/// <summary> /// This method is used verify that a connection can be made to the LDAP directory holding /// the root certificate for all environments begin set using the {@link Environments} class. /// </summary> public static void VerifyRootCertificateFromLdap() { foreach (var environment in Environments.TrustedEnvironments) { using (var connection = LdapFactory.CreateLdapConnection(environment)) { var ldapRootProp = Properties.Get("ldap.ca.dn.danid." + environment); var request = new SearchRequest(ldapRootProp, (string)null, SearchScope.Base, LdapFactory.RootCertificateBinary); var response = (SearchResponse)connection.SendRequest(request); var bytes = (byte[])response.Entries[0].Attributes[LdapFactory.RootCertificateBinary][0]; var rootCertificateFromLdap = new X509Certificate2(bytes); var rootCertificate = RootCertificates.LookupCertificate(environment); if (rootCertificateFromLdap.Equals(rootCertificate)) { Logger.Info("Root certificate retrieved from LDAP with DN: " + rootCertificateFromLdap.SubjectName); } else { Logger.Error("ERROR: Could not retrieve root certificate from LDAP for environment " + environment); } } } }
static bool IsAlive(string ocspUrl) { if (Environments.TrustedEnvironments.Contains(OcesEnvironment.OcesIDanidEnvDevelopment)) { Logger.Info("OCSP checking is not supported in this environment. Assuming certificate is not revoked"); return(false); } try { var environments = Environments.TrustedEnvironments; if (environments == null || environments.Count() == 0) { throw new InvalidOperationException("No trusted enviroment has been set"); } Logger.Debug("validate certificate serial number 1 for url: " + ocspUrl); var rootCertificate = RootCertificates.LookupCertificate(environments.First()); // validate certificate serial number 1 var ocspRequest = RequestGenerator.CreateOcspRequest(rootCertificate, "1"); PostOcspRequest(ocspRequest.Request, rootCertificate, ocspUrl, "1"); return(true); } catch (WebException e) { throw new ArgumentException("Unknown ocsp url", e); } catch (OcspException e) { throw new InternalException("Could not ping OCSP responder", e); } }