private OcspReq GenerateOcspRequest(CertificateID id)
{
OcspReqGenerator ocspRequestGenerator = new OcspReqGenerator();
ocspRequestGenerator.AddRequest(id);
BigInteger nonce = BigInteger.ValueOf(new DateTime().Ticks);
ArrayList oids = new ArrayList();
Hashtable values = new Hashtable();
oids.Add(OcspObjectIdentifiers.PkixOcsp);
Asn1OctetString asn1 = new DerOctetString(new DerOctetString(new byte[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1 }));
values.Add(OcspObjectIdentifiers.PkixOcsp, new X509Extension(false, asn1));
ocspRequestGenerator.SetRequestExtensions(new X509Extensions(oids, values));
return ocspRequestGenerator.Generate();
}
/// <exception cref="System.IO.IOException"></exception>
public BasicOcspResp GetOcspResponse(X509Certificate certificate, X509Certificate issuerCertificate)
{
try
{
this.OcspUri = GetAccessLocation(certificate, X509ObjectIdentifiers.OcspAccessMethod);
LOG.Info("OCSP URI: " + this.OcspUri);
if (this.OcspUri == null)
{
return null;
}
OcspReqGenerator ocspReqGenerator = new OcspReqGenerator();
CertificateID certId = new CertificateID(CertificateID.HashSha1, issuerCertificate
, certificate.SerialNumber);
ocspReqGenerator.AddRequest(certId);
OcspReq ocspReq = ocspReqGenerator.Generate();
byte[] ocspReqData = ocspReq.GetEncoded();
OcspResp ocspResp = new OcspResp(HttpDataLoader.Post(this.OcspUri, new MemoryStream
(ocspReqData)));
try
{
return (BasicOcspResp)ocspResp.GetResponseObject();
}
catch (ArgumentNullException)
{
// Encountered a case when the OCSPResp is initialized with a null OCSP response...
// (and there are no nullity checks in the OCSPResp implementation)
return null;
}
}
catch (CannotFetchDataException)
{
return null;
}
catch (OcspException e)
{
LOG.Error("OCSP error: " + e.Message);
return null;
}
}
/// <summary>
/// Verifies the certificate chain via OCSP
/// </summary>
/// <returns>
/// <c>true</c>, if certificate is revoked, <c>false</c> otherwise.
/// </returns>
/// <param name='chain'>
/// The certificate chain.
/// </param>
private static bool VerifyCertificateOCSP(System.Security.Cryptography.X509Certificates.X509Chain chain)
{
List<X509Certificate> certsList = new List<X509Certificate> ();
List<Uri> certsUrls = new List<Uri> ();
bool bCertificateIsRevoked = false;
try {
//Get the OCSP URLS to be validated for each certificate.
foreach (System.Security.Cryptography.X509Certificates.X509ChainElement cert in chain.ChainElements) {
X509Certificate BCCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate (cert.Certificate);
if (BCCert.CertificateStructure.TbsCertificate.Extensions != null) {
X509Extension ext = BCCert.CertificateStructure.TbsCertificate.Extensions.GetExtension (X509Extensions.AuthorityInfoAccess);
if (ext != null) {
AccessDescription[] certUrls = AuthorityInformationAccess.GetInstance (ext).GetAccessDescriptions ();
Uri url = (certUrls != null && certUrls.Length > 0 && certUrls [0].AccessLocation.Name.ToString ().StartsWith("http://")) ? new Uri (certUrls [0].AccessLocation.Name.ToString ()) : null;
certsList.Add (BCCert);
if (!certsUrls.Contains (url))
certsUrls.Add (url);
}
}
}
if(certsUrls.Count>0){
//create requests for each cert
List<OcspReq> RequestList = new List<OcspReq>();
OcspReqGenerator OCSPRequestGenerator;
for (int i =0; i< (certsList.Count -1); i++) {
OCSPRequestGenerator = new OcspReqGenerator ();
BigInteger nonce = BigInteger.ValueOf (DateTime.Now.Ticks);
List<DerObjectIdentifier> oids = new List<DerObjectIdentifier> ();
oids.Add (Org.BouncyCastle.Asn1.Ocsp.OcspObjectIdentifiers.PkixOcspNonce);
List<X509Extension> values = new List<X509Extension> ();
values.Add (new X509Extension (false, new DerOctetString (nonce.ToByteArray ())));
OCSPRequestGenerator.SetRequestExtensions (new X509Extensions (oids, values));
CertificateID ID = new CertificateID (CertificateID.HashSha1, certsList [i + 1], certsList [i].SerialNumber);
