/// <summary>
/// Given the output data from the Open Sign applet, signed text is extracted if the login data is valid.
/// </summary>
/// <param name="loginData">the output data from the Open Sign applet (base64 encoded).</param>
/// <param name="agreement">the string to match against the signed text in the login data.</param>
/// <param name="logonto">expected value of the signature parameter <code>logonto</code> for OCESI applet responses or
/// of the signature parameter <code>RequestIssuer</code> for OCESII applet responses. Can be set to <code>null</code>
/// if validation should not be performed (this is not recommended)</param>.
/// <returns>true if the signed text matches the agreement parameter</returns>
/// <throws>AppletException in case the applet returned an error code.</throws>
public static SignatureValidationStatus ValidateSignatureAgainstAgreement(string loginData, string agreement, string stylesheet, string challenge, string logonto)
{
var errorCodeChecker = new ErrorCodeChecker(loginData);
if (errorCodeChecker.HasError())
{
throw new AppletException(errorCodeChecker.ExtractError());
}
var opensignSignature = CreateOpensignSignature(Base64Decode(loginData));
ValidateSignatureParameters(opensignSignature, challenge, logonto);
var encodedSignature = EncodeSignature(opensignSignature);
var encodedAgreement = Base64Encode(agreement);
var certificate = opensignSignature.SigningCertificate;
CertificateStatus status = certificate.ValidityStatus();
if (ServiceProviderSetup.CurrentChecker.IsRevoked(certificate))
{
status = CertificateStatus.Revoked;
}
var signatureMatches = SignatureMatches(encodedSignature, encodedAgreement, stylesheet, opensignSignature);
return(new SignatureValidationStatus(opensignSignature, status, signatureMatches));
}
private ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DerGeneralizedTime thisUpdate,
DerGeneralizedTime nextUpdate,
X509Extensions extensions)
{
this.certId = certId;
if (certStatus == null)
{
this.certStatus = new CertStatus();
}
else if (certStatus is UnknownStatus)
{
this.certStatus = new CertStatus(2, DerNull.Instance);
}
else
{
RevokedStatus rs = (RevokedStatus)certStatus;
CrlReason revocationReason = rs.HasRevocationReason
? new CrlReason(rs.RevocationReason)
: null;
this.certStatus = new CertStatus(
new RevokedInfo(new DerGeneralizedTime(rs.RevocationTime), revocationReason));
}
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.extensions = extensions;
}
private void verifyLevel2Authentication(SecureSocket socket,
Certificate cert,
CertificateChain chain,
VerifyEventArgs e
)
{
// Verify level 1 first
verifyLevel1Authentication(socket, cert, chain, e);
if (!e.Valid)
{
return;
}
CertificateStatus certStatus =
chain.VerifyChain(null, AuthType.Client, VerificationFlags.IgnoreInvalidName);
if (certStatus != CertificateStatus.ValidCertificate)
{
if ((Adk.Debug & AdkDebugFlags.Messaging_Detailed) != 0)
{
log.Warn
("Client Certificate is not trusted and fails SIF Level 2 Authentication: " +
certStatus.ToString());
}
e.Valid = false;
}
else
{
e.Valid = true;
}
}
/**
* Add a response for a particular Certificate ID.
