private static int Main(string[] args)
{
if (args.Length != 1)
{
Console.WriteLine("ParseOcspRequest request.der");
return -1;
}
var path = args[0];
var bytes = File.ReadAllBytes(path);
var ocspReq = new OcspReq(bytes);
Console.WriteLine("OCSP Request Data:");
Console.WriteLine(" Version: {0} (0x{0:X})", ocspReq.Version);
Console.WriteLine(" Requestor List:");
foreach (var req in ocspReq.GetRequestList())
{
var certId = req.GetCertID();
Console.WriteLine(" Certificate ID:");
Console.WriteLine(" Hash Algorithm: {0} ({1})",
certId.HashAlgOid,
certId.HashAlgOid == OiwObjectIdentifiers.IdSha1.Id ? "sha1" : "unknown");
Console.WriteLine(" Issuer Name Hash: {0}", certId.GetIssuerNameHash().ToHexString());
Console.WriteLine(" Issuer Key Hash: {0}", certId.GetIssuerKeyHash().ToHexString());
Console.WriteLine(" Serial Number: {0}", certId.SerialNumber.ToHexString());
}
return 0;
}
static HttpWebRequest CreateWebRequest(string url, OcspReq ocspRequest)
{
var request = (HttpWebRequest)WebRequest.Create(url);
request.KeepAlive = false;
request.Method = "POST";
request.ContentType = "application/ocsp-request";
request.ContentLength = ocspRequest.GetEncoded().Length;
WriteOcspRequest(request, ocspRequest);
return request;
}
public CertificateStatus Query(X509Certificate ClientCert, X509Certificate issuerCert)
{
// Get the OCSP url from the certificate.
string ocspUrl = getOCSPUrl(ClientCert);
if (ocspUrl == "" || ocspUrl == null)
{
return(CertificateStatus.Error);
}
BouncyCastleOCSP.OcspReq req = CreateOcspRequest(issuerCert, ClientCert.SerialNumber);
ocspResponse = SendtoOCSP(ocspUrl, req.GetEncoded(), "application/ocsp-request", "application/ocsp-response");
return(CheckOcspResponse(ClientCert, issuerCert, ocspResponse));
}
/// <summary>
/// Gets the OCSP response from the server.
/// </summary>
/// <remarks>
/// Never returns an exception.
/// </remarks>
/// <param name="cert">The certificate to get the server info from</param>
/// <param name="issuer">The issue certificate of the certificate to get the server info from</param>
/// <returns>The OCSP response (parsed) or <c>null</c> when none found</returns>
/// <exception cref="RevocationUnknownException">When the revocation info can be retreived</exception>
public static async Task <BCAO.OcspResponse> GetOcspResponseAsync(this X509Certificate2 cert, X509Certificate2 issuer)
{
Exception lastException = null;
foreach (Uri uri in cert.GetOCSPUris())
{
try
{
BCO.OcspReq ocspReq = cert.GetOcspReqBody(issuer);
byte[] ocspReqBytes = ocspReq.GetEncoded();
Stream ocspWebReqStream;
var webReq = GetOcspWebRequest(uri, ocspReqBytes, out ocspWebReqStream);
await ocspWebReqStream.WriteAsync(ocspReqBytes, 0, ocspReqBytes.Length);
var webRsp = (HttpWebResponse)webReq.GetResponse();
Stream webRspStream = webRsp.GetResponseStream();
using (webRsp)
{
MemoryStream rspStream = new MemoryStream();
Task cpy = webRspStream.CopyToAsync(rspStream);
VerifyOCSPRsp(webRsp);
await cpy;
return(ParseOCSPResponse(rspStream.ToArray()));
}
}
catch (Exception e)
{
lastException = e;
trace.TraceEvent(TraceEventType.Warning, 0, "Failed to manually obtain ocsp: {0}", e);
}
}
if (lastException != null)
{
throw lastException;
}
return(null);
}
public OcspReqAndId(OcspReq request, CertID id)
{
Request = request;
Id = id;
}
static void PostOcspRequest(OcspReq request,
X509Certificate2 rootCertificate, string responderUrl, string serialNumber)
{
var response = Requester.Send(request, responderUrl);
if (response.Status != OcspRespStatus.Successful)
{
throw new OcspException("OCSP response is not successful");
}
}
static void WriteOcspRequest(WebRequest request, OcspReq ocspRequest)
{
using (var requestStream = request.GetRequestStream())
{
byte[] encodedRequest = ocspRequest.GetEncoded();
requestStream.Write(encodedRequest, 0, encodedRequest.Length);
}
}
public static OcspResp Send(OcspReq ocspRequest, string url)
{
HttpWebRequest request = CreateWebRequest(url, ocspRequest);
HttpWebResponse response = GetWebResponse(request);
return ExtractOcspResponseFromWebResponse(response);
}