This class consist of a sequence of at least one OCSP Response. The EncapsulatedOCSPValue element contains the base64 encoding of a DER-encoded OCSP Response
Inheritance: EncapsulatedPKIData
Esempio n. 1
0
        private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer)
        {
            bool byKey = false;
            List<string> ocspServers = new List<string>();
            Org.BouncyCastle.X509.X509Certificate clientCert = CertUtil.ConvertToX509Certificate(client);
            Org.BouncyCastle.X509.X509Certificate issuerCert = CertUtil.ConvertToX509Certificate(issuer);

            OcspClient ocsp = new OcspClient();
            string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert);

            if (!string.IsNullOrEmpty(certOcspUrl))
            {
                ocspServers.Add(certOcspUrl);
            }

            foreach (var ocspUrl in _firma.OCSPServers)
            {
                ocspServers.Add(ocspUrl);
            }

            foreach (var ocspUrl in ocspServers)
            {
                byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspUrl);

                FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(clientCert, issuerCert, resp);

                if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked)
                {
                    throw new Exception("Certificado revocado");
                }
                else if (status == FirmaXadesNet.Clients.CertificateStatus.Good)
                {
                    Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp);
                    byte[] rEncoded = r.GetEncoded();
                    BasicOcspResp or = (BasicOcspResp)r.GetResponseObject();

                    string guidOcsp = Guid.NewGuid().ToString();

                    OCSPRef ocspRef = new OCSPRef();
                    ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp;
                    DigestUtil.SetCertDigest(rEncoded, _firma.RefsDigestMethod, ocspRef.CertDigest);

                    Org.BouncyCastle.Asn1.Ocsp.ResponderID rpId = or.ResponderId.ToAsn1Object();
                    string name = GetResponderName(rpId, ref byKey);

                    if (!byKey)
                    {
                        ocspRef.OCSPIdentifier.ResponderID = RevertIssuerName(name);
                    }
                    else
                    {
                        ocspRef.OCSPIdentifier.ResponderID = name;
                        ocspRef.OCSPIdentifier.ByKey = true;
                    }

                    ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime();
                    unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef);

                    OCSPValue ocspValue = new OCSPValue();
                    ocspValue.PkiData = rEncoded;
                    ocspValue.Id = "OcspValue" + guidOcsp;
                    unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue);

                    return (from cert in or.GetCerts()
                            select new X509Certificate2(cert.GetEncoded())).ToArray();
                }
            }

            throw new Exception("El certificado no ha podido ser validado");
        }
        /// <summary>
        /// Add typed object to the collection
        /// </summary>
        /// <param name="objectToAdd">Typed object to be added to collection</param>
        /// <returns>The object that has been added to collection</returns>
        public OCSPValue Add(OCSPValue objectToAdd)
        {
            base.Add(objectToAdd);

            return(objectToAdd);
        }
Esempio n. 3
0
		/// <summary>
		/// Load state from an XML element
		/// </summary>
		/// <param name="xmlElement">XML element containing new state</param>
		public void LoadXml(System.Xml.XmlElement xmlElement)
		{
			XmlNamespaceManager xmlNamespaceManager;
			XmlNodeList xmlNodeList;
			OCSPValue newOCSPValue;
			IEnumerator enumerator;
			XmlElement iterationXmlElement;
			
			if (xmlElement == null)
			{
				throw new ArgumentNullException("xmlElement");
			}

			xmlNamespaceManager = new XmlNamespaceManager(xmlElement.OwnerDocument.NameTable);
			xmlNamespaceManager.AddNamespace("xsd", XadesSignedXml.XadesNamespaceUri);

