private void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert,
DateTime date)
{
IList <BasicOcspResp> ocsps = new List <BasicOcspResp>();
if (pkcs7.GetOcsp() != null)
{
ocsps.Add(pkcs7.GetOcsp());
}
OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps);
IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date);
if (verification.Count == 0)
{
IList <X509Crl> crls = new List <X509Crl>();
if (pkcs7.GetCRLs() != null)
{
foreach (X509Crl crl in pkcs7.GetCRLs())
{
crls.Add((X509Crl)crl);
}
}
CRLVerifier crlVerifier = new CRLVerifier(null, crls);
var verOks = crlVerifier.Verify(signCert, issuerCert, date);
foreach (VerificationOK verOk in verOks)
{
verification.Add(verOk);
}
}
}
private static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert,
DateTime date)
{
IList <BasicOcspResp> ocsps = new List <BasicOcspResp>();
if (pkcs7.GetOcsp() != null)
{
ocsps.Add(pkcs7.GetOcsp());
}
// Check if the OCSP responses in the list were valid for the certificate on a specific date.
OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps);
IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date);
// If that list is empty, we can’t verify using OCSP, and we need to look for CRLs.
if (verification.Count == 0)
{
IList <X509Crl> crls = new List <X509Crl>();
if (pkcs7.GetCRLs() != null)
{
foreach (X509Crl crl in pkcs7.GetCRLs())
{
crls.Add((X509Crl)crl);
}
}
// Check if the CRLs in the list were valid on a specific date.
CRLVerifier crlVerifier = new CRLVerifier(null, crls);
IList <VerificationOK> verificationOks = crlVerifier.Verify(signCert, issuerCert, date);
foreach (VerificationOK verOK in verificationOks)
{
verification.Add(verOK);
}
}
if (verification.Count == 0)
{
OUT_STREAM.WriteLine("The signing certificate couldn't be verified");
}
else
{
foreach (VerificationOK v in verification)
{
OUT_STREAM.WriteLine(v);
}
}
}
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
private bool VerifyTest(TestCrlBuilder crlBuilder)
{
String caCertFileName = certsSrc + "rootRsa.p12";
X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0];
ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password);
String checkCertFileName = certsSrc + "signCertRsa01.p12";
X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[
0];
TestCrlClient crlClient = new TestCrlClient(crlBuilder, caPrivateKey);
ICollection <byte[]> crlBytesCollection = crlClient.GetEncoded(checkCert, null);
bool verify = false;
foreach (byte[] crlBytes in crlBytesCollection)
{
X509Crl crl = (X509Crl)SignTestPortUtil.ParseCrlFromStream(new MemoryStream(crlBytes));
CRLVerifier verifier = new CRLVerifier(null, null);
verify = verifier.Verify(crl, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime());
break;
}
return(verify);
}
