private void SetAttributesForMocesOrPoces(OcesCertificate certificate) { if (certificate is PocesCertificate) { Session.Add(KeyType, "POCES"); Session.Add(KeyPid, ((PocesCertificate)certificate).Pid); } else { Session.Add(KeyType, "MOCES"); Session.Add(KeyRid, ((MocesCertificate)certificate).Rid); Session.Add(KeyCvr, ((MocesCertificate)certificate).Cvr); } }
public CertificateIsRevokedException(OcesCertificate certificate) : base("Certificate " + certificate.SubjectDistinguishedName + "is revoked") { }
/// <summary> /// Checks that a full CRL can be retrieved and is valid. Expects that an environment has been set up. /// </summary> /// <returns><code>true</code> if the CRL is retrieved or else false</returns> public static bool VerifyFullCrl(OcesCertificate ocesCertificate) { Crl crl = CertificateRevocationHandler.RetrieveFullCrl(ocesCertificate); return(crl != null && crl.IsValid); }
public CertificateAndStatus(OcesCertificate certificate, CertificateStatus certificateStatus) { Certificate = certificate; CertificateStatus = certificateStatus; }
/// <summary> /// This method verifies a certificate by calling the OCSP used in current Environment /// </summary> /// <param name="certificate">certificate to verify</param> /// <returns>true if certificate is revoked else false</returns> public static bool VerifyCertificateWithOcsp(OcesCertificate certificate) { var engine = new OcspCertificateRevocationChecker(); return(engine.IsRevoked(certificate)); }
/// <summary> /// Retrieves the full CRL for the given certificate /// </summary> /// <param name="certificate">to retrieve full CRL for</param> /// <returns>full CRL for the given certificate</returns> public static Crl RetrieveFullCrl(OcesCertificate certificate) { return(FullCrlRevocationChecker.Instance.DownloadCrl(certificate)); }
public TrustCouldNotBeVerifiedException(OcesCertificate ocesCertificate, IEnumerable <OcesEnvironment> environments) : base("Could not verify trust") { OcesCertificate = ocesCertificate; TrustedEnvironments = environments; }
private static void CheckBasicOcspResp(CertID id, BasicOcspResp basicResp, OcesCertificate ocspCertificate, Ca ca) { DateTime nowInGmt = DateTime.Now.ToUniversalTime(); /* check condition: * The certificate identified in a received response corresponds to * that which was identified in the corresponding request; */ SingleResp[] responses = basicResp.Responses; if (responses.Length != 1) { throw new OcspException("unexpected number of responses received"); } if (!id.SerialNumber.Value.Equals(responses[0].GetCertID().SerialNumber)) { throw new OcspException("Serial number mismatch problem"); } /* check condition * The signature on the response is valid; */ try { ChainVerifier.VerifyTrust(ocspCertificate.ExportCertificate(), ca); } catch (ChainVerificationException e) { throw new OcspException("OCSP response certificate chain is invalid", e); } /* check the signature on the ocsp response */ var ocspBcCertificate = new X509CertificateParser().ReadCertificate(ocspCertificate.ExportCertificate().RawData); if (!basicResp.Verify(ocspBcCertificate.GetPublicKey())) { throw new OcspException("signature validation failed for ocsp response"); } if (!CanSignOcspResponses(ocspBcCertificate)) { throw new OcspException("ocsp signing certificate has not been cleared for ocsp response signing"); } /* check expiry of the signing certificate */ if (ocspCertificate.ValidityStatus() != CertificateStatus.Valid) { throw new OcspException("OCSP certificate expired or not yet valid"); } /* check condition * The time at which the status being indicated is known to be * correct (thisUpdate) is sufficiently recent. */ SingleResp response = responses[0]; var diff = response.ThisUpdate - nowInGmt; if (diff > new TimeSpan(0, 1, 0)) { throw new OcspException("OCSP response signature is from the future. Timestamp of thisUpdate field: " + response.ThisUpdate); } if (response.NextUpdate != null && response.NextUpdate.Value < nowInGmt) { throw new OcspException("OCSP response is no longer valid"); } }