OCSPRequestGenerator.AddRequest (ID);
RequestList.Add(OCSPRequestGenerator.Generate());
}
//send requests to the OCSP server and read the response
for (int i =0; i< certsUrls.Count && !bCertificateIsRevoked; i++) {
for(int j = 0; j< RequestList.Count && !bCertificateIsRevoked ; j++){
HttpWebRequest requestToOCSPServer = (HttpWebRequest)WebRequest.Create (certsUrls [i]);
requestToOCSPServer.Method = "POST";
requestToOCSPServer.ContentType = "application/ocsp-request";
requestToOCSPServer.Accept = "application/ocsp-response";
requestToOCSPServer.ReadWriteTimeout = 15000; // 15 seconds waiting to stablish connection
requestToOCSPServer.Timeout = 100000; // 100 seconds timeout reading response
byte[] bRequestBytes = RequestList[j].GetEncoded();
using (Stream requestStream = requestToOCSPServer.GetRequestStream()) {
requestStream.Write (bRequestBytes, 0, bRequestBytes.Length);
requestStream.Flush ();
}
HttpWebResponse serverResponse = (HttpWebResponse)requestToOCSPServer.GetResponse ();
OcspResp OCSPResponse = new OcspResp (serverResponse.GetResponseStream ());
BasicOcspResp basicOCSPResponse = (BasicOcspResp)OCSPResponse.GetResponseObject ();
//get the status from the response
if (basicOCSPResponse != null) {
foreach (SingleResp singleResponse in basicOCSPResponse.Responses) {
object certStatus = singleResponse.GetCertStatus ();
if (certStatus is RevokedStatus)
bCertificateIsRevoked = true;
}
}
}
}
}else { SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. No OCSP url service found. Cannot verify revocation.");}
} catch (Exception e) {
SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Unhandled exception during revocation checking: " + e.Message);
bCertificateIsRevoked = true;
}
if(bCertificateIsRevoked)
SystemLogger.Log (SystemLogger.Module.PLATFORM, "*************** Certificate Validation. Certificate is revoked");
return bCertificateIsRevoked;
}
private ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DerGeneralizedTime thisUpdate,
DerGeneralizedTime nextUpdate,
X509Extensions extensions)
{
this.certId = certId;
if (certStatus == null)
{
this.certStatus = new CertStatus();
}
else if (certStatus is UnknownStatus)
{
this.certStatus = new CertStatus(2, DerNull.Instance);
}
else
{
RevokedStatus rs = (RevokedStatus) certStatus;
CrlReason revocationReason = rs.HasRevocationReason
? new CrlReason(rs.RevocationReason)
: null;
this.certStatus = new CertStatus(
new RevokedInfo(new DerGeneralizedTime(rs.RevocationTime), revocationReason));
}
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.extensions = extensions;
}
/// <exception cref="System.IO.IOException"></exception>
public BasicOcspResp GetOcspResponse(X509Certificate certificate, X509Certificate
issuerCertificate)
{
LOG.Info("find OCSP response");
try
{
foreach (BasicOcspResp basicOCSPResp in GetOCSPResponsesFromSignature())
{
CertificateID certId = new CertificateID(CertificateID.HashSha1, issuerCertificate
, certificate.SerialNumber);
foreach (SingleResp singleResp in basicOCSPResp.Responses)
{
if (singleResp.GetCertID().Equals(certId))
{
LOG.Info("OCSP response found");
return basicOCSPResp;
}
}
}
OcspNotFound(certificate, issuerCertificate);
return null;
}
catch (OcspException e)
{
LOG.Error("OcspException: " + e.Message);
return null;
}
}
/// <summary>
/// Generate OCSP Request
/// </summary>
/// <param name="id"></param>
/// <param name="cert"></param>
/// <returns></returns>
byte[] GenerateOCSPRequest(Org.BouncyCastle.Ocsp.CertificateID id,
Org.BouncyCastle.X509.X509Certificate cert)
{
byte[] nonce = new byte[16];
Random rand = new Random();
rand.NextBytes(nonce);
//OCSP OID
var asn1 = new DerOctetString(new DerOctetString(new byte[] { 1, 3, 6, 1, 5, 5, 7, 48, 1, 1 }));
//Create OCSP Request
var gen = new Org.BouncyCastle.Ocsp.OcspReqGenerator();
gen.AddRequest(id);