*
* @param certID certificate ID details
* @param certStatus status of the certificate - null if okay
* @param singleExtensions optional extensions
*/
public void AddResponse(
CertificateID certID,
CertificateStatus certStatus,
X509Extensions singleExtensions)
{
list.Add(new ResponseObject(certID, certStatus, DateTime.UtcNow, singleExtensions));
}
public async Task <Unit> Handle(CertificateReprintRequest request, CancellationToken cancellationToken)
{
var certificate = await _certificateRepository.GetCertificate(request.CertificateReference, request.LastName, request.AchievementDate);
if (certificate == null)
{
throw new NotFound();
}
if (certificate.Status == CertificateStatus.Reprint)
{
return(Unit.Value);
}
if (CertificateStatus.CanRequestDuplicateCertificate(certificate.Status))
{
certificate.Status = CertificateStatus.Reprint;
await _certificateRepository.Update(certificate, request.Username, CertificateActions.Reprint);
}
else
{
throw new NotFound();
}
return(Unit.Value);
}
public static SignatureValidationStatus validateSignatureAgainstAgreementPDF(String loginData, String agreement, String challenge, String logonto)
{
var errorCodeChecker = new ErrorCodeChecker(loginData);
if (errorCodeChecker.HasError())
{
throw new AppletException(errorCodeChecker.ExtractError());
}
var opensignSignature = CreateOpensignSignature(Base64Decode(loginData));
ValidateChallenge(opensignSignature, challenge);
if (logonto != null)
{
ValidateLogonto(opensignSignature, logonto);
}
String encodedSignature = Base64Encode(Encoding.ASCII.GetString(opensignSignature.SignedDocument.SignedContent));
var encodedAgreement = Base64Encode(agreement);
var certificate = opensignSignature.SigningCertificate;
CertificateStatus status = certificate.ValidityStatus();
if (ServiceProviderSetup.CurrentChecker.IsRevoked(certificate))
{
status = CertificateStatus.Revoked;
}
var signatureMatches = SignatureMatches(encodedSignature, encodedAgreement, null, opensignSignature);
//@TODO HER MANGLER CHECK AF ATTACHMENTS !
return(new SignatureValidationStatus(opensignSignature, status, signatureMatches));
}
public async Task <IActionResult> GetLearner(long uln, string familyName, [SwaggerParameter("Standard Code or Standard Reference Number")] string standard)
{
var getRequest = new GetBatchLearnerRequest {
UkPrn = _headerInfo.Ukprn, Uln = uln, FamilyName = familyName, Standard = standard
};
var response = await _apiClient.GetLearner(getRequest);
if (response.ValidationErrors.Any())
{
ApiResponse error = new ApiResponse((int)HttpStatusCode.Forbidden, string.Join("; ", response.ValidationErrors));
return(StatusCode(error.StatusCode, error));
}
else if (response.Learner is null)
{
return(NotFound());
}
else if (response.Learner.Certificate is null)
{
return(Ok(response.Learner));
}
else
{
if (CertificateHelpers.IsDraftCertificateDeemedAsReady(response.Learner.Certificate))
{
response.Learner.Certificate.Status.CurrentStatus = CertificateStatus.Ready;
}
else if (CertificateStatus.HasPrintProcessStatus(response.Learner.Certificate.Status.CurrentStatus))
{
response.Learner.Certificate.Status.CurrentStatus = CertificateStatus.Submitted;
}
return(Ok(response.Learner));
}
}
public ActionResult Verify(string xml)
{
Response response = new Response(xml);
Challenge challenge = Session["challenge"] as Challenge;
if (!response.Valid(challenge))
{
return(Json(new { error = "Invalid DSIG" }, JsonRequestBehavior.AllowGet));
}
OcspClient ocspclient = new OcspClient();
// This uses the BouncyCastle X509 primitives (Org.BouncyCastle.X509)
X509CertificateParser parser = new X509CertificateParser();
var fullgiltbytes = System.IO.File.ReadAllBytes(HttpContext.Server.MapPath("~/certs/fullgilt.cer"));
X509Certificate fullgilt = parser.ReadCertificate(fullgiltbytes);
X509Certificate user = parser.ReadCertificate(response.Certificate);
try
{
CertificateStatus ocspresonse = ocspclient.Query(user, fullgilt);
if (ocspresonse != CertificateStatus.Good)
{
return(Json(new { error = Enum.GetName(typeof(CertificateStatus), ocspresonse) }));
}
// Do your normal login stuff here.
