public void Validate(X509Certificate certificate) // throws CertificateValidationException { try { // Certificates without OCSP information is not subject to OCSP validation. if (certificate.GetExtensionValue(X509Extensions.AuthorityInfoAccess) == null) { return; } X509Certificate issuer = this.intermediateCertificates.FindBySubject(certificate.IssuerDN); if (issuer == null) { throw new FailedValidationException($"Unable to find issuer certificate '{certificate.IssuerDN}'"); } OcspCheckStatus ocspStatus = this.GetRevocationStatus(certificate, issuer); if (!ocspStatus.Equals(OcspCheckStatus.Good)) { throw new FailedValidationException($"Certificate status is reported as {ocspStatus} by OCSP."); } } catch (Exception e) when(e is IOException || e is NullReferenceException) { throw new CertificateValidationException(e.Message, e); } }
/// <summary> /// Checks the status of the certificate against an OCSP server. /// Updates the internal state with the result. /// </summary> /// <param name="ocspLookupClient">The OCSP client to use for the request</param> /// <returns>Returns the check status</returns> public OcspCheckStatus CheckOcspStatus(IOcspLookup ocspLookupClient) { OcspResponse response; try { response = ocspLookupClient.CheckCertificate(_x509Certificate); } catch { _ocspCheckStatus = OcspCheckStatus.UnknownIssue; throw; } if (response.IsValid) { _ocspCheckStatus = OcspCheckStatus.AllChecksPassed; } else { _ocspCheckStatus = OcspCheckStatus.CertificateRevoked; } return(_ocspCheckStatus); }