private RevokedInfo(
Asn1Sequence seq)
{
this.revocationTime = (DerGeneralizedTime)seq[0];
if (seq.Count > 1)
{
this.revocationReason = new CrlReason(
DerEnumerated.GetInstance((Asn1TaggedObject)seq[1], true));
}
}
public RevokedInfo(
DerGeneralizedTime revocationTime,
CrlReason revocationReason)
{
if (revocationTime == null)
{
throw new ArgumentNullException("revocationTime");
}
this.revocationTime = revocationTime;
this.revocationReason = revocationReason;
}
private void createDB()
{
certs = new List <DataBase>();
X509CertificateParser cp = new X509CertificateParser();
XDocument db;
if (XmlSigning.VerifyXmlFile(dbLocation))
{
db = XDocument.Load(dbLocation);
}
else
{
throw new GeneralSecurityException("Signature failure on db file");
}
// Select records of the appropriate status
var records = db.Element("OSCA").Descendants("record").Where
(m => m.Element("revocation").Attribute("status").Value == certStatus.ToString().ToLower());
foreach (XElement record in records)
{
DataBase entry = new DataBase();
entry.dn = Utility.OrderDN(record.Element("dn").Value);
entry.serialNumber = record.Element("serialNumber").Value;
entry.profile = record.Element("profile").Value;
entry.created = friendlyDate(record.Element("created").Value);
entry.expiry = friendlyDate(record.Element("expiry").Value);
entry.certificate = cp.ReadCertificate(Convert.FromBase64String(record.Element("certificate").Value));
entry.status = record.Element("revocation").Attribute("status").Value;
if (certStatus == CertStatus.Revoked)
{
entry.revDate = friendlyDate(record.Element("revocation").Element("date").Value);
entry.revReason = CrlReason.GetReason(record.Element("revocation").Element("reason").Value);
}
certs.Add(entry);
}
}
private ResponseObject(CertificateID certId, CertificateStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions extensions)
{
this.certId = certId;
if (certStatus == null)
{
this.certStatus = new CertStatus();
}
else if (certStatus is UnknownStatus)
{
this.certStatus = new CertStatus(2, DerNull.Instance);
}
else
{
RevokedStatus revokedStatus = (RevokedStatus)certStatus;
CrlReason revocationReason = revokedStatus.HasRevocationReason ? new CrlReason(revokedStatus.RevocationReason) : null;
this.certStatus = new CertStatus(new RevokedInfo(new DerGeneralizedTime(revokedStatus.RevocationTime), revocationReason));
}
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.extensions = extensions;
}
public bool IsRevoked(CertificateID id, ref DerGeneralizedTime dt, ref CrlReason reason)
{
if (Crl == null)
{
return(false);
}
else
{
X509CrlEntry ent = Crl.GetRevokedCertificate(id.SerialNumber);
if (ent == null)
{
return(false);
}
else
{
dt = new DerGeneralizedTime(ent.RevocationDate);
reason = new CrlReason(CrlReason.CessationOfOperation);
return(true);
}
}
}
public void AddCrlEntry(DerInteger userCertificate, Time revocationDate, int reason, DerGeneralizedTime invalidityDate)
{
IList list = Platform.CreateArrayList();
IList list2 = Platform.CreateArrayList();
if (reason != 0)
{
CrlReason crlReason = new CrlReason(reason);
try
{
list.Add(X509Extensions.ReasonCode);
list2.Add(new X509Extension(critical: false, new DerOctetString(crlReason.GetEncoded())));
}
catch (IOException arg)
{
throw new ArgumentException("error encoding reason: " + arg);
}
}
if (invalidityDate != null)
{
try
{
list.Add(X509Extensions.InvalidityDate);
list2.Add(new X509Extension(critical: false, new DerOctetString(invalidityDate.GetEncoded())));
}
catch (IOException arg2)
{
throw new ArgumentException("error encoding invalidityDate: " + arg2);
}
}
if (list.Count != 0)
{
AddCrlEntry(userCertificate, revocationDate, new X509Extensions(list, list2));
}
else
{
AddCrlEntry(userCertificate, revocationDate, null);
}
}
public override void handlePOSTRequest(HttpProcessor p, MemoryStream ms)
{
try
{
byte[] ocspdata = ms.ToArray();
OcspReq req = new OcspReq(ocspdata);
GeneralName name = req.RequestorName;
if (validator != null)
{
string stat = "GOOD";
foreach (CertificateID id in req.GetIDs())
{
Stopwatch st = new Stopwatch();
st.Start();
OCSPCache cac = GetCache(id.SerialNumber.LongValue);
if (cac != null)
{
Console.Write("[CACHED] ");
string header = GetRFC822Date(cac.CacheTime);
byte[] responseBytes = cac.data;
p.outputStream.WriteLine("HTTP/1.1 200 OK");
p.outputStream.WriteLine("content-transfer-encoding: binary");
p.outputStream.WriteLine("Last-Modified: " + header);
p.outputStream.WriteLine("Content-Type: application/ocsp-response");
p.outputStream.WriteLine("Connection: keep-alive");
p.outputStream.WriteLine("Accept-Ranges: bytes");
p.outputStream.WriteLine("Server: AS-OCSP-1.0");
p.outputStream.WriteLine("Content-Length: " + responseBytes.Length.ToString());
p.outputStream.WriteLine("");
p.outputStream.WriteContent(responseBytes);
}
else
{
// validate
OCSPRespGenerator gen = new OCSPRespGenerator();
BasicOcspRespGenerator resp = new BasicOcspRespGenerator(validator.CACert.GetPublicKey());
DerGeneralizedTime dt = new DerGeneralizedTime(DateTime.Parse("03/09/2014 14:00:00"));
CrlReason reason = new CrlReason(CrlReason.CACompromise);
if (validator.IsRevoked(id, ref dt, ref reason))
{
RevokedInfo rinfo = new RevokedInfo(dt, reason);
RevokedStatus rstatus = new RevokedStatus(rinfo);
resp.AddResponse(id, rstatus);
stat = "REVOKED";
}
else
{
resp.AddResponse(id, CertificateStatus.Good);
}
BasicOcspResp response = resp.Generate("SHA1withRSA", validator.CAKey, new X509Certificate[] { validator.CACert }, DateTime.Now);
OcspResp or = gen.Generate(OCSPRespGenerator.Successful, response);
string header = GetRFC822Date(DateTime.Now);
byte[] responseBytes = or.GetEncoded();
AddCache(responseBytes, id.SerialNumber.LongValue);
p.outputStream.WriteLine("HTTP/1.1 200 OK");
p.outputStream.WriteLine("content-transfer-encoding: binary");
p.outputStream.WriteLine("Last-Modified: " + header);
p.outputStream.WriteLine("Content-Type: application/ocsp-response");
p.outputStream.WriteLine("Connection: keep-alive");
p.outputStream.WriteLine("Accept-Ranges: bytes");
p.outputStream.WriteLine("Server: AS-OCSP-1.0");
p.outputStream.WriteLine("Content-Length: " + responseBytes.Length.ToString());
p.outputStream.WriteLine("");
p.outputStream.WriteContent(responseBytes);
}
Console.Write(id.SerialNumber + " PROCESSED IN " + st.Elapsed + " STATUS " + stat);
Console.WriteLine("");
}
}
else
{
p.writeFailure();
}
}
catch (Exception ex)
{
Console.WriteLine("OCSP Server Error : " + ex.Message);
}
}