Session["LoggedIn"] = true;
return(Json(new { valid = true, msg = "Login successful" }, JsonRequestBehavior.AllowGet));
}
catch (Org.BouncyCastle.Ocsp.OcspException ocspex)
{
return(Json(new { error = ocspex.Message }, JsonRequestBehavior.AllowGet));
}
}
protected virtual void SendCertificateStatusMessage(CertificateStatus certificateStatus)
{
HandshakeMessage handshakeMessage = new HandshakeMessage(22);
certificateStatus.Encode(handshakeMessage);
handshakeMessage.WriteToRecordStream(this);
}
/// <summary>The default constructor for CertificateVerification.</summary>
/// <remarks>The default constructor for CertificateVerification.</remarks>
/// <param name="cert"></param>
/// <param name="ctx"></param>
public CertificateVerification(CertificateAndContext cert, ValidationContext ctx)
{
certificate = cert;
if (cert != null)
{
try
{
cert.GetCertificate().CheckValidity(ctx.GetValidationDate());
validityPeriodVerification = new Result(Result.ResultStatus.VALID, null);
}
catch (CertificateExpiredException)
{
validityPeriodVerification = new Result(Result.ResultStatus.INVALID, "certificate.expired"
);
}
catch (CertificateNotYetValidException)
{
validityPeriodVerification = new Result(Result.ResultStatus.INVALID, "certificate.not.yet.valid"
);
}
CertificateStatus status = ctx.GetCertificateStatusFromContext(cert);
if (status != null)
{
certificateStatus = new RevocationVerificationResult(status);
}
}
}
protected void Page_Load(object sender , EventArgs e)
{
string s = Request.QueryString[Helper.queryParam_specialty]; //专业id
status = GetStatus();
int p = PageIndex; //当前页码
v = !string.IsNullOrEmpty(s);
int rowcount = 0; // 记录数
if (!IsPostBack) {
IList<Certificate> list = RepositoryFactory<CertificateRepository>.Get().GetList(status , s , p , PageSize , out rowcount);
if (string.IsNullOrWhiteSpace(s)) {
} else {
linkAdd.NavigateUrl = "Add.aspx?s=" + s;
linkAdd.Visible = true;
}
Pager1.RecordCount = rowcount;
Pager1.PageSize = PageSize;
PageIndex = Helper.GetRealPageIndex(PageSize , rowcount , p);
rptList.DataSource = list.OrderByDescending(P => P.ReceiveDateTime);
rptList.DataBind();
}
}
public bool isValidCertificate(ECertificate certificate)
{
try
{
ValidationPolicy validationPolicy = CertValidationPolicyManager.getInstance().getValidationPolicy();
ValidationSystem vs = CertificateValidation.createValidationSystem(validationPolicy);
vs.setBaseValidationTime(DateTime.UtcNow);
CertificateStatusInfo csi = CertificateValidation.validateCertificate(vs, certificate);
CertificateStatus certificateStatus = csi.getCertificateStatus();
string statusText = certificateStatus.textAl();
//System.Console.WriteLine("Doğrulama Sonucu");
//System.Console.WriteLine(statusText);
//System.Console.WriteLine(csi.checkResultsToString());
//System.Console.WriteLine(csi.getDetailedMessage());
Program.HataMesaji = "\n\r" + csi.checkResultsToString() + "\n\r" + csi.getDetailedMessage();
return(certificateStatus == CertificateStatus.VALID);
}
catch (Exception exc)
{
// System.Console.WriteLine(exc.Message);
Program.HataMesaji = exc.Message;
return(false);
}
}
private void cboCertNew_MouseClick(object sender, MouseEventArgs e)
{
this.cboCertNew.Visible = true;
this.label3.Visible = true;
cboCertNew.Items.Clear();
string strPath = Globals.currentDirectory;
X509Store store = new X509Store("MY", StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection filterCerts = store.Certificates.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
String CN = "";
foreach (X509Certificate2 x509 in filterCerts)
{
CVM cvm = CVM.GetInstance();
string configFileName = strPath + @"cvm.xml";
cvm.config(configFileName);
CertificateStatus ret = cvm.VerifyCertificate(x509);
if (ret == CertificateStatus.VALID)
{
String subjectname = x509.Subject;
String[] names = subjectname.Split(',');
foreach (String name in names)
{
if (name.IndexOf("CN=") > 0)
{
int begin = name.IndexOf("CN=");
int len = name.Length;
CN = name.Substring(4, len - 4);
cboCertNew.Items.Add(CN);
cboCertificate.Items.Add(CN);
}
}
}
}
if (CN.Equals("") || CN == null)
{
// MessageBox.Show("没有有效的证书,请联系管理员!");
}
store.Close();
if (cboCertificate.Items.Count != 0)
{
cboCertificate.Text = cboCertificate.Items[0].ToString();
cboCertNew.Text = cboCertificate.Items[0].ToString();
