Ejemplo n.º 1
0
        private void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert,
                                     DateTime date)
        {
            IList <BasicOcspResp> ocsps = new List <BasicOcspResp>();

            if (pkcs7.GetOcsp() != null)
            {
                ocsps.Add(pkcs7.GetOcsp());
            }

            OCSPVerifier           ocspVerifier = new OCSPVerifier(null, ocsps);
            IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date);

            if (verification.Count == 0)
            {
                IList <X509Crl> crls = new List <X509Crl>();
                if (pkcs7.GetCRLs() != null)
                {
                    foreach (X509Crl crl in pkcs7.GetCRLs())
                    {
                        crls.Add((X509Crl)crl);
                    }
                }

                CRLVerifier crlVerifier = new CRLVerifier(null, crls);
                var         verOks      = crlVerifier.Verify(signCert, issuerCert, date);
                foreach (VerificationOK verOk in verOks)
                {
                    verification.Add(verOk);
                }
            }
        }
        private static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert,
                                            DateTime date)
        {
            IList <BasicOcspResp> ocsps = new List <BasicOcspResp>();

            if (pkcs7.GetOcsp() != null)
            {
                ocsps.Add(pkcs7.GetOcsp());
            }

            // Check if the OCSP responses in the list were valid for the certificate on a specific date.
            OCSPVerifier           ocspVerifier = new OCSPVerifier(null, ocsps);
            IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date);

            // If that list is empty, we can’t verify using OCSP, and we need to look for CRLs.
            if (verification.Count == 0)
            {
                IList <X509Crl> crls = new List <X509Crl>();
                if (pkcs7.GetCRLs() != null)
                {
                    foreach (X509Crl crl in pkcs7.GetCRLs())
                    {
                        crls.Add((X509Crl)crl);
                    }
                }

                // Check if the CRLs in the list were valid on a specific date.
                CRLVerifier            crlVerifier     = new CRLVerifier(null, crls);
                IList <VerificationOK> verificationOks = crlVerifier.Verify(signCert, issuerCert, date);
                foreach (VerificationOK verOK in verificationOks)
                {
                    verification.Add(verOK);
                }
            }

            if (verification.Count == 0)
            {
                OUT_STREAM.WriteLine("The signing certificate couldn't be verified");
            }
            else
            {
                foreach (VerificationOK v in verification)
                {
                    OUT_STREAM.WriteLine(v);
                }
            }
        }
Ejemplo n.º 3
0
        /// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
        /// <exception cref="System.IO.IOException"/>
        private bool VerifyTest(TestCrlBuilder crlBuilder)
        {
            String            caCertFileName    = certsSrc + "rootRsa.p12";
            X509Certificate   caCert            = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
            ICipherParameters caPrivateKey      = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
            String            checkCertFileName = certsSrc + "signCertRsa01.p12";
            X509Certificate   checkCert         = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
                0];
            TestCrlClient        crlClient          = new TestCrlClient(crlBuilder, caPrivateKey);
            ICollection <byte[]> crlBytesCollection = crlClient.GetEncoded(checkCert, null);
            bool verify = false;

            foreach (byte[] crlBytes in crlBytesCollection)
            {
                X509Crl     crl      = (X509Crl)SignTestPortUtil.ParseCrlFromStream(new MemoryStream(crlBytes));
                CRLVerifier verifier = new CRLVerifier(null, null);
                verify = verifier.Verify(crl, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime());
                break;
            }
            return(verify);
        }