequest()
{
CustomerId = _customerId,
KeyGeneratorType = generatorType,
EncryptionCertPKCS10 = csrCrypt.GetDerEncoded(),
SigningCertPKCS10 = csrSign.GetDerEncoded()
}
};
// Duplicate header values
req.RenewCertificateRequest.RequestId = req.RequestHeader.RequestId;
req.RenewCertificateRequest.Timestamp = req.RequestHeader.Timestamp;
req.RenewCertificateRequest.CustomerId = req.RequestHeader.CustomerId;
req.RenewCertificateRequest.Environment = req.RequestHeader.Environment;
req.RenewCertificateRequest.EnvironmentSpecified = req.RequestHeader.EnvironmentSpecified;
try
{
var res = _proxy.RenewCertificate(req);
return(new WrappedResponse <RenewCertificateOutType>(res));
}
catch (PKIFactoryFaultException ex)
{
return(new WrappedResponse <RenewCertificateOutType>(ex.Details));
}
}
