public OcspResponse ParseOcspResponse(BasicOcspResp brep) { SingleResp singleResp = brep.Responses.Single(); var itstatus = singleResp.GetCertStatus(); var status = new OcspResponse() { ProducedAt = brep.ProducedAt, ThisUpdate = singleResp.ThisUpdate, NextUpdate = singleResp.NextUpdate.Value }; if (itstatus == CertificateStatus.Good) { status.Status = OcspRevocationStatus.Good; } else if (itstatus is RevokedStatus revokedStatus) { status.Status = OcspRevocationStatus.Revoked; status.RevocationTime = revokedStatus.RevocationTime; try { status.RevocationReason = revokedStatus.RevocationReason; } catch (InvalidOperationException) { status.RevocationReason = -1; } } else { status.Status = OcspRevocationStatus.Unknown; } return(status); }
private async Task <OcspResponse> SendOcspRequests(Ocsp ocsp, IList <Uri> uris, OcspResponse response) { foreach (var uri in uris) { try { HttpWebRequest request = CreateOcspRequest(ocsp, uri); response = await SendOcspRequest(request); if (response != null) { break; } } catch (Exception ex) { Log.Error(ex, $"Cannot connect to ocsp server for {uri}."); if (response == null) { response = new OcspResponse(); } response.Status = OcspRevocationStatus.Error; } } return(response); }
private ITestResult Response() { try { OcspResponse resp = OcspResponse.GetInstance( Asn1Object.FromByteArray(_response)); ResponseBytes rBytes = ResponseBytes.GetInstance(resp.ResponseBytes); BasicOcspResponse bResp = BasicOcspResponse.GetInstance( Asn1Object.FromByteArray(rBytes.Response.GetOctets())); resp = new OcspResponse( resp.ResponseStatus, new ResponseBytes( rBytes.ResponseType, new DerOctetString(bResp.GetEncoded()))); if (!Arrays.AreEqual(resp.GetEncoded(), _response)) { return(new SimpleTestResult(false, Name + ": Ocsp response failed to re-encode")); } return(new SimpleTestResult(true, Name + ": Okay")); } catch (Exception e) { return(new SimpleTestResult(false, Name + ": failed response exception - " + e.ToString(), e)); } }
public void GetOCSPOfRootCa_NA() { var target = new X509Certificate2(@"files/belgiumrca4.crt"); OcspResponse result = target.GetOcspResponse(target); Assert.Null(result); }
/// <summary> /// Convert a BasicOcspResp in OcspResp (connection status is set to SUCCESSFUL). /// </summary> public static OcspResp FromBasicToResp(byte[] basicOCSPResp) { OcspResponse response = new OcspResponse(new OcspResponseStatus(OcspResponseStatus .Successful), new ResponseBytes(OcspObjectIdentifiers.PkixOcspBasic, new DerOctetString (basicOCSPResp))); OcspResp resp = new OcspResp(response); return(resp); }
public static CertificateStatus Parse(Stream input) { byte statusType = TlsUtilities.ReadUint8(input); if (statusType != 1) { throw new TlsFatalAlert(50); } return(new CertificateStatus(statusType, OcspResponse.GetInstance(TlsUtilities.ReadDerObject(TlsUtilities.ReadOpaque24(input))))); }
/// <exception cref="System.IO.IOException"/> private static byte[] BuildOCSPResponse(byte[] basicOcspResponse) { DerOctetString doctet = new DerOctetString(basicOcspResponse); OcspResponseStatus respStatus = new OcspResponseStatus(Org.BouncyCastle.Asn1.Ocsp.OcspResponseStatus.Successful ); ResponseBytes responseBytes = new ResponseBytes(OcspObjectIdentifiers.PkixOcspBasic, doctet); OcspResponse ocspResponse = new OcspResponse(respStatus, responseBytes); return(new OcspResp(ocspResponse).GetEncoded()); }
