public int CreateCertifcate(string hostname) { string CertID; int requestID; Certificate cert = new Certificate(); try { CertID = cert.createCertifcate(hostname); if (String.Equals(CertID, "Exsits") == true) { return(-2); } if (String.Equals(CertID, "Issued") == true) { return(-3); } if (CertID.Contains("Error") == true) { return(0); } requestID = cert.submitRequest(CertID, hostname); return(requestID); } catch (Exception ex) { Console.Write(ex.Message); return(0); } }
static void CheckValidityOfResponse(CertID id, BasicOcspResp responseObject, Ca ca) { var inputStream = new MemoryStream(responseObject.GetEncoded()); var asn1Sequence = (Asn1Sequence) new Asn1InputStream(inputStream).ReadObject(); var response = BasicOcspResponse.GetInstance(asn1Sequence); var ocspChain = CreateOcspCertificateChain(ca); if (ocspChain.Length == 0) { throw new OcspException("OCSP certificate chain is invalid"); } var ocesOcspCertificate = OcesCertificateFactory.Instance.Generate(CompleteOcspChain(response, ocspChain)); CheckBasicOcspResp(id, responseObject, ocesOcspCertificate, ca); var signingCertificate = new X509CertificateParser().ReadCertificate(response.Certs[0].GetEncoded()); var issuingCertificate = new X509CertificateParser().ReadCertificate(ocspChain[0].GetRawCertData()); signingCertificate.Verify(issuingCertificate.GetPublicKey()); if (!responseObject.Verify(signingCertificate.GetPublicKey())) { throw new OcspException("Signature is invalid"); } }
/// <summary> /// Generate a CertificateID. /// </summary> /// <param name="hashAlgorithm"></param> /// <param name="issuerCert"></param> /// <param name="number"></param> /// <param name="provider"></param> public CertificateID(string hashAlgorithm, X509Certificate issuerCert, BigInteger number, string provider) { try { Digest digest = TransformationByName.DigestByName(hashAlgorithm); AlgorithmIdentifier hashAlg = new AlgorithmIdentifier(new DERObjectIdentifier(hashAlgorithm), new DERNull()); X509Name issuerName = issuerCert.getSubjectDN(); byte[] b = issuerName.getEncoded(); digest.update(b, 0, b.Length); b = new byte[digest.getDigestSize()]; digest.doFinal(b, 0); ASN1OctetString issuerNameHash = new DEROctetString(b); AsymmetricKeyParameter issuerKey = issuerCert.getPublicKey(); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey); b = info.getEncoded(); digest.update(b, 0, b.Length); b = new byte[digest.getDigestSize()]; digest.doFinal(b, 0); ASN1OctetString issuerKeyHash = new DEROctetString(b); DERInteger serialNumber = new DERInteger(number); this.id = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
public int CreateCertifcate(string hostname) { string CertID; int requestID = 0; Certificate cert = new Certificate(); try { CertID = cert.CreateCertifcate(hostname); if (String.Equals(CertID, "Exsits") == true) { return(-2); } if (String.Equals(CertID, "Issued") == true) { return(-3); } if (CertID.Contains("Error") == true) { return(0); } requestID = cert.SubmitRequest(CertID, hostname); return(requestID); } catch (Exception ex) { Database db = new Database(); db.InsertToErrorMessageTable(hostname, requestID, ex.Message, "CreateCertifcateController");//insert Error Message into The Error Table Log In The DataBase Console.Write(ex.Message); return(0); } }
private Request(Asn1Sequence seq) { reqCert = CertID.GetInstance(seq[0]); if (seq.Count == 2) { singleRequestExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[1], explicitly: true); } }
public CertificateID(CertID id) { if (id == null) { throw new ArgumentNullException("id"); } this.id = id; }
public SingleResponse(CertID certID, CertStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions singleExtensions) { this.certID = certID; this.certStatus = certStatus; this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; this.singleExtensions = singleExtensions; }
public CertificateID(CertID id) { //IL_000e: Unknown result type (might be due to invalid IL or missing references) if (id == null) { throw new ArgumentNullException("id"); } this.id = id; }