gen.SetRequestorName(new Org.BouncyCastle.Asn1.X509.GeneralName(
Org.BouncyCastle.Asn1.X509.GeneralName.DirectoryName, cert.SubjectDN));
IList oids = new ArrayList();
IList values = new ArrayList();
oids.Add(Org.BouncyCastle.Asn1.Ocsp.OcspObjectIdentifiers.PkixOcspNonce);
values.Add(new X509Extension(false,
new Org.BouncyCastle.Asn1.DerOctetString(
new Org.BouncyCastle.Asn1.DerOctetString(nonce))));
oids.Add(Org.BouncyCastle.Asn1.Ocsp.OcspObjectIdentifiers.PkixOcsp);
values.Add(new X509Extension(false, asn1));
gen.SetRequestExtensions(new X509Extensions(oids, values));
var req = gen.Generate();
return(req.GetEncoded());
}
public RequestObject(
CertificateID certId,
X509Extensions extensions)
{
this.certId = certId;
this.extensions = extensions;
}
public ResponseObject(
CertificateID certId,
CertificateStatus certStatus,
DateTime thisUpdate,
X509Extensions extensions)
: this(certId, certStatus, new DerGeneralizedTime(thisUpdate), null, extensions)
{
}
/// <summary>
/// Creates the ocsprequest to send to the ocsp responder.
/// </summary>
/// <param name="issuerCert">Certificate of the issuer of the client certificate</param>
/// <param name="serialNumber">Serial number of the client certificate</param>
/// <returns>Ocsp Request to be sent to OCSP responder</returns>
private BouncyCastleOCSP.OcspReq CreateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber)
{
BouncyCastleOCSP.CertificateID certID = new BouncyCastleOCSP.CertificateID(BouncyCastleOCSP.CertificateID.HashSha1, issuerCert, serialNumber);
BouncyCastleOCSP.OcspReqGenerator ocspRequestGenerator = new BouncyCastleOCSP.OcspReqGenerator();
ocspRequestGenerator.AddRequest(certID);
return(ocspRequestGenerator.Generate());
}
/// <summary>
/// Checks the certificate ID of the response is valid.
/// </summary>
/// <param name="issuerCert">Issuer Certificate if the client</param>
/// <param name="clientCert">Client Certificate</param>
/// <param name="certificateId">Id of certificate found in OCSP response</param>
private void ValidateCertificateId(X509Certificate issuerCert, X509Certificate clientCert, BouncyCastleOCSP.CertificateID certificateId)
{
BouncyCastleOCSP.CertificateID expectedId = new BouncyCastleOCSP.CertificateID(BouncyCastleOCSP.CertificateID.HashSha1, issuerCert, clientCert.SerialNumber);
if (!expectedId.SerialNumber.Equals(certificateId.SerialNumber))
{
throw new HttpException(401, "Invalid certificate ID in response");
}
if (!Org.BouncyCastle.Utilities.Arrays.AreEqual(expectedId.GetIssuerNameHash(), certificateId.GetIssuerNameHash()))
{
throw new HttpException(401, "Invalid certificate Issuer in response");
}
}
/**
* Generates an OCSP request using BouncyCastle.
* @param issuerCert certificate of the issues
* @param serialNumber serial number
* @return an OCSP request
* @throws OCSPException
* @throws IOException
*/
private static OcspReq GenerateOCSPRequest(X509Certificate issuerCert, BigInteger serialNumber) {
// Generate the id for the certificate we are looking for
CertificateID id = new CertificateID(CertificateID.HashSha1, issuerCert, serialNumber);
// basic request generation with nonce
OcspReqGenerator gen = new OcspReqGenerator();
gen.AddRequest(id);
// create details for nonce extension
IDictionary extensions = new Hashtable();
extensions[OcspObjectIdentifiers.PkixOcspNonce] = new X509Extension(false, new DerOctetString(new DerOctetString(PdfEncryption.CreateDocumentId()).GetEncoded()));
gen.SetRequestExtensions(new X509Extensions(extensions));
return gen.Generate();
}
/**
* Add a response for a particular Certificate ID.
*
* @param certID certificate ID details
* @param certStatus status of the certificate - null if okay
*/
public void AddResponse(
CertificateID certID,
CertificateStatus certStatus)
{
list.Add(new ResponseObject(certID, certStatus, DateTime.UtcNow, null));
}
/**
* Add a request for the given CertificateID.
