コード例 #1
0
        /// <summary>
        /// Overrides the certificates given in app.config with the ones set programatically
        /// </summary>
        protected void OverrideConfig()
        {
            if (pListenerIdentity != null)
            {
                // Override certificate
                // TOOD: what is going on here? why only override the servicehost cridentials one time ?
                if (pListenerIdentity.ListenerCertificate != null && pServiceHost != null)
                {
                    pServiceHost.Credentials.ServiceCertificate.Certificate = pListenerIdentity.ListenerCertificate.Certificate;
                }
                else
                {
                    pListenerIdentity.ListenerCertificate = new OcesX509Certificate(pServiceHost.Credentials.ServiceCertificate.Certificate);
                }
            }
            else
            {
                CustomBinding           customBinding    = (CustomBinding)pServiceHost.Description.Endpoints[0].Binding;
                TransportBindingElement transportBinding = customBinding.Elements.Find <TransportBindingElement>();
                EmailTransport          emailTransport   = new EmailTransport(transportBinding);
                OcesX509Certificate     ocesCertificate  = new OcesX509Certificate(pServiceHost.Credentials.ServiceCertificate.Certificate);
                pListenerIdentity = new ListenerIdentity(emailTransport, ocesCertificate);
            }

            //Override transport binding
            pEmailBinding = GetEmailBinding();
            if (pListenerIdentity.Transport != null)
            {
                pEmailBinding.CopyElement((EmailBindingElement)pListenerIdentity.Transport.TransportBinding);
            }
            else
            {
                pListenerIdentity.Transport = new EmailTransport(pEmailBinding);
            }
        }
コード例 #2
0
        public void DocumentIdMustBeAddedAsCustomHeader()
        {
            var          documentId   = "678";
            OiosiMessage oiosiMessage = GetInvoiceOiosiMessage();

            // Call private method
            Type                raspRequestType        = typeof(RaspRequest);
            MethodInfo          addCustomHeadersMethod = raspRequestType.GetMethod("AddCustomHeaders", BindingFlags.NonPublic | BindingFlags.Instance);
            OcesX509Certificate client      = new OcesX509Certificate(new X509Certificate2(TestConstants.PATH_CERTIFICATE_EMPLOYEE, TestConstants.PASSWORD_CERTIFICATE_EMPLOYEE));
            OcesX509Certificate server      = new OcesX509Certificate(new X509Certificate2(TestConstants.PATH_CERTIFICATE_EMPLOYEE, TestConstants.PASSWORD_CERTIFICATE_EMPLOYEE));
            Credentials         c1          = new Credentials(client, server);
            RaspRequest         raspRequest = new RaspRequest(new Request(new Uri("http://test.dk"), c1));

            addCustomHeadersMethod.Invoke(raspRequest, new object[] { oiosiMessage, documentId });

            bool headerValueAdded = false;

            foreach (var messageHeader in oiosiMessage.MessageHeaders)
            {
                var headerValue = messageHeader.Value.ToString();
                if (headerValue.Contains(documentId))
                {
                    headerValueAdded = true;
                }
            }
            Assert.IsTrue(headerValueAdded, "DocumentId not found in header.");
        }
コード例 #3
0
 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="clientCertificate">the client certificate</param>
 /// <param name="serverCertificate">the server certificate</param>
 public Credentials(
     OcesX509Certificate clientCertificate,
     OcesX509Certificate serverCertificate
     )
 {
     _clientCertificate = clientCertificate;
     _serverCertificate = serverCertificate;
 }
コード例 #4
0
        protected OcesX509Certificate GetEndpointCertificateFromLdap(CertificateSubject certificateSubject)
        {
            LdapLookupFactory   ldapClientFactory       = new LdapLookupFactory();
            ICertificateLookup  ldapClient              = ldapClientFactory.CreateLdapLookupClient();
            X509Certificate2    endpointCertificate     = ldapClient.GetCertificate(certificateSubject);
            OcesX509Certificate endpointOcesCertificate = new OcesX509Certificate(endpointCertificate);

            return(endpointOcesCertificate);
        }
コード例 #5
0
        public void DeviceTypeTest()
        {
            //ConfigurationHandler.ConfigFilePath = "Resources/RaspConfigurationOcesX509.xml";
            string              deviceCertificatePath = TestConstants.PATH_CERTIFICATE_DEVICE;
            X509Certificate2    certificate           = new X509Certificate2(deviceCertificatePath, TestConstants.PASSWORD_CERTIFICATE_DEVICE);
            OcesX509Certificate ocesCertificate       = new OcesX509Certificate(certificate);

            Assert.AreEqual(OcesCertificateType.OcesFunction, ocesCertificate.OcesCertificateType);
            Assert.IsTrue(ocesCertificate.HasPrivateKey());
        }
コード例 #6
0
        public void EmployeeTypeTest()
        {
            //ConfigurationHandler.ConfigFilePath = "Resources/RaspConfigurationOcesX509.xml";
            string              employeeCertificatePath = TestConstants.PATH_CERTIFICATE_EMPLOYEE;
            X509Certificate2    certificate             = new X509Certificate2(employeeCertificatePath, TestConstants.PASSWORD_CERTIFICATE_EMPLOYEE);
            OcesX509Certificate ocesCertificate         = new OcesX509Certificate(certificate);

