public const int Unauthorized = 6; // Request unauthorized
public OcspResp Generate(
int status,
object response)
{
if (response == null)
{
return(new OcspResp(new OcspResponse(new OcspResponseStatus(status), null)));
}
if (response is BasicOcspResp)
{
BasicOcspResp r = (BasicOcspResp)response;
Asn1OctetString octs;
try
{
octs = new DerOctetString(r.GetEncoded());
}
catch (Exception e)
{
throw new OcspException("can't encode object.", e);
}
ResponseBytes rb = new ResponseBytes(
OcspObjectIdentifiers.PkixOcspBasic, octs);
return(new OcspResp(new OcspResponse(
new OcspResponseStatus(status), rb)));
}
throw new OcspException("unknown response object");
}
/// <param name="ocspResp"></param>
/// <returns></returns>
public virtual bool Match(BasicOcspResp ocspResp)
{
try
{
IDigest digest = DigestUtilities.GetDigest(algorithm);
byte[] oscpBytes;
if (matchOnlyBasicOCSPResponse)
{
oscpBytes = ocspResp.GetEncoded();
}
else
{
oscpBytes = OCSPUtils.FromBasicToResp(ocspResp).GetEncoded();
}
digest.BlockUpdate(oscpBytes, 0, oscpBytes.Length);
byte[] computedValue = DigestUtilities.DoFinal(digest);
LOG.Info("Compare " + Hex.ToHexString(digestValue) + " to computed value " +
Hex.ToHexString(computedValue) + " of BasicOcspResp produced at " + ocspResp
.ProducedAt);
return Arrays.Equals(digestValue, computedValue);
}
catch (NoSuchAlgorithmException ex)
{
throw new RuntimeException("Maybe BouncyCastle provider is not installed ?", ex);
}
catch (IOException ex)
{
throw new RuntimeException(ex);
}
}
/// <summary>Convert a BasicOcspResp in OcspResp (connection status is set to SUCCESSFUL).
/// </summary>
/// <remarks>Convert a BasicOcspResp in OcspResp (connection status is set to SUCCESSFUL).
/// </remarks>
/// <param name="basicOCSPResp"></param>
/// <returns></returns>
public static OcspResp FromBasicToResp(BasicOcspResp basicOCSPResp)
{
try
{
return FromBasicToResp(basicOCSPResp.GetEncoded());
}
catch (IOException e)
{
throw new RuntimeException(e);
}
}
public OcspResp Generate(int status, object response)
{
if (response == null)
{
return(new OcspResp(new OcspResponse(new OcspResponseStatus(status), null)));
}
if (response is BasicOcspResp)
{
BasicOcspResp basicOcspResp = (BasicOcspResp)response;
Asn1OctetString response2;
try
{
response2 = new DerOctetString(basicOcspResp.GetEncoded());
}
catch (global::System.Exception e)
{
throw new OcspException("can't encode object.", e);
}
ResponseBytes responseBytes = new ResponseBytes(OcspObjectIdentifiers.PkixOcspBasic, response2);
return(new OcspResp(new OcspResponse(new OcspResponseStatus(status), responseBytes)));
}
throw new OcspException("unknown response object");
}
static void CheckValidityOfResponse(CertID id, BasicOcspResp responseObject, Ca ca)
{
var inputStream = new MemoryStream(responseObject.GetEncoded());
var asn1Sequence = (Asn1Sequence)new Asn1InputStream(inputStream).ReadObject();
var response = BasicOcspResponse.GetInstance(asn1Sequence);
var ocspChain = CreateOcspCertificateChain(ca);
if(ocspChain.Length == 0)
{
throw new OcspException("OCSP certificate chain is invalid");
}
var ocesOcspCertificate = OcesCertificateFactory.Instance.Generate(CompleteOcspChain(response, ocspChain));
CheckBasicOcspResp(id, responseObject, ocesOcspCertificate, ca);
var signingCertificate = new X509CertificateParser().ReadCertificate(response.Certs[0].GetEncoded());
var issuingCertificate = new X509CertificateParser().ReadCertificate(ocspChain[0].GetRawCertData());
signingCertificate.Verify(issuingCertificate.GetPublicKey());
if (!responseObject.Verify(signingCertificate.GetPublicKey()))
{
throw new OcspException("Signature is invalid");
}
}
