Ejemplo n.º 1
		public SingleResponse(
            Asn1Sequence seq)
            this.certID = CertID.GetInstance(seq[0]);
            this.certStatus = CertStatus.GetInstance(seq[1]);
            this.thisUpdate = (DerGeneralizedTime)seq[2];

			if (seq.Count > 4)
                this.nextUpdate = DerGeneralizedTime.GetInstance(
					(Asn1TaggedObject) seq[3], true);
                this.singleExtensions = X509Extensions.GetInstance(
					(Asn1TaggedObject) seq[4], true);
            else if (seq.Count > 3)
                Asn1TaggedObject o = (Asn1TaggedObject) seq[3];

				if (o.TagNo == 0)
                    this.nextUpdate = DerGeneralizedTime.GetInstance(o, true);
                    this.singleExtensions = X509Extensions.GetInstance(o, true);
Ejemplo n.º 3
 private Request(Asn1Sequence seq)
     this.reqCert = CertID.GetInstance(seq[0]);
     if (seq.Count == 2)
         this.singleRequestExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[1], true);
Ejemplo n.º 4
		public CertificateID(
			CertID id)
			if (id == null)
				throw new ArgumentNullException("id"); = id;
Ejemplo n.º 5
 public SingleResponse(CertID certID, CertStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions singleExtensions)
     this.certID           = certID;
     this.certStatus       = certStatus;
     this.thisUpdate       = thisUpdate;
     this.nextUpdate       = nextUpdate;
     this.singleExtensions = singleExtensions;
Ejemplo n.º 6
        static bool CertificateIsValid(CertID id, OcspResp ocspResp, string serialNumber, Ca ca)
            BasicOcspResp response = GetResponseObject(ocspResp);
            CheckValidityOfResponse(id, response, ca);

            return SerialNumberInResponseIsNotRevoked(response, serialNumber);
Ejemplo n.º 7
 public Request(CertID reqCert, X509Extensions singleRequestExtensions)
     if (reqCert == null)
         throw new ArgumentNullException("reqCert");
     this.reqCert = reqCert;
     this.singleRequestExtensions = singleRequestExtensions;
Ejemplo n.º 8
		public Request(
            CertID			reqCert,
            X509Extensions	singleRequestExtensions)
			if (reqCert == null)
				throw new ArgumentNullException("reqCert");

			this.reqCert = reqCert;
            this.singleRequestExtensions = singleRequestExtensions;
Ejemplo n.º 10
		 * create from an issuer certificate and the serial number of the
		 * certificate it signed.
		 * @exception OcspException if any problems occur creating the id fields.
		public CertificateID(
			string			hashAlgorithm,
			X509Certificate	issuerCert,
			BigInteger		serialNumber)
			AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
				new DerObjectIdentifier(hashAlgorithm), DerNull.Instance); = CreateCertID(hashAlg, issuerCert, new DerInteger(serialNumber));
Ejemplo n.º 11
		private Request(
			Asn1Sequence seq)
			reqCert = CertID.GetInstance(seq[0]);

			if (seq.Count == 2)
                singleRequestExtensions = X509Extensions.GetInstance(
					(Asn1TaggedObject)seq[1], true);
Ejemplo n.º 12
		public SingleResponse(
            CertID              certID,
            CertStatus          certStatus,
            DerGeneralizedTime  thisUpdate,
            DerGeneralizedTime  nextUpdate,
            X509Extensions      singleExtensions)
            this.certID = certID;
            this.certStatus = certStatus;
            this.thisUpdate = thisUpdate;
            this.nextUpdate = nextUpdate;
            this.singleExtensions = singleExtensions;
Ejemplo n.º 13
         * create from an issuer certificate and the serial number of the
         * certificate it signed.
         * @exception OcspException if any problems occur creating the id fields.
        public CertificateID(
			string			hashAlgorithm,
			X509Certificate	issuerCert,
			BigInteger		number)
                IDigest digest = DigestUtilities.GetDigest(hashAlgorithm);
                AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
                    new DerObjectIdentifier(hashAlgorithm), DerNull.Instance);

                X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert);

                byte[] encodedIssuerName = issuerName.GetEncoded();
                digest.BlockUpdate(encodedIssuerName, 0, encodedIssuerName.Length);

                byte[] hash = DigestUtilities.DoFinal(digest);

                Asn1OctetString issuerNameHash = new DerOctetString(hash);
                AsymmetricKeyParameter issuerKey = issuerCert.GetPublicKey();

                SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey);

                byte[] encodedPublicKey = info.PublicKeyData.GetBytes();
                digest.BlockUpdate(encodedPublicKey, 0, encodedPublicKey.Length);

                hash = DigestUtilities.DoFinal(digest);

                Asn1OctetString issuerKeyHash = new DerOctetString(hash);

                DerInteger serialNumber = new DerInteger(number);

       = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
            catch (Exception e)
                throw new OcspException("problem creating ID: " + e, e);
Ejemplo n.º 14
 public SingleResponse(Asn1Sequence seq)
     certID     = CertID.GetInstance(seq[0]);
     certStatus = CertStatus.GetInstance(seq[1]);
     thisUpdate = (DerGeneralizedTime)seq[2];
     if (seq.Count > 4)
         nextUpdate       = DerGeneralizedTime.GetInstance((Asn1TaggedObject)seq[3], isExplicit: true);
         singleExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[4], explicitly: true);
     else if (seq.Count > 3)
         Asn1TaggedObject asn1TaggedObject = (Asn1TaggedObject)seq[3];
         if (asn1TaggedObject.TagNo == 0)
             nextUpdate = DerGeneralizedTime.GetInstance(asn1TaggedObject, isExplicit: true);
             singleExtensions = X509Extensions.GetInstance(asn1TaggedObject, explicitly: true);
Ejemplo n.º 15
 public static bool CertificateIsValid(CertID id, OcspResp ocspResp, IOcesCertificate certificate)
     return CertificateIsValid(id, ocspResp, SerialNumberConverter.FromCertificate(certificate), certificate.IssuingCa);
Ejemplo n.º 16
        static void CheckValidityOfResponse(CertID id, BasicOcspResp responseObject, Ca ca)
            var inputStream = new MemoryStream(responseObject.GetEncoded());
            var asn1Sequence = (Asn1Sequence)new Asn1InputStream(inputStream).ReadObject();

            var response = BasicOcspResponse.GetInstance(asn1Sequence);

            var ocspChain = CreateOcspCertificateChain(ca);
            if(ocspChain.Length == 0)
                throw new OcspException("OCSP certificate chain is invalid");
            var ocesOcspCertificate = OcesCertificateFactory.Instance.Generate(CompleteOcspChain(response, ocspChain));
            CheckBasicOcspResp(id, responseObject, ocesOcspCertificate, ca);

            var signingCertificate = new X509CertificateParser().ReadCertificate(response.Certs[0].GetEncoded());
            var issuingCertificate = new X509CertificateParser().ReadCertificate(ocspChain[0].GetRawCertData());
            if (!responseObject.Verify(signingCertificate.GetPublicKey()))
                throw new OcspException("Signature is invalid");
Ejemplo n.º 17
 public static CertID GetInstance(Asn1TaggedObject obj, bool explicitly)
     return(CertID.GetInstance(Asn1Sequence.GetInstance(obj, explicitly)));
        static OcspReqAndId CreateOcspRequest(Asn1OctetString issuerNameHash,
            Asn1OctetString issuerKeyHash, string serialNumber)
            var hashAlgorithm = new AlgorithmIdentifier(X509ObjectIdentifiers.IdSha1, DerNull.Instance);
            var derSerialNumber = new DerInteger(new BigInteger(serialNumber));
            var id = new CertID(hashAlgorithm, issuerNameHash, issuerKeyHash, derSerialNumber);

            var generator = new OcspReqGenerator();
            generator.AddRequest(new CertificateID(id));
            return new OcspReqAndId(generator.Generate(), id);
Ejemplo n.º 19
        private static void CheckBasicOcspResp(CertID id, BasicOcspResp basicResp, OcesCertificate ocspCertificate, Ca ca)
            DateTime nowInGmt = DateTime.Now.ToUniversalTime();

            /* check condition:
                 The certificate identified in a received response corresponds to
                 that which was identified in the corresponding request;
            SingleResp[] responses = basicResp.Responses;
            if (responses.Length != 1)
                throw new OcspException("unexpected number of responses received");

            if (!id.SerialNumber.Value.Equals(responses[0].GetCertID().SerialNumber))
                throw new OcspException("Serial number mismatch problem");

            /* check condition
               The signature on the response is valid;
                ChainVerifier.VerifyTrust(ocspCertificate.ExportCertificate(), ca);
            catch(ChainVerificationException e)
                throw new OcspException("OCSP response certificate chain is invalid", e);

            /* check the signature on the ocsp response */
            var ocspBcCertificate =
                new X509CertificateParser().ReadCertificate(ocspCertificate.ExportCertificate().RawData);
            if (!basicResp.Verify(ocspBcCertificate.GetPublicKey()))
                throw new OcspException("signature validation failed for ocsp response");

            if (!CanSignOcspResponses(ocspBcCertificate))
                throw new OcspException("ocsp signing certificate has not been cleared for ocsp response signing");

            /* check expiry of the signing certificate */
            if (ocspCertificate.ValidityStatus() != CertificateStatus.Valid)
                throw new OcspException("OCSP certificate expired or not yet valid");

            /* check condition
               The time at which the status being indicated is known to be
               correct (thisUpdate) is sufficiently recent.
            SingleResp response = responses[0];

            var diff = response.ThisUpdate - nowInGmt;
            if (diff > new TimeSpan(0, 1, 0))
                throw new OcspException("OCSP response signature is from the future. Timestamp of thisUpdate field: "
                                        + response.ThisUpdate);

            if (response.NextUpdate != null && response.NextUpdate.Value < nowInGmt)
                throw new OcspException("OCSP response is no longer valid");
Ejemplo n.º 20
 public OcspReqAndId(OcspReq request, CertID id)
     Request = request;
     Id = id;
Ejemplo n.º 21
        public CertificateID(
			CertID id)
   = id;