			this.ocspValueCollection.Clear();
			xmlNodeList = xmlElement.SelectNodes("xsd:OCSPValue", xmlNamespaceManager);
			enumerator = xmlNodeList.GetEnumerator();
			try 
			{
				while (enumerator.MoveNext()) 
				{
					iterationXmlElement = enumerator.Current as XmlElement;
					if (iterationXmlElement != null)
					{
						newOCSPValue = new OCSPValue();
						newOCSPValue.LoadXml(iterationXmlElement);
						this.ocspValueCollection.Add(newOCSPValue);
					}
				}
			}
			finally 
			{
				IDisposable disposable = enumerator as IDisposable;
				if (disposable != null)
				{
					disposable.Dispose();
				}
			}
		}
        /// <summary>
        /// Add typed object to the collection
        /// </summary>
        /// <param name="objectToAdd">Typed object to be added to collection</param>
        /// <returns>The object that has been added to collection</returns>
        public OCSPValue Add(OCSPValue objectToAdd)
        {
            base.Add(objectToAdd);

            return objectToAdd;
        }
Esempio n. 5
0
        protected internal override void ExtendSignatureTag(XadesSignedXml xadesSignedXml)
        {
            base.ExtendSignatureTag(xadesSignedXml);

            X509Certificate signingCertificate = DotNetUtilities.FromX509Certificate(
                xadesSignedXml.GetSigningCertificate());

            DateTime signingTime = xadesSignedXml.XadesObject.QualifyingProperties
                .SignedProperties.SignedSignatureProperties.SigningTime;

            ValidationContext ctx = certificateVerifier.ValidateCertificate(signingCertificate
                , signingTime, new XAdESCertificateSource(xadesSignedXml.GetXml(), false), null, null);

            UnsignedProperties unsignedProperties = null;
            //int certificateValuesCounter;
            CertificateValues certificateValues;
            EncapsulatedX509Certificate encapsulatedX509Certificate;
            RevocationValues revocationValues;
            CRLValue newCRLValue;
            OCSPValue newOCSPValue;

            unsignedProperties = xadesSignedXml.UnsignedProperties;

            //TODO jbonilla Validate certificate refs.
            {                
                unsignedProperties.UnsignedSignatureProperties.CertificateValues = new CertificateValues();
                certificateValues = unsignedProperties.UnsignedSignatureProperties.CertificateValues;
                //certificateValues.Id = this.certificateValuesIdTextBox.Text;
                //certificateValuesCounter = 0;

                foreach (CertificateAndContext certificate in ctx.GetNeededCertificates())
                {
                    encapsulatedX509Certificate = new EncapsulatedX509Certificate();
                    //encapsulatedX509Certificate.Id = this.certificateValuesIdTextBox.Text + certificateValuesCounter.ToString();
                    encapsulatedX509Certificate.PkiData = certificate.GetCertificate().GetEncoded();
                    //certificateValuesCounter++;
                    certificateValues.EncapsulatedX509CertificateCollection.Add(encapsulatedX509Certificate);
                }             
            }
            
            unsignedProperties = xadesSignedXml.UnsignedProperties;
            unsignedProperties.UnsignedSignatureProperties.RevocationValues = new RevocationValues();
            revocationValues = unsignedProperties.UnsignedSignatureProperties.RevocationValues;
            //revocationValues.Id = this.revocationValuesIdTextBox.Text;           

            if (ctx.GetNeededOCSPResp().Count > 0)
            {
                foreach(BasicOcspResp ocsp in ctx.GetNeededOCSPResp())
                {
                    newOCSPValue = new OCSPValue();
                    newOCSPValue.PkiData = OCSPUtils.FromBasicToResp(ocsp).GetEncoded();
                    revocationValues.OCSPValues.OCSPValueCollection.Add(newOCSPValue);
                }               
            }

            if (ctx.GetNeededCRL().Count > 0)
            {
                foreach (X509Crl crl in ctx.GetNeededCRL())
                {
                    newCRLValue = new CRLValue();
                    newCRLValue.PkiData = crl.GetEncoded();
                    revocationValues.CRLValues.CRLValueCollection.Add(newCRLValue);
                }                
            }           

            xadesSignedXml.UnsignedProperties = unsignedProperties;
        }