*
* @param certId certificate ID of interest
*/
public void AddRequest(
CertificateID certId)
{
list.Add(new RequestObject(certId, null));
}
public CertificateID(string hashAlgorithm, X509Certificate issuerCert, BigInteger serialNumber)
{
AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(new DerObjectIdentifier(hashAlgorithm), DerNull.Instance);
this.id = CertificateID.CreateCertID(hashAlg, issuerCert, new DerInteger(serialNumber));
}
/// <summary>
/// Validate a certificate against its AIA OCSP.
/// </summary>
/// <param name="cert"></param>
/// <param name="aia"></param>
/// <returns></returns>
CertStatus Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 cert,
AIA aia)
{
string hash = ComputeSHA1(System.Text.ASCIIEncoding.ASCII.GetBytes(aia.Issuer));
string filePath = IssuerCachedFolder + hash;
//Check if aki is cached
if (!IsIssuerCached(aia.Issuer))
{
Download(aia.Issuer, filePath);
if (!IsIssuerCached(aia.Issuer))
{
return(CertStatus.Unknown(CertStatus.BadIssuer));
}
}
var issuerTemp = new System.Security.Cryptography.X509Certificates.X509Certificate2(filePath);
var certParser = new Org.BouncyCastle.X509.X509CertificateParser();
var issuer = certParser.ReadCertificate(issuerTemp.RawData);
var cert2Validate = certParser.ReadCertificate(cert.RawData);
var id = new Org.BouncyCastle.Ocsp.CertificateID(
Org.BouncyCastle.Ocsp.CertificateID.HashSha1,
issuer,
cert2Validate.SerialNumber);
byte[] reqEnc = GenerateOCSPRequest(id, cert2Validate);
byte[] resp = GetOCSPResponse(aia.Ocsp, reqEnc);
//Extract the response
OcspResp ocspResponse = new OcspResp(resp);
BasicOcspResp basicOCSPResponse =
(BasicOcspResp)ocspResponse.GetResponseObject();
SingleResp singResp = basicOCSPResponse.Responses[0];
//Validate ID
var expectedId = singResp.GetCertID();
if (!expectedId.SerialNumber.Equals(id.SerialNumber))
{
return(CertStatus.Unknown(CertStatus.BadSerial));
}
if (!Org.BouncyCastle.Utilities.Arrays.AreEqual(expectedId.GetIssuerNameHash(), id.GetIssuerNameHash()))
{
return(CertStatus.Unknown(CertStatus.IssuerNotMatch));
}
//Extract Status
var certificateStatus = singResp.GetCertStatus();
if (certificateStatus == null)
{
return(CertStatus.Good);
}
if (certificateStatus is Org.BouncyCastle.Ocsp.RevokedStatus)
{
int revocationReason = ((Org.BouncyCastle.Ocsp.RevokedStatus)certificateStatus).RevocationReason;
var revocationDate = ((Org.BouncyCastle.Ocsp.RevokedStatus)certificateStatus).RevocationTime;
return(CertStatus.Revoked(revocationDate.ToString("o"), revocationReason));
}
if (certificateStatus is Org.BouncyCastle.Ocsp.UnknownStatus)
{
return(CertStatus.Unknown());
}
return(CertStatus.Unknown());
}
/**
* Add a request for the given CertificateID.
*
* @param certId certificate ID of interest
*/
public void AddRequest(
CertificateID certId)
{
list.Add(new RequestObject(certId, null));
}
public bool MatchesIssuer(X509Certificate issuerCert)
{
return(CertificateID.CreateCertID(this.id.HashAlgorithm, issuerCert, this.id.SerialNumber).Equals(this.id));
}
/**
* Add a response for a particular Certificate ID.
*
* @param certID certificate ID details
* @param certStatus status of the certificate - null if okay
* @param singleExtensions optional extensions
*/
public void AddResponse(
CertificateID certID,
CertificateStatus certStatus,
X509Extensions singleExtensions)
{
list.Add(new ResponseObject(certID, certStatus, DateTime.UtcNow, singleExtensions));
}
public void AddResponse(CertificateID certID, CertificateStatus certStatus)
{
list.Add((object)new ResponseObject(certID, certStatus, global::System.DateTime.get_UtcNow(), null));
}
/**
* Create a new CertificateID for a new serial number derived from a previous one
* calculated for the same CA certificate.