cboCertNew.SelectedIndex = 0;
}
try
{
cboCertNew.Focus();
}
catch (Exception ex)
{
Globals.logAdapter.Record("EX925511256761", ex.Message + ">>" + ex.ToString(), true);
}
}
public void GetCertificateStatusFromModel(CertificateStatus certificateStatus)
{
certificateStatus.NationalDefenseAndSecurity = NationalDefenseAndSecurity;
certificateStatus.PhysicalEducation = PhysicalEducation;
certificateStatus.Language = Language;
certificateStatus.Informatics = Informatics;
certificateStatus.ExtracurricularPoint = ExtracurricularPoint;
}
public ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DateTime thisUpdate,
X509Extensions extensions)
: this(certId, certStatus, new DerGeneralizedTime(thisUpdate), null, extensions)
{
}
/// <summary>
///
/// </summary>
/// <param name="certID"></param>
/// <param name="certStatus"></param>
/// <param name="thisUpdate"></param>
/// <param name="nextUpdate"></param>
/// <param name="singleExtensions"></param>
public void addResponse(
CertificateID certID,
CertificateStatus certStatus,
DateTime thisUpdate,
DateTime nextUpdate,
X509Extensions singleExtensions)
{
list.Add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions));
}
/// <summary>
/// Constructor at character's initialization time
/// </summary>
/// <param name="character"></param>
/// <param name="src"></param>
/// <param name="certClass"></param>
internal Certificate(Character character, StaticCertificate src, CertificateClass certClass)
{
m_staticData = src;
m_class = certClass;
m_character = character;
m_status = CertificateStatus.Untrained;
m_prereqSkills = new List<SkillLevel>(src.PrerequisiteSkills.ToCharacter(character));
m_prereqCertificates = new List<Certificate>();
}
/// <summary>
/// Constructor at character's initialization time
/// </summary>
/// <param name="character"></param>
/// <param name="src"></param>
/// <param name="certClass"></param>
internal Certificate(Character character, StaticCertificate src, CertificateClass certClass)
{
m_staticData = src;
m_class = certClass;
m_character = character;
m_status = CertificateStatus.Untrained;
m_prereqSkills = new List <SkillLevel>(src.PrerequisiteSkills.ToCharacter(character));
m_prereqCertificates = new List <Certificate>();
}
/// <summary>
/// Gets the certificates with the specified status
/// </summary>
/// <param name="status">The status the certificates must have</param>
/// <returns></returns>
public IEnumerable <Certificate> FilterByStatus(CertificateStatus status)
{
foreach (var cert in m_items.Values)
{
if (cert.Status == status)
{
yield return(cert);
}
}
}
public void InstallCertificate(CertificateStatus statusPreviousCertificate)
{
if (!File.Exists(_options.WellKnownFilePaths[WellKnownFile.CrtPfx]))
{
Log.Error("Certificate to install not found!");
return;
}
Log.Information("Installing certificate in store");
X509Store store = null;
X509Certificate2 newCertificate = null;
X509Certificate2 knownCertificate = null;
try
{
store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadWrite);
Log.Information($"Opened Certificate Store {store.Name}");
X509KeyStorageFlags flags = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet;
// See http://paulstovell.com/blog/x509certificate2
newCertificate = new X509Certificate2(_options.WellKnownFilePaths[WellKnownFile.CrtPfx], _options.PfxPassword, flags)
{
FriendlyName = $"{_options.HostName} {(_options.TestMode ? "FAKE " : "")}{DateTime.UtcNow:O}"
};
knownCertificate = store.Certificates.OfType <X509Certificate2>().FirstOrDefault(c => c.Thumbprint == newCertificate.Thumbprint);
if (knownCertificate != null)
{
Log.Information($"Certificate already in the Store {knownCertificate.FriendlyName}");
}
else
{
Log.Information($"Adding Certificate to Store {newCertificate.FriendlyName}");
store.Add(newCertificate);
knownCertificate = newCertificate;
}
bool needsRecycle = !_options.Renew || statusPreviousCertificate == CertificateStatus.NotFound;
_iisService.Install(store, knownCertificate, needsRecycle);
}
finally
{
Log.Information("Closing Certificate Store");
IDisposable disposable = newCertificate as IDisposable;
disposable?.Dispose();
disposable = knownCertificate as IDisposable;
disposable?.Dispose();
store?.Close();
}
}
/// <summary>
/// Try to update the certificate's status.
