blob: 3e22931afbdcbe4dacdbca444e959d49a94c4c51 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
using System;
using System.Collections.Generic;
using System.IO;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Ocsp;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Ocsp
{
/// <remarks>
/// <code>
/// BasicOcspResponse ::= SEQUENCE {
/// tbsResponseData ResponseData,
/// signatureAlgorithm AlgorithmIdentifier,
/// signature BIT STRING,
/// certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL
/// }
/// </code>
/// </remarks>
public class BasicOcspResp
: X509ExtensionBase
{
private readonly BasicOcspResponse resp;
private readonly ResponseData data;
// private readonly X509Certificate[] chain;
public BasicOcspResp(
BasicOcspResponse resp)
{
this.resp = resp;
this.data = resp.TbsResponseData;
}
/// <returns>The DER encoding of the tbsResponseData field.</returns>
/// <exception cref="OcspException">In the event of an encoding error.</exception>
public byte[] GetTbsResponseData()
{
try
{
return data.GetDerEncoded();
}
catch (IOException e)
{
throw new OcspException("problem encoding tbsResponseData", e);
}
}
public int Version
{
get { return data.Version.IntValueExact + 1; }
}
public RespID ResponderId
{
get { return new RespID(data.ResponderID); }
}
public DateTime ProducedAt
{
get { return data.ProducedAt.ToDateTime(); }
}
public SingleResp[] Responses
{
get
{
Asn1Sequence s = data.Responses;
SingleResp[] rs = new SingleResp[s.Count];
for (int i = 0; i != rs.Length; i++)
{
rs[i] = new SingleResp(SingleResponse.GetInstance(s[i]));
}
return rs;
}
}
public X509Extensions ResponseExtensions
{
get { return data.ResponseExtensions; }
}
protected override X509Extensions GetX509Extensions()
{
return ResponseExtensions;
}
public string SignatureAlgName
{
get { return OcspUtilities.GetAlgorithmName(resp.SignatureAlgorithm.Algorithm); }
}
public string SignatureAlgOid
{
get { return resp.SignatureAlgorithm.Algorithm.Id; }
}
public byte[] GetSignature()
{
return resp.GetSignatureOctets();
}
private List<X509Certificate> GetCertList()
{
// load the certificates if we have any
var result = new List<X509Certificate>();
Asn1Sequence certs = resp.Certs;
if (certs != null)
{
foreach (Asn1Encodable ae in certs)
{
var c = X509CertificateStructure.GetInstance(ae);
if (c != null)
{
result.Add(new X509Certificate(c));
}
}
}
return result;
}
public X509Certificate[] GetCerts()
{
return GetCertList().ToArray();
}
/// <returns>The certificates, if any, associated with the response.</returns>
/// <exception cref="OcspException">In the event of an encoding error.</exception>
public IStore<X509Certificate> GetCertificates()
{
return CollectionUtilities.CreateStore(this.GetCertList());
}
/// <summary>
/// Verify the signature against the tbsResponseData object we contain.
/// </summary>
public bool Verify(
AsymmetricKeyParameter publicKey)
{
try
{
ISigner signature = SignerUtilities.GetSigner(this.SignatureAlgName);
signature.Init(false, publicKey);
byte[] bs = data.GetDerEncoded();
signature.BlockUpdate(bs, 0, bs.Length);
return signature.VerifySignature(this.GetSignature());
}
catch (Exception e)
{
throw new OcspException("exception processing sig: " + e, e);
}
}
/// <returns>The ASN.1 encoded representation of this object.</returns>
public byte[] GetEncoded()
{
return resp.GetEncoded();
}
public override bool Equals(
object obj)
{
if (obj == this)
return true;
BasicOcspResp other = obj as BasicOcspResp;
if (other == null)
return false;
return resp.Equals(other.resp);
}
public override int GetHashCode()
{
return resp.GetHashCode();
}
}
}
|