private OcspResp(Asn1InputStream aIn) { try { this.resp = OcspResponse.GetInstance(aIn.ReadObject()); } catch (Exception ex) { throw new IOException("malformed response: " + ex.Message, ex); } }
private OcspResp(Asn1InputStream aIn) { //IL_002b: Unknown result type (might be due to invalid IL or missing references) try { resp = OcspResponse.GetInstance(aIn.ReadObject()); } catch (global::System.Exception ex) { throw new IOException("malformed response: " + ex.get_Message(), ex); } }
public void GetOCSPOfNewEid_Downloaded() { var target = newEid; var issuer = newEidIssuer; OcspResponse result = target.GetOcspResponse(issuer); BasicOcspResponse resultDetail = BasicOcspResponse.GetInstance(Asn1Object.FromByteArray(result.ResponseBytes.Response.GetOctets())); Assert.NotNull(result); Assert.Equal(0, result.ResponseStatus.IntValueExact); Assert.Equal(resultDetail.TbsResponseData.ProducedAt.ToDateTime().Floor(), DateTime.UtcNow.Floor()); }
public void GetOCSPOfEgelke_Downloaded() { var target = new X509Certificate2(@"files/egelke.crt"); var issuer = new X509Certificate2(@"files/sentigoCA.cer"); OcspResponse result = target.GetOcspResponse(issuer); BasicOcspResponse resultDetail = BasicOcspResponse.GetInstance(Asn1Object.FromByteArray(result.ResponseBytes.Response.GetOctets())); Assert.NotNull(result); Assert.Equal(0, result.ResponseStatus.IntValueExact); Assert.True(resultDetail.TbsResponseData.ProducedAt.ToDateTime() <= DateTime.UtcNow); }
public async Task GetOCSPOfNewEid_DownloadedAsync() { var target = newEid; var issuer = newEidIssuer; OcspResponse result = await target.GetOcspResponseAsync(issuer); BasicOcspResponse resultDetail = BasicOcspResponse.GetInstance(Asn1Object.FromByteArray(result.ResponseBytes.Response.GetOctets())); Assert.IsNotNull(result); Assert.AreEqual(0, result.ResponseStatus.IntValueExact); Assert.IsTrue(resultDetail.TbsResponseData.ProducedAt.ToDateTime() <= DateTime.UtcNow); }
public static CertificateStatus Parse(Stream input) { byte b = TlsUtilities.ReadUint8(input); byte b2 = b; if (b2 == 1) { byte[] encoding = TlsUtilities.ReadOpaque24(input); object instance = OcspResponse.GetInstance(TlsUtilities.ReadDerObject(encoding)); return(new CertificateStatus(b, instance)); } throw new TlsFatalAlert(50); }
public X509CertificateHelperTest() { newEid = new X509Certificate2(@"files/eid79021802145-2027.crt"); newEidIssuer = new X509Certificate2(@"files/Citizen201709.crt"); OcspResponse ocspMsg = OcspResponse.GetInstance(Asn1Sequence.GetInstance(File.ReadAllBytes(@"files/eid79021802145-2027.ocsp-rsp"))); newEidOcsp = BasicOcspResponse.GetInstance(Asn1Sequence.GetInstance(ocspMsg.ResponseBytes.Response.GetOctets())); oldEid = new X509Certificate2(@"files/eid79021802145.crt"); oldEidIssuer = new X509Certificate2(@"files/Citizen201204.crt"); oldEidOcsp = BasicOcspResponse.GetInstance(Asn1Sequence.GetInstance(File.ReadAllBytes(@"files/eid79021802145.ocsp"))); oldEidOcsp2 = BasicOcspResponse.GetInstance(Asn1Sequence.GetInstance(File.ReadAllBytes(@"files/eid79021802145-2.ocsp"))); oldEidCrl = CertificateList.GetInstance(Asn1Sequence.GetInstance(File.ReadAllBytes(@"files/eid79021802145.crl"))); }
