C# (CSharp) OcspClientの例

コード例 #1

        public ActionResult Verify(string xml)
        {
            Response  response  = new Response(xml);
            Challenge challenge = Session["challenge"] as Challenge;

            if (!response.Valid(challenge))
            {
                return(Json(new { error = "Invalid DSIG" }, JsonRequestBehavior.AllowGet));
            }

            OcspClient ocspclient = new OcspClient();

            // This uses the BouncyCastle X509 primitives (Org.BouncyCastle.X509)
            X509CertificateParser parser  = new X509CertificateParser();
            var             fullgiltbytes = System.IO.File.ReadAllBytes(HttpContext.Server.MapPath("~/certs/fullgilt.cer"));
            X509Certificate fullgilt      = parser.ReadCertificate(fullgiltbytes);
            X509Certificate user          = parser.ReadCertificate(response.Certificate);

            try
            {
                CertificateStatus ocspresonse = ocspclient.Query(user, fullgilt);
                if (ocspresonse != CertificateStatus.Good)
                {
                    return(Json(new { error = Enum.GetName(typeof(CertificateStatus), ocspresonse) }));
                }

                // Do your normal login stuff here.
                Session["LoggedIn"] = true;
                return(Json(new { valid = true, msg = "Login successful" }, JsonRequestBehavior.AllowGet));
            }
            catch (Org.BouncyCastle.Ocsp.OcspException ocspex)
            {
                return(Json(new { error = ocspex.Message }, JsonRequestBehavior.AllowGet));
            }
        }

コード例 #2

        private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer, IEnumerable <string> ocspServers, FirmaXades.Crypto.DigestMethod digestMethod)
        {
            bool          byKey = false;
            List <string> list  = new List <string>();

            Org.BouncyCastle.X509.X509Certificate eeCert          = client.ToBouncyX509Certificate();
            Org.BouncyCastle.X509.X509Certificate x509Certificate = issuer.ToBouncyX509Certificate();
            OcspClient ocspClient = new OcspClient();
            string     authorityInformationAccessOcspUrl = ocspClient.GetAuthorityInformationAccessOcspUrl(x509Certificate);

            if (!string.IsNullOrEmpty(authorityInformationAccessOcspUrl))
            {
                list.Add(authorityInformationAccessOcspUrl);
            }
            foreach (string ocspServer in ocspServers)
            {
                list.Add(ocspServer);
            }
            foreach (string item in list)
            {
                byte[] array = ocspClient.QueryBinary(eeCert, x509Certificate, item);
                switch (ocspClient.ProcessOcspResponse(array))
                {
                case FirmaXades.Clients.CertificateStatus.Revoked:
                    throw new Exception("Certificado revocado");

                case FirmaXades.Clients.CertificateStatus.Good:
                {
                    OcspResp      ocspResp      = new OcspResp(array);
                    byte[]        encoded       = ocspResp.GetEncoded();
                    BasicOcspResp basicOcspResp = (BasicOcspResp)ocspResp.GetResponseObject();
                    string        str           = Guid.NewGuid().ToString();
                    OCSPRef       oCSPRef       = new OCSPRef();
                    oCSPRef.OCSPIdentifier.UriAttribute = "#OcspValue" + str;
                    DigestUtil.SetCertDigest(encoded, digestMethod, oCSPRef.CertDigest);
                    ResponderID responderId   = basicOcspResp.ResponderId.ToAsn1Object();
                    string      responderName = GetResponderName(responderId, ref byKey);
                    if (!byKey)
                    {
                        oCSPRef.OCSPIdentifier.ResponderID = RevertIssuerName(responderName);
                    }
                    else
                    {
                        oCSPRef.OCSPIdentifier.ResponderID = responderName;
                        oCSPRef.OCSPIdentifier.ByKey       = true;
                    }
                    oCSPRef.OCSPIdentifier.ProducedAt = basicOcspResp.ProducedAt.ToLocalTime();
                    unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(oCSPRef);
                    OCSPValue oCSPValue = new OCSPValue();
                    oCSPValue.PkiData = encoded;
                    oCSPValue.Id      = "OcspValue" + str;
                    unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(oCSPValue);
                    return((from cert in basicOcspResp.GetCerts()
                            select new X509Certificate2(cert.GetEncoded())).ToArray());
                }
                }
            }
            throw new Exception("El certificado no ha podido ser validado");
        }

コード例 #3

ファイル: OcspCertificateRevocationChecker.cs プロジェクト: svast/OOAPI

 static bool IsCertificateRevoked(IOcesCertificate certificate)
 {
     if (Environments.TrustedEnvironments.Contains(OcesEnvironment.OcesIDanidEnvDevelopment))
     {
         /* OCSP checking is not supported in this environment - since this is a test environment, we assume
          * the certificate is *not* revoked */
         Logger.Info("OCSP checking is not supported in this environment. Assuming certificate is not revoked");
         return(false);
     }
     return(!OcspClient.IsValid(certificate));
 }

