/// <summary> /// Add revocation data either from list of OCSP response objects or list of X509 CRL objects /// or from specified RevocationValuesType. /// </summary> /// <param name="validateRequest"></param> /// <param name="ocspResponses"></param> /// <param name="crls"></param> /// <param name="revocationData"></param> private void addRevocationData(ValidateRequestType validateRequest, List <OcspResp> ocspResponses, List <X509Crl> crls, RevocationValuesType revocationData) { RevocationDataMessageExtensionType revocationDataMessageExtension = new RevocationDataMessageExtensionType(); if (null != revocationData) { revocationDataMessageExtension.RevocationValues = revocationData; } else { RevocationValuesType revocationValues = new RevocationValuesType(); // OCSP EncapsulatedPKIDataType[] ocspValues = new EncapsulatedPKIDataType[ocspResponses.Count]; int idx = 0; foreach (OcspResp ocspResponse in ocspResponses) { EncapsulatedPKIDataType ocspValue = new EncapsulatedPKIDataType(); ocspValue.Value = ocspResponse.GetEncoded(); ocspValues[idx++] = ocspValue; } revocationValues.OCSPValues = ocspValues; // CRL EncapsulatedPKIDataType[] crlValues = new EncapsulatedPKIDataType[crls.Count]; idx = 0; foreach (X509Crl crl in crls) { EncapsulatedPKIDataType crlValue = new EncapsulatedPKIDataType(); crlValue.Value = crl.GetEncoded(); crlValues[idx++] = crlValue; } revocationValues.CRLValues = crlValues; revocationDataMessageExtension.RevocationValues = revocationValues; } validateRequest.MessageExtension = new MessageExtensionAbstractType[] { revocationDataMessageExtension }; }
/// <summary> /// Add revocation data either from list of OCSP response objects or list of X509 CRL objects /// or from specified RevocationValuesType. /// </summary> /// <param name="validateRequest"></param> /// <param name="ocspResponses"></param> /// <param name="crls"></param> /// <param name="revocationData"></param> private void addRevocationData(ValidateRequestType validateRequest, List<OcspResp> ocspResponses, List<X509Crl> crls, RevocationValuesType revocationData) { RevocationDataMessageExtensionType revocationDataMessageExtension = new RevocationDataMessageExtensionType(); if (null != revocationData) { revocationDataMessageExtension.RevocationValues = revocationData; } else { RevocationValuesType revocationValues = new RevocationValuesType(); // OCSP EncapsulatedPKIDataType[] ocspValues = new EncapsulatedPKIDataType[ocspResponses.Count]; int idx = 0; foreach (OcspResp ocspResponse in ocspResponses) { EncapsulatedPKIDataType ocspValue = new EncapsulatedPKIDataType(); ocspValue.Value = ocspResponse.GetEncoded(); ocspValues[idx++] = ocspValue; } revocationValues.OCSPValues = ocspValues; // CRL EncapsulatedPKIDataType[] crlValues = new EncapsulatedPKIDataType[crls.Count]; idx = 0; foreach (X509Crl crl in crls) { EncapsulatedPKIDataType crlValue = new EncapsulatedPKIDataType(); crlValue.Value = crl.GetEncoded(); crlValues[idx++] = crlValue; } revocationValues.CRLValues = crlValues; revocationDataMessageExtension.RevocationValues = revocationValues; } validateRequest.MessageExtension = new MessageExtensionAbstractType[] { revocationDataMessageExtension }; }
/* * Validation */ private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain, bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls, RevocationValuesType revocationValues, TimeStampToken timeStampToken, EncapsulatedPKIDataType[] attributeCertificates) { // setup the client setupClient(); // validate ValidateRequestType validateRequest = new ValidateRequestType(); QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType(); KeyInfoType keyInfo = new KeyInfoType(); X509DataType x509Data = new X509DataType(); x509Data.Items = new object[certificateChain.Count]; x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count]; int idx = 0; foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain) { x509Data.Items[idx] = certificate.GetEncoded(); x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate; idx++; } keyInfo.Items = new object[] { x509Data }; keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data }; queryKeyBinding.KeyInfo = keyInfo; validateRequest.QueryKeyBinding = queryKeyBinding; /* * Set optional trust domain */ if (null != trustDomain) { UseKeyWithType useKeyWith = new UseKeyWithType(); useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI; useKeyWith.Identifier = trustDomain; queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith }; } /* * Add timestamp token for TSA validation */ if (null != timeStampToken) { addTimeStampToken(validateRequest, timeStampToken); } /* * Add attribute certificates */ if (null != attributeCertificates) { addAttributeCertificates(validateRequest, attributeCertificates); } /* * Set if used revocation data should be returned or not */ if (returnRevocationData) { validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI }; } /* * Historical validation, add the revocation data to the request */ if (!validationDate.Equals(DateTime.MinValue)) { TimeInstantType timeInstant = new TimeInstantType(); timeInstant.Time = validationDate; queryKeyBinding.TimeInstant = timeInstant; addRevocationData(validateRequest, ocspResponses, crls, revocationValues); } /* * Validate */ ValidateResultType validateResult = client.Validate(validateRequest); /* * Check result */ checkResponse(validateResult); /* * Set the optionally requested revocation data */ if (returnRevocationData) { foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension) { if (messageExtension is RevocationDataMessageExtensionType) { this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues; } } if (null == this.revocationValues) { throw new RevocationDataNotFoundException(); } } /* * Store reason URIs */ foreach (KeyBindingType keyBinding in validateResult.KeyBinding) { if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue)) { return; } foreach (string reason in keyBinding.Status.InvalidReason) { this.invalidReasonURIs.AddLast(reason); } throw new ValidationFailedException(this.invalidReasonURIs); } }
public void validate(string trustDomain, List<Org.BouncyCastle.X509.X509Certificate> certificateChain, DateTime validationDate, RevocationValuesType revocationValues) { validate(certificateChain, trustDomain, false, validationDate, null, null, revocationValues, null, null); }
/* * Validation */ private void validate(List <Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain, bool returnRevocationData, DateTime validationDate, List <OcspResp> ocspResponses, List <X509Crl> crls, RevocationValuesType revocationValues, TimeStampToken timeStampToken, EncapsulatedPKIDataType[] attributeCertificates) { // setup the client setupClient(); // validate ValidateRequestType validateRequest = new ValidateRequestType(); QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType(); KeyInfoType keyInfo = new KeyInfoType(); X509DataType x509Data = new X509DataType(); x509Data.Items = new object[certificateChain.Count]; x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count]; int idx = 0; foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain) { x509Data.Items[idx] = certificate.GetEncoded(); x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate; idx++; } keyInfo.Items = new object[] { x509Data }; keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data }; queryKeyBinding.KeyInfo = keyInfo; validateRequest.QueryKeyBinding = queryKeyBinding; /* * Set optional trust domain */ if (null != trustDomain) { UseKeyWithType useKeyWith = new UseKeyWithType(); useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI; useKeyWith.Identifier = trustDomain; queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith }; } /* * Add timestamp token for TSA validation */ if (null != timeStampToken) { addTimeStampToken(validateRequest, timeStampToken); } /* * Add attribute certificates */ if (null != attributeCertificates) { addAttributeCertificates(validateRequest, attributeCertificates); } /* * Set if used revocation data should be returned or not */ if (returnRevocationData) { validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI }; } /* * Historical validation, add the revocation data to the request */ if (!validationDate.Equals(DateTime.MinValue)) { TimeInstantType timeInstant = new TimeInstantType(); timeInstant.Time = validationDate; queryKeyBinding.TimeInstant = timeInstant; addRevocationData(validateRequest, ocspResponses, crls, revocationValues); } /* * Validate */ ValidateResultType validateResult = client.Validate(validateRequest); /* * Check result */ checkResponse(validateResult); /* * Set the optionally requested revocation data */ if (returnRevocationData) { foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension) { if (messageExtension is RevocationDataMessageExtensionType) { this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues; } } if (null == this.revocationValues) { throw new RevocationDataNotFoundException(); } } /* * Store reason URIs */ foreach (KeyBindingType keyBinding in validateResult.KeyBinding) { if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue)) { return; } foreach (string reason in keyBinding.Status.InvalidReason) { this.invalidReasonURIs.AddLast(reason); } throw new ValidationFailedException(this.invalidReasonURIs); } }
public void validate(string trustDomain, List <Org.BouncyCastle.X509.X509Certificate> certificateChain, DateTime validationDate, RevocationValuesType revocationValues) { validate(certificateChain, trustDomain, false, validationDate, null, null, revocationValues, null, null); }
public ValidationDataType() { this._revocationValues = new RevocationValuesType(); this._certificateValues = new CertificateValuesType(); }