public OcspDto ParseOcspResponse(BasicOcspResp brep)
{
SingleResp singleResp = brep.Responses[0];
Object itstatus = singleResp.GetCertStatus();
OcspDto status = new OcspDto()
{
ProducedAt = brep.ProducedAt,
ThisUpdate = singleResp.ThisUpdate,
NextUpdate = singleResp.NextUpdate.Value
};
if (itstatus == CertificateStatus.Good)
{
status.Status = OcspCertificateStatus.Good;
}
else if (itstatus is RevokedStatus revokedStatus)
{
status.Status = OcspCertificateStatus.Revoked;
status.RevocationTime = revokedStatus.RevocationTime;
try
{
status.RevocationReason = revokedStatus.RevocationReason;
} catch (InvalidOperationException)
{
status.RevocationReason = -1;
}
}
else
{
status.Status = OcspCertificateStatus.Unknown;
}
return(status);
}
public OcspDto GetStatus(string hostname, int port)
{
X509Certificate certificate;
List <X509Certificate> chain;
OcspDto status = new OcspDto();
try
{
(certificate, chain) = ConnectionService.LoadCertificates(hostname, port);
} catch
{
return(new OcspDto()
{
Status = Enums.OcspCertificateStatus.Unknown
});
}
var req = OcspService.CreateOcspReq(certificate, chain[1]);
var resp = OcspService.GetOcspStatus(req);
if (resp != null)
{
status = OcspService.ParseOcspResponse(resp);
status.Errors = CertificateValidationService.ValidateOcspResponse(certificate, chain[1], resp);
}
else
{
status.Status = OcspCertificateStatus.Unknown;
}
var x509Certificate = DotNetUtilities.ToX509Certificate(certificate);
status.Hostname = hostname;
status.Certificate = new CertificateDto()
{
Subject = x509Certificate.Subject, Issuer = x509Certificate.Issuer, SerialNumber = x509Certificate.GetSerialNumberString(), ExpirationDate = x509Certificate.GetExpirationDateString()
};
return(status);
}
