62,046
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
kevin_hwk 2011-10-10
- 打赏
- 举报
我的代码:
using System;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.IO;
using System.Net;
using System.Collections;
using System.Security.Cryptography.X509Certificates;
/*Bouncy castle*/
using Org.BouncyCastle.Ocsp;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto.Tls;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Ocsp;
using Org.BouncyCastle.Utilities.Encoders;
using Org.BouncyCastle.X509;
public partial class UKeyVerification : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
X509Store store = new X509Store(StoreName.My);
store.Open(OpenFlags.ReadOnly);
X509CertificateCollection certificates =
X509Certificate2UI.SelectFromCollection
(
store.Certificates,
"Liste des certificats",
"Veuillez sélectionner un certificat",
X509SelectionFlag.SingleSelection
);
//Close certificate store
store.Close();
//Retrieve selected certificate
if (certificates.Count == 0) //the user has caceled shoosing certificate
{
return;
}
X509Certificate2 certificate = (X509Certificate2)certificates[0];
//Convert X509Certificate2 to Org.BouncyCastle.X509.X509Certificate
X509CertificateParser certParser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate CertBouncy = certParser.ReadCertificate(certificate.RawData);
//FileStream fs = new FileStream(@"C:\AV.cer",FileMode.Open);
//Org.BouncyCastle.X509.X509Certificate CertBouncy = certParser.ReadCertificate(fs);
//DoOcspRequest(new Uri("http://ocsp.eid.belgium.be"), CertBouncy.SerialNumber, CertBouncy);
DoOcspRequest(new Uri("http://10.27.141.13:8800"), CertBouncy.SerialNumber, CertBouncy);
}
private static byte[] getOcspPackage(BigInteger serialNr, Org.BouncyCastle.X509.X509Certificate cacert)
{
OcspReqGenerator gen = new OcspReqGenerator();
try
{
CertificateID certId = new CertificateID(CertificateID.HashSha1, cacert, serialNr);
gen.AddRequest(certId);
gen.SetRequestExtensions(getExtentions());
OcspReq req;
req = gen.Generate();
return req.GetEncoded();
}
catch (OcspException e)
{
//System.Console.WriteLine(e.Message);
HttpContext.Current.Response.Write("1"+e.Message);
}
catch (IOException e)
{
//System.Console.WriteLine(e.Message);
HttpContext.Current.Response.Write("2" + e.Message);
}
return null;
}
private static X509Extensions getExtentions()
{
byte[] nonce = new byte[16];
Hashtable exts = new Hashtable();
Org.BouncyCastle.Asn1.X509.X509Extension nonceext = new Org.BouncyCastle.Asn1.X509.X509Extension(false, new DerOctetString(nonce));
exts.Add(OcspObjectIdentifiers.PkixOcspNonce, nonceext);
return new X509Extensions(exts);
}
private byte[] DoOcspRequest(Uri uri, BigInteger serialNr, Org.BouncyCastle.X509.X509Certificate certificate)
{
byte[] response = null;
HttpWebRequest webRequest = null;
try
{
webRequest = (HttpWebRequest)WebRequest.Create(uri);
//Setting required HTTP Headers
webRequest.ContentType = "application/ocsp-request";
//webRequest.Accept = "application/ocsp-response";
webRequest.Method = "POST";
byte[] ocspPackage = getOcspPackage(serialNr, certificate);
webRequest.ContentLength = ocspPackage.Length;
HttpContext.Current.Response.Write("1111" + "<br/>");
//webRequest.KeepAlive = true;
Stream s = webRequest.GetRequestStream();
s.Write(ocspPackage, 0, ocspPackage.Length);
HttpContext.Current.Response.Write("2222" + "<br/>");
//Getting the response
//webRequest.Proxy = null;
HttpWebResponse res = (HttpWebResponse)webRequest.GetResponse();
HttpContext.Current.Response.Write("3333" + "<br/>");
//reading Content-Length Header
