iTextSharp OCSP vs OpenSSL OCSP
|
View:
New views
7 Messages
—
Rating Filter:
Alert me
|
 |
iTextSharp OCSP vs OpenSSL OCSP
by mtrekker
::
Rate this Message:
I was wondering is there any difference ? When comparing the iTextSharp
request and OpenSSL OCSP request bytes (ethernet trace file) then I see that they are totally different in byte sizes... ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ itextsharp-questions mailing list itextsharp-questions@... https://lists.sourceforge.net/lists/listinfo/itextsharp-questions |
|
|
Re: iTextSharp OCSP vs OpenSSL OCSP
by Paulo Soares-3
::
Rate this Message:
Is that just curiosity or the iTexSharp implementation is not working for you?
Paulo > -----Original Message----- > From: Mikro Trekker [mailto:mtrekker@...] > Sent: Monday, August 31, 2009 2:09 PM > To: itextsharp-questions@... > Subject: [itextsharp-questions] iTextSharp OCSP vs OpenSSL OCSP > > I was wondering is there any difference ? When comparing the > iTextSharp > request and OpenSSL OCSP request bytes (ethernet trace file) > then I see > that they are totally different in byte sizes... Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ itextsharp-questions mailing list itextsharp-questions@... https://lists.sourceforge.net/lists/listinfo/itextsharp-questions |
|
|
|
|
|
Re: iTextSharp OCSP vs OpenSSL OCSP
by Paulo Soares-3
::
Rate this Message:
itextSharp's implementation doesn't sign the request, maybe that's the problem.
Paulo > -----Original Message----- > From: Mikro Trekker [mailto:mtrekker@...] > Sent: Monday, August 31, 2009 6:25 PM > To: itextsharp-questions@... > Subject: Re: [itextsharp-questions] iTextSharp OCSP vs OpenSSL OCSP > > For some reason iTextSharp's implementation doesn't work > (http://itextpdf.sourceforge.net/howtosign.html#signtsocspcs). > > When using OpenSSL then I see that the request is containing PKCS12 > certificate bytes, iTextSharp request doesn't contain these bytes. > OpenSSL OCSP request against my OCSP responder is working > fine, but when > using the iTextSharp example I end up with an exception: status is > unknown... Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ itextsharp-questions mailing list itextsharp-questions@... https://lists.sourceforge.net/lists/listinfo/itextsharp-questions |
|
|
|
|
|
|
|
|
Re: iTextSharp OCSP vs OpenSSL OCSP
by Paulo Soares-3
::
Rate this Message:
Your question is probably better placed at the BouncyCastle mailing list. iTextSharp uses BouncyCastle for all the crypto.
Paulo > -----Original Message----- > From: Mikro Trekker [mailto:mtrekker@...] > Sent: Tuesday, September 01, 2009 9:34 AM > To: itextsharp-questions@... > Subject: Re: [itextsharp-questions] iTextSharp OCSP vs OpenSSL OCSP > > I see it's already implemented... Decided to test it, but I > still end up > with "Unknown status". > Is my GenerateOCSPRequest faulty ??? > > public OcspReq GenerateOCSPRequest(X509Certificate checkerCert, > X509Certificate rootCert, BigInteger serialNumber, > AsymmetricKeyParameter privateKey) > { > // Generate the id for the certificate we are looking for > CertificateID id = new > CertificateID(CertificateID.HashSha1, > rootCert, serialNumber); > > // basic request generation with nonce > OcspReqGenerator gen = new OcspReqGenerator(); > > gen.AddRequest(id); > > // create details for nonce extension > ArrayList oids = new ArrayList(); > ArrayList values = new ArrayList(); > > oids.Add(OcspObjectIdentifiers.PkixOcspNonce); > values.Add(new X509Extension(false, new DerOctetString(new > DerOctetString(PdfEncryption.CreateDocumentId()).GetEncoded()))); > > gen.SetRequestExtensions(new X509Extensions(oids, > values)); > > X509Certificate[] chain = new X509Certificate[1]; > chain[0] = checkerCert; > > gen.SetRequestorName(checkerCert.SubjectDN); > > return gen.Generate(checkerCert.SigAlgOid, privateKey, > chain); > } > > public byte[] GetEncodedOCSPResponse(string url, byte[] array) > { > HttpWebRequest con = > (HttpWebRequest)WebRequest.Create(url); > con.ContentLength = array.Length; > con.ContentType = "application/ocsp-request"; > con.Accept = "application/ocsp-response"; > con.Method = "POST"; > Stream outp = con.GetRequestStream(); > outp.Write(array, 0, array.Length); > outp.Close(); > HttpWebResponse response = > (HttpWebResponse)con.GetResponse(); > if (response.StatusCode != HttpStatusCode.OK) > throw new IOException("Invalid HTTP response: " + > (int)response.StatusCode); > Stream inp = response.GetResponseStream(); > OcspResp ocspResponse = new OcspResp(inp); > inp.Close(); > response.Close(); > > if (ocspResponse.Status != 0) > throw new IOException("Invalid status: " + > ocspResponse.Status); > BasicOcspResp basicResponse = > (BasicOcspResp)ocspResponse.GetResponseObject(); > if (basicResponse != null) > { > SingleResp[] responses = basicResponse.Responses; > if (responses.Length == 1) > { > SingleResp resp = responses[0]; > Object status = resp.GetCertStatus(); > if (status == CertificateStatus.Good) > { > return basicResponse.GetEncoded(); > } > else if (status is > Org.BouncyCastle.Ocsp.RevokedStatus) > { > throw new IOException("OCSP Status is > revoked!"); > } > else > { > throw new IOException("OCSP Status is > unknown!"); > } > } > } > return null; > } > > public void GenerateOcspRequest() > { > String CERT_PATH = "private.p12"; > String CERT_PASSW = "password"; > > FileStream fs = new FileStream(CERT_PATH, FileMode.Open); > Pkcs12Store ks = new Pkcs12Store(fs, > CERT_PASSW.ToCharArray()); > string alias = null; > foreach (string al in ks.Aliases) > { > if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) > { > alias = al; > break; > } > } > fs.Close(); > ICipherParameters privkey = ks.GetKey(alias).Key; > X509CertificateEntry[] x = ks.GetCertificateChain(alias); > Org.BouncyCastle.X509.X509Certificate[] ch = new > Org.BouncyCastle.X509.X509Certificate[x.Length]; > for (int k = 0; k < x.Length; ++k) > ch[k] = x[k].Certificate; > > byte[] ocsp; > byte[] array; > > if (ch.Length >= 2) > { > string url = > System.Configuration.ConfigurationSettings.AppSettings["OCSPUrl"]; > if (url != null && url.Length > 0) > { > OcspReq request = GenerateOCSPRequest(checkCert, > rootCert, checkCert.SerialNumber, key); > array = request.GetEncoded(); > } > } > > if (array != null) > { > ocsp = GetEncodedOCSPResponse(url, array); > } > } Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ itextsharp-questions mailing list itextsharp-questions@... https://lists.sourceforge.net/lists/listinfo/itextsharp-questions |
| Free embeddable forum powered by Nabble | Forum Help |