*
* @param original the previously calculated CertificateID for the CA.
* @param newSerialNumber the serial number for the new certificate of interest.
*
* @return a new CertificateID for newSerialNumber
*/
public static CertificateID DeriveCertificateID(CertificateID original, BigInteger newSerialNumber)
{
return(new CertificateID(new CertID(original.id.HashAlgorithm, original.id.IssuerNameHash,
original.id.IssuerKeyHash, new DerInteger(newSerialNumber))));
}
public virtual CertificateStatus Check(X509Certificate childCertificate, X509Certificate
certificate, DateTime validationDate)
{
CertificateStatus status = new CertificateStatus();
status.Certificate = childCertificate;
status.ValidationDate = validationDate;
status.IssuerCertificate = certificate;
if (ocspSource == null)
{
LOG.Warn("OCSPSource null");
return null;
}
try
{
BasicOcspResp ocspResp = ocspSource.GetOcspResponse(childCertificate, certificate
);
if (null == ocspResp)
{
LOG.Info("OCSP response not found");
return null;
}
BasicOcspResp basicOCSPResp = (BasicOcspResp)ocspResp;
CertificateID certificateId = new CertificateID(CertificateID.HashSha1, certificate
, childCertificate.SerialNumber);
SingleResp[] singleResps = basicOCSPResp.Responses;
foreach (SingleResp singleResp in singleResps)
{
CertificateID responseCertificateId = singleResp.GetCertID();
if (false == certificateId.Equals(responseCertificateId))
{
continue;
}
DateTime thisUpdate = singleResp.ThisUpdate;
LOG.Info("OCSP thisUpdate: " + thisUpdate);
LOG.Info("OCSP nextUpdate: " + singleResp.NextUpdate);
status.StatusSourceType = ValidatorSourceType.OCSP;
status.StatusSource = ocspResp;
status.RevocationObjectIssuingTime = ocspResp.ProducedAt;
if (null == singleResp.GetCertStatus())
{
LOG.Info("OCSP OK for: " + childCertificate.SubjectDN);
status.Validity = CertificateValidity.VALID;
}
else
{
LOG.Info("OCSP certificate status: " + singleResp.GetCertStatus().GetType().FullName
);
if (singleResp.GetCertStatus() is RevokedStatus)
{
LOG.Info("OCSP status revoked");
if (validationDate.CompareTo(((RevokedStatus)singleResp.GetCertStatus()).RevocationTime) < 0) //jbonilla - Before
{
LOG.Info("OCSP revocation time after the validation date, the certificate was valid at "
+ validationDate);
status.Validity = CertificateValidity.VALID;
}
else
{
status.RevocationDate = ((RevokedStatus)singleResp.GetCertStatus()).RevocationTime;
status.Validity = CertificateValidity.REVOKED;
}
}
else
{
if (singleResp.GetCertStatus() is UnknownStatus)
{
LOG.Info("OCSP status unknown");
status.Validity = CertificateValidity.UNKNOWN;
}
}
}
return status;
}
LOG.Info("no matching OCSP response entry");
return null;
}
catch (IOException ex)
{
LOG.Error("OCSP exception: " + ex.Message);
return null;
}
catch (OcspException ex)
{
LOG.Error("OCSP exception: " + ex.Message);
throw new RuntimeException(ex);
}
}
public ResponseObject(CertificateID certId, CertificateStatus certStatus, global::System.DateTime thisUpdate, global::System.DateTime nextUpdate, X509Extensions extensions)
: this(certId, certStatus, new DerGeneralizedTime(thisUpdate), new DerGeneralizedTime(nextUpdate), extensions)
{
}
//1. The certificate identified in a received response corresponds to
//that which was identified in the corresponding request;
private void ValidateCertificateId(X509Certificate issuerCert, X509Certificate eeCert, CertificateID certificateId)
{
CertificateID expectedId = new CertificateID(CertificateID.HashSha1, issuerCert, eeCert.SerialNumber);
if (!expectedId.SerialNumber.Equals(certificateId.SerialNumber))
{
throw new Exception("Invalid certificate ID in response");
}
if (!Org.BouncyCastle.Utilities.Arrays.AreEqual(expectedId.GetIssuerNameHash(), certificateId.GetIssuerNameHash()))
{
throw new Exception("Invalid certificate Issuer in response");
}
}
private OcspReq GenerarRequestOCSP(X509Certificate in_CertificadoEmisor, BigInteger in_NumeroSerie)
{