long contentLength = res.ContentLength;//normally about 3100 bytes
OcspResp OcspResponse = new OcspResp(res.GetResponseStream());
string statusOcsp = getOcspResponseStatus(OcspResponse.Status);
System.Console.WriteLine(statusOcsp);
HttpContext.Current.Response.Write("4444" + statusOcsp+"<br/>");
BasicOcspResp brep;
brep = (BasicOcspResp)OcspResponse.GetResponseObject();
SingleResp[] singleResps = brep.Responses;
SingleResp singleResp = singleResps[0];
Object status = singleResp.GetCertStatus();
s.Close();
}
catch (Exception ex)
{
//System.Console.WriteLine(ex.Message);
HttpContext.Current.Response.Write("3" + ex.Message + "<br/>");
}
return response;
}
private static string getOcspResponseStatus(int status)
{
string OcspResponseStatus = "";
switch (status)
{
case 0: OcspResponseStatus = "succesfull";
break;
case 1: OcspResponseStatus = "malformedRequest";
break;
case 2: OcspResponseStatus = "internalError";
break;
case 3: OcspResponseStatus = "tryLater";
break;
case 5: OcspResponseStatus = "sigRequired";
break;
case 6: OcspResponseStatus = "unauthorized";
break;
}
return OcspResponseStatus;
HttpContext.Current.Response.Write("4" + OcspResponseStatus);
}
private static void getOcspResponse(Stream sResponse)
{
try
{
OcspResp response = new OcspResp(sResponse);
BasicOcspResp brep;
brep = (BasicOcspResp)response.GetResponseObject();
SingleResp[] singleResps = brep.Responses;
SingleResp singleResp = singleResps[0];
Object status = singleResp.GetCertStatus();
if (status == null)
{
//System.Console.WriteLine("OCSP Response is GOOD");
HttpContext.Current.Response.Write("OCSP Response is GOOD" + "<br/>");
}
else
{
//System.Console.WriteLine("OCSP Response is REVOKED or UNKNOW");
HttpContext.Current.Response.Write("OCSP Response is REVOKED or UNKNOW" + "<br/>");
}
}
catch (Exception e)
{
System.Console.WriteLine("5" + e.Message);
}
}
}
using System;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.IO;
using System.Net;
using System.Collections;
using System.Security.Cryptography.X509Certificates;
/*Bouncy castle*/
using Org.BouncyCastle.Ocsp;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto.Tls;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Ocsp;
using Org.BouncyCastle.Utilities.Encoders;
using Org.BouncyCastle.X509;
public partial class UKeyVerification : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
X509Store store = new X509Store(StoreName.My);
store.Open(OpenFlags.ReadOnly);
X509CertificateCollection certificates =
X509Certificate2UI.SelectFromCollection
(
store.Certificates,
"Liste des certificats",
"Veuillez sélectionner un certificat",
X509SelectionFlag.SingleSelection
);
//Close certificate store
store.Close();
//Retrieve selected certificate
if (certificates.Count == 0) //the user has caceled shoosing certificate
{
return;
}
X509Certificate2 certificate = (X509Certificate2)certificates[0];
//Convert X509Certificate2 to Org.BouncyCastle.X509.X509Certificate
X509CertificateParser certParser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate CertBouncy = certParser.ReadCertificate(certificate.RawData);
//FileStream fs = new FileStream(@"C:\AV.cer",FileMode.Open);
//Org.BouncyCastle.X509.X509Certificate CertBouncy = certParser.ReadCertificate(fs);
//DoOcspRequest(new Uri("http://ocsp.eid.belgium.be"), CertBouncy.SerialNumber, CertBouncy);
DoOcspRequest(new Uri("http://10.27.141.13:8800"), CertBouncy.SerialNumber, CertBouncy);
}
private static byte[] getOcspPackage(BigInteger serialNr, Org.BouncyCastle.X509.X509Certificate cacert)
{
OcspReqGenerator gen = new OcspReqGenerator();
try
{
