예제 #1
0
 /// <summary>
 /// Sets the certificate type
 /// </summary>
 /// <param name="certificate">The certificate to check</param>
 /// <param name="result">The result object to store the result</param>
 private void CheckCertificateType(X509Certificate2 certificate, CertificateCheckResult result)
 {
     try {
         result.CertificateType = GetCertificateType(certificate);
     } catch (ArgumentNullException) {
         throw;
     } catch (CryptographicUnexpectedOperationException) {
         throw;
     } catch (CryptographicException) {
         throw;
     } catch (CheckCertificateTypeUnexpectedException) {
         throw;
     } catch (Exception) {
         throw;
     }
 }
예제 #2
0
 /// <summary>
 /// Checks if the rootcertificate is valid
 /// </summary>
 /// <param name="root">The rootcertificate to check</param>
 /// <param name="result">The object to store the result of the check</param>
 /// <exception cref="CheckRootCertificateValidUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception>
 private void CheckRootCertificateValidation(X509Certificate2 root, CertificateCheckResult result)
 {
     try {
         if (root.NotAfter.CompareTo(DateTime.Now) > 0 ||
             root.NotAfter.CompareTo(DateTime.Now) == 0)
         {
             result.RootCertificateValid = true;
         }
     } catch (ArgumentNullException) {
         throw;
     } catch (CryptographicUnexpectedOperationException) {
         throw;
     } catch (CryptographicException) {
         throw;
     } catch (Exception e) {
         throw new CheckRootCertificateValidUnexpectedException(e);
     }
 }
예제 #3
0
 /// <summary>
 /// Performs a certificate chain validation
 /// </summary>
 /// <param name="certificate">the certificate to validate</param>
 /// <param name="result">the object to store the result</param>
 /// <exception cref="CheckCertificateChainUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception>
 private void CheckCertificateChain(X509Certificate2 certificate, CertificateCheckResult result)
 {
     try {
         CertificateValidator.ValidateCertificate(certificate, _defaultOCESrootCertificate);
         result.RootCertificateAsRoot = true;
         result.CertificateActivated  = true;
         result.CertificateValid      = true;
     } catch (CertificateFailedChainValidationException) {
         result.RootCertificateAsRoot = false;
     } catch (CertificateNotActiveException) {
         result.CertificateActivated = false;
     } catch (CertificateExpiredException) {
         result.CertificateValid = false;
     } catch (ArgumentNullException) {
         throw;
     } catch (CryptographicUnexpectedOperationException) {
         throw;
     } catch (CryptographicException) {
         throw;
     } catch (Exception e) {
         throw new CheckCertificateChainUnexpectedException(e);
     }
 }
예제 #4
0
        /// <summary>
        /// Checks a certificate, with default rootcertificate.
        /// All fields of the CertificateCheckResult structure are initialized as "false".
        /// Certificate checking may end before all checks have been performed, if individual
        /// checks fail. In that case, only the fields of the CertificateCheckResult structure that
        /// corresponds to checks already performed are valid.
        /// </summary>
        /// <param name="certificate">certificate to check</param>
        /// <param name="rootCertificate">a given rootcertificate</param>
        /// <returns>The object that contains the result. Note that all fields of the CertificateCheckResult
        /// structure are initialized as "false". Certificate checking may end before all checks have
        /// been performed, if individual checks fail. In that case, only the fields of the
        /// CertificateCheckResult structure that
        /// corresponds to checks already performed are valid.</returns>
        public CertificateCheckResult CheckCertificate(X509Certificate2 certificate, X509Certificate2 rootCertificate)
        {
            CertificateCheckResult result = new CertificateCheckResult();

            try {
                //1. that the certificate has the default rootcertificate as root.
                // Also checks that the cert is not expired or not yet activated.
                CheckCertificateChain(certificate, result);

                if (!result.CertificateActivated ||
                    !result.CertificateValid ||
                    !result.RootCertificateAsRoot
                    )
                {
                    result.AllTestsPassed = false;
                    return(result);
                }

                //2. that the rootcertificate is not expired or not activated
                if (rootCertificate == null)
                {
                    CheckRootCertificateValidation(_defaultOCESrootCertificate, result);
                    CheckRootCertificateActivated(_defaultOCESrootCertificate, result);
                }
                else
                {
                    CheckRootCertificateValidation(rootCertificate, result);
                    CheckRootCertificateActivated(rootCertificate, result);
                }

                if (!result.RootCertificateValid || !result.RootCertificateActivated)
                {
                    result.AllTestsPassed = false;
                    return(result);
                }

                //4. check if the certificate is revoked async
                RevocationResponse response = CheckCertificateRevocation(certificate);
                if (!response.IsValid)
                {
                    result.AllTestsPassed     = false;
                    result.CertificateRevoked = true;
                    return(result);
                }

                //5. check certificatetype
                CheckCertificateType(certificate, result);

                if (result.CertificateActivated && !result.CertificateRevoked && result.CertificateValid &&
                    result.RootCertificateActivated && result.RootCertificateAsRoot && result.RootCertificateValid)
                {
                    result.AllTestsPassed = true;
                }
            } catch (ArgumentNullException) {
                throw;
            } catch (OverflowException) {
                throw;
            } catch (FormatException) {
                throw;
            } catch (CryptographicUnexpectedOperationException) {
                throw;
            } catch (CryptographicException) {
                throw;
            } catch (CheckCertificateOcspUnexpectedException) {
                throw;
            } catch (CertificateRevokedTimeoutException) {
                throw;
            } catch (Exception) {
                throw;
            }
            return(result);
        }