static bool CertificateIsValid(CertID id, OcspResp ocspResp, string serialNumber, Ca ca) { CheckOcspResp(ocspResp); BasicOcspResp response = GetResponseObject(ocspResp); CheckValidityOfResponse(id, response, ca); return(SerialNumberInResponseIsNotRevoked(response, serialNumber)); }
public Request(CertID reqCert, X509Extensions singleRequestExtensions) { if (reqCert == null) { throw new ArgumentNullException("reqCert"); } this.reqCert = reqCert; this.singleRequestExtensions = singleRequestExtensions; }
/** * create from an issuer certificate and the serial number of the * certificate it signed. * @exception OcspException if any problems occur creating the id fields. */ public CertificateID( string hashAlgorithm, X509Certificate issuerCert, BigInteger serialNumber) { AlgorithmIdentifier hashAlg = new AlgorithmIdentifier( new DerObjectIdentifier(hashAlgorithm), DerNull.Instance); this.id = CreateCertID(hashAlg, issuerCert, new DerInteger(serialNumber)); }
static OcspReqAndId CreateOcspRequest(Asn1OctetString issuerNameHash, Asn1OctetString issuerKeyHash, string serialNumber) { var hashAlgorithm = new AlgorithmIdentifier(X509ObjectIdentifiers.IdSha1, DerNull.Instance); var derSerialNumber = new DerInteger(new BigInteger(serialNumber)); var id = new CertID(hashAlgorithm, issuerNameHash, issuerKeyHash, derSerialNumber); var generator = new OcspReqGenerator(); generator.AddRequest(new CertificateID(id)); return(new OcspReqAndId(generator.Generate(), id)); }
public TimeStampToken(CmsSignedData signedData) { tsToken = signedData; if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.Count != 1) { throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature."); } IEnumerator enumerator = signers.GetEnumerator(); enumerator.MoveNext(); tsaSignerInfo = (SignerInformation)enumerator.Current; try { CmsProcessable signedContent = tsToken.SignedContent; MemoryStream memoryStream = new MemoryStream(); signedContent.Write(memoryStream); tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(memoryStream.ToArray()))); Org.BouncyCastle.Asn1.Cms.Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate]; if (attribute != null) { SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0])); } else { attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attribute == null) { throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0])); } } catch (CmsException ex) { throw new TspException(ex.Message, ex.InnerException); } }
public TimeStampToken(CmsSignedData signedData) { //IL_0063: Unknown result type (might be due to invalid IL or missing references) //IL_0094: Unknown result type (might be due to invalid IL or missing references) //IL_009a: Expected O, but got Unknown tsToken = signedData; if (!tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } global::System.Collections.ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.get_Count() != 1) { throw new ArgumentException(string.Concat((object)"Time-stamp token signed by ", (object)signers.get_Count(), (object)" signers, but it must contain just the TSA signature.")); } global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)signers).GetEnumerator(); enumerator.MoveNext(); tsaSignerInfo = (SignerInformation)enumerator.get_Current(); try { CmsProcessable signedContent = tsToken.SignedContent; MemoryStream val = new MemoryStream(); signedContent.Write((Stream)(object)val); tstInfo = new TimeStampTokenInfo(TstInfo.GetInstance(Asn1Object.FromByteArray(val.ToArray()))); Attribute attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificate]; if (attribute != null) { SigningCertificate instance = SigningCertificate.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertID.GetInstance(instance.GetCerts()[0])); return; } attribute = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attribute == null) { throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 instance2 = SigningCertificateV2.GetInstance(attribute.AttrValues[0]); certID = new CertID(EssCertIDv2.GetInstance(instance2.GetCerts()[0])); } catch (CmsException ex) { throw new TspException(((global::System.Exception)ex).get_Message(), ((global::System.Exception)ex).get_InnerException()); } }
