示例#1
0
        /// <summary>
        /// Add revocation data either from list of OCSP response objects or list of X509 CRL objects
        /// or from specified RevocationValuesType.
        /// </summary>
        /// <param name="validateRequest"></param>
        /// <param name="ocspResponses"></param>
        /// <param name="crls"></param>
        /// <param name="revocationData"></param>
        private void addRevocationData(ValidateRequestType validateRequest, List <OcspResp> ocspResponses,
                                       List <X509Crl> crls, RevocationValuesType revocationData)
        {
            RevocationDataMessageExtensionType revocationDataMessageExtension =
                new RevocationDataMessageExtensionType();

            if (null != revocationData)
            {
                revocationDataMessageExtension.RevocationValues = revocationData;
            }
            else
            {
                RevocationValuesType revocationValues = new RevocationValuesType();

                // OCSP
                EncapsulatedPKIDataType[] ocspValues = new EncapsulatedPKIDataType[ocspResponses.Count];
                int idx = 0;
                foreach (OcspResp ocspResponse in ocspResponses)
                {
                    EncapsulatedPKIDataType ocspValue = new EncapsulatedPKIDataType();
                    ocspValue.Value   = ocspResponse.GetEncoded();
                    ocspValues[idx++] = ocspValue;
                }
                revocationValues.OCSPValues = ocspValues;

                // CRL
                EncapsulatedPKIDataType[] crlValues = new EncapsulatedPKIDataType[crls.Count];
                idx = 0;
                foreach (X509Crl crl in crls)
                {
                    EncapsulatedPKIDataType crlValue = new EncapsulatedPKIDataType();
                    crlValue.Value   = crl.GetEncoded();
                    crlValues[idx++] = crlValue;
                }
                revocationValues.CRLValues = crlValues;

                revocationDataMessageExtension.RevocationValues = revocationValues;
            }

            validateRequest.MessageExtension =
                new MessageExtensionAbstractType[] { revocationDataMessageExtension };
        }
        /// <summary>
        /// Add revocation data either from list of OCSP response objects or list of X509 CRL objects 
        /// or from specified RevocationValuesType.
        /// </summary>
        /// <param name="validateRequest"></param>
        /// <param name="ocspResponses"></param>
        /// <param name="crls"></param>
        /// <param name="revocationData"></param>
        private void addRevocationData(ValidateRequestType validateRequest, List<OcspResp> ocspResponses,
            List<X509Crl> crls, RevocationValuesType revocationData)
        {
            RevocationDataMessageExtensionType revocationDataMessageExtension =
                new RevocationDataMessageExtensionType();

            if (null != revocationData)
            {
                revocationDataMessageExtension.RevocationValues = revocationData;
            }
            else
            {
                RevocationValuesType revocationValues = new RevocationValuesType();

                // OCSP
                EncapsulatedPKIDataType[] ocspValues = new EncapsulatedPKIDataType[ocspResponses.Count];
                int idx = 0;
                foreach (OcspResp ocspResponse in ocspResponses)
                {
                    EncapsulatedPKIDataType ocspValue = new EncapsulatedPKIDataType();
                    ocspValue.Value = ocspResponse.GetEncoded();
                    ocspValues[idx++] = ocspValue;
                }
                revocationValues.OCSPValues = ocspValues;

                // CRL
                EncapsulatedPKIDataType[] crlValues = new EncapsulatedPKIDataType[crls.Count];
                idx = 0;
                foreach (X509Crl crl in crls)
                {
                    EncapsulatedPKIDataType crlValue = new EncapsulatedPKIDataType();
                    crlValue.Value = crl.GetEncoded();
                    crlValues[idx++] = crlValue;
                }
                revocationValues.CRLValues = crlValues;

                revocationDataMessageExtension.RevocationValues = revocationValues;
            }

            validateRequest.MessageExtension =
                new MessageExtensionAbstractType[] { revocationDataMessageExtension };
        }
        /*
         * Validation
         */
        private void validate(List<Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
            bool returnRevocationData, DateTime validationDate, List<OcspResp> ocspResponses, List<X509Crl> crls,
            RevocationValuesType revocationValues, TimeStampToken timeStampToken,
            EncapsulatedPKIDataType[] attributeCertificates)
        {
            // setup the client
            setupClient();

            // validate
            ValidateRequestType validateRequest = new ValidateRequestType();
            QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
            KeyInfoType keyInfo = new KeyInfoType();
            X509DataType x509Data = new X509DataType();
            x509Data.Items = new object[certificateChain.Count];
            x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
            int idx = 0;
            foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
            {
                x509Data.Items[idx] = certificate.GetEncoded();
                x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
                idx++;
            }
            keyInfo.Items = new object[] { x509Data };
            keyInfo.ItemsElementName = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
            queryKeyBinding.KeyInfo = keyInfo;
            validateRequest.QueryKeyBinding = queryKeyBinding;

            /*
             * Set optional trust domain 
             */
            if (null != trustDomain)
            {
                UseKeyWithType useKeyWith = new UseKeyWithType();
                useKeyWith.Application = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
                useKeyWith.Identifier = trustDomain;
                queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
            }

            /*
             * Add timestamp token for TSA validation
             */
            if (null != timeStampToken)
            {
                addTimeStampToken(validateRequest, timeStampToken);
            }

            /*
             * Add attribute certificates
             */
            if (null != attributeCertificates)
            {
                addAttributeCertificates(validateRequest, attributeCertificates);
            }

            /*
             * Set if used revocation data should be returned or not
             */
            if (returnRevocationData)
            {
                validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
            }

