Exemplo n.º 1
0
        /// <summary>
        /// Creates the <see cref="OcspReq"/> from GET/>
        /// </summary>
        /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param>
        /// <returns><see cref="OcspReq"/></returns>
        private OcspReq CreateOcspReqFromGet(OcspHttpRequest httpRequest)
        {
            string encodedOcspRequest = HttpUtility.UrlDecode(httpRequest.RequestUri.Segments.Last());

            byte[] bytes = Convert.FromBase64String(encodedOcspRequest);
            return(new OcspReq(bytes));
        }
Exemplo n.º 2
0
        /// <summary>
        /// Creates the <see cref="OcspReq"/> from <see cref="OcspHttpRequest"/>
        /// </summary>
        /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param>
        /// <returns><see cref="OcspReq"/></returns>
        private OcspReq CreateOcspReqFromHttpRequest(OcspHttpRequest httpRequest)
        {
            switch (httpRequest.HttpMethod.ToUpper())
            {
            case "GET":
                return(CreateOcspReqFromGet(httpRequest));

            case "POST":
                return(CreateOcspReqFromPost(httpRequest));

            default:
                throw new HttpRequestException("Only GET and POST methods are allowed");
            }
        }
Exemplo n.º 3
0
        public async Task <OcspHttpResponse> Respond(OcspHttpRequest httpRequest)
        {
            try
            {
                OcspReqResult ocspReqResult = await GetOcspRequest(httpRequest);

                if (ocspReqResult.Status != OcspRespStatus.Successful)
                {
                    Log.Warn(ocspReqResult.Error);
                    return(CreateResponse(OcspResponseGenerator.Generate(ocspReqResult.Status, null).GetEncoded()));
                }

                OcspResp ocspResponse = await GetOcspDefinitiveResponse(ocspReqResult.OcspRequest, ocspReqResult.IssuerCertificate);

                return(CreateResponse(ocspResponse.GetEncoded()));
            }
            catch (Exception e)
            {
                Log.Error(e.Message);
                return(CreateResponse(OcspResponseGenerator.Generate(OcspRespStatus.InternalError, null).GetEncoded()));
            }
        }
Exemplo n.º 4
0
 /// <summary>
 /// Creates the <see cref="OcspReq"/> from POST
 /// </summary>
 /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param>
 /// <returns><see cref="OcspReq"/></returns>
 private OcspReq CreateOcspReqFromPost(OcspHttpRequest httpRequest)
 {
     return(new OcspReq(httpRequest.Content));
 }
Exemplo n.º 5
0
        /// <summary>
        /// Retrieves the <see cref="OcspReq"/> from the request
        /// </summary>
        /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param>
        /// <returns><see cref="OcspReqResult"/> containing the <see cref="OcspReq"/></returns>
        private async Task <OcspReqResult> GetOcspRequest(OcspHttpRequest httpRequest)
        {
            // Validates the header of the request
            if (httpRequest.MediaType != "application/ocsp-request")
            {
                return(new OcspReqResult
                {
                    Status = OcspRespStatus.MalformedRequest,
                    Error = "OCSP requests requires 'application/ocsp-request' media's type on header"
                });
            }

            // Try to create the ocsp from the http request
            OcspReq ocspRequest;

            try
            {
                ocspRequest = CreateOcspReqFromHttpRequest(httpRequest);
            }
            catch (Exception e)
            {
                return(new OcspReqResult
                {
                    Status = OcspRespStatus.MalformedRequest,
                    Error = $"Error when creating OcspReq from the request. Exception: {e.Message}"
                });
            }

            // Validates whether the ocsp request have certificate's requests
            var requests = ocspRequest.GetRequestList();

            if (requests == null || requests.Length == 0)
            {
                return(new OcspReqResult
                {
                    Status = OcspRespStatus.MalformedRequest,
                    Error = "Request list is empty"
                });
            }


            // Valitates whether the requests are of this CA's responsibility
            X509Certificate issuerCertificate = null;
            var             issuerCerts       = (await OcspResponderRepository.GetIssuerCertificates()).ToArray();
            var             list = ocspRequest.GetRequestList();

            for (var i = 0; i < list.Length; i++)
            {
                var request       = list[i];
                var certificateId = request.GetCertID();
                var recognizedIssuerCertificate = issuerCerts.SingleOrDefault(issuerCert => certificateId.MatchesIssuer(issuerCert));

                if (i == 0)
                {
                    issuerCertificate = recognizedIssuerCertificate;
                }

                if (recognizedIssuerCertificate == null || !Equals(recognizedIssuerCertificate, issuerCertificate))
                {
                    return(new OcspReqResult
                    {
                        Status = OcspRespStatus.Unauthorized,
                        Error = "Any certificate is not of this CA's responsibility"
                    });
                }

                issuerCertificate = recognizedIssuerCertificate;
            }

            // Validation passed so we return the ocspRequest with success status
            return(new OcspReqResult
            {
                Status = OcspRespStatus.Successful,
                OcspRequest = ocspRequest,
                IssuerCertificate = issuerCertificate
            });
        }