public int CreateCertifcate(string hostname)
{
string CertID;
int requestID;
Certificate cert = new Certificate();
try
{
CertID = cert.createCertifcate(hostname);
if (String.Equals(CertID, "Exsits") == true)
{
return(-2);
}
if (String.Equals(CertID, "Issued") == true)
{
return(-3);
}
if (CertID.Contains("Error") == true)
{
return(0);
}
requestID = cert.submitRequest(CertID, hostname);
return(requestID);
}
catch (Exception ex)
{
Console.Write(ex.Message);
return(0);
}
}
static void CheckValidityOfResponse(CertID id, BasicOcspResp responseObject, Ca ca)
{
var inputStream = new MemoryStream(responseObject.GetEncoded());
var asn1Sequence = (Asn1Sequence) new Asn1InputStream(inputStream).ReadObject();
var response = BasicOcspResponse.GetInstance(asn1Sequence);
var ocspChain = CreateOcspCertificateChain(ca);
if (ocspChain.Length == 0)
{
throw new OcspException("OCSP certificate chain is invalid");
}
var ocesOcspCertificate = OcesCertificateFactory.Instance.Generate(CompleteOcspChain(response, ocspChain));
CheckBasicOcspResp(id, responseObject, ocesOcspCertificate, ca);
var signingCertificate = new X509CertificateParser().ReadCertificate(response.Certs[0].GetEncoded());
var issuingCertificate = new X509CertificateParser().ReadCertificate(ocspChain[0].GetRawCertData());
signingCertificate.Verify(issuingCertificate.GetPublicKey());
if (!responseObject.Verify(signingCertificate.GetPublicKey()))
{
throw new OcspException("Signature is invalid");
}
}
/// <summary>
/// Generate a CertificateID.
/// </summary>
/// <param name="hashAlgorithm"></param>
/// <param name="issuerCert"></param>
/// <param name="number"></param>
/// <param name="provider"></param>
public CertificateID(string hashAlgorithm, X509Certificate issuerCert, BigInteger number, string provider)
{
try
{
Digest digest = TransformationByName.DigestByName(hashAlgorithm);
AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(new DERObjectIdentifier(hashAlgorithm), new DERNull());
X509Name issuerName = issuerCert.getSubjectDN();
byte[] b = issuerName.getEncoded();
digest.update(b, 0, b.Length);
b = new byte[digest.getDigestSize()];
digest.doFinal(b, 0);
ASN1OctetString issuerNameHash = new DEROctetString(b);
AsymmetricKeyParameter issuerKey = issuerCert.getPublicKey();
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey);
b = info.getEncoded();
digest.update(b, 0, b.Length);
b = new byte[digest.getDigestSize()];
digest.doFinal(b, 0);
ASN1OctetString issuerKeyHash = new DEROctetString(b);
DERInteger serialNumber = new DERInteger(number);
this.id = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
}
catch (Exception e)
{
throw new OCSPException("problem creating ID: " + e, e);
}
}
public int CreateCertifcate(string hostname)
{
string CertID;
int requestID = 0;
Certificate cert = new Certificate();
try
{
CertID = cert.CreateCertifcate(hostname);
if (String.Equals(CertID, "Exsits") == true)
{
return(-2);
}
if (String.Equals(CertID, "Issued") == true)
{
return(-3);
}
if (CertID.Contains("Error") == true)
{
return(0);
}
requestID = cert.SubmitRequest(CertID, hostname);
return(requestID);
}
catch (Exception ex)
{
Database db = new Database();
db.InsertToErrorMessageTable(hostname, requestID, ex.Message, "CreateCertifcateController");//insert Error Message into The Error Table Log In The DataBase
Console.Write(ex.Message);
return(0);
}
}
private Request(Asn1Sequence seq)
{
reqCert = CertID.GetInstance(seq[0]);
if (seq.Count == 2)
{
singleRequestExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[1], explicitly: true);
}
}
public CertificateID(CertID id)
{
if (id == null)
{
throw new ArgumentNullException("id");
}
this.id = id;
}
public SingleResponse(CertID certID, CertStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions singleExtensions)
{
this.certID = certID;
this.certStatus = certStatus;
this.thisUpdate = thisUpdate;
this.nextUpdate = nextUpdate;
this.singleExtensions = singleExtensions;
}
public CertificateID(CertID id)
{
//IL_000e: Unknown result type (might be due to invalid IL or missing references)
if (id == null)
{
throw new ArgumentNullException("id");
}
this.id = id;
}
static bool CertificateIsValid(CertID id, OcspResp ocspResp, string serialNumber, Ca ca)
{
CheckOcspResp(ocspResp);
BasicOcspResp response = GetResponseObject(ocspResp);
CheckValidityOfResponse(id, response, ca);
return(SerialNumberInResponseIsNotRevoked(response, serialNumber));
}
public Request(CertID reqCert, X509Extensions singleRequestExtensions)
{
if (reqCert == null)
{
throw new ArgumentNullException("reqCert");
}
this.reqCert = reqCert;
this.singleRequestExtensions = singleRequestExtensions;
}
/**
* create from an issuer certificate and the serial number of the
* certificate it signed.