            /*
             * Historical validation, add the revocation data to the request
             */
            if (!validationDate.Equals(DateTime.MinValue))
            {
                TimeInstantType timeInstant = new TimeInstantType();
                timeInstant.Time = validationDate;
                queryKeyBinding.TimeInstant = timeInstant;

                addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
            }

            /*
             * Validate
             */
            ValidateResultType validateResult = client.Validate(validateRequest);

            /*
             * Check result 
             */
            checkResponse(validateResult);

            /*
             * Set the optionally requested revocation data
             */
            if (returnRevocationData)
            {
                foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
                {
                    if (messageExtension is RevocationDataMessageExtensionType)
                    {
                        this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
                    }
                }
                if (null == this.revocationValues)
                {
                    throw new RevocationDataNotFoundException();
                }
            }

            /*
             * Store reason URIs
             */
            foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
            {
                if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
                {
                    return;
                }
                foreach (string reason in keyBinding.Status.InvalidReason)
                {
                    this.invalidReasonURIs.AddLast(reason);
                }
                throw new ValidationFailedException(this.invalidReasonURIs);
            }
        }
 public void validate(string trustDomain, List<Org.BouncyCastle.X509.X509Certificate> certificateChain,
     DateTime validationDate, RevocationValuesType revocationValues)
 {
     validate(certificateChain, trustDomain, false, validationDate, null, null, revocationValues, null, null);
 }
示例#5
0
        /*
         * Validation
         */
        private void validate(List <Org.BouncyCastle.X509.X509Certificate> certificateChain, string trustDomain,
                              bool returnRevocationData, DateTime validationDate, List <OcspResp> ocspResponses, List <X509Crl> crls,
                              RevocationValuesType revocationValues, TimeStampToken timeStampToken,
                              EncapsulatedPKIDataType[] attributeCertificates)
        {
            // setup the client
            setupClient();

            // validate
            ValidateRequestType validateRequest = new ValidateRequestType();
            QueryKeyBindingType queryKeyBinding = new QueryKeyBindingType();
            KeyInfoType         keyInfo         = new KeyInfoType();
            X509DataType        x509Data        = new X509DataType();

            x509Data.Items            = new object[certificateChain.Count];
            x509Data.ItemsElementName = new ItemsChoiceType[certificateChain.Count];
            int idx = 0;

            foreach (Org.BouncyCastle.X509.X509Certificate certificate in certificateChain)
            {
                x509Data.Items[idx]            = certificate.GetEncoded();
                x509Data.ItemsElementName[idx] = ItemsChoiceType.X509Certificate;
                idx++;
            }
            keyInfo.Items                   = new object[] { x509Data };
            keyInfo.ItemsElementName        = new ItemsChoiceType2[] { ItemsChoiceType2.X509Data };
            queryKeyBinding.KeyInfo         = keyInfo;
            validateRequest.QueryKeyBinding = queryKeyBinding;

            /*
             * Set optional trust domain
             */
            if (null != trustDomain)
            {
                UseKeyWithType useKeyWith = new UseKeyWithType();
                useKeyWith.Application     = XkmsConstants.TRUST_DOMAIN_APPLICATION_URI;
                useKeyWith.Identifier      = trustDomain;
                queryKeyBinding.UseKeyWith = new UseKeyWithType[] { useKeyWith };
            }

            /*
             * Add timestamp token for TSA validation
             */
            if (null != timeStampToken)
            {
                addTimeStampToken(validateRequest, timeStampToken);
            }

            /*
             * Add attribute certificates
             */
            if (null != attributeCertificates)
            {
                addAttributeCertificates(validateRequest, attributeCertificates);
            }

            /*
             * Set if used revocation data should be returned or not
             */
            if (returnRevocationData)
            {
                validateRequest.RespondWith = new string[] { XkmsConstants.RETURN_REVOCATION_DATA_URI };
            }

            /*
             * Historical validation, add the revocation data to the request
             */
            if (!validationDate.Equals(DateTime.MinValue))
            {
                TimeInstantType timeInstant = new TimeInstantType();
                timeInstant.Time            = validationDate;
                queryKeyBinding.TimeInstant = timeInstant;

                addRevocationData(validateRequest, ocspResponses, crls, revocationValues);
            }

            /*
             * Validate
             */
            ValidateResultType validateResult = client.Validate(validateRequest);

            /*
             * Check result
             */
            checkResponse(validateResult);

            /*
             * Set the optionally requested revocation data
             */
            if (returnRevocationData)
            {
                foreach (MessageExtensionAbstractType messageExtension in validateResult.MessageExtension)
                {
                    if (messageExtension is RevocationDataMessageExtensionType)
                    {
                        this.revocationValues = ((RevocationDataMessageExtensionType)messageExtension).RevocationValues;
                    }
                }
                if (null == this.revocationValues)
                {
                    throw new RevocationDataNotFoundException();
                }
            }

            /*
             * Store reason URIs
             */
            foreach (KeyBindingType keyBinding in validateResult.KeyBinding)
            {
                if (KeyBindingEnum.httpwwww3org200203xkmsValid.Equals(keyBinding.Status.StatusValue))
                {
                    return;
                }
                foreach (string reason in keyBinding.Status.InvalidReason)
                {
                    this.invalidReasonURIs.AddLast(reason);
                }
                throw new ValidationFailedException(this.invalidReasonURIs);
            }
        }
示例#6
0
 public void validate(string trustDomain, List <Org.BouncyCastle.X509.X509Certificate> certificateChain,
                      DateTime validationDate, RevocationValuesType revocationValues)
 {
     validate(certificateChain, trustDomain, false, validationDate, null, null, revocationValues, null, null);
 }
示例#7
0
 public ValidationDataType()
 {
     this._revocationValues  = new RevocationValuesType();
     this._certificateValues = new CertificateValuesType();
 }