public const int Unauthorized = 6; // Request unauthorized public OcspResp Generate( int status, object response) { if (response == null) { return(new OcspResp(new OcspResponse(new OcspResponseStatus(status), null))); } if (response is BasicOcspResp) { BasicOcspResp r = (BasicOcspResp)response; Asn1OctetString octs; try { octs = new DerOctetString(r.GetEncoded()); } catch (Exception e) { throw new OcspException("can't encode object.", e); } ResponseBytes rb = new ResponseBytes( OcspObjectIdentifiers.PkixOcspBasic, octs); return(new OcspResp(new OcspResponse( new OcspResponseStatus(status), rb))); } throw new OcspException("unknown response object"); }
/// <param name="ocspResp"></param> /// <returns></returns> public virtual bool Match(BasicOcspResp ocspResp) { try { IDigest digest = DigestUtilities.GetDigest(algorithm); byte[] oscpBytes; if (matchOnlyBasicOCSPResponse) { oscpBytes = ocspResp.GetEncoded(); } else { oscpBytes = OCSPUtils.FromBasicToResp(ocspResp).GetEncoded(); } digest.BlockUpdate(oscpBytes, 0, oscpBytes.Length); byte[] computedValue = DigestUtilities.DoFinal(digest); LOG.Info("Compare " + Hex.ToHexString(digestValue) + " to computed value " + Hex.ToHexString(computedValue) + " of BasicOcspResp produced at " + ocspResp .ProducedAt); return Arrays.Equals(digestValue, computedValue); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("Maybe BouncyCastle provider is not installed ?", ex); } catch (IOException ex) { throw new RuntimeException(ex); } }
/// <summary>Convert a BasicOcspResp in OcspResp (connection status is set to SUCCESSFUL). /// </summary> /// <remarks>Convert a BasicOcspResp in OcspResp (connection status is set to SUCCESSFUL). /// </remarks> /// <param name="basicOCSPResp"></param> /// <returns></returns> public static OcspResp FromBasicToResp(BasicOcspResp basicOCSPResp) { try { return FromBasicToResp(basicOCSPResp.GetEncoded()); } catch (IOException e) { throw new RuntimeException(e); } }
public OcspResp Generate(int status, object response) { if (response == null) { return(new OcspResp(new OcspResponse(new OcspResponseStatus(status), null))); } if (response is BasicOcspResp) { BasicOcspResp basicOcspResp = (BasicOcspResp)response; Asn1OctetString response2; try { response2 = new DerOctetString(basicOcspResp.GetEncoded()); } catch (global::System.Exception e) { throw new OcspException("can't encode object.", e); } ResponseBytes responseBytes = new ResponseBytes(OcspObjectIdentifiers.PkixOcspBasic, response2); return(new OcspResp(new OcspResponse(new OcspResponseStatus(status), responseBytes))); } throw new OcspException("unknown response object"); }
static void CheckValidityOfResponse(CertID id, BasicOcspResp responseObject, Ca ca) { var inputStream = new MemoryStream(responseObject.GetEncoded()); var asn1Sequence = (Asn1Sequence)new Asn1InputStream(inputStream).ReadObject(); var response = BasicOcspResponse.GetInstance(asn1Sequence); var ocspChain = CreateOcspCertificateChain(ca); if(ocspChain.Length == 0) { throw new OcspException("OCSP certificate chain is invalid"); } var ocesOcspCertificate = OcesCertificateFactory.Instance.Generate(CompleteOcspChain(response, ocspChain)); CheckBasicOcspResp(id, responseObject, ocesOcspCertificate, ca); var signingCertificate = new X509CertificateParser().ReadCertificate(response.Certs[0].GetEncoded()); var issuingCertificate = new X509CertificateParser().ReadCertificate(ocspChain[0].GetRawCertData()); signingCertificate.Verify(issuingCertificate.GetPublicKey()); if (!responseObject.Verify(signingCertificate.GetPublicKey())) { throw new OcspException("Signature is invalid"); } }