* @exception OcspException if any problems occur creating the id fields.
*/
public CertificateID(
string hashAlgorithm,
X509Certificate issuerCert,
BigInteger serialNumber)
{
AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
new DerObjectIdentifier(hashAlgorithm), DerNull.Instance);
this.id = CreateCertID(hashAlg, issuerCert, new DerInteger(serialNumber));
}
static OcspReqAndId CreateOcspRequest(Asn1OctetString issuerNameHash,
Asn1OctetString issuerKeyHash, string serialNumber)
{
var hashAlgorithm = new AlgorithmIdentifier(X509ObjectIdentifiers.IdSha1, DerNull.Instance);
var derSerialNumber = new DerInteger(new BigInteger(serialNumber));
var id = new CertID(hashAlgorithm, issuerNameHash, issuerKeyHash, derSerialNumber);
var generator = new OcspReqGenerator();
generator.AddRequest(new CertificateID(id));
return(new OcspReqAndId(generator.Generate(), id));
}
public TimeStampToken(CmsSignedData signedData)
{
tsToken = signedData;
if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature.");
}
IEnumerator enumerator = signers.GetEnumerator();
enumerator.MoveNext();
tsaSignerInfo = (SignerInformation)enumerator.Current;
try
{
CmsProcessable signedContent = tsToken.SignedContent;
MemoryStream memoryStream = new MemoryStream();
signedContent.Write(memoryStream);
tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(memoryStream.ToArray())));
Org.BouncyCastle.Asn1.Cms.Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
if (attribute != null)
{
SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0]));
}
else
{
attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attribute == null)
{
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
}
SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0]));
}
}
catch (CmsException ex)
{
throw new TspException(ex.Message, ex.InnerException);
}
}
public TimeStampToken(CmsSignedData signedData)
{
//IL_0063: Unknown result type (might be due to invalid IL or missing references)
//IL_0094: Unknown result type (might be due to invalid IL or missing references)
//IL_009a: Expected O, but got Unknown
tsToken = signedData;
if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
global::System.Collections.ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.get_Count() != 1)
{
throw new ArgumentException(string.Concat((object)"Time-stamp token signed by ", (object)signers.get_Count(), (object)" signers, but it must contain just the TSA signature."));
}
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signers).GetEnumerator();
enumerator.MoveNext();
tsaSignerInfo = (SignerInformation)enumerator.get_Current();
try
{
CmsProcessable signedContent = tsToken.SignedContent;
MemoryStream val = new MemoryStream();
signedContent.Write((Stream)(object)val);
tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(val.ToArray())));
Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate];
if (attribute != null)
{
SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0]));
return;
}
attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attribute == null)
{
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
}
SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]);
certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0]));
}
catch (CmsException ex)
{
throw new TspException(((global::System.Exception)ex).get_Message(), ((global::System.Exception)ex).get_InnerException());
}
}
private static CertID CreateCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert, DerInteger serialNumber)
{
CertID result;
try
{
string algorithm = hashAlg.ObjectID.Id;
X509Name subjectX509Principal = PrincipalUtilities.GetSubjectX509Principal(issuerCert);
byte[] str = DigestUtilities.CalculateDigest(algorithm, subjectX509Principal.GetEncoded());
AsymmetricKeyParameter publicKey = issuerCert.GetPublicKey();
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
byte[] str2 = DigestUtilities.CalculateDigest(algorithm, subjectPublicKeyInfo.PublicKeyData.GetBytes());
result = new CertID(hashAlg, new DerOctetString(str), new DerOctetString(str2), serialNumber);
}
catch (Exception ex)
{
throw new OcspException("problem creating ID: " + ex, ex);
}
return(result);
}
/**
* create from an issuer certificate and the serial number of the
* certificate it signed.
