// todo: add unit test for OCSP (possible regressions with using RSA instead of RSACryptoServiceProvider)
public static OcspReq Generate(this OcspReqGenerator ocspRegGenerator,
RSA rsa,
X509Chain chain)
{
Asn1EncodableVector requests = new Asn1EncodableVector();
DerObjectIdentifier signingAlgorithm = PkcsObjectIdentifiers.Sha1WithRsaEncryption;
IList list = null;
Type OcspReqGeneratorInfo_Type = typeof(OcspReqGenerator);
FieldInfo ListInfo_m_parameters = OcspReqGeneratorInfo_Type.GetField("list", BindingFlags.NonPublic | BindingFlags.Instance);
list = (IList)ListInfo_m_parameters.GetValue(ocspRegGenerator);
Type RequestObjectType = OcspReqGeneratorInfo_Type.GetNestedType("RequestObject", BindingFlags.NonPublic | BindingFlags.Instance);
MethodInfo toRequestMethod = RequestObjectType.GetMethod("ToRequest");
foreach (object reqObj in list)
{
try
{
requests.Add((Request)toRequestMethod.Invoke(reqObj, null));
}
catch (Exception e)
{
throw new OcspException("exception creating Request", e);
}
}
GeneralName requestorName;
FieldInfo GeneralNameInfo_m_parameters = OcspReqGeneratorInfo_Type.GetField("requestorName", BindingFlags.NonPublic | BindingFlags.Instance);
requestorName = (GeneralName)GeneralNameInfo_m_parameters.GetValue(ocspRegGenerator);
X509Extensions requestExtensions = null;
FieldInfo requestExtensions_parameters = OcspReqGeneratorInfo_Type.GetField("requestExtensions", BindingFlags.NonPublic | BindingFlags.Instance);
requestExtensions = (X509Extensions)requestExtensions_parameters.GetValue(ocspRegGenerator);
TbsRequest tbsReq = new TbsRequest(requestorName, new DerSequence(requests), requestExtensions);
Org.BouncyCastle.Asn1.Ocsp.Signature signature = null;
if (signingAlgorithm != null)
{
if (requestorName == null)
{
throw new OcspException("requestorName must be specified if request is signed.");
}
DerBitString bitSig = null;
try
{
byte[] encoded = tbsReq.GetEncoded();
byte[] signedData = rsa.SignData(encoded, HashAlgorithmName.SHA1, RSASignaturePadding.Pkcs1);
bitSig = new DerBitString(signedData);
}
catch (Exception e)
{
throw new OcspException("exception processing TBSRequest: " + e, e);
}
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(signingAlgorithm, DerNull.Instance);
if (chain != null && chain.ChainElements.Count > 0)
{
Asn1EncodableVector v = new Asn1EncodableVector();
try
{
for (int i = 0; i != chain.ChainElements.Count; i++)
{
v.Add(
X509CertificateStructure.GetInstance(
Asn1Object.FromByteArray(chain.ChainElements[i].Certificate.RawData)));
}
}
catch (Exception e)
{
throw new OcspException("error processing certs", e);
}
signature = new Org.BouncyCastle.Asn1.Ocsp.Signature(sigAlgId, bitSig, new DerSequence(v));
}
else
{
signature = new Org.BouncyCastle.Asn1.Ocsp.Signature(sigAlgId, bitSig);
}
}
return(new OcspReq(new OcspRequest(tbsReq, signature)));
}