internal virtual void Validate(ISignedToken signedToken, RevocationData data)
{
if (!RevocationInfo.ContainsKey(signedToken))
{
throw new ArgumentException(signedToken + " must be a key of revocationInfo");
}
if (data is null)
{
throw new ArgumentNullException(nameof(data));
}
RevocationInfo[signedToken] = data;
}
/// <summary>
/// Build the validation context for the specific date
/// </summary>
public virtual void Validate(DateTime validationDate, ICertificateSource optionalSource, ICrlSource optionalCRLSource, IOcspSource optionalOCPSSource, IList <CertificateAndContext> usedCerts)
{
int previousSize = RevocationInfo.Count;
int previousVerified = VerifiedTokenCount();
ISignedToken signedToken = GetOneNotYetVerifiedToken();
if (signedToken != null)
{
ICertificateSource otherSource = new CompositeCertificateSource(signedToken.GetWrappedCertificateSource(), optionalSource);
CertificateAndContext issuer = GetIssuerCertificate(signedToken, otherSource, validationDate);
RevocationData data = null;
if (issuer == null)
{
logger?.Warn("Don't found any issuer for token " + signedToken);
data = new RevocationData(signedToken);
}
else
{
usedCerts?.Add(issuer);
AddNotYetVerifiedToken(certificateTokenFactory(issuer));
if (issuer.Certificate.SubjectDN.Equals(issuer.Certificate.IssuerDN))
{
ISignedToken trustedToken = certificateTokenFactory(issuer);
RevocationData noNeedToValidate = new RevocationData();
if (issuer.CertificateSource == CertificateSourceType.TRUSTED_LIST)
{
noNeedToValidate.SetRevocationData(CertificateSourceType.TRUSTED_LIST);
}
Validate(trustedToken, noNeedToValidate);
}
else if (issuer.CertificateSource == CertificateSourceType.TRUSTED_LIST)
{
ISignedToken trustedToken = certificateTokenFactory(issuer);
RevocationData noNeedToValidate = new RevocationData();
noNeedToValidate.SetRevocationData(CertificateSourceType.TRUSTED_LIST);
Validate(trustedToken, noNeedToValidate);
}
if (signedToken is CertificateToken)
{
CertificateToken ct = (CertificateToken)signedToken;
CertificateStatus status = GetCertificateValidity(ct.GetCertificateAndContext(), issuer, validationDate, optionalCRLSource, optionalOCPSSource);
data = new RevocationData(signedToken);
if (status != null)
{
data.SetRevocationData(status.StatusSource);
if (status.StatusSource is X509Crl)
{
AddNotYetVerifiedToken(new CRLToken((X509Crl)status.StatusSource));
}
else
{
if (status.StatusSource is BasicOcspResp)
{
AddNotYetVerifiedToken(new OCSPRespToken((BasicOcspResp)status.StatusSource));
}
}
}
else
{
logger?.Warn("No status for " + signedToken);
}
}
else
{
if (signedToken is CRLToken || signedToken is OCSPRespToken || signedToken is TimestampToken)
{
data = new RevocationData(signedToken);
data.SetRevocationData(issuer);
}
else
{
throw new Exception("Not supported token type " + signedToken.GetType().Name);
}
}
}
Validate(signedToken, data);
logger?.Info(ToString());
int newSize = RevocationInfo.Count;
int newVerified = VerifiedTokenCount();
if (newSize != previousSize || newVerified != previousVerified)
{
Validate(validationDate, otherSource, optionalCRLSource, optionalOCPSSource, usedCerts);
}
}
}