* @exception OcspException if any problems occur creating the id fields.
*/
public CertificateID(
string hashAlgorithm,
X509Certificate issuerCert,
BigInteger number)
{
try
{
IDigest digest = DigestUtilities.GetDigest(hashAlgorithm);
AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(
new DerObjectIdentifier(hashAlgorithm), DerNull.Instance);
X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert);
byte[] encodedIssuerName = issuerName.GetEncoded();
digest.BlockUpdate(encodedIssuerName, 0, encodedIssuerName.Length);
byte[] hash = DigestUtilities.DoFinal(digest);
Asn1OctetString issuerNameHash = new DerOctetString(hash);
AsymmetricKeyParameter issuerKey = issuerCert.GetPublicKey();
SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey);
byte[] encodedPublicKey = info.PublicKeyData.GetBytes();
digest.BlockUpdate(encodedPublicKey, 0, encodedPublicKey.Length);
hash = DigestUtilities.DoFinal(digest);
Asn1OctetString issuerKeyHash = new DerOctetString(hash);
DerInteger serialNumber = new DerInteger(number);
this.id = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber);
}
catch (Exception e)
{
throw new OcspException("problem creating ID: " + e, e);
}
}
public SingleResponse(Asn1Sequence seq)
{
certID = CertID.GetInstance(seq[0]);
certStatus = CertStatus.GetInstance(seq[1]);
thisUpdate = (DerGeneralizedTime)seq[2];
if (seq.Count > 4)
{
nextUpdate = DerGeneralizedTime.GetInstance((Asn1TaggedObject)seq[3], isExplicit: true);
singleExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[4], explicitly: true);
}
else if (seq.Count > 3)
{
Asn1TaggedObject asn1TaggedObject = (Asn1TaggedObject)seq[3];
if (asn1TaggedObject.TagNo == 0)
{
nextUpdate = DerGeneralizedTime.GetInstance(asn1TaggedObject, isExplicit: true);
}
else
{
singleExtensions = X509Extensions.GetInstance(asn1TaggedObject, explicitly: true);
}
}
}
public TimeStampToken(
CmsSignedData signedData)
{
this.tsToken = signedData;
if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by "
+ signers.Count
+ " signers, but it must contain just the TSA signature.");
}
IEnumerator signerEnum = signers.GetEnumerator();
signerEnum.MoveNext();
tsaSignerInfo = (SignerInformation)signerEnum.Current;
try
{
CmsProcessable content = tsToken.SignedContent;
MemoryStream bOut = new MemoryStream();
content.Write(bOut);
this.tstInfo = new TimeStampTokenInfo(
TstInfo.GetInstance(
Asn1Object.FromByteArray(bOut.ToArray())));
Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
PkcsObjectIdentifiers.IdAASigningCertificate];
// if (attr == null)
// {
// throw new TspValidationException(
// "no signing certificate attribute found, time stamp invalid.");
// }
//
// SigningCertificate signCert = SigningCertificate.GetInstance(
// attr.AttrValues[0]);
//
// this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);
if (attr != null)
{
SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]);
this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0]));
}
else
{
attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attr == null)
{
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
}
SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);
this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0]));
}
}
catch (CmsException e)
{
throw new TspException(e.Message, e.InnerException);
}
}
public OcspReqAndId(OcspReq request, CertID id)
{
Request = request;
Id = id;
}
public TimeStampToken(
CmsSignedData signedData)
{
this.tsToken = signedData;
if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo))
{
throw new TspValidationException("ContentInfo object not for a time stamp.");
}
ICollection signers = tsToken.GetSignerInfos().GetSigners();
if (signers.Count != 1)
{
