public IActionResult Index(CertificateStatusRequest request)
{
AccessToken token;
try
{
token = _accessTokenSerializer.Deserialize(request.AccessToken);
}
catch (Exception ex)
{
_logger.LogInformation(ex, "Access token could not be decrypted");
return(Unauthorized());
}
var cert = _secretStorage.LoadAuthenticodeCertificate(token.KeyName, token.Code);
return(Ok(new CertificateStatusResponse
{
CreationDate = cert.NotBefore,
ExpiryDate = cert.NotAfter,
Issuer = cert.IssuerName.Format(false),
Name = cert.FriendlyName,
SerialNumber = cert.SerialNumber,
Subject = cert.SubjectName.Format(false),
Thumbprint = cert.Thumbprint,
}));
}
public static byte[] CreateStatusRequestExtension(CertificateStatusRequest statusRequest)
{
if (statusRequest == null)
{
throw new TlsFatalAlert(80);
}
MemoryStream memoryStream = new MemoryStream();
statusRequest.Encode(memoryStream);
return(memoryStream.ToArray());
}
public static CertificateStatusRequest ReadStatusRequestExtension(byte[] extensionData)
{
if (extensionData == null)
{
throw new ArgumentNullException("extensionData");
}
MemoryStream memoryStream = new MemoryStream(extensionData, writable: false);
CertificateStatusRequest result = CertificateStatusRequest.Parse(memoryStream);
TlsProtocol.AssertEmpty(memoryStream);
return(result);
}
public IActionResult Index(CertificateStatusRequest request)
{
AccessToken token;
try
{
token = _accessTokenSerializer.Deserialize(request.AccessToken);
}
catch (Exception ex)
{
_logger.LogInformation(ex, "Access token could not be decrypted");
return(Unauthorized());
}
switch (KeyTypeUtils.FromFilename(token.KeyName))
{
case KeyType.Authenticode:
var cert = _secretStorage.LoadAuthenticodeCertificate(token.KeyName, token.Code);
return(Ok(new CertificateStatusResponse
{
CreationDate = cert.NotBefore,
ExpiryDate = cert.NotAfter,
Issuer = cert.IssuerName.Format(false),
Name = cert.FriendlyName,
SerialNumber = cert.SerialNumber,
Subject = cert.SubjectName.Format(false),
Thumbprint = cert.Thumbprint,
}));
case KeyType.Gpg:
var key = _ctx.KeyStore.GetKey(token.KeyFingerprint, secretOnly: false);
var subkey = key.Subkeys.First(x => x.KeyId == token.KeyFingerprint);
return(Ok(new CertificateStatusResponse
{
CreationDate = subkey.Timestamp,
ExpiryDate = subkey.Expires,
Issuer = key.IssuerName,
Name = token.KeyName,
Subject = key.Uid.Uid,
Thumbprint = subkey.KeyId,
}));
default:
return(NotFound("Unknown key type"));
}
}
public static void AddStatusRequestExtension(IDictionary extensions, CertificateStatusRequest statusRequest)
{
extensions[5] = CreateStatusRequestExtension(statusRequest);
}
