private void IncorporateOCSPRefs(CompleteRevocationRefs completeRevocationRefs , ValidationContext ctx) { if (!ctx.GetNeededOCSPResp().IsEmpty()) { var ocsp = ctx.GetNeededOCSPResp()[0]; //TODO jbonill Digest parameter? byte[] ocspDigest = DigestUtilities.CalculateDigest("SHA-1", ocsp.GetEncoded()); MSXades.OCSPRef incOCSPRef = new MSXades.OCSPRef(); //TODO jbonilla Digest parameter? incOCSPRef.CertDigest.DigestMethod.Algorithm = SignedXml.XmlDsigSHA1Url; incOCSPRef.CertDigest.DigestValue = ocspDigest; //TODO jbonilla //incOCSPRef.OCSPIdentifier.UriAttribute = ""; incOCSPRef.OCSPIdentifier.ProducedAt = ocsp.ProducedAt; string responderIdText = ""; RespID respId = ocsp.ResponderId; ResponderID ocspResponderId = respId.ToAsn1Object(); DerTaggedObject derTaggedObject = (DerTaggedObject)ocspResponderId.ToAsn1Object(); if (2 == derTaggedObject.TagNo) { responderIdText = Convert.ToBase64String(ocspResponderId.GetKeyHash()); } else { responderIdText = ocspResponderId.Name.ToString(); } incOCSPRef.OCSPIdentifier.ResponderID = responderIdText; completeRevocationRefs.OCSPRefs.OCSPRefCollection.Add(incOCSPRef); } }
/// <summary> /// Load state from an XML element /// </summary> /// <param name="xmlElement">XML element containing new state</param> public void LoadXml(System.Xml.XmlElement xmlElement) { XmlNamespaceManager xmlNamespaceManager; XmlNodeList xmlNodeList; OCSPRef newOCSPRef; IEnumerator enumerator; XmlElement iterationXmlElement; if (xmlElement == null) { throw new ArgumentNullException("xmlElement"); } xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable); xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri); this.ocspRefCollection.Clear(); xmlNodeList = xmlElement.SelectNodes("xsd:OCSPRef", xmlNamespaceManager); enumerator = xmlNodeList.GetEnumerator(); try { while (enumerator.MoveNext()) { iterationXmlElement = enumerator.Current as XmlElement; if (iterationXmlElement != null) { newOCSPRef = new OCSPRef(); newOCSPRef.LoadXml(iterationXmlElement); this.ocspRefCollection.Add(newOCSPRef); } } } finally { IDisposable disposable = enumerator as IDisposable; if (disposable != null) { disposable.Dispose(); } } }
private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer) { bool byKey = false; List<string> ocspServers = new List<string>(); Org.BouncyCastle.X509.X509Certificate clientCert = CertUtil.ConvertToX509Certificate(client); Org.BouncyCastle.X509.X509Certificate issuerCert = CertUtil.ConvertToX509Certificate(issuer); OcspClient ocsp = new OcspClient(); string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert); if (!string.IsNullOrEmpty(certOcspUrl)) { ocspServers.Add(certOcspUrl); } foreach (var ocspUrl in _firma.OCSPServers) { ocspServers.Add(ocspUrl); } foreach (var ocspUrl in ocspServers) { byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspUrl); FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(clientCert, issuerCert, resp); if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked) { throw new Exception("Certificado revocado"); } else if (status == FirmaXadesNet.Clients.CertificateStatus.Good) { Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp); byte[] rEncoded = r.GetEncoded(); BasicOcspResp or = (BasicOcspResp)r.GetResponseObject(); string guidOcsp = Guid.NewGuid().ToString(); OCSPRef ocspRef = new OCSPRef(); ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp; DigestUtil.SetCertDigest(rEncoded, _firma.RefsDigestMethod, ocspRef.CertDigest); Org.BouncyCastle.Asn1.Ocsp.ResponderID rpId = or.ResponderId.ToAsn1Object(); string name = GetResponderName(rpId, ref byKey); if (!byKey) { ocspRef.OCSPIdentifier.ResponderID = RevertIssuerName(name); } else { ocspRef.OCSPIdentifier.ResponderID = name; ocspRef.OCSPIdentifier.ByKey = true; } ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime(); unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef); OCSPValue ocspValue = new OCSPValue(); ocspValue.PkiData = rEncoded; ocspValue.Id = "OcspValue" + guidOcsp; unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue); return (from cert in or.GetCerts() select new X509Certificate2(cert.GetEncoded())).ToArray(); } } throw new Exception("El certificado no ha podido ser validado"); }
/// <summary> /// Add typed object to the collection /// </summary> /// <param name="objectToAdd">Typed object to be added to collection</param> /// <returns>The object that has been added to collection</returns> public OCSPRef Add(OCSPRef objectToAdd) { base.Add(objectToAdd); return(objectToAdd); }
/// <summary> /// Add typed object to the collection /// </summary> /// <param name="objectToAdd">Typed object to be added to collection</param> /// <returns>The object that has been added to collection</returns> public OCSPRef Add(OCSPRef objectToAdd) { base.Add(objectToAdd); return objectToAdd; }