/// <summary>
/// Retrieves the <see cref="OcspReq"/> from the request
/// </summary>
/// <param name="httpRequest"><see cref="OcspHttpRequest"/></param>
/// <returns><see cref="OcspReqResult"/> containing the <see cref="OcspReq"/></returns>
private async Task <OcspReqResult> GetOcspRequest(OcspHttpRequest httpRequest)
{
// Validates the header of the request
if (httpRequest.MediaType != "application/ocsp-request")
{
return(new OcspReqResult
{
Status = OcspRespStatus.MalformedRequest,
Error = "OCSP requests requires 'application/ocsp-request' media's type on header"
});
}
// Try to create the ocsp from the http request
OcspReq ocspRequest;
try
{
ocspRequest = CreateOcspReqFromHttpRequest(httpRequest);
}
catch (Exception e)
{
return(new OcspReqResult
{
Status = OcspRespStatus.MalformedRequest,
Error = $"Error when creating OcspReq from the request. Exception: {e.Message}"
});
}
// Validates whether the ocsp request have certificate's requests
var requests = ocspRequest.GetRequestList();
if (requests == null || requests.Length == 0)
{
return(new OcspReqResult
{
Status = OcspRespStatus.MalformedRequest,
Error = "Request list is empty"
});
}
// Valitates whether the requests are of this CA's responsibility
X509Certificate issuerCertificate = null;
var issuerCerts = (await OcspResponderRepository.GetIssuerCertificates()).ToArray();
var list = ocspRequest.GetRequestList();
for (var i = 0; i < list.Length; i++)
{
var request = list[i];
var certificateId = request.GetCertID();
var recognizedIssuerCertificate = issuerCerts.SingleOrDefault(issuerCert => certificateId.MatchesIssuer(issuerCert));
if (i == 0)
{
issuerCertificate = recognizedIssuerCertificate;
}
if (recognizedIssuerCertificate == null || !Equals(recognizedIssuerCertificate, issuerCertificate))
{
return(new OcspReqResult
{
Status = OcspRespStatus.Unauthorized,
Error = "Any certificate is not of this CA's responsibility"
});
}
issuerCertificate = recognizedIssuerCertificate;
}
// Validation passed so we return the ocspRequest with success status
return(new OcspReqResult
{
Status = OcspRespStatus.Successful,
OcspRequest = ocspRequest,
IssuerCertificate = issuerCertificate
});
}
/// <inheritdoc />
public async Task <IEnumerable <X509Certificate> > GetIssuerCertificates()
{
var certificates = await OcspResponderRepository.GetIssuerCertificates();
return(certificates.Select(DotNetUtilities.FromX509Certificate).ToArray());
}