/// </summary>
/// <returns>True if the status was updated, false otherwise.</returns>
internal bool TryUpdateCertificateStatus()
{
if (m_initialized)
{
return(false);
}
bool claimable = true;
bool noPrereq = true;
// Scan prerequisite certfiicates
foreach (var cert in m_prereqCertificates)
{
// Status not defined yet ? Then, we quit
if (!cert.m_initialized)
{
return(false);
}
// Claimable only if every prereq certificate has been granted
claimable &= (cert.Status == CertificateStatus.Granted);
// Untrainable if no prereq is satisfied
noPrereq &= (cert.Status == CertificateStatus.Untrained | cert.Status == CertificateStatus.PartiallyTrained);
}
// Scan prerequisite skills
foreach (var prereqSkill in m_prereqSkills)
{
var skill = prereqSkill.Skill;
// Claimable only if the skill's level is grater or equal than the minium level
claimable &= (skill.Level >= prereqSkill.Level);
// Untrainable if no prereq is satisfied
noPrereq &= (skill.Level < prereqSkill.Level);
}
// Updates status
if (claimable)
{
m_status = CertificateStatus.Claimable;
}
else if (noPrereq)
{
m_status = CertificateStatus.Untrained;
}
else
{
m_status = CertificateStatus.PartiallyTrained;
}
m_initialized = true;
return(true);
}
/// <summary>
/// verifies the certificate chain against the certificate store
/// </summary>
/// <param name="allCertsReceived">the chain to verify</param>
/// <param name="expectedCNName">the expected CN; may be null</param>
/// <param name="authType">the authtype: is the certificate to verify a client or server certificate;
/// i.e when verifying a client cert, pass AuthType.Client; when verifying a server cert: pass AuthType.Server</param>ram>
/// <returns></returns>
protected bool IsValidCertificate(CertificateChain allCertsReceived, string expectedCNName, AuthType authType)
{
VerificationFlags verificationFlags = VerificationFlags.None;
if (expectedCNName == null)
{
verificationFlags = VerificationFlags.IgnoreInvalidName;
}
CertificateStatus status = allCertsReceived.VerifyChain(expectedCNName, authType, verificationFlags);
return(status == CertificateStatus.ValidCertificate);
}
/// <summary>
/// Gets an <see cref="OCSPSingleResponse"/> object from the <see cref="OCSPSingleResponseCollection"/> object by revoked certificate's
/// serial number.
/// </summary>
/// <param name="status">A string that represents a <see cref="OCSPSingleResponse.CertStatus">CertStatus</see>
/// property.</param>
/// <remarks>Use this property to retrieve an <see cref="OCSPSingleResponse"/> object from an <see cref="OCSPSingleResponseCollection"/>
/// object if you know the <see cref="OCSPSingleResponse.CertStatus">Status</see> value of the <see cref="OCSPSingleResponse"/>
/// object. You can use the <see cref="this[int]"/> property to retrieve an <see cref="OCSPSingleResponse"/> object if you know
/// its location in the collection</remarks>
/// <returns>An <see cref="OCSPSingleResponse"/> object.</returns>
public OCSPSingleResponse this[CertificateStatus status] {
get {
foreach (OCSPSingleResponse entry in _list)
{
if (entry.CertStatus == status)
{
return(entry);
}
}
return(null);
}
}
/// <summary>The default constructor for RevocationVerificationResult.</summary>
/// <remarks>The default constructor for RevocationVerificationResult.</remarks>
public RevocationVerificationResult(CertificateStatus certificateStatus)
{
if (certificateStatus != null)
{
this.certificateStatus = certificateStatus;
}
else
{
this.certificateStatus = new CertificateStatus();
this.certificateStatus.Validity = CertificateValidity.UNKNOWN;
}
}
public async Task <Certificate> Handle(StaffCertificateDuplicateRequest request,
CancellationToken cancellationToken)
{
var certificate = await _certificateRepository.GetCertificate(request.Id);
if (CertificateStatus.CanRequestDuplicateCertificate(certificate.Status))
{
