public void Validate(X509Certificate certificate) // throws CertificateValidationException
{
try
{
// Certificates without OCSP information is not subject to OCSP validation.
if (certificate.GetExtensionValue(X509Extensions.AuthorityInfoAccess) == null)
{
return;
}
X509Certificate issuer = this.intermediateCertificates.FindBySubject(certificate.IssuerDN);
if (issuer == null)
{
throw new FailedValidationException($"Unable to find issuer certificate '{certificate.IssuerDN}'");
}
OcspCheckStatus ocspStatus = this.GetRevocationStatus(certificate, issuer);
if (!ocspStatus.Equals(OcspCheckStatus.Good))
{
throw new FailedValidationException($"Certificate status is reported as {ocspStatus} by OCSP.");
}
}
catch (Exception e) when(e is IOException || e is NullReferenceException)
{
throw new CertificateValidationException(e.Message, e);
}
}
/// <summary>
/// Checks the status of the certificate against an OCSP server.
/// Updates the internal state with the result.
/// </summary>
/// <param name="ocspLookupClient">The OCSP client to use for the request</param>
/// <returns>Returns the check status</returns>
public OcspCheckStatus CheckOcspStatus(IOcspLookup ocspLookupClient)
{
OcspResponse response;
try {
response = ocspLookupClient.CheckCertificate(_x509Certificate);
} catch {
_ocspCheckStatus = OcspCheckStatus.UnknownIssue;
throw;
}
if (response.IsValid)
{
_ocspCheckStatus = OcspCheckStatus.AllChecksPassed;
}
else
{
_ocspCheckStatus = OcspCheckStatus.CertificateRevoked;
}
return(_ocspCheckStatus);
}
