Exemplo n.º 1
0
        public static bool ValidateCertificates(X509Certificate2 cert)
        {
            var pathCA        = Directory.GetCurrentDirectory() + "/../../CryptoFiles/rootca.pem";
            var caCertificate = new X509CertificateParser().ReadCertificate(File.ReadAllBytes(pathCA));
            var pathCRL       = Directory.GetCurrentDirectory() + "/../../CryptoFiles/crl/list.pem";
            var crl           = new X509CrlParser().ReadCrl(File.ReadAllBytes(pathCRL));
            var receiverCert  = new X509CertificateParser().ReadCertificate(cert.GetRawCertData());

            try
            {
                receiverCert.Verify(caCertificate.GetPublicKey());
            }
            catch
            {
                MessageBox.Show("Receiver's certificate is not signed by CA!");
                return(false);
            }

            if (crl.IsRevoked(receiverCert))
            {
                MessageBox.Show("Receiver's certificate is revoked!");
                return(false);
            }

            return(true);
        }
        public static void Main(String[] args)
        {
            DirectoryInfo directory = new DirectoryInfo(DEST);

            directory.Create();

            Properties properties = new Properties();

            // Specify the correct path to the certificate
            properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open, FileAccess.Read));
            String path = properties.GetProperty("PRIVATE");

            char[] pass = properties.GetProperty("PASSWORD").ToCharArray();

            Pkcs12Store pk12  = new Pkcs12Store(new FileStream(path, FileMode.Open, FileAccess.Read), pass);
            string      alias = null;

            foreach (var a in pk12.Aliases)
            {
                alias = ((string)a);
                if (pk12.IsKeyEntry(alias))
                {
                    break;
                }
            }

            ICipherParameters pk = pk12.GetKey(alias).Key;

            X509CertificateEntry[] ce    = pk12.GetCertificateChain(alias);
            X509Certificate[]      chain = new X509Certificate[ce.Length];
            for (int k = 0; k < ce.Length; ++k)
            {
                chain[k] = ce[k].Certificate;
            }

            FileStream   fileStream = new FileStream(CRLURL, FileMode.Open, FileAccess.Read);
            MemoryStream baos       = new MemoryStream();

            byte[] buf = new byte[1024];
            while (fileStream.Read(buf, 0, buf.Length) != 0)
            {
                baos.Write(buf, 0, buf.Length);
            }

            /* Create a CrlClientOffline instance with the read CRL file's data.
             * Given CRL file is specific to the CAcert provider and was downloaded long time ago.
             * Make sure that you have the CRL specific for your certificate and CRL is up to date
             * (by checking NextUpdate properties as seen below).
             */
            ICrlClient crlClient = new CrlClientOffline(baos.ToArray());
            X509Crl    crl       = new X509CrlParser().ReadCrl(new FileStream(CRLURL, FileMode.Open, FileAccess.Read));

            Console.WriteLine("CRL valid until: " + crl.NextUpdate);
            Console.WriteLine("Certificate revoked: " + crl.IsRevoked(chain[0]));
            IList <ICrlClient> crlList = new List <ICrlClient>();

            crlList.Add(crlClient);

            new C3_05_SignWithCRLOffline().Sign(SRC, DEST + RESULT_FILES[0], chain, pk,
                                                DigestAlgorithms.SHA256, PdfSigner.CryptoStandard.CMS, "Test", "Ghent",
                                                crlList, null, null, 0);
        }