Beispiel #1
0
        /// <summary>
        /// Retrieves the <see cref="OcspReq"/> from the request
        /// </summary>
        /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param>
        /// <returns><see cref="OcspReqResult"/> containing the <see cref="OcspReq"/></returns>
        private async Task <OcspReqResult> GetOcspRequest(OcspHttpRequest httpRequest)
        {
            // Validates the header of the request
            if (httpRequest.MediaType != "application/ocsp-request")
            {
                return(new OcspReqResult
                {
                    Status = OcspRespStatus.MalformedRequest,
                    Error = "OCSP requests requires 'application/ocsp-request' media's type on header"
                });
            }

            // Try to create the ocsp from the http request
            OcspReq ocspRequest;

            try
            {
                ocspRequest = CreateOcspReqFromHttpRequest(httpRequest);
            }
            catch (Exception e)
            {
                return(new OcspReqResult
                {
                    Status = OcspRespStatus.MalformedRequest,
                    Error = $"Error when creating OcspReq from the request. Exception: {e.Message}"
                });
            }

            // Validates whether the ocsp request have certificate's requests
            var requests = ocspRequest.GetRequestList();

            if (requests == null || requests.Length == 0)
            {
                return(new OcspReqResult
                {
                    Status = OcspRespStatus.MalformedRequest,
                    Error = "Request list is empty"
                });
            }


            // Valitates whether the requests are of this CA's responsibility
            X509Certificate issuerCertificate = null;
            var             issuerCerts       = (await OcspResponderRepository.GetIssuerCertificates()).ToArray();
            var             list = ocspRequest.GetRequestList();

            for (var i = 0; i < list.Length; i++)
            {
                var request       = list[i];
                var certificateId = request.GetCertID();
                var recognizedIssuerCertificate = issuerCerts.SingleOrDefault(issuerCert => certificateId.MatchesIssuer(issuerCert));

                if (i == 0)
                {
                    issuerCertificate = recognizedIssuerCertificate;
                }

                if (recognizedIssuerCertificate == null || !Equals(recognizedIssuerCertificate, issuerCertificate))
                {
                    return(new OcspReqResult
                    {
                        Status = OcspRespStatus.Unauthorized,
                        Error = "Any certificate is not of this CA's responsibility"
                    });
                }

                issuerCertificate = recognizedIssuerCertificate;
            }

            // Validation passed so we return the ocspRequest with success status
            return(new OcspReqResult
            {
                Status = OcspRespStatus.Successful,
                OcspRequest = ocspRequest,
                IssuerCertificate = issuerCertificate
            });
        }
Beispiel #2
0
        /// <inheritdoc />
        public async Task <IEnumerable <X509Certificate> > GetIssuerCertificates()
        {
            var certificates = await OcspResponderRepository.GetIssuerCertificates();

            return(certificates.Select(DotNetUtilities.FromX509Certificate).ToArray());
        }