public static bool IsRevoked(Certificate certToCheck, out RevocationCertificate revokeCert, NetProxy proxy = null, int timeout = 10000)
        {
            if (certToCheck.RevocationURL == null)
            {
                throw new CryptoException("Certificate does not support revocation.");
            }

            using (WebClientEx client = new WebClientEx())
            {
                client.Proxy   = proxy;
                client.Timeout = timeout;

                using (Stream s = client.OpenRead(certToCheck.RevocationURL.AbsoluteUri + "?sn=" + certToCheck.SerialNumber))
                {
                    switch (s.ReadByte())
                    {
                    case -1:
                        throw new EndOfStreamException();

                    case 0:     //not found
                        revokeCert = null;
                        return(false);

                    case 1:
                        revokeCert = new RevocationCertificate(s);
                        break;

                    default:
                        throw new CryptoException("RevokedCertificate version not supported.");
                    }
                }

                return(revokeCert.IsValid(certToCheck));
            }
        }
예제 #2
0
        public void VerifyRevocationList(NetProxy proxy = null, int timeout = 10000)
        {
            if (_revocationUri != null)
            {
                bool revoked = false;
                RevocationCertificate revokeCert = null;

                try
                {
                    revoked = RevocationCertificate.IsRevoked(this, out revokeCert, proxy, timeout);

                    if (_issuerSignature.SigningCertificate != null)
                    {
                        _issuerSignature.SigningCertificate.VerifyRevocationList(proxy, timeout);
                    }
                }
                catch (InvalidCertificateException)
                {
                    throw;
                }
                catch
                { }

                if (revoked)
                {
                    throw new InvalidCertificateException("Certificate serial number '" + _serialNumber + "' issued to '" + _issuedTo.Name + "' has been revoked on " + revokeCert.RevokedOnUTC + " UTC by the certificate authority and hence is invalid.");
                }
            }
        }