コード例 #4

ファイル: XadesXLUpgrader.cs プロジェクト: fperez2511/FirmaXadesNet-210

        private X509Certificate2[] ValidateCertificateByOCSP(UnsignedProperties unsignedProperties, X509Certificate2 client, X509Certificate2 issuer,
                                                             IEnumerable <OcspServer> ocspServers, FirmaXadesNet.Crypto.DigestMethod digestMethod, bool addCertificateOcspUrl)
        {
            bool byKey = false;
            List <OcspServer> finalOcspServers = new List <OcspServer>();

            Org.BouncyCastle.X509.X509Certificate clientCert = client.ToBouncyX509Certificate();
            Org.BouncyCastle.X509.X509Certificate issuerCert = issuer.ToBouncyX509Certificate();

            OcspClient ocsp = new OcspClient();

            if (addCertificateOcspUrl)
            {
                string certOcspUrl = ocsp.GetAuthorityInformationAccessOcspUrl(issuerCert);

                if (!string.IsNullOrEmpty(certOcspUrl))
                {
                    finalOcspServers.Add(new OcspServer(certOcspUrl));
                }
            }

            foreach (var ocspServer in ocspServers)
            {
                finalOcspServers.Add(ocspServer);
            }

            foreach (var ocspServer in finalOcspServers)
            {
                byte[] resp = ocsp.QueryBinary(clientCert, issuerCert, ocspServer.Url, ocspServer.RequestorName,
                                               ocspServer.SignCertificate);

                FirmaXadesNet.Clients.CertificateStatus status = ocsp.ProcessOcspResponse(resp);

                if (status == FirmaXadesNet.Clients.CertificateStatus.Revoked)
                {
                    throw new Exception("Certificado revocado");
                }
                else if (status == FirmaXadesNet.Clients.CertificateStatus.Good)
                {
                    Org.BouncyCastle.Ocsp.OcspResp r = new OcspResp(resp);
                    byte[]        rEncoded           = r.GetEncoded();
                    BasicOcspResp or = (BasicOcspResp)r.GetResponseObject();

                    string guidOcsp = Guid.NewGuid().ToString();

                    OCSPRef ocspRef = new OCSPRef();
                    ocspRef.OCSPIdentifier.UriAttribute = "#OcspValue" + guidOcsp;
                    DigestUtil.SetCertDigest(rEncoded, digestMethod, ocspRef.CertDigest);

                    ResponderID rpId = or.ResponderId.ToAsn1Object();
                    ocspRef.OCSPIdentifier.ResponderID = GetResponderName(rpId, ref byKey);
                    ocspRef.OCSPIdentifier.ByKey       = byKey;

                    ocspRef.OCSPIdentifier.ProducedAt = or.ProducedAt.ToLocalTime();
                    unsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.OCSPRefCollection.Add(ocspRef);

                    OCSPValue ocspValue = new OCSPValue();
                    ocspValue.PkiData = rEncoded;
                    ocspValue.Id      = "OcspValue" + guidOcsp;
                    unsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.OCSPValueCollection.Add(ocspValue);

                    return((from cert in or.GetCerts()
                            select new X509Certificate2(cert.GetEncoded())).ToArray());
                }
            }

            throw new Exception("El certificado no ha podido ser validado");
        }

コード例 #5

        public async Task <IActionResult> OnPostAsync(long id, string action, string key)
        {
            AcmeCertificate = await _context.AcmeCertificates
                              .Include(a => a.AcmeAccount)
                              .ThenInclude(a => a.Key)
                              .Include(a => a.AcmeOrders)
                              .ThenInclude(o => o.DomainCertificate)
                              .FirstOrDefaultAsync(m => m.AcmeCertificateId == id);

            if (AcmeCertificate == null)
            {
                return(NotFound());
            }

            switch (action.ToLower())
            {
            case "keychange":
                switch (key)
                {
                case "apikey1":
                    AcmeCertificate.ApiKey1 = ApiKeyGenerator.CreateApiKey();
                    break;

                case "apikey2":
                    AcmeCertificate.ApiKey2 = ApiKeyGenerator.CreateApiKey();
                    break;
                }

                await _context.SaveChangesAsync();

                break;

            case "ocspcheck":
                try
                {
                    var order = AcmeCertificate.GetLatestValidAcmeOrder();
                    if (order?.Certificate != null)
                    {
                        var client = new OcspClient();
                        var status = client.GetOcspStatus(order.Certificate);
                        OcspStatus = status.ToString();
                    }
                    else
                    {
                        OcspStatus = "No certificate";
                    }
                }
                catch (Exception e)
                {
                    _logger.LogWarning($"Error obtaining OCSP status:{e.Message}");
                    OcspStatus = "Error";
                }
                break;

            case "revoke":
            {
                var order = AcmeCertificate.GetLatestValidAcmeOrder();
                if (order?.RawDataPem != null)
                {
                    _certesAcmeProvider.Initialize(AcmeCertificate);

                    var cert   = new Certes.Acme.CertificateChain(order.RawDataPem);
                    var reason = (RevocationReason)Enum.Parse(typeof(RevocationReason), RevocationReason, true);
                    await _certesAcmeProvider.Revoke(cert.Certificate.ToDer(), reason);

                    StatusMessage = "Certificate revocation submitted";
                }
                break;
            }
            }

            return(Page());
        }