public async Task RevokeAsync(string requestId)
{
Guid reqId = GetIdFromString(requestId);
bool retryUpdate;
do
{
retryUpdate = false;
CertificateRequest request = await _certificateRequests.GetAsync(reqId);
if (request.Certificate == null ||
request.CertificateRequestState != CertificateRequestState.Deleted)
{
throw new ResourceInvalidStateException("The record is not in a valid state for this operation.");
}
request.CertificateRequestState = CertificateRequestState.Revoked;
// erase information which is not required anymore
request.PrivateKeyFormat = null;
request.SigningRequest = null;
request.PrivateKeyPassword = null;
try
{
var cert = new X509Certificate2(request.Certificate);
var crl = await _certificateGroup.RevokeCertificateAsync(request.CertificateGroupId, cert);
}
catch (Exception e)
{
StringBuilder error = new StringBuilder();
error.Append("Error Revoking Certificate=" + e.Message);
error.Append("\r\nGroupId=" + request.CertificateGroupId);
throw new ResourceInvalidStateException(error.ToString());
}
request.RevokeTime = DateTime.UtcNow;
try
{
await _certificateRequests.UpdateAsync(reqId, request, request.ETag);
}
catch (DocumentClientException dce)
{
if (dce.StatusCode == HttpStatusCode.PreconditionFailed)
{
retryUpdate = true;
}
}
} while (retryUpdate);
}
private async Task RevokeCertificateAsync(byte[] certificate)
{
if (certificate != null && certificate.Length > 0)
{
ICertificateGroup certificateGroup = GetGroupForCertificate(certificate);
if (certificateGroup != null)
{
try
{
X509Certificate2 x509 = new X509Certificate2(certificate);
await certificateGroup.RevokeCertificateAsync(x509);
}
catch (Exception e)
{
Utils.Trace(e, $"Unexpected error revoking certificate. {new X509Certificate2(certificate).Subject} for Authority={certificateGroup.Id}");
}
}
}
}
