public static bool IsRevoked(Certificate certToCheck, out RevocationCertificate revokeCert, NetProxy proxy = null, int timeout = 10000)
{
if (certToCheck.RevocationURL == null)
{
throw new CryptoException("Certificate does not support revocation.");
}
using (WebClientEx client = new WebClientEx())
{
client.Proxy = proxy;
client.Timeout = timeout;
using (Stream s = client.OpenRead(certToCheck.RevocationURL.AbsoluteUri + "?sn=" + certToCheck.SerialNumber))
{
switch (s.ReadByte())
{
case -1:
throw new EndOfStreamException();
case 0: //not found
revokeCert = null;
return(false);
case 1:
revokeCert = new RevocationCertificate(s);
break;
default:
throw new CryptoException("RevokedCertificate version not supported.");
}
}
return(revokeCert.IsValid(certToCheck));
}
}
public void VerifyRevocationList(NetProxy proxy = null, int timeout = 10000)
{
if (_revocationUri != null)
{
bool revoked = false;
RevocationCertificate revokeCert = null;
try
{
revoked = RevocationCertificate.IsRevoked(this, out revokeCert, proxy, timeout);
if (_issuerSignature.SigningCertificate != null)
{
_issuerSignature.SigningCertificate.VerifyRevocationList(proxy, timeout);
}
}
catch (InvalidCertificateException)
{
throw;
}
catch
{ }
if (revoked)
{
throw new InvalidCertificateException("Certificate serial number '" + _serialNumber + "' issued to '" + _issuedTo.Name + "' has been revoked on " + revokeCert.RevokedOnUTC + " UTC by the certificate authority and hence is invalid.");
}
}
}