buildOCSPRequest static method
Builds a OCSPRquest out of the given pem
and intermediate
.
If the given pem
represents a PKCS7 certificate, the intermediate
is not needed.
Will return an ASN1Sequence that represents the OCSPRquest.
OCSPRequest ::= SEQUENCE {
tbsRequest TBSRequest
}
TBSRequest ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
requestList SEQUENCE OF Request
}
Request ::= SEQUENCE {
reqCert CertID
}
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of issuer's DN
issuerKeyHash OCTET STRING, -- Hash of issuer's public key
serialNumber CertificateSerialNumber
}
Implementation
static ASN1Sequence buildOCSPRequest(String pem, {String? intermediate}) {
var x509Sequence;
var x509;
var x509SequenceIssuer;
if (pem.startsWith(BEGIN_PKCS7)) {
// We have a PKCS7 PEM, parse END and INTERMEDIATE certificate
var bytes = CryptoUtils.getBytesFromPEMString(pem);
var asn1Parser = ASN1Parser(bytes);
var topLevelSeq = asn1Parser.nextObject() as ASN1Sequence;
if (topLevelSeq.elements != null) {
var obj = topLevelSeq.elements!.elementAt(1);
var seq = ASN1Sequence.fromBytes(obj.valueBytes!);
var obj1 = seq.elements!.elementAt(3);
var seq1 = ASN1Sequence.fromBytes(obj1.encodedBytes!);
x509Sequence = seq1.elements!.elementAt(0) as ASN1Sequence;
x509 = _x509FromAsn1Sequence(x509Sequence);
x509SequenceIssuer = seq1.elements!.elementAt(1) as ASN1Sequence;
}
} else {
if (intermediate == null) {
throw ArgumentError('Argument intermediate is missing');
}
x509Sequence = _getASN1SequenceFromPem(pem);
x509 = x509CertificateFromPem(pem);
x509SequenceIssuer = _getASN1SequenceFromPem(intermediate);
}
var tbsRequest = ASN1Sequence();
var requestList = ASN1Sequence();
var request = ASN1Sequence();
var certID = ASN1Sequence();
// AlgorithmIdentifier
var hashAlgorithm = ASN1Sequence();
hashAlgorithm
.add(ASN1ObjectIdentifier.fromIdentifierString('1.3.14.3.2.26'));
hashAlgorithm.add(ASN1Null());
certID.add(hashAlgorithm);
// OCTET STRING, -- Hash of issuer's DN
var issuer = _getIssuerSequence(x509Sequence);
var isserHashString = Digest('SHA-1').process(issuer.encode());
var issuerHash = ASN1OctetString(octets: isserHashString);
certID.add(issuerHash);
// OCTET STRING, -- Hash of issuer's public key
var pubBit = _getPublicKeyBitString(x509SequenceIssuer);
var bitsToUse = pubBit.valueBytes!.first == 0
? pubBit.valueBytes!.sublist(1)
: pubBit.valueBytes!;
var pubHashString = Digest('SHA-1').process(bitsToUse);
var issuerKeyHash = ASN1OctetString(octets: pubHashString);
certID.add(issuerKeyHash);
// CertificateSerialNumber
certID.add(ASN1Integer(x509.serialNumber));
request.add(certID);
requestList.add(request);
//tbsRequest.add(ASN1Integer.fromtInt(0));
tbsRequest.add(requestList);
var ocspRequest = ASN1Sequence();
ocspRequest.add(tbsRequest);
return ocspRequest;
}