public static LdapConnection CreateLdapConnection(OcesEnvironment environment)
{
var ldapServerName = Properties.Get("ldap.server.danid." + environment);
var ldapConnection = new LdapConnection(ldapServerName) { AuthType = AuthType.Anonymous };
ldapConnection.SessionOptions.ProtocolVersion = 3;
return ldapConnection;
}
private static bool MatchMocesPolicy(X509Certificate2 endUserCertificate, OcesEnvironment currentEnv)
{
if (OcesEnvironment.OcesIDanidEnvDevelopment.Equals(currentEnv) || OcesEnvironment.OcesIDanidEnvSystemtest.Equals(currentEnv) || OcesEnvironment.CampusIDanidEnvProd.Equals(currentEnv))
{
return(true); // we do not validate OCES1 dev and systemtest.
}
return(MatchPolicy(endUserCertificate, Properties.Get("moces.policies.prefix.danid." + currentEnv)));
}
/// <summary>
/// Gets root certificate of the given <code>Environment</code>
/// </summary>
public static X509Certificate2 LookupCertificate(OcesEnvironment environment)
{
if (!TheRootCertificates.ContainsKey(environment))
{
throw new ArgumentException("No certificate for: " + environment);
}
return(TheRootCertificates[environment]);
}
public bool IsRevoked(Ca ca)
{
if (ca.IsRoot)
{
return(false);
}
OcesEnvironment environment = RootCertificates.GetEnvironment(ca.IssuingCa);
return(DownloadCrl(ca, environment).IsRevoked(ca) || IsRevoked(ca.IssuingCa));
}
public Crl Download(OcesEnvironment environment, string ldapPath)
{
using (var connection = LdapFactory.CreateLdapConnection(environment))
{
var request = new SearchRequest(ldapPath, (string)null, SearchScope.Base, new[] { LdapFactory.CertificateRevocationListBinary });
var response = (SearchResponse)connection.SendRequest(request);
var bytes = (byte[])response.Entries[0].Attributes[LdapFactory.CertificateRevocationListBinary][0];
return(new Crl(bytes));
}
}
public static LdapConnection CreateLdapConnection(OcesEnvironment environment)
{
var ldapServerName = Properties.Get("ldap.server.danid." + environment);
var ldapConnection = new LdapConnection(ldapServerName)
{
AuthType = AuthType.Anonymous
};
ldapConnection.SessionOptions.ProtocolVersion = 3;
return(ldapConnection);
}
public Crl Download(OcesEnvironment environment, string ldapPath)
{
using (var connection = LdapFactory.CreateLdapConnection(environment))
{
var request = new SearchRequest(ldapPath, (string)null, SearchScope.Base, new[] { LdapFactory.CertificateRevocationListBinary});
var response = (SearchResponse) connection.SendRequest(request);
var bytes = (byte[])response.Entries[0].Attributes[LdapFactory.CertificateRevocationListBinary][0];
return new Crl(bytes);
}
}
private static bool MatchPocesPolicy(X509Certificate2 endUserCertificate, OcesEnvironment currentEnv)
{
if (OcesEnvironment.OcesIDanidEnvDevelopment.Equals(currentEnv) || OcesEnvironment.OcesIDanidEnvSystemtest.Equals(currentEnv))
{
return(true); // we do not validate OCES1 dev and systemtest.
}
if (OcesEnvironment.OcesIiDanidEnvPreprod.Equals(currentEnv))
{
return(true); // we do not validate OCES2 preprod as external partners might have older certificates not satisfying this.
}
return(MatchPolicy(endUserCertificate, Properties.Get("poces.policies.prefix.danid." + currentEnv)));
}
/// <summary>
/// The partitioned CRL to check for revocation is retrieved using LDAP.
/// </summary>
public bool IsRevoked(IOcesCertificate certificate)
{
string ldapPath = certificate.PartitionedCrlDistributionPoint;
OcesEnvironment environment = RootCertificates.GetEnvironment(certificate.IssuingCa);
Crl crl = _crlDownloader.Download(environment, ldapPath);
if (!crl.IsPartial())
{
throw new InvalidCrlException("Crl was downloaded successfully, but is not a partial CRL:" + ldapPath);
}
if (!crl.IsCorrectPartialCrl(ldapPath))
{
throw new InvalidCrlException("Crl was downloaded successfully, but is not the correct partitioned crl:" + ldapPath);
}
return(crl.IsRevoked(certificate) || IsRevoked(certificate.IssuingCa));
}
private static bool MatchVocesPolicy(X509Certificate2 endUserCertificate, OcesEnvironment currentEnv)
{
if (OcesEnvironment.OcesIDanidEnvDevelopment.Equals(currentEnv) || OcesEnvironment.OcesIDanidEnvSystemtest.Equals(currentEnv))
{
return true; // we do not validate OCES1 dev and systemtest.
}
return MatchPolicy(endUserCertificate, Properties.Get("voces.policies.prefix.danid." + currentEnv));
}
private static bool MatchPocesPolicy(X509Certificate2 endUserCertificate, OcesEnvironment currentEnv)
{
if (OcesEnvironment.OcesIDanidEnvDevelopment.Equals(currentEnv) || OcesEnvironment.OcesIDanidEnvSystemtest.Equals(currentEnv))
{
return true; // we do not validate OCES1 dev and systemtest.
}
if (OcesEnvironment.OcesIiDanidEnvPreprod.Equals(currentEnv))
{
return true; // we do not validate OCES2 preprod as external partners might have older certificates not satisfying this.
}
return MatchPolicy(endUserCertificate, Properties.Get("poces.policies.prefix.danid." + currentEnv));
}
/// <summary>
/// Gets root certificate of the given <code>Environment</code>
/// </summary>
public static X509Certificate2 LookupCertificate(OcesEnvironment environment)
{
if (!TheRootCertificates.ContainsKey(environment))
{
throw new ArgumentException("No certificate for: " + environment);
}
return TheRootCertificates[environment];
}
public static bool HasCertificate(OcesEnvironment environment)
{
return TheRootCertificates.ContainsKey(environment);
}
public static bool HasCertificate(OcesEnvironment environment)
{
return(TheRootCertificates.ContainsKey(environment));
}
public LdapDownloadableJob(LdapCrlDownloader downloader, OcesEnvironment environment, String ldapPath)
{
_downloader = downloader;
_environment = environment;
_ldapPath = ldapPath;
}
public Crl Download(OcesEnvironment environment, String ldapPath)
{
return _crlCache.GetCrl(ldapPath, new LdapDownloadableJob(_downloader, environment, ldapPath));
}
Crl DownloadCrl(Ca ca, OcesEnvironment environment)
{
string crlDistributionPoint = CrlDistributionPointsExtractor.ExtractCrlDistributionPoints(ca.Certificate).PartitionedCrlDistributionPoint;
return _crlDownloader.Download(environment, crlDistributionPoint);
}
Crl DownloadCrl(Ca ca, OcesEnvironment environment)
{
string crlDistributionPoint = CrlDistributionPointsExtractor.ExtractCrlDistributionPoints(ca.Certificate).PartitionedCrlDistributionPoint;
return(_crlDownloader.Download(environment, crlDistributionPoint));
}
public Crl Download(OcesEnvironment environment, String ldapPath)
{
return(_crlCache.GetCrl(ldapPath, new LdapDownloadableJob(_downloader, environment, ldapPath)));
}
public LdapDownloadableJob(LdapCrlDownloader downloader, OcesEnvironment environment, String ldapPath)
{
_downloader = downloader;
_environment = environment;
_ldapPath = ldapPath;
}