/// <summary>Verifies certificates against a list of CRLs and OCSP responses.</summary>
/// <param name="signCert">the signing certificate</param>
/// <param name="issuerCert">the issuer's certificate</param>
/// <returns>
/// a list of <code>VerificationOK</code> objects.
/// The list will be empty if the certificate couldn't be verified.
/// </returns>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
/// <exception cref="System.IO.IOException"/>
/// <seealso cref="RootStoreVerifier.Verify(Org.BouncyCastle.X509.X509Certificate, Org.BouncyCastle.X509.X509Certificate, System.DateTime)
/// "/>
public override IList <VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime
signDate)
{
// we'll verify agains the rootstore (if present)
RootStoreVerifier rootStoreVerifier = new RootStoreVerifier(verifier);
rootStoreVerifier.SetRootStore(rootStore);
// We'll verify against a list of CRLs
CRLVerifier crlVerifier = new CRLVerifier(rootStoreVerifier, GetCRLsFromDSS());
crlVerifier.SetRootStore(rootStore);
crlVerifier.SetOnlineCheckingAllowed(latestRevision || onlineCheckingAllowed);
// We'll verify against a list of OCSPs
OCSPVerifier ocspVerifier = new OCSPVerifier(crlVerifier, GetOCSPResponsesFromDSS());
ocspVerifier.SetRootStore(rootStore);
ocspVerifier.SetOnlineCheckingAllowed(latestRevision || onlineCheckingAllowed);
// We verify the chain
return(ocspVerifier.Verify(signCert, issuerCert, signDate));
}
/// <summary>
/// Create
/// <c>OcspClient</c>
/// </summary>
/// <param name="verifier">will be used for response verification.</param>
/// <seealso cref="OCSPVerifier"/>
public OcspClientBouncyCastle(OCSPVerifier verifier)
{
this.verifier = verifier;
}