/// <summary>
/// Checks the certificate ID of the response is valid.
/// </summary>
/// <param name="issuerCert">Issuer Certificate if the client</param>
/// <param name="clientCert">Client Certificate</param>
/// <param name="certificateId">Id of certificate found in OCSP response</param>
private void ValidateCertificateId(X509Certificate issuerCert, X509Certificate clientCert, BouncyCastleOCSP.CertificateID certificateId)
{
BouncyCastleOCSP.CertificateID expectedId = new BouncyCastleOCSP.CertificateID(BouncyCastleOCSP.CertificateID.HashSha1, issuerCert, clientCert.SerialNumber);
if (!expectedId.SerialNumber.Equals(certificateId.SerialNumber))
{
throw new HttpException(401, "Invalid certificate ID in response");
}
if (!Org.BouncyCastle.Utilities.Arrays.AreEqual(expectedId.GetIssuerNameHash(), certificateId.GetIssuerNameHash()))
{
throw new HttpException(401, "Invalid certificate Issuer in response");
}
}