private RevokedInfo( Asn1Sequence seq) { this.revocationTime = (DerGeneralizedTime)seq[0]; if (seq.Count > 1) { this.revocationReason = new CrlReason( DerEnumerated.GetInstance((Asn1TaggedObject)seq[1], true)); } }
public RevokedInfo( DerGeneralizedTime revocationTime, CrlReason revocationReason) { if (revocationTime == null) { throw new ArgumentNullException("revocationTime"); } this.revocationTime = revocationTime; this.revocationReason = revocationReason; }
private void createDB() { certs = new List <DataBase>(); X509CertificateParser cp = new X509CertificateParser(); XDocument db; if (XmlSigning.VerifyXmlFile(dbLocation)) { db = XDocument.Load(dbLocation); } else { throw new GeneralSecurityException("Signature failure on db file"); } // Select records of the appropriate status var records = db.Element("OSCA").Descendants("record").Where (m => m.Element("revocation").Attribute("status").Value == certStatus.ToString().ToLower()); foreach (XElement record in records) { DataBase entry = new DataBase(); entry.dn = Utility.OrderDN(record.Element("dn").Value); entry.serialNumber = record.Element("serialNumber").Value; entry.profile = record.Element("profile").Value; entry.created = friendlyDate(record.Element("created").Value); entry.expiry = friendlyDate(record.Element("expiry").Value); entry.certificate = cp.ReadCertificate(Convert.FromBase64String(record.Element("certificate").Value)); entry.status = record.Element("revocation").Attribute("status").Value; if (certStatus == CertStatus.Revoked) { entry.revDate = friendlyDate(record.Element("revocation").Element("date").Value); entry.revReason = CrlReason.GetReason(record.Element("revocation").Element("reason").Value); } certs.Add(entry); } }
private ResponseObject(CertificateID certId, CertificateStatus certStatus, DerGeneralizedTime thisUpdate, DerGeneralizedTime nextUpdate, X509Extensions extensions) { this.certId = certId; if (certStatus == null) { this.certStatus = new CertStatus(); } else if (certStatus is UnknownStatus) { this.certStatus = new CertStatus(2, DerNull.Instance); } else { RevokedStatus revokedStatus = (RevokedStatus)certStatus; CrlReason revocationReason = revokedStatus.HasRevocationReason ? new CrlReason(revokedStatus.RevocationReason) : null; this.certStatus = new CertStatus(new RevokedInfo(new DerGeneralizedTime(revokedStatus.RevocationTime), revocationReason)); } this.thisUpdate = thisUpdate; this.nextUpdate = nextUpdate; this.extensions = extensions; }
public bool IsRevoked(CertificateID id, ref DerGeneralizedTime dt, ref CrlReason reason) { if (Crl == null) { return(false); } else { X509CrlEntry ent = Crl.GetRevokedCertificate(id.SerialNumber); if (ent == null) { return(false); } else { dt = new DerGeneralizedTime(ent.RevocationDate); reason = new CrlReason(CrlReason.CessationOfOperation); return(true); } } }
public void AddCrlEntry(DerInteger userCertificate, Time revocationDate, int reason, DerGeneralizedTime invalidityDate) { IList list = Platform.CreateArrayList(); IList list2 = Platform.CreateArrayList(); if (reason != 0) { CrlReason crlReason = new CrlReason(reason); try { list.Add(X509Extensions.ReasonCode); list2.Add(new X509Extension(critical: false, new DerOctetString(crlReason.GetEncoded()))); } catch (IOException arg) { throw new ArgumentException("error encoding reason: " + arg); } } if (invalidityDate != null) { try { list.Add(X509Extensions.InvalidityDate); list2.Add(new X509Extension(critical: false, new DerOctetString(invalidityDate.GetEncoded()))); } catch (IOException arg2) { throw new ArgumentException("error encoding invalidityDate: " + arg2); } } if (list.Count != 0) { AddCrlEntry(userCertificate, revocationDate, new X509Extensions(list, list2)); } else { AddCrlEntry(userCertificate, revocationDate, null); } }
public override void handlePOSTRequest(HttpProcessor p, MemoryStream ms) { try { byte[] ocspdata = ms.ToArray(); OcspReq req = new OcspReq(ocspdata); GeneralName name = req.RequestorName; if (validator != null) { string stat = "GOOD"; foreach (CertificateID id in req.GetIDs()) { Stopwatch st = new Stopwatch(); st.Start(); OCSPCache cac = GetCache(id.SerialNumber.LongValue); if (cac != null) { Console.Write("[CACHED] "); string header = GetRFC822Date(cac.CacheTime); byte[] responseBytes = cac.data; p.outputStream.WriteLine("HTTP/1.1 200 OK"); p.outputStream.WriteLine("content-transfer-encoding: binary"); p.outputStream.WriteLine("Last-Modified: " + header); p.outputStream.WriteLine("Content-Type: application/ocsp-response"); p.outputStream.WriteLine("Connection: keep-alive"); p.outputStream.WriteLine("Accept-Ranges: bytes"); p.outputStream.WriteLine("Server: AS-OCSP-1.0"); p.outputStream.WriteLine("Content-Length: " + responseBytes.Length.ToString()); p.outputStream.WriteLine(""); p.outputStream.WriteContent(responseBytes); } else { // validate OCSPRespGenerator gen = new OCSPRespGenerator(); BasicOcspRespGenerator resp = new BasicOcspRespGenerator(validator.CACert.GetPublicKey()); DerGeneralizedTime dt = new DerGeneralizedTime(DateTime.Parse("03/09/2014 14:00:00")); CrlReason reason = new CrlReason(CrlReason.CACompromise); if (validator.IsRevoked(id, ref dt, ref reason)) { RevokedInfo rinfo = new RevokedInfo(dt, reason); RevokedStatus rstatus = new RevokedStatus(rinfo); resp.AddResponse(id, rstatus); stat = "REVOKED"; } else { resp.AddResponse(id, CertificateStatus.Good); } BasicOcspResp response = resp.Generate("SHA1withRSA", validator.CAKey, new X509Certificate[] { validator.CACert }, DateTime.Now); OcspResp or = gen.Generate(OCSPRespGenerator.Successful, response); string header = GetRFC822Date(DateTime.Now); byte[] responseBytes = or.GetEncoded(); AddCache(responseBytes, id.SerialNumber.LongValue); p.outputStream.WriteLine("HTTP/1.1 200 OK"); p.outputStream.WriteLine("content-transfer-encoding: binary"); p.outputStream.WriteLine("Last-Modified: " + header); p.outputStream.WriteLine("Content-Type: application/ocsp-response"); p.outputStream.WriteLine("Connection: keep-alive"); p.outputStream.WriteLine("Accept-Ranges: bytes"); p.outputStream.WriteLine("Server: AS-OCSP-1.0"); p.outputStream.WriteLine("Content-Length: " + responseBytes.Length.ToString()); p.outputStream.WriteLine(""); p.outputStream.WriteContent(responseBytes); } Console.Write(id.SerialNumber + " PROCESSED IN " + st.Elapsed + " STATUS " + stat); Console.WriteLine(""); } } else { p.writeFailure(); } } catch (Exception ex) { Console.WriteLine("OCSP Server Error : " + ex.Message); } }