/// <summary>
/// Get the certificate status.
/// </summary>
/// <param name="ocspResponse">The ocsp response handler.</param>
/// <param name="serialNumbers">The certificates serial number.</param>
/// <returns>The certificates status.</returns>
private List <string> GetCertificateStatus(Cryptography.Key.Ocsp.OcspResp ocspResponse, ref List <byte[]> serialNumbers)
{
List <string> certificatesStatus = new List <string>();
serialNumbers = new List <byte[]>();
// Get the ocsp response.
Cryptography.Key.Ocsp.BasicOcspResp brep = (Cryptography.Key.Ocsp.BasicOcspResp)ocspResponse.GetResponseObject();
Cryptography.Key.Ocsp.SingleResp[] singleResps = brep.Responses;
// For each response.
foreach (Cryptography.Key.Ocsp.SingleResp resp in singleResps)
{
Cryptography.Key.Ocsp.SingleResp singleResp = resp;
object status = singleResp.GetCertStatus();
string certificateStatus = "";
// If null the good.
if (status == null)
{
certificateStatus = "GOOD";
}
// If revoked
if (status is Cryptography.Key.Ocsp.RevokedStatus)
{
certificateStatus = "REVOKED";
}
// If unknown.
if (status is Cryptography.Key.Ocsp.UnknownStatus)
{
certificateStatus = "UNKNOWN";
}
// Get the certificate ID.
Cryptography.Key.Ocsp.CertificateID certID = singleResp.GetCertID();
serialNumbers.Add(certID.SerialNumber.ToByteArrayUnsigned());
certificatesStatus.Add(certificateStatus);
}
// Return the certificate status.
return(certificatesStatus);
}
/// <summary>
/// Get the response data for the certificate.
/// </summary>
/// <param name="certificates">The certificates to create the response for.</param>
/// <param name="responseStatus">The response status.</param>
/// <returns>The response data.</returns>
public byte[] GetResponse(CertificateResponse[] certificates, ResponseStatusType responseStatus)
{
byte[] response = null;
Cryptography.Key.Ocsp.OcspResp ocspResponse = null;
// If the response is successful
// then create the complete response.
if (responseStatus == ResponseStatusType.Successful)
{
// Only get the first signature.
bool isFirstCertificate = true;
string signatureAlogorithm = null;
// Add the certificate ID and status to the response.
Cryptography.Key.Ocsp.BasicOcspRespGenerator basicOcspResponseGen = new Cryptography.Key.Ocsp.BasicOcspRespGenerator(_publicKeySig);
// For each certificate add to the response collection.
foreach (CertificateResponse certificate in certificates)
{
// Create the correct certificate status response.
Cryptography.Key.Ocsp.CertificateStatus certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good;
switch (certificate.CertificateStatus.Status)
{
case CertificateStatusType.Revoked:
// Revoked.
certStatus = new Cryptography.Key.Ocsp.RevokedStatus(certificate.CertificateStatus.RevocationDate, (int)certificate.CertificateStatus.RevocationReason);
break;
case CertificateStatusType.Unknown:
// Unknown
certStatus = new Cryptography.Key.Ocsp.UnknownStatus();
break;
default:
// Good.
certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good;
break;
}
// Convert X509Certificate2 to X509.X509Certificate
Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser();
Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.X509Certificate.RawData);
// Create the certificate ID.
Cryptography.Key.Ocsp.CertificateID certID =
new Cryptography.Key.Ocsp.CertificateID(Cryptography.Key.Ocsp.CertificateID.HashSha1, certBouncy, certBouncy.SerialNumber);
basicOcspResponseGen.AddResponse(certID, certStatus);
// If the first certificate.
if (isFirstCertificate)
{
// Get the signature algorithm.
isFirstCertificate = false;
signatureAlogorithm = certBouncy.SigAlgName;
}
}
// Generate the basic response.
Cryptography.Key.Ocsp.BasicOcspResp basicOcspResponse = basicOcspResponseGen.Generate(signatureAlogorithm, _privateKeyCA, _chain, DateTime.Now);
// Create the complete response.
Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator();
ocspResponse = ocspResponseGen.Generate((int)responseStatus, basicOcspResponse);
response = ocspResponse.GetEncoded();
}
else
{
// Only create a limited response.
Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator();
ocspResponse = ocspResponseGen.Generate((int)responseStatus, null);
response = ocspResponse.GetEncoded();
}
// Return the response data.
return(response);
}
