Exemple #1
0
 /// <summary>Verifies a certificate against a single OCSP response</summary>
 /// <param name="ocspResp">the OCSP response</param>
 /// <param name="signCert">the certificate that needs to be checked</param>
 /// <param name="issuerCert">the certificate of CA (certificate that issued signCert). This certificate is considered trusted and valid by this method.
 ///     </param>
 /// <param name="signDate">sign date</param>
 /// <returns>
 ///
 /// <see langword="true"/>
 /// , in case successful check, otherwise false.
 /// </returns>
 public virtual bool Verify(BasicOcspResp ocspResp, X509Certificate signCert, X509Certificate issuerCert, DateTime
                            signDate)
 {
     if (ocspResp == null)
     {
         return(false);
     }
     // Getting the responses
     SingleResp[] resp = ocspResp.Responses;
     for (int i = 0; i < resp.Length; i++)
     {
         // check if the serial number corresponds
         if (!signCert.SerialNumber.Equals(resp[i].GetCertID().SerialNumber))
         {
             continue;
         }
         // check if the issuer matches
         try {
             if (issuerCert == null)
             {
                 issuerCert = signCert;
             }
             if (!SignUtils.CheckIfIssuersMatch(resp[i].GetCertID(), issuerCert))
             {
                 LOGGER.Info("OCSP: Issuers doesn't match.");
                 continue;
             }
         }
         catch (OcspException) {
             continue;
         }
         // check if the OCSP response was valid at the time of signing
         if (resp[i].NextUpdate == null)
         {
             DateTime nextUpdate = SignUtils.Add180Sec(resp[i].ThisUpdate);
             LOGGER.Info(MessageFormatUtil.Format("No 'next update' for OCSP Response; assuming {0}", nextUpdate));
             if (signDate.After(nextUpdate))
             {
                 LOGGER.Info(MessageFormatUtil.Format("OCSP no longer valid: {0} after {1}", signDate, nextUpdate));
                 continue;
             }
         }
         else
         {
             if (signDate.After(resp[i].NextUpdate))
             {
                 LOGGER.Info(MessageFormatUtil.Format("OCSP no longer valid: {0} after {1}", signDate, resp[i].NextUpdate));
                 continue;
             }
         }
         // check the status of the certificate
         Object status = resp[i].GetCertStatus();
         if (status == CertificateStatus.Good)
         {
             // check if the OCSP response was genuine
             IsValidResponse(ocspResp, issuerCert, signDate);
             return(true);
         }
     }
     return(false);
 }