/// <summary>
/// Get the ocsp request.
/// </summary>
/// <param name="certificates">The certificates to get status for.</param>
/// <returns>The ocsp request encoder data.</returns>
private byte[] GetOcspRequest(X509Certificate2[] certificates)
{
byte[] ocspData = null;
// Create the ocsp request.
Cryptography.Key.Ocsp.OcspReqGenerator gen = new Cryptography.Key.Ocsp.OcspReqGenerator();
// For each certificate.
foreach (X509Certificate2 certificate in certificates)
{
// Convert X509Certificate2 to X509.X509Certificate
Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser();
Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.RawData);
// Create the certificate ID.
Cryptography.Key.Ocsp.CertificateID certID =
new Cryptography.Key.Ocsp.CertificateID(Cryptography.Key.Ocsp.CertificateID.HashSha1, certBouncy, certBouncy.SerialNumber);
// Add the certificate ID.
gen.AddRequest(certID);
gen.SetRequestExtensions(GetExtentions());
}
// Generate the request.
Cryptography.Key.Ocsp.OcspReq req = gen.Generate();
ocspData = req.GetEncoded();
// Return the request.
return(ocspData);
}
/// <summary>
/// Get the RSA crypto service provider for the CA public key.
/// </summary>
/// <param name="publicKey">The stream containing the public key data.</param>
/// <param name="password">The password used to decrypt the key within the file.</param>
/// <returns>The RSA cryto service provider with the public key.</returns>
public RSACryptoServiceProvider PublicKeyProvider(StreamReader publicKey, string password = null)
{
Key.OpenSsl.PemReader publicKeyReader = null;
if (String.IsNullOrEmpty(password))
{
// Read the public key file.
publicKeyReader = new Key.OpenSsl.PemReader(publicKey);
}
else
{
// Read the public key file.
publicKeyReader = new Key.OpenSsl.PemReader(publicKey, new PasswordFinder(password));
}
// Get the ras key parameters
Cryptography.Key.X509.X509Certificate x509Certificate = (Cryptography.Key.X509.X509Certificate)publicKeyReader.ReadObject();
// Get the ras key parameters
Cryptography.Key.Crypto.Parameters.RsaKeyParameters rsaPublicKey = (Cryptography.Key.Crypto.Parameters.RsaKeyParameters)x509Certificate.GetPublicKey();
// Assign the rsa parameters.
RSAParameters rsaPublicParam = new RSAParameters();
rsaPublicParam.Exponent = rsaPublicKey.Exponent.ToByteArrayUnsigned();
rsaPublicParam.Modulus = rsaPublicKey.Modulus.ToByteArrayUnsigned();
// Create the encyption provider.
RSACryptoServiceProvider rsaEncryptProvider = new RSACryptoServiceProvider();
rsaEncryptProvider.ImportParameters(rsaPublicParam);
// Return the rsa provider.
return(rsaEncryptProvider);
}
/// <summary>
/// Set the certificate chain hierarchy (certificate authority chain). for the response certificate.
/// </summary>
/// <param name="certificates">The list of certificates within the chain.</param>
public void SetChain(X509Certificate2[] certificates)
{
// Create the list.
List <Cryptography.Key.X509.X509Certificate> certChain = new List <Cryptography.Key.X509.X509Certificate>();
// For each certificate.
foreach (X509Certificate2 certificate in certificates)
{
// Convert X509Certificate2 to X509.X509Certificate
Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser();
Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.RawData);
// Add the certificate.
certChain.Add(certBouncy);
}
// Set the certificate chain list.
_chain = certChain.ToArray();
}
/// <summary>
/// Get the response data for the certificate.
/// </summary>
/// <param name="certificates">The certificates to create the response for.</param>
/// <param name="responseStatus">The response status.</param>
/// <returns>The response data.</returns>
public byte[] GetResponse(CertificateResponse[] certificates, ResponseStatusType responseStatus)
{
byte[] response = null;
Cryptography.Key.Ocsp.OcspResp ocspResponse = null;
// If the response is successful
// then create the complete response.
if (responseStatus == ResponseStatusType.Successful)
{
// Only get the first signature.
bool isFirstCertificate = true;
string signatureAlogorithm = null;
// Add the certificate ID and status to the response.
Cryptography.Key.Ocsp.BasicOcspRespGenerator basicOcspResponseGen = new Cryptography.Key.Ocsp.BasicOcspRespGenerator(_publicKeySig);
// For each certificate add to the response collection.
foreach (CertificateResponse certificate in certificates)
{
// Create the correct certificate status response.
Cryptography.Key.Ocsp.CertificateStatus certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good;
switch (certificate.CertificateStatus.Status)
{
case CertificateStatusType.Revoked:
// Revoked.
certStatus = new Cryptography.Key.Ocsp.RevokedStatus(certificate.CertificateStatus.RevocationDate, (int)certificate.CertificateStatus.RevocationReason);
break;
case CertificateStatusType.Unknown:
// Unknown
certStatus = new Cryptography.Key.Ocsp.UnknownStatus();
break;
default:
// Good.
certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good;
break;
}
// Convert X509Certificate2 to X509.X509Certificate
Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser();
Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.X509Certificate.RawData);
// Create the certificate ID.
Cryptography.Key.Ocsp.CertificateID certID =
new Cryptography.Key.Ocsp.CertificateID(Cryptography.Key.Ocsp.CertificateID.HashSha1, certBouncy, certBouncy.SerialNumber);
basicOcspResponseGen.AddResponse(certID, certStatus);
// If the first certificate.
if (isFirstCertificate)
{
// Get the signature algorithm.
isFirstCertificate = false;
signatureAlogorithm = certBouncy.SigAlgName;
}
}
// Generate the basic response.
Cryptography.Key.Ocsp.BasicOcspResp basicOcspResponse = basicOcspResponseGen.Generate(signatureAlogorithm, _privateKeyCA, _chain, DateTime.Now);
// Create the complete response.
Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator();
ocspResponse = ocspResponseGen.Generate((int)responseStatus, basicOcspResponse);
response = ocspResponse.GetEncoded();
}
else
{
// Only create a limited response.
Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator();
ocspResponse = ocspResponseGen.Generate((int)responseStatus, null);
response = ocspResponse.GetEncoded();
}
// Return the response data.
return(response);
}
