/// <summary> /// Get the certificate status. /// </summary> /// <param name="ocspResponse">The ocsp response handler.</param> /// <param name="serialNumbers">The certificates serial number.</param> /// <returns>The certificates status.</returns> private List <string> GetCertificateStatus(Cryptography.Key.Ocsp.OcspResp ocspResponse, ref List <byte[]> serialNumbers) { List <string> certificatesStatus = new List <string>(); serialNumbers = new List <byte[]>(); // Get the ocsp response. Cryptography.Key.Ocsp.BasicOcspResp brep = (Cryptography.Key.Ocsp.BasicOcspResp)ocspResponse.GetResponseObject(); Cryptography.Key.Ocsp.SingleResp[] singleResps = brep.Responses; // For each response. foreach (Cryptography.Key.Ocsp.SingleResp resp in singleResps) { Cryptography.Key.Ocsp.SingleResp singleResp = resp; object status = singleResp.GetCertStatus(); string certificateStatus = ""; // If null the good. if (status == null) { certificateStatus = "GOOD"; } // If revoked if (status is Cryptography.Key.Ocsp.RevokedStatus) { certificateStatus = "REVOKED"; } // If unknown. if (status is Cryptography.Key.Ocsp.UnknownStatus) { certificateStatus = "UNKNOWN"; } // Get the certificate ID. Cryptography.Key.Ocsp.CertificateID certID = singleResp.GetCertID(); serialNumbers.Add(certID.SerialNumber.ToByteArrayUnsigned()); certificatesStatus.Add(certificateStatus); } // Return the certificate status. return(certificatesStatus); }
/// <summary> /// Get the response data for the certificate. /// </summary> /// <param name="certificates">The certificates to create the response for.</param> /// <param name="responseStatus">The response status.</param> /// <returns>The response data.</returns> public byte[] GetResponse(CertificateResponse[] certificates, ResponseStatusType responseStatus) { byte[] response = null; Cryptography.Key.Ocsp.OcspResp ocspResponse = null; // If the response is successful // then create the complete response. if (responseStatus == ResponseStatusType.Successful) { // Only get the first signature. bool isFirstCertificate = true; string signatureAlogorithm = null; // Add the certificate ID and status to the response. Cryptography.Key.Ocsp.BasicOcspRespGenerator basicOcspResponseGen = new Cryptography.Key.Ocsp.BasicOcspRespGenerator(_publicKeySig); // For each certificate add to the response collection. foreach (CertificateResponse certificate in certificates) { // Create the correct certificate status response. Cryptography.Key.Ocsp.CertificateStatus certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good; switch (certificate.CertificateStatus.Status) { case CertificateStatusType.Revoked: // Revoked. certStatus = new Cryptography.Key.Ocsp.RevokedStatus(certificate.CertificateStatus.RevocationDate, (int)certificate.CertificateStatus.RevocationReason); break; case CertificateStatusType.Unknown: // Unknown certStatus = new Cryptography.Key.Ocsp.UnknownStatus(); break; default: // Good. certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good; break; } // Convert X509Certificate2 to X509.X509Certificate Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser(); Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.X509Certificate.RawData); // Create the certificate ID. Cryptography.Key.Ocsp.CertificateID certID = new Cryptography.Key.Ocsp.CertificateID(Cryptography.Key.Ocsp.CertificateID.HashSha1, certBouncy, certBouncy.SerialNumber); basicOcspResponseGen.AddResponse(certID, certStatus); // If the first certificate. if (isFirstCertificate) { // Get the signature algorithm. isFirstCertificate = false; signatureAlogorithm = certBouncy.SigAlgName; } } // Generate the basic response. Cryptography.Key.Ocsp.BasicOcspResp basicOcspResponse = basicOcspResponseGen.Generate(signatureAlogorithm, _privateKeyCA, _chain, DateTime.Now); // Create the complete response. Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator(); ocspResponse = ocspResponseGen.Generate((int)responseStatus, basicOcspResponse); response = ocspResponse.GetEncoded(); } else { // Only create a limited response. Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator(); ocspResponse = ocspResponseGen.Generate((int)responseStatus, null); response = ocspResponse.GetEncoded(); } // Return the response data. return(response); }