            Assert.AreEqual(OcesCertificateType.OcesEmployee, ocesCertificate.OcesCertificateType);
            Assert.IsTrue(ocesCertificate.HasPrivateKey());
        }
コード例 #7
0
        protected RaspRequest GetRaspRequest(OiosiMessage oiosiMessage)
        {
            DocumentTypeConfigSearcher documentTypeConfigSearcher = new DocumentTypeConfigSearcher();
            DocumentTypeConfig         documentTypeConfig         = documentTypeConfigSearcher.FindUniqueDocumentType(oiosiMessage.MessageXml);
            LookupParameters           messageParameters          = this.GetMessageParameters(oiosiMessage, documentTypeConfig);
            UddiLookupResponse         uddiResponse = this.PerformUddiLookup(messageParameters);
            Uri endpointAddressUri = uddiResponse.EndpointAddress.GetAsUri();

            OcesX509Certificate endpointCertificate = this.GetEndpointCertificateFromLdap(uddiResponse.CertificateSubjectSerialNumber);

            this.ValidateEndpointCertificate(endpointCertificate);
            //X509Certificate2 clientCertificate = CertificateUtil.InstallAndGetFunctionCertificateFromCertificateStore();
            X509Certificate2 clientCertificate = this.ClientCertificate;

            Credentials credentials = new Credentials(new OcesX509Certificate(clientCertificate), endpointCertificate);
            Request     request     = new Request(endpointAddressUri, credentials);
            RaspRequest raspRequest = new RaspRequest(request);

            return(raspRequest);
        }
コード例 #8
0
        protected void ValidateEndpointCertificate(OcesX509Certificate endpointOcesCertificate)
        {
            RevocationLookupFactory ocspLookupFactory = new RevocationLookupFactory();
            IRevocationLookup       ocspClient        = ocspLookupFactory.CreateRevocationLookupClient();

            RevocationResponse ocspStatus = endpointOcesCertificate.CheckRevocationStatus(ocspClient);

            switch (ocspStatus.RevocationCheckStatus)
            {
            case RevocationCheckStatus.AllChecksPassed:
            {
                // all okay
                break;
            }

            case RevocationCheckStatus.CertificateRevoked:
            {
                throw new Exception("Certificate validation error - CertificateRevoked");
                //break;
            }

            case RevocationCheckStatus.NotChecked:
            {
                throw new Exception("Certificate validation error - NotChecked");
                //break;
            }

            case RevocationCheckStatus.UnknownIssue:
            {
                throw new Exception("Certificate validation error - UnknownIssue");
                // break;
            }

            default:
            {
                throw new Exception("Certificate validation error");
                // break;
            }
            }
        }
コード例 #9
0
        /* /// <summary>
         * /// Overrides the method to validate the binding element order.
         * /// </summary>
         * /// <typeparam name="TChannel"></typeparam>
         * /// <param name="context"></param>
         * /// <returns></returns>
         * public override IChannelListener<TChannel> BuildChannelListener<TChannel>(BindingContext context)
         * {
         *   BindingElementCollection bindingElements = context.Binding.Elements;
         *   this.stackCheck.Check(bindingElements);
         *   return base.BuildChannelListener<TChannel>(context);
         * }*/

        /// <summary>
        /// Intercept requests and creates the proof of validation interception before
        /// attaching it to the message.
        /// </summary>
        /// <param name="interceptorMessage"></param>
        public override void InterceptRequest(InterceptorMessage interceptorMessage)
        {
            this.logger.Trace("Security validate the foces certificate.");
            try
            {
                Headers headers = new Headers(interceptorMessage);
                if (interceptorMessage.IsFault)
                {
                    // do nothing
                }
                else if (headers.IsCreateSequence)
                {
                    // do nothing
                }
                else if (headers.SequenceHeader == null)
                {
                    // do nothing
                }
                else if (headers.SequenceHeader.IsLastMessage)
                {
                    // do nothing
                }
                else
                {
                    // Get the certificate from the message
                    X509Certificate2 certificate;
                    try
                    {
                        certificate = interceptorMessage.Certificate;
                    }
                    catch
                    {
                        throw new FailedToGetCertificateSubjectException(interceptorMessage);
                    }



                    // now we must revocate check the certificate
                    OcesX509Certificate ocesCertificate = new OcesX509Certificate(certificate);
                    RevocationResponse  response        = ocesCertificate.CheckRevocationStatus(revocationLookup);

                    if (response.Exception != null)
                    {
                        string msg;
                        try
                        {
                            msg = response.Exception.Message;
                        }
                        catch (Exception ex)
                        {
                            this.logger.Debug("Error finding the correct error message.", ex);
                            msg = "unknown";
                        }

