/// <summary> /// Prints an SRV RR /// </summary> /// <param name="srv">the RR to print</param> public void Print(SRVRecord srv) { this.Print("Priority", srv.Priority); this.Print("Weight", srv.Weight); this.Print("Port", srv.Port); this.Print("Target", srv.Target); }
/// <summary> /// Factory for DnsResourceRecord objects /// </summary> /// <param name="recordType"></param> /// <returns></returns> public static DnsResourceRecord CreateRecordObject(DnsStandard.RecordType recordType) { DnsResourceRecord record; switch (recordType) { default: record = new RawRecord(); break; case DnsStandard.RecordType.ANAME: record = new AddressRecord(); break; case DnsStandard.RecordType.NS: record = new NSRecord(); break; case DnsStandard.RecordType.CNAME: record = new CNameRecord(); break; case DnsStandard.RecordType.SOA: record = new SOARecord(); break; case DnsStandard.RecordType.TXT: record = new TextRecord(); break; case DnsStandard.RecordType.MX: record = new MXRecord(); break; case DnsStandard.RecordType.PTR: record = new PtrRecord(); break; case DnsStandard.RecordType.CERT: record = new CertRecord(); break; case DnsStandard.RecordType.SRV: record = new SRVRecord(); break; } return(record); }
/// <summary> /// Factory for DnsResourceRecord objects /// </summary> /// <param name="recordType"></param> /// <returns></returns> public static DnsResourceRecord CreateRecordObject(DnsStandard.RecordType recordType) { DnsResourceRecord record; switch (recordType) { default: record = new RawRecord(); break; case DnsStandard.RecordType.ANAME: record = new AddressRecord(); break; case DnsStandard.RecordType.NS: record = new NSRecord(); break; case DnsStandard.RecordType.CNAME: record = new CNameRecord(); break; case DnsStandard.RecordType.SOA: record = new SOARecord(); break; case DnsStandard.RecordType.TXT: record = new TextRecord(); break; case DnsStandard.RecordType.MX: record = new MXRecord(); break; case DnsStandard.RecordType.PTR: record = new PtrRecord(); break; case DnsStandard.RecordType.CERT: record = new CertRecord(); break; case DnsStandard.RecordType.SRV: record = new SRVRecord(); break; } return record; }
/// <summary> /// Creates a connection to an LDAP server based on the DNS SRV resolution of the lookup name. /// </summary> /// <param name="srvRecord">Resolver <see cref="SRVRecord"/></param> /// <returns>An <see cref="LdapConnection"/> to the server that will be searched for certificates.</returns> protected LdapConnection GetLdapConnection(SRVRecord srvRecord) { LdapConnection retVal; var ldapIdentifier = new LdapDirectoryIdentifier(srvRecord.Target, srvRecord.Port); try { retVal = new LdapConnection(ldapIdentifier); retVal.AuthType = AuthType.Anonymous; // use anonymous bind retVal.SessionOptions.ProtocolVersion = LdapProtoVersion; if (Timeout.Ticks > 0) { retVal.Timeout = Timeout; } retVal.Bind(); } catch (Exception ex) { // didn't connenct.... go onto the next record this.Error.NotifyEvent(this, new LdapCertResolverException(LDAPError.BindFailure, srvRecord.ToString(), ex)); retVal = null; } return retVal; }
/// <summary> /// Resolves X509 certificates for a specific subject. May either be an address or a domain name. /// </summary> /// <param name="srvRecord">Resolve <see cref="SRVRecord"/> to resolve. </param> /// /// <param name="subjectName">The <see cref="String"/> subject to resolve. </param> /// <returns>An <see cref="X509Certificate2Collection"/> of X509 certifiates for the address, /// or <c>null</c> if no certificates are found.</returns> X509Certificate2Collection GetCertificatesBySubect(SRVRecord srvRecord, string subjectName) { var retVal = new X509Certificate2Collection(); // get the LDAP connection from the SRV records using (var connection = GetLdapConnection(srvRecord)) { if (connection != null) { // gate the base naming contexts var distNames = GetBaseNamingContext(connection); foreach (var dn in distNames) { // search each base context var request = Search.MimeCertRequest(dn, subjectName); try { SetCerts(connection, request, retVal); } catch (LdapCertResolverException ldapEx) { this.Error.NotifyEvent(this, new LdapCertResolverException(ldapEx.Error, subjectName + srvRecord, ldapEx.InnerException)); } catch (Exception ex) { this.Error.NotifyEvent(this, ex); } } } } return retVal; }
