/// <summary>
/// Checks if the OCSP response from the OCSP responder. Returns the validity of the certificate used to sign the ocsp response and also
/// if the client certificate is valid, revoked or unknown.
/// </summary>
/// <param name="clientCert">Client certificate</param>
/// <param name="issuerCert">Issuer certificate of the client certificate</param>
/// <param name="binaryResp">OCSP response</param>
/// <returns>CertificateStatus</returns>
private CertificateStatus CheckOcspResponse(X509Certificate clientCert, X509Certificate issuerCert, byte[] binaryResp)
{
BouncyCastleOCSP.OcspResp ocspResponse = new BouncyCastleOCSP.OcspResp(binaryResp);
CertificateStatus certStatus = CertificateStatus.Unknown;
switch (ocspResponse.Status)
{
case BouncyCastleOCSP.OcspRespStatus.Successful:
BouncyCastleOCSP.BasicOcspResp response = (BouncyCastleOCSP.BasicOcspResp)ocspResponse.GetResponseObject();
if (response.Responses.Length == 1)
{
BouncyCastleOCSP.SingleResp singleResponse = response.Responses[0];
ValidateCertificateId(issuerCert, clientCert, singleResponse.GetCertID());
ValidateThisUpdate(singleResponse);
ValidateNextUpdate(singleResponse);
Object certificateStatus = singleResponse.GetCertStatus();
if (certificateStatus == Org.BouncyCastle.Ocsp.CertificateStatus.Good)
{
certStatus = CertificateStatus.Good;
}
else if (certificateStatus is Org.BouncyCastle.Ocsp.RevokedStatus)
{
certStatus = CertificateStatus.Revoked;
}
else if (certificateStatus is Org.BouncyCastle.Ocsp.UnknownStatus)
{
certStatus = CertificateStatus.Unknown;
}
}
break;
default:
{
throw new BouncyCastleOCSP.OcspException("Error status: " + this.GetOCSPResponseStatus(ocspResponse.Status));
}
}
return(certStatus);
}