certificate.Status = CertificateStatus.Reprint;
await _certificateRepository.Update(certificate, request.Username, action : CertificateActions.Reprint);
}
return(certificate);
}
private DateTime GetUpdatedStatusDate(string learnerCertificateStatus)
{
if (CertificateStatus.HasPrintNotificateStatus(learnerCertificateStatus))
{
if (Learner.PrintStatusAt != null)
{
return((DateTime)Learner.PrintStatusAt);
}
}
if (Learner.LastUpdatedAt != null)
{
return((DateTime)Learner.LastUpdatedAt);
}
return(default);
/// <summary>
/// Procesa la respuesta del servidor OCSP y devuelve el estado del certificado
/// </summary>
/// <param name="binaryResp"></param>
/// <returns></returns>
public CertificateStatus ProcessOcspResponse(byte[] binaryResp, bool checkNonce)
{
if (binaryResp.Length == 0)
{
return(CertificateStatus.Unknown);
}
OcspResp r = new OcspResp(binaryResp);
CertificateStatus cStatus = CertificateStatus.Unknown;
if (r.Status == OcspRespStatus.Successful)
{
BasicOcspResp or = (BasicOcspResp)r.GetResponseObject();
if (checkNonce)
{
if (or.GetExtensionValue(OcspObjectIdentifiers.PkixOcspNonce).ToString() !=
_nonceAsn1OctetString.ToString())
{
throw new Exception("Bad nonce value");
}
}
if (or.Responses.Length == 1)
{
SingleResp resp = or.Responses[0];
object certificateStatus = resp.GetCertStatus();
if (certificateStatus == Org.BouncyCastle.Ocsp.CertificateStatus.Good)
{
cStatus = CertificateStatus.Good;
}
else if (certificateStatus is Org.BouncyCastle.Ocsp.RevokedStatus)
{
cStatus = CertificateStatus.Revoked;
}
else if (certificateStatus is Org.BouncyCastle.Ocsp.UnknownStatus)
{
cStatus = CertificateStatus.Unknown;
}
}
}
else
{
throw new Exception("Unknow status '" + r.Status + "'.");
}
return(cStatus);
}
/// <summary>
/// Sets the WaitHandle to signalled and calls the appropriate delegate.
/// </summary>
/// <param name="error">An exception that may have occurred.</param>
/// <param name="status">The status of the certificate chain.</param>
internal void VerificationCompleted(Exception error, CertificateStatus status)
{
m_ThrowException = error;
m_Status = status;
m_IsCompleted = true;
if (m_Callback != null)
{
m_Callback(this);
}
if (m_WaitHandle != null)
{
m_WaitHandle.Set();
}
}
public static PassportStatus ContractTypeToApiType(CertificateStatus contractType)
{
switch (contractType)
{
case CertificateStatus.PrivatePerson:
return(PassportStatus.PrivatePerson);
case CertificateStatus.Entity:
return(PassportStatus.Entity);
default:
throw new ArgumentOutOfRangeException(nameof(contractType), contractType, null);
}
}
private CertificateStatus processOcspResponse(X509Certificate clientCert, X509Certificate issuerCert, byte[] binaryResp, out string respMsg)
{
OcspResp r = new OcspResp(binaryResp);
CertificateStatus cStatus = CertificateStatus.unknown;
switch (r.Status)
{
case OcspRespStatus.Successful:
BasicOcspResp or = (BasicOcspResp)r.GetResponseObject();
validateResponse(or, issuerCert);
respMsg = string.Empty;
if (or.Responses.Length == 1)
{
SingleResp resp = or.Responses[0];
validateCertificateId(issuerCert, clientCert, resp.GetCertID());
validateThisUpdate(resp);
validateNextUpdate(resp);
Object certificateStatus = resp.GetCertStatus();
if (certificateStatus == Org.BouncyCastle.Ocsp.CertificateStatus.Good)
{
cStatus = CertificateStatus.good;
respMsg = "Certificado Válido";
}
else if (certificateStatus is RevokedStatus)
{
cStatus = CertificateStatus.revoked;
respMsg = "Certificado Revocado";
}
else if (certificateStatus is UnknownStatus)
{
cStatus = CertificateStatus.unknown;
respMsg = "Certificado Desconocido";
}
}
break;
default:
respMsg = "No se ha podido procesar la respuesta OCSP";
//throw new Exception("Status Desconocido '" + r.Status + "'.");
return(cStatus);
}
return(cStatus);
}
private async Task <Certificate> GetCertificate(GetBatchCertificateRequest request)
{