public void Test_OcspWorker_Scan_OneInvalidThenValidOcspResponse() { // Arrange var certificate = CreationHelpers.CreateCertificate(); var bcCertificate = CreationHelpers.CreateBCCertificate(); var issuer = CreationHelpers.CreateIntermediate(); var bcIssuer = CreationHelpers.CreateBCIntermediate(); var uri = new Uri("https://google.com"); var bingUri = new Uri("https://bing.com"); HttpWebRequest bingWebRequest = (HttpWebRequest)WebRequest.Create(bingUri); HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(uri); var ocspResponse = new OcspResponse() { Status = 0 }; var workerInformation = MockWorkerInformation(hostname: "google.com", certificate: certificate, issuer: issuer); var ocsp = MockOcsp(certificate: bcCertificate, issuer: bcIssuer, ocspUris: new[] { uri, bingUri }); var previousWorker = new Mock <IAsyncWorker>(); previousWorker.Setup(x => x.Scan(workerInformation)).ReturnsAsync(new List <ScanResult>()); var workerMock = new Mock <OcspWorker>(previousWorker.Object) { CallBase = true }; workerMock.Setup(x => x.CreateOcsp(bcCertificate, bcIssuer)).Returns(ocsp); workerMock.Setup(x => x.CreateOcspRequest(ocsp, uri)).Returns(webRequest); workerMock.Setup(x => x.CreateOcspRequest(ocsp, bingUri)).Returns(bingWebRequest); workerMock.Setup(x => x.SendOcspRequest(webRequest)).ThrowsAsync(new Exception()); workerMock.Setup(x => x.SendOcspRequest(bingWebRequest)).ReturnsAsync(ocspResponse); // Act var worker = workerMock.Object; var response = worker.Scan(workerInformation); response.Wait(); // Assert var result = response.Result.Single() as OcspResponse; Mock.VerifyAll(); Assert.AreEqual(Enums.OcspRevocationStatus.Good, result.Status); Assert.IsNull(result.RevocationReason); }
public void VerifyOCSPOfNewEid_LiveRetrieval() { var target = newEid; var issuer = newEidIssuer; OcspResponse ocspMsg = target.GetOcspResponse(issuer); BasicOcspResponse liveOcsp = BasicOcspResponse.GetInstance(Asn1Object.FromByteArray(ocspMsg.ResponseBytes.Response.GetOctets())); var revocationInfo = new List <BasicOcspResponse>(); revocationInfo.Add(liveOcsp); revocationInfo.Add(newEidOcsp); BasicOcspResponse result = target.Verify(issuer, DateTime.UtcNow, revocationInfo); Assert.NotNull(result); Assert.Equal(DateTime.UtcNow.Floor(), result.TbsResponseData.ProducedAt.ToDateTime().Floor()); }
/** * Parse a {@link CertificateStatus} from a {@link Stream}. * * @param input * the {@link Stream} to parse from. * @return a {@link CertificateStatus} object. * @throws IOException */ public static CertificateStatus Parse(Stream input) { byte status_type = TlsUtilities.ReadUint8(input); object response; switch (status_type) { case CertificateStatusType.ocsp: { byte[] derEncoding = TlsUtilities.ReadOpaque24(input); response = OcspResponse.GetInstance(TlsUtilities.ReadDerObject(derEncoding)); break; } default: throw new TlsFatalAlert(AlertDescription.decode_error); } return(new CertificateStatus(status_type, response)); }
public async Task <List <ScanResult> > Scan(WorkerInformation workerInformation) { var previousResults = await this._PreviousWorker.Scan(workerInformation); if (workerInformation.Certificate == null) { return(previousResults); } var cert = DotNetUtilities.FromX509Certificate(workerInformation.Certificate); var issuer = DotNetUtilities.FromX509Certificate(workerInformation.Issuer); var ocsp = CreateOcsp(cert, issuer); var uris = ocsp.GetOcspUris(); OcspResponse response = new OcspResponse() { Status = OcspRevocationStatus.Unknown }; response = await SendOcspRequests(ocsp, uris, response); previousResults.Add(response); return(previousResults); }
public OcspResp( OcspResponse resp) { this.resp = resp; }