/// <summary> /// Creates the <see cref="OcspReq"/> from GET/> /// </summary> /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param> /// <returns><see cref="OcspReq"/></returns> private OcspReq CreateOcspReqFromGet(OcspHttpRequest httpRequest) { string encodedOcspRequest = HttpUtility.UrlDecode(httpRequest.RequestUri.Segments.Last()); byte[] bytes = Convert.FromBase64String(encodedOcspRequest); return(new OcspReq(bytes)); }
/// <summary> /// Creates the <see cref="OcspReq"/> from <see cref="OcspHttpRequest"/> /// </summary> /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param> /// <returns><see cref="OcspReq"/></returns> private OcspReq CreateOcspReqFromHttpRequest(OcspHttpRequest httpRequest) { switch (httpRequest.HttpMethod.ToUpper()) { case "GET": return(CreateOcspReqFromGet(httpRequest)); case "POST": return(CreateOcspReqFromPost(httpRequest)); default: throw new HttpRequestException("Only GET and POST methods are allowed"); } }
public async Task <OcspHttpResponse> Respond(OcspHttpRequest httpRequest) { try { OcspReqResult ocspReqResult = await GetOcspRequest(httpRequest); if (ocspReqResult.Status != OcspRespStatus.Successful) { Log.Warn(ocspReqResult.Error); return(CreateResponse(OcspResponseGenerator.Generate(ocspReqResult.Status, null).GetEncoded())); } OcspResp ocspResponse = await GetOcspDefinitiveResponse(ocspReqResult.OcspRequest, ocspReqResult.IssuerCertificate); return(CreateResponse(ocspResponse.GetEncoded())); } catch (Exception e) { Log.Error(e.Message); return(CreateResponse(OcspResponseGenerator.Generate(OcspRespStatus.InternalError, null).GetEncoded())); } }
/// <summary> /// Creates the <see cref="OcspReq"/> from POST /// </summary> /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param> /// <returns><see cref="OcspReq"/></returns> private OcspReq CreateOcspReqFromPost(OcspHttpRequest httpRequest) { return(new OcspReq(httpRequest.Content)); }
/// <summary> /// Retrieves the <see cref="OcspReq"/> from the request /// </summary> /// <param name="httpRequest"><see cref="OcspHttpRequest"/></param> /// <returns><see cref="OcspReqResult"/> containing the <see cref="OcspReq"/></returns> private async Task <OcspReqResult> GetOcspRequest(OcspHttpRequest httpRequest) { // Validates the header of the request if (httpRequest.MediaType != "application/ocsp-request") { return(new OcspReqResult { Status = OcspRespStatus.MalformedRequest, Error = "OCSP requests requires 'application/ocsp-request' media's type on header" }); } // Try to create the ocsp from the http request OcspReq ocspRequest; try { ocspRequest = CreateOcspReqFromHttpRequest(httpRequest); } catch (Exception e) { return(new OcspReqResult { Status = OcspRespStatus.MalformedRequest, Error = $"Error when creating OcspReq from the request. Exception: {e.Message}" }); } // Validates whether the ocsp request have certificate's requests var requests = ocspRequest.GetRequestList(); if (requests == null || requests.Length == 0) { return(new OcspReqResult { Status = OcspRespStatus.MalformedRequest, Error = "Request list is empty" }); } // Valitates whether the requests are of this CA's responsibility X509Certificate issuerCertificate = null; var issuerCerts = (await OcspResponderRepository.GetIssuerCertificates()).ToArray(); var list = ocspRequest.GetRequestList(); for (var i = 0; i < list.Length; i++) { var request = list[i]; var certificateId = request.GetCertID(); var recognizedIssuerCertificate = issuerCerts.SingleOrDefault(issuerCert => certificateId.MatchesIssuer(issuerCert)); if (i == 0) { issuerCertificate = recognizedIssuerCertificate; } if (recognizedIssuerCertificate == null || !Equals(recognizedIssuerCertificate, issuerCertificate)) { return(new OcspReqResult { Status = OcspRespStatus.Unauthorized, Error = "Any certificate is not of this CA's responsibility" }); } issuerCertificate = recognizedIssuerCertificate; } // Validation passed so we return the ocspRequest with success status return(new OcspReqResult { Status = OcspRespStatus.Successful, OcspRequest = ocspRequest, IssuerCertificate = issuerCertificate }); }