CertificateID certId = new CertificateID(CertificateID.HashSha1, cacert, serialNr);
gen.AddRequest(certId);
gen.SetRequestExtensions(getExtentions());
OcspReq req;
req = gen.Generate();
return req.GetEncoded();
}
catch (OcspException e)
{
//System.Console.WriteLine(e.Message);
HttpContext.Current.Response.Write("1"+e.Message);
}
catch (IOException e)
{
//System.Console.WriteLine(e.Message);
HttpContext.Current.Response.Write("2" + e.Message);
}
return null;
}
private static X509Extensions getExtentions()
{
byte[] nonce = new byte[16];
Hashtable exts = new Hashtable();
Org.BouncyCastle.Asn1.X509.X509Extension nonceext = new Org.BouncyCastle.Asn1.X509.X509Extension(false, new DerOctetString(nonce));
exts.Add(OcspObjectIdentifiers.PkixOcspNonce, nonceext);
return new X509Extensions(exts);
}
private byte[] DoOcspRequest(Uri uri, BigInteger serialNr, Org.BouncyCastle.X509.X509Certificate certificate)
{
byte[] response = null;
HttpWebRequest webRequest = null;
try
{
webRequest = (HttpWebRequest)WebRequest.Create(uri);
//Setting required HTTP Headers
webRequest.ContentType = "application/ocsp-request";
//webRequest.Accept = "application/ocsp-response";
webRequest.Method = "POST";
byte[] ocspPackage = getOcspPackage(serialNr, certificate);
webRequest.ContentLength = ocspPackage.Length;
HttpContext.Current.Response.Write("1111" + "<br/>");
//webRequest.KeepAlive = true;
Stream s = webRequest.GetRequestStream();
s.Write(ocspPackage, 0, ocspPackage.Length);
HttpContext.Current.Response.Write("2222" + "<br/>");
//Getting the response
//webRequest.Proxy = null;
HttpWebResponse res = (HttpWebResponse)webRequest.GetResponse();
HttpContext.Current.Response.Write("3333" + "<br/>");
//reading Content-Length Header
long contentLength = res.ContentLength;//normally about 3100 bytes
OcspResp OcspResponse = new OcspResp(res.GetResponseStream());
string statusOcsp = getOcspResponseStatus(OcspResponse.Status);
System.Console.WriteLine(statusOcsp);
HttpContext.Current.Response.Write("4444" + statusOcsp+"<br/>");
BasicOcspResp brep;
brep = (BasicOcspResp)OcspResponse.GetResponseObject();
SingleResp[] singleResps = brep.Responses;
SingleResp singleResp = singleResps[0];
Object status = singleResp.GetCertStatus();
s.Close();
}
catch (Exception ex)
{
//System.Console.WriteLine(ex.Message);
HttpContext.Current.Response.Write("3" + ex.Message + "<br/>");
}
return response;
}
private static string getOcspResponseStatus(int status)
{
string OcspResponseStatus = "";
switch (status)
{
case 0: OcspResponseStatus = "succesfull";
break;
case 1: OcspResponseStatus = "malformedRequest";
break;
case 2: OcspResponseStatus = "internalError";
break;
case 3: OcspResponseStatus = "tryLater";
break;
case 5: OcspResponseStatus = "sigRequired";
break;
case 6: OcspResponseStatus = "unauthorized";
break;
}
return OcspResponseStatus;
HttpContext.Current.Response.Write("4" + OcspResponseStatus);
}
private static void getOcspResponse(Stream sResponse)
{
try
{
OcspResp response = new OcspResp(sResponse);
BasicOcspResp brep;
brep = (BasicOcspResp)response.GetResponseObject();
SingleResp[] singleResps = brep.Responses;
SingleResp singleResp = singleResps[0];
Object status = singleResp.GetCertStatus();
if (status == null)
{
//System.Console.WriteLine("OCSP Response is GOOD");
HttpContext.Current.Response.Write("OCSP Response is GOOD" + "<br/>");
}
else
{
//System.Console.WriteLine("OCSP Response is REVOKED or UNKNOW");
HttpContext.Current.Response.Write("OCSP Response is REVOKED or UNKNOW" + "<br/>");
}
}
catch (Exception e)
{
System.Console.WriteLine("5" + e.Message);
}
}
}
