private unsafe void InspectChain(X509Chain chain, X509Certificate2 certificate, CertificateVerificationResult.Builder resultBuilder) { var addedRef = false; var chainHandle = chain.SafeHandle; try { chainHandle.DangerousAddRef(ref addedRef); CERT_REVOCATION_INFO *pRevocationInfo = GetEndCertificateRevocationInfoPointer(chainHandle, certificate); if (CertificateWasVerifiedOnline(pRevocationInfo)) { resultBuilder.WithRevocationTime(GetRevocationTime(pRevocationInfo)); resultBuilder.WithStatusUpdateTime(GetStatusUpdateTime(pRevocationInfo)); } } finally { if (addedRef) { chainHandle.DangerousRelease(); } } }
private unsafe DateTime?GetStatusUpdateTime(CERT_REVOCATION_INFO *pRevocationInfo) { CERT_REVOCATION_CRL_INFO *pCrlInfo = pRevocationInfo->pCrlInfo; if (pCrlInfo == null) { return(null); } if (pCrlInfo->pDeltaCRLContext != null && pCrlInfo->pDeltaCRLContext->pCrlInfo != null) { FILETIME statusUpdate = pCrlInfo->pDeltaCRLContext->pCrlInfo->ThisUpdate; return(statusUpdate.ToDateTime().ToUniversalTime()); } if (pCrlInfo->pBaseCRLContext != null && pCrlInfo->pBaseCRLContext->pCrlInfo != null) { FILETIME statusUpdate = pCrlInfo->pBaseCRLContext->pCrlInfo->ThisUpdate; return(statusUpdate.ToDateTime().ToUniversalTime()); } return(null); }
private unsafe bool CertificateWasVerifiedOnline(CERT_REVOCATION_INFO *pRevocationInfo) { if (pRevocationInfo == null || pRevocationInfo->pCrlInfo == null) { return(false); } return((pRevocationInfo->dwRevocationResult & OfflineErrorStatusFlags) == 0); }
private unsafe DateTime?GetRevocationTime(CERT_REVOCATION_INFO *pRevocationInfo) { if (pRevocationInfo->dwRevocationResult == CertTrustErrorStatus.CERT_TRUST_NO_ERROR) { return(null); } FILETIME revocationDate = pRevocationInfo->pCrlInfo->pCrlEntry->RevocationDate; return(revocationDate.ToDateTime().ToUniversalTime()); }