|
public static GetOCSPURL ( |
||
| certificate | ||
| Результат | String | |
public static String GetOCSPURL(X509Certificate certificate) {
try {
Asn1Object obj = GetExtensionValue(certificate, X509Extensions.AuthorityInfoAccess.Id);
if (obj == null) {
return null;
}
Asn1Sequence AccessDescriptions = (Asn1Sequence) obj;
for (int i = 0; i < AccessDescriptions.Count; i++) {
Asn1Sequence AccessDescription = (Asn1Sequence) AccessDescriptions[i];
if ( AccessDescription.Count != 2 ) {
continue;
} else {
if ((AccessDescription[0] is DerObjectIdentifier) && ((DerObjectIdentifier)AccessDescription[0]).Id.Equals("1.3.6.1.5.5.7.48.1")) {
String AccessLocation = GetStringFromGeneralName((Asn1Object)AccessDescription[1]);
if ( AccessLocation == null ) {
return "" ;
} else {
return AccessLocation ;
}
}
}
}
} catch {
}
return null;
}
/**
* Gets an encoded byte array with OCSP validation. The method should not throw an exception.
* @param checkCert to certificate to check
* @param rootCert the parent certificate
* @param the url to get the verification. It it's null it will be taken
* from the check cert or from other implementation specific source
* @return a byte array with the validation or null if the validation could not be obtained
*/
public virtual byte[] GetEncoded(X509Certificate checkCert, X509Certificate rootCert, String url)
{
try {
if (checkCert == null || rootCert == null)
{
return(null);
}
if (url == null)
{
url = PdfPKCS7.GetOCSPURL(checkCert);
}
if (url == null)
{
return(null);
}
OcspReq request = GenerateOCSPRequest(rootCert, checkCert.SerialNumber);
byte[] array = request.GetEncoded();
HttpWebRequest con = (HttpWebRequest)WebRequest.Create(url);
con.ContentLength = array.Length;
con.ContentType = "application/ocsp-request";
con.Accept = "application/ocsp-response";
con.Method = "POST";
Stream outp = con.GetRequestStream();
outp.Write(array, 0, array.Length);
outp.Close();
HttpWebResponse response = (HttpWebResponse)con.GetResponse();
if (response.StatusCode != HttpStatusCode.OK)
{
throw new IOException(MessageLocalization.GetComposedMessage("invalid.http.response.1", (int)response.StatusCode));
}
Stream inp = response.GetResponseStream();
OcspResp ocspResponse = new OcspResp(inp);
inp.Close();
response.Close();
if (ocspResponse.Status != 0)
{
throw new IOException(MessageLocalization.GetComposedMessage("invalid.status.1", ocspResponse.Status));
}
BasicOcspResp basicResponse = (BasicOcspResp)ocspResponse.GetResponseObject();
if (basicResponse != null)
{
SingleResp[] responses = basicResponse.Responses;
if (responses.Length == 1)
{
SingleResp resp = responses[0];
Object status = resp.GetCertStatus();
if (status == CertificateStatus.Good)
{
return(basicResponse.GetEncoded());
}
else if (status is Org.BouncyCastle.Ocsp.RevokedStatus)
{
throw new IOException(MessageLocalization.GetComposedMessage("ocsp.status.is.revoked"));
}
else
{
throw new IOException(MessageLocalization.GetComposedMessage("ocsp.status.is.unknown"));
}
}
}
}
catch (Exception ex) {
if (LOGGER.IsLogging(Level.ERROR))
{
LOGGER.Error("OcspClientBouncyCastle", ex);
}
}
return(null);
}
