|
public IsValidResponse ( |
||
| ocspResp | ||
| issuerCert | ||
| return | void | |
public void IsValidResponse(BasicOcspResp ocspResp, X509Certificate issuerCert)
{
// by default the OCSP responder certificate is the issuer certificate
X509Certificate responderCert = issuerCert;
// check if there's a responder certificate
X509Certificate[] certs = ocspResp.GetCerts();
if (certs.Length > 0) {
responderCert = certs[0];
try {
responderCert.Verify(issuerCert.GetPublicKey());
}
catch (GeneralSecurityException) {
if (base.Verify(responderCert, issuerCert, DateTime.MaxValue).Count == 0)
throw new VerificationException(responderCert, String.Format("{0} Responder certificate couldn't be verified", responderCert));
}
}
// verify if the signature of the response is valid
if (!VerifyResponse(ocspResp, responderCert))
throw new VerificationException(responderCert, String.Format("{0} OCSP response could not be verified", responderCert));
}
/**
* Gets OCSP response. If {@see OCSPVerifier} was set, the response will be checked.
*/
public virtual BasicOcspResp GetBasicOCSPResp(X509Certificate checkCert, X509Certificate rootCert, String url)
{
try {
OcspResp ocspResponse = GetOcspResponse(checkCert, rootCert, url);
if (ocspResponse == null)
{
return(null);
}
if (ocspResponse.Status != OcspRespStatus.Successful)
{
return(null);
}
BasicOcspResp basicResponse = (BasicOcspResp)ocspResponse.GetResponseObject();
if (verifier != null)
{
verifier.IsValidResponse(basicResponse, rootCert);
}
return(basicResponse);
} catch (Exception ex) {
if (LOGGER.IsLogging(Level.ERROR))
{
LOGGER.Error(ex.Message);
}
}
return(null);
}
