/// <summary> /// Get the ocsp request. /// </summary> /// <param name="certificates">The certificates to get status for.</param> /// <returns>The ocsp request encoder data.</returns> private byte[] GetOcspRequest(X509Certificate2[] certificates) { byte[] ocspData = null; // Create the ocsp request. Cryptography.Key.Ocsp.OcspReqGenerator gen = new Cryptography.Key.Ocsp.OcspReqGenerator(); // For each certificate. foreach (X509Certificate2 certificate in certificates) { // Convert X509Certificate2 to X509.X509Certificate Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser(); Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.RawData); // Create the certificate ID. Cryptography.Key.Ocsp.CertificateID certID = new Cryptography.Key.Ocsp.CertificateID(Cryptography.Key.Ocsp.CertificateID.HashSha1, certBouncy, certBouncy.SerialNumber); // Add the certificate ID. gen.AddRequest(certID); gen.SetRequestExtensions(GetExtentions()); } // Generate the request. Cryptography.Key.Ocsp.OcspReq req = gen.Generate(); ocspData = req.GetEncoded(); // Return the request. return(ocspData); }
/// <summary> /// Get the RSA crypto service provider for the CA public key. /// </summary> /// <param name="publicKey">The stream containing the public key data.</param> /// <param name="password">The password used to decrypt the key within the file.</param> /// <returns>The RSA cryto service provider with the public key.</returns> public RSACryptoServiceProvider PublicKeyProvider(StreamReader publicKey, string password = null) { Key.OpenSsl.PemReader publicKeyReader = null; if (String.IsNullOrEmpty(password)) { // Read the public key file. publicKeyReader = new Key.OpenSsl.PemReader(publicKey); } else { // Read the public key file. publicKeyReader = new Key.OpenSsl.PemReader(publicKey, new PasswordFinder(password)); } // Get the ras key parameters Cryptography.Key.X509.X509Certificate x509Certificate = (Cryptography.Key.X509.X509Certificate)publicKeyReader.ReadObject(); // Get the ras key parameters Cryptography.Key.Crypto.Parameters.RsaKeyParameters rsaPublicKey = (Cryptography.Key.Crypto.Parameters.RsaKeyParameters)x509Certificate.GetPublicKey(); // Assign the rsa parameters. RSAParameters rsaPublicParam = new RSAParameters(); rsaPublicParam.Exponent = rsaPublicKey.Exponent.ToByteArrayUnsigned(); rsaPublicParam.Modulus = rsaPublicKey.Modulus.ToByteArrayUnsigned(); // Create the encyption provider. RSACryptoServiceProvider rsaEncryptProvider = new RSACryptoServiceProvider(); rsaEncryptProvider.ImportParameters(rsaPublicParam); // Return the rsa provider. return(rsaEncryptProvider); }
/// <summary> /// Set the certificate chain hierarchy (certificate authority chain). for the response certificate. /// </summary> /// <param name="certificates">The list of certificates within the chain.</param> public void SetChain(X509Certificate2[] certificates) { // Create the list. List <Cryptography.Key.X509.X509Certificate> certChain = new List <Cryptography.Key.X509.X509Certificate>(); // For each certificate. foreach (X509Certificate2 certificate in certificates) { // Convert X509Certificate2 to X509.X509Certificate Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser(); Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.RawData); // Add the certificate. certChain.Add(certBouncy); } // Set the certificate chain list. _chain = certChain.ToArray(); }
/// <summary> /// Get the response data for the certificate. /// </summary> /// <param name="certificates">The certificates to create the response for.</param> /// <param name="responseStatus">The response status.</param> /// <returns>The response data.</returns> public byte[] GetResponse(CertificateResponse[] certificates, ResponseStatusType responseStatus) { byte[] response = null; Cryptography.Key.Ocsp.OcspResp ocspResponse = null; // If the response is successful // then create the complete response. if (responseStatus == ResponseStatusType.Successful) { // Only get the first signature. bool isFirstCertificate = true; string signatureAlogorithm = null; // Add the certificate ID and status to the response. Cryptography.Key.Ocsp.BasicOcspRespGenerator basicOcspResponseGen = new Cryptography.Key.Ocsp.BasicOcspRespGenerator(_publicKeySig); // For each certificate add to the response collection. foreach (CertificateResponse certificate in certificates) { // Create the correct certificate status response. Cryptography.Key.Ocsp.CertificateStatus certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good; switch (certificate.CertificateStatus.Status) { case CertificateStatusType.Revoked: // Revoked. certStatus = new Cryptography.Key.Ocsp.RevokedStatus(certificate.CertificateStatus.RevocationDate, (int)certificate.CertificateStatus.RevocationReason); break; case CertificateStatusType.Unknown: // Unknown certStatus = new Cryptography.Key.Ocsp.UnknownStatus(); break; default: // Good. certStatus = Cryptography.Key.Ocsp.CertificateStatus.Good; break; } // Convert X509Certificate2 to X509.X509Certificate Cryptography.Key.X509.X509CertificateParser certParser = new Cryptography.Key.X509.X509CertificateParser(); Cryptography.Key.X509.X509Certificate certBouncy = certParser.ReadCertificate(certificate.X509Certificate.RawData); // Create the certificate ID. Cryptography.Key.Ocsp.CertificateID certID = new Cryptography.Key.Ocsp.CertificateID(Cryptography.Key.Ocsp.CertificateID.HashSha1, certBouncy, certBouncy.SerialNumber); basicOcspResponseGen.AddResponse(certID, certStatus); // If the first certificate. if (isFirstCertificate) { // Get the signature algorithm. isFirstCertificate = false; signatureAlogorithm = certBouncy.SigAlgName; } } // Generate the basic response. Cryptography.Key.Ocsp.BasicOcspResp basicOcspResponse = basicOcspResponseGen.Generate(signatureAlogorithm, _privateKeyCA, _chain, DateTime.Now); // Create the complete response. Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator(); ocspResponse = ocspResponseGen.Generate((int)responseStatus, basicOcspResponse); response = ocspResponse.GetEncoded(); } else { // Only create a limited response. Cryptography.Key.Ocsp.OCSPRespGenerator ocspResponseGen = new Cryptography.Key.Ocsp.OCSPRespGenerator(); ocspResponse = ocspResponseGen.Generate((int)responseStatus, null); response = ocspResponse.GetEncoded(); } // Return the response data. return(response); }