public static int CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { List<BasicOcspResp> ocsps = new List<BasicOcspResp>(); if (pkcs7.Ocsp != null) ocsps.Add(pkcs7.Ocsp); OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps); List<VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); if (verification.Count == 0) { List<X509Crl> crls = new List<X509Crl>(); if (pkcs7.CRLs != null) foreach (X509Crl crl in pkcs7.CRLs) crls.Add(crl); CrlVerifier crlVerifier = new CrlVerifier(null, crls); verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date)); } if (verification.Count == 0) { Console.WriteLine("No se pudo verificar estado de revocación del certificado por CRL ni OCSP"); return CER_STATUS_NOT_VERIFIED; } else { foreach (VerificationOK v in verification) Console.WriteLine(v); return 0; } }
/** * Verifies certificates against a list of CRLs and OCSP responses. * @param signingCert * @param issuerCert * @return a list of <code>VerificationOK</code> objects. * The list will be empty if the certificate couldn't be verified. * @throws GeneralSecurityException * @throws IOException * @see com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate) */ override public List <VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime sigDate) { // we'll verify agains the rootstore (if present) RootStoreVerifier rootStoreVerifier = new RootStoreVerifier(verifier); rootStoreVerifier.Certificates = certificates; // We'll verify against a list of CRLs CrlVerifier crlVerifier = new CrlVerifier(rootStoreVerifier, GetCRLsFromDSS()); crlVerifier.Certificates = certificates; crlVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed; // We'll verify against a list of OCSPs OcspVerifier ocspVerifier = new OcspVerifier(crlVerifier, GetOCSPResponsesFromDSS()); ocspVerifier.Certificates = certificates; ocspVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed; // We verify the chain return(ocspVerifier.Verify(signCert, issuerCert, sigDate)); }
public static void CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { List<BasicOcspResp> ocsps = new List<BasicOcspResp>(); if (pkcs7.Ocsp != null) ocsps.Add(pkcs7.Ocsp); OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps); List<VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); if (verification.Count == 0) { List<X509Crl> crls = new List<X509Crl>(); if (pkcs7.CRLs != null) foreach (X509Crl crl in pkcs7.CRLs) crls.Add(crl); CrlVerifier crlVerifier = new CrlVerifier(null, crls); verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date)); } if (verification.Count == 0) Console.WriteLine("The signing certificate couldn't be verified"); else foreach (VerificationOK v in verification) Console.WriteLine(v); }
/** * Verifies certificates against a list of CRLs and OCSP responses. * @param signingCert * @param issuerCert * @return a list of <code>VerificationOK</code> objects. * The list will be empty if the certificate couldn't be verified. * @throws GeneralSecurityException * @throws IOException * @see com.itextpdf.text.pdf.security.RootStoreVerifier#verify(java.security.cert.X509Certificate, java.security.cert.X509Certificate) */ override public List<VerificationOK> Verify(X509Certificate signCert, X509Certificate issuerCert, DateTime sigDate) { // we'll verify agains the rootstore (if present) RootStoreVerifier rootStoreVerifier = new RootStoreVerifier(verifier); rootStoreVerifier.Certificates = certificates; // We'll verify against a list of CRLs CrlVerifier crlVerifier = new CrlVerifier(rootStoreVerifier, GetCRLsFromDSS()); crlVerifier.Certificates = certificates; crlVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed; // We'll verify against a list of OCSPs OcspVerifier ocspVerifier = new OcspVerifier(crlVerifier, GetOCSPResponsesFromDSS()); ocspVerifier.Certificates = certificates; ocspVerifier.OnlineCheckingAllowed = latestRevision || onlineCheckingAllowed; // We verify the chain return ocspVerifier.Verify(signCert, issuerCert, sigDate); }
/** * Create {@code OcspClient} * @param verifier will be used for response verification. {@see OCSPVerifier}. */ public OcspClientBouncyCastle(OcspVerifier verifier) { this.verifier = verifier; }
public OcspClientBouncyCastle() { verifier = null; }
private static bool CheckRevocation(PdfPKCS7 pkcs7, X509Certificate signCert, X509Certificate issuerCert, DateTime date) { List<BasicOcspResp> ocsps = new List<BasicOcspResp>(); if (pkcs7.Ocsp != null) ocsps.Add(pkcs7.Ocsp); OcspVerifier ocspVerifier = new OcspVerifier(null, ocsps); List<VerificationOK> verification = ocspVerifier.Verify(signCert, issuerCert, date); if (verification.Count == 0) { List<X509Crl> crls = new List<X509Crl>(); if (pkcs7.CRLs != null) foreach (X509Crl crl in pkcs7.CRLs) crls.Add(crl); if (crls.Count > 0) { CrlVerifier crlVerifier = new CrlVerifier(null, crls); verification.AddRange(crlVerifier.Verify(signCert, issuerCert, date)); } } if (verification.Count == 0) return false; else foreach (VerificationOK v in verification) Console.WriteLine(v); return (verification.Count > 0); }