private static CertID CreateCertID(AlgorithmIdentifier hashAlg, X509Certificate issuerCert, DerInteger serialNumber) { CertID result; try { string algorithm = hashAlg.ObjectID.Id; X509Name subjectX509Principal = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] str = DigestUtilities.CalculateDigest(algorithm, subjectX509Principal.GetEncoded()); AsymmetricKeyParameter publicKey = issuerCert.GetPublicKey(); SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey); byte[] str2 = DigestUtilities.CalculateDigest(algorithm, subjectPublicKeyInfo.PublicKeyData.GetBytes()); result = new CertID(hashAlg, new DerOctetString(str), new DerOctetString(str2), serialNumber); } catch (Exception ex) { throw new OcspException("problem creating ID: " + ex, ex); } return(result); }
/** * create from an issuer certificate and the serial number of the * certificate it signed. * @exception OcspException if any problems occur creating the id fields. */ public CertificateID( string hashAlgorithm, X509Certificate issuerCert, BigInteger number) { try { IDigest digest = DigestUtilities.GetDigest(hashAlgorithm); AlgorithmIdentifier hashAlg = new AlgorithmIdentifier( new DerObjectIdentifier(hashAlgorithm), DerNull.Instance); X509Name issuerName = PrincipalUtilities.GetSubjectX509Principal(issuerCert); byte[] encodedIssuerName = issuerName.GetEncoded(); digest.BlockUpdate(encodedIssuerName, 0, encodedIssuerName.Length); byte[] hash = DigestUtilities.DoFinal(digest); Asn1OctetString issuerNameHash = new DerOctetString(hash); AsymmetricKeyParameter issuerKey = issuerCert.GetPublicKey(); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKey); byte[] encodedPublicKey = info.PublicKeyData.GetBytes(); digest.BlockUpdate(encodedPublicKey, 0, encodedPublicKey.Length); hash = DigestUtilities.DoFinal(digest); Asn1OctetString issuerKeyHash = new DerOctetString(hash); DerInteger serialNumber = new DerInteger(number); this.id = new CertID(hashAlg, issuerNameHash, issuerKeyHash, serialNumber); } catch (Exception e) { throw new OcspException("problem creating ID: " + e, e); } }
public SingleResponse(Asn1Sequence seq) { certID = CertID.GetInstance(seq[0]); certStatus = CertStatus.GetInstance(seq[1]); thisUpdate = (DerGeneralizedTime)seq[2]; if (seq.Count > 4) { nextUpdate = DerGeneralizedTime.GetInstance((Asn1TaggedObject)seq[3], isExplicit: true); singleExtensions = X509Extensions.GetInstance((Asn1TaggedObject)seq[4], explicitly: true); } else if (seq.Count > 3) { Asn1TaggedObject asn1TaggedObject = (Asn1TaggedObject)seq[3]; if (asn1TaggedObject.TagNo == 0) { nextUpdate = DerGeneralizedTime.GetInstance(asn1TaggedObject, isExplicit: true); } else { singleExtensions = X509Extensions.GetInstance(asn1TaggedObject, explicitly: true); } } }
public TimeStampToken( CmsSignedData signedData) { this.tsToken = signedData; if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.Count != 1) { throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature."); } IEnumerator signerEnum = signers.GetEnumerator(); signerEnum.MoveNext(); tsaSignerInfo = (SignerInformation)signerEnum.Current; try { CmsProcessable content = tsToken.SignedContent; MemoryStream bOut = new MemoryStream(); content.Write(bOut); this.tstInfo = new TimeStampTokenInfo( TstInfo.GetInstance( Asn1Object.FromByteArray(bOut.ToArray()))); Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[ PkcsObjectIdentifiers.IdAASigningCertificate]; // if (attr == null) // { // throw new TspValidationException( // "no signing certificate attribute found, time stamp invalid."); // } // // SigningCertificate signCert = SigningCertificate.GetInstance( // attr.AttrValues[0]); // // this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]); if (attr != null) { SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]); this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0])); } else { attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attr == null) { throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); } SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]); this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0])); } } catch (CmsException e) { throw new TspException(e.Message, e.InnerException); } }
public OcspReqAndId(OcspReq request, CertID id) { Request = request; Id = id; }