                        this.logger.Warn(string.Format("The certificate '{0}' revocation check failed. Reason is: ", ocesCertificate.Certificate.SubjectName.Name, msg));

                        // some error checking the certificate
                        // make sure the error is of the correct type, and throw it
                        // note - if the original exception was not a communikation exception, it is wraped in a communikation exception
                        if (response.Exception is CertificateRevokedTimeoutException)
                        {
                            throw new CertificateRevokedValidationFailedException(response.Exception);
                        }
                        else if (response.Exception is CertificateRevokedException)
                        {
                            throw response.Exception;
                        }
                        else if (response.Exception is CertificateRevokedValidationFailedException)
                        {
                            throw response.Exception;
                        }
                        else if (response.Exception is CheckCertificateOcspUnexpectedException)
                        {
                            throw new CertificateRevokedValidationFailedException(response.Exception);
                        }
                        else if (response.Exception is CheckCertificateRevokedUnexpectedException)
                        {
                            throw new CertificateRevokedValidationFailedException(response.Exception);
                        }
                        else
                        {
                            throw new CertificateRevokedValidationFailedException(response.Exception);
                        }
                    }
                    else
                    {
                        // no exception - all good so far
                        switch (response.RevocationCheckStatus)
                        {
                        case RevocationCheckStatus.AllChecksPassed:
                        {
                            // all good
                            this.logger.Debug(string.Format("Certificate '{0}' has parsed the revocation validate.", certificate.SubjectName.Name));
                            SignatureValidationProof signatureValidationProof = new SignatureValidationProof(certificate.Subject);
                            interceptorMessage.AddProperty(ServerSignatureValidationProofBindingExtensionElement.SignatureValidationProofKey, signatureValidationProof);
                            break;
                        }

                        case RevocationCheckStatus.CertificateRevoked:
                        {
                            this.logger.Warn(string.Format("The certificate '{0}' is revoked.", ocesCertificate.Certificate.SubjectName.Name));
                            throw new CertificateRevokedException();
                            //break;
                        }

                        default:
                        {
                            this.logger.Warn(string.Format("The certificate '{0}' failed in revocation check - reason unknown", ocesCertificate.Certificate.SubjectName.Name));
                            throw new CertificateRevokedValidationFailedException("The certificate failed in revocation check - reason unknown.");
                            //break;
                        }
                        }
                    }
                }
            }
            catch (FailedToGetCertificateSubjectException)
            {
                // exception is of the correct type - rethrowing it
                throw;
            }

            /* catch (CertificateRevokedTimeoutException e)
             * {
             *   // exception is of the correct type - rethrowing it
             *   throw new CertificateRevokedValidationFailedException(e);
             * }*/
            catch (CertificateRevokedException)
            {
                // exception is of the correct type - rethrowing it
                throw;
            }
            catch (CertificateRevokedValidationFailedException)
            {
                // exception is of the correct type - rethrowing it
                throw;
            }

            /*  catch (CheckCertificateOcspUnexpectedException)
             * {
             *    // exception is of the correct type - rethrowing it
             *    throw;
             * }*/
            /* catch (CheckCertificateRevokedUnexpectedException)
             * {
             *   // exception is of the correct type - rethrowing it
             *   throw;
             * }*/
            catch (Exception ex)
            {
                this.logger.Debug("Security validate the foces certificate", ex);
                throw new CertificateRevokedValidationFailedException(ex);
            }

            this.logger.Trace("Security validate the foces certificate - Finish.");
        }
コード例 #10
0
 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="ServiceType">The type of the service</param>
 /// <param name="listenerCertificate">certificate of the listener</param>
 public ListenerIdentity(Type ServiceType, OcesX509Certificate listenerCertificate)
 {
     this.pListenerCertificate = listenerCertificate;
     this.pServiceType         = ServiceType;
 }
コード例 #11
0
 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="listenerCertificate">certificate of the listener</param>
 public ListenerIdentity(OcesX509Certificate listenerCertificate)
 {
     this.pListenerCertificate = listenerCertificate;
 }
コード例 #12
0
 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="transportBinding">binding transport</param>
 /// <param name="listenerCertificate">certificate of the listener</param>
 public ListenerIdentity(ITransport transportBinding, OcesX509Certificate listenerCertificate)
 {
     this.pTransport           = transportBinding;
     this.pListenerCertificate = listenerCertificate;
 }
コード例 #13
0
 /// <summary>
 /// Constructor
 /// </summary>
 /// <param name="ServiceType">The type of the service</param>
 /// <param name="transportBinding">binding transport</param>
 /// <param name="listenerCertificate">certificate of the listener</param>
 public ListenerIdentity(Type ServiceType, ITransport transportBinding, OcesX509Certificate listenerCertificate)
 {
     this.pTransport           = transportBinding;
     this.pListenerCertificate = listenerCertificate;
     this.pServiceType         = ServiceType;
 }