throw new ArgumentException("Time-stamp token signed by "
+ signers.Count
+ " signers, but it must contain just the TSA signature.");
}
IEnumerator signerEnum = signers.GetEnumerator();
signerEnum.MoveNext();
tsaSignerInfo = (SignerInformation) signerEnum.Current;
try
{
CmsProcessable content = tsToken.SignedContent;
MemoryStream bOut = new MemoryStream();
content.Write(bOut);
this.tstInfo = new TimeStampTokenInfo(
TstInfo.GetInstance(
Asn1Object.FromByteArray(bOut.ToArray())));
Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[
PkcsObjectIdentifiers.IdAASigningCertificate];
// if (attr == null)
// {
// throw new TspValidationException(
// "no signing certificate attribute found, time stamp invalid.");
// }
//
// SigningCertificate signCert = SigningCertificate.GetInstance(
// attr.AttrValues[0]);
//
// this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]);
if (attr != null)
{
SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]);
this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0]));
}
else
{
attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2];
if (attr == null)
throw new TspValidationException("no signing certificate attribute found, time stamp invalid.");
SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]);
this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0]));
}
}
catch (CmsException e)
{
throw new TspException(e.Message, e.InnerException);
}
}
private static void CheckBasicOcspResp(CertID id, BasicOcspResp basicResp, OcesCertificate ocspCertificate, Ca ca)
{
DateTime nowInGmt = DateTime.Now.ToUniversalTime();
/* check condition:
* The certificate identified in a received response corresponds to
* that which was identified in the corresponding request;
*/
SingleResp[] responses = basicResp.Responses;
if (responses.Length != 1)
{
throw new OcspException("unexpected number of responses received");
}
if (!id.SerialNumber.Value.Equals(responses[0].GetCertID().SerialNumber))
{
throw new OcspException("Serial number mismatch problem");
}
/* check condition
* The signature on the response is valid;
*/
try
{
ChainVerifier.VerifyTrust(ocspCertificate.ExportCertificate(), ca);
}
catch (ChainVerificationException e)
{
throw new OcspException("OCSP response certificate chain is invalid", e);
}
/* check the signature on the ocsp response */
var ocspBcCertificate =
new X509CertificateParser().ReadCertificate(ocspCertificate.ExportCertificate().RawData);
if (!basicResp.Verify(ocspBcCertificate.GetPublicKey()))
{
throw new OcspException("signature validation failed for ocsp response");
}
if (!CanSignOcspResponses(ocspBcCertificate))
{
throw new OcspException("ocsp signing certificate has not been cleared for ocsp response signing");
}
/* check expiry of the signing certificate */
if (ocspCertificate.ValidityStatus() != CertificateStatus.Valid)
{
throw new OcspException("OCSP certificate expired or not yet valid");
}
/* check condition
* The time at which the status being indicated is known to be
* correct (thisUpdate) is sufficiently recent.
*/
SingleResp response = responses[0];
var diff = response.ThisUpdate - nowInGmt;
if (diff > new TimeSpan(0, 1, 0))
{
throw new OcspException("OCSP response signature is from the future. Timestamp of thisUpdate field: "
+ response.ThisUpdate);
}
if (response.NextUpdate != null && response.NextUpdate.Value < nowInGmt)
{
throw new OcspException("OCSP response is no longer valid");
}
}
public static bool CertificateIsValid(CertID id, OcspResp ocspResp, IOcesCertificate certificate)
{
return(CertificateIsValid(id, ocspResp, SerialNumberConverter.FromCertificate(certificate), certificate.IssuingCa));
}
public CertificateID(CertID id)
{
this.id = id;
}
