private void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { IList <BasicOcspResp> ocsps = new List <BasicOcspResp>(); if (pkcs7.GetOcsp() != null) { ocsps.Add(pkcs7.GetOcsp()); } OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps); IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); if (verification.Count == 0) { IList <X509Crl> crls = new List <X509Crl>(); if (pkcs7.GetCRLs() != null) { foreach (X509Crl crl in pkcs7.GetCRLs()) { crls.Add((X509Crl)crl); } } CRLVerifier crlVerifier = new CRLVerifier(null, crls); var verOks = crlVerifier.Verify(signCert, issuerCert, date); foreach (VerificationOK verOk in verOks) { verification.Add(verOk); } } }
private static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { IList <BasicOcspResp> ocsps = new List <BasicOcspResp>(); if (pkcs7.GetOcsp() != null) { ocsps.Add(pkcs7.GetOcsp()); } // Check if the OCSP responses in the list were valid for the certificate on a specific date. OCSPVerifier ocspVerifier = new OCSPVerifier(null, ocsps); IList <VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); // If that list is empty, we can’t verify using OCSP, and we need to look for CRLs. if (verification.Count == 0) { IList <X509Crl> crls = new List <X509Crl>(); if (pkcs7.GetCRLs() != null) { foreach (X509Crl crl in pkcs7.GetCRLs()) { crls.Add((X509Crl)crl); } } // Check if the CRLs in the list were valid on a specific date. CRLVerifier crlVerifier = new CRLVerifier(null, crls); IList <VerificationOK> verificationOks = crlVerifier.Verify(signCert, issuerCert, date); foreach (VerificationOK verOK in verificationOks) { verification.Add(verOK); } } if (verification.Count == 0) { OUT_STREAM.WriteLine("The signing certificate couldn't be verified"); } else { foreach (VerificationOK v in verification) { OUT_STREAM.WriteLine(v); } } }
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/> /// <exception cref="System.IO.IOException"/> private bool VerifyTest(TestCrlBuilder crlBuilder) { String caCertFileName = certsSrc + "rootRsa.p12"; X509Certificate caCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(caCertFileName, password)[0]; ICipherParameters caPrivateKey = Pkcs12FileHelper.ReadFirstKey(caCertFileName, password, password); String checkCertFileName = certsSrc + "signCertRsa01.p12"; X509Certificate checkCert = (X509Certificate)Pkcs12FileHelper.ReadFirstChain(checkCertFileName, password)[ 0]; TestCrlClient crlClient = new TestCrlClient(crlBuilder, caPrivateKey); ICollection <byte[]> crlBytesCollection = crlClient.GetEncoded(checkCert, null); bool verify = false; foreach (byte[] crlBytes in crlBytesCollection) { X509Crl crl = (X509Crl)SignTestPortUtil.ParseCrlFromStream(new MemoryStream(crlBytes)); CRLVerifier verifier = new CRLVerifier(null, null); verify = verifier.Verify(crl, checkCert, caCert, DateTimeUtil.GetCurrentUtcTime()); break; } return(verify); }