public static bool IsRevoked(Certificate certToCheck, out RevocationCertificate revokeCert, NetProxy proxy = null, int timeout = 10000) { if (certToCheck.RevocationURL == null) { throw new CryptoException("Certificate does not support revocation."); } using (WebClientEx client = new WebClientEx()) { client.Proxy = proxy; client.Timeout = timeout; using (Stream s = client.OpenRead(certToCheck.RevocationURL.AbsoluteUri + "?sn=" + certToCheck.SerialNumber)) { switch (s.ReadByte()) { case -1: throw new EndOfStreamException(); case 0: //not found revokeCert = null; return(false); case 1: revokeCert = new RevocationCertificate(s); break; default: throw new CryptoException("RevokedCertificate version not supported."); } } return(revokeCert.IsValid(certToCheck)); } }
public void VerifyRevocationList(NetProxy proxy = null, int timeout = 10000) { if (_revocationUri != null) { bool revoked = false; RevocationCertificate revokeCert = null; try { revoked = RevocationCertificate.IsRevoked(this, out revokeCert, proxy, timeout); if (_issuerSignature.SigningCertificate != null) { _issuerSignature.SigningCertificate.VerifyRevocationList(proxy, timeout); } } catch (InvalidCertificateException) { throw; } catch { } if (revoked) { throw new InvalidCertificateException("Certificate serial number '" + _serialNumber + "' issued to '" + _issuedTo.Name + "' has been revoked on " + revokeCert.RevokedOnUTC + " UTC by the certificate authority and hence is invalid."); } } }