private unsafe void InspectChain(X509Chain chain, X509Certificate2 certificate, CertificateVerificationResult.Builder resultBuilder)
{
var addedRef = false;
var chainHandle = chain.SafeHandle;
try
{
chainHandle.DangerousAddRef(ref addedRef);
CERT_REVOCATION_INFO *pRevocationInfo = GetEndCertificateRevocationInfoPointer(chainHandle, certificate);
if (CertificateWasVerifiedOnline(pRevocationInfo))
{
resultBuilder.WithRevocationTime(GetRevocationTime(pRevocationInfo));
resultBuilder.WithStatusUpdateTime(GetStatusUpdateTime(pRevocationInfo));
}
}
finally
{
if (addedRef)
{
chainHandle.DangerousRelease();
}
}
}
private unsafe DateTime?GetStatusUpdateTime(CERT_REVOCATION_INFO *pRevocationInfo)
{
CERT_REVOCATION_CRL_INFO *pCrlInfo = pRevocationInfo->pCrlInfo;
if (pCrlInfo == null)
{
return(null);
}
if (pCrlInfo->pDeltaCRLContext != null && pCrlInfo->pDeltaCRLContext->pCrlInfo != null)
{
FILETIME statusUpdate = pCrlInfo->pDeltaCRLContext->pCrlInfo->ThisUpdate;
return(statusUpdate.ToDateTime().ToUniversalTime());
}
if (pCrlInfo->pBaseCRLContext != null && pCrlInfo->pBaseCRLContext->pCrlInfo != null)
{
FILETIME statusUpdate = pCrlInfo->pBaseCRLContext->pCrlInfo->ThisUpdate;
return(statusUpdate.ToDateTime().ToUniversalTime());
}
return(null);
}
private unsafe bool CertificateWasVerifiedOnline(CERT_REVOCATION_INFO *pRevocationInfo)
{
if (pRevocationInfo == null || pRevocationInfo->pCrlInfo == null)
{
return(false);
}
return((pRevocationInfo->dwRevocationResult & OfflineErrorStatusFlags) == 0);
}
private unsafe DateTime?GetRevocationTime(CERT_REVOCATION_INFO *pRevocationInfo)
{
if (pRevocationInfo->dwRevocationResult == CertTrustErrorStatus.CERT_TRUST_NO_ERROR)
{
return(null);
}
FILETIME revocationDate = pRevocationInfo->pCrlInfo->pCrlEntry->RevocationDate;
return(revocationDate.ToDateTime().ToUniversalTime());
}