/// <summary> /// Checks the status of the certificate against an OCSP server. /// Updates the internal state with the result. /// </summary> /// <param name="revocationLookupClient">The OCSP client to use for the request</param> /// <returns>Returns the check status</returns> public RevocationResponse CheckRevocationStatus(IRevocationLookup revocationLookupClient) { RevocationResponse response = new RevocationResponse(); try { response = revocationLookupClient.CheckCertificate(x509Certificate); if (response.Exception == null) { if (response.IsValid) { response.RevocationCheckStatus = RevocationCheckStatus.AllChecksPassed; } else { response.RevocationCheckStatus = RevocationCheckStatus.CertificateRevoked; } } else { response.RevocationCheckStatus = RevocationCheckStatus.UnknownIssue; } } catch (Exception e) { response.Exception = e; response.RevocationCheckStatus = RevocationCheckStatus.UnknownIssue; } return(response); }
private void Revocation(X509Certificate2 certificate) { // Create the OCSP client RevocationLookupFactory revocationLookupFactory = new RevocationLookupFactory(); IRevocationLookup revocationClient = revocationLookupFactory.CreateRevocationLookupClient(); // Check the validity status of the certificate using OCSP RevocationResponse revocationResponse = revocationClient.CheckCertificate(certificate); // Print out info Console.Write(" 3. Certificate status returned by RevocationLookup.\n Is valid: "); Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine(revocationResponse.IsValid.ToString()); Console.ForegroundColor = ConsoleColor.White; // Make sure the cert was valid if (!revocationResponse.IsValid) { throw new Exception("The certificate returned by RevocationLookup was not valid"); } }
/// <summary> /// Check if the certificate is revoked against ocsp server /// </summary> /// <param name="certificate">the certificate to check</param> /// <returns>RevocationResponse object to store the result</returns> /// <exception cref="CheckCertificateOcspUnexpectedException">This exception is thrown, if an unexpected exception is thrown during the method</exception> /// <exception cref="CertificateRevokedTimeoutException">This exception is thrown, if the call to Ocsp server takes longer time than the allowed timeout</exception> /// <exception cref="CheckCertificateRevokedUnexpectedException">Thrown if an unexpected error occured</exception> private RevocationResponse CheckCertificateRevocation(X509Certificate2 certificate) { RevocationResponse validityCheck = null; try { // Checks the certificate validityCheck = _lookup.CheckCertificate(certificate); } catch (ArgumentNullException) { throw; } catch (CryptographicUnexpectedOperationException) { throw; } catch (CryptographicException) { throw; } catch (ArithmeticException) { throw; } catch (CheckCertificateOcspUnexpectedException) { throw; } catch (CertificateRevokedTimeoutException) { throw; } catch (Exception e) { throw new CheckCertificateRevokedUnexpectedException(e); } return(validityCheck); }
private void TextCertificate() { string subject = string.Empty; /* Production configuration */ // specifie the subject to test // Production certificates valid // subject = "CN = NemHandel test service (funktionscertifikat) + SERIALNUMBER = CVR:26769388-FID:1200406941690, O = IT- og Telestyrelsen // CVR:26769388, C = DK"; //subject = "SERIALNUMBER=CVR:30808460-FID:1320135775022 + CN=TEST FOCES1 (funktionscertifikat), O=DANID A/S // CVR:30808460, C=DK"; // Production certificates not valid /* Test configuration */ // // Test certificates valid // subject = "CN = Testendpoint (funktionscertifikat) + SERIALNUMBER = CVR:26769388-FID:1208430425605, O = IT- og Telestyrelsen // CVR:26769388, C = DK"; //subject = "CN = Testendpoint (funktionscertifikat) + SERIALNUMBER = CVR:26769388-FID:1208430425605, O = IT- og Telestyrelsen // CVR:26769388, C = DK"; // Test certificates not valid //subject = "CN = TU GENEREL FOCES gyldig (funktionscertifikat) + SERIALNUMBER = CVR:30808460-FID:94731315, O = Danid A/S // CVR:30808460, C = DK"; // subject = "CN=Navision (funktionscertifikat) + OID.2.5.4.5=CVR:23267519-FID:1257424251148, O=TIETGENSKOLEN // CVR:23267519, C=DK"; //subject = "CN = TEST FOCES1 (funktionscertifikat) + SERIALNUMBER = CVR:30808460-FID:1320135775022, O = DANID A/S // CVR:30808460, C = DK"; // not valid any more //subject = "CN=TU GENEREL FOCES gyldig (funktionscertifikat) + SERIALNUMBER = CVR:30808460-FID:94731315, O = Danid A/S // CVR:30808460, C = DK"; // subject = "CN=TU GENEREL FOCES gyldig (funktionscertifikat) + SERIALNUMBER=CVR:30808460-FID:94731315, O=Danid A/S // CVR:30808460, C=DK"; // subject = "CN=FOCES1 (funktionscertifikat) + SERIALNUMBER=CVR:30808460-FID:1255692730737, O=DANID A/S // CVR:30808460, C=DK"; // subject = "CN=TU GENEREL MOCES gyldig + SERIALNUMBER=CVR:30808460-RID:45490598, O=Danid A/S // CVR:30808460, C=DK"; subject = "CN = mySupply NemHandel - Foces2 (funktionscertifikat) + SERIALNUMBER = CVR:32433030-FID:27705483, O = mySupply NemHandel // CVR:32433030, C = DK"; //subject = "SERIALNUMBER=CVR:34051178-FID:56940413 + CN=NemLog-in ADFS Test (funktionscertifikat), O=Digitaliseringsstyrelsen // CVR:34051178, C=DK"; // Now - retrive the certificate in LDAP, if the certificate is pressen... CertificateSubject certificateSubject = new CertificateSubject(subject); LdapLookupFactory ldapClientFactory = new LdapLookupFactory(); ICertificateLookup ldapClient = ldapClientFactory.CreateLdapLookupClient(); // Lookup the certificate using LDAP X509Certificate2 certificate = ldapClient.GetCertificate(certificateSubject); if (certificate != null) { Console.Write("Certificate whith subject "); Console.ForegroundColor = ConsoleColor.Yellow; Console.Write(subject); Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(" found in LDAP."); // Validate that the certificate is valid in OCSP RevocationLookupFactory revocationLookupFactory = new RevocationLookupFactory(); IRevocationLookup revocationClient = revocationLookupFactory.CreateRevocationLookupClient(); // Check the validity status of the certificate using OCSP RevocationResponse revocationResponse = revocationClient.CheckCertificate(certificate); if (revocationResponse.IsValid) { Console.ForegroundColor = ConsoleColor.Green; Console.Write("Certificate valid in OCSP/CRL"); } else { Console.ForegroundColor = ConsoleColor.Red; Console.Write("Certificate not valid in OCSP/CRL"); } } else { Console.Write("Certificate whith subject "); Console.ForegroundColor = ConsoleColor.Red; Console.Write(subject); Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(" NOT found in LDAP."); } Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(); Console.WriteLine("Press any key to exit."); Console.ReadLine(); }