_logger.LogInformation("GetCertificate Before Get Certificate from db");
var certificate = await _certificateRepository.GetCertificate(request.Uln, request.StandardCode, request.FamilyName, request.IncludeLogs);
_logger.LogInformation("GetCertificate Before Get Searching Organisation from db");
var searchingOrganisation = await _organisationQueryRepository.GetByUkPrn(request.UkPrn);
var allowedCertificateStatus = new[] { CertificateStatus.Draft, CertificateStatus.Submitted }.Concat(CertificateStatus.PrintProcessStatus);
if (certificate == null || searchingOrganisation == null || !allowedCertificateStatus.Contains(certificate.Status))
{
return(null);
}
var certData = JsonConvert.DeserializeObject <CertificateData>(certificate.CertificateData);
certificate = await CertificateHelpers.ApplyStatusInformation(_certificateRepository, _contactQueryRepository, certificate);
if ((certificate.Status == CertificateStatus.Submitted || CertificateStatus.HasPrintProcessStatus(certificate.Status)) && certData.OverallGrade == CertificateGrade.Fail)
{
return(null);
}
else if (certificate.Status == CertificateStatus.Draft &&
EpaOutcome.Pass.Equals(certData.EpaDetails?.LatestEpaOutcome, StringComparison.InvariantCultureIgnoreCase) &&
certData.OverallGrade == null)
{
return(null);
}
if (certificate.OrganisationId != searchingOrganisation.Id)
{
var providedStandards = await _standardRepository.GetEpaoRegisteredStandards(searchingOrganisation.EndPointAssessorOrganisationId, int.MaxValue, 1);
if (providedStandards.PageOfResults.Any(s => s.StandardCode == certificate.StandardCode))
{
// Shared standard but not the EPAO who created the certificate
certificate = RedactCertificateInformation(certificate, false);
}
else
{
certificate = null;
}
}
return(certificate);
}
public async Task <Certificate> Handle(UpdateCertificateRequestReprintCommand request, CancellationToken cancellationToken)
{
var certificate = await _certificateRepository.GetCertificate(request.CertificateId);
if (certificate == null)
{
throw new NotFoundException();
}
if (certificate.Status != CertificateStatus.Reprint && CertificateStatus.CanRequestReprintCertificate(certificate.Status))
{
certificate.Status = CertificateStatus.Reprint;
await _certificateRepository.Update(certificate, request.Username, CertificateActions.Reprint);
}
return(certificate);
}
/// <summary>
/// Try to update the certificate's status.
/// </summary>
/// <returns>True if the status was updated, false otherwise.</returns>
internal bool TryUpdateCertificateStatus()
{
if (m_initialized) return false;
bool claimable = true;
bool noPrereq = true;
// Scan prerequisite certfiicates
foreach (var cert in m_prereqCertificates)
{
// Status not defined yet ? Then, we quit
if (!cert.m_initialized) return false;
// Claimable only if every prereq certificate has been granted
claimable &= (cert.Status == CertificateStatus.Granted);
// Untrainable if no prereq is satisfied
noPrereq &= (cert.Status == CertificateStatus.Untrained | cert.Status == CertificateStatus.PartiallyTrained);
}
// Scan prerequisite skills
foreach (var prereqSkill in m_prereqSkills)
{
var skill = prereqSkill.Skill;
// Claimable only if the skill's level is grater or equal than the minium level
claimable &= (skill.Level >= prereqSkill.Level);
// Untrainable if no prereq is satisfied
noPrereq &= (skill.Level < prereqSkill.Level);
}
// Updates status
if (claimable) m_status = CertificateStatus.Claimable;
else if (noPrereq) m_status = CertificateStatus.Untrained;
else m_status = CertificateStatus.PartiallyTrained;
m_initialized = true;
return true;
}
public bool IsOfStatus(CertificateStatus status)
{
switch (status)
{
case CertificateStatus.None:
return false;
case CertificateStatus.All:
return true;
default:
return Status == status;
}
}
/// <summary>
/// Sets the WaitHandle to signalled and calls the appropriate delegate.