private void SetCerts(SearchResultEntry entry, X509Certificate2Collection retVal, SRVRecord srvRecord, string subjectName) { if (entry.Attributes.Values == null || entry.Attributes.Count <= 0) { StringBuilder sb = new StringBuilder(); sb.Append(subjectName).Append(" SRV:").Append(srvRecord).Append(" LDAP:").Append(entry.DistinguishedName); Error.NotifyEvent(this, new LdapCertResolverException(LDAPError.NoUserCertificateAttribute, sb.ToString())); return; } foreach (DirectoryAttribute entryAttr in entry.Attributes.Values) { if (entryAttr.Count > 0) { // search could possibly return more than one entry and each entry may contain // more that one certificates foreach (object t in entryAttr) { try { var cert = new X509Certificate2((byte[])t); retVal.Add(cert); } catch (Exception ex) { Error.NotifyEvent(this, ex); } } } } }
private void SetCerts(LdapConnection connection, SearchRequest request, X509Certificate2Collection retVal, SRVRecord srvRecord, string subjectName) { // send the LDAP request using the mail attribute as the search filter and return the userCertificate attribute var response = (SearchResponse)connection.SendRequest(request); if (response != null && response.Entries.Count > 0) { foreach (SearchResultEntry entry in response.Entries) { SetCerts(entry, retVal, srvRecord, subjectName); } } }
private void SetCerts(SRVRecord srvRecord, LdapConnection connection, List<string> distNames, string subject, X509Certificate2Collection retVal) { foreach (var dn in distNames) { // search each base context try { var request = Search.MimeCertRequest(dn, subject); SetCerts(connection, request, retVal, srvRecord, subject); } catch (Exception ex) { Error.NotifyEvent(this, ex); } } }
/// <summary> /// Resolves X509 certificates for a specific subject. By domain name. /// </summary> /// <param name="connection">Active LDAP connection</param> /// <param name="srvRecord">Resolve <see cref="SRVRecord"/> to resolve. </param> /// /// <param name="domain">The <see cref="String"/> domain to resolve. </param> /// <returns>An <see cref="X509Certificate2Collection"/> of X509 certifiates for the address, /// or <c>null</c> if no certificates are found.</returns> X509Certificate2Collection GetCertificatesByDomain(LdapConnection connection, SRVRecord srvRecord, string domain) { var retVal = new X509Certificate2Collection(); // gate the base naming contexts var distNames = GetBaseNamingContext(connection); SetCerts(srvRecord, connection, distNames, domain, retVal); return retVal; }
/// <summary> /// Resolves X509 certificates for a specific subject. Will search address and then domain. /// </summary> /// <param name="connection">Active LDAP connection</param> /// <param name="srvRecord">Resolve <see cref="SRVRecord"/> to resolve. </param> /// /// <param name="address">The <see cref="String"/> address to resolve. </param> /// <returns>An <see cref="X509Certificate2Collection"/> of X509 certifiates for the address, /// or <c>null</c> if no certificates are found.</returns> X509Certificate2Collection GetCertificatesBySubect(LdapConnection connection, SRVRecord srvRecord, MailAddress address) { var retVal = new X509Certificate2Collection(); // gate the base naming contexts var distNames = GetBaseNamingContext(connection); SetCerts(srvRecord, connection, distNames, address.Address, retVal); if(retVal.Count == 0) { SetCerts(srvRecord, connection, distNames, address.Host, retVal); } return retVal; }