public TimeStampToken( CmsSignedData signedData) { this.tsToken = signedData; if (!this.tsToken.SignedContentType.Equals(PkcsObjectIdentifiers.IdCTTstInfo)) { throw new TspValidationException("ContentInfo object not for a time stamp."); } ICollection signers = tsToken.GetSignerInfos().GetSigners(); if (signers.Count != 1) { throw new ArgumentException("Time-stamp token signed by " + signers.Count + " signers, but it must contain just the TSA signature."); } IEnumerator signerEnum = signers.GetEnumerator(); signerEnum.MoveNext(); tsaSignerInfo = (SignerInformation) signerEnum.Current; try { CmsProcessable content = tsToken.SignedContent; MemoryStream bOut = new MemoryStream(); content.Write(bOut); this.tstInfo = new TimeStampTokenInfo( TstInfo.GetInstance( Asn1Object.FromByteArray(bOut.ToArray()))); Asn1.Cms.Attribute attr = tsaSignerInfo.SignedAttributes[ PkcsObjectIdentifiers.IdAASigningCertificate]; // if (attr == null) // { // throw new TspValidationException( // "no signing certificate attribute found, time stamp invalid."); // } // // SigningCertificate signCert = SigningCertificate.GetInstance( // attr.AttrValues[0]); // // this.certID = EssCertID.GetInstance(signCert.GetCerts()[0]); if (attr != null) { SigningCertificate signCert = SigningCertificate.GetInstance(attr.AttrValues[0]); this.certID = new CertID(EssCertID.GetInstance(signCert.GetCerts()[0])); } else { attr = tsaSignerInfo.SignedAttributes[PkcsObjectIdentifiers.IdAASigningCertificateV2]; if (attr == null) throw new TspValidationException("no signing certificate attribute found, time stamp invalid."); SigningCertificateV2 signCertV2 = SigningCertificateV2.GetInstance(attr.AttrValues[0]); this.certID = new CertID(EssCertIDv2.GetInstance(signCertV2.GetCerts()[0])); } } catch (CmsException e) { throw new TspException(e.Message, e.InnerException); } }
private static void CheckBasicOcspResp(CertID id, BasicOcspResp basicResp, OcesCertificate ocspCertificate, Ca ca) { DateTime nowInGmt = DateTime.Now.ToUniversalTime(); /* check condition: * The certificate identified in a received response corresponds to * that which was identified in the corresponding request; */ SingleResp[] responses = basicResp.Responses; if (responses.Length != 1) { throw new OcspException("unexpected number of responses received"); } if (!id.SerialNumber.Value.Equals(responses[0].GetCertID().SerialNumber)) { throw new OcspException("Serial number mismatch problem"); } /* check condition * The signature on the response is valid; */ try { ChainVerifier.VerifyTrust(ocspCertificate.ExportCertificate(), ca); } catch (ChainVerificationException e) { throw new OcspException("OCSP response certificate chain is invalid", e); } /* check the signature on the ocsp response */ var ocspBcCertificate = new X509CertificateParser().ReadCertificate(ocspCertificate.ExportCertificate().RawData); if (!basicResp.Verify(ocspBcCertificate.GetPublicKey())) { throw new OcspException("signature validation failed for ocsp response"); } if (!CanSignOcspResponses(ocspBcCertificate)) { throw new OcspException("ocsp signing certificate has not been cleared for ocsp response signing"); } /* check expiry of the signing certificate */ if (ocspCertificate.ValidityStatus() != CertificateStatus.Valid) { throw new OcspException("OCSP certificate expired or not yet valid"); } /* check condition * The time at which the status being indicated is known to be * correct (thisUpdate) is sufficiently recent. */ SingleResp response = responses[0]; var diff = response.ThisUpdate - nowInGmt; if (diff > new TimeSpan(0, 1, 0)) { throw new OcspException("OCSP response signature is from the future. Timestamp of thisUpdate field: " + response.ThisUpdate); } if (response.NextUpdate != null && response.NextUpdate.Value < nowInGmt) { throw new OcspException("OCSP response is no longer valid"); } }
public static bool CertificateIsValid(CertID id, OcspResp ocspResp, IOcesCertificate certificate) { return(CertificateIsValid(id, ocspResp, SerialNumberConverter.FromCertificate(certificate), certificate.IssuingCa)); }
public CertificateID(CertID id) { this.id = id; }