/// </summary>
/// <param name="error">An exception that may have occurred.</param>
/// <param name="status">The status of the certificate chain.</param>
internal void VerificationCompleted(Exception error, CertificateStatus status) {
m_ThrowException = error;
m_Status = status;
m_IsCompleted = true;
if (m_Callback != null)
m_Callback(this);
if (m_WaitHandle != null)
m_WaitHandle.Set();
}
public SignatureValidationStatus(OpensignSignature signature, CertificateStatus certificateStatus, bool signatureMatches)
{
Signature = signature;
CertificateStatus = certificateStatus;
SignatureMatches = signatureMatches;
}
/// <summary>
/// Restes the data before we import a deserialization object
/// </summary>
/// <param name="fromCCP"></param>
internal void Reset()
{
m_status = CertificateStatus.Untrained;
m_initialized = false;
}
/// <summary>
/// Marks the certificate as granted
/// </summary>
internal void MarkAsGranted()
{
m_status = CertificateStatus.Granted;
m_initialized = true;
}
public virtual CertificateStatus Check(X509Certificate childCertificate, X509Certificate
certificate, DateTime validationDate)
{
CertificateStatus status = new CertificateStatus();
status.Certificate = childCertificate;
status.ValidationDate = validationDate;
status.IssuerCertificate = certificate;
if (ocspSource == null)
{
LOG.Warn("OCSPSource null");
return null;
}
try
{
BasicOcspResp ocspResp = ocspSource.GetOcspResponse(childCertificate, certificate
);
if (null == ocspResp)
{
LOG.Info("OCSP response not found");
return null;
}
BasicOcspResp basicOCSPResp = (BasicOcspResp)ocspResp;
CertificateID certificateId = new CertificateID(CertificateID.HashSha1, certificate
, childCertificate.SerialNumber);
SingleResp[] singleResps = basicOCSPResp.Responses;
foreach (SingleResp singleResp in singleResps)
{
CertificateID responseCertificateId = singleResp.GetCertID();
if (false == certificateId.Equals(responseCertificateId))
{
continue;
}
DateTime thisUpdate = singleResp.ThisUpdate;
LOG.Info("OCSP thisUpdate: " + thisUpdate);
LOG.Info("OCSP nextUpdate: " + singleResp.NextUpdate);
status.StatusSourceType = ValidatorSourceType.OCSP;
status.StatusSource = ocspResp;
status.RevocationObjectIssuingTime = ocspResp.ProducedAt;
if (null == singleResp.GetCertStatus())
{
LOG.Info("OCSP OK for: " + childCertificate.SubjectDN);
status.Validity = CertificateValidity.VALID;
}
else
{
LOG.Info("OCSP certificate status: " + singleResp.GetCertStatus().GetType().FullName
);
if (singleResp.GetCertStatus() is RevokedStatus)
{
LOG.Info("OCSP status revoked");
if (validationDate.CompareTo(((RevokedStatus)singleResp.GetCertStatus()).RevocationTime) < 0) //jbonilla - Before
{
LOG.Info("OCSP revocation time after the validation date, the certificate was valid at "
+ validationDate);
status.Validity = CertificateValidity.VALID;
}
else
{
status.RevocationDate = ((RevokedStatus)singleResp.GetCertStatus()).RevocationTime;
status.Validity = CertificateValidity.REVOKED;
}
}
else
{
if (singleResp.GetCertStatus() is UnknownStatus)
{
LOG.Info("OCSP status unknown");
status.Validity = CertificateValidity.UNKNOWN;
}
}
}
return status;
}
LOG.Info("no matching OCSP response entry");
return null;
}
catch (IOException ex)
{
LOG.Error("OCSP exception: " + ex.Message);
return null;
}
catch (OcspException ex)
{
LOG.Error("OCSP exception: " + ex.Message);
throw new RuntimeException(ex);
}
}
public CertificateAndStatus(OcesCertificate certificate,
CertificateStatus certificateStatus)
{
Certificate = certificate;
CertificateStatus = certificateStatus;
}
/// <summary>
/// Translates the certificate status
/// </summary>
/// <param name="status">The CertificateStatus</param>
/// <returns>Descriptive message.</returns>
public static string GetCertificateStatusText(CertificateStatus status)
{
return ErrorCodes["certificate." + status];
}