CertificateID id = new CertificateID(CertificateID.HashSha1, in_CertificadoEmisor, in_NumeroSerie);
return GenerarRequestOCSP(id);
}
/**
* Add a request with extensions
*
* @param certId certificate ID of interest
* @param singleRequestExtensions the extensions to attach to the request
*/
public void AddRequest(
CertificateID certId,
X509Extensions singleRequestExtensions)
{
list.Add(new RequestObject(certId, singleRequestExtensions));
}
/**
* Add a request with extensions
*
* @param certId certificate ID of interest
* @param singleRequestExtensions the extensions to attach to the request
*/
public void AddRequest(
CertificateID certId,
X509Extensions singleRequestExtensions)
{
list.Add(new RequestObject(certId, singleRequestExtensions));
}
private void ValidarCertificateId(X509Certificate in_CertificadoEmisor, X509Certificate in_Certificado, CertificateID in_IDCertificado)
{
CertificateID idEsperado = new CertificateID(CertificateID.HashSha1, in_CertificadoEmisor, in_Certificado.SerialNumber);
if (!idEsperado.SerialNumber.Equals(in_IDCertificado.SerialNumber))
{
throw new Exception("ID de Certificado invalido");
}
if (!Org.BouncyCastle.Utilities.Arrays.AreEqual(idEsperado.GetIssuerNameHash(), in_IDCertificado.GetIssuerNameHash()))
{
throw new Exception("Certificado Emisor invalido");
}
}
public void AddResponse(CertificateID certID, CertificateStatus certStatus, global::System.DateTime nextUpdate, X509Extensions singleExtensions)
{
list.Add((object)new ResponseObject(certID, certStatus, global::System.DateTime.get_UtcNow(), nextUpdate, singleExtensions));
}
private OcspReq GenerateOcspRequest(X509Certificate issuerCert, BigInteger serialNumber)
{
CertificateID id = new CertificateID(CertificateID.HashSha1, issuerCert, serialNumber);
return GenerateOcspRequest(id);
}
/**
* Create a new CertificateID for a new serial number derived from a previous one
* calculated for the same CA certificate.
*
* @param original the previously calculated CertificateID for the CA.
* @param newSerialNumber the serial number for the new certificate of interest.
*
* @return a new CertificateID for newSerialNumber
*/
public static CertificateID DeriveCertificateID(CertificateID original, BigInteger newSerialNumber)
{
return new CertificateID(new CertID(original.id.HashAlgorithm, original.id.IssuerNameHash,
original.id.IssuerKeyHash, new DerInteger(newSerialNumber)));
}
/**
* Add a response for a particular Certificate ID.
*
* @param certID certificate ID details
* @param thisUpdate date this response was valid on
* @param nextUpdate date when next update should be requested
* @param certStatus status of the certificate - null if okay
* @param singleExtensions optional extensions
*/
public void AddResponse(
CertificateID certID,
CertificateStatus certStatus,
DateTime thisUpdate,
DateTime nextUpdate,
X509Extensions singleExtensions)
{
list.Add(new ResponseObject(certID, certStatus, thisUpdate, nextUpdate, singleExtensions));
}
/**
* Add a response for a particular Certificate ID.
*
* @param certID certificate ID details
* @param certStatus status of the certificate - null if okay
*/
public void AddResponse(
CertificateID certID,
CertificateStatus certStatus)
{
list.Add(new ResponseObject(certID, certStatus, DateTime.UtcNow, null));
}
/**
* Checks if OCSP revocation refers to the document signing certificate.
* @return true if it checks false otherwise
* @since 2.1.6
*/
public bool IsRevocationValid() {
if (basicResp == null)
return false;
if (signCerts.Count < 2)
return false;
try {
X509Certificate[] cs = SignCertificateChain;
SingleResp sr = basicResp.Responses[0];
CertificateID cid = sr.GetCertID();
X509Certificate sigcer = SigningCertificate;
X509Certificate isscer = cs[1];
CertificateID tis = new CertificateID(CertificateID.HashSha1, isscer, sigcer.SerialNumber);
return tis.Equals(cid);
}
catch {
}
return false;
}
public RequestObject(CertificateID certId, X509Extensions extensions)
{
this.certId = certId